Common use of Protection and use of Personal Information Clause in Contracts

Protection and use of Personal Information. (a) If the Supplier or its Personnel obtains access to, or collects, uses, holds, controls, manages or otherwise processes, any Personal Information in connection with this Agreement (regardless of whether or not that Personal Information forms part of the Customer Data), the Supplier must (and must ensure that its Personnel): (i) comply with all Privacy Laws, as though it were a person subject to those Privacy Laws; (ii) only use that Personal Information for the sole purpose of carrying out the Supplier's Activities; (iii) not disclose the Personal Information to any other person without the Customer’s prior written consent, which may be given in respect of classes or categories of subcontractors or types of subcontracted activities and made subject to any applicable conditions; (iv) not transfer the Personal Information outside New South Wales, Australia or access it, or allow it to be accessed, from outside New South Wales, Australia unless permitted in the Order Form or relevant Module Terms and subject to the Supplier's and its Personnel's compliance with the Data Location Conditions; (v) protect the Personal Information from unauthorised access, use, disclosure, modification and other misuse and in accordance with the security requirements under this Agreement; (vi) if it becomes aware that there has been an actual, alleged or suspected Security Incident involving Personal Information: A. comply with clause 22; B. comply with any reasonable direction (including as to timeframes) from the Customer with respect to that breach (which may include, for example, notifying any affected individuals of the breach of privacy); and

Protection and use of Personal Information. ‌ (a) If the Supplier or its Personnel obtains access to, or collects, uses, holds, controls, manages or otherwise processes, any Personal Information in connection with this Agreement (regardless of whether or not that Personal Information forms part of the Customer Data), the Supplier must (and must ensure that its Personnel): (i): ( ) comply with all Privacy Laws, as though it were a person subject to those Privacy Laws; (iii) only use that Personal Information for the sole purpose of carrying out the Supplier's Activities; (iiiii) not disclose the Personal Information to any other person without the Customer’s prior written consent, which may be given in respect of classes or categories of subcontractors or types of subcontracted activities and made subject to any applicable conditions; (iviii) not transfer the Personal Information outside New South Wales, Australia or access it, or allow it to be accessed, from outside New South Wales, Australia unless permitted in the Order Form or relevant Module Terms and subject to the Supplier's and its Personnel's compliance with the Data Location Conditions; (viv) protect the Personal Information from unauthorised access, use, disclosure, modification and other misuse and in accordance with the security requirements under this Agreement; (viv) if it becomes aware that there has been an actual, alleged or suspected Security Incident involving Personal Information:: DocuSign Envelope ID: CE00C711-48E9-422C-B3A2-E85974D8689A A. comply with clause 22; B. comply with any reasonable direction (including as to timeframes) from the Customer with respect to that breach (which may include, for example, notifying any affected individuals of the breach of privacy); and

Protection and use of Personal Information. ‌ (a) If the Supplier or its Personnel obtains access to, or collects, uses, holds, controls, manages or otherwise processes, any Personal Information in connection with this Agreement (regardless of whether or not that Personal Information forms part of the Customer Data), the Supplier must (and must ensure that its Personnel): (i) comply with all Privacy Laws, as though it were a person subject to those Privacy Laws; (ii) only use that Personal Information for the sole purpose of carrying out the Supplier's Activities; (iii) not disclose the Personal Information to any other person without the Customer’s prior written consent, which may be given in respect of classes or categories of subcontractors or types of subcontracted activities and made subject to any applicable conditions; (iv) not transfer the Personal Information outside New South Wales, Australia or access it, or allow it to be accessed, from outside New South Wales, Australia unless permitted in the Order Form or relevant Module Terms and subject to the Supplier's and its Personnel's compliance with the Data Location Conditions; (v) protect the Personal Information from unauthorised access, use, disclosure, modification and other misuse and in accordance with the security requirements under this Agreement; (vi) if it becomes aware that there has been an actual, alleged or suspected Security Incident involving Personal Information: A. comply with clause 22; B. comply with any reasonable direction (including as to timeframes) from the Customer with respect to that breach (which may include, for example, notifying any affected individuals of the breach of privacy); and

Protection and use of Personal Information. (a) If the Supplier or its Personnel obtains access to, or collects, uses, holds, controls, manages or otherwise processes, any Personal Information in connection with this Agreement (regardless of whether or not that Personal Information forms part of the Customer Data), the Supplier must (and must ensure that its Personnel): (i) comply with all Privacy Laws, as though it were a person subject to those Privacy Laws; (ii) only use that Personal Information for the sole purpose of carrying out the Supplier's Activities; (iii) not disclose the Personal Information to any other person without the Customer’s prior written consent, which may be given in respect of classes or categories of subcontractors or types of subcontracted activities and made subject to any applicable conditions; (iv) not transfer the Personal Information outside New South Wales, Australia or access it, or allow it to be accessed, from outside New South Wales, Australia unless permitted in the Order Form or relevant Module Terms and subject to the Supplier's and its Personnel's compliance with the Data Location Conditions; (v) protect the Personal Information from loss, unauthorised access, use, disclosure, modification and other misuse and in accordance with the security requirements under this Agreement; (vi) if it becomes aware aware, or has reasonable grounds to suspect, that there has been an actual, alleged or suspected a Security Incident involving Personal Information: A. immediately make all reasonable efforts to contain the Security Incident involving Personal Information; B. comply with clause 22; B. C. unless otherwise directed by the Customer, comply with the Customer’s published data breach policy and any reasonable direction (including data breach procedures and documentation specified in the Order Form, as well as any other Policies, Codes and Standards relevant to timeframes) from the Customer with respect management, mitigation and response to that breach (which may include, for example, notifying any affected individuals of the breach of privacy); anda Security Incident;