1. S3 Innovate shall comply with all its obligations under the Personal Data Protection Act of 2012 (“PDPA”).
2. S3 Innovate shall only process, use or disclose Client Personal Data (term as defined under the PDPA) strictly for the purpose of fulfilling its obligations and providing the services required under the Contract or with the Client’s prior written consent.
3. S3 Innovate shall not transfer Client Personal Data to a place outside Singapore without the Client’s prior written consent.
4. S3 Innovate represents and warrants that the Personal Data it receives from the Client is kept protected in a secured manner and to that standard of protection that is equal to or better than the standard of protection under the PDPA.
5. S3 Innovate shall immediately notify the Client when the Contractor becomes aware of a breach of any of its obligations.
6. S3 Innovate shall indemnify the Client and its officers, employees and agents against all actions, claims, demands, losses, damages, statutory penalties, expense and costs (including legal costs on an indemnity basis) in respect of the S3 Innovate’s breach of this undertaking or any act, omission or negligence of the S3 Innovate or its subcontractor that causes or results in the Client being in breach of the PDPA.
7. Should S3 Innovate receive information containing Personal Data to the Client, S3 Innovate shall be responsible for obtaining the prior consent of the owner of such personal data to provide such information. In particular, S3 Innovate shall obtain consent for the Client to collect, use, store, transfer and/or disclose the information to or with all such persons or any third party service provider and whether within or outside of Singapore) for the purpose of enabling the services under the Contract to be carried out or in compliance with the Client’s internal archival and document storage policies.