Data Services In lieu of any other rates or discounts, the Customer will receive a discount of 20% for the following Data Services: Access: Standard VBS2 Guide local loop charges for DS1 and DS-3 Access Service.
Data Security The Provider agrees to utilize administrative, physical, and technical safeguards designed to protect Student Data from unauthorized access, disclosure, acquisition, destruction, use, or modification. The Provider shall adhere to any applicable law relating to data security. The provider shall implement an adequate Cybersecurity Framework based on one of the nationally recognized standards set forth set forth in Exhibit “F”. Exclusions, variations, or exemptions to the identified Cybersecurity Framework must be detailed in an attachment to Exhibit “H”. Additionally, Provider may choose to further detail its security programs and measures that augment or are in addition to the Cybersecurity Framework in Exhibit “F”. Provider shall provide, in the Standard Schedule to the DPA, contact information of an employee who XXX may contact if there are any data security concerns or questions.
Data Storage Where required by applicable law, Student Data shall be stored within the United States. Upon request of the LEA, Provider will provide a list of the locations where Student Data is stored.
Data Segregation a. DSHS Data must be segregated or otherwise distinguishable from non-DSHS data. This is to ensure that when no longer needed by the Contractor, all DSHS Data can be identified for return or destruction. It also aids in determining whether DSHS Data has or may have been compromised in the event of a security breach. As such, one or more of the following methods will be used for data segregation.
Privacy and Data Security (a) The parties will keep confidential any information regarding the Company, Nationwide, the Variable Accounts, and Contract Owners received in connection with providing services and meeting their respective obligations hereunder, except: (a) as necessary to provide the services or otherwise meet their respective obligations under this Agreement; (b) as necessary to comply with applicable law; and (c) information regarding the Variable Accounts which is otherwise publicly available. The parties will maintain internal safekeeping procedures to safeguard and protect the confidentiality of the data transmitted to another party or its designees or agents in accordance with Section 248.11 of Regulation S-P (17 CFR 248.1–248.30) (“Reg S-P”) and any other applicable federal or state privacy laws and regulations, including without limitation 201 CFR 17.00 et seq. and applicable security breach notification regulations (collectively “Privacy Laws”). Each party shall use such data solely to effect the services contemplated herein, and none of the parties will directly, or indirectly through an affiliate, disclose any non-public personal information protected under Privacy Laws (“Non-public Personal Information”) received from another party to any person that is not an affiliate, designee, service provider, or agent of the receiving party and provided that any such information disclosed to an affiliate, designee, service provider, or agent will be under the same or substantially similar contractual limitations on use and non-disclosure and will comply with all legal requirements. The Company will not use information, including Non-public Personal Information, directly or indirectly provided to it by Nationwide or its designees or agents pursuant to this Agreement for the purpose of marketing to Contract Owners or any other similar purpose, except as may be agreed by the parties hereto. Except for confidential information consisting of Non-public Personal Information, which will be governed in all respects in accordance with the immediately preceding sentence, confidential information does not include information which (i) was publicly known and/or was in the possession of the party receiving confidential information (“Receiving Party”) from other sources prior to the Receiving Party’s receipt of confidential information from the party disclosing confidential information (“Disclosing Party”), or (ii) is or becomes publicly available other than as a result of a disclosure by the Receiving Party or its representatives, or (iii) is or becomes available to the Receiving Party on a non-confidential basis from a source (other than the Disclosing Party) which, to the best of the Receiving Party’s knowledge, is not prohibited from disclosing such information to the Receiving Party by a legal, contractual, or fiduciary obligation to the Disclosing Party, or (iv) describes the fees payable to Nationwide under this Agreement.
Data Subjects The categories of Data Subjects who we may collect Personal Data about may include the following where they are a natural person: the Customer, the directors and ultimate beneficial owner(s) of the Customer, your customers, employees and contractors, payers and payees. You may share with Airwallex some or all of the following types of Personal Data regarding Data Subjects: • full name; • email address; • phone number and other contact information; • date of birth; • nationality; • public information about the data subject; • other relevant verification or due diligence documentation as required under these terms; and • any other data that is necessary or relevant to carry out the Agreed Purposes.
Communications and Computer Lines Tenant may install, maintain, replace, remove or use any communications or computer wires and cables (collectively, the "Lines") at the Project in or serving the Premises, provided that (i) Tenant shall obtain Landlord's prior written consent, use an experienced and qualified contractor reasonably approved by Landlord, and comply with all of the other provisions of Articles 7 and 8 of this Lease, (ii) an acceptable number of spare Lines and space for additional Lines shall be maintained for existing and future occupants of the Project, as determined in Landlord's reasonable opinion, (iii) the Lines therefor (including riser cables) shall be (x) appropriately insulated to prevent excessive electromagnetic fields or radiation, (y) surrounded by a protective conduit reasonably acceptable to Landlord, and (z) identified in accordance with the "Identification Requirements," as that term is set forth hereinbelow, (iv) any new or existing Lines servicing the Premises shall comply with all applicable governmental laws and regulations, (v) as a condition to permitting the installation of new Lines, Tenant shall remove existing Lines located in or serving the Premises and repair any damage in connection with such removal, and (vi) Tenant shall pay all costs in connection therewith. All Lines shall be clearly marked with adhesive plastic labels (or plastic tags attached to such Lines with wire) to show Tenant's name, suite number, telephone number and the name of the person to contact in the case of an emergency (A) every four feet (4') outside the Premises (specifically including, but not limited to, the electrical room risers and other Common Areas), and (B) at the Lines' termination point(s) (collectively, the "Identification Requirements"). Landlord reserves the right to require that Tenant remove any Lines located in or serving the Premises which are installed in violation of these provisions, or which are at any time (1) are in violation of any Applicable Laws, (2) are inconsistent with then-existing industry standards (such as the standards promulgated by the National Fire Protection Association (e.g., such organization's "2002 National Electrical Code")), or (3) otherwise represent a dangerous or potentially dangerous condition.
Data Security and Privacy Plan As more fully described herein, throughout the term of the Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Master Agreement are as follows:
Data Encryption Contractor must encrypt all State data at rest and in transit, in compliance with FIPS Publication 140-2 or applicable law, regulation or rule, whichever is a higher standard. All encryption keys must be unique to State data. Contractor will secure and protect all encryption keys to State data. Encryption keys to State data will only be accessed by Contractor as necessary for performance of this Contract.
Data Security and Unauthorized Data Release The Requester and Approved Users, including the Requester’s IT Director, acknowledge NIH’s expectation that they have reviewed and agree to manage the requested controlled-access dataset(s) and any Data Derivatives of controlled-access datasets according to NIH’s expectations set forth in the current NIH Security Best Practices for Controlled-Access Data Subject to the GDS Policy and the Requester’s IT security requirements and policies. The Requester, including the Requester’s IT Director, agree that the Requester’s IT security requirements and policies are sufficient to protect the confidentiality and integrity of the NIH controlled-access data entrusted to the Requester. If approved by NIH to use cloud computing for the proposed research project, as outlined in the Research and Cloud Computing Use Statements of the Data Access Request, the Requester acknowledges that the IT Director has reviewed and understands the cloud computing guidelines in the NIH Security Best Practices for Controlled-Access Data Subject to the NIH GDS Policy. The Requester and PI agree to notify the appropriate DAC(s) of any unauthorized data sharing, breaches of data security, or inadvertent data releases that may compromise data confidentiality within 24 hours of when the incident is identified. As permitted by law, notifications should include any known information regarding the incident and a general description of the activities or process in place to define and remediate the situation fully. Within 3 business days of the DAC notification, the Requester agrees to submit to the DAC(s) a detailed written report including the date and nature of the event, actions taken or to be taken to remediate the issue(s), and plans or processes developed to prevent further problems, including specific information on timelines anticipated for action. The Requester agrees to provide documentation verifying that the remediation plans have been implemented. Repeated violations or unresponsiveness to NIH requests may result in further compliance measures affecting the Requester. All notifications and written reports of data security incidents and policy compliance violations should be sent to the DAC(s) indicated in the Addendum to this Agreement. NIH, or another entity designated by NIH may, as permitted by law, also investigate any data security incident or policy violation. Approved Users and their associates agree to support such investigations and provide information, within the limits of applicable local, state, tribal, and federal laws and regulations. In addition, Requester and Approved Users agree to work with the NIH to assure that plans and procedures that are developed to address identified problems are mutually acceptable and consistent with applicable law.