Data Privacy and Security Sample Clauses
The Data Privacy and Security clause establishes the obligations of parties to protect personal and sensitive information from unauthorized access, use, or disclosure. Typically, this clause requires adherence to relevant data protection laws, implementation of security measures such as encryption or access controls, and prompt notification in the event of a data breach. Its core function is to safeguard confidential data, ensuring compliance with legal standards and minimizing the risk of data misuse or loss.
POPULAR SAMPLE Copied 40 times
Data Privacy and Security. Bank will implement and maintain a written information security program, in compliance with all federal, state and local laws and regulations (including any similar international laws) applicable to Bank, that contains reasonable and appropriate security measures designed to safeguard the personal information of the Funds’ shareholders, employees, trustees and/or officers that Bank or any Subcustodian receives, stores, maintains, processes, transmits or otherwise accesses in connection with the provision of services hereunder. In this regard, Bank will establish and maintain policies, procedures, and technical, physical, and administrative safeguards, designed to (i) ensure the security and confidentiality of all personal information and any other confidential information that Bank receives, stores, maintains, processes or otherwise accesses in connection with the provision of services hereunder, (ii) protect against any reasonably foreseeable threats or hazards to the security or integrity of personal information or other confidential information, (iii) protect against unauthorized access to or use of personal information or other confidential information, (iv) maintain reasonable procedures to detect and respond to any internal or external security breaches, and (v) ensure appropriate disposal of personal information or other confidential information. Bank will monitor and review its information security program and revise it, as necessary and in its sole discretion, to ensure it appropriately addresses any applicable legal and regulatory requirements. Bank shall periodically test and review its information security program. Bank shall respond to Customer’s reasonable requests for information concerning Bank’s information security program and, upon request, Bank will provide a copy of its applicable policies and procedures, or in Bank’s discretion, summaries thereof, to Customer, to the extent Bank is able to do so without divulging information Bank reasonably believes to be proprietary or Bank confidential information. Upon reasonable request, Bank shall discuss with Customer the information security program of Bank. Bank also agrees, upon reasonable request, to complete any security questionnaire provided by Customer to the extent Bank is able to do so without divulging sensitive, proprietary, or Bank confidential information and return it in a commercially reasonable period of time (or provide an alternative response that reasonably addresses the poin...
Data Privacy and Security. Supplier shall comply with the Data Privacy and Security Addendum terms contained in Exhibit C, attached hereto and made a part hereof.
Data Privacy and Security. (i) Contango has administrative, technical and physical safeguards (including monitoring compliance with such safeguards) to protect the confidentiality, privacy and security of Personal Information and the systems, technology and networks that process Personal Information (the “Contango Information Security”). Contango has provided true, correct and complete copies of all written policies and procedures related to the Contango Information Security. Each of Contango’s employees has received appropriate training on the Contango Information Security relevant to each such employee’s role.
(ii) Neither Contango nor its subsidiaries has experienced: (i) any unauthorized processing of Personal Information in the possession, custody or control of any of Contango or its subsidiaries; or (ii) any unauthorized processing by a third party of Personal Information processed for or on behalf of Contango or its subsidiaries. Contango has not knowingly, acted in a manner, is not aware of any incident or by the exercise or reasonable diligence would not be aware of any incident that would trigger an obligation to notify any person or Governmental Entity under any applicable Laws or Contract.
(iii) Contango and its subsidiaries are in compliance with and has complied with, in all material respects, all Privacy Legal Requirements.
(iv) Contango and its subsidiaries either transmits Personal Information across jurisdictional borders in compliance in all material respects with all Privacy Legal Requirements or processes Personal Information exclusively in the same jurisdiction as each data subject to which it relates resides.
(v) Contango and its subsidiaries have entered into written agreements with Data Related Vendors containing commercially reasonable provisions for data privacy and security. Contango has taken reasonable steps to select and retain only those Data Related Vendors that are capable of maintaining the confidentiality, privacy and security of the Personal Information that they process on behalf of Contango or its subsidiaries.
(vi) No person has commenced or threatened within the past five (5) years any action or other written complaint, audit, proceeding, claim or investigation arising from or relating to the processing of Personal Information by, for or on behalf of Contango or its subsidiaries.
(vii) The execution, delivery and performance of this Agreement and the consummation of the transactions contemplated herein shall not cause, constitute or result in...
Data Privacy and Security. (a) To the Company’s knowledge, each Group Company has implemented adequate written policies relating to the Processing of Personal Data as and to the extent required by applicable Law (“Privacy and Data Security Policies”).
(b) To the Company’s knowledge, there is (and since the Lookback Date there has been) no material Proceeding pending or, to the Company’s knowledge, threatened against or involving any Group Company initiated by any Person (including (i) the United States Federal Trade Commission, any state attorney general or similar state official; (ii) any other Governmental Entity, foreign or domestic; or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of a Group Company is or was in violation of any Privacy Laws or any Privacy and Data Security Policies nor, to the Company’s knowledge, is there (nor since the Lookback Date has there been) any basis for the foregoing.
(c) To the Company’s knowledge, since the Lookback Date: (i) no person has alleged or given written notice of unauthorized access to, or use, disclosure, or Processing of Personal Data in the possession or control of any Group Company or any of its contractors with regard to any Personal Data obtained from or on behalf of a Group Company; (ii) no person has alleged or given written notice of unauthorized intrusions or breaches of security into any Company IT Systems; and (iii) none of the Group Companies has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case, as would not have a Company Material Adverse Effect.
(d) Each Group Company owns or has license to use such Company IT Systems as necessary to operate the business of each Group Company as currently conducted. All Company IT Systems are: (i) free from any material defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all material information technology operations necessary for the operation of the Business (except for ordinary wear and tear). To the Company’s knowledge, since the Lookback Date, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that...
Data Privacy and Security. Data Privacy. "
Data Privacy and Security. (a) The Company and its Subsidiaries have at all times for the past three (3) years complied in all material respects with all applicable Privacy Laws, Privacy and Data Security Policies (as defined below) and contractual commitments relating to the Processing of Personal Data (collectively, the “Privacy Requirements”). The Company has implemented adequate written policies relating to the Processing of Personal Data, as and to the extent required by applicable Laws (“Privacy and Data Security Policies”).
(b) For the past three (3) years, there has not been any and, to the Company’s knowledge there is no pending Proceeding against the Company or any of its Subsidiaries initiated by (i) any Person, (ii) the United States Federal Trade Commission, any state attorney general or similar state official, (iii) any other Governmental Entity, foreign or domestic, or (iv) any regulatory or self-regulatory entity, alleging that any Processing of Personal Data by or on behalf of the Company or any of its Subsidiaries is in violation of any Privacy Requirements.
(c) To the Company’s knowledge, during the past three (3) years, there has been no breach of security resulting in unauthorized access, use or disclosure of Personal Data in the possession or control of the Company or any of its Subsidiaries or, to the Company’s knowledge, any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or any of its Subsidiaries, or any unauthorized intrusions or breaches of security into the Company’s or its Subsidiaries’ systems.
(d) The Company and its Subsidiaries own or have a license to use the Company IT Systems as necessary to operate the Business as currently conducted, and the Company IT Systems operate and perform in a manner that permits the Company and its Subsidiaries to conduct the Business as currently conducted. To the Company’s knowledge, none of the Company IT Systems contain any worm, bomb, backdoor, clock, timer or other disabling device, code, design or routine that causes the Software of any portion thereof to be erased, inoperable or otherwise incapable of being used, either automatically, with the passage of time or upon command by any unauthorized person.
(e) The Company has taken commercially reasonable organizational, physical, administrative and technical measures required by the Privacy Requirements, and consistent with industry standards, designed to protect the integrity, security and operations of the Company IT...
Data Privacy and Security. A. A&M SYSTEM shall retain all right, title, and interest in and to all information, data or other content that A&M SYSTEM or its users enter, submit or upload to Services or otherwise provide to PROVIDER (collectively, the “A&M SYSTEM Data”).
B. PROVIDER shall hold A&M SYSTEM Data, including without limitation, any information contained in the A&M SYSTEM Data that alone or in conjunction with other information identifies an individual, in confidence. PROVIDER shall only use or disclose A&M SYSTEM Data for the purpose of fulfilling PROVIDER’s obligations under this Agreement, as required by law, or as otherwise authorized in writing by A&M SYSTEM. PROVIDER shall restrict disclosure of A&M SYSTEM Data solely to those employees, subcontractors or agents of PROVIDER that have a need to access A&M SYSTEM Data in order for PROVIDER to perform its obligations under this Agreement. PROVIDER shall require any such subcontractors or agents to comply with the same restrictions and obligations imposed on PROVIDER in this Agreement.
C. PROVIDER must promptly notify A&M SYSTEM of any legal request for A&M SYSTEM Data from a third party and take (and assist A&M SYSTEM in taking) appropriate steps not to disclose such A&M SYSTEM Data.
D. PROVIDER shall, within two (2) business days of discovery, report to A&M SYSTEM Data not authorized by this Agreement or in writing by A&M SYSTEM. PROVIDER’s report must identify: (a) the nature of the unauthorized use or disclosure, (b) the A&M SYSTEM Data used or disclosed, (c) who made the unauthorized use or received the unauthorized disclosure (if known), (d) what PROVIDER has done or will do to mitigate any deleterious effect of the unauthorized use or disclosure, and (e) what corrective action PROVIDER has taken or will take to prevent future similar unauthorized use or disclosure. PROVIDER shall provide such other information, including a written report, as reasonably requested by A&M SYSTEM.
E. Within thirty (30) days of the expiration or termination of this Agreement, PROVIDER, as directed by A&M SYSTEM, shall return all A&M SYSTEM Data to A&M SYSTEM in its possession (or in the possession of any of its subcontractors or agents) or delete all such A&M SYSTEM Data if return is not feasible. PROVIDER shall provide A&M SYSTEM with at least ten (10) days’ written notice of PROVIDER’s intent to delete such A&M SYSTEM Data, and shall confirm such deletion in writing.
Data Privacy and Security. A. Personal Data and Customer Instructions. Under this Agreement, Apple, acting as a data processor on your behalf, may receive Personal Data if provided by You. By entering into this Agreement, You instruct Apple to process Your Personal Data, in accordance with applicable law:
(i) to provide the Service; (ii) pursuant to Your instructions as given through your use of the Services (including the web portal and other functionality of the Service); (iii) as specified under this Agreement; and (iv) as further documented in any other written instructions given by You and acknowledged by Apple as constituting instructions under this Agreement. Apple shall comply with the instructions described in this Section 3A unless prohibited by an applicable legal requirement from doing so, in which case Apple will inform You of that legal requirement before processing Personal Data (unless prohibited by that law from doing so on important grounds of public interest).
Data Privacy and Security. (a) The Company and its Subsidiaries and their respective officers and employees, and, to the Knowledge of the Company, any processors acting on their behalf are in material compliance and have since January 1, 2019 complied in all material respects with all applicable Privacy Laws. All Personal Information is and has since January 1, 2019 been collected, processed, transferred, disclosed, shared, stored, protected and used by the Company in accordance with Privacy Laws in all material respects.
(b) The Company has in place policies and procedures for the proper collection, processing, transfer, disclosure, sharing, storing, security and use of Personal Information that comply in all material respects with applicable Privacy Laws.
(c) The Company has, since January 1, 2019, in accordance in all material respects with applicable Privacy Laws: (i) provided individuals with relevant information as required by applicable Privacy Laws; (ii) obtained, where required by applicable Privacy Laws, individuals’ valid consent in relation to the collection, processing, transfer, disclosure, sharing, use and sale of their Personal Information; (iii) implemented and complied in all material respects with its audit, training and, where required, data protection impact assessment procedures; (iv) where the Company has instructed another party to process Personal Information, entered into data processing agreements or other contracts which materially comply with the requirements of applicable Privacy Laws; (v) where the Company acts as a processor, entered into data processing agreements or other contracts which materially comply with the requirements of applicable Privacy Laws and complied in all material respects with all applicable contractual obligations; and (vi) made commercially reasonable efforts to store Personal Information for no longer than is reasonably necessary for the purposes for which Personal Information is processed pursuant to requirements under applicable Privacy Laws.
(d) The Company has implemented commercially reasonable technical, physical, and organizational measures and security systems and technologies in material compliance with all data security requirements under applicable Privacy Laws and the Payment Card Industry Data Security Standards to protect the integrity and security of such Personal Information and all Company data and to prevent any destruction, loss, alteration, corruption or misuse of or unauthorized disclosure or access thereto...
Data Privacy and Security. 7.1.1 With respect to any End-User Customer Information received, accessible, or accessed by Merchant, Merchant will comply with applicable law regarding the use of non-public personal information and the requirements of BlueSnap’s Privacy Policy as amended from time to time. Further, Merchant (i) will not use any End-User Customer Information for any other purpose other than those contemplated hereunder, (ii) has and will maintain reasonable and appropriate measures to protect the security and confidentiality of such End-User Customer Information, and (iii) will not, directly or through an affiliate, disclose or permit the disclosure of any End-User Customer Information to any other person that is not an affiliate or service provider, or an employee or agent of any such party with a demonstrable need to know such End User Customer Confidential Information in order to fulfill the obligations hereunder. Merchant shall take all available steps and precautions to prevent fraud, theft and/or misappropriation of End-User Customer Information.
7.1.2 Subject to each Merchant’s obligations of confidentiality or a duty to restrict dissemination of proprietary information arising from third party relationships or as otherwise imposed by law, ▇▇▇▇▇▇▇▇ will promptly notify BlueSnap as soon as commercially reasonable upon learning of any suspected or actual security breach, unauthorized disclosure, compromise of privacy involving End-User Customers’ Information or the actual loss or theft of any such personal information (“Security Incident”).