Common use of Processing of Customer Personal Data Clause in Contracts

Processing of Customer Personal Data. 2.1. In respect of Customer Personal Data, the Parties acknowledge that: (a) Firefly acts as a Processor; and (b) Customer acts as the Controller. 2.2. Firefly shall: (a) comply with all applicable Data Protection Laws in Processing Customer Personal Data; and (b) not Process Customer Personal Data other than: (i) on Customer’s instructions (subject always to Paragraph 2.7); and (ii) as required by applicable laws. 2.3. Customer instructs Firefly to Process Customer Personal Data as necessary: (a) to provide the Services to Customer; and (b) to perform Firefly ’s obligations and exercise Firefly ’s rights under the Agreement. 2.4. Annex 1 (Data Processing Details) sets out certain information regarding Firefly’s Processing of Customer Personal Data as required by Article 28(3) of the GDPR. 2.5. Nothing in Annex 1 (Data Processing Details) confers any right or imposes any obligation on any Party to this Data Processing Addendum. 2.6. Where Firefly receives an instruction from Customer that, in its reasonable opinion, infringes the GDPR, Firefly shall inform Customer. 2.7. Customer acknowledges and agrees that any instructions issued by Customer with regards to the Processing of Customer Personal Data by or on behalf of Firefly pursuant to or in connection with the Agreement: (a) shall be strictly required for the sole purpose of ensuring compliance with Data Protection Laws; and (b) (without limitation to the generality of Paragraph 2.5) shall not relate to the scope of, or otherwise materially change, the Services to be provided by Firefly under the Agreement. 2.8. Notwithstanding anything to the contrary herein, Firefly may terminate the Agreement in its entirety upon written notice to Customer with immediate effect if Firefly considers (in its reasonable discretion) that: (a) it is unable to adhere to, perform or implement any instructions issued by Customer due to the technical limitations of its systems, equipment and/or facilities; and/or (b) to adhere to, perform or implement any such instructions would require disproportionate effort (whether in terms of time, cost, available technology, manpower or otherwise). 2.9. Customer represents and warrants on an ongoing basis that, for the purposes of Article 6 of the GDPR, there is, and will be throughout the term of the Agreement, a valid legal basis for the Processing by Firefly of Customer Personal Data in accordance with this Data Processing Addendum and the Agreement (including, any and all instructions issued by Customer from time to time in respect of such Processing). 2.10. Customer will indemnify and hold harmless Firefly and its employees, officers, directors and agents from and against any and all liabilities, losses, damages, costs, fines and other expenses (including legal costs and fees) arising from or relating to any breach by Customer of Paragraph 2.10. Any and all limitations on liability set out in the Agreement shall not apply to liability arising under or in connection with the indemnity set out in this Paragraph 2.10.

Processing of Customer Personal Data. 2.1. In respect of Customer Personal Data, the Parties acknowledge that: (a) Firefly Precisely acts as a Data Processor; and (b) Customer acts as the Data Controller. 2.2. Firefly Precisely shall: (a) comply with all applicable Data Protection Laws in Processing Customer Personal Data; and; (b) not Sell Customer Personal Data; (c) not Process Customer Personal Data other than: (i) for the specific business purpose of providing the Services; (ii) on Customer’s instructions (subject always to Paragraph 2.72.8); and (iiiii) as required by applicable laws. 2.3. Customer instructs Firefly Precisely to Process Customer Personal Data as necessary:necessary:‌ (a) to provide the Services to Customer; and (b) to perform Firefly Precisely’s obligations and exercise Firefly Precisely’s rights under the Agreement. 2.4. Annex 1 (Data Processing Details) sets out certain information regarding FireflyPrecisely’s Processing of Customer Personal Data as required by Article 28(3) of the GDPR. 2.5. Customer may amend Annex 1 (Data Processing Details) on written notice to Precisely from time to time as Customer reasonably considers necessary to meet any applicable requirements of Data Protection Laws.‌ 2.6. Nothing in Annex 1 (Data Processing Details) (including as amended pursuant to Paragraph 2.5) confers any right or imposes any obligation on any Party to this Data Processing Addendum.Addendum.‌ 2.62.7. Where Firefly Precisely receives an instruction from Customer that, in its reasonable opinion, infringes the GDPRData Protection Laws, Firefly Precisely shall inform Customer. 2.72.8. Customer acknowledges and agrees that any instructions issued by Customer with regards to the any Processing of Customer Personal Data by or on behalf of Firefly Precisely of Customer Personal Data pursuant to or in connection with the Agreement:Agreement:‌ (a) shall be strictly required for the sole purpose of ensuring compliance with Data Protection Laws; and (b) (without limitation to the generality of Paragraph 2.52.6) shall not relate to the scope of, or otherwise materially change, the Services to be provided by Firefly Precisely under the Agreement. 2.82.9. Notwithstanding anything to the contrary herein, Firefly Precisely may terminate the Agreement in its entirety upon written notice to Customer with immediate effect if Firefly Precisely considers (in its reasonable discretion) that:that:‌ (a) it is unable to adhere to, perform or implement any instructions issued by Customer due to the technical limitations of its systems, equipment and/or facilities; and/or (b) to adhere to, perform or implement any such instructions would require disproportionate effort (whether in terms of time, cost, available technology, manpower or otherwise). For the avoidance of doubt, this Paragraph 2.9 does not refer to the instructions set out in Paragraph 2.3. 2.92.10. Customer represents and warrants on an ongoing basis that, for the purposes of Article 6 of the GDPR, there is, and will be throughout the term of the Agreement, a valid legal basis for the Processing by Firefly Precisely of Customer Personal Data in accordance with this Data Processing Addendum and the Agreement (including, any and all instructions issued by Customer from time to time in respect of such Processing). 2.10. Customer will indemnify and hold harmless Firefly and its employees, officers, directors and agents from and against any and all liabilities, losses, damages, costs, fines and other expenses (including legal costs and fees) arising from or relating to any breach by Customer of Paragraph 2.10. Any and all limitations on liability set out in the Agreement shall not apply to liability arising under or in connection with the indemnity set out in this Paragraph 2.10.

Processing of Customer Personal Data. 2.1. In respect of Customer Personal Data, the The Parties acknowledge that: (a) Firefly Crunchy Data acts as a Processor; and (b) Customer acts as the Controller. 2.2. Firefly Crunchy Data shall: (a) comply with all applicable Data Protection Laws the GDPR in Processing Customer Personal Data; and (b) not Process Customer Personal Data other than: (i) on Customer’s instructions (subject always to Paragraph 2.72.9); and (ii) as required by applicable laws. 2.3. To the extent permitted by applicable laws, Crunchy Data shall inform Customer of: (a) any Processing to be carried out under Paragraph 2.2(b)(ii); and (b) the relevant legal requirements that require it to carry out such Processing, before the relevant Processing of that Customer Personal Data. 2.4. Customer instructs Firefly Crunchy Data to Process Customer Personal Data as necessary: (a) to provide the Services to Customer; and (b) to perform Firefly Crunchy Data’s obligations and exercise Firefly Crunchy Data’s rights under the Agreement. 2.42.5. Annex 1 (Data Processing Details) sets out certain information regarding FireflyCrunchy Data’s Processing of Customer Personal Data as required by Article 28(3) of the GDPR. 2.52.6. Customer may amend Annex 1 (Data Processing Details) on written notice to Crunchy Data from time to time as Customer reasonably considers necessary to meet any applicable requirements of the GDPR. 2.7. Nothing in Annex 1 (Data Processing Details) (including as amended pursuant to Paragraph 2.6) confers any right or imposes any obligation on any Party party to this Data Processing Addendum. 2.62.8. Where Firefly Crunchy Data receives an instruction from Customer that, in its reasonable opinion, infringes the GDPR, Firefly Crunchy Data shall inform Customer. 2.72.9. Customer acknowledges and agrees that any instructions issued by Customer with regards to the Processing of Customer Personal Data by or on behalf of Firefly Crunchy Data pursuant to or in connection with the Agreement: (a) shall be strictly required for the sole purpose of ensuring compliance with Data Protection Lawsthe GDPR; and (b) (without limitation to the generality of Paragraph 2.5) shall not relate to the scope of, or otherwise materially change, the Services to be provided by Firefly Crunchy Data under the Agreement. 2.82.10. Notwithstanding anything to the contrary herein, Firefly Crunchy Data may terminate the Agreement in its entirety upon written notice to Customer with immediate effect if Firefly Crunchy Data considers (in its reasonable discretion) that: (a) it is unable to adhere to, perform or implement any instructions issued by Customer due to the technical limitations of its systems, equipment and/or facilities; and/or (b) to adhere to, perform or implement any such instructions would require disproportionate effort (whether in terms of time, cost, available technology, manpower or otherwise). 2.92.11. Customer represents and warrants on an ongoing basis that, for the purposes of Article 6 of the GDPR, and (where applicable) Article 9 and/or Article 10 of the GDPR, there is, and will be throughout the term of the Agreement, a valid legal basis and (where applicable) condition for the Processing by Firefly Crunchy Data of Customer Personal Data in accordance with this Data Processing Addendum and the Agreement (including, any and all instructions issued by Customer from time to time in respect of such Processing). 2.10. Customer will indemnify and hold harmless Firefly and its employees, officers, directors and agents from and against any and all liabilities, losses, damages, costs, fines and other expenses (including legal costs and fees) arising from or relating to any breach by Customer of Paragraph 2.10. Any and all limitations on liability set out in the Agreement shall not apply to liability arising under or in connection with the indemnity set out in this Paragraph 2.10.

Processing of Customer Personal Data. 2.1. In respect of Customer Personal Data, the Parties acknowledge that: (a) Firefly Receipt Bank acts as a Data Processor; and (b) Customer acts as the Data Controller. 2.2. Firefly Receipt Bank shall: (a) comply with all applicable Data Protection Laws in Processing Customer Personal Data; and (b) not Process Customer Personal Data other than: (i) on Customer’s instructions (subject always to Paragraph 2.72.8); and (ii) as required by applicable laws. 2.3. Customer instructs Firefly Receipt Bank to Process Customer Personal Data as necessary: (a) to provide the Services to Customer; and (b) to perform Firefly Receipt Bank’s obligations and exercise Firefly Receipt Bank’s rights under the Agreement. 2.4. Annex 1 (Data Processing Details) sets out certain information regarding FireflyReceipt Bank’s Processing of Customer Personal Data as required by Article 28(3) of the GDPR. 2.5. Customer may amend Annex 1 (Data Processing Details) on written notice to Receipt Bank from time to time as Customer reasonably considers necessary to meet any applicable requirements of Data Protection Laws. 2.6. Nothing in Annex 1 (Data Processing Details) (including as amended pursuant to Paragraph 2.5) confers any right or imposes any obligation on any Party to this Data Processing Addendum. 2.62.7. Where Firefly Receipt Bank receives an instruction from Customer that, in its reasonable opinion, infringes the GDPR, Firefly Receipt Bank shall inform Customer. 2.72.8. Customer acknowledges and agrees that any instructions issued by Customer with regards to the Processing of Customer Personal Data by or on behalf of Firefly Receipt Bank pursuant to or in connection with the Agreement: (a) shall be strictly required for the sole purpose of ensuring compliance with Data Protection Laws; and (b) (without limitation to the generality of Paragraph 2.52.6) shall not relate to the scope of, or otherwise materially change, the Services to be provided by Firefly Receipt Bank under the Agreement. 2.82.9. Notwithstanding anything to the contrary herein, Firefly Receipt Bank may terminate the Agreement in its entirety upon written notice to Customer with immediate effect if Firefly Receipt Bank considers (in its reasonable discretion) that: (a) it is unable to adhere to, perform or implement any instructions issued by Customer due to the technical limitations of its systems, equipment and/or facilities; and/or (b) to adhere to, perform or implement any such instructions would require disproportionate effort (whether in terms of time, cost, available technology, manpower or otherwise). 2.92.10. Customer represents and warrants on an ongoing basis that, for the purposes of Article 6 of the GDPR, there is, and will be throughout the term of the Agreement, a valid legal basis for the Processing by Firefly Receipt Bank of Customer Personal Data in accordance with this Data Processing Addendum and the Agreement (including, any and all instructions issued by Customer from time to time in respect of such Processing). 2.10. Customer will indemnify and hold harmless Firefly and its employees, officers, directors and agents from and against any and all liabilities, losses, damages, costs, fines and other expenses (including legal costs and fees) arising from or relating to any breach by Customer of Paragraph 2.10. Any and all limitations on liability set out in the Agreement shall not apply to liability arising under or in connection with the indemnity set out in this Paragraph 2.10.

Processing of Customer Personal Data. 2.1. In respect of Customer Personal Data, the Parties acknowledge that: (a) Firefly acts as a Processor; and (b) Customer acts as the Controller. 2.2. Firefly shall: (a) comply with all applicable Data Protection Laws in Processing Customer Personal Data; and (b) not Process Customer Personal Data other than: (i) on Customer’s instructions (subject always to Paragraph 2.7); and (ii) as required by applicable laws. 2.3. Customer instructs Firefly to Process Customer Personal Data as necessary: (a) to provide the Services to Customer; and (b) to perform Firefly ’s obligations and exercise Firefly Firefly’s rights under the Agreement. 2.4. Annex 1 (Data Processing Details) sets out certain information regarding Firefly’s Processing of Customer Personal Data as required by Article 28(3) of the GDPR. 2.5. Nothing in Annex 1 (Data Processing Details) confers any right or imposes any obligation on any Party to this Data Processing Addendum. 2.6. Where Firefly receives an instruction from Customer that, in its reasonable opinion, infringes the GDPR, Firefly shall inform Customer. 2.7. Customer acknowledges and agrees that any instructions issued by Customer with regards to the Processing of Customer Personal Data by or on behalf of Firefly pursuant to or in connection with the Agreement: (a) shall be strictly required for the sole purpose of ensuring compliance with Data Protection Laws; and (b) (without limitation to the generality of Paragraph 2.5) shall not relate to the scope of, or otherwise materially change, the Services to be provided by Firefly under the Agreement. 2.8. Notwithstanding anything to the contrary herein, Firefly may terminate the Agreement in its entirety upon written notice to Customer with immediate effect if Firefly considers (in its reasonable discretion) that: (a) it is unable to adhere to, perform or implement any instructions issued by Customer due to the technical limitations of its systems, equipment and/or facilities; and/or (b) to adhere to, perform or implement any such instructions would require disproportionate effort (whether in terms of time, cost, available technology, manpower or otherwise). 2.9. Customer represents and warrants on an ongoing basis that, for the purposes of Article 6 of the GDPR, there is, and will be throughout the term of the Agreement, a valid legal basis for the Processing by Firefly of Customer Personal Data in accordance with this Data Processing Addendum and the Agreement (including, any and all instructions issued by Customer from time to time in respect of such Processing). 2.10. Customer will indemnify and hold harmless Firefly and its employees, officers, directors and agents from and against any and all liabilities, losses, damages, costs, fines and other expenses (including legal costs and fees) arising from or relating to any breach by Customer of Paragraph 2.102.9. Any and all limitations on liability set out in the Agreement shall not apply to liability arising under or in connection with the indemnity set out in this Paragraph 2.10.