Handling Sensitive Personal Information and Breach Notification A. As part of its contract with HHSC Contractor may receive or create sensitive personal information, as section 521.002 of the Business and Commerce Code defines that phrase. Contractor must use appropriate safeguards to protect this sensitive personal information. These safeguards must include maintaining the sensitive personal information in a form that is unusable, unreadable, or indecipherable to unauthorized persons. Contractor may consult the “Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals” issued by the U.S. Department of Health and Human Services to determine ways to meet this standard.
Technical and Organisational Measures (1) Before the commencement of processing, the Supplier shall document the execution of the necessary Technical and Organisational Measures, set out in advance of the awarding of the Order or Contract, specifically with regard to the detailed execution of the contract, and shall present these documented measures to the Client for inspection. Upon acceptance by the Client, the documented measures become the foundation of the contract. Insofar as the inspection/audit by the Client shows the need for amendments, such amendments shall be implemented by mutual agreement.
Technical and Organizational Measures The following sections define SAP’s current technical and organizational measures. SAP may change these at any time without notice so long as it maintains a comparable or better level of security. Individual measures may be replaced by new measures that serve the same purpose without diminishing the security level protecting Personal Data.
Table C - Receiving Organisation Enterprise The Receiving Organisation/Enterprise will provide financial support to the trainee for the traineeship: Yes ☐ No ☐ If yes, amount (EUR/month): ……….. The Receiving Organisation/Enterprise will provide a contribution in kind to the trainee for the traineeship: Yes ☐ No ☐ If yes, please specify: …. The Receiving Organisation/Enterprise will provide an accident insurance to the trainee (if not provided by the Sending Institution): Yes ☐ No ☐ The accident insurance covers: - accidents during travels made for work purposes: Yes ☐ No ☐ - accidents on the way to work and back from work: Yes ☐ No ☐ The Receiving Organisation/Enterprise will provide a liability insurance to the trainee (if not provided by the Sending Institution): Yes ☐ No ☐ The Receiving Organisation/Enterprise will provide appropriate support and equipment to the trainee. Upon completion of the traineeship, the Organisation/Enterprise undertakes to issue a Traineeship Certificate within 5 weeks after the end of the traineeship. By signing this document, the trainee, the Sending Institution and the Receiving Organisation/Enterprise confirm that they approve the Learning Agreement and that they will comply with all the arrangements agreed by all parties. The trainee and Receiving Organisation/Enterprise will communicate to the Sending Institution any problem or changes regarding the traineeship period. The Sending Institution and the trainee should also commit to what is set out in the Erasmus+ grant agreement. The institution undertakes to respect all the principles of the Erasmus Charter for Higher Education relating to traineeships. Commitment Name Email Position Date Signature Trainee Trainee Responsible person12 at the Sending Institution Supervisor13 at the Receiving Organisation During the Mobility Table A2 - Exceptional Changes to the Traineeship Programme at the Receiving Organisation/Enterprise (to be approved by e-mail or signature by the student, the responsible person in the Sending Institution and the responsible person in the Receiving Organisation/Enterprise) Planned period of the mobility: from [month/year] ……………. till [month/year] ……………. Traineeship title: … Number of working hours per week: … Detailed programme of the traineeship period: Knowledge, skills and competences to be acquired by the end of the traineeship (expected Learning Outcomes): Monitoring plan: Evaluation plan: After the Mobility Table D - Traineeship Certificate by the Receiving Organisation/Enterprise Name of the trainee: Name of the Receiving Organisation/Enterprise: Sector of the Receiving Organisation/Enterprise: Address of the Receiving Organisation/Enterprise [street, city, country, phone, e-mail address], website: Start date and end date of traineeship: from [day/month/year] …………………. to [day/month/year] ……………….. Traineeship title: Detailed programme of the traineeship period including tasks carried out by the trainee: Knowledge, skills (intellectual and practical) and competences acquired (achieved Learning Outcomes): Evaluation of the trainee: Date: Name and signature of the Supervisor at the Receiving Organisation/Enterprise:
Appropriate Technical and Organizational Measures SAP has implemented and will apply the technical and organizational measures set forth in Appendix 2. Customer has reviewed such measures and agrees that as to the Cloud Service selected by Customer in the Order Form the measures are appropriate taking into account the state of the art, the costs of implementation, nature, scope, context and purposes of the processing of Personal Data.
Sensitive data Where the transfer involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person’s sex life or sexual orientation, or data relating to criminal convictions and offences (hereinafter ‘sensitive data’), the data importer shall apply the specific restrictions and/or additional safeguards described in Annex I.B.
CITY OWNERSHIP OF PROPRIETARY INFORMATION All reports, drawings, plans, specifications, and other documents prepared by Consultant as products of service under this Agreement shall be the exclusive property of the City and all such materials shall be remitted to the City by Consultant in a timely manner upon completion, termination or cancellation of this Agreement. Consultant shall not use, willingly allow or cause to have such materials used for any purpose other than performance of Consultant’s obligations under this Agreement without the prior written consent of the City.
Access to Personal Information by Subcontractors Supplier agrees to require any subcontractors or agents to which it discloses Personal Information under this Agreement or under any SOW to provide reasonable assurance, evidenced by written contract, that they will comply with the same or substantially similar confidentiality, privacy and security obligations with respect to such Personal Information as apply to Supplier under this Agreement or any SOW. Supplier shall confirm in writing to DXC that such contract is in place as a condition to DXC’s approval of use of a subcontractor in connection with any SOW. Upon request of DXC, Supplier will provide to DXC a copy of the subcontract or an extract of the relevant clauses. Supplier shall ensure that any failure on the part of any subcontractor or agent to comply with the Supplier obligations under this Agreement or any SOW shall be grounds to promptly terminate such subcontractor or agent. If during the term of this Agreement or any SOW, DXC determines, in its exclusive discretion, that any Supplier subcontractor or agent cannot comply with the Supplier obligations under this Agreement or with any SOW, then DXC may terminate this Agreement in whole or in part (with respect to any SOW for which such subcontractor or agent is providing services), if not cured by Supplier within the time prescribed in the notice of such deficiency.
Certification Regarding Business with Certain Countries and Organizations Pursuant to Subchapter F, Chapter 2252, Texas Government Code, PROVIDER certifies it is not engaged in business with Iran, Sudan, or a foreign terrorist organization. PROVIDER acknowledges this Purchase Order may be terminated if this certification is or becomes inaccurate.
Safeguards for Personal Information Supplier agrees to develop, implement, maintain, and use administrative, technical, and physical safeguards, as deemed appropriate by DXC, to preserve the security, integrity and confidentiality of, and to prevent intentional or unintentional non-permitted or violating use or disclosure of, and to protect against unauthorized access to or accidental or unlawful destruction, loss, or alteration of, the Personal Information Processed, created for or received from or on behalf of DXC in connection with the Services, functions or transactions to be provided under or contemplated by this Agreement. Such safeguards shall meet all applicable legal standards (including any encryption requirements imposed by law) and shall meet or exceed accepted security standards in the industry, such as ISO 27001/27002. Supplier agrees to document and keep these safeguards current and shall make the documentation available to DXC upon request. Supplier shall ensure that only Supplier’s employees or representatives who may be required to assist Supplier in meeting its obligations under this Agreement shall have access to the Personal Information.
