1.1 If the Supplier deems this to be necessary for the purpose of executing the agreement, the Client shall, upon request, notify the Supplier immediately in writing with regard to the manner in which the Client executes its obligations pursuant to legislation in respect of the protection of personal data.
1.2 The Client shall indemnify the Supplier against any claims by individuals whose personal data is recorded or processed within the context of a register of personal data maintained by the Client or for which the Client is responsible pursuant to the law or otherwise, unless the Client is able to demonstrate that the acts that form the basis of the claim are exclusively attributable to the Supplier.
1.3 Responsibility for the data processed using the service provided by the Supplier shall rest solely with the Client. The Client shall guarantee the Supplier that the content, the use and/or the processing of the data is not unlawful and does not infringe the rights of third parties. The Client shall indemnify the Supplier against legal claims by thirds parties, of whatever nature, in relation to this data or the execution of the agreement.
1.4 If the agreement stipulates that the Supplier is obliged to provide some form of information security, this security shall meet the specifications in respect of security agreed between the parties in writing. The Supplier shall not guarantee that the information security will be effective under all circumstances. If the agreement does not include an explicit description of security measures, the security measures shall be of such a level that, having regard to the state of the art, the sensitivity of the data and the costs associated with the implementation of the security measures are not unreasonable.
1.5 If computer, data or telecommunications facilities are used during the execution of the agreement or otherwise, the Supplier shall be entitled to assign access or identification codes to the Client. The Supplier shall be entitled to change the access or identification codes assigned. The Client shall treat the access and identification codes as confidential and with due care and shall only disclose these codes to authorised members of staff. The Supplier shall under no circumstances be liable for any damage or costs arising from the use or misuse of access or identification codes, except where misuse was possible as a result of an act or omission on the part of the Supplier.