Common use of Confidentiality Data Security Clause in Contracts

Confidentiality Data Security. a. AST acknowledges that it will acquire information and data from each Company, and such information and data are confidential and proprietary information of each Company and/or PIMCO (collectively, “Confidential Information”). Confidential Information includes, but shall not be limited to, (a) any data or information that is competitively sensitive material, and not generally known to the public, including, but not limited to, information about product plans, marketing strategies, finances, operations, customer relationships, customer profiles, customer lists, sales estimates, business plans, and internal performance results relating to the past, present or future business activities of each Company and/or PIMCO, their subsidiaries and affiliated companies and the customers, clients and suppliers of any of them; (b) any scientific or technical information, design, process, procedure, formula, or improvement that is commercially valuable and secret in the sense that its confidentiality affords each Company and/or PIMCO a competitive advantage over its competitors; (c) all confidential or proprietary concepts, documentation, reports, data, specifications, computer software, source code, object code, flow charts, databases, inventions, know-how, and trade secrets, whether or not patentable or copyrightable; and (d) anything designated as confidential. Confidential Information will not include, however, any information that (i) was in the possession of AST at the commencement of the services contemplated under this Agreement that is not related to each Company and/or PIMCO, (ii) became part of the public domain through no fault of AST or (iii) became rightfully known to AST or its affiliates through a third party with no obligation of confidentiality to a Company and/or PIMCO. AST agrees not to disclose the Confidential Information to others (except as required by law or permitted by AST’s privacy policy then in effect, but in no event shall AST disclose the Confidential Information without Company’s prior written approval; provided, however, that no such approval shall be required for any disclosure made pursuant to a routine subpoena or an information request relating to one or more Shareholders that does not require disclosure of Confidential Information other than information relating to such Shareholders’ account; provided, however, that AST shall use commercially reasonable efforts to inform PIMCO of any such disclosure) or use it in any way, commercially or otherwise, except in performing services hereunder, and shall not allow any unauthorized person access to the Confidential Information. AST further agrees to exercise at least the same degree of care as it uses with regard to its own confidential information, but in no event less than the greater of a reasonable degree of care and the requirement of applicable law, in protecting the Confidential Information. AST agrees that it will not, at any time during the term of this Agreement or after its termination, reveal, divulge, or make known to any person or entity, unless required by law, any list of shareholders or clients of a Company and/or PIMCO or any personal information relating to such shareholders or clients. b. In addition, AST acknowledges that in connection with performing services hereunder, it may receive Confidential Information that contains “non-public personal information,” “personally identifiable information,” “personal data” or the like from Company and/or PIMCO (collectively “Personal Information”), as such terms are defined in Section 509 (4) of the ▇▇▇▇▇-▇▇▇▇▇-▇▇▇▇▇▇ Act, Section 248.3(t) of Securities and Exchange Commission Regulation S-P and/or other similar applicable laws and regulations, including without limitation the Massachusetts Standards for the Protection of Personal Information, 201 CMR 17.00, et. seq. and the European Privacy Directive 95/46/EC, as each is amended from time to time (collectively, “Applicable Laws”). AST acknowledges and agrees that it is prohibited from disclosing or using Personal Information except as necessary to carry out the terms of this Agreement, and in compliance with Applicable Laws. AST further acknowledges and agrees, that it also shall implement and maintain a comprehensive, written information security program to protect such Personal Information in accordance with the terms and standards of Applicable Laws that (i) incorporates technical and organizational security measures, including administrative, physical, and technical safeguards, including encryption where required or appropriate, for Personal Information; (ii) is reasonably designed to prevent unauthorized access to or use of, or other compromise of, Personal Information; and (iii) provides for the proper destruction of such records and data that contain Personal Information, so that the information contained therein cannot be practicably read or reconstructed. AST will obligate, In writing, (and periodically review and monitor the performance of) any third party that receive Personal Information in providing services to or acting as the agent of AST for purposes of carrying out the terms of this Agreement, to implement and comply with information security standards no less stringent than those required by the terms of this Agreement and all Applicable Laws. The appointment of any such third party shall not relieve AST of its responsibilities or liabilities hereunder. If AST determines an incident or data breach occurred, potentially occurred or may potentially occur compromising or potentially compromising the security or integrity of Confidential Information or Personal Information while such Confidential Information or Personal Information is in the possession, custody or control of AST, or any third party acting as the agent of AST, whether by unauthorized acquisition, theft, loss, illegal or unauthorized use, insecure disposal or other potential compromise (each such event a “Security Event”), AST will: (i) as immediately as practicable notify PIMCO of the Security Event (unless prohibited by law enforcement official); (ii) promptly investigate the Security Event; (iii) cooperate with PIMCO regarding investigation and mitigation of such Security Event; (iv) comply with, or assist with PIMCO’s and/or a Company’s compliance with, any data breach notification requirements pursuant to any applicable federal and/or state data breach notification laws and/or regulations; (v) promptly provide a written report to PIMCO that sets forth the risk assessment, root cause analysis and corrective action plans and (vi) implement the corrective action plan and use commercially reasonable efforts to mitigate the effects of the Security Event as soon as practicable. AST shall provide reasonably prompt notice to, and all reasonable and prompt assistance to, PIMCO and/or a Company in responding to any and all requests, complaints, or other communications received that such party may receive regarding any Confidential Information or Personal Information. AST agrees not to respond to any such request until explicitly authorized by PIMCO in writing, except to the extent such request comprises a legally binding order compelling disclosure without notice to the other party, Upon the occurrence of a Security Event, AST shall have the right to notify the appropriate law enforcement agency regarding the general nature of the Security Event without identifying PIMCO or a Company; provided, however, that, in no event shall AST notify any shareholder, customer or client of a Company and/or PIMCO, or any regulator of such Security Event without PIMCO’s prior written approval, which shall not be unreasonably withheld or delayed. In the event of a Security Event relating to another closed-end fund client of AST, if AST determines in its sole discretion that such Security Event resulted from or identified a risk that is reasonably likely to materially affect AST’s provision of services under this Agreement or compromise any Confidential Information or Personal Information, then AST shall notify PIMCO of such Security Event and the steps that have been taken or are being taken to remedy such risk; provided, that in no event shall AST be required to identify any of its other customers whose information or data was compromised as a result of such Security Event. c. AST shall at all times employ a current version of a commercially available virus detection software program that employs regular updates to test the hardware and software applications used by it to deliver the Services for the presence of any computer code designed to disrupt, disable, harm or otherwise impede the operation of such hardware or software. AST shall use its commercially reasonable efforts to ensure that no viruses are coded or introduced into the systems: (a) used to provide the services hereunder; or (b) hosted by AST. If a virus is found to have been introduced into such systems, AST shall promptly notify PIMCO, use its commercially reasonable efforts to reduce the effects of the virus on the affected systems and, if the virus causes a loss of operational efficiency or loss of data, to mitigate and restore such losses.

Confidentiality Data Security. a. AST acknowledges that it will acquire information and data from each Company, and such information and data are confidential and proprietary information of each Company and/or PIMCO (collectively, “Confidential Information”). Confidential Information includes, but shall not be limited to, (a) any data or information that is competitively sensitive material, and not generally known to the public, including, but not limited to, information about product plans, marketing strategies, finances, operations, customer relationships, customer profiles, customer lists, sales estimates, business plans, and internal performance results relating to the past, present or future business activities of each Company and/or PIMCO, their subsidiaries and affiliated companies and the customers, clients and suppliers of any of them; (b) any scientific or technical information, design, process, procedure, formula, or improvement that is commercially valuable and secret in the sense that its confidentiality affords each Company and/or PIMCO a competitive advantage over its competitors; (c) all confidential or proprietary concepts, documentation, reports, data, specifications, computer software, source code, object code, flow charts, databases, inventions, know-how, and trade secrets, whether or not patentable or copyrightable; and (d) anything designated as confidential. Confidential Information will not include, however, any information that (i) was in the possession of AST at the commencement of the services contemplated under this Agreement that is not related to each Company and/or PIMCO, (ii) became part of the public domain through no fault of AST or (iii) became rightfully known to AST or its affiliates through a third party with no obligation of confidentiality to a Company and/or PIMCO. AST agrees not to disclose the Confidential Information to others (except as required by law or permitted by AST’s privacy policy then in effect, but in no event shall AST disclose the Confidential Information without Company’s prior written approval; provided, however, that no such approval shall be required for any disclosure made pursuant to a routine subpoena or an information request relating to one or more Shareholders that does not require disclosure of Confidential Information other than information relating to such Shareholders’ account; provided, however, that AST shall use commercially reasonable efforts to inform PIMCO of any such disclosure) or use it in any way, commercially or otherwise, except in performing services hereunder, and shall not allow any unauthorized person access to the Confidential Information. AST further agrees to exercise at least the same degree of care as it uses with regard to its own confidential information, but in no event less than the greater of a reasonable degree of care and the requirement of applicable law, in protecting the Confidential Information. AST agrees that it will not, at any time during the term of this Agreement or after its termination, reveal, divulge, or make known to any person or entity, unless required by law, any list of shareholders or clients of a Company and/or PIMCO or any personal information relating to such shareholders or clients. b. In addition, AST acknowledges that in connection with performing services hereunder, it may receive Confidential Information that contains “non-public personal information,” “personally identifiable information,” “personal data” or the like from Company and/or PIMCO (collectively “Personal Information”), as such terms are defined in Section 509 (4) of the ▇▇▇▇▇-▇▇▇▇▇-▇▇▇▇▇▇ Act, Section 248.3(t) of Securities and Exchange Commission Regulation S-P and/or other similar applicable laws and regulations, including without limitation the Massachusetts Standards for the Protection of Personal Information, 201 CMR 17.00, et. seqSeq. and the European Privacy Directive 95/46/EC, as each is amended from time to time (collectively, “Applicable Laws”). AST acknowledges and agrees that it is prohibited from disclosing or using Personal Information except as necessary to carry out the terms of this Agreement, and in compliance with Applicable Laws. AST further acknowledges and agrees, that it also shall implement and maintain a comprehensive, written information security program to protect such Personal Information in accordance with the terms and standards of Applicable Laws that (i) incorporates technical and organizational security measures, including administrative, physical, and technical safeguards, including encryption where required or appropriate, for Personal Information; (ii) is reasonably designed to prevent unauthorized access to or use of, or other compromise of, Personal Information; and (iii) provides for the proper destruction of such records and data that contain Personal Information, so that the information contained therein cannot be practicably read or reconstructed. AST will obligate, In in writing, (and periodically review and monitor the performance of) any third party that receive Personal Information in providing services to or acting as the agent of AST for purposes of carrying out the terms of this Agreement, to implement and comply with information security standards no less stringent than those required by the terms of this Agreement and all Applicable Laws. The appointment of any such third party shall not relieve AST of its responsibilities or liabilities hereunder. If AST determines an incident or data breach occurred, potentially occurred or may potentially occur compromising or potentially compromising the security or integrity of Confidential Information or Personal Information while such Confidential Information or Personal Information is in the possession, custody or control of AST, or any third party acting as the agent of AST, whether by unauthorized acquisition, theft, loss, illegal or unauthorized use, insecure disposal or other potential compromise (each such event a “Security Event”), AST will: (i) as immediately as practicable notify PIMCO of the Security Event (unless prohibited by law enforcement official); (ii) promptly investigate the Security Event; (iii) cooperate with PIMCO regarding investigation and mitigation of such Security Event; (iv) comply with, or assist with PIMCO’s and/or a Company’s compliance with, any data breach notification requirements pursuant to any applicable federal and/or state data breach notification laws and/or regulations; (v) promptly provide a written report to PIMCO that sets forth the risk assessment, root cause analysis and corrective action plans and (vi) implement the corrective action plan and use commercially reasonable efforts to mitigate the effects of the Security Event as soon as practicable. AST shall provide reasonably prompt notice to, and all reasonable and prompt assistance to, PIMCO and/or a Company in responding to any and all requests, complaints, or other communications received that such party may receive regarding any Confidential Information or Personal Information. AST agrees not to respond to any such request until explicitly authorized by PIMCO in writing, except to the extent such request comprises a legally binding order compelling disclosure without notice to the other party, . Upon the occurrence of a Security Event, AST shall have the right to notify the appropriate law enforcement agency regarding the general nature of the Security Event without identifying PIMCO or a Company; provided, however, that, in no event shall AST notify any shareholder, customer or client of a Company and/or PIMCO, or any regulator of such Security Event without PIMCO’s prior written approval, which shall not be unreasonably withheld or delayed. In the event of a Security Event relating to another closed-end fund client of AST, if AST determines in its sole discretion that such Security Event resulted from or identified a risk that is reasonably likely to materially affect AST’s provision of services under this Agreement or compromise any Confidential Information or Personal Information, then AST shall notify PIMCO of such Security Event and the steps that have been taken or are being taken to remedy such risk; provided, that in no event shall AST be required to identify any of its other customers whose information or data was compromised as a result of such Security Event. c. AST shall at all times employ a current version of a commercially available virus detection software program that employs regular updates to test the hardware and software applications used by it to deliver the Services for the presence of any computer code designed to disrupt, disable, harm or otherwise impede the operation of such hardware or software. AST shall use its commercially reasonable efforts to ensure that no viruses are coded or introduced into the systems: (a) used to provide the services hereunder; or (b) hosted by AST. If a virus is found to have been introduced into such systems, AST shall promptly notify PIMCO, use its commercially reasonable efforts to reduce the effects of the virus on the affected systems and, if the virus causes a loss of operational efficiency or loss of data, to mitigate and restore such losses.

Confidentiality Data Security. a. AST acknowledges that it will acquire information and data from each Company, and such information and data are confidential and proprietary information of each Company and/or PIMCO (collectively, “Confidential Information”). Confidential Information includes, but shall not be limited to, (a) any data or information that is competitively sensitive material, and not generally known to the public, including, but not limited to, information about product plans, marketing strategies, finances, operations, customer relationships, customer profiles, customer lists, sales estimates, business plans, and internal performance results relating to the past, present or future business activities of each Company and/or PIMCO, their subsidiaries and affiliated companies and the customers, clients and suppliers of any of them; (b) any scientific or technical information, design, process, procedure, formula, or improvement that is commercially valuable and secret in the sense that its confidentiality affords each Company and/or PIMCO a competitive advantage over its competitors; (c) all confidential or proprietary concepts, documentation, reports, data, specifications, computer software, source code, object code, flow charts, databases, inventions, know-how, and trade secrets, whether or not patentable or copyrightable; and (d) anything designated as confidential. Confidential Information will not include, however, any information that (i) was in the possession of AST at the commencement of the services contemplated under this Agreement that is not related to each Company and/or PIMCO, (ii) became part of the public domain through no fault of AST or (iii) became rightfully known to AST or its affiliates through a third party with no obligation of confidentiality to a Company and/or PIMCO. AST agrees not to disclose the Confidential Information to others (except as required by law or permitted by AST’s privacy policy then in effect, but in no event shall AST disclose the Confidential Information without Company’s prior written approval; provided, however, that no such approval shall be required for any disclosure made pursuant to a routine subpoena or an information request relating to one or more Shareholders that does not require disclosure of Confidential Information other than information relating to such Shareholders’ account; provided, however, that AST shall use commercially reasonable efforts to inform PIMCO of any such disclosure) or use it in any way, commercially or otherwise, except in performing services hereunder, and shall not allow any unauthorized person access to the Confidential Information. AST further agrees to exercise at least the same degree of care as it uses with regard to its own confidential information, but in no event less than the greater of a reasonable degree of care and the requirement of applicable law, in protecting the Confidential Information. AST agrees that it will not, at any time during the term of this Agreement or after its termination, reveal, divulge, or make known to any person or entity, unless required by law, any list of shareholders or clients of a Company and/or PIMCO or any personal information relating to such shareholders or clients. b. In addition, AST acknowledges that in connection with performing services hereunder, it may receive Confidential Information that contains “non-public personal information,” “personally identifiable information,” “personal data” or the like from Company and/or PIMCO (collectively “Personal Information”), as such terms are defined in Section 509 (4) of the ▇▇▇▇▇-▇▇▇▇▇-▇▇▇▇▇▇ Act, Section 248.3(t) of Securities and Exchange Commission Regulation S-P and/or other similar applicable laws and regulations, including without limitation the Massachusetts Standards for the Protection of Personal Information, 201 CMR 17.00, et. seq. and the European Privacy Directive 95/46/EC, as each is amended from time to time (collectively, “Applicable Laws”). AST acknowledges and agrees that it is prohibited from disclosing or using Personal Information except as necessary to carry out the terms of this Agreement, and in compliance with Applicable Laws. AST further acknowledges and agrees, that it also shall implement and maintain a comprehensive, written information security program to protect such Personal Information in accordance with the terms and standards of Applicable Laws that (i) incorporates technical and organizational security measures, including administrative, physical, and technical safeguards, including encryption where required or appropriate, for Personal Information; (ii) is reasonably designed to prevent unauthorized access to or use of, or other compromise of, Personal Information; and (iii) provides for the proper destruction of such records and data that contain Personal Information, so that the information contained therein cannot be practicably read or reconstructed. AST will obligate, In in writing, (and periodically review and monitor the performance of) any third party that receive Personal Information in providing services to or acting as the agent of AST for purposes of carrying out the terms of this Agreement, to implement and comply with information security standards no less stringent than those required by the terms of this Agreement and all Applicable Laws. The appointment of any such third party shall not relieve AST of its responsibilities or liabilities hereunder. If AST determines an incident or data breach occurred, potentially occurred or may potentially occur compromising or potentially compromising the security or integrity of Confidential Information or Personal Information while such Confidential Information or Personal Information is in the possession, custody or control of AST, or any third party acting as the agent of AST, whether by unauthorized acquisition, theft, loss, illegal or unauthorized use, insecure disposal or other potential compromise (each such event a “Security Event”), AST will: (i) as immediately as practicable notify PIMCO of the Security Event (unless prohibited by law enforcement official); (ii) promptly investigate the Security Event; (iii) cooperate with PIMCO regarding investigation and mitigation of such Security Event; (iv) comply with, or assist with PIMCO’s and/or a Company’s compliance with, any data breach notification requirements pursuant to any applicable federal and/or state data breach notification laws and/or regulations; (v) promptly provide a written report to PIMCO that sets forth the risk assessment, root cause analysis and corrective action plans and (vi) implement the corrective action plan and use commercially reasonable efforts to mitigate the effects of the Security Event as soon as practicable. AST shall provide reasonably prompt notice to, and all reasonable and prompt assistance to, PIMCO and/or a Company in responding to any and all requests, complaints, or other communications received that such party may receive regarding any Confidential Information or Personal Information. AST agrees not to respond to any such request until explicitly authorized by PIMCO in writing, except to the extent such request comprises a legally binding order compelling disclosure without notice to the other party, Upon the occurrence of a Security Event, AST shall have the right to notify the appropriate law enforcement agency regarding the general nature of the Security Event without identifying PIMCO or a Company; provided, however, that, in no event shall AST notify any shareholder, customer or client of a Company and/or PIMCO, or any regulator of such Security Event without PIMCO’s prior written approval, which shall not be unreasonably withheld or delayed. In the event of a Security Event relating to another closed-end fund client of AST, if AST determines in its sole discretion that such Security Event resulted from or identified a risk that is reasonably likely to materially affect AST’s provision of services under this Agreement or compromise any Confidential Information or Personal Information, then AST shall notify PIMCO of such Security Event and the steps that have been taken or are being taken to remedy such risk; provided, that in no event shall AST be required to identify any of its other customers whose information or data was compromised as a result of such Security Event. c. AST shall at all times employ a current version of a commercially available virus detection software program that employs regular updates to test the hardware and software applications used by it to deliver the Services for the presence of any computer code designed to disrupt, disable, harm or otherwise impede the operation of such hardware or software. AST shall use its commercially reasonable efforts to ensure that no viruses are coded or introduced into the systems: (a) used to provide the services hereunder; or (b) hosted by AST. If a virus is found to have been introduced into such systems, AST shall promptly notify PIMCO, use its commercially reasonable efforts to reduce the effects of the virus on the affected systems and, if the virus causes a loss of operational efficiency or loss of data, to mitigate and restore such losses.