Common use of Protection and use of Personal Information Clause in Contracts

Protection and use of Personal Information. (a) If the Supplier or its Personnel obtains access to, or collects, uses, holds, controls, manages or otherwise processes, any Personal Information in connection with this Agreement (regardless of whether or not that Personal Information forms part of the Customer Data), the Supplier must (and must ensure that its Personnel): (i) comply with all Privacy Laws, as though it were a person subject to those Privacy Laws; (ii) only use that Personal Information for the sole purpose of carrying out the Supplier's Activities; (iii) not disclose the Personal Information to any other person (other than as permitted by the Data Location Conditions) without the Customer’s prior written consent, which may be given in respect of classes or categories of subcontractors or types of subcontracted activities and made subject to any applicable conditions; (iv) not transfer the Personal Information outside Australia Customer’s selected hosting deployment location (which as of the date of this Agreement is Australia) or access it, or allow it to be accessed, from outside Customer’s selected hosting deployment location (which as of the date of this Agreement is Australia) unless permitted in the Order Form and subject to the Supplier's and its Personnel's compliance with the Data Location Conditions, or in accordance with clause 20.1(a)(v) below; (v) Notwithstanding clause 20.1(a)(iv), the Supplier may transfer, store, process, access, disclose or view Personal Information outside of Australia: A. if expressly permitted under the Order Form, at the locations specified in the Order Documents (or as otherwise agreed to in writing in advance by the Customer); and B. subject to the Supplier's and its Personnel's compliance with the Data Location Conditions. (vi) protect the Personal Information from unauthorised access, use, disclosure, modification and other misuse and in accordance with the security requirements under this Agreement; (vii) if it becomes aware that there has been an actual Security Incident (or has reasonable grounds to suspect that there has been a Security Incident) involving Personal Information: A. comply with clause 22; B. cooperate with Customer’s reasonable investigation or Customer’s efforts to comply with any notification or other regulatory requirements applicable to such Security Incident;

Protection and use of Personal Information. (a) If the Supplier or its Personnel obtains access to, or collects, uses, holds, controls, manages or otherwise processes, any Personal Information in connection with this Agreement (regardless of whether or not that Personal Information forms part of the Customer Data), the Supplier must (and must ensure that its Personnel): (i) comply with all Privacy Laws, as though it were a person subject to those Privacy Laws; (ii) only use that Personal Information for the sole purpose of carrying out the Supplier's Activities; (iii) not disclose the Personal Information to any other person (other than as permitted by the Data Location Conditions) without the Customer’s prior written consent, which may be given in respect of classes or categories of subcontractors or types of subcontracted activities and made subject to any applicable conditions; (iv) not transfer the Personal Information outside New South Wales, Australia Customer’s selected hosting deployment location (which as of the date of this Agreement is Australia) or access it, or allow it to be accessed, from outside Customer’s selected hosting deployment location (which as of the date of this Agreement is Australia) New South Wales, Australia unless permitted in the Order Form or relevant Module Terms and subject to the Supplier's and its Personnel's compliance with the Data Location Conditions, or in accordance with clause 20.1(a)(v) below; (v) Notwithstanding clause 20.1(a)(iv), the Supplier may transfer, store, process, access, disclose or view Personal Information outside of Australia: A. if expressly permitted under the Order Form, at the locations specified in the Order Documents (or as otherwise agreed to in writing in advance by the Customer); and B. subject to the Supplier's and its Personnel's compliance with the Data Location Conditions. (vi) protect the Personal Information from unauthorised access, use, disclosure, modification and other misuse and in accordance with the security requirements under this Agreement; (viivi) if it becomes aware that there has been an actual actual, alleged or suspected Security Incident (or has reasonable grounds to suspect that there has been a Security Incident) involving Personal Information: A. comply with clause 22; ; B. cooperate with Customer’s reasonable investigation or Customer’s efforts to comply with any notification reasonable direction (including as to timeframes) from the Customer with respect to that breach (which may include, for example, notifying any affected individuals of the breach of privacy); and C. take all reasonable steps to prevent such breach from recurring; and (vii) notify the Customer as soon as reasonably possible if the Supplier is approached by any privacy commissioner or other regulatory requirements applicable Authority concerning any Personal Information. (b) Where the Supplier is required by Law to produce or disclose any information or to develop or provide any response or explanation to an Authority in relation to any incident (including any privacy breach) concerning the handling, management, safekeeping or protection of any Personal Information in connection with this Agreement, it must (to the extent such Security Incident;action is permitted by Law), provide notice to the Customer as soon as reasonably possible of the nature and content of the information to be produced or disclosed and, prior to providing a response to the Authority or disclosing any Personal Information, engage in reasonable consultation with the Customer regarding its proposed response or explanation.