STANDARD TERMS FOR ALL SUPPLIERS CONTRACTED BY CSM SPORT AND ENTERTAINMENT LLP AND ITS GROUP COMPANIES

The supply of all goods and/or services (which shall include all materials and deliverables) to CSM Sport and Entertainment LLP (“CSM”) by the Supplier is subject to these Standard Terms.

CSM operates as a group of individual businesses transacting separate lines of business. The rights and obligations of CSM as a party to the agreement, and its liability to the Supplier do not extend beyond the specified agency, except to the extent any other group business is explicitly and separately identified in the agreement as having rights and obligations in relation to the Supplier.

All orders for goods and/or services will only be authorised if they are made in writing either:

  1. on the official CSM Booking Form which contains an authorised order number; or

  2. in a Letter of Engagement (“LOE”) which contains an authorised contract number.

Both the Supplier and CSM will be required to sign the CSM Booking Form or the LOE as applicable and in so doing, the Supplier automatically accepts these Standard Terms (“Agreement”).

  1. INTELLECTUAL PROPERTY RIGHTS, TITLE AND RISK

    1. 1.1 Intellectual Property Rights means any and all rights in and to all inventions, patents, utility models, know-how, designs (both registered or unregistered), database rights, copyright and trade marks (both registered and unregistered), business and domain names, together with all rights to the grant of and applications for the same and including all similar or analogous rights and all other rights in the nature of intellectual and industrial property throughout the world and all future rights of such nature (“IPR”).

    2. The IPR together with all image and moral rights in all materials and deliverables as specified in the Booking Form or LOE, including artwork, photography, footage (in all forms of media), copy and other work produced as a result of the Agreement shall be assigned to CSM on creation.

    3. The Supplier will indemnify CSM against any claim made against CSM for any alleged or actual infringement, whether or not under English law, of any third party’s IPR or other rights relating to or arising out of the use of anything created in the course of providing Services.

    4. Where physical goods are being supplied, risk shall pass to CSM only when an authorised representative of CSM has signed to accept delivery of such goods.

  2. FINANCIAL

    1. Payment will be made the later of forty five (45) days after receipt of the Supplier’s valid VAT invoice or fourteen (14) days after receipt by CSM of the funds from the relevant client on whose behalf CSM is purchasing the Supplier’s goods and/or services (subject always to the receipt of the Supplier’s valid VAT invoice).

    2. CSM shall have the right, upon reasonable notice, to audit the Supplier’s accounts to review and verify the Supplier’s compliance with the provisions of the Agreement and verify that the charges (and any proposed or actual variations to them in accordance with these Standard Terms) have been accurately and properly calculated and applied by the Supplier.

    3. The Supplier shall disclose to CSM any cash, volume or similar discount available to the Supplier in the provision of the Services and CSM shall have the right to benefit from any such cash, volume or similar discount (as may be applicable). Further, the Supplier shall not mark up any costs included as part of the Charges in the provision of its Services.

    4. Unless agreed otherwise, all payments shall be made in sterling by transfer to such bank account as the Supplier may from time to time notify in writing to CSM.

    5. CSM may without limiting any other rights or remedies it may have, set off any amount owed to it by the Supplier under the Agreement against any amounts payable by it to the Supplier under the Agreement.

    6. CSM may withhold payment of the Charges if the Supplier is in breach of any of the terms of this Agreement, including any deadlines or KPIs.

  3. TIME FOR PERFORMANCE

    1. Time is of the essence in the performance of the Agreement by the Supplier. CSM has the right to sue for damages and loss if the Supplier fails to meet the agreed timeframes set out in the Agreement.

    2. The Supplier shall immediately notify CSM if it considers it’s reasonably unlikely that it will be able to meet the agreed timeframes.

    3. In the event of failure by the Supplier to meet agreed timeframes, CSM has the right either itself or through engaging a third party, to take such steps as CSM considers necessary to ensure the performance of that part of the services or the Supplier’s other obligations under the Agreement which the Supplier is unable to perform. CSM has the right to charge the Supplier the full costs of so doing.

  4. TERMINATION

    1. CSM may terminate the Agreement immediately:

      1. if the Supplier is in breach of the Agreement or these Standard Terms and has failed (in the case of a breach capable of being remedied) to remedy the breach within five (5) business days (being any day which is not a weekend or public holiday in England and Wales) of a written request to do so; and/or

      2. if (i) CSM’s agreement with a client for whom it is purchasing the Supplier’s services terminates; or (ii) changes required by CSM’s client materially change the scope of CSM’s services to the Client, such that the Supplier’s services are no longer required.

    2. CSM may terminate the Agreement on written notice of ten (10) business days if the Supplier:

      1. being a body corporate: (i) is unable to pay its debts as they fall due; (ii) passes a resolution for winding up (other than for the purposes of a solvent amalgamation or reconstruction) or if a court of competent jurisdiction makes an order to that effect; (iii) enters into a composition or scheme of arrangement with its creditors or if a receiver, manager, administrator or administrative receiver is appointed over any of its assets; (iv) ceases or threatens to cease to do business; or (v) an analogous event occurs to the other party in any jurisdiction;

      2. being an individual: (i) is subject to a bankruptcy petition or order made against him, or enters into any composition or arrangement with or for the benefit of his creditors; or (ii) if a receiver (including fixed charge or court appointed), manager, insolvency practitioner or similar officer shall be appointed over the whole or a substantial part of the undertaking, property or assets of the individual; or

      3. is subject to a Change of Control (as defined in clause 4.8 below) to a competitor of CSM, as determined by CSM in its sole discretion, acting reasonably.

    3. The termination of the Agreement for any reason shall not affect those provisions expressly or implicitly having effect after termination.

    4. If in CSM’s reasonable opinion, the Supplier, or any controlled or controlling person of the Supplier, acts or omits to act in a way which does or may bring CSM into disrepute or would adversely impact on CSM’s good name, reputation or public image, including causing or permitting anything which is offensive, immoral or illegal, CSM shall have the right to terminate this Agreement.

    5. The rights to terminate the Agreement set out in this clause 4 shall be without prejudice to any other right or remedy of any party in respect of the breach concerned (if any) or any other breach.

    6. On termination of this Agreement, the Supplier shall immediately deliver to the Customer all goods or services whether or not complete at such point in time. If Supplier is in breach of this Agreement no further payments shall be made to the Supplier and Supplier shall refund any pre-paid fees to CSM.

    7. Except for Supplier’s breach in accordance with clause 4.1.1, CSM shall pay the Supplier all costs for goods and/or services rendered to the satisfaction of CSM up to the point of termination but shall not be liable to the Supplier for any further costs, losses or damages under any circumstances.

    8. For the purposes of this Agreement, “Change of Control” means the sale of all or substantially all the assets of the Supplier; any merger, consolidation or acquisition of the Supplier with, by or into another corporation, entity or person; or any change in the ownership of more than fifty percent (50%) of the voting capital stock of the Supplier in one or more related transactions.

  5. PROVISION OF SERVICES AND INSURANCE

    1. The Supplier warrants that it will:

      1. provide the goods and/or services with the relevant industry standard of skill and care and commensurate with an skilled and experienced supplier of the same goods and/or services;

      2. use personnel who are suitably skilled and experienced to perform tasks assigned to them, and in sufficient number to ensure that the Supplier’s obligations are fulfilled;

      3. ensure that the Services conform in all respects and at all times with any specification and/or description for the Services agreed by the parties and comply with all applicable legislation;

      4. ensure that the product(s) of the Services are of satisfactory quality;

      5. make its representatives available to CSM at mutually acceptable times and locations to keep CSM fully informed of the progress of the Services being provided and provide CSM with regular status updates as may be reasonably requested by CSM; and

      6. meet any agreed performance dates and provide the Services in accordance with any agreed KPIs.

    2. In the event that CSM becomes aware of any discrepancy, error or deficiency in the Services, it shall notify the Supplier immediately. In the event that any discrepancy, error or deficiency in the Services is discovered during the Term, the Supplier shall CSM’s approval, without delay and at its own cost, rectify such discrepancy, error or deficiency or re-perform such Services.

    3. If required to attend a CSM (or its client’s) site, the Supplier and its staff and representatives and all those acting under its authority shall comply with all site requirements as notified to the Supplier.

    4. The Supplier shall, at its own expense, maintain in force with a reputable insurance company, (i) public liability insurance with a minimum of £5,000,000 per occurrence and £5,000,000 in the aggregate; (ii) employers’ liability insurance with a minimum of

      £10,000,000 per occurrence; and (iii) professional indemnity insurance and (iv) product liability insurance (if goods are supplied), together with such additional insurance as may be requested by CSM given the nature of the supply of the goods and/or services provided by the Supplier, and to such a level acceptable by CSM to cover the Supplier’s legal liabilities under this Agreement.

    5. Supplier must supply valid certificates of insurance to CSM prior to work commencing.

    6. CSM shall have the right to require the Supplier to increase its level of insurance, or to procure additional insurance (in each instance at the Supplier’s own expense), if in CSM’s reasonable opinion it deems the Supplier’s insurance to be inadequate.

    7. The Supplier remains responsible at all times for its personnel and for any persons appointed by it or associated with it to provide the goods and/or services and shall ensure that its personnel have all the necessary permits, licences, skills and experience to provide the Services. For the purposes of these standard terms a person associated with the Supplier includes any sub-contractor of the Supplier which must have been approved in advance in writing by CSM.

  6. PROHIBITED PUBLICITY ACTIVITIES

    1. Protected Marks means any trademarks, trade names, logos, designs or similar graphics which may be advised to the Supplier by CSM as being protected and/or any name or logo of CSM (or its client).

    2. The Supplier agrees that it shall not:

      1. use any marks or any trade marks, trade names or logos which cause confusion with the Protected Marks;

      2. undertake any form of Ambush Marketing which means any activity, commercial or non-commercial, undertaken by any person or entity, whether public or private, that creates, implies or refers to a direct or indirect association of any kind (including an association in the minds of members of the public) with any of the Protected Marks or any of the activities covered by the Agreement;

      3. cause to be done, or permit anyone reasonably within the Supplier’s control to do, anything which might damage or endanger the validity or distinctiveness of, or the goodwill in, the Protected Marks;

      4. take or publish any photographs or make any other graphical or other reproduction (including film) in connection with the provision of the goods and/or services or for personal use without the prior written permission of CSM;

      5. represent, directly or indirectly, that any product or service provided has been endorsed or approved by CSM (or its client) or the event or activity for which the goods and/or service is being provided;

      6. use in advertising, publicity or any other communication, whether written, electronic or any other means, CSM’s (or its client’s) name and/or logo, or any Protected Mark; or

      7. publish or issue any statement (factual or otherwise) about the Supplier’s provision of goods and/or services to CSM (or its client).

  7. LIABILITIES

    1. Nothing in the Agreement shall limit the liability of either party for death or personal injury resulting from its negligence or for fraudulent misrepresentation or for any liability which cannot be excluded by law.

    2. CSM’s rights and remedies under this Agreement are in addition to its rights and remedies implied by statute and common law.

    3. The Supplier will indemnify CSM against all costs, losses, damages and liabilities (whether direct or indirect) including any interest, penalties and legal and other fees and expenses awarded against / incurred or paid by CSM resulting from a breach by the Supplier of any of its contractual obligations arising under the Agreement.

    4. CSM shall not be liable under any circumstances to the Supplier for any indirect or consequential loss, including: (i) loss of revenue or profits; (ii) loss of business; (iii) loss of opportunity (iv) loss of goodwill; (v) loss of reputation; or (v) loss of, damage to, or corruption of data.

    5. CSM shall not be responsible for any Guests attending an event to which the Services relate, and CSM shall not assume any liability for any loss, injury (including death) or damage: (i) caused by the Guests; or (ii) to the Guests or their property, unless the same arises as a result of CSM’s negligence.

    6. Except as stated in clause 7.1, the aggregate liability of CSM to the Supplier with respect to all claims under or in connection with the Agreement shall be limited to damages not exceeding the total amount of fees and costs paid or payable by CSM to the Supplier under the Agreement in the twelve (12) months immediately prior to the date of any claim or series of connectedclaims.

  8. CONFIDENTIALITY

    1. Each party undertakes that it shall not during this Agreement, and for a period of two (2) years after termination of this Agreement, disclose to any person any Confidential Information (as defined in clause 8.4) except as permitted by Clause 8.2.

    2. Each party may disclose the other party's Confidential Information:

      1. to its employees, officers, representatives or advisers or those that have a need to know such information for the purposes of exercising the party's rights or carrying out its obligations under or in connection with this Agreement. Each party shall ensure that its employees, officers, representatives or advisers to whom it discloses the other party's Confidential Information comply with this Clause 8; and

      2. as may be required by law, a court of competent jurisdiction or any governmental or regulatory authority, provided such disclosure is kept to a minimum, where possible.

    3. No party shall use any other party's Confidential Information for any purpose other than to exercise its rights and perform its obligations under or in connection with this Agreement.

    4. For the purposes of this Agreement, “Confidential Information” means all information disclosed by or on behalf of a party or otherwise acquired by a party which is clearly marked as confidential or notified in writing to the receiving party as being confidential or by its nature is reasonably deemed to be confidential including, but not limited to, all business, financial, commercial, technical, operational, organisational, legal, management and marketing information marked as confidential or notified in writing to the receiving party as confidential;

  9. FORCE MAJEURE

    1. If either party is prevented or delayed by Force Majeure from the performance of any of its obligations under the Agreement (the “Defaulting Party”), then the Defaulting Party shall not be liable to the other party for delay or non-performance of its obligations under the Agreement so affected and such delay or non-performance shall not constitute a breach of the Agreement. “Force Majeure” shall be any act, event, omission, cause or circumstance not within the reasonable control of the party in question, including any strike, lockout or other industrial action, any civil commotion or disorder, riot, invasion, war or terrorist activity or threat of war or terrorist activity, any action taken by a governmental or public authority of any kind (including not granting a consent, exemption, approval or clearance), an event of national significance (including any day of national mourning), any fire, explosion, storm, flood, earthquake, subsidence, epidemic or other natural physical disaster. If any event or circumstances prevent the Supplier from performing its obligations under the Agreement for a continuous period of more than fifteen (15) business days, CSM may terminate the Agreement immediately by giving written notice to the Supplier. The Supplier shall be required to mitigate the effects of any Force Majeure event.

  10. COMPLIANCE WITH REGULATORY REQUIREMENTS

    1. The Supplier shall comply, and shall procure that its associates comply with:

      1. the UK Bribery Act 2010 and all other applicable laws, regulations, codes and sanctions relating to anti-bribery and anti- corruption;

      2. any trade, export controls, economic or financial sanctions laws, regulations, embargoes or restrictive measures administered, enacted or enforced in the state(s) in which the party is registered, established or in which it otherwise conducts activities;

      3. the Data Protection Act 2018 and all other applicable laws, regulations, codes and sanctions relating to data protection and information security and, where applicable, the provisions of the Data Processing Appendix (below);

      4. any health and safety requirements and regulations, including the Health and Safety at Work Act 1974 and any relevant documents as requested by CSM; and

      5. the Modern Slavery Act 2015 and all other applicable laws, regulations, codes and sanctions relating to anti-slavery and human trafficking,

        (the “Relevant Requirements”).

    2. The Supplier shall have in place shall have in place adequate procedures designed to prevent its associates from engaging in any activity, practice or conduct which would infringe any of the Relevant Requirements. The Supplier shall provide such supporting evidence of such procedures as CSM may reasonably request.

    3. The Supplier shall indemnify CSM against any losses, liabilities, damages, costs (including legal fees) and expenses incurred by, or awarded against, CSM as a result of any breach of this clause 10 by the Supplier or any breach of provisions equivalent to this clause in any subcontract by any subcontractor of the Supplier.

    4. For the purposes of this clause 10, a person associated with a party includes any directors, employees, agents, representatives, contractors or permitted subcontractor of that party.

    5. CSM may terminate this Agreement by written notice with immediate effect in the event that the Supplier breaches, or is investigated for a breach of, any of the provisions of this clause 10.

  11. SUPPLIER WARRANTIES

    1. The Supplier warrants that:

      1. in carrying on its business, it abides by all relevant and applicable laws and regulations, including the Relevant Requirements, and neither the Supplier, nor any controlled or controlling person nor official of the Supplier, is subject to any such sanctions, or will receive any significant benefit in money or otherwise from the work being done for CSM;

      2. it is not, nor any beneficial owners, director or any other person who has powers of representation, decision or control over the Supplier is not identified on any restricted party list issued by a national government or international organisation as subject to any sanction or embargo, including without limitation, any such list maintained by the Security Counsel of the United Nations, the European Union, the United Kingdom and/or by the authorities of the state(s) in which the Supplier is registered, established or in which it otherwise conducts activities;

      3. it has disclosed to CSM any recent judgments and pending claims of a material nature, or which are likely to adversely affect its or CSM’s good name, reputation, or public image; and

      4. it has in place systems for preventing, auditing and investigating fraudulent, corrupt or illegal activities, security breaches or similar situations and is not aware of any such situation currently existing.

    2. Breach of any of the warranties in this clause shall entitle CSM to terminate the Agreement by written notice with immediate effect.

  12. GENERAL

    1. The Supplier shall:

      1. uphold all reasonable requirements relating to sustainability as may be required by CSM in the provision of the goods and/or services; and

      2. not do or omit to do anything which would bring or might be expected to bring CSM into disrepute;

      3. not seek to solicit, endeavour to entice away, canvass for business or otherwise interfere with CSM’s existing or proposed business or custom with any person, firm or company who at any time during this Agreement was a customer, client, supplier or agent of CSM;

      4. not solicit or employ or cause to be employed, whether directly or indirectly, any employee of CSM, without the written consent of CSM (save that nothing shall preclude the conducting of general recruiting activities, such as participation in job fairs or publishing advertisements in or on websites for general circulation); and

      5. bear its own costs in connection with the negotiation and completion of the Agreement.

    2. Where the Supplier is subject to the Freedom of Information Act (“FOIA”), and receives a request pursuant to the FOIA to disclose information relating to or received from CSM (including the terms of the Agreement), the Supplier will consult with CSM, and will use reasonable endeavours to identify and redact all commercially sensitive and other material exempt from disclosure, before releasing any such information.

    3. Nothing in the Agreement shall create, or be deemed to create a partnership or the relationship of employer and employee between the parties and neither party shall have authority to bind the other in any way, except as set out in the Agreement.

      1. The Supplier is an independent contractor. Supplier personnel are not CSM employees. The Supplier remains responsible as employer for the payment of all wages, taxes, national insurance and other costs relating to its employees and personnel.

    4. The Agreement, or any provision thereof, may be amended or modified only with the mutual consent of the parties as set out in writing, signed by an authorised representative, and expressly stating the parties’ intent to amend the Agreement. CSM shall have the right to amend these Standard Terms at any time and without notice and will inform the Supplier in writing when such a change has been made.

    5. If any provision of the Agreement are held by any court or other competent authority to be void or unenforceable in whole or in part, the Standard Terms shall continue to be valid as to the other provisions thereof and the remainder of the affected provision.

    6. All notices between the parties with respect to the Agreement shall be in writing and signed by or on behalf of the party giving it. Any notice shall be duly served: (i) on delivery if delivered by hand; (ii) 48 hours after sending if sent by first class post or recorded delivery; or (iii) on sending if sent by email (provided that a copy is also sent by post in accordance with (ii) above), provided that in each case:

      (a) the notice is sent to the address of the addressee in the Agreement (or such other address as the addressee may from time to time have notified for the purpose of this clause); and (b) in relation to notices served on CSM, a copy of such notice is also sent by email to: csm.legal@csm.com.

    7. A person who is not a party to the Agreement shall have no rights pursuant to the Contracts (Rights of Third Parties) Act 1999 to enforce any of the Standard Terms or the Agreement.

    8. The Supplier may not assign, sub-license, sub-contract or otherwise transfer the Agreement or any benefits or obligations therein except as is permitted under clause 5.7 and shall remain liable at all times for any sub-contractor or other person permitted under clause 5.7. CSM may at any time assign, transfer, charge, sub-contract or deal in any other manner with any or all of its rights or obligations under the Agreement.

    9. Any phrase in this Agreement introduced by the term “include”, “including”, “in particular” or similar expression shall be construed as illustrative and shall not limit the sense of the words preceding that term.

    10. The Agreement constitutes the entire agreement between the Supplier and CSM in relation to the provision of goods/supply of Services.

    11. The Agreement and any dispute or claim arising out of or in connection therewith (including any non-contractual claim or dispute) shall be governed by and construed in accordance with the laws of England and Wales.

    12. The parties shall attempt to resolve any question, dispute or difference as to any matter or thing of whatever nature arising under or in connection with the Agreement (a “Dispute”) through negotiations between senior executives of the parties who shall have authority to settle the same. If the Dispute is not resolved by negotiation within thirty (30) days of receipt of a written ‘request to negotiate’, the Dispute shall be finally resolved by arbitration under the rules of the London Court of International Arbitration (“LCIA”) and such rules are deemed to be incorporated by reference into this clause. It is agreed that:

      1. The tribunal shall consist of one arbitrator.

      2. In default of the parties’ agreement as to the arbitrator, the appointing authority shall be the LCIA.

      3. The seat of the arbitration shall be in London.

      4. The language of the arbitration shall be English.

      5. The law of the arbitration and this arbitration agreement shall be the laws of England and Wales.

  1. DATA PROCESSING APPENDIX

    1. References in clause to “data controller”, data processor”, “processing”, “data protection officer” and “personal data” shall have the same meaning as defined in Data Protection Legislation.

    2. The parties acknowledge and agree that in order to provide the Services, Supplier may process personal data. The type of personal data that Supplier may be required to process under this Agreement includes names, email addresses and/or any other personal information as may be agreed between the parties and in relation to the provision of the Services.

    3. The parties agree that in respect of any personal data processed in connection with this Agreement that CSM shall be the “data controller” and Supplier or Sub processor shall be the “data processor”.

    4. Each party acknowledges and agrees that each party has respective rights and obligations under applicable Data Protection Legislation. Supplier shall, at its own expense (except where otherwise expressly stated in this clause) and without prejudice to its other rights or obligations, in respect of its processing of such personal data:

      1. process the data only to the extent, and in such a manner, as is necessary for the purposes of this Agreement and in accordance with CSM’s written instructions from time to time and Supplier shall not process or permit the processing of the data for any other purpose. If Supplier is ever unsure as to the parameters of the instructions issued by CSM and/or believes that CSM’s instructions may conflict with the requirements of Data Protection Legislation or other applicable laws, Supplier shall immediately notify CSM for clarification and where requested provide reasonable details in support of any assertion that CSM’s instructions may be unlawful;

      2. only make copies of the data to the extent reasonably necessary (which may include back-up, mirroring (and similar availability enhancement techniques), security, disaster recovery and/or testing of the data);

      3. not extract, re-utilise, use, exploit, redistribute, re-disseminate, copy or store the Data other than as permitted under the terms of this Agreement;

      4. comply with its obligations under Data Protection Legislation, and the provisions of CSM’s IT and data security policies as notified to Supplier from time to time;

      5. only permit access to data to those Supplier personnel who require such access in order to carry out their roles in the performance of Supplier's obligations under this Agreement and ensure the reliability of all personnel and Sub processors (as defined below) who have access to the data and shall in particular ensure that any person authorised to process data in connection with this Agreement is subject to a duty of confidentiality that at a minimum is equal to the duty of confidentiality imposed on Supplier under this Agreement;

      6. not do anything or omit to do anything that may put CSM or any member of CSM’s group in breach of its obligations under Data Protection Legislation and take such steps as CSM may reasonably request from time to time to enable CSM to comply with Data Protection Legislation;

      7. having regard to the state of technological development and the cost of implementing any measures, take appropriate technical and organisational measures against the unauthorised or unlawful processing of data and against the accidental loss or destruction of, or damage to data, to ensure a level of security appropriate to: a) the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage of the data; and b) the nature of the data to be protected. Such measures shall be of at least the minimum standard required by Data Protection Legislation and be of a standard no less than the standards compliant with good industry practice for the protection of personal data;

      8. assist CSM by appropriate technical and organisational measures in responding to, and complying with, data subject requests;

      9. provide CSM with full co-operation and assistance in relation to CSM’s obligations and rights under Data Protection Legislation including providing CSM and Regulators (as applicable) with all information and assistance necessary to investigate security breaches carry out privacy impact assessments or otherwise to assess or demonstrate compliance by the parties with Data Protection Legislation;

      10. at its own expense, without undue delay notify CSM in writing, and provide such co-operation, assistance and information as CSM may reasonably require if Supplier:

        1. receives any complaint, notice or communication which relates directly or indirectly to the processing of the personal data under this Agreement or to either party’s or any member of CSM’s group compliance with Data Protection Legislation;

        2. becomes aware of any Security Breach;

      11. keep at its normal place of business a written record of data processing carried out in the course of the Services and of its compliance with its obligations set out in this Agreement (“Records”);

      12. permit CSM, its third-party representatives or a Regulator or its third party representatives, on reasonable notice during normal business hours, but without notice in case of any reasonably suspected breach of this clause by Supplier, access to inspect, and take copies of, the Records and any other information held at Supplier's and/or Sub processors’ premises or on Supplier’s and/or Sub processors’ systems relating to this Agreement, for the purpose of auditing Supplier's compliance with its obligations under this clause. Supplier shall give all necessary assistance to the conduct of such audits;

      13. not engage any processor to process data (or otherwise sub-contract or outsource the processing of any data to a third party) without the prior written consent of CSM acting in its sole discretion. Where CSM authorises Supplier to appoint a third party to process the data (a “Sub processor”), such authorisation is conditional on Supplier:

        1. entering into a written contract with the Sub processor that:

          1. is on terms that the same as those set out in this clause;

          2. provides sufficient guarantees to implement appropriate technical and organisation measures in compliance with the Data Protection Legislation; and

          3. terminates automatically on termination or expiry of this Agreement for any reason; and

        2. remaining liable for all acts or omissions of the Sub processors as if they were acts or omissions of Supplier.

      14. return or destroy (as directed in writing by CSM) all data it has in its possession and delete existing copies unless applicable law requires storage of the personal data. If CSM elects for destruction rather than return of the data, Supplier shall as soon as reasonably practicable ensure that all data is destroyed and deleted from Supplier systems and provide written confirmation of compliance with this clause within 14 days of request;

      15. not transfer the personal data outside the European Economic Area without the prior written consent of CSM, which can be withheld at the sole discretion of CSM, and subject to any additional CSM requirements (which may include entering into or procuring that the relevant Sub processor enter into the standard contractual clauses set out in Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC.

    5. For the avoidance of doubt, nothing in this Agreement shall relieve Supplier of its responsibilities and liabilities under Data Protection Legislation.

    6. Supplier shall indemnify CSM on demand against all claims, liabilities, costs, expenses, damages and losses (including all interest, penalties and legal costs (calculated on a full indemnity basis) and all other professional costs and expenses) suffered or incurred by CSM arising out of the Supplier’s breach of its obligations in this clause 1 (“Claims”). Each party acknowledges that Claims include any claim or action brought by a data subject arising from Supplier’s breach of its obligations in this clause.

    7. For the purpose of this clause 1:

      Data Protection Legislation” means Data Protection Act 2018, the EU Data Protection Directive 95/46/EC, the GDPR, the Privacy and Electronic Communications (EC Directive) Regulations 2003 and all applicable laws and regulations relating to the processing of personal data and privacy, including where applicable, any guidance notes and codes of practice issued by the European Commission and applicable national Regulators including the UK Information Commissioner;

      GDPR” means the EC Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (when in force);

      "Regulator" means any regulatory body with responsibility for ensuring compliance with Data Protection Legislation.

      Security Breach” means accidental or deliberate, unauthorised or unlawful acquisition, destruction, loss, alteration, corruption, access, use or disclosure of personal data processed under to this Agreement or breach of Supplier’s security obligations under this Agreement (including clause 1.4(g)).