Privacy and Security Clause Samples
The Privacy and Security clause establishes the obligations of parties to protect personal and confidential information from unauthorized access, use, or disclosure. It typically outlines the standards and procedures for handling sensitive data, such as requiring encryption, limiting access to authorized personnel, and complying with relevant privacy laws. This clause is essential for safeguarding data integrity and confidentiality, thereby reducing the risk of data breaches and ensuring compliance with legal and contractual privacy requirements.
POPULAR SAMPLE Copied 6 times
Privacy and Security. (a) Each of the Company and its Subsidiaries complies (and requires and monitors the compliance of applicable third parties) in all material respects with all applicable Laws relating to privacy or data security, and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable information, whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners.
(b) Neither the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a whole.
(c) To the Company’s knowledge, Persons with which the Company or any of its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable information.
(d) To the Company’s knowledge, the Company and its Subsidiaries take all commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a c...
Privacy and Security. 9.1 County receives funding from the State Department of Health Care Services pursuant to an annual contracting arrangement (hereinafter “State Contract”). The State Contract contains certain requirements pertaining to the privacy and security of personally identifiable information (hereinafter “PII”) provided to County by the State Department of Health Care Services and/or protected health information (hereinafter “PHI”) provided to County by the State Department of Health Care Services, and requires that County contractually obligate any of its subcontractors to also comply with these requirements.
9.2 Contractor hereby agrees to be bound by, and comply with, any and all terms and conditions of the State Contract pertaining to the privacy and/or security of PII and/or PHI, a copy of which is available from Marin Behavioral Health & Recovery Services’ (BHRS) Administration upon request.
9.3 Additionally, in the event the State Contract requires County to notify the State of a breach of privacy and/or security of PII and/or PHI, Contractor shall, immediately upon discovery of a suspected or actual breach of privacy and/or security of PII and/or PHI by Contractor, notify the County of Marin, Health and Human Services Compliance Program of such breach by telephone and email or facsimile (contact details below). Contractor further agrees that it shall notify County of any such breaches prior to the time County is required to notify the State pursuant to the State Contract. Email: ▇▇▇▇▇▇▇▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇▇.▇▇▇
9.4 In the event the State Contract requires County to pay any costs associated with a breach of privacy and/or security of PII and/or PHI, including but not limited to the costs of notification, Contractor shall pay on County’s behalf any and all such costs arising out of a breach of privacy and/or security of PII and/or PHI by Contractor.
9.5 Contractor shall ensure that all staff and subcontractors complete a privacy and security training upon initial hire, and annually thereafter. Contractor shall provide evidence of these trainings when requested by County, CA Department of Health Care Services or the US Department of Health & Human Services.
9.6 Contractor shall ensure that all staff and subcontractors sign a confidentiality agreement upon initial hire, and annually thereafter. Contractor shall provide evidence of completed agreements when requested by County, CA Department of Health Care Services or the US Department of Health & Human Services.
Privacy and Security. Acumatica has taken reasonable actions, including encryption of Subscriber Data during transmission and firewalls, to ensure that Subscriber Data is disclosed only to Authorized Parties. However, you acknowledge that the Internet is an open system and Acumatica cannot and does not warrant or guarantee that Subscriber Data will not be intercepted by third parties. Acumatica disclaims any liability for interception of any Subscriber Data or electronic communications. Notwithstanding the first sentence in this Section 5.1, Acumatica may disclose information you submitted to Acumatica if required by law or in the event that Acumatica, in good faith, believes disclosure is necessary to (i) comply with legal process, or
Privacy and Security. (a) The Service Provider shall not transmit or store any AHS data outside the borders of Canada, nor transmit any AHS data in Canada to any party not specifically contemplated in this Agreement, without AHS’s prior written consent to each such data transmittal, which consent may be arbitrarily and unreasonably withheld.
(b) If the Service Provider receives any request by a third party for any information related to, or gathered in respect of the Confidential Information, it shall immediately refer such request to AHS and shall reasonably cooperate with AHS’s response to such request.
(c) To the extent required by HIA and FOIPP, the Service Provider shall protect personal information and health information in its possession by taking reasonable administrative, technical and physical security precautions against such risks as unauthorized access, collection, use, disclosure alteration or disposal. Such precautions must be no less than those precautions undertaken by AHS. Any records created, obtained and maintained in the delivery of the Services that the Service Provider intends to destroy must be destroyed in accordance with HIA and/or FOIPP and AHS’s records management policies.
(d) The Service Provider shall notify AHS immediately upon discovery by the Service Provider that Confidential Information could be, or has been, released to an unauthorized third party, or of any breach of this Article 6 resulting from the conduct of the Service Provider and, if appropriate, take reasonable steps to remedy the breach. The Service Provider shall cooperate with AHS’s investigation of any such disclosure or breach and AHS’s efforts to recover the Confidential Information. Notwithstanding any notification by the Service Provider to AHS under this Section 6.2, all obligations of the Service Provider with respect to the Confidential Information shall survive and continue to bind the Service Provider. The Service Provider shall not intimidate, punish, terminate, penalize or otherwise harass any Staff if such Staff notifies AHS of any breach of this Agreement.
Privacy and Security. Client privacy is extremely important to Formidium. Please read Formidium’s Privacy Policy here which explains how Formidium treats and protects personal data when the Client uses the Formidium Systems.
Privacy and Security. 1. Contractor shall comply with all applicable State and Federal regulations pertaining to privacy and security of client information including but not limited to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH), as incorporated in the American Recovery and Reinvestment Act of 2009. Regulations have been promulgated governing the privacy and security of individually identifiable health information (IIHI) and/or Protected Health Information (PHI) or electronic Protected Health Information (ePHI).
2. In addition to the aforementioned protection of IIHI, PHI and e-PHI, the County requires Contractor to adhere to the protection of Personally Identifiable Information (PII) and Medi-Cal PII. PII includes any information that can be used to search for or identify individuals such as but not limited to name, social security number or date of birth. Whereas Medi-Cal PII is the information that is directly obtained in the course of performing an administrative function on behalf of Medi-Cal, such as determining or verifying eligibility that can be used alone or in conjunction with any other information to identify an individual.
3. Contractor shall comply with the HIPAA Privacy and Security Rules, which includes but is not limited to implementing administrative, physical and technical safeguards that reasonably protect the confidentiality, integrity and availability of PHI; implementing reasonable and appropriate policies and procedures to comply with the standards; conducting a risk analysis regarding the potential risks and vulnerabilities of the confidentiality, integrity and availability of PHI; conducting privacy and security awareness and training at least annually and retain training records for at least ten (10) years from the final date of the contract period or from the date of completion of any audit, whichever is later, and limiting access to those persons who have a business need.
4. Contractor shall comply with the data security requirements set forth by the County as referenced in Attachment II.
5. Reporting of Improper Access, Use or Disclosure or Breach Contractor shall report to DBH Office of Compliance any unauthorized use, access or disclosure of unsecured Protected Health Information or any other security incident with respect to Protected Health Information no later than one
(1) business day upon the discovery of a potential breach consist...
Privacy and Security. (a) Each of the Company, its Subsidiaries, and, to the knowledge of the Company, any processors acting on their behalf, are in compliance in all material respects with and since January 1, 2019 have complied in all material respects with applicable Privacy Laws. Since January 1, 2019, all Personal Information (including the Personal Information of clinical trial participants, patients, patient family members, caregivers or advocates, physicians and other health care professionals, clinical trial investigators, researchers, and pharmacists) has been collected, processed, transferred, disclosed, shared, stored, protected and used by the Company and its Subsidiaries in compliance in all material respects with applicable Privacy Laws.
(b) To the knowledge of the Company, since January 1, 2020, neither the Company nor any of its Subsidiaries has been and are not currently: (i) under audit or investigation by any Governmental Entity regarding the collection, processing, transfer, disclosure, sharing, storing, protection and use of Personal Information, or (ii) subject to any third party notification, claim, demand, audit or action in relation to the collection, processing, transfer, disclosure, sharing, storing, protection and use of Personal Information, including a notification, claim, demand, or action alleging that the Company or any of its Subsidiaries has collected, processed, transferred, disclosed, shared, stored or used Personal Information in violation of any applicable Privacy Laws.
(c) Each of the Company and its Subsidiaries have implemented commercially reasonable technical, physical, and organizational measures and security systems and technologies in accordance with data security requirements and standards required under applicable Privacy Laws designed to ensure the integrity and security of such Personal Information and all Company data and designed to prevent any destruction, loss, alteration, corruption, modification, unauthorized access or disclosure, or other misuse thereto, in compliance in all material respects with all applicable Privacy Laws.
(d) Since January 1, 2019, neither the Company nor any of its Subsidiaries have experienced any incident, including any material security breach, in which Personal Information was stolen or improperly accessed (a “Security Incident”). Since January 1, 2020, no circumstance has arisen in which Privacy Laws would require the Company or any of its Subsidiaries to notify a Person or Governmental Entity...
Privacy and Security. Microsoft and Customer will each comply with all applicable privacy and data protection laws and regulations (including applicable security breach notification law). However, Microsoft is not responsible for compliance with any laws applicable to Customer or Customer’s industry that are not also generally applicable to information technology services providers. Customer consents to the processing of personal information by Microsoft and its agents to facilitate the subject matter of this agreement. Customer may choose to provide personal information to Microsoft on behalf of third parties (including Customer’s contacts, resellers, distributors, administrators, and employees) as part of this agreement. Customer will obtain all required consents from third parties under applicable privacy and data protection law before providing personal information to Microsoft. The personal information Customer provides in connection with this agreement will be processed according to the privacy statement available at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇▇/licensing/servicecenter (see footer), except that Product-specific privacy statements are in the Product use rights. Personal data collected through Products may be transferred, stored and processed in the United States or any other country in which Microsoft or its service providers maintain facilities. By using the Products, Customer consents to the foregoing. Microsoft abides by the EU Safe Harbor and the Swiss Safe Harbor frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Union, the European Economic Area, and Switzerland. For Online Services, additional privacy and security details are in the Product use rights.
Privacy and Security. MX may in its sole discretion terminate the Agreement at any time if MX determines in its sole discretion that Participant’s actions and/or continued participation in MX would, or is reasonably likely to, endanger the privacy or security of Patient Data or otherwise result in a breach of the Agreement that is reasonably likely to harm MX or an NP Participant. MX shall deliver notice of this termination to Participant at least twenty-four (24) hours prior to terminating Participant’s access to the System, unless MX determines in its sole discretion that Participant’s access must be terminated immediately in order to protect the privacy or security of the Patient Data, in which case MX may terminate access immediately without notice.
Privacy and Security. Acumatica has taken reasonable actions, including encryption of Subscriber Data during transmission and firewalls, to ensure that Subscriber Data is disclosed only to Authorized Parties. However, you acknowledge that the Internet is an open system and Acumatica cannot and does not warrant or guarantee that Subscriber Data will not be intercepted by third parties. Acumatica disclaims any liability for interception of any Subscriber Data or electronic communications. Notwithstanding the first sentence in this Section 5.1, Acumatica may disclose information you submitted to Acumatica if required by law or in the event that Acumatica, in good faith, believes disclosure is necessary to (i) comply with legal process, or (ii) protect the rights or property of Acumatica, its Affiliates, licensors or others. Acumatica does not sell or rent Personal Data to third parties for their marketing purposes without your explicit consent and Acumatica only uses your information as described in the Privacy Statement. For more information on Acumatica’s Privacy Statement, see the Privacy Statement posted on ▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇▇/▇▇▇▇▇▇▇▇▇▇. If you object to your information being used in the manner set forth in the Privacy Statement, you should discontinue use of the Service.