Privacy Impact Assessment. MaintainX shall, promptly upon receipt of written request by Cus- tomer, make available to the Customer such information as is reasonably necessary to demon- strate MaintainX’s compliance with Applicable Privacy Law and shall assist the Customer, at Customer’s expense, in carrying out such privacy impact assessment of the Services as is reason- able in light of the Customer Personal Data that is being processed. MaintainX shall reasonably cooperate with Customer to implement such mitigation actions as are reasonably required to ad- dress privacy risks identified in any such privacy impact assessment. Unless such request follows a Security Breach, or is otherwise required by Applicable Privacy Law, Customer shall not make any such request more than once in any 12-month period.
Privacy Impact Assessment. At Customer’s written request and subject to a non- disclosure agreement, ComputerTalk will assist the Customer in complying with the Customer’s obligation regarding data protection impact assessments or privacy impact assessments under Articles 35 and 36 of GDPR. Security Breach Notification ComputerTalk will assist the Customer in complying with the reporting requirements for data breaches. These include:
Privacy Impact Assessment. The Processor shall make available to the Controller – at its request - all information necessary to demonstrate Controller’s compliance with the Applicable Law and shall assist Controller to carry out a privacy impact assessment of the Services and work with Controller to implement agreed mitigation actions to address privacy risks so identified.
Privacy Impact Assessment. (PIAs) shall mean the process that is used by organisations to ensure that individuals’ privacy is appropriately protected within any information system that collects and processes personal data.
Privacy Impact Assessment. The purpose of a Privacy Impact Assessment is to help you identify the: • internal and external risks to privacy of a proposed initiative (e.g., new technology, information system, or program) in advance of implementation; and • measures to address those risks – one of which could be a privacy breach if the initiative proceeds without sufficient safeguards in place.6
Privacy Impact Assessment. Contractor shall, promptly upon receipt of written request by Newmont, make available to Newmont such information as is reasonably necessary to demonstrate Contractor’s compliance with Applicable Privacy Law and shall assist the Newmont, at Newmont’s expense, in carrying out such privacy impact assessment of the Services as is reasonable in light of the Personal Data that is being processed. Contractor shall reasonably cooperate with Newmont to implement such mitigation actions as are reasonably required to address privacy risks identified in any such privacy impact assessment. Unless such request follows a Security Breach, or is otherwise required by Applicable Privacy Law, Newmont shall not make any such request more than once in any 12 month period.
Privacy Impact Assessment. Prior to drawing up this agreement the partner organisations are required to complete (jointly or separately) a Privacy Impact Assessment (PIA) covering this exchange of information. A template to be used for this process is attached as a separate document.
Privacy Impact Assessment. In the event that a data protection impact assessment must be made, the Supplier shall provide VWTS with all the information in its possession required to carry out said assessment as requested by VWTS and shall immediately inform VWTS in writing of any changes or modification that may impact the processing and/or the assessment. The Supplier undertakes to put in place, within the time limit set in consultation with VWTS, any reasonable measures that may become necessary as a result of the data protection impact assessment, designed to reduce the risks associated with the data it processes on behalf of VWTS to an acceptable level. Contact The contact person within each party for any request/question/notification in connection with these Clauses shall be the person whose contact information is set forth in Annex I above and shall be provided by the processor to any sub-processor duly authorized in accordance with the standard clauses. Contact Data Where one of the Parties and/or its affiliated entities processes the personal data of the employees and representatives of the other Party and/or affiliated entity, including their names and business contact details (hereinafter the "Contact Data"), for the purpose of managing their business activities (in particular, the management of the file of suppliers, customers or prospects, contract management), this Party will act in its capacity as data controller and will have to comply with the obligations incumbent on it by virtue of the applicable data protection regulations. The data controller will retain the Contact Data of the processor for as long as necessary to fulfill the purposes for which it is to be used, subject to the legal provisions on archiving and retention periods, if any. The Contact Data will be retained according to the relevant party’s Retention Policies in order to allow the data controller to demonstrate compliance with its legal and/or contractual obligations, if any, and to ensure the follow-up of the business relationship with the provider. The data controller and/or each affiliated entity may also be required to provide access to the Contact Data to its affiliated entities and partners who need it in the context of the services and/or for the purpose of monitoring the commercial relationship. Where the Supplier processes Contact Data of employees and representatives of VWTS and/or the affiliated entity for the purpose of managing their customers and prospects, the Supplier will act as the...
Privacy Impact Assessment. Section 208 of the E-Government Act of 2002 (44 X.X.X. §0000 note) requires ED to conduct the following privacy impact assessment of this information collection: The information collected by ED under this CMA is used to verify that male students from the age of 18 through 25 have complied with SSS registration regulations, for the purpose of assisting ED to satisfy its obligation to ensure that an individual applying for financial assistance meets the requirements imposed under the HEA. This verification is mandated by the HEA. The information obtained from SSS by ED will only be used as provided for under Paragraph I of this Agreement. The “Information on the Privacy Act and use of your Social Security Number" sections of the pdf FAFSA instructions and FAFSA on the Web Help Text provide notice that ED verifies an individual’s SSS registration compliance through a CMA with agencies such as SSS, as do other Federal student loan program forms; submission of a FAFSA and participation in the Federal student loan programs is voluntary. The information obtained from SSS under this Agreement will be secured pursuant to the procedures described in Paragraph G of this Agreement. No new system of records is being created for this collection because ED’s Federal Student Aid Application File system of records notice (18-11-01) already covers the data that ED obtains through this CMA, and there is a routine use in this system of records notice that permits ED to disclose information from this system of records to third parties through computer matching programs in connection with the determination of program eligibility and requirements, such as SSS registration compliance. Thus, this collection comports with applicable Privacy Act standards and section 208 of the E-Government Act of 2002.
Privacy Impact Assessment. To further understand the impacts of privacy and alignment with the HHS Privacy and Security Framework, the State undertook in winter 2011, a privacy impact assessment related to the sharing of PII/PHI across State systems. The HIE was not included as a system, but the sharing of data by the Medicaid environment was clearly a lens through which the sharing of information was viewed. This activity established prioritized set of key questions that represent decision points and clarifying activities that the State should address during subsequent activities regarding the sharing of State data, many of which are similar to the issues and risks being faced by the AeHN as it establishes a Privacy and Security Framework for the State HIE, such as secondary disclosure of PII/PHI and the activities needed to maintain data quality and integrity. The activity also raised the question of which State systems selected as the foundation for data sharing should utilize the State HIE. A similar review will be undertaken by XxXX regarding the HIE to formulate a definitive approach to these principles that are also enumerated in ONC-PIE-003. Resultant actions will include: Policies, processes, and procedures, where required, will be established to allow individuals access to their own information held by the HIE and to request corrections as appropriate Policies, processes, and procedures will be documented that allow for the disposition of PII data when no longer needed, as well as retention schedules for this data Where appropriate, the HIE and/or the system that consume information from the HIE will include the capability to retrieve an individual’s information and present it in an understandable format (e.g., human readable CCD) Consumers should be provided with clear notice of what information is being collected by the HIE, the purpose of the collection, and how the information is to be used and shared, including some instances such as various registries where the collection of information is mandatory and no information regarding the collection is forthcoming
