{"component": "clause", "props": {"groups": [{"samples": [{"hash": "inrgHNq5CAW", "uri": "/contracts/inrgHNq5CAW#data-security-and-privacy", "label": "Agreement and Plan of Merger (Herc Holdings Inc)", "score": 36.1375770569, "published": true}, {"hash": "93tEpEMwiKZ", "uri": "/contracts/93tEpEMwiKZ#data-security-and-privacy", "label": "Agreement and Plan of Merger (Herc Holdings Inc)", "score": 36.1375770569, "published": true}, {"hash": "kMWKR1evPFb", "uri": "/contracts/kMWKR1evPFb#data-security-and-privacy", "label": "Agreement and Plan of Merger (H&E Equipment Services, Inc.)", "score": 36.1348381042, "published": true}], "snippet": "Except as would not, individually or in the aggregate, reasonably be expected to be material to the business of the Company Group, taken as a whole, the Company and each of its Subsidiaries (i) is in compliance with all Data Security Requirements and (ii) has taken commercially reasonable steps consistent with standard industry practice by companies of similar size and maturity, and in compliance in all material respects with all Data Security Requirements to protect (A) the confidentiality, integrity, availability and security of its Business Systems that are involved in the Processing of Personally Identifiable Information, in the conduct of the business of the Company and its Subsidiaries as currently conducted; and (B) Personally Identifiable Information Processed by or on behalf of the Company or such Subsidiary or on their behalf from unauthorized use, access, disclosure, theft and modification. Except as would not, individually or in the aggregate, reasonably be expected to be material to the business of the Company Group, taken as a whole, (i) there are, and since January 1, 2022, have been, no pending complaints, investigations, inquiries, notices, enforcement proceedings, or Actions by or before any Governmental Authority and (ii) since January 1, 2022, no fines or other penalties have been imposed on or written claims, notice, complaints or other communications have been received by the Company or any Subsidiary, relating to any Specified Data Breach or alleging non-compliance with any Data Security Requirement. The Company and each of its Subsidiaries have not, since January 1, 2022, (1) experienced any Specified Data Breaches, or (2) been involved in any Legal Proceedings related to or alleging any violation of any Data Security Requirements by the Company Group or any Specified Data Breaches, each except as would not be material to the business of the Company Group, taken as a whole. The consummation of the transactions contemplated by this Agreement will not cause the Company Group to breach any Data Security Requirement, except as would not reasonably be expected to be material to the business of the Company Group, taken as a whole.", "size": 16, "snippet_links": [{"key": "in-the-aggregate", "type": "definition", "offset": [37, 53]}, {"key": "business-of-the-company-group", "type": "definition", "offset": [100, 129]}, {"key": "taken-as-a-whole", "type": "clause", "offset": [131, 147]}, {"key": "in-compliance-with", "type": "definition", "offset": [197, 215]}, {"key": "data-security-requirements", "type": "definition", "offset": [220, 246]}, {"key": "reasonable-steps", "type": "definition", "offset": [279, 295]}, {"key": "consistent-with", "type": "definition", "offset": [296, 311]}, {"key": "standard-industry-practice", "type": "definition", "offset": [312, 338]}, {"key": "in-all-material-respects", "type": "definition", "offset": [400, 424]}, {"key": "security-of", "type": "clause", "offset": [525, 536]}, {"key": "business-systems", "type": "definition", "offset": [541, 557]}, {"key": "the-processing", "type": "clause", "offset": [579, 593]}, {"key": "personally-identifiable-information", "type": "definition", "offset": [597, 632]}, {"key": "conduct-of-the-business-of-the-company-and-its-subsidiaries", "type": "clause", "offset": [641, 700]}, {"key": "behalf-of-the-company", "type": "clause", "offset": [788, 809]}, {"key": "unauthorized-use", "type": "clause", "offset": [853, 869]}, {"key": "no-pending-complaints", "type": "clause", "offset": [1117, 1138]}, {"key": "enforcement-proceedings", "type": "definition", "offset": [1176, 1199]}, {"key": "actions-by", "type": "clause", "offset": [1204, 1214]}, {"key": "authority-and", "type": "clause", "offset": [1242, 1255]}, {"key": "other-penalties", "type": "clause", "offset": [1296, 1311]}, {"key": "written-claims", "type": "clause", "offset": [1336, 1350]}, {"key": "other-communications", "type": "clause", "offset": [1374, 1394]}, {"key": "received-by-the-company", "type": "definition", "offset": [1405, 1428]}, {"key": "relating-to", "type": "definition", "offset": [1448, 1459]}, {"key": "specified-data-breach", "type": "definition", "offset": [1464, 1485]}, {"key": "data-breaches", "type": "clause", "offset": [1653, 1666]}, {"key": "legal-proceedings", "type": "clause", "offset": [1696, 1713]}, {"key": "related-to", "type": "definition", "offset": [1714, 1724]}, {"key": "the-transactions-contemplated-by-this-agreement", "type": "clause", "offset": [1951, 1998]}], "hash": "3627dffe5bc4b3ceed3b6125ba7cb8c0", "id": 2}, {"samples": [{"hash": "2umgRbvYFCC", "uri": "/contracts/2umgRbvYFCC#data-security-and-privacy", "label": "Voter List Management Services Agreement", "score": 33.9730873108, "published": true}, {"hash": "dvKUbIcMmhX", "uri": "/contracts/dvKUbIcMmhX#data-security-and-privacy", "label": "Voter List Management Services Agreement", "score": 32.3665657043, "published": true}], "snippet": "5.1 The Client will provide the Data to DataFix and DataFix will only use the Data as necessary to carry out its obligations under this Agreement, and for no other purpose without the prior written consent of the Client.\n5.2 DataFix shall comply with all the confidentiality, security and privacy requirements set out in this Agreement, and any additional Security and Privacy Requirements with respect to the Data that have been provided to DataFix, by the Client, in writing. To the extent DataFix possesses any Data in any form, medium or device during the Term of this Agreement or after the expiration of the Term, the foregoing obligations shall survive and continue to be in legal effect.\n5.3 DataFix shall ensure that its employees and contractors are aware of their obligations regarding data security and privacy under this Section 5.0.DataFix shall limit access to Personal Information to its authorized representatives who have a clear need to know in order to provide the Services. DataFix shall ensure that such representatives have agreed to protect the confidentiality and security of the Personal Information to at least the extent provided by this Agreement and DataFix shall properly advise such representatives of the requirements under this Agreement.\n5.4 DataFix will protect the security and confidentiality of the Personal Information to at least the same standard as DataFix protects its own most sensitive Confidential Information and, in any event, to at least the standard required by applicable Laws.\n5.5 If either Party becomes aware of or reasonably suspects that there has been any unauthorized or improper access to, use or disclosure of any of the Personal Information\n(a \u201cSecurity Incident\u201d), such Party will notify the other Party forthwith and, take all reasonable steps to mitigate the Security Incident.\n5.6 Without limiting any other provision in this Agreement regarding the security of information, DataFix shall have in place reasonable policies, procedures, and safeguards to protect the confidentiality and security of the Personal Information. DataFix shall ensure the physical security of the Personal Information by making reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure, disposal, loss, or modification.", "size": 6, "snippet_links": [{"key": "the-data", "type": "clause", "offset": [28, 36]}, {"key": "obligations-under-this-agreement", "type": "clause", "offset": [113, 145]}, {"key": "no-other-purpose", "type": "clause", "offset": [155, 171]}, {"key": "consent-of-the", "type": "clause", "offset": [198, 212]}, {"key": "comply-with", "type": "clause", "offset": [239, 250]}, {"key": "security-and-privacy-requirements", "type": "clause", "offset": [276, 309]}, {"key": "set-out", "type": "definition", "offset": [310, 317]}, {"key": "in-this-agreement", "type": "clause", "offset": [318, 335]}, {"key": "additional-security", "type": "definition", "offset": [345, 364]}, {"key": "with-respect-to", "type": "clause", "offset": [390, 405]}, {"key": "by-the-client", "type": "clause", "offset": [451, 464]}, {"key": "in-writing", "type": "definition", "offset": [466, 476]}, {"key": "to-the-extent", "type": "clause", "offset": [478, 491]}, {"key": "in-any-form", "type": "definition", "offset": [519, 530]}, {"key": "agreement-or", "type": "definition", "offset": [573, 585]}, {"key": "expiration-of-the-term", "type": "clause", "offset": [596, 618]}, {"key": "the-foregoing", "type": "definition", "offset": [620, 633]}, {"key": "obligations-shall", "type": "definition", "offset": [634, 651]}, {"key": "legal-effect", "type": "definition", "offset": [682, 694]}, {"key": "employees-and-contractors", "type": "definition", "offset": [730, 755]}, {"key": "access-to-personal-information", "type": "clause", "offset": [866, 896]}, {"key": "authorized-representatives", "type": "definition", "offset": [904, 930]}, {"key": "need-to-know", "type": "clause", "offset": [948, 960]}, {"key": "to-provide", "type": "definition", "offset": [970, 980]}, {"key": "the-services", "type": "clause", "offset": [981, 993]}, {"key": "agreed-to", "type": "definition", "offset": [1047, 1056]}, {"key": "the-personal", "type": "clause", "offset": [1101, 1113]}, {"key": "by-this-agreement", "type": "clause", "offset": [1158, 1175]}, {"key": "the-requirements", "type": "clause", "offset": [1234, 1250]}, {"key": "security-and-confidentiality", "type": "clause", "offset": [1302, 1330]}, {"key": "confidential-information-and", "type": "clause", "offset": [1432, 1460]}, {"key": "the-standard", "type": "clause", "offset": [1488, 1500]}, {"key": "required-by", "type": "definition", "offset": [1501, 1512]}, {"key": "applicable-laws", "type": "definition", "offset": [1513, 1528]}, {"key": "if-either-party", "type": "clause", "offset": [1534, 1549]}, {"key": "reasonably-suspects", "type": "definition", "offset": [1570, 1589]}, {"key": "disclosure-of", "type": "clause", "offset": [1657, 1670]}, {"key": "security-incident", "type": "clause", "offset": [1707, 1724]}, {"key": "such-party", "type": "clause", "offset": [1728, 1738]}, {"key": "notify-the", "type": "clause", "offset": [1744, 1754]}, {"key": "other-party", "type": "definition", "offset": [1755, 1766]}, {"key": "reasonable-steps-to-mitigate", "type": "clause", "offset": [1791, 1819]}, {"key": "without-limiting", "type": "clause", "offset": [1847, 1863]}, {"key": "other-provision", "type": "clause", "offset": [1868, 1883]}, {"key": "agreement-regarding", "type": "clause", "offset": [1892, 1911]}, {"key": "security-of-information", "type": "clause", "offset": [1916, 1939]}, {"key": "in-place", "type": "definition", "offset": [1960, 1968]}, {"key": "physical-security", "type": "definition", "offset": [2115, 2132]}, {"key": "security-arrangements", "type": "definition", "offset": [2182, 2203]}, {"key": "unauthorized-access", "type": "clause", "offset": [2226, 2245]}], "hash": "727e1f6a5d2c86a4c2a0fff7efce1776", "id": 10}, {"samples": [{"hash": "5l8MK4274Td", "uri": "/contracts/5l8MK4274Td#data-security-and-privacy", "label": "Credit Agreement (Appian Corp)", "score": 35.332649231, "published": true}, {"hash": "b0vuBQPa8j4", "uri": "/contracts/b0vuBQPa8j4#data-security-and-privacy", "label": "Credit Agreement (Appian Corp)", "score": 34.5852165222, "published": true}, {"hash": "laqrZpPnnt2", "uri": "/contracts/laqrZpPnnt2#data-security-and-privacy", "label": "Credit Agreement (Appian Corp)", "score": 34.1252555847, "published": true}], "snippet": "(a) Each Group Member is, and at all times, has been, in compliance in all material respects with (i) all applicable Data Protection Laws, including, to the extent applicable, but not limited to the GDPR and those relating to cross-border transfers; (ii) all applicable contractual obligations of each Loan Party and its Subsidiaries concerning data privacy and security relating to Personal Data in the possession or control of any Group Member or maintained by third parties on behalf of such Group Member and having access to such information under contracts (or portions thereof) to which a Group Member is a party; and (iii) all applicable data transfer agreements and data processing agreements, including the EU standard contractual clauses, to which a Group Member is a party (collectively, \u201cPrivacy Agreements\u201d):\n(b) Each Group Member is, and has been, in compliance in all material respects with all applicable prior and current written internal and public-facing privacy policies and notices of the Group Members regarding the collection, retention, use, processing, disclosure and distribution of Personal Data by the Group Members or their respective agents (collectively, the \u201cPrivacy Policies\u201d), and the Privacy Policies have been maintained to be consistent in all material respects with the actual practices of each Group Member. The Privacy Policies contemplate the Group Members\u2019 current uses of the Personal Data, and to the extent required under applicable Data Protection Laws, each Group Member has sought and obtained the appropriate consent from the applicable data subject for such uses. The Privacy Policies have made all material disclosures to users, customers, employees, or other individuals required by Data Protection Laws.\n(c) Each Group Member has implemented and maintains a commercially reasonable security program (\u201cSecurity Program\u201d) that (i) complies in all material respects with all applicable Data Protection Laws, applicable Privacy Policies, and applicable Privacy Agreements, and (ii) includes commercially reasonable administrative, technical, organization, and physical security procedures and measures designed to preserve the security and integrity of all Personal Data and any other sensitive or confidential information or data related to each Group Member (collectively, \u201cCompany Sensitive Information\u201d) in such Group Member\u2019s possession or control and to protect such Company Sensitive Information against unauthorized or unlawful processing, access, acquisition, use, theft, interruption, modification, disclosure, loss, destruction or damage.\n(d) Except as disclosed on Schedule 4.23(d), there has been (i) no actual, suspected or alleged (in writing) incidents of unauthorized access, use, intrusion, disclosure or breach of the security of any information technology systems owned or controlled by a Group Member or any of their contractors and used by such contractors on behalf of a Group Member, and (ii) no actual, suspected or alleged (in writing) incidents of unauthorized acquisition, destruction, damage, disclosure, loss, corruption, alteration, or use of any Company Sensitive Information, in each case that could reasonably be expected to cause a Material Adverse Effect.\n(e) Each Group Member has a valid and legal right (whether contractually, by applicable law or otherwise) to access or use all Personal Data that is accessed and used by or on behalf of a Group Member in connection with the sale, use and/or operation of their products, services and businesses.\n(f) Except as would not reasonably be expected to have a Material Adverse Effect, there is no pending or to the knowledge of any Loan Party, threatened in writing, complaints, claims, demands, inquiries, proceedings, or other notices, including any notices of any investigation or other legal proceedings, regarding a Group Member, initiated by (i) any Governmental Authority, including the United States Federal Trade Commission, a state attorney general, data protection authority or similar state official, or a supervisory authority; (ii) any counterparty to, or subject of, a Privacy Agreement; or (iii) any self-regulatory authority or entity, alleging that any activity of a Group Member: (1) is in violation of any applicable Data Protection Laws, (2) is in violation of any Privacy Agreements, (3) is in violation of any Privacy Policies or (4) is otherwise in violation of any person\u2019s privacy, personal or confidentiality rights.", "size": 11, "snippet_links": [{"key": "at-all-times", "type": "clause", "offset": [30, 42]}, {"key": "in-compliance", "type": "definition", "offset": [54, 67]}, {"key": "in-all-material-respects", "type": "definition", "offset": [68, 92]}, {"key": "applicable-data-protection-laws", "type": "definition", "offset": [106, 137]}, {"key": "to-the-extent", "type": "clause", "offset": [150, 163]}, {"key": "not-limited", "type": "clause", "offset": [180, 191]}, {"key": "the-gdpr", "type": "definition", "offset": [195, 203]}, {"key": "relating-to", "type": "definition", "offset": [214, 225]}, {"key": "each-loan-party", "type": "definition", "offset": [297, 312]}, {"key": "data-privacy-and-security", "type": "clause", "offset": [345, 370]}, {"key": "control-of", "type": "definition", "offset": [418, 428]}, {"key": "by-third-parties", "type": "clause", "offset": [460, 476]}, {"key": "access-to", "type": "clause", "offset": [519, 528]}, {"key": "such-information", "type": "definition", "offset": [529, 545]}, {"key": "a-party", "type": "clause", "offset": [611, 618]}, {"key": "data-processing-agreements", "type": "clause", "offset": [674, 700]}, {"key": "eu-standard-contractual-clauses", "type": "definition", "offset": [716, 747]}, {"key": "privacy-agreements", "type": "definition", "offset": [800, 818]}, {"key": "privacy-policies", "type": "definition", "offset": [974, 990]}, {"key": "and-notices", "type": "clause", "offset": [991, 1002]}, {"key": "group-members", "type": "definition", "offset": [1010, 1023]}, {"key": "distribution-of", "type": "clause", "offset": [1093, 1108]}, {"key": "by-the-group", "type": "clause", "offset": [1123, 1135]}, {"key": "the-personal-data", "type": "definition", "offset": [1415, 1432]}, {"key": "the-applicable", "type": "clause", "offset": [1571, 1585]}, {"key": "data-subject", "type": "definition", "offset": [1586, 1598]}, {"key": "disclosures-to-users", "type": "clause", "offset": [1658, 1678]}, {"key": "other-individuals", "type": "definition", "offset": [1705, 1722]}, {"key": "required-by", "type": "definition", "offset": [1723, 1734]}, {"key": "security-program", "type": "definition", "offset": [1835, 1851]}, {"key": "physical-security-procedures", "type": "clause", "offset": [2109, 2137]}, {"key": "integrity-of", "type": "clause", "offset": [2189, 2201]}, {"key": "all-personal-data", "type": "definition", "offset": [2202, 2219]}, {"key": "confidential-information", "type": "definition", "offset": [2247, 2271]}, {"key": "related-to", "type": "definition", "offset": [2280, 2290]}, {"key": "company-sensitive-information", "type": "definition", "offset": [2325, 2354]}, {"key": "destruction-or-damage", "type": "clause", "offset": [2576, 2597]}, {"key": "on-schedule", "type": "definition", "offset": [2623, 2634]}, {"key": "in-writing", "type": "definition", "offset": [2696, 2706]}, {"key": "unauthorized-access", "type": "clause", "offset": [2721, 2740]}, {"key": "breach-of-the", "type": "clause", "offset": [2772, 2785]}, {"key": "security-of", "type": "clause", "offset": [2786, 2797]}, {"key": "information-technology-systems", "type": "clause", "offset": [2802, 2832]}, {"key": "owned-or-controlled", "type": "definition", "offset": [2833, 2852]}, {"key": "unauthorized-acquisition", "type": "clause", "offset": [3024, 3048]}, {"key": "each-case", "type": "definition", "offset": [3161, 3170]}, {"key": "could-reasonably-be-expected-to", "type": "definition", "offset": [3176, 3207]}, {"key": "cause-a-material-adverse-effect", "type": "definition", "offset": [3208, 3239]}, {"key": "legal-right", "type": "definition", "offset": [3279, 3290]}, {"key": "applicable-law", "type": "clause", "offset": [3318, 3332]}, {"key": "access-or-use", "type": "clause", "offset": [3350, 3363]}, {"key": "by-or-on-behalf-of", "type": "definition", "offset": [3408, 3426]}, {"key": "in-connection-with", "type": "clause", "offset": [3442, 3460]}, {"key": "the-sale", "type": "clause", "offset": [3461, 3469]}, {"key": "operation-of", "type": "definition", "offset": [3482, 3494]}, {"key": "services-and", "type": "clause", "offset": [3511, 3523]}, {"key": "knowledge-of", "type": "clause", "offset": [3648, 3660]}, {"key": "any-loan", "type": "clause", "offset": [3661, 3669]}, {"key": "other-notices", "type": "definition", "offset": [3756, 3769]}, {"key": "notices-of-any", "type": "clause", "offset": [3785, 3799]}, {"key": "other-legal-proceedings", "type": "clause", "offset": [3817, 3840]}, {"key": "governmental-authority", "type": "clause", "offset": [3889, 3911]}, {"key": "federal-trade-commission", "type": "definition", "offset": [3941, 3965]}, {"key": "state-attorney-general", "type": "definition", "offset": [3969, 3991]}, {"key": "data-protection-authority", "type": "clause", "offset": [3993, 4018]}, {"key": "state-official", "type": "definition", "offset": [4030, 4044]}, {"key": "supervisory-authority", "type": "definition", "offset": [4051, 4072]}, {"key": "subject-of", "type": "clause", "offset": [4103, 4113]}, {"key": "regulatory-authority", "type": "clause", "offset": [4154, 4174]}, {"key": "in-violation", "type": "definition", "offset": [4239, 4251]}, {"key": "any-person", "type": "clause", "offset": [4419, 4429]}], "hash": "74e2dc6121210c71964071b55f49932e", "id": 4}, {"samples": [{"hash": "cXoNXY7JonY", "uri": "/contracts/cXoNXY7JonY#data-security-and-privacy", "label": "Merchant Agreement", "score": 26.4606437683, "published": true}, {"hash": "7Yi4zrVbto4", "uri": "/contracts/7Yi4zrVbto4#data-security-and-privacy", "label": "Merchant Agreement", "score": 26.4606437683, "published": true}, {"hash": "1uKXhH08jDk", "uri": "/contracts/1uKXhH08jDk#data-security-and-privacy", "label": "Merchant Agreement", "score": 26.4606437683, "published": true}], "snippet": "4.1 Merchant will retain in a secure and confidential manner, in accordance with the Operating Rules, original or complete and legible copies of each Charge Record, and each Credit Voucher required to be provided to Cardholders, for at least two (2) years or longer if required by law or the Operating Rules. Merchant shall render any materials containing Cardholder Account numbers unreadable prior to discarding. Merchant will store Charge Records in an area limited to selected personnel, and when record-retention requirements have been met, Merchant will destroy the records so that Charge Records are rendered unreadable. Merchant confirms that it is, and shall be, in full compliance during the term of this Agreement with all federal, state and local statutes, rules and regulations (including without limitation the information privacy and security requirements of the Gramm \u2587\u2587\u2587\u2587\u2587 \u2587\u2587\u2587\u2587\u2587\u2587 Act and regulations thereunder), as well as all Operating Rules, regulations and bylaws of the Card Networks and the Security Standards. Merchant will have in place and comply with at all times during the term of this Agreement a comprehensive written information security program that is designed to ensure the security, confidentiality and integrity of Transaction and Cardholder information, and includes a procedure (i) for periodic review to identify new and emerging threats and vulnerabilities and (ii) to take appropriate measures to remediate and remove such threats and vulnerabilities, all in accordance with the Security Standards. The Card Networks or Provider, and their respective representatives, may inspect the premises of Merchant or any independent contractor or agent or Merchant Servicer engaged by Merchant for compliance with security requirements. Merchant acknowledges that any failure to comply with security requirements, or to demonstrate compliance, may result in the imposition of restrictions on Merchant or the permanent prohibition of Merchant's participation in Card Programs by the Card Networks. Without limitation as to Merchant's obligations or liabilities under other provisions hereof, Merchant hereby agrees to indemnify Processor and Merchant Bank, including their officers, directors, employees, and agents, and to hold them harmless from any fines, assessments, fees and/or penalties that may be assessed by the Card Networks or any governmental agency in regards to PCI-DSS or PA-DSS or otherwise in regards to data security or any actual or suspected data breaches that may occur, as well as all costs of forensic exam/audit, card replacement fees, all claims and demands of Cardholders, Card Issuers, Card Networks, governmental agencies, or other third parties, and all litigation costs and expenses including reasonable attorney's fees, and all other costs of any kind, associated with any actual or suspected data security breach or noncompliance with Card Network data security requirements or data security requirements of applicable law; and (b) in the event of a computer or other data security breach, or suspected computer or other data security breach, Merchant agrees to abide by Card Network requirements which may include without limitation a forensic network exam by a Qualified Incident Response Assessor (QIRA); and (c) Merchant agrees to cooperate with Processor and Merchant Bank in order to effectively manage breach response. Without limiting the generality of the foregoing, Merchant understands that the payment card industry has required all merchants to be PCI DSS compliant. Processor and Merchant Bank, in compliance with Card Network mandates, will not board merchants for the Services provided for in this Agreement that are not PCI DSScompliant. Merchant and Merchant's principals hereby covenant that they are, and will continue for the duration of the Term to be, PCI DSS compliant. Processor and Merchant Bank also require compliance with the PA- DSS standards in accordance with industry mandates, and with all applicable Card Network mandates relating to PIN and PIN entry device (PED) security, including without limitation, and as applicable, the applicable Payment Card Industry PCI PIN Security Requirements, PCI PIN- Entry Device Security Requirements, and PCI Encrypting PIN Pad Security Requirements. Merchant covenants that all point-of- sale (POS) and/or terminal hardware and software (make and version) that Merchant will use to submit Transactions during the Term is PA- DSS compliant, and compliant with all applicable PIN and PED security requirements, and that any future changes in Merchant\u2019s POS hardware or software will be in compliance with the PA-DSS and all applicable PIN and PED security requirements.\n4.2 Merchant must notify Provider and receive Provider\u2019s prior approval of its use of any Merchant Servicer and, to the extent required by each Card Network, all Merchant Servicers must be\n(i) compliant with all Security Standards applicable to Merchant Servicers; and (ii) registered with and/or recognized by such Card Network(s) as being so compliant. Merchant agrees to exercise due diligence to ensure that all Merchant Servicers, and any other agents, business partners, contractors, or subcontractors with access to Merchant's Card Information, maintain compliance with the Security Standards. To the extent required by each Card Network, all Payment Applications or software involved in processing, storing, receiving, or transmitting of Card Information, shall be (a) compliant with all Security Standards applicable to such Payment Applications or software; and (b) registered with and/or recognized by such Card Network(s) as being so compliant. Merchant will be bound to the acts and omissions of Merchant Servicer and will be responsible for the compliance of such Merchant Servicer with all applicable laws, regulations and Operating Rules. Provider shall in no event be liable to Merchant or any third party for any actions or inactions of any Merchant Servicer used by Merchant, and Merchant hereby expressly assumes all such liability.\n4.3 Merchant will immediately notify Provider if Merchant decides to use electronic authorization or data capture software or terminals provided by any entity other than Provider or its authorized designee (\"Third Party Terminals\") to process Transactions, including leasing a terminal from a third party. If Merchant elects to use Third Party Terminals, (i) the third party providing the terminals will be Merchant's Merchant Servicer in the delivery of Transactions to Provider; and (ii) Merchant assumes full responsibility and liability for any failure of that third party to comply with the requirements of Provider, the Operating Rules, applicable laws, rules or regulations, or this Agreement. Provider will not be responsible for any losses or additional fees incurred by Merchant as a result of any error by a third-party agent or Merchant Servicer or a malfunction in a Third-Party Terminal.\n4.4 Merchant must immediately notify Merchant Bank and Processor of any suspected or confirmed loss or theft of materials or records that contain Cardholder Account numbers or Transaction information. In the event of a suspected or confirmed loss or theft Merchant shall provide immediate access to all facilities, systems, procedures, equipment, and documents as may be deemed appropriate by Provider or its designated representatives for inspection, audit, and copying as deemed appropriate by both Merchant Bank and Processor in their individual sole discretion. Merchant shall be responsible for all costs associated with such inspection, audit, and copying however such costs may occur.\n4.5 Merchant must, at all times, comply with the PCI-DSS and Operating Rules requirements regarding the storage of Cardholder and Transaction data, including all restrictions on the types of data that Merchant may store. Such restrictions include, but are not limited to, prohibition on Merchant\u2019s storage or retention of Card magnetic stripe, CVV, CVV2, CVC2, CID or any other data classified by PCI-DSS as \u201cSensitive Authentication Data\u201d.\n4.6 Merchant has and will maintain a comprehensive privacy program that is reasonably designed to address privacy risks related to Merchant and Merchant customer information, including personally identifiable information (\u201cPII\u201d), and to protect the privacy of PII. This program shall include appropriate privacy controls and procedures, including but not limited to:\n4.6.1 the designation of an employee or employees to coordinate and be responsible for the privacy program;\n4.6.2 the identification of reasonably foreseeable, material risks, both internal and external, that could result in Merchant\u2019s unauthorized collection, use, or disclosure of PII, and an assessment of the sufficiency of any safeguards in place to control these risks. At a minimum, this privacy risk assessment should include consideration of risks in each area of relevant operation, including, but not limited to employee training and management;\n4.6.3 the design and implementation of reasonable privacy controls and procedures to address the risks identified through the privacy risk assessment, and regular testing or monitoring of the effectiveness of those privacy controls and procedures; and\n4.6.4 the evaluation and adjustment of Merchant\u2019s privacy program in light of any circumstances that Merchant knows or has reason to know may have a material impact on the effectiveness of its privacy program.\n4.7 Processor acknowledges that it is responsible for the security of Card information that it transmits on behalf of Merchant in connection with the Services while such Card information is in Processor\u2019s possession.", "size": 11, "snippet_links": [{"key": "merchant-will", "type": "clause", "offset": [4, 17]}, {"key": "in-accordance-with", "type": "definition", "offset": [62, 80]}, {"key": "operating-rules", "type": "definition", "offset": [85, 100]}, {"key": "copies-of", "type": "definition", "offset": [135, 144]}, {"key": "credit-voucher", "type": "definition", "offset": [174, 188]}, {"key": "required-by-law", "type": "definition", "offset": [269, 284]}, {"key": "merchant-shall", "type": "clause", "offset": [309, 323]}, {"key": "account-numbers", "type": "definition", "offset": [367, 382]}, {"key": "prior-to", "type": "definition", "offset": [394, 402]}, {"key": "charge-records", "type": "clause", "offset": [435, 449]}, {"key": "selected-personnel", "type": "definition", "offset": [472, 490]}, {"key": "retention-requirements", "type": "definition", "offset": [508, 530]}, {"key": "the-records", "type": "clause", "offset": [568, 579]}, {"key": "full-compliance", "type": "clause", "offset": [675, 690]}, {"key": "during-the-term-of-this-agreement", "type": "clause", "offset": [691, 724]}, {"key": "rules-and-regulations", "type": "definition", "offset": [769, 790]}, {"key": "including-without-limitation", "type": "clause", "offset": [792, 820]}, {"key": "requirements-of-the", "type": "clause", "offset": [858, 877]}, {"key": "act-and-regulations", "type": "clause", "offset": [897, 916]}, {"key": "card-networks", "type": "definition", "offset": [992, 1005]}, {"key": "security-standards", "type": "clause", "offset": [1014, 1032]}, {"key": "in-place", "type": "definition", "offset": [1053, 1061]}, {"key": "at-all-times", "type": "clause", "offset": [1078, 1090]}, {"key": "written-information-security-program", "type": "clause", "offset": [1141, 1177]}, {"key": "to-ensure", "type": "clause", "offset": [1195, 1204]}, {"key": "integrity-of", "type": "clause", "offset": [1239, 1251]}, {"key": "cardholder-information", "type": "clause", "offset": [1268, 1290]}, {"key": "review-to", "type": "clause", "offset": [1334, 1343]}, {"key": "measures-to", "type": "clause", "offset": [1427, 1438]}, {"key": "respective-representatives", "type": "definition", "offset": [1582, 1608]}, {"key": "the-premises", "type": "clause", "offset": [1622, 1634]}, {"key": "independent-contractor", "type": "definition", "offset": [1654, 1676]}, {"key": "merchant-servicer", "type": "definition", "offset": [1689, 1706]}, {"key": "by-merchant", "type": "clause", "offset": [1715, 1726]}, {"key": "compliance-with-security-requirements", "type": "clause", "offset": [1731, 1768]}, {"key": "merchant-acknowledges", "type": "clause", "offset": [1770, 1791]}, {"key": "failure-to-comply-with", "type": "clause", "offset": [1801, 1823]}, {"key": "demonstrate-compliance", "type": "clause", "offset": [1853, 1875]}, {"key": "restrictions-on", "type": "clause", "offset": [1909, 1924]}, {"key": "permanent-prohibition", "type": "clause", "offset": [1941, 1962]}, {"key": "card-programs", "type": "clause", "offset": [1994, 2007]}, {"key": "to-merchant", "type": "clause", "offset": [2052, 2063]}, {"key": "other-provisions", "type": "clause", "offset": [2099, 2115]}, {"key": "to-indemnify", "type": "clause", "offset": [2147, 2159]}, {"key": "merchant-bank", "type": "clause", "offset": [2174, 2187]}, {"key": "governmental-agency", "type": "definition", "offset": [2375, 2394]}, {"key": "data-breaches", "type": "clause", "offset": [2495, 2508]}, {"key": "costs-of", "type": "definition", "offset": [2540, 2548]}, {"key": "replacement-fees", "type": "clause", "offset": [2575, 2591]}, {"key": "claims-and-demands", "type": "clause", "offset": [2597, 2615]}, {"key": "governmental-agencies", "type": "clause", "offset": [2661, 2682]}, {"key": "other-third-parties", "type": "definition", "offset": [2687, 2706]}, {"key": "litigation-costs-and-expenses", "type": "definition", "offset": [2716, 2745]}, {"key": "reasonable-attorney", "type": "definition", "offset": [2756, 2775]}, {"key": "other-costs", "type": "clause", "offset": [2792, 2803]}, {"key": "associated-with", "type": "definition", "offset": [2817, 2832]}, {"key": "actual-or-suspected-data-security-breach", "type": "clause", "offset": [2837, 2877]}, {"key": "data-security-requirements", "type": "definition", "offset": [2913, 2939]}, {"key": "requirements-of-applicable-law", "type": "clause", "offset": [2957, 2987]}, {"key": "in-the-event-of-a", "type": "clause", "offset": [2997, 3014]}, {"key": "other-data", "type": "definition", "offset": [3027, 3037]}, {"key": "merchant-agrees", "type": "clause", "offset": [3108, 3123]}, {"key": "network-requirements", "type": "definition", "offset": [3141, 3161]}, {"key": "a-qualified", "type": "clause", "offset": [3226, 3237]}, {"key": "incident-response", "type": "definition", "offset": [3238, 3255]}, {"key": "cooperate-with", "type": "clause", "offset": [3300, 3314]}, {"key": "in-order-to", "type": "clause", "offset": [3343, 3354]}, {"key": "breach-response", "type": "clause", "offset": [3374, 3389]}, {"key": "without-limiting-the-generality-of-the-foregoing", "type": "clause", "offset": [3391, 3439]}, {"key": "payment-card-industry", "type": "clause", "offset": [3471, 3492]}, {"key": "pci-dss", "type": "definition", "offset": [3526, 3533]}, {"key": "in-compliance-with", "type": "definition", "offset": [3574, 3592]}, {"key": "the-services-provided", "type": "clause", "offset": [3645, 3666]}, {"key": "in-this-agreement", "type": "clause", "offset": [3671, 3688]}, {"key": "duration-of-the", "type": "clause", "offset": [3812, 3827]}, {"key": "compliance-with-the", "type": "clause", "offset": [3900, 3919]}, {"key": "relating-to", "type": "definition", "offset": [4022, 4033]}, {"key": "applicable-payment", "type": "definition", "offset": [4128, 4146]}, {"key": "pin-security", "type": "clause", "offset": [4165, 4177]}, {"key": "device-security", "type": "clause", "offset": [4207, 4222]}, {"key": "pin-pad", "type": "definition", "offset": [4256, 4263]}, {"key": "merchant-covenants", "type": "clause", "offset": [4287, 4305]}, {"key": "hardware-and-software", "type": "clause", "offset": [4352, 4373]}, {"key": "to-submit", "type": "definition", "offset": [4416, 4425]}, {"key": "changes-in", "type": "definition", "offset": [4566, 4576]}, {"key": "merchant-must", "type": "clause", "offset": [4709, 4722]}, {"key": "approval-of", "type": "definition", "offset": [4768, 4779]}, {"key": "to-the-extent", "type": "clause", "offset": [4818, 4831]}, {"key": "applicable-to", "type": "clause", "offset": [4936, 4949]}, {"key": "to-exercise", "type": "clause", "offset": [5076, 5087]}, {"key": "due-diligence", "type": "clause", "offset": [5088, 5101]}, {"key": "other-agents", "type": "definition", "offset": [5149, 5161]}, {"key": "business-partners", "type": "clause", "offset": [5163, 5180]}, {"key": "access-to", "type": "clause", "offset": [5218, 5227]}, {"key": "card-information", "type": "clause", "offset": [5239, 5255]}, {"key": "payment-applications", "type": "clause", "offset": [5355, 5375]}, {"key": "acts-and-omissions", "type": "clause", "offset": [5692, 5710]}, {"key": "responsible-for", "type": "clause", "offset": [5744, 5759]}, {"key": "all-applicable-laws", "type": "definition", "offset": [5806, 5825]}, {"key": "provider-shall", "type": "clause", "offset": [5860, 5874]}, {"key": "in-no-event", "type": "clause", "offset": [5875, 5886]}, {"key": "actions-or-inactions", "type": "clause", "offset": [5936, 5956]}, {"key": "electronic-authorization", "type": "definition", "offset": [6131, 6155]}, {"key": "data-capture", "type": "definition", "offset": [6159, 6171]}, {"key": "authorized-designee", "type": "definition", "offset": [6244, 6263]}, {"key": "a-third-party", "type": "clause", "offset": [6349, 6362]}, {"key": "the-third-party", "type": "definition", "offset": [6417, 6432]}, {"key": "providing-the", "type": "clause", "offset": [6433, 6446]}, {"key": "delivery-of", "type": "clause", "offset": [6501, 6512]}, {"key": "to-provider", "type": "definition", "offset": [6526, 6537]}, {"key": "liability-for", "type": "clause", "offset": [6589, 6602]}, {"key": "the-requirements", "type": "clause", "offset": [6650, 6666]}, {"key": "rules-or-regulations", "type": "definition", "offset": [6718, 6738]}, {"key": "additional-fees", "type": "definition", "offset": [6810, 6825]}, {"key": "party-agent", "type": "definition", "offset": [6883, 6894]}, {"key": "loss-or-theft", "type": "clause", "offset": [7055, 7068]}, {"key": "transaction-information", "type": "definition", "offset": [7136, 7159]}, {"key": "immediate-access", "type": "definition", "offset": [7239, 7255]}, {"key": "all-facilities", "type": "clause", "offset": [7259, 7273]}, {"key": "by-provider", "type": "clause", "offset": [7350, 7361]}, {"key": "designated-representatives", "type": "clause", "offset": [7369, 7395]}, {"key": "for-inspection", "type": "clause", "offset": [7396, 7410]}, {"key": "sole-discretion", "type": "definition", "offset": [7509, 7524]}, {"key": "transaction-data", "type": "definition", "offset": [7782, 7798]}, {"key": "types-of-data", "type": "clause", "offset": [7834, 7847]}, {"key": "not-limited", "type": "clause", "offset": [7908, 7919]}, {"key": "retention-of", "type": "clause", "offset": [7961, 7973]}, {"key": "magnetic-stripe", "type": "definition", "offset": [7979, 7994]}, {"key": "sensitive-authentication-data", "type": "definition", "offset": [8061, 8090]}, {"key": "privacy-program", "type": "clause", "offset": [8144, 8159]}, {"key": "privacy-risks", "type": "definition", "offset": [8199, 8212]}, {"key": "related-to", "type": "definition", "offset": [8213, 8223]}, {"key": "customer-information", "type": "definition", "offset": [8246, 8266]}, {"key": "personally-identifiable-information", "type": "definition", "offset": [8278, 8313]}, {"key": "controls-and-procedures", "type": "clause", "offset": [8405, 8428]}, {"key": "designation-of", "type": "clause", "offset": [8470, 8484]}, {"key": "employee-or-employees", "type": "clause", "offset": [8488, 8509]}, {"key": "reasonably-foreseeable", "type": "clause", "offset": [8596, 8618]}, {"key": "material-risks", "type": "clause", "offset": [8620, 8634]}, {"key": "disclosure-of", "type": "clause", "offset": [8729, 8742]}, {"key": "assessment-of-the", "type": "clause", "offset": [8755, 8772]}, {"key": "to-control", "type": "definition", "offset": [8812, 8822]}, {"key": "risk-assessment", "type": "clause", "offset": [8863, 8878]}, {"key": "of-risks", "type": "definition", "offset": [8908, 8916]}, {"key": "employee-training", "type": "clause", "offset": [8983, 9000]}, {"key": "design-and-implementation", "type": "clause", "offset": [9027, 9052]}, {"key": "the-risks", "type": "clause", "offset": [9110, 9119]}, {"key": "the-evaluation", "type": "clause", "offset": [9275, 9289]}, {"key": "adjustment-of", "type": "clause", "offset": [9294, 9307]}, {"key": "reason-to-know", "type": "definition", "offset": [9392, 9406]}, {"key": "material-impact", "type": "definition", "offset": [9418, 9433]}, {"key": "security-of", "type": "clause", "offset": [9537, 9548]}, {"key": "on-behalf-of", "type": "definition", "offset": [9584, 9596]}, {"key": "in-connection-with", "type": "clause", "offset": [9606, 9624]}], "hash": "8c66efc9ea7af1abeec6a3a00318dec0", "id": 5}, {"samples": [{"hash": "gn221zBi9R9", "uri": "/contracts/gn221zBi9R9#data-security-and-privacy", "label": "Credit Agreement (Rubrik, Inc.)", "score": 35.2477760315, "published": true}, {"hash": "eGvdkgphkTC", "uri": "/contracts/eGvdkgphkTC#data-security-and-privacy", "label": "Credit Agreement (Rubrik, Inc.)", "score": 34.6755638123, "published": true}, {"hash": "8RrPPUKACiU", "uri": "/contracts/8RrPPUKACiU#data-security-and-privacy", "label": "Credit Agreement (Rubrik, Inc.)", "score": 34.4154701233, "published": true}], "snippet": "(a) Each Credit Party and its Subsidiaries is, and at all relevant times since January 31, 2022, has been, in compliance in all material respects with (i) all applicable Data Protection Laws, including but not limited to the GDPR, where applicable and any other applicable laws relating to cross-border transfers of Personal Data; (ii) all applicable contractual obligations concerning data privacy and data security relating to Personal Data in the possession or control of a Credit Party or a Subsidiary or maintained by third party processors on behalf of such Credit Party or Subsidiary and having access to such information under contracts (or portions thereof) to which a Credit Party or a Subsidiary is a party; and (iii) all applicable data transfer agreements and data processing agreements, including the EU standard contractual clauses, to which a Credit Party or a Subsidiary is a party (collectively, \u201cPrivacy Agreements\u201d).\n(b) Each Credit Party and its Subsidiaries is, and at all relevant times since January 31, 2022, has been, in compliance in all material respects with all applicable written internal and public-facing binding privacy policies and notices of the Credit Parties and its Subsidiaries regarding the collection, retention, use, processing, disclosure and distribution of Personal Data by the Credit Parties or their Subsidiaries (collectively, the \u201cPrivacy Policies\u201d), and the Privacy Policies have been maintained to be consistent in all material respects with the actual practices of each Credit Party and its Subsidiaries. The Privacy Policies contemplate the Credit Parties\u2019 and its Subsidiaries\u2019 current uses of the Personal Data.\n(c) Each Credit Party and its Subsidiaries has in place, maintains, and complies with, a comprehensive written information security program (\u201cSecurity Program\u201d) that (i) complies in all material respects with all applicable Data Protection Laws, applicable Privacy Policies, and applicable Privacy Agreements, and (ii) includes and incorporates commercially reasonable administrative, technical, organization, and physical security procedures and measures designed to preserve the security and integrity of any Personal Data and any data marked or reasonably understood to be sensitive or confidential information or data related to each Credit Party and its Subsidiaries (collectively, \u201cCompany Sensitive Information\u201d) in the Credit Parties\u2019 or its Subsidiaries\u2019 possession or control and to protect such Company Sensitive Information against unauthorized or unlawful processing, access, acquisition, use, theft, interruption, modification, disclosure, loss, destruction or damage.\n(d) Since January 31, 2022, to the knowledge of the Credit Parties, there has been (i) no actual, suspected or alleged material incidents of unauthorized access, use, intrusion, disclosure or breach of the security of any information technology systems owned or controlled by a Credit Party or a Subsidiary or any of their contractors, and (ii) no actual, suspected or alleged material incidents of unauthorized acquisition, destruction, damage, disclosure, loss, corruption, alteration, or use of any Company Sensitive Information.\n(e) Each Credit Party and each of its Subsidiaries has a valid and legal right (whether contractually, by Applicable Law or otherwise) to access or use all Personal Data that is accessed and used by or on behalf of a Credit Party or a Subsidiary in connection with the sale, use and/or operation of their products, services and businesses.\n(f) Neither any Credit Party nor any Subsidiary has received any, nor to the knowledge of the Credit Parties are there any material pending, written complaints, claims, demands, inquiries, proceedings, or other notices that could reasonably be expected to result in an investigation or other legal proceeding, including any notices of any investigation or other legal proceedings, regarding a Credit Party or a Subsidiary, initiated by (i) any Person; (ii) any Governmental Authority, including the United States Federal Trade Commission, a state attorney general, data protection authority or similar state official, or a supervisory authority; or (iii) any self-regulatory authority or entity, alleging that any activity of a Credit Party or a Subsidiary: (1) is in violation of any applicable Data Protection Laws, (2) is in violation of any Privacy Agreements, (3) is in violation of any Privacy Policies, (4) is otherwise in violation of any person\u2019s privacy, personal or confidentiality rights, or (5) otherwise constitutes an unfair, deceptive, abusive or misleading trade practice, in each case in any material respect.", "size": 17, "snippet_links": [{"key": "credit-party", "type": "definition", "offset": [9, 21]}, {"key": "relevant-times", "type": "definition", "offset": [58, 72]}, {"key": "in-compliance", "type": "definition", "offset": [107, 120]}, {"key": "in-all-material-respects", "type": "definition", "offset": [121, 145]}, {"key": "applicable-data-protection-laws", "type": "definition", "offset": [159, 190]}, {"key": "not-limited", "type": "clause", "offset": [206, 217]}, {"key": "the-gdpr", "type": "definition", "offset": [221, 229]}, {"key": "where-applicable", "type": "clause", "offset": [231, 247]}, {"key": "other-applicable-laws", "type": "clause", "offset": [256, 277]}, {"key": "relating-to", "type": "definition", "offset": [278, 289]}, {"key": "border-transfers-of-personal-data", "type": "clause", "offset": [296, 329]}, {"key": "contractual-obligations", "type": "clause", "offset": [351, 374]}, {"key": "data-privacy-and-data-security", "type": "clause", "offset": [386, 416]}, {"key": "control-of", "type": "definition", "offset": [464, 474]}, {"key": "a-credit", "type": "definition", "offset": [475, 483]}, {"key": "third-party-processors", "type": "definition", "offset": [523, 545]}, {"key": "access-to", "type": "clause", "offset": [602, 611]}, {"key": "such-information", "type": "definition", "offset": [612, 628]}, {"key": "a-party", "type": "clause", "offset": [710, 717]}, {"key": "data-processing-agreements", "type": "clause", "offset": [773, 799]}, {"key": "eu-standard-contractual-clauses", "type": "definition", "offset": [815, 846]}, {"key": "privacy-agreements", "type": "definition", "offset": [915, 933]}, {"key": "privacy-policies", "type": "definition", "offset": [1146, 1162]}, {"key": "and-notices", "type": "clause", "offset": [1163, 1174]}, {"key": "distribution-of", "type": "clause", "offset": [1287, 1302]}, {"key": "the-personal-data", "type": "definition", "offset": [1649, 1666]}, {"key": "in-place", "type": "definition", "offset": [1715, 1723]}, {"key": "written-information-security-program", "type": "clause", "offset": [1771, 1807]}, {"key": "commercially-reasonable", "type": "clause", "offset": [2013, 2036]}, {"key": "physical-security-procedures", "type": "clause", "offset": [2082, 2110]}, {"key": "integrity-of", "type": "clause", "offset": [2162, 2174]}, {"key": "confidential-information", "type": "definition", "offset": [2257, 2281]}, {"key": "related-to", "type": "definition", "offset": [2290, 2300]}, {"key": "company-sensitive-information", "type": "definition", "offset": [2356, 2385]}, {"key": "destruction-or-damage", "type": "clause", "offset": [2628, 2649]}, {"key": "knowledge-of-the-credit-parties", "type": "clause", "offset": [2686, 2717]}, {"key": "unauthorized-access", "type": "clause", "offset": [2792, 2811]}, {"key": "breach-of-the", "type": "clause", "offset": [2843, 2856]}, {"key": "security-of", "type": "clause", "offset": [2857, 2868]}, {"key": "information-technology-systems", "type": "clause", "offset": [2873, 2903]}, {"key": "owned-or-controlled", "type": "definition", "offset": [2904, 2923]}, {"key": "unauthorized-acquisition", "type": "clause", "offset": [3050, 3074]}, {"key": "legal-right", "type": "definition", "offset": [3251, 3262]}, {"key": "access-or-use", "type": "clause", "offset": [3322, 3335]}, {"key": "all-personal-data", "type": "definition", "offset": [3336, 3353]}, {"key": "by-or-on-behalf-of", "type": "definition", "offset": [3380, 3398]}, {"key": "in-connection-with", "type": "clause", "offset": [3430, 3448]}, {"key": "the-sale", "type": "clause", "offset": [3449, 3457]}, {"key": "operation-of", "type": "definition", "offset": [3470, 3482]}, {"key": "services-and", "type": "clause", "offset": [3499, 3511]}, {"key": "parties-are", "type": "clause", "offset": [3625, 3636]}, {"key": "written-complaints", "type": "clause", "offset": [3665, 3683]}, {"key": "other-notices", "type": "definition", "offset": [3729, 3742]}, {"key": "could-reasonably-be-expected-to", "type": "definition", "offset": [3748, 3779]}, {"key": "notices-of-any", "type": "clause", "offset": [3848, 3862]}, {"key": "other-legal-proceedings", "type": "clause", "offset": [3880, 3903]}, {"key": "any-person", "type": "clause", "offset": [3964, 3974]}, {"key": "governmental-authority", "type": "clause", "offset": [3985, 4007]}, {"key": "federal-trade-commission", "type": "definition", "offset": [4037, 4061]}, {"key": "state-attorney-general", "type": "definition", "offset": [4065, 4087]}, {"key": "data-protection-authority", "type": "clause", "offset": [4089, 4114]}, {"key": "state-official", "type": "definition", "offset": [4126, 4140]}, {"key": "supervisory-authority", "type": "definition", "offset": [4147, 4168]}, {"key": "regulatory-authority", "type": "clause", "offset": [4188, 4208]}, {"key": "in-violation", "type": "definition", "offset": [4289, 4301]}, {"key": "each-case", "type": "definition", "offset": [4617, 4626]}], "hash": "790e8bd0d887377a866f5ed1c4ece9c0", "id": 1}, {"samples": [{"hash": "1zjKyqX0v7s", "uri": "/contracts/1zjKyqX0v7s#data-security-and-privacy", "label": "Merchant Terms & Conditions", "score": 26.5345649719, "published": true}, {"hash": "6Vi17nujg9O", "uri": "/contracts/6Vi17nujg9O#data-security-and-privacy", "label": "Merchant Terms & Conditions", "score": 26.3511295319, "published": true}, {"hash": "3tmX0nHspRB", "uri": "/contracts/3tmX0nHspRB#data-security-and-privacy", "label": "Merchant Terms & Conditions", "score": 26.3511295319, "published": true}], "snippet": "You represent to us that you do not have access to Card information (such as the cardholder\u2019s account number, expiration date, and CVV2) and you will not request access to such Card information from us. In the event that you receive such Card information in connection with the processing services provided under this Agreement, you agree that you will not use it for any fraudulent purpose or in violation of any Card Organization Rules, including but not limited to Payment Card Industry Data Security Standards (\u201cPCI DSS\u201d) or applicable law. If at any time you believe that Card information has been compromised, you must notify us promptly and assist in providing notification to the proper parties. You must ensure your compliance and that of any third party service provider utilized by you, with all security standards and guidelines that are applicable to you and published from time to time by Visa, MasterCard or any other Card Organization, including, without limitation, the Visa U.S.A. Cardholder Information Security Program (\u201cCISP\u201d), the MasterCard Site Data Protection (\u201cSDP\u201d), and (where applicable), the PCI Security Standards Council, Visa, and MasterCard PA-DSS (\u201cPayment Application Data Security Standards\u201d) (collectively, the \"Security Guidelines\"). If any Card Organization requires an audit of you due to a data security compromise event or suspected event, you agree to cooperate with such audit. You may not use any Card information other than for the sole purpose of completing the transaction authorized by the customer for which the information was provided to you, or as specifically allowed by Card Organization Rules, Your Card Acceptance Guide or required by law.", "size": 8, "snippet_links": [{"key": "you-represent", "type": "clause", "offset": [0, 13]}, {"key": "access-to", "type": "clause", "offset": [41, 50]}, {"key": "card-information", "type": "clause", "offset": [51, 67]}, {"key": "account-number", "type": "clause", "offset": [94, 108]}, {"key": "expiration-date", "type": "definition", "offset": [110, 125]}, {"key": "information-from", "type": "clause", "offset": [182, 198]}, {"key": "in-the-event", "type": "clause", "offset": [203, 215]}, {"key": "in-connection-with", "type": "clause", "offset": [255, 273]}, {"key": "services-provided", "type": "definition", "offset": [289, 306]}, {"key": "this-agreement", "type": "clause", "offset": [313, 327]}, {"key": "in-violation", "type": "definition", "offset": [394, 406]}, {"key": "card-organization-rules", "type": "definition", "offset": [414, 437]}, {"key": "not-limited", "type": "clause", "offset": [453, 464]}, {"key": "payment-card-industry-data-security-standards", "type": "definition", "offset": [468, 513]}, {"key": "pci-dss", "type": "definition", "offset": [516, 523]}, {"key": "applicable-law", "type": "clause", "offset": [529, 543]}, {"key": "at-any-time", "type": "clause", "offset": [548, 559]}, {"key": "notify-us", "type": "clause", "offset": [625, 634]}, {"key": "notification-to", "type": "clause", "offset": [668, 683]}, {"key": "your-compliance", "type": "clause", "offset": [720, 735]}, {"key": "third-party-service-provider", "type": "definition", "offset": [752, 780]}, {"key": "standards-and-guidelines", "type": "clause", "offset": [816, 840]}, {"key": "applicable-to", "type": "clause", "offset": [850, 863]}, {"key": "from-time-to-time", "type": "clause", "offset": [882, 899]}, {"key": "other-card", "type": "definition", "offset": [927, 937]}, {"key": "without-limitation", "type": "clause", "offset": [963, 981]}, {"key": "cardholder-information-security-program", "type": "clause", "offset": [999, 1038]}, {"key": "data-protection", "type": "clause", "offset": [1069, 1084]}, {"key": "where-applicable", "type": "clause", "offset": [1099, 1115]}, {"key": "standards-council", "type": "definition", "offset": [1135, 1152]}, {"key": "application-data", "type": "definition", "offset": [1192, 1208]}, {"key": "security-guidelines", "type": "clause", "offset": [1250, 1269]}, {"key": "security-compromise", "type": "definition", "offset": [1337, 1356]}, {"key": "you-agree-to", "type": "clause", "offset": [1383, 1395]}, {"key": "cooperate-with", "type": "clause", "offset": [1396, 1410]}, {"key": "purpose-of", "type": "clause", "offset": [1484, 1494]}, {"key": "completing-the-transaction", "type": "clause", "offset": [1495, 1521]}, {"key": "customer-for", "type": "clause", "offset": [1540, 1552]}, {"key": "the-information", "type": "clause", "offset": [1559, 1574]}, {"key": "your-card-acceptance-guide", "type": "definition", "offset": [1651, 1677]}, {"key": "required-by-law", "type": "definition", "offset": [1681, 1696]}], "hash": "ded5a9dc883d45d9b34b003aace2f6d7", "id": 7}, {"samples": [{"hash": "gniMyZgPEU2", "uri": "/contracts/gniMyZgPEU2#data-security-and-privacy", "label": "Master Services Agreement", "score": 26.4496917725, "published": true}, {"hash": "1Dzd22rvLfl", "uri": "/contracts/1Dzd22rvLfl#data-security-and-privacy", "label": "Master Services Agreement", "score": 26.3251190186, "published": true}, {"hash": "jo6p5y5IA86", "uri": "/contracts/jo6p5y5IA86#data-security-and-privacy", "label": "Master Services Agreement", "score": 25.6406574249, "published": true}], "snippet": "12.1 SERVICE PROVIDER acknowledges the importance of Data Security and agrees to adhere to the Terms and Conditions of the Data Security Policy of IIMC.\n12.2 IIMC shall provide the SERVICE PROVIDER with a copy of the IIMC Data Security Policy, within a reasonable time upon signing of the Agreement.\n12.3 SERVICE PROVIDER agrees that in case of breach of any of the terms of the Data Security Policy of IIMC by any its employees, the SERVICE PROVIDER shall be held liable and penalised by IIMC.\n12.4 The IIMC Authorised Person shall have the sole and final powers in determining what constitutes a Breach of the Data Security policy of IIMC.\n12.5 Contractor further ensures to comply with the terms and conditions and all such requirements of the Security Policies, as may be changed from time-to-time.", "size": 12, "snippet_links": [{"key": "security-and", "type": "clause", "offset": [58, 70]}, {"key": "agrees-to", "type": "clause", "offset": [71, 80]}, {"key": "adhere-to", "type": "clause", "offset": [81, 90]}, {"key": "data-security-policy", "type": "definition", "offset": [123, 143]}, {"key": "provide-the", "type": "clause", "offset": [169, 180]}, {"key": "a-copy-of-the", "type": "clause", "offset": [203, 216]}, {"key": "reasonable-time", "type": "definition", "offset": [253, 268]}, {"key": "signing-of-the-agreement", "type": "clause", "offset": [274, 298]}, {"key": "provider-agrees", "type": "clause", "offset": [313, 328]}, {"key": "breach-of-any", "type": "clause", "offset": [345, 358]}, {"key": "terms-of-the", "type": "clause", "offset": [366, 378]}, {"key": "the-service-provider-shall", "type": "clause", "offset": [430, 456]}, {"key": "authorised-person", "type": "clause", "offset": [509, 526]}, {"key": "breach-of-the", "type": "clause", "offset": [598, 611]}, {"key": "comply-with-the", "type": "clause", "offset": [677, 692]}, {"key": "security-policies", "type": "clause", "offset": [747, 764]}], "hash": "5208292524c6d8b61cb357c2e9f2c295", "id": 3}, {"samples": [{"hash": "fwlGw4tmoGh", "uri": "/contracts/fwlGw4tmoGh#data-security-and-privacy", "label": "Merger Agreement (Vista Equity Partners Fund Viii, L.P.)", "score": 34.0458602905, "published": true}, {"hash": "loAtNLsDVkV", "uri": "/contracts/loAtNLsDVkV#data-security-and-privacy", "label": "Merger Agreement (Duck Creek Technologies, Inc.)", "score": 34.0239562988, "published": true}], "snippet": "The Company and each of its Subsidiaries (i) is, and since August 14, 2020 has been, in material compliance with all Data Security Requirements; and (ii) since August 14, 2020, has taken commercially reasonable steps consistent with standard industry practice by companies of similar size and maturity, and in compliance in all material respects with the Data Security Requirements to protect (A) the confidentiality, integrity, availability, and security of its Business Systems that are involved in the Processing of Personally Identifiable Information, in the conduct of the business of the Company and its Subsidiaries as currently conducted; and (B) Personally Identifiable Information Processed by the Company or such Subsidiary from unauthorized use, access, disclosure, theft, and modification, except in each case as would not be material to the business of the Company Group, taken as a whole. As of the date hereof, except as would not be material to the business of the Company Group, taken as a whole, (i) there are no pending complaints, investigations, inquiries, notices, enforcement proceedings, or actions by or before any Governmental Authority and (ii) since August 14, 2020, no fines or other penalties have been imposed on or written claims for compensation have been received by the Company or any Subsidiary, for violation of any Data Security Requirement in connection with any Specified Data Breach. The Company and each of its Subsidiaries have not since August 14, 2020, (1) experienced any Specified Data Breaches; or (2) been involved in any Legal Proceedings related to any violation of any Data Security Requirements by the Company Group or any Specified Data Breaches, each except as would not be material to the business of the Company Group, taken as a whole.", "size": 8, "snippet_links": [{"key": "compliance-with", "type": "definition", "offset": [97, 112]}, {"key": "data-security-requirements", "type": "definition", "offset": [117, 143]}, {"key": "reasonable-steps", "type": "definition", "offset": [200, 216]}, {"key": "consistent-with", "type": "definition", "offset": [217, 232]}, {"key": "standard-industry-practice", "type": "definition", "offset": [233, 259]}, {"key": "in-compliance", "type": "definition", "offset": [307, 320]}, {"key": "in-all-material-respects", "type": "definition", "offset": [321, 345]}, {"key": "the-data", "type": "clause", "offset": [351, 359]}, {"key": "security-of", "type": "clause", "offset": [447, 458]}, {"key": "business-systems", "type": "definition", "offset": [463, 479]}, {"key": "the-processing", "type": "clause", "offset": [501, 515]}, {"key": "personally-identifiable-information", "type": "definition", "offset": [519, 554]}, {"key": "conduct-of-the-business-of-the-company-and-its-subsidiaries", "type": "clause", "offset": [563, 622]}, {"key": "unauthorized-use", "type": "clause", "offset": [740, 756]}, {"key": "each-case", "type": "definition", "offset": [813, 822]}, {"key": "business-of-the-company-group", "type": "definition", "offset": [855, 884]}, {"key": "taken-as-a-whole", "type": "clause", "offset": [886, 902]}, {"key": "date-hereof", "type": "clause", "offset": [914, 925]}, {"key": "no-pending-complaints", "type": "clause", "offset": [1029, 1050]}, {"key": "enforcement-proceedings", "type": "definition", "offset": [1088, 1111]}, {"key": "actions-by", "type": "clause", "offset": [1116, 1126]}, {"key": "authority-and", "type": "clause", "offset": [1154, 1167]}, {"key": "other-penalties", "type": "clause", "offset": [1208, 1223]}, {"key": "claims-for-compensation", "type": "clause", "offset": [1256, 1279]}, {"key": "received-by-the-company", "type": "definition", "offset": [1290, 1313]}, {"key": "for-violation", "type": "clause", "offset": [1333, 1346]}, {"key": "in-connection-with", "type": "clause", "offset": [1380, 1398]}, {"key": "specified-data-breach", "type": "definition", "offset": [1403, 1424]}, {"key": "data-breaches", "type": "clause", "offset": [1529, 1542]}, {"key": "legal-proceedings", "type": "clause", "offset": [1572, 1589]}, {"key": "related-to", "type": "definition", "offset": [1590, 1600]}], "hash": "e75d61ef2e2470150b18508f70260ac6", "id": 9}, {"samples": [{"hash": "45c4WWKRAoI", "uri": "/contracts/45c4WWKRAoI#data-security-and-privacy", "label": "Master Terms Agreement", "score": 35.2917976379, "published": true}, {"hash": "1zRXhx4QAK3", "uri": "/contracts/1zRXhx4QAK3#data-security-and-privacy", "label": "Master Terms Agreement", "score": 35.1707000732, "published": true}, {"hash": "fXpxZfRemDf", "uri": "/contracts/fXpxZfRemDf#data-security-and-privacy", "label": "Master Terms Agreement", "score": 34.7908592224, "published": true}], "snippet": "insightsoftware will use reasonable efforts, but no less than the efforts that insightsoftware uses to protect its own data of like importance, to protect the security of Customer Content while such Customer Content is held within insightsoftware\u2019s systems, employing the data security procedures and tools described in, and in accordance with the terms of, the insightsoftware Security Addendum, available at \u2587\u2587\u2587\u2587\u2587://\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587.\u2587\u2587\u2587/legal/contracts/info-security-addendum/ (\u201cthe Security Addendum\u201d). insightsoftware will process personal data on Customer\u2019s behalf as set forth in the insightsoftware Data Processing Addendum available at \u2587\u2587\u2587\u2587\u2587://\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587.\u2587\u2587\u2587/legal/contracts/data-processing-addendum/, which is hereby incorporated by reference.", "size": 8, "snippet_links": [{"key": "reasonable-efforts", "type": "definition", "offset": [25, 43]}, {"key": "customer-content", "type": "clause", "offset": [171, 187]}, {"key": "data-security-procedures", "type": "clause", "offset": [272, 296]}, {"key": "and-tools", "type": "clause", "offset": [297, 306]}, {"key": "in-accordance-with", "type": "definition", "offset": [325, 343]}, {"key": "terms-of", "type": "definition", "offset": [348, 356]}, {"key": "security-addendum", "type": "definition", "offset": [378, 395]}, {"key": "available-at", "type": "definition", "offset": [397, 409]}, {"key": "process-personal-data", "type": "definition", "offset": [526, 547]}, {"key": "data-processing-addendum", "type": "clause", "offset": [605, 629]}, {"key": "incorporated-by-reference", "type": "definition", "offset": [730, 755]}], "hash": "13092d1937a2d739e95763094d35d686", "id": 8}, {"samples": [{"hash": "4IQo9nWpk4l", "uri": "/contracts/4IQo9nWpk4l#data-security-and-privacy", "label": "Access Agreement", "score": 32.0972595215, "published": true}, {"hash": "1CgLuTR1rP3", "uri": "/contracts/1CgLuTR1rP3#data-security-and-privacy", "label": "Routine Services Agreement", "score": 31.7369709015, "published": true}, {"hash": "eXLD7R4gAxF", "uri": "/contracts/eXLD7R4gAxF#data-security-and-privacy", "label": "Routine Services Agreement", "score": 25.8665294647, "published": true}], "snippet": "9.1. Definition: For the purpose of Agreement, \"Data Protection Law\" means applicable laws relating to privacy and data protection, including in the case of University, the Family Educational Rights and Privacy Act (\"FERPA\"), and other applicable U.S. federal and California state laws on privacy and data protection; and in the case of Company, Company's applicable national and local laws on privacy and data protection. In the event any Protected Information is revealed, shared, or exchanged between the Parties, each Party agrees to comply with its obligations under all applicable Data Protection Law, and as required under Agreement. To the extent that any laws or regulations of the home country or region of a Party has extra- territorial application such as to impose legal obligations on the other Party or its conduct outside such home country or region, the other Party upon request will provide reasonable assistance to such other Party in satisfying such obligation as necessary to implement Agreement. Such reasonable assistance shall not include legal advice or opinion.", "size": 10, "snippet_links": [{"key": "the-purpose-of-agreement", "type": "clause", "offset": [21, 45]}, {"key": "applicable-laws", "type": "definition", "offset": [75, 90]}, {"key": "relating-to", "type": "definition", "offset": [91, 102]}, {"key": "privacy-and-data-protection", "type": "clause", "offset": [103, 130]}, {"key": "in-the-case", "type": "clause", "offset": [142, 153]}, {"key": "family-educational-rights-and-privacy-act", "type": "definition", "offset": [173, 214]}, {"key": "other-applicable", "type": "definition", "offset": [230, 246]}, {"key": "california-state-laws", "type": "clause", "offset": [264, 285]}, {"key": "local-laws", "type": "clause", "offset": [380, 390]}, {"key": "in-the-event", "type": "clause", "offset": [423, 435]}, {"key": "protected-information", "type": "definition", "offset": [440, 461]}, {"key": "between-the-parties", "type": "clause", "offset": [496, 515]}, {"key": "each-party", "type": "clause", "offset": [517, 527]}, {"key": "agrees-to", "type": "clause", "offset": [528, 537]}, {"key": "comply-with", "type": "clause", "offset": [538, 549]}, {"key": "applicable-data-protection-law", "type": "clause", "offset": [576, 606]}, {"key": "as-required", "type": "clause", "offset": [612, 623]}, {"key": "to-the-extent", "type": "clause", "offset": [641, 654]}, {"key": "laws-or-regulations", "type": "definition", "offset": [664, 683]}, {"key": "home-country", "type": "definition", "offset": [691, 703]}, {"key": "a-party", "type": "clause", "offset": [717, 724]}, {"key": "territorial-application", "type": "clause", "offset": [736, 759]}, {"key": "legal-obligations", "type": "clause", "offset": [778, 795]}, {"key": "other-party", "type": "definition", "offset": [803, 814]}, {"key": "upon-request", "type": "definition", "offset": [883, 895]}, {"key": "will-provide", "type": "clause", "offset": [896, 908]}, {"key": "assistance-to", "type": "clause", "offset": [920, 933]}, {"key": "legal-advice", "type": "clause", "offset": [1063, 1075]}], "hash": "4cdaef468341e927b2c7d2f27776188a", "id": 6}], "next_curs": "CmISXGoVc35sYXdpbnNpZGVyY29udHJhY3Rzcj4LEhZDbGF1c2VTbmlwcGV0R3JvdXBfdjU2IiJkYXRhLXNlY3VyaXR5LWFuZC1wcml2YWN5IzAwMDAwMDBhDKIBAmVuGAAgAA==", "clause": {"children": [["data-collection-processing-and-usage", "Data Collection, Processing and Usage"], ["administrative-service-provider", "Administrative Service Provider"], ["non-disclosure", "Non-Disclosure"], ["protection", "Protection"], ["protected-information", "Protected Information"]], "parents": [["representations-and-warranties-of-the-company", "REPRESENTATIONS AND WARRANTIES OF THE COMPANY"], ["intellectual-property", "Intellectual Property"], ["representations-and-warranties", "Representations and Warranties"], ["affirmative-covenants", "Affirmative Covenants"], ["data-security-privacy-warranties-and-disclaimer", "Data Security Privacy Warranties and Disclaimer"]], "size": 359, "title": "Data Security and Privacy", "id": "data-security-and-privacy", "related": [["data-security-and-privacy-plan", "Data Security and Privacy Plan", "<strong>Data Security and Privacy</strong> Plan"], ["security-and-privacy", "Security and Privacy", "Security and Privacy"], ["data-privacy-and-security-laws", "Data Privacy and Security Laws", "Data Privacy and Security Laws"], ["data-privacy-and-security", "Data Privacy and Security", "Data Privacy and Security"], ["data-security", "Data Security", "Data Security"]], "related_snippets": [], "updated": "2026-05-02T06:01:41+00:00", "also_ask": ["What minimum data protection standards must be explicitly included to ensure compliance and limit liability?", "How can the clause allocate responsibility for data breaches between parties most effectively?", "What are the most common negotiation pitfalls or leverage points in data security provisions?", "How does this clause compare to industry-standard privacy frameworks (e.g., GDPR, CCPA)?", "What factors most often determine enforceability of data security obligations in court?"], "drafting_tip": "Specify security standards, delineate data handling procedures, and assign breach notification duties to ensure compliance, protect sensitive information, and clarify responsibilities.", "explanation": "The Data Security and Privacy clause establishes the obligations of parties to protect sensitive information and ensure compliance with applicable privacy laws. It typically requires the implementation of appropriate technical and organizational measures to safeguard data, restricts unauthorized access or disclosure, and may outline procedures for responding to data breaches. This clause is essential for mitigating the risk of data loss or misuse, ensuring legal compliance, and building trust between parties handling confidential or personal information."}, "json": true, "cursor": ""}}