Data Handling Clause Samples

Data Handling. This is a complementary issue to 3.2.5 and is relevant to the data sharing (T6.1 & T6.3), the preliminary sensor (T6.2) & food (T6.3) testing and the V1 (T6.

Data Handling. A. Contractor may not maintain or forward these State Records to or from any other facility or location, except for the authorized and approved purposes of backup and disaster recovery purposes, without the prior written consent of the State. Contractor may not maintain State Records in any data center or other storage location outside the United States for any purpose without the prior express written consent of OIS. B. Contractor shall not allow remote access to State Records from outside the United States, including access by Contractor’s employees or agents, without the prior express written consent of OIS. Contractor shall communicate any request regarding non-U.S. access to State Records to the Security and Compliance Representative for the State. The State shall have sole discretion to grant or deny any such request. C. Upon request by the State made any time prior to 60 days following the termination of this Contract for any reason, whether or not the Contract is expiring or terminating, Contractor shall make available to the State a complete download file of all State data. i. This download file shall be made available to the State within 10 Business Days of the State’s request, shall be encrypted and appropriately authenticated, and shall contain, without limitation, all State Records, Work Product, and system schema and transformation definitions, or delimited text files with documents, detailed schema definitions along with attachments in its native format. ii. Upon the termination of Contractor’s provision of data processing services, Contractor shall, as directed by the State, return all State Records provided by the State to Contractor, and the copies thereof, to the State or destroy all such State Records and certify to the State that it has done so. If any legal obligation imposed upon Contractor prevents it from returning or destroying all or part of the State Records provided by the State to Contractor, Contractor shall guarantee the confidentiality of all State Records provided by the State to Contractor and will not actively process such data anymore. Contractor shall not interrupt or obstruct the State’s ability to access and retrieve State Records stored by Contractor. D. The State retains the right to use the established operational services to access and retrieve State Records stored on Contractor’s infrastructure at its sole discretion and at any time. Upon request of the State or of the supervisory authority, Contractor shall sub...

Data Handling. If Customer is disclosing to SISW any information that is (i) Covered Defense Information or Controlled Unclassified Information as defined in U.S. Government regulations, or (ii) subject to Export Laws that require controlled data handling, Customer will notify SISW personnel in advance of each instance of disclosure and will use the notification tools and methods specified by SISW.

Data Handling. User information, namely score and completion of the information security awareness tutorials is collected in order to allow Campaign Managers to monitor and measure user progress. Similarly, user information from the Phishing Simulator is collected to measure user response and phishing awareness. Users who fall for simulated phishing attacks are redirected to on-the-spot training. 27.1 Information the Company collect and receive (a) Account creation information · Email address · Full name · Passwords · Group membership · Time zone · Account preferences (b) Information Security Awareness Campaign information · Attempts at tutorials · Answers to questions in tutorials · Progress through the curriculum of tutorials · User feedback on tutorials (c) Phishing Simulator information · Simulated phishing emails opened · Engagement with simulated phishing email by replying, forwarding, deleting, opening attachments or clicking on embedded links to an email · Engagement with simulated phishing website by entering form data, click links, downloading files, clicking on images · Completion of on-the-spot training · Requests for further training (d) Log information · IP Address · Browser type · Browser settings · Information on the webpage viewed before using the services · Date and time of use of services · Cookie Information 27.2 How the Company process user data (a) Account creation information (b) Information Security Awareness Campaign information The training tutorials are not only to educate personnel in Information Security but also to allow their progress to be tracked by the Campaign Manager. Completeness of training and scores from each tutorial will be saved for this purpose. Scores are calculated for each tutorial; these scores are calculated from the answers users give during the tutorials. (c) Phishing Simulator campaign information The Phishing Simulator’s purpose is to increase personnel’s awareness in regards to the threat of phishing attacks and educate them on how to spot such attacks. It allows Campaign Managers to see how users react to receiving a simulated phishing email. This incorporates whether they open or engage with the emails (such as following a link within the email or reply to the email). This information may be recorded along with completeness of the on-the-spot training, so that Campaign Managers can be given progress reports. If users engage in a way where they fill out a form on a webpage, the information entered will not be submitt...

Data Handling. Where it is agreed that there is no Processing of Personnel Data or disclosure of CUSTOMER Data: delete “(including CUSTOMER Data)” from Clause 11.2; the warranty in Clause 12.1.6 shall be deleted and the remaining Clauses renumbered accordingly; Clauses 14 to 16 (inclusive) shall be marked “Not Used” and Schedules 2-14 and 2-15 marked “Not Used”; delete “The CONTRACTOR acknowledges that the CUSTOMER Data is the property of the CUSTOMER and the CUSTOMER hereby reserves all Intellectual Property Rights which may subsist in the CUSTOMER Data.” from Clause 17.1; delete the following sentence from Clause 34.3: “The CONTRACTOR cannot claim relief from a Force Majeure Event to the extent that it is required to comply with the BCDR Plan but has failed to do so.”; all corresponding definitions in Schedule 2-1 shall be deleted save those definitions used elsewhere in the Contract and the definition of CUSTOMER Confidential Information shall be amended by removing “Personal Data, CUSTOMER Data”; and delete paragraph 5 in Schedule 2-6.

Data Handling. 9.1. You represent and warrant to Gelato that you have any and all necessary rights to handle and ship any parcels for which you would use the services (including the Shipping API Services). You warrant and represent that such parcels, and the goods therein do not violate third party rights, whether intellectual property rights, export/import regulations, environmental regulations, consumer protection rights or other regulations in any jurisdiction the goods may be directed to or transiting as a consequence of the logistics services. 9.2. You acknowledge that shipment data will be processed by Logistics Providers for fulfillment purposes.

Data Handling. A. Upon request, Contractor will make available to the State information about Contractor products and services and their locations of storage of State Records, in order to enable the State to purchase the applicable product or service where the storage location of State Records is located within the United States. If a Purchasing Entity elects to purchase a Good or Service with a FEDRAMP authorization to operate, then the State Records associated with that purchase will remain in the United States of America for the term of that purchase. B. Upon request by the State made any time prior to 60 days following the termination of this Contract for any reason, whether or not the Contract is expiring or terminating, Contractor shall make available to the State complete download file(s) of all Customer Content Records. i. Upon request, Contractor shall provide the State with information regarding encryption and authentication, if any, of such download file(s). [RESERVED]. ii. Upon the termination of Contractor’s provision of data processing services, Contractor shall, upon request by the State, destroy all such Customer Content and certify to the State that it has done so. If Contractor retains all or part of the State Records provided by the State to Contractor, Contractor shall maintain the confidentiality of all State Records provided by the State to Contractor and will not actively process such data anymore. During the terms of service where Contractor is storing Customer Content or any Subcontractor is storing Customer Content on behalf of Contractor, Contractor shall not interrupt or obstruct the State’s ability to access and retrieve Customer Content stored by Contractor or any Subcontractor. C. During the Term of this Participating Addendum, the State retains the right to use the established operational services to access and retrieve Customer Content stored on Contractor’s infrastructure at its sole discretion and at any time.

Data Handling. 32.1 You must ensure that your business fully complies with the Security Standards. You must maintain an Incident Response Plan for immediate reporting and handling of any exposure of Cardholder Data at your business. 32.2 If you know of or suspect a Data Breach at your company or that of any Agent, you must: (a) report the Data Breach immediately to Windcave; (b) take appropriate action, including withdrawal of internet shopping facilities if appropriate, to minimise the ongoing risk to Cardholder Information, until such time as investigation and rectification of the Data Breach is completed; (c) implement and follow the Incident Response Plan; (d) maintain a rigorous audit trail of all actions taken to isolate and rectify the event; (e) assist ▇▇▇▇▇▇▇▇ to the best of your abilities including providing detailed statements and schedules of Card accounts exposed by the Data Breach; (f) allow Windcave employees, contractors, or those of any Payment Scheme, acting reasonably, full access to your systems and databases for the purpose of Forensic Review, to ascertain the cause and impact of the exposure; (g) undergo a full PCI DSS accreditation to be allowed to continue processing Transactions. 32.3 You are liable for all costs, charges and/or fines imposed by the Payment Schemes, Applicable Law or regulators, due to any Data Breach, including but not restricted to: (a) any fines for Data Breach including for a failure to report the Data Breach in a timely fashion; (b) any costs levied by the Payment Schemes for monitoring and/or reissue of credit cards compromised by the Data Breach; (c) all costs for Forensic Review including following termination of this Agreement; and (d) costs for corrective action to address the cause of the Data Breach and for re-certification with PCI DSS. 32.4 You must not sell, purchase, provide or exchange any information or document relating to a Cardholder, a Cardholder’s account number or a Transaction to any person other than us, the Card Issuer or as required by law. 32.5 You must ensure that any full card-read data in respect of Cards accessed by you in connection with a Transaction (or otherwise in connection with the Agreement) is stored only on an electronic file in a secure environment with restricted access in compliance with the Security Standards and Windcave’s compliance requirements, for the sole purpose of providing documentation for exception processing. You must not record, store, replicate or otherwise use full car...

Data Handling. For the purposes of this Clause 5, the terms “Data Controller”, “Data Processor”, “Data Subject”, “Personal Data”, “Process” and “Processing shall have the meaning prescribed under the Data Protection Act 1998. i. Adaptavist shall comply with any notification requirements under the DPA and both Parties will duly observe all their obligations under the DPA which arise in connection with this Agreement. ii. To the extent that Adaptavist acquires from the Client any Personal Data in connection with the Services, Adaptavist shall act as a Data Processor only. The Client shall remain as Data Controller in respect of such Personal Data and Adaptavist shall act only on the instructions of the Client and take appropriate technical and organisational measures against unauthorised or unlawful processing of Personal Data and against loss or destruction of or corruption to any such Personal Data.