Processing of Customer Personal Data. 2.1. In respect of Personal Data, the parties acknowledge that (as between the parties): (a) Bottomline is the Processor and Customer is the Controller for Customer Personal Data (notwithstanding the foregoing, where the Customer is the Processor for Customer Personal Data, Bottomline shall be deemed as a Subprocessor); and (b) Bottomline is an independent Controller for any Bottomline Personal Data. 2.2. Subject to Section 2.3, Customer instructs Bottomline to Process Customer Personal Data as necessary to provide the Services or otherwise to perform Bottomline’s obligations and exercise Bottomline’s rights under the Agreement. 2.3. Customer acknowledges and agrees that any instructions additional to those set out in the Agreement (including these Privacy Terms), issued by Customer with regards to the Processing of Customer Personal Data by or on behalf of Bottomline pursuant to the Agreement: (a) shall be strictly required for the sole purpose of ensuring compliance with Data Protection Laws; and (b) shall not relate to the scope of, or otherwise materially change the Services to be provided by Bottomline. 2.4. In relation to instructions which meet the conditions in Section 2.3 above, the Customer may terminate the relevant Services under the Agreement by providing Bottomline with at least sixty (60) days’ prior written notice, if Bottomline notifies the Customer that: (a) it is unable to adhere to, perform or implement instructions issued by Customer due to the technical limitations of its systems, equipment and/or facilities; and/or (b) to adhere to, perform or implement any such instructions would require disproportionate effort (whether in terms of time, cost, available technology, manpower or otherwise) provided always that: (i) the parties shall in good faith seek to reach a mutually acceptable resolution within thirty (30) days of Bottomline notifying the Customer that it is unable to meet the instructions under Section 2.3, and (ii) until such time as either a resolution has been reached between the parties or the Customer exercises its above termination right, Bottomline shall continue to provide the Services in accordance with the Agreement notwithstanding any such Customer instructions. 2.5. Bottomline may Process Customer Personal Data as required by applicable European Union, UK or European Union Member State laws. To the extent permitted by applicable laws, prior to Bottomline Processing Customer Personal Data under this Section 2.5, Bottomline shall inform the Customer of the relevant legal requirements that require it to undertake such Processing. 2.6. Where Bottomline receives an instruction from Customer that, in its reasonable opinion, infringes the Data Protection Laws, Bottomline shall inform Customer. 2.7. Provided Bottomline does so in accordance with Data Protection Laws, Customer agrees that Bottomline shall be entitled to create, use and disclose Anonymised Data, together with information it collects from its other customers for data analytics and development purposes, including to create insights, reports and other analytics and to improve and develop Bottomline’s products and services. 2.8. Bottomline shall implement appropriate technical and organisational measures, in relation to the protection of Customer Personal Data to protect against accidental, unauthorised or unlawful processing, access, copying, modification, reproduction, display or distribution of the Personal Data, and against accidental or unlawful loss, destruction, alteration, disclosure or damage and ensure a level of security appropriate to, the risk and, the measures referred to in Article 32(1) of the GDPR. 2.9. Bottomline shall take reasonable steps to ensure the reliability of any Bottomline Personnel who Process Customer Personal Data, ensuring: (a) that access is strictly limited to those individuals who need to know or access the relevant Customer Personal Data for the purposes described in the Agreement (including these Privacy Terms); and (b) that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality. 2.10. Customer represents and warrants on an ongoing basis that: (a) it is subject to the territorial scope of the Data Protection Laws as determined in accordance therewith (including pursuant to Article 3 of the GDPR). Customer further agrees that to the extent that it is not in fact subject to the territorial scope of the Data Protection Laws, these Privacy Terms shall be deemed automatically void with effect from the Agreement Effective Date or the date when it was no longer subject to the territorial scope of the Data Protection Laws, if later, without requirement of notice; (b) there is, and will be throughout the term of the Agreement, a valid legal basis (whether under Articles 6, 9 and/or 10 of the GDPR or otherwise as required under Data Protection Laws) for Processing of Customer Personnel by Bottomline in accordance with the Agreement (including these Privacy Terms); (c) where applicable, Customer has been instructed by, and obtained the valid and effective authorisation of, any relevant third party Controller(s) (including, for these purposes, Customer Affiliates) to instruct Bottomline (and its Subprocessors that are approved in accordance with Section 3) to Process Customer Personal Data as set out in and contemplated by the Agreement (including these Privacy Terms); and (d) where applicable, the Customer has all necessary consents and notices in place to enable lawful transfer of Bottomline Personal Data to Bottomline and/or lawful collection of the same by Bottomline for the duration and purposes of these Privacy Terms.
Appears in 1 contract
Sources: Privacy Terms
Processing of Customer Personal Data. 2.13.1. In respect of Customer Personal Data, the parties Parties acknowledge that (as between the parties):Parties):
(a) Bottomline is acts as a Processor; and
(b) Customer acts as the Processor and Customer is the Controller for Controller.
3.2. Bottomline shall not Process Customer Personal Data other than:
(notwithstanding the foregoing, where the Customer is the Processor for Customer Personal Data, Bottomline shall be deemed as a Subprocessora) on Customer’s instructions (subject always to Section 3.7); and
(b) as required by applicable laws.
3.3. To the extent permitted by applicable laws, Bottomline is an independent Controller for shall inform Customer of:
(a) any Bottomline Processing to be carried out under Section 3.2(b); and
(b) the relevant legal requirements that require it to carry out such Processing, before the relevant Processing of that Customer Personal Data.
2.23.4. Subject to Section 2.3, Customer instructs Bottomline to Process Customer Personal Data as necessary necessary:
(a) to provide the Relevant Services or otherwise to Customer; and
(b) to perform Bottomline’s obligations and exercise Bottomline’s rights under the Agreement.
2.33.5. Annex 1 (Data Processing Details) sets out certain information regarding Bottomline’s Processing of Customer Personal Data as required by Article 28(3) of the GDPR.
3.6. Where Bottomline receives an instruction from Customer that, in its reasonable opinion, infringes the GDPR, Bottomline shall inform Customer.
3.7. Customer acknowledges and agrees that any instructions additional to those set out in the Agreement (including these Privacy Terms), issued by Customer with regards to the Processing of Customer Personal Data by or on behalf of Bottomline pursuant to or in connection with the Agreement:Agreement:
(a) shall be strictly required for the sole purpose of ensuring compliance with Data Protection Laws; and
(b) shall not relate to the scope of, or otherwise materially change change, the Relevant Services to be provided by BottomlineBottomline under the Agreement.
2.43.8. In relation Notwithstanding anything to instructions which meet the conditions in Section 2.3 abovecontrary herein, the Customer Bottomline may without liability to either party and with immediate effect terminate the relevant Services under the Agreement by providing Bottomline with at least sixty (60) days’ prior in its entirety upon written notice, notice to Customer if Bottomline notifies the Customer considers (in its reasonable discretion) that:
(a) it is unable to adhere to, perform or implement any instructions issued by Customer due to the technical limitations of its systems, equipment and/or facilities; and/or
(b) to adhere to, perform or implement any such instructions would require disproportionate effort (whether in terms of time, cost, available technology, manpower or otherwise) provided always that: (i) the parties shall in good faith seek to reach a mutually acceptable resolution within thirty (30) days of Bottomline notifying the Customer that it is unable to meet the instructions under Section 2.3, and (ii) until such time as either a resolution has been reached between the parties or the Customer exercises its above termination right, Bottomline shall continue to provide the Services in accordance with the Agreement notwithstanding any such Customer instructions).
2.5. Bottomline may Process Customer Personal Data as required by applicable European Union, UK or European Union Member State laws. To the extent permitted by applicable laws, prior to Bottomline Processing Customer Personal Data under this Section 2.5, Bottomline shall inform the Customer of the relevant legal requirements that require it to undertake such Processing.
2.6. Where Bottomline receives an instruction from Customer that, in its reasonable opinion, infringes the Data Protection Laws, Bottomline shall inform Customer.
2.7. Provided Bottomline does so in accordance with Data Protection Laws, Customer agrees that Bottomline shall be entitled to create, use and disclose Anonymised Data, together with information it collects from its other customers for data analytics and development purposes, including to create insights, reports and other analytics and to improve and develop Bottomline’s products and services.
2.8. Bottomline shall implement appropriate technical and organisational measures, in relation to the protection of Customer Personal Data to protect against accidental, unauthorised or unlawful processing, access, copying, modification, reproduction, display or distribution of the Personal Data, and against accidental or unlawful loss, destruction, alteration, disclosure or damage and ensure a level of security appropriate to, the risk and, the measures referred to in Article 32(1) of the GDPR.
2.9. Bottomline shall take reasonable steps to ensure the reliability of any Bottomline Personnel who Process Customer Personal Data, ensuring:
(a) that access is strictly limited to those individuals who need to know or access the relevant Customer Personal Data for the purposes described in the Agreement (including these Privacy Terms); and
(b) that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
2.103.9. Customer represents and warrants on an ongoing basis that:that:
(a) it is subject to the territorial scope of the Data Protection Laws as determined in accordance therewith (including pursuant to Article 3 of the GDPR). Customer further agrees that to the extent that it is not in fact subject to the territorial scope of the Data Protection Laws, these Privacy Terms shall be deemed automatically void with effect from the Agreement Effective Date or the date when it was no longer subject to the territorial scope of the Data Protection Laws, if later, without requirement of notice;
(b) there is, and will be throughout the term of the Agreement, a valid legal basis (whether under Articles 6, 9 and/or 10 of the GDPR or otherwise as required under Data Protection Laws) for the Processing by Bottomline of Customer Personnel by Bottomline Personal Data in accordance with this Data Processing Addendum and the Agreement (including these Privacy Termsincluding, any and all instructions issued by Customer from time to time in respect of such Processing);; and
(cb) where applicable, Customer has been instructed by, and obtained the valid and effective authorisation of, any relevant third party Controller(s) (including, for these purposes, Customer Affiliates) to instruct Bottomline (and its Subprocessors that are approved in accordance with Section 3Subprocessors) to Process Customer Personal Data as set out in and contemplated by this Data Processing Addendum and the Agreement (including these Privacy Terms); and
(d) where applicable, the Customer has all necessary consents and notices in place to enable lawful transfer of Bottomline Personal Data to Bottomline and/or lawful collection of the same by Bottomline for the duration and purposes of these Privacy Terms.Agreement.
Appears in 1 contract
Sources: Data Processing Addendum
Processing of Customer Personal Data. 2.13.1. In respect of Customer Personal Data, the parties Parties acknowledge that (as between the parties):Parties):
(a) Bottomline is acts as a Processor; and
(b) Customer acts as the Processor and Customer is the Controller for Controller.
3.2. Bottomline shall not Process Customer Personal Data other than:
(notwithstanding a) on Customer’s instructions (subject always to Section 3.7); or
(b) as required by applicable European Union, UK or European Union Member State laws.
3.3. To the foregoing, where the Customer is the Processor for Customer Personal Dataextent permitted by applicable laws, Bottomline shall inform Customer of:
(a) any Processing to be deemed as a Subprocessorcarried out under Section 3.2(b); and
(b) Bottomline is an independent Controller for any Bottomline the relevant legal requirements that require it to carry out such Processing, before the relevant Processing of that Customer Personal Data.
2.23.4. Subject to Section 2.3, Customer instructs Bottomline to Process Customer Personal Data as necessary necessary:
(a) to provide the Relevant Services or otherwise to Customer; and
(b) to perform Bottomline’s obligations and exercise Bottomline’s rights under the Agreement.
2.33.5. Annex 1 (Data Processing Details) sets out certain information regarding Bottomline’s Processing of Customer Personal Data as required by Article 28(3) of the GDPR.
3.6. Where Bottomline receives an instruction from Customer that, in its reasonable opinion, infringes the GDPR, Bottomline shall inform Customer.
3.7. Customer acknowledges and agrees that any instructions additional to those set out in this Data Processing Addendum or the Agreement (including these Privacy Terms), issued by Customer with regards to the Processing of Customer Personal Data by or on behalf of Bottomline pursuant to or in connection with the Agreement:
(a) shall be strictly required for the sole purpose of ensuring compliance with Data Protection Laws; and
(b) shall not relate to the scope of, or otherwise materially change change, the Relevant Services to be provided by BottomlineBottomline under the Agreement.
2.43.8. In relation Notwithstanding anything to instructions which meet the conditions in Section 2.3 abovecontrary herein, the Bottomline may without liability to Customer may and with immediate effect terminate the relevant Services under the Agreement by providing Bottomline with at least sixty (60) days’ prior in its entirety upon written notice, notice to Customer if Bottomline notifies the Customer considers (in its reasonable discretion) that:
(a) it is unable to adhere to, perform or implement any instructions issued by Customer due to the technical limitations of its systems, equipment and/or facilities; and/or
(b) to adhere to, perform or implement any such instructions would require disproportionate effort (whether in terms of time, cost, available technology, manpower or otherwise) provided always that: (i) the parties shall in good faith seek to reach a mutually acceptable resolution within thirty (30) days of Bottomline notifying the Customer that it is unable to meet the instructions under Section 2.3, and (ii) until such time as either a resolution has been reached between the parties or the Customer exercises its above termination right, Bottomline shall continue to provide the Services in accordance with the Agreement notwithstanding any such Customer instructions.),
2.5. Bottomline may Process Customer Personal Data as required by applicable European Union, UK or European Union Member State laws. To the extent permitted by applicable laws, prior to Bottomline Processing Customer Personal Data under this Section 2.5, Bottomline shall inform the Customer of the relevant legal requirements that require it to undertake such Processing.
2.6. Where Bottomline receives an instruction from Customer that, in its reasonable opinion, infringes the Data Protection Laws, Bottomline shall inform Customer.
2.7. Provided Bottomline does so in accordance with Data Protection Laws, Customer agrees that Bottomline shall be entitled to create, use and disclose Anonymised Data, together with information it collects from its other customers for data analytics and development purposes, including to create insights, reports and other analytics and to improve and develop Bottomline’s products and services.
2.8. Bottomline shall implement appropriate technical and organisational measures, in relation to the protection of Customer Personal Data to protect against accidental, unauthorised or unlawful processing, access, copying, modification, reproduction, display or distribution of the Personal Data, and against accidental or unlawful loss, destruction, alteration, disclosure or damage and ensure a level of security appropriate to, the risk and, the measures referred to in Article 32(1) of the GDPR.
2.9. Bottomline shall take reasonable steps to ensure the reliability of any Bottomline Personnel who Process Customer Personal Data, ensuring:
(a) that access is strictly limited to those individuals who need to know or access the relevant Customer Personal Data for the purposes described in the Agreement (including these Privacy Terms); and
(b) that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
2.103.9. Customer represents and warrants on an ongoing basis that:that:
(a) it is subject to the territorial scope of the Data Protection Laws as determined in accordance therewith (including pursuant to Article 3 of the GDPR). Customer further agrees that to the extent that it is not in fact subject to the territorial scope of the Data Protection Laws, these Privacy Terms shall be deemed automatically void with effect from the Agreement Effective Date or the date when it was no longer subject to the territorial scope of the Data Protection Laws, if later, without requirement of notice;
(b) there is, and will be throughout the term of the Agreement, a valid legal basis (whether under Articles 6, 9 and/or 10 of the GDPR or otherwise as required under Data Protection Laws) for the Processing by Bottomline of Customer Personnel by Bottomline Personal Data in accordance with this Data Processing Addendum and the Agreement (including these Privacy Termsincluding, any and all instructions issued by Customer from time to time in respect of such Processing);; and
(cb) where applicable, Customer has been instructed by, and obtained the valid and effective authorisation of, any relevant third party Controller(s) (including, for these purposes, Customer Affiliates) to instruct Bottomline (and its Subprocessors that are approved subject to and in accordance with Section 36) to Process Customer Personal Data as set out in and contemplated by this Data Processing Addendum and the Agreement (including these Privacy Terms); and
(d) where applicable, the Customer has all necessary consents and notices in place to enable lawful transfer of Bottomline Personal Data to Bottomline and/or lawful collection of the same by Bottomline for the duration and purposes of these Privacy Terms.Agreement.
Appears in 1 contract
Sources: Data Processing Addendum
Processing of Customer Personal Data. 2.13.1. In respect of Customer Personal Data, the parties Parties acknowledge that (as between the parties):Parties):
(a) Bottomline is acts as a Processor; and
(b) Customer acts as the Processor and Customer is the Controller for Controller.
3.2. Bottomline shall not Process Customer Personal Data other than:
(notwithstanding the foregoing, where the Customer is the Processor for Customer Personal Data, Bottomline shall be deemed as a Subprocessora) on Customer’s instructions (subject always to Section 3.7); and
(b) as required by applicable laws.
3.3. To the extent permitted by applicable laws, Bottomline is an independent Controller for shall inform Customer of:
(a) any Bottomline Processing to be carried out under Section 3.2(b); and
(b) the relevant legal requirements that require it to carry out such Processing, before the relevant Processing of that Customer Personal Data.
2.23.4. Subject to Section 2.3, Customer instructs Bottomline to Process Customer Personal Data as necessary necessary:
(a) to provide the Relevant Services or otherwise to Customer; and
(b) to perform Bottomline’s obligations and exercise Bottomline’s rights under the Agreement.
2.33.5. Annex 1 (Data Processing Details) sets out certain information regarding Bottomline’s Processing of Customer Personal Data as required by Article 28(3) of the GDPR.
3.6. Where Bottomline receives an instruction from Customer that, in its reasonable opinion, infringes the GDPR, Bottomline shall inform Customer.
3.7. Customer acknowledges and agrees that any instructions additional to those set out in the Agreement (including these Privacy Terms), issued by Customer with regards to the Processing of Customer Personal Data by or on behalf of Bottomline pursuant to or in connection with the Agreement:
(a) shall be strictly required for the sole purpose of ensuring compliance with Data Protection Laws; and
(b) shall not relate to the scope of, or otherwise materially change change, the Relevant Services to be provided by BottomlineBottomline under the Agreement.
2.43.8. In relation Notwithstanding anything to instructions which meet the conditions in Section 2.3 abovecontrary herein, the Bottomline may without liability to Customer may and with immediate effect terminate the relevant Services under the Agreement by providing Bottomline with at least sixty (60) days’ prior in its entirety upon written notice, notice to Customer if Bottomline notifies the Customer considers (in its reasonable discretion) that:
(a) it is unable to adhere to, perform or implement any instructions issued by Customer due to the technical limitations of its systems, equipment and/or facilities; and/or
(b) to adhere to, perform or implement any such instructions would require disproportionate effort (whether in terms of time, cost, available technology, manpower or otherwise) provided always that: (i) the parties shall in good faith seek to reach a mutually acceptable resolution within thirty (30) days of Bottomline notifying the Customer that it is unable to meet the instructions under Section 2.3, and (ii) until such time as either a resolution has been reached between the parties or the Customer exercises its above termination right, Bottomline shall continue to provide the Services in accordance with the Agreement notwithstanding any such Customer instructions.),
2.5. Bottomline may Process Customer Personal Data as required by applicable European Union, UK or European Union Member State laws. To the extent permitted by applicable laws, prior to Bottomline Processing Customer Personal Data under this Section 2.5, Bottomline shall inform the Customer of the relevant legal requirements that require it to undertake such Processing.
2.6. Where Bottomline receives an instruction from Customer that, in its reasonable opinion, infringes the Data Protection Laws, Bottomline shall inform Customer.
2.7. Provided Bottomline does so in accordance with Data Protection Laws, Customer agrees that Bottomline shall be entitled to create, use and disclose Anonymised Data, together with information it collects from its other customers for data analytics and development purposes, including to create insights, reports and other analytics and to improve and develop Bottomline’s products and services.
2.8. Bottomline shall implement appropriate technical and organisational measures, in relation to the protection of Customer Personal Data to protect against accidental, unauthorised or unlawful processing, access, copying, modification, reproduction, display or distribution of the Personal Data, and against accidental or unlawful loss, destruction, alteration, disclosure or damage and ensure a level of security appropriate to, the risk and, the measures referred to in Article 32(1) of the GDPR.
2.9. Bottomline shall take reasonable steps to ensure the reliability of any Bottomline Personnel who Process Customer Personal Data, ensuring:
(a) that access is strictly limited to those individuals who need to know or access the relevant Customer Personal Data for the purposes described in the Agreement (including these Privacy Terms); and
(b) that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
2.103.9. Customer represents and warrants on an ongoing basis that:that:
(a) it is subject to the territorial scope of the Data Protection Laws as determined in accordance therewith (including pursuant to Article 3 of the GDPR). Customer further agrees that to the extent that it is not in fact subject to the territorial scope of the Data Protection Laws, these Privacy Terms shall be deemed automatically void with effect from the Agreement Effective Date or the date when it was no longer subject to the territorial scope of the Data Protection Laws, if later, without requirement of notice;
(b) there is, and will be throughout the term of the Agreement, a valid legal basis (whether under Articles 6, 9 and/or 10 of the GDPR or otherwise as required under Data Protection Laws) for the Processing by Bottomline of Customer Personnel by Bottomline Personal Data in accordance with this Data Processing Addendum and the Agreement (including these Privacy Termsincluding, any and all instructions issued by Customer from time to time in respect of such Processing);; and
(cb) where applicable, Customer has been instructed by, and obtained the valid and effective authorisation of, any relevant third party Controller(s) (including, for these purposes, Customer Affiliates) to instruct Bottomline (and its Subprocessors that are approved subject to and in accordance with Section 36) to Process Customer Personal Data as set out in and contemplated by this Data Processing Addendum and the Agreement (including these Privacy Terms); and
(d) where applicable, the Customer has all necessary consents and notices in place to enable lawful transfer of Bottomline Personal Data to Bottomline and/or lawful collection of the same by Bottomline for the duration and purposes of these Privacy Terms.Agreement.
Appears in 1 contract
Sources: Data Processing Addendum
Processing of Customer Personal Data. 2.13.1. In respect of Customer Personal Data, the parties Parties acknowledge that (as between the parties):Parties):
(a) Bottomline is acts as a Processor; and
(b) Customer acts as the Processor and Customer is the Controller for Controller.
3.2. Bottomline shall not Process Customer Personal Data other than:
(notwithstanding a) on Customer’s instructions (subject always to Section 3.7); or
(b) as required by applicable Data Protection Laws.
3.3. To the foregoing, where the Customer is the Processor for Customer Personal Dataextent permitted by applicable laws, Bottomline shall inform Customer of:
(a) any Processing to be deemed as a Subprocessorcarried out under Section 3.2(b); and
(b) Bottomline is an independent Controller for any Bottomline the relevant legal requirements that require it to carry out such Processing, before the relevant Processing of that Customer Personal Data.
2.23.4. Subject to Section 2.3, Customer instructs Bottomline to Process Customer Personal Data as necessary necessary:
(a) to provide the Relevant Services or otherwise to Customer; and
(b) to perform Bottomline’s obligations and exercise Bottomline’s rights under the Agreement.
2.33.5. Annex 1 (Data Processing Details) sets out certain information regarding Bottomline’s Processing of Customer Personal Data.
3.6. Where Bottomline receives an instruction from Customer that, in its reasonable opinion, infringes the Data Protection Laws, Bottomline shall inform Customer.
3.7. Customer acknowledges and agrees that any instructions additional to those set out in this Data Processing Addendum or the Agreement (including these Privacy Terms), issued by Customer with regards to the Processing of Customer Personal Data by or on behalf of Bottomline pursuant to or in connection with the Agreement:
(a) shall be strictly required for the sole purpose of ensuring compliance with Data Protection Laws; and
(b) shall not relate to the scope of, or otherwise materially change change, the Relevant Services to be provided by BottomlineBottomline under the Agreement.
2.43.8. In relation Notwithstanding anything to instructions which meet the conditions in Section 2.3 abovecontrary herein, the Bottomline may without liability to Customer may and with immediate effect terminate the relevant Services under the Agreement by providing Bottomline with at least sixty (60) days’ prior in its entirety upon written notice, notice to Customer if Bottomline notifies the Customer considers (in its reasonable discretion) that:
(a) it is unable to adhere to, perform or implement any instructions issued by Customer due to the technical limitations of its systems, equipment and/or facilities; and/or
(b) to adhere to, perform or implement any such instructions would require disproportionate effort (whether in terms of time, cost, available technology, manpower or otherwise) provided always that: (i) the parties shall in good faith seek to reach a mutually acceptable resolution within thirty (30) days of Bottomline notifying the Customer that it is unable to meet the instructions under Section 2.3, and (ii) until such time as either a resolution has been reached between the parties or the Customer exercises its above termination right, Bottomline shall continue to provide the Services in accordance with the Agreement notwithstanding any such Customer instructions.),
2.5. Bottomline may Process Customer Personal Data as required by applicable European Union, UK or European Union Member State laws. To the extent permitted by applicable laws, prior to Bottomline Processing Customer Personal Data under this Section 2.5, Bottomline shall inform the Customer of the relevant legal requirements that require it to undertake such Processing.
2.6. Where Bottomline receives an instruction from Customer that, in its reasonable opinion, infringes the Data Protection Laws, Bottomline shall inform Customer.
2.7. Provided Bottomline does so in accordance with Data Protection Laws, Customer agrees that Bottomline shall be entitled to create, use and disclose Anonymised Data, together with information it collects from its other customers for data analytics and development purposes, including to create insights, reports and other analytics and to improve and develop Bottomline’s products and services.
2.8. Bottomline shall implement appropriate technical and organisational measures, in relation to the protection of Customer Personal Data to protect against accidental, unauthorised or unlawful processing, access, copying, modification, reproduction, display or distribution of the Personal Data, and against accidental or unlawful loss, destruction, alteration, disclosure or damage and ensure a level of security appropriate to, the risk and, the measures referred to in Article 32(1) of the GDPR.
2.9. Bottomline shall take reasonable steps to ensure the reliability of any Bottomline Personnel who Process Customer Personal Data, ensuring:
(a) that access is strictly limited to those individuals who need to know or access the relevant Customer Personal Data for the purposes described in the Agreement (including these Privacy Terms); and
(b) that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
2.103.9. Customer represents and warrants on an ongoing basis that:that:
(a) it is subject to the territorial scope of the Data Protection Laws as determined in accordance therewith (including pursuant to Article 3 of the GDPR). Customer further agrees that to the extent that it is not in fact subject to the territorial scope of the Data Protection Laws, these Privacy Terms shall be deemed automatically void with effect from the Agreement Effective Date or the date when it was no longer subject to the territorial scope of the Data Protection Laws, if later, without requirement of notice;
(b) there is, and will be throughout the term of the Agreement, a valid legal basis (whether under Articles 6, 9 and/or 10 of the GDPR or otherwise as required under Data Protection Laws) for the Processing by Bottomline of Customer Personnel by Bottomline Personal Data in accordance with this Data Processing Addendum and the Agreement (including these Privacy Termsincluding, any and all instructions issued by Customer from time to time in respect of such Processing);; and
(cb) where applicable, Customer has been instructed by, and obtained the valid and effective authorisation of, any relevant third party Controller(s) (including, for these purposes, Customer Affiliates) to instruct Bottomline (and its Subprocessors that are approved subject to and in accordance with Section 36) to Process Customer Personal Data as set out in and contemplated by this Data Processing Addendum and the Agreement (including these Privacy Terms); and
(d) where applicable, the Customer has all necessary consents and notices in place to enable lawful transfer of Bottomline Personal Data to Bottomline and/or lawful collection of the same by Bottomline for the duration and purposes of these Privacy Terms.Agreement.
Appears in 1 contract
Sources: Data Processing Addendum
Processing of Customer Personal Data. 2.13.1. In respect of Customer Personal Data, the parties Parties acknowledge that (as between the parties):Parties):
(a) Bottomline is acts as a Processor; and
(b) Customer acts as the Processor and Customer is the Controller for Controller.
3.2. Bottomline shall not Process Customer Personal Data other than:
(notwithstanding the foregoing, where the Customer is the Processor for Customer Personal Data, Bottomline shall be deemed as a Subprocessora) on Customer’s instructions (subject always to Section 3.7); and
(b) as required by applicable laws.
3.3. To the extent permitted by applicable laws, Bottomline is an independent Controller for shall inform Customer of:
(a) any Bottomline Processing to be carried out under Section 3.2(b); and
(b) the relevant legal requirements that require it to carry out such Processing, before the relevant Processing of that Customer Personal Data.
2.23.4. Subject to Section 2.3, Customer instructs Bottomline to Process Customer Personal Data as necessary necessary:
(a) to provide the Relevant Services or otherwise to Customer; and
(b) to perform Bottomline’s obligations and exercise Bottomline’s rights under the Agreement.
2.33.5. Annex 1 (Data Processing Details) sets out certain information regarding Bottomline’s Processing of Customer Personal Data as required by Article 28(3) of the GDPR.
3.6. Where Bottomline receives an instruction from Customer that, in its reasonable opinion, infringes the GDPR, Bottomline shall inform Customer.
3.7. Customer acknowledges and agrees that any instructions additional to those set out in the Agreement (including these Privacy Terms), issued by Customer with regards to the Processing of Customer Personal Data by or on behalf of Bottomline pursuant to or in connection with the Agreement:
(a) shall be strictly required for the sole purpose of ensuring compliance with Data Protection Laws; and
(b) shall not relate to the scope of, or otherwise materially change change, the Relevant Services to be provided by BottomlineBottomline under the Agreement.
2.43.8. In relation Notwithstanding anything to instructions which meet the conditions in Section 2.3 abovecontrary herein, the Customer Bottomline may without liability to either party and with immediate effect terminate the relevant Services under the Agreement by providing Bottomline with at least sixty (60) days’ prior in its entirety upon written notice, notice to Customer if Bottomline notifies the Customer considers (in its reasonable discretion) that:
(a) it is unable to adhere to, perform or implement any instructions issued by Customer due to the technical limitations of its systems, equipment and/or facilities; and/or
(b) to adhere to, perform or implement any such instructions would require disproportionate effort (whether in terms of time, cost, available technology, manpower or otherwise) provided always that: (i) the parties shall in good faith seek to reach a mutually acceptable resolution within thirty (30) days of Bottomline notifying the Customer that it is unable to meet the instructions under Section 2.3, and (ii) until such time as either a resolution has been reached between the parties or the Customer exercises its above termination right, Bottomline shall continue to provide the Services in accordance with the Agreement notwithstanding any such Customer instructions).
2.5. Bottomline may Process Customer Personal Data as required by applicable European Union, UK or European Union Member State laws. To the extent permitted by applicable laws, prior to Bottomline Processing Customer Personal Data under this Section 2.5, Bottomline shall inform the Customer of the relevant legal requirements that require it to undertake such Processing.
2.6. Where Bottomline receives an instruction from Customer that, in its reasonable opinion, infringes the Data Protection Laws, Bottomline shall inform Customer.
2.7. Provided Bottomline does so in accordance with Data Protection Laws, Customer agrees that Bottomline shall be entitled to create, use and disclose Anonymised Data, together with information it collects from its other customers for data analytics and development purposes, including to create insights, reports and other analytics and to improve and develop Bottomline’s products and services.
2.8. Bottomline shall implement appropriate technical and organisational measures, in relation to the protection of Customer Personal Data to protect against accidental, unauthorised or unlawful processing, access, copying, modification, reproduction, display or distribution of the Personal Data, and against accidental or unlawful loss, destruction, alteration, disclosure or damage and ensure a level of security appropriate to, the risk and, the measures referred to in Article 32(1) of the GDPR.
2.9. Bottomline shall take reasonable steps to ensure the reliability of any Bottomline Personnel who Process Customer Personal Data, ensuring:
(a) that access is strictly limited to those individuals who need to know or access the relevant Customer Personal Data for the purposes described in the Agreement (including these Privacy Terms); and
(b) that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
2.103.9. Customer represents and warrants on an ongoing basis that:that:
(a) it is subject to the territorial scope of the Data Protection Laws as determined in accordance therewith (including pursuant to Article 3 of the GDPR). Customer further agrees that to the extent that it is not in fact subject to the territorial scope of the Data Protection Laws, these Privacy Terms shall be deemed automatically void with effect from the Agreement Effective Date or the date when it was no longer subject to the territorial scope of the Data Protection Laws, if later, without requirement of notice;
(b) there is, and will be throughout the term of the Agreement, a valid legal basis (whether under Articles 6, 9 and/or 10 of the GDPR or otherwise as required under Data Protection Laws) for the Processing by Bottomline of Customer Personnel by Bottomline Personal Data in accordance with this Data Processing Addendum and the Agreement (including these Privacy Termsincluding, any and all instructions issued by Customer from time to time in respect of such Processing);; and
(cb) where applicable, Customer has been instructed by, and obtained the valid and effective authorisation of, any relevant third party Controller(s) (including, for these purposes, Customer Affiliates) to instruct Bottomline (and its Subprocessors that are approved in accordance with Section 3Subprocessors) to Process Customer Personal Data as set out in and contemplated by this Data Processing Addendum and the Agreement (including these Privacy Terms); and
(d) where applicable, the Customer has all necessary consents and notices in place to enable lawful transfer of Bottomline Personal Data to Bottomline and/or lawful collection of the same by Bottomline for the duration and purposes of these Privacy Terms.Agreement.
Appears in 1 contract
Sources: Data Processing Addendum
Processing of Customer Personal Data. 2.1. In respect of Customer Personal Data, the parties Parties acknowledge that (as between the parties):that:
(a) Bottomline is the Processor and Customer is the Controller for Customer Personal Data (notwithstanding the foregoing, where the Customer is the Processor for Customer Personal Data, Bottomline shall be deemed Supplier acts as a Subprocessor)Data Processor or “service provider” as defined under the CCPA; and
(b) Bottomline is an independent Customer acts as the Data Controller for any Bottomline Personal Dataor “business” as defined under the CCPA.
2.2. Subject Supplier shall:
(a) comply with all applicable Data Protection Laws in Processing Customer Personal Data; and
(b) not Process Customer Personal Data other than:
(i) on Customer’s instructions (subject always to Section Paragraph 2.9); and
(ii) as required by applicable laws.
2.3, . Customer instructs Bottomline Supplier to Process Customer Personal Data as necessary necessary:
(a) to provide the Services or otherwise to Customer;
(b) to perform BottomlineSupplier’s obligations and exercise BottomlineSupplier’s rights or defend legal claims under the Agreement; and
(c) for the proper management and administration of Supplier’s business.
2.32.4. Annex 1 (Data Processing Details) sets out certain information regarding Supplier’s Processing of Customer Personal Data as required by Article 28(3) of the GDPR.
2.5. Customer may amend Annex 1 (Data Processing Details) on written notice to Supplier from time to time as Customer reasonably considers necessary to meet any applicable requirements of Data Protection Laws.
2.6. Nothing in Annex 1 (Data Processing Details) (including as amended pursuant to Paragraph 2.6) confers any right or imposes any obligation on any Party to this Data Processing Addendum.
2.7. Where Supplier receives an instruction from Customer that, in its reasonable opinion, infringes the GDPR, Supplier shall inform Customer.
2.8. Customer acknowledges and agrees that any instructions additional to those set out in the Agreement (including these Privacy Terms), issued by Customer with regards to the Processing of Customer Personal Data by or on behalf of Bottomline Supplier pursuant to or in connection with the Agreement:
(a) shall be strictly required for the sole purpose of ensuring compliance with applicable Data Protection Laws; and
(b) (without limitation to the generality of Paragraph 2.7) shall not relate to the scope of, or otherwise materially change change, the Services to be provided by BottomlineSupplier under the Agreement.
2.42.9. In relation Notwithstanding anything to instructions which meet the conditions in Section 2.3 abovecontrary herein, the Customer Supplier may terminate the relevant Services under the Agreement by providing Bottomline in its entirety upon written notice to Customer with at least sixty immediate effect if Supplier considers (60in its reasonable discretion) days’ prior written notice, if Bottomline notifies the Customer that:
(a) it is unable to adhere to, perform or implement any instructions issued by Customer due to the technical limitations of its systems, equipment and/or facilities; and/or
(b) to adhere to, perform or implement any such instructions would require disproportionate effort (whether in terms of time, cost, available technology, manpower or otherwise).
(c) provided always that: (i) For the parties shall in good faith seek avoidance of doubt, this Paragraph 2.9 does not refer to reach a mutually acceptable resolution within thirty (30) days of Bottomline notifying the Customer that it is unable to meet the instructions under Section set out in Paragraph 2.3, and (ii) until such time as either a resolution has been reached between the parties or the Customer exercises its above termination right, Bottomline shall continue to provide the Services in accordance with the Agreement notwithstanding any such Customer instructions.
2.5. Bottomline may Process Customer Personal Data as required by applicable European Union, UK or European Union Member State laws. To the extent permitted by applicable laws, prior to Bottomline Processing Customer Personal Data under this Section 2.5, Bottomline shall inform the Customer of the relevant legal requirements that require it to undertake such Processing.
2.6. Where Bottomline receives an instruction from Customer that, in its reasonable opinion, infringes the Data Protection Laws, Bottomline shall inform Customer.
2.7. Provided Bottomline does so in accordance with Data Protection Laws, Customer agrees that Bottomline shall be entitled to create, use and disclose Anonymised Data, together with information it collects from its other customers for data analytics and development purposes, including to create insights, reports and other analytics and to improve and develop Bottomline’s products and services.
2.8. Bottomline shall implement appropriate technical and organisational measures, in relation to the protection of Customer Personal Data to protect against accidental, unauthorised or unlawful processing, access, copying, modification, reproduction, display or distribution of the Personal Data, and against accidental or unlawful loss, destruction, alteration, disclosure or damage and ensure a level of security appropriate to, the risk and, the measures referred to in Article 32(1) of the GDPR.
2.9. Bottomline shall take reasonable steps to ensure the reliability of any Bottomline Personnel who Process Customer Personal Data, ensuring:
(a) that access is strictly limited to those individuals who need to know or access the relevant Customer Personal Data for the purposes described in the Agreement (including these Privacy Terms); and
(b) that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
2.10. Customer represents and warrants on an ongoing basis that:
(a) it is subject to that, for the territorial scope purposes of the Data Protection Laws as determined in accordance therewith (including pursuant to Article 3 6 of the GDPR). Customer further agrees that to the extent that it is not in fact subject to the territorial scope of the Data Protection Laws, these Privacy Terms shall be deemed automatically void with effect from the Agreement Effective Date or the date when it was no longer subject to the territorial scope of the Data Protection Laws, if later, without requirement of notice;
(b) there is, and will be throughout the term of the Agreement, a valid legal basis (whether under Articles 6, 9 and/or 10 of for the GDPR or otherwise as required under Data Protection Laws) for Processing by Supplier of Customer Personnel by Bottomline Personal Data in accordance with this Data Processing Addendum and the Agreement (including these Privacy Terms);
(c) where applicable, Customer has been instructed by, and obtained the valid and effective authorisation ofincluding, any relevant third party Controller(s) (including, for these purposes, and all instructions issued by Customer Affiliates) from time to instruct Bottomline (and its Subprocessors that are approved time in accordance with Section 3) to Process Customer Personal Data as set out in and contemplated by the Agreement (including these Privacy Termsrespect of such Processing); and
(d) where applicable, the Customer has all necessary consents and notices in place to enable lawful transfer of Bottomline Personal Data to Bottomline and/or lawful collection of the same by Bottomline for the duration and purposes of these Privacy Terms..
Appears in 1 contract
Sources: Data Processing Addendum