Common use of Confidentiality Data Security Clause in Contracts

Confidentiality Data Security. A. Supplier shall not disclose to third parties, or use for purposes other than performing its obligations hereunder, any Data, Inventions, or any other information that relates to the technical, legal, or business affairs or activities of Newmont or its affiliates which was obtained by or on behalf of Supplier in connection with the performance of the Services (collectively, “Confidential Information”), without the prior written consent of Newmont. Confidential Information shall not include information which: (1) is, or shall have been, in the possession of Supplier and not subject to a confidentiality obligation prior to Supplier’s acquisition thereof in connection with the performance of the Services; (2) through no act or omission of Supplier, becomes published or otherwise available to the public under circumstances such that the public may utilize the same without any direct or indirect confidentiality obligation to Newmont or its affiliates; or (3) is acquired by Supplier from any third party rightfully in possession of the same and having no direct or indirect confidentiality obligation to Newmont or its affiliates with respect to the same; provided, however, that the foregoing exceptions shall not apply with respect to Confidential Information which meets the definition of Personal Data (as set forth in Section 5.B., below), which is more specifically addressed in Section 5.B., below. All Confidential Information shall be delivered to Newmont or destroyed by Supplier, at Newmont’s discretion, upon the termination or expiration of this Agreement or at any earlier time upon Newmont’s request. Supplier shall not retain any copies of Confidential Information without Newmont’s express written authorization. Notwithstanding the foregoing, Supplier may retain one archival hard copy of the Confidential Information for such period of time that Supplier normally retains archival hard copies, and such hard copy shall remain subject to this Section 5.A. until it is destroyed. In addition, if Supplier’s computer system automatically retains back-up copies of Confidential Information, Supplier may retain such copies in Supplier’s archival computer storage for the period of time that Supplier normally archives backed-up computer records, and such computer copies shall remain subject to this Section 5.A. until they are destroyed or erased. Supplier acknowledges that the Confidential Information is an important asset of Newmont and/or its affiliates and that there is not an adequate remedy at law for a breach by Supplier of this Section 5.A. and Newmont and/or its affiliates will suffer irreparable harm as a result of such a breach. Therefore, Supplier agrees that Newmont and/or its affiliates shall be entitled to equitable relief, including temporary and permanent injunctive relief without the obligation of posting a bond (cash or otherwise), in the event of actual or threatened unauthorized disclosure or use of Confidential Information in breach of this Section 5.A. B. For purposes of this Agreement, “Personal Data” means information regarding any individual (whether an employee or agent of Newmont, its affiliates, or contractors of it or its affiliates, or other individuals) recorded in any format, which is obtained by Contractor in connection with this Agreement and that identifies or could identify an individual personally, either by itself or together with other information, including demographic information such as name, sex, age and contact information, financial information such as taxpayer identification numbers and bank account information, and health information such as medical records and insurance claims. Contractor shall, for as long as it has possession of any Personal Data or other Confidential Information (collectively, Sensitive Information”) on Contractor’s information technology systems, , maintain reasonable security procedures and practices that are both

Confidentiality Data Security. A. Supplier shall not 7.1 From time to time during the Term of this Agreement, either Party (as the “Disclosing Party”) may disclose to third parties, or use for purposes other than performing its obligations hereunder, any Data, Inventions, or any other information that relates make available to the technicalother Party (as the “Receiving Party”), legal, or business affairs or activities information of Newmont Disclosing Party or its affiliates business that is labeled or identified as “confidential,” or which was obtained by or on behalf of Supplier in connection with should reasonably be understood as confidential given the performance nature of the Services information and the circumstances of its disclosure (collectively, “Confidential Information”), without the prior written consent of Newmont. Confidential Information shall not include information which: (1) is, or shall have been, in the possession of Supplier and not subject to a confidentiality obligation prior to Supplier’s acquisition thereof in connection with the performance of the Services; (2) through no act or omission of Supplier, becomes published or otherwise available to the public under circumstances such that the public may utilize the same without any direct or indirect confidentiality obligation to Newmont or its affiliates; or (3) is acquired by Supplier from any third party rightfully in possession of the same and having no direct or indirect confidentiality obligation to Newmont or its affiliates with respect to the same; provided, however, that the foregoing exceptions shall not apply with respect to Confidential Information which meets does not include any information that: (a) is or becomes generally available to the definition of Personal Data (as set forth in Section 5.B., below), which is more specifically addressed in Section 5.B., below. All Confidential Information shall be delivered to Newmont or destroyed by Supplier, at Newmont’s discretion, upon the termination or expiration of this Agreement or at any earlier time upon Newmont’s request. Supplier shall not retain any copies of Confidential Information without Newmont’s express written authorization. Notwithstanding the foregoing, Supplier may retain one archival hard copy of the Confidential Information for such period of time that Supplier normally retains archival hard copies, and such hard copy shall remain subject to this Section 5.A. until it is destroyed. In addition, if Supplier’s computer system automatically retains back-up copies of Confidential Information, Supplier may retain such copies in Supplier’s archival computer storage for the period of time that Supplier normally archives backed-up computer records, and such computer copies shall remain subject to this Section 5.A. until they are destroyed or erased. Supplier acknowledges that the Confidential Information is an important asset of Newmont and/or its affiliates and that there is not an adequate remedy at law for a breach by Supplier of this Section 5.A. and Newmont and/or its affiliates will suffer irreparable harm public other than as a result of such a breach. Therefore, Supplier agrees that Newmont and/or its affiliates shall be entitled to equitable relief, including temporary and permanent injunctive relief without the obligation of posting a bond (cash or otherwise), in the event of actual or threatened unauthorized disclosure or use of Confidential Information in Receiving Party's breach of this Section 5.A.7; (b) is or becomes available to the Receiving Party on a non-confidential basis from a third-party source that, to the Receiving Party's knowledge, was not legally or contractually restricted from disclosing such information; (c) was in Receiving Party's possession prior to Disclosing Party's disclosure hereunder; or (d) the Receiving Party establishes by documentary evidence, was or is independently developed by Receiving Party without using any of the Disclosing Party's Confidential Information. B. 7.2 The Receiving Party shall: (x) protect and safeguard the confidentiality of the Disclosing Party's Confidential Information with at least the same degree of care as the Receiving Party would protect its own Confidential Information of like importance, but in no event with less than a reasonable degree of care; (y) not use the Disclosing Party's Confidential Information, or permit it to be used, for any purpose other than to exercise its rights or perform its obligations under this Agreement; and (z) not disclose any such Confidential Information to any person or entity, except (i) as contemplated by this Agreement in order to exercise its rights or perform its obligations hereunder, and (ii) to the Receiving Party's Group who need to know the Confidential Information to assist the Receiving Party, or act on its behalf, to exercise its rights or perform its obligations under this Agreement. For purposes of this AgreementSection 7 only, “Personal DataReceiving Party's Group” means information regarding any individual (whether an employee shall mean the Receiving Party's corporate affiliates and its or agent of Newmonttheir employees, its affiliatesofficers, or contractors of it or its affiliatesdirectors, or other individuals) recorded in any formatshareholders, which is obtained by Contractor in connection with this Agreement and that identifies or could identify an individual personallypartners, either by itself or together with other informationmembers, including demographic information such as namemanagers, sexagents, age and contact informationindependent contractors, financial information such as taxpayer identification numbers and bank account informationservice providers, attorneys, accountants, and health information such as medical records and insurance claimsfinancial advisors. Contractor shallIn any event, the Receiving Party shall be responsible for as long as it has possession any violation of this Section 7 caused by any Personal Data or other Confidential Information (collectively, Sensitive Information”) on Contractormember of the Receiving Party’s information technology systems, , maintain reasonable security procedures and practices that are bothGroup.

Confidentiality Data Security. A. 16.1 Supplier, for itself and on behalf of each Supplier shall Party and their respective assigns, agrees (A) to treat as confidential and proprietary, (B) not to disclose to third partiesothers, during or use subsequent to the Term, and (C) not to use, except for purposes other than of performing its obligations hereunder, any Data, Inventions, or any other information that relates to the technical, legal, or business affairs or activities of Newmont or its affiliates which was obtained by or on behalf of Supplier in connection with the performance of the Services (collectively, “Confidential Information”), without the express prior written consent of Newmont, which consent may be withheld for any reason whatsoever, any information, whether verbal or written, of any description whatsoever (expressly including any technical information, experiments, or data) regarding plans, programs, plants, processes, products, minerals, real property interests, costs, equipment, or operations of Newmont or its affiliates, or other information which has been expressly identified by Newmont as being confidential in nature, that may come within the knowledge of such Supplier Party in the performance of this Agreement, including all Data and Inventions (collectively, "Confidential Information"). Supplier shall take all necessary precautions, contractual and otherwise, to prevent unauthorized disclosure or use of Confidential Information. Notwithstanding the foregoing, Confidential Information shall not include any information whichthat: (1I) is, or shall have been, in the possession of Supplier and not subject to a confidentiality obligation prior to Supplier’s acquisition disclosure thereof to Supplier in connection with the performance of the Servicesthis Agreement; (2II) through no act or omission of Supplier, Supplier becomes published or otherwise available to the public under circumstances such that the public may utilize the same without any direct or indirect confidentiality obligation to Newmont or its affiliates; or (3III) is acquired by Supplier from any third party rightfully in possession possessed of the same and having no direct or indirect confidentiality obligation to Newmont or its affiliates affiliates, with respect to the same; provided, however, that the foregoing exceptions shall not apply with respect to Confidential Information which meets the definition of Personal Data (as set forth in Section 5.B.16.2, below), which is more specifically addressed in Section 5.B.16.2, below. All Confidential Information shall be delivered to Newmont or destroyed by Supplier, at Newmont’s discretion, upon the termination or expiration of this Agreement Agreement, or at any earlier other time upon Newmont’s 's request. Supplier shall not retain any copies of Confidential Information without Newmont’s express written authorization. Notwithstanding the foregoing, Supplier may retain one archival hard copy of the Confidential Information for such period of time that Supplier normally retains archival hard copies, and such hard copy shall remain subject to this Section 5.A. 16.1 until it is destroyed. In addition, if Supplier’s computer system automatically retains back-up copies of Confidential Information, Supplier may retain such copies in Supplier’s archival computer storage for the period of time that Supplier normally archives backed-up computer records, and such computer copies shall remain subject to this Section 5.A. 16.1 until they are destroyed or erased. Supplier acknowledges that the Newmont’s Confidential Information is an important asset of Newmont and/or its affiliates and that there is not an adequate remedy at law for a breach by Supplier of this Section 5.A. 16.1 and Newmont and/or its affiliates will suffer irreparable harm as a result of such a breach. Therefore, Supplier agrees that Newmont and/or its affiliates affiliates, as applicable, shall be entitled to equitable relief, including temporary and permanent injunctive relief without the obligation of posting a bond (cash or otherwise), in the event of actual or threatened unauthorized disclosure or use of Confidential Information in breach of this Section 5.A.16.1. B. 16.2 For purposes of this Agreement, “Personal Data” means information regarding any individual (whether an employee or agent of Newmont, its affiliates, or contractors of it or its affiliates, or other individuals) recorded in any format, which is obtained by Contractor Supplier in connection with this Agreement and that identifies or could identify an individual personally, either by itself or together with other information, including demographic information such as name, sex, age and contact information, financial information such as taxpayer identification numbers and bank account information, and health information such as medical records and insurance claims. Contractor Supplier shall, for as long as it has possession of any Personal Data or other Confidential Information (collectively, Sensitive Information”) on Contractor’s information technology systems, Data, maintain reasonable security procedures and practices that are bothboth (A) appropriate to the nature of the Personal Data, and (B) reasonably designed to help protect the Personal Data from unauthorized access, use, modification, disclosure, or destruction. For purposes of this Agreement, Supplier is the processor and Newmont is the controller of any Personal Data. Without limiting the generality of the requirements set forth above in this Section, if Supplier has any Personal Data or other Confidential Information (collectively, “Sensitive Information”) on Supplier’s information technology systems, Supplier shall, for as long as any Sensitive Information resides on Supplier’s information technology system: (I) employ industry-standard firewall and encryption protection for its information technology systems, and (II) use commercially reasonable efforts to scan its information technology system for viruses and malware and promptly mitigate the effects of any viruses or malware detected. Supplier immediately shall notify Newmont if it becomes aware, or has reason to believe, that any breach of this Section 16.2 has occurred, that any unauthorized access to or use of, or any security breach relating to or otherwise affecting, any Sensitive Information has occurred, or that any person who has had access to Sensitive Information has violated or intends to violate the terms of this Agreement. Supplier shall, at its own expense, cooperate with Newmont in investigating and responding to the foregoing.

Confidentiality Data Security. A. Supplier shall not disclose to third parties, or use for purposes other than performing its obligations hereunder, any Data, Inventions, or any other information that relates to the technical, legal, or business affairs or activities of Newmont or its affiliates which was obtained by or on behalf of Supplier in connection with the performance of the Services (collectively, “Confidential Information”), without the prior written consent of Newmont. Confidential Information shall not include information which: (1) is, or shall have been, in the possession of Supplier and not subject to a confidentiality obligation prior to Supplier’s acquisition thereof in connection with the performance of the Services; (2) through no act or omission of Supplier, becomes published or otherwise available to the public under circumstances such that the public may utilize the same without any direct or indirect confidentiality obligation to Newmont or its affiliates; or (3) is acquired by Supplier from any third party rightfully in possession of the same and having no direct or indirect confidentiality obligation to Newmont or its affiliates with respect to the same; provided, however, that the foregoing exceptions shall not apply with respect to Confidential Information which meets the definition of Personal Data (as set forth in Section 5.B., below), which is more specifically addressed in Section 5.B., below. All Confidential Information shall be delivered to Newmont or destroyed by Supplier, at Newmont’s discretion, upon the termination or expiration of this Agreement or at any earlier time upon Newmont’s request. Supplier shall not retain any copies of Confidential Information without Newmont’s express written authorization. Notwithstanding the foregoing, Supplier may retain one archival hard copy of the Confidential Information for such period of time that Supplier normally retains archival hard copies, and such hard copy shall remain subject to this Section 5.A. until it is destroyed. In addition, if Supplier’s computer system automatically retains back-up copies of Confidential Information, Supplier may retain such copies in Supplier’s archival computer storage for the period of time that Supplier normally archives backed-up computer records, and such computer copies shall remain subject to this Section 5.A. until they are destroyed or erased. Supplier acknowledges that the Confidential Information is an important asset of Newmont and/or its affiliates and that there is not an adequate remedy at law for a breach by Supplier of this Section 5.A. and Newmont and/or its affiliates will suffer irreparable harm as a result of such a breach. Therefore, Supplier agrees that Newmont and/or its affiliates shall be entitled to equitable relief, including temporary and permanent injunctive relief without the obligation of posting a bond (cash or otherwise), in the event of actual or threatened unauthorized disclosure or use of Confidential Information in breach of this Section 5.A. B. For purposes of this Agreement, “Personal Data” means information regarding any individual (whether an employee or agent of Newmont, its affiliates, or contractors of it or its affiliates, or other individuals) recorded in any format, which is obtained by Contractor Supplier in connection with this Agreement and that identifies or could identify an individual personally, either by itself or together with other information, including demographic information such as name, sex, age and contact information, financial information such as taxpayer identification numbers and bank account information, and health information such as medical records and insurance claims. Contractor Supplier shall, for as long as it has possession of any Personal Data or other Confidential Information (collectively, Sensitive Information”) on Contractor’s information technology systems, Data, maintain reasonable security procedures and practices that are bothboth (1) appropriate to the nature of the Personal Data, and (2) reasonably designed to help protect the Personal Data from unauthorized access, use, modification, disclosure, or destruction. For purposes of this Agreement, Supplier is the processor and Newmont is the controller of any Personal Data. Without limiting the generality of the requirements set forth above in this Section, if Supplier has any Personal Data or other Confidential Information (collectively, “Sensitive Information”) on Supplier’s information technology systems, Supplier shall, for as long as any Sensitive Information resides on Supplier’s information technology system: (a) employ industry-standard firewall and encryption protection for its information technology systems, and (b) use commercially reasonable efforts to scan its information technology system for viruses and malware and promptly mitigate the effects of any viruses or malware detected. Supplier immediately shall notify Newmont if it becomes aware, or has reason to believe, that any breach of this Section 5.B. has occurred, that any unauthorized access to or use of, or any security breach relating to or otherwise affecting, any Sensitive Information has occurred, or that any person who has had access to Sensitive Information has violated or intends to violate the terms of this Agreement. Supplier shall, at its own expense, cooperate with Newmont in investigating and responding to the foregoing.