Data Security A. Identity Access Management. BNY Mellon will implement reasonable and industry recognized user access rules for users accessing Customer Data based on the need to know and the principle of least privilege, and including user ID and password requirements, session timeout and re-authentication requirements, unsuccessful login attempt limits, privileged access limits and multifactor authentication or equivalent safeguard where risk factors indicate that single factor authentication is inadequate.
Access and Security Customer will be fully responsible for any charges, costs, expenses (other than those included in the Internet Data Center Services), and third party claims that may result from its use of, or access to, the Internet Data Centers and/or the Customer Area including but not limited to any unauthorized use of any access devices provided by Exodus hereunder. Except with the advanced written consent of Exodus, Customer's access to the Internet Data Centers will be limited solely to the individuals identified and authorized by Customer to have access to the Internet Data Centers and the Customer Area in accordance with this Agreement, as identified in the Customer Registration Form, as amended from time to time, which is hereby incorporated by this reference ("Representatives").
Access to Data The Holder has had an opportunity to ask questions of officers of the Company, which questions were answered to its satisfaction. The Holder believes that it has received all the information that it considers necessary or appropriate for deciding whether to acquire the Securities. The Holder understands that any such discussions, as well as any information issued by the Company, were intended to describe certain aspects of the Company’s business and prospects, but were not necessarily a thorough or exhaustive description. The Holder acknowledges that any business plans prepared by the Company have been, and continue to be, subject to change and that any projections included in such business plans or otherwise are necessarily speculative in nature, and it can be expected that some or all of the assumptions underlying the projections will not materialize or will vary significantly from actual results.
Data Privacy and Security Bank will implement and maintain a written information security program, in compliance with all federal, state and local laws and regulations (including any similar international laws) applicable to Bank, that contains reasonable and appropriate security measures designed to safeguard the personal information of the Funds' shareholders, employees, trustees and/or officers that Bank or any Subcustodian receives, stores, maintains, processes, transmits or otherwise accesses in connection with the provision of services hereunder. In this regard, Bank will establish and maintain policies, procedures, and technical, physical, and administrative safeguards, designed to (i) ensure the security and confidentiality of all personal information and any other confidential information that Bank receives, stores, maintains, processes or otherwise accesses in connection with the provision of services hereunder, (ii) protect against any reasonably foreseeable threats or hazards to the security or integrity of personal information or other confidential information, (iii) protect against unauthorized access to or use of personal information or other confidential information, (iv) maintain reasonable procedures to detect and respond to any internal or external security breaches, and (v) ensure appropriate disposal of personal information or other confidential information. Bank will monitor and review its information security program and revise it, as necessary and in its sole discretion, to ensure it appropriately addresses any applicable legal and regulatory requirements. Bank shall periodically test and review its information security program. Bank shall respond to Customer's reasonable requests for information concerning Bank's information security program and, upon request, Bank will provide a copy of its applicable policies and procedures, or in Bank's discretion, summaries thereof, to Customer, to the extent Bank is able to do so without divulging information Bank reasonably believes to be proprietary or Bank confidential information. Upon reasonable request, Bank shall discuss with Customer the information security program of Bank. Bank also agrees, upon reasonable request, to complete any security questionnaire provided by Customer to the extent Bank is able to do so without divulging sensitive, proprietary, or Bank confidential information and return it in a commercially reasonable period of time (or provide an alternative response that reasonably addresses the points included in the questionnaire). Customer acknowledges that certain information provided by Bank, including internal policies and procedures, may be proprietary to Bank, and agrees to protect the confidentiality of all such materials it receives from Bank. Bank agrees to resolve promptly any applicable control deficiencies that come to its attention that do not meet the standards established by federal and state privacy and data security laws, rules, regulations, and/or generally accepted industry standards related to Bank's information security program. Bank shall: (i) promptly notify Customer of any confirmed unauthorized access to personal information or other confidential information of Customer ("Breach of Security"); (ii) promptly furnish to Customer appropriate details of such Breach of Security and assist Customer in assessing the Breach of Security to the extent it is not privileged information or part of an investigation; (iii) reasonably cooperate with Customer in any litigation and investigation of third parties reasonably deemed necessary by Customer to protect its proprietary and other rights; (iv) use reasonable precautions to prevent a recurrence of a Breach of Security; and (v) take all reasonable and appropriate action to mitigate any potential harm related to a Breach of Security, including any reasonable steps requested by Customer that are practicable for Bank to implement. Nothing in the immediately preceding sentence shall obligate Bank to provide Customer with information regarding any of Bank's other customers or clients that are affected by a Breach of Security, nor shall the immediately preceding sentence limit Bank's ability to take any actions that Bank believes are appropriate to remediate any Breach of Security unless such actions would prejudice or otherwise limit Customer's ability to bring its own claims or actions against third parties related to the Breach of Security. If Bank discovers or becomes aware of a suspected data or security breach that may involve an improper access, use, disclosure, or alteration of personal information or other confidential information of Customer, Bank shall, except to the extent prohibited by Applicable Law or directed otherwise by a governmental authority not to do so, promptly notify Customer that it is investigating a potential breach and keep Customer informed as reasonably practicable of material developments relating to the investigation until Bank either confirms that such a breach has occurred (in which case the first sentence of this paragraph will apply) or confirms that no data or security breach involving personal information or other confidential information of Customer has occurred. For these purposes, "personal information" shall mean (i) an individual's name (first initial and last name or first name and last name), address or telephone number plus (a) social security number, (b) driver's license number, (c) state identification card number, (d) debit or credit card number, (e) financial account 22 number, (f) passport number, or (g) personal identification number or password that would permit access to a person's account or (ii) any combination of the foregoing that would allow a person to log onto or access an individual's account. This provision will survive termination or expiration of the Agreement for so long as Bank or any Subcustodian continues to possess or have access to personal information related to Customer. Notwithstanding the foregoing "personal information" shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.
Access to and Maintenance of Auction Records The Auction Agent shall afford to the Company, its agents, independent public accountants and counsel, access at reasonable times during normal business hours to review and make extracts or copies (at the Company's sole cost and expense) of all books, records, documents and other information concerning the conduct and results of Auctions, provided that any such agent, accountant or counsel shall furnish the Auction Agent with a letter from the Company requesting that the Auction Agent afford such person access. The Auction Agent shall maintain records relating to any Auction for a period of two years after such Auction (unless requested by the Company to maintain such records for such longer period not in excess of four years, then for such longer period), and such records, in reasonable detail, shall accurately and fairly reflect the actions taken by the Auction Agent hereunder. The Company agrees to keep confidential any information regarding the customers of any Broker-Dealer received from the Auction Agent in connection with this Agreement or any Auction, and shall not disclose such information or permit the disclosure of such information without the prior written consent of the applicable Broker- Dealer to anyone except such agent, accountant or counsel engaged to audit or review the results of Auctions as permitted by this Section 2.7, provided that the Company reserves the right to disclose any such information if it is advised by its counsel that its failure to do so would (i) be unlawful or (ii) expose it to liability, unless the Broker-Dealer shall have offered indemnification satisfactory to the Company. Any such agent, accountant or counsel, before having access to such information, shall agree to keep such information confidential and not to disclose such information or permit disclosure of such information without the prior written consent of the applicable Broker-Dealer, provided that such agent, accountant or counsel may reserve the right to disclose any such information if it is advised by its counsel that its failure to do so would (i) be unlawful or (ii) expose it to liability, unless the Broker-Dealer shall have offered indemnification satisfactory to such agent, accountant or counsel.
Cybersecurity (i)(x) There has been no security breach or other compromise of or relating to any of the Company’s or any Subsidiary’s information technology and computer systems, networks, hardware, software, data (including the data of its respective customers, employees, suppliers, vendors and any third party data maintained by or on behalf of it), equipment or technology (collectively, “IT Systems and Data”) and (y) the Company and the Subsidiaries have not been notified of, and has no knowledge of any event or condition that would reasonably be expected to result in, any security breach or other compromise to its IT Systems and Data; (ii) the Company and the Subsidiaries are presently in compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Data and to the protection of such IT Systems and Data from unauthorized use, access, misappropriation or modification, except as would not, individually or in the aggregate, have a Material Adverse Effect; (iii) the Company and the Subsidiaries have implemented and maintained commercially reasonable safeguards to maintain and protect its material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and Data; and (iv) the Company and the Subsidiaries have implemented backup and disaster recovery technology consistent with industry standards and practices.
Not a Security None of the Notes shall be deemed to be a security within the meaning of the Securities Act of 1933 or the Securities Exchange Act of 1934.
Privacy and Security Except as set forth in Schedule 3.26:
Maintenance of Securities and Cash at Bank and Subcustodian Locations Unless Instructions specifically require another location acceptable to the Bank:
Access to Bank's Records (a) Bank shall create and maintain all records relating to its activities and obligations under this Agreement in such manner as will meet the obligations of Customer under the 1940 Act, with particular attention to Section 31 thereof and rules 31a-1 and 31a-2 thereunder. All such records shall be property of Customer. Bank will allow Customer's duly authorized officers, employees, and agents, including Customer's independent public accountants, and the employees and agents of the SEC access at all times during the regular business hours of Bank to such records. Except, in the case of access by the SEC as otherwise required by the SEC, such access will be subject to reasonable notice to Bank. Subject to restrictions under Applicable Law, Bank also will obtain an undertaking to permit Customer's independent public accountants reasonable access to the records of any Subcustodian of Securities held in the Securities Account as may be required in connection with such examination.
