Common use of Privacy Requirements Clause in Contracts

Privacy Requirements. In providing the Administrative Services provided for under this Agreement, and in connection with maintaining, administering, handling and transferring the data of the policyholders and other recipients of benefits under the Reinsured Contracts, the Administrator shall, and shall cause its Affiliates and any permitted Subcontractors to, comply with all confidentiality and security obligations applicable to them in connection with the collection, use, disclosure, maintenance and transmission of personal, private, health or financial information about individual policyholders or benefit recipients, including the provisions of privacy policies under which such information was gathered, those laws currently in place and which may become effective during the term of this Agreement, including the Xxxxx-Xxxxx-Xxxxxx Act, the Health Insurance Portability and Accountability Act of 1996 and any other Applicable Laws. The Administrator shall entitle the Company and its agents and representatives, the Commissioner of Health and Human Services and such other Governmental Authorities, to the extent required by Applicable Law, to audit the Administrator’s compliance herewith. The Administrator shall also enable individual subjects of personally identifiable information, upon request from such individuals, to review and correct information maintained by the Administrator about them, and to restrict use of such information. The Administrator shall promptly report to the Company any violation of this provision of which the Administrator becomes aware. Unless required by Applicable Law, the Administrator shall not during the term of this Agreement, modify the privacy policies under which information utilized by the Administrator in administering the Reinsured Contracts is gathered, without the Company’s prior written consent, which consent shall not be unreasonably withheld. The parties agree to comply with the terms of the Business Associate Addendum attached hereto, if applicable, or such other written agreement as may be required by Applicable Law on the date hereof.

Privacy Requirements. In providing the Administrative Services provided for under this Agreement, and in connection with maintaining, administering, handling and transferring the data of the policyholders contractholders and other recipients of benefits under the Reinsured Contracts, the Administrator shall, and shall cause its Affiliates and any permitted Subcontractors to, comply with all confidentiality and security obligations applicable to them in connection with the collection, use, disclosure, maintenance and transmission of personal, private, health or financial information about individual policyholders contractholders or benefit recipients, including the provisions of privacy policies under which such information was gathered, those laws currently in place and which may become effective during the term of this Agreement, including the Xxxxx-Xxxxx-Xxxxxx Act, the Health Insurance Portability and Accountability Act of 1996 and any other Applicable Laws. The Administrator shall entitle the Company and its agents and representatives, the Commissioner of Health and Human Services and such other Governmental Authorities, to the extent required by Applicable Law, to audit the Administrator’s compliance herewith. The Administrator shall also enable individual subjects of personally identifiable information, upon request from such individuals, to review and correct information maintained by the Administrator about them, and to restrict use of such information. The Administrator shall promptly report to the Company any violation of this provision of which the Administrator becomes aware. Unless required by Applicable Law, the Administrator shall not during the term of this Agreement, modify the privacy policies under which information utilized by the Administrator in administering the Reinsured Contracts is gathered, without the Company’s prior written consent, which consent shall not be unreasonably withheld. The parties agree to comply with the terms of the Business Associate Addendum attached hereto, if applicable, or such other written agreement as may be required by Applicable Law on the date hereof.

Privacy Requirements. In providing the Administrative Services provided for under this Agreement, and in connection with maintaining, administering, handling and transferring the data of the policyholders and other recipients of benefits under the Reinsured Insurance Contracts, the Administrator shall, and shall cause its Affiliates and any permitted Subcontractors to, comply with all confidentiality and security obligations applicable to them them, in connection with the collection, use, disclosure, maintenance and transmission of personal, private, health or financial information about individual policyholders or benefit recipients, including the provisions of privacy policies under which such information was gathered, those laws currently in place and which may become effective during the term of this Agreement, including the Xxxxx-Xxxxx-Xxxxxx Act, the Health Insurance Portability and Accountability Act of 1996 and any other Applicable Laws. The Administrator shall entitle the Company and its agents and representatives, the Commissioner of Health and Human Services and such other Governmental Authorities, Authorities to the extent required by Applicable Law, to audit the Administrator’s compliance herewith. The Administrator shall also enable individual subjects of personally identifiable information, upon request from such individuals, to review and correct information maintained by the Administrator about them, and to restrict use of such information. The Administrator shall promptly report to the Company any violation of this provision of which the Administrator becomes aware. Unless required by Applicable Law, the Administrator shall not during the term of this Agreement, modify the privacy policies under which information utilized by the Administrator in administering the Reinsured Insurance Contracts is gathered, without the Company’s prior written consent, which consent shall not be unreasonably withheld. The parties hereto agree to comply with the terms of the Business Associate Addendum attached as Schedule B hereto, if applicable, or such other written agreement as may be required by Applicable Law on the date hereof.

Privacy Requirements. In providing the Administrative Services provided for under this Agreement, and in connection with maintaining, administering, handling and transferring the data of the policyholders and other recipients of benefits under the Reinsured ContractsNovated Policies, the Administrator shall, and shall cause its Affiliates and any permitted Subcontractors to, comply with all confidentiality and security obligations applicable to them in connection with the collection, use, disclosure, maintenance and transmission of personal, private, health or financial information about individual policyholders or benefit recipients, including the provisions of privacy policies under which such information was gathered, those laws currently in place and which may become effective during the term of this Agreement, including the Xxxxx-Xxxxx-Xxxxxx Act, the Health Insurance Portability and Accountability Act of 1996 and any other Applicable Laws. The Administrator shall entitle the Company and its agents and representatives, the Commissioner of Health and Human Services and such other Governmental Authorities, to the extent required by Applicable Law, to audit the Administrator’s compliance herewith. The Administrator shall also enable individual subjects of personally identifiable information, upon request from such individuals, to review and correct information maintained by the Administrator about them, and to restrict use of such information. The Administrator shall promptly report to the Company any violation of this provision of which the Administrator becomes aware. Unless required by Applicable Law, the Administrator shall not during the term of this Agreement, modify the privacy policies under which information utilized by the Administrator in administering the Reinsured Contracts Novated Policies is gathered, without the Company’s prior written consent, which consent shall not be unreasonably withheld. The parties agree to comply with the terms of the Business Associate Addendum attached hereto, if applicable, hereto or such other written agreement as may be required by Applicable Law on the date hereof.

Privacy Requirements. (a) In providing the Administrative Services provided for under this Agreement, and in connection with maintaining, administering, handling and transferring the data of the policyholders Policyholder and other recipients of benefits loss payments under the Reinsured Policies and the Subject Contracts, the Administrator shall, and shall cause its Affiliates and any permitted Subcontractors to, comply in all material respects with all confidentiality and security obligations applicable to them in connection with the collection, use, disclosure, maintenance and transmission of personal, private, health or financial information about individual policyholders Policyholders or benefit loss payment recipients, including the provisions of privacy policies under which such information was gathered, those laws currently in place and which may become effective during the term of this Agreement, including the Xxxxx-Xxxxx-Xxxxxx Act, the Health Insurance Portability and Accountability Act of 1996 1996, New York Department of Financial Services Insurance Regulation No. 173, and any other Applicable Laws. The Administrator shall entitle the Company and its agents and representatives, the Commissioner of Health and Human Services and such other Governmental Authorities, to the extent required by Applicable Law, to audit the Administrator’s compliance herewith. The To the extent required by Applicable Law, the Administrator shall also enable individual subjects of personally identifiable information, upon request from such individuals, to review and correct information maintained by the Administrator about them, and to restrict use of such information. The Administrator shall promptly report to the Company any violation of this provision Section 15.1 of which the Administrator becomes aware. Unless required by Applicable Law, the Administrator shall not during the term of this Agreement, Agreement modify the privacy policies under which information utilized by the Administrator in administering the Reinsured Policies and the Subject Contracts is gathered, without the Company’s prior written consent, which consent shall not be unreasonably withheld. The parties agree to comply with the terms of the Business Associate Addendum attached hereto, if applicable, conditioned or such other written agreement as may be required by Applicable Law on the date hereofdelayed.

Privacy Requirements. In providing Notwithstanding anything to the Administrative Services provided for under contrary in this Agreement, and in connection with maintainingXxxxxx, administering, handling and transferring the data of the policyholders and other recipients of benefits under the Reinsured Contractsas Administrative Agent, the Administrator shallCollateral Agent, Lender and Group Agent agrees that it is, and shall cause its Affiliates will remain, in compliance with the Privacy Requirements, will not utilize, and will not permit any permitted Subcontractors toaffiliate or any representative to utilize, comply with all confidentiality and security obligations applicable to them Non-Public Obligor Data for any purpose not in connection with the collectiontransactions contemplated under this Agreement or the related Transaction Documents, useand will maintain reasonable and adequate safeguards for the protection of all Non-Public Obligor Data, disclosurein accordance with its internal privacy policies and as required by the Privacy Requirements and other applicable Law. Xxxxxx has provided ADT with a true and correct copy of its information security policies and procedures as in effect on March 12, maintenance 2020. None of the Administrative Agent, the Collateral Agent, any Lender or any Group Agent shall provide any Non-Public Obligor Data to any other Lender, Group Agent, successor Collateral Agent or Administrative Agent, or any other prospective participant or assignee thereof, unless ADT shall have provided its consent thereto to the Administrative Agent. For the avoidance of doubt, once ADT provides its consent in respect of a Person, no additional ADT consent shall be required for future disclosure of Non-Public Obligor Data to such Person. Upon receipt of such consent, the Administrative Agent shall forward a copy thereof to the Lenders and transmission the Group Agents. In respect of personaleach such Person, privateADT shall provide the consent contemplated above if such Person has agreed to maintain reasonable and adequate safeguards for the protection of all Non-Public Obligor Data in a manner reasonably satisfactory to ADT. Notwithstanding anything to the contrary herein or in any other Transaction Document, health (i) subject to clause (iii) below, each ADT Entity shall be entitled to remove any Non-Public Obligor Data from any report, document or financial information about individual policyholders or benefit recipientsrequired to be delivered hereunder, including the provisions Information Package, and shall not be liable to any Person by reason thereof, (ii) delivery by the Administrative Agent or the Collateral Agent of privacy policies any notice or information required to be provided by it under which such information was gathered, those laws currently in place and which may become effective during this Agreement or the term of this Agreementother Transaction Documents, including the XxxxxInformation Package, shall not be deemed to be a breach of this Section 12.08(f), and (iii) upon request by the Collateral Agent or the Administrative Agent, each ADT Entity shall separately provide to the Collateral Agent and the Administrative Agent with each report, document and information from which any Non-XxxxxPublic Obligor Data has been removed, without such Non-Xxxxxx ActPublic Obligor Data removed; provided, that neither the Health Insurance Portability Collateral Agent nor the Administrative Agent shall provide (and Accountability Act of 1996 and shall not be deemed to be required to provide) such Non-Public Obligor Data to any other Applicable LawsLender, Group Agent, successor Collateral Agent or Administrative Agent, or any other prospective participant or assignee thereof except in accordance with this Section 12.08(f) or with ADT’s consent, and in no event shall Mizuho, as the Collateral Agent or the Administrative Agent, be obligated to provide (or be liable for not providing) any Non-Public Obligor Data to any other Person. The Administrator shall entitle Each of the Company Administrative Agent, Collateral Agent, each Lender and each Group Agent also agree that it will not, and will not permit any affiliate or representative other than the Servicer or its agents and representativesauthorized delegees to, contact any Obligor for any purpose; provided, however, that the Commissioner Administrative Agent or the Collateral Agent (or their respective agents) may contact an Obligor following an Event of Health and Human Services and such other Governmental AuthoritiesTermination, to the extent required by Applicable Lawexpressly set forth herein, to audit or if ADT is terminated as the Administrator’s compliance herewithServicer and a successor servicer is acting as servicer or a collection agent in respect of the applicable Pool Receivables. The Administrator shall also enable individual subjects of personally identifiable information, upon request from such individuals, to review and correct information maintained by the Administrator about them, and to restrict use of such information. The Administrator shall promptly report Except to the Company any violation extent expressly set forth herein following an Event of this provision Termination, each of which the Administrator becomes aware. Unless required by Applicable LawAdministrative Agent, the Administrator Collateral Agent, each Lender and each Group Agent (or their respective agents) shall not take any action to service, collect or administer any Pool Receivable during the term of period that ADT has the right to act as the Servicer under this Agreement. ADT and the Borrower shall not deliver (or instruct the Administrative Agent or the Collateral Agent to deliver) to any Lender or Group Agent any Non-Public Obligor Data in connection with the transactions contemplated hereby, modify the privacy policies under which information utilized by the Administrator in administering the Reinsured Contracts is gathered, without the Companyexcept with such Xxxxxx’s or Group Agent’s prior written consent, which consent shall not be unreasonably withheld. The parties agree to comply with the terms of the Business Associate Addendum attached hereto, if applicable, or such other written agreement as may be required by Applicable Law on the date hereof.

Privacy Requirements. In providing the Administrative Services provided for under this Agreement, and in connection with maintaining, administering, handling and transferring the data of the policyholders and other recipients of benefits under the Reinsured Contracts, the Administrator shall, and shall cause its Affiliates and any permitted Subcontractors to, comply with all confidentiality and security obligations applicable to them in connection with the collection, use, disclosure, maintenance and transmission of personal, private, health or financial information about individual policyholders or benefit recipients, including the provisions of privacy policies under which such information was gathered, those laws currently in place and which may become effective during the term of this Agreement, including the XxxxxGxxxx-Xxxxx-Xxxxxx Act, the Health Insurance Portability and Accountability Act of 1996 and any other Applicable Laws. The Administrator shall entitle the Company and its agents and representatives, the Commissioner of Health and Human Services and such other Governmental Authorities, to the extent required by Applicable Law, to audit the Administrator’s compliance herewith. The Administrator shall also enable individual subjects of personally identifiable information, upon request from such individuals, to review and correct information maintained by the Administrator about them, and to restrict use of such information. The Administrator shall promptly report to the Company any violation of this provision of which the Administrator becomes aware. Unless required by Applicable Law, the Administrator shall not during the term of this Agreement, modify the privacy policies under which information utilized by the Administrator in administering the Reinsured Contracts is gathered, without the Company’s prior written consent, which consent shall not be unreasonably withheld. The parties agree to comply with the terms of the Business Associate Addendum attached hereto, if applicable, or such other written agreement as may be required by Applicable Law on the date hereof.

Privacy Requirements. In providing This paragraph sets forth the Administrative Services Bank’s obligation to maintain the confidentiality of certain information that may be provided for to the Bank or its Affiliates by or on your behalf that must be kept confidential under this Agreement, and in connection with maintaining, administering, handling and transferring the data (i) Section 504 of the policyholders and other recipients of benefits under the Reinsured Contracts, the Administrator shall, and shall cause its Affiliates and any permitted Subcontractors to, comply with all confidentiality and security obligations applicable to them in connection with the collection, use, disclosure, maintenance and transmission of personal, private, health or financial information about individual policyholders or benefit recipients, including the provisions of privacy policies under which such information was gathered, those laws currently in place and which may become effective during the term of this Agreement, including the XxxxxGxxxx-Xxxxx-Xxxxxx Financial Services Modernization Act (the “Act”); (ii) requirements adopted by the Securities Exchange Commission pursuant to Regulation S-P and/or the comparable provisions of other applicable regulations under the Act; (iii) applicable State laws or regulations, as permitted by Section 507 of the Act; and (iv) any amendments or revisions to any of the foregoing (collectively, the Health Insurance Portability “Privacy Requirements”). The definitions in Regulation S-P shall apply to capitalized terms used in this paragraph and Accountability Act not otherwise defined in this Master Agreement. If the Bank or its Affiliates were to receive Non-Public Personally Identifiable Financial Information from or on behalf of 1996 your customer, then the Bank will maintain the confidentiality of such Non-Public Personally Identifiable Financial Information, and not to disclose that information, except to the extent that such disclosure is expressly permitted by the Privacy Requirements. Non-Public Personal Financial Information of your customer will not be used by the Bank except as expressly permitted by the Privacy Requirements, taking into consideration the purposes for which such information has been provided to the Bank. In the event of any conflicts between the provisions of this paragraph and any other Applicable Lawsprovisions of this Master Agreement or any other agreement between the parties, the provisions of this paragraph shall control. The Administrator shall entitle Bank’s obligations under this paragraph will continue until (a) the Company and its agents and representatives, Bank has returned all Customer Information to you; (b) the Commissioner of Health and Human Services and Bank has destroyed such other Governmental Authorities, to the extent required by Applicable Law, to audit the Administrator’s compliance herewith. The Administrator shall also enable individual subjects of personally identifiable information, upon request from such individuals, to review and correct information maintained by the Administrator about them, and to restrict use of such information. The Administrator shall promptly report to the Company any violation of this provision of which the Administrator becomes aware. Unless required by Applicable Law, the Administrator shall not during the term of this Agreement, modify the privacy policies under which information utilized by the Administrator Customer Information in administering the Reinsured Contracts is gathered, without the Company’s prior written consent, which consent shall not be unreasonably withheld. The parties agree to comply accordance with the terms of this Master Agreement; (c) you advise the Business Associate Addendum attached heretoBank that the undertaking in this paragraph is either (i) no longer required under applicable Privacy Requirements; or (ii) the obligations created under this paragraph are enforced under a successor agreement. We will notify you within five (5) Banking Days after we discover a violation by the Bank, if applicableits employees, or such other written agreement as may be its third party service providers of this paragraph, and we will cooperate with you in taking any corrective action required by Applicable Law on under the date hereof.circumstances. UMB/R072018/BPB

Privacy Requirements. (a) In providing the Administrative Services provided for under this Agreement, and in connection with maintaining, administering, handling and transferring the data of the policyholders Policyholder and other recipients of benefits loss payments under the Reinsured ContractsPolicies, the Administrator shall, and shall cause its Affiliates and any permitted Subcontractors to, comply in all material respects with all confidentiality and security obligations applicable to them in connection with the collection, use, disclosure, maintenance and transmission of personal, private, health or financial information about individual policyholders Policyholders or benefit loss payment recipients, including the provisions of privacy policies under which such information was gathered, those laws currently in place and which may become effective during the term of this Agreement, including the Xxxxx-Xxxxx-Xxxxxx Act, the Health Insurance Portability and Accountability Act of 1996 1996, New York Department of Financial Services Insurance Regulation No. 173, and any other Applicable Laws. The Administrator shall entitle the Company and its agents and representatives, the Commissioner of Health and Human Services and such other Governmental Authorities, to the extent required by Applicable Law, to audit the Administrator’s compliance herewith. The To the extent required by Applicable Law, the Administrator shall also enable individual subjects of personally identifiable information, upon request from such individuals, to review and correct information maintained by the Administrator about them, and to restrict use of such information. The Administrator shall promptly report to the Company any violation of this provision Section 15.1 of which the Administrator becomes aware. Unless required by Applicable Law, the Administrator shall not during the term of this Agreement, Agreement modify the privacy policies under which information utilized by the Administrator in administering the Reinsured Contracts Policies is gathered, without the Company’s prior written consent, which consent shall not be unreasonably withheld. The parties agree to comply with the terms of the Business Associate Addendum attached hereto, if applicable, conditioned or such other written agreement as may be required by Applicable Law on the date hereofdelayed.

Privacy Requirements. In providing the Administrative Services provided for under this Agreement, and in connection with maintaining, administering, handling and transferring the data of the policyholders contractholders and other recipients of benefits under the Reinsured Contracts, the Administrator shall, and shall cause its Affiliates and any permitted Subcontractors to, comply with all confidentiality and security obligations applicable to them in connection with the collection, use, disclosure, maintenance and transmission of personal, private, health or financial information about individual policyholders contractholders or benefit recipients, including the provisions of privacy policies under which such information was gathered, those laws currently in place and which may become effective during the term of this Agreement, including the XxxxxGxxxx-Xxxxx-Xxxxxx Act, the Health Insurance Portability and Accountability Act of 1996 and any other Applicable Laws. The Administrator shall entitle the Company and its agents and representatives, the Commissioner of Health and Human Services and such other Governmental Authorities, to the extent required by Applicable Law, to audit the Administrator’s compliance herewith. The Administrator shall also enable individual subjects of personally identifiable information, upon request from such individuals, to review and correct information maintained by the Administrator about them, and to restrict use of such information. The Administrator shall promptly report to the Company any violation of this provision of which the Administrator becomes aware. Unless required by Applicable Law, the Administrator shall not during the term of this Agreement, modify the privacy policies under which information utilized by the Administrator in administering the Reinsured Contracts is gathered, without the Company’s prior written consent, which consent shall not be unreasonably withheld. The parties agree to comply with the terms of the Business Associate Addendum attached hereto, if applicable, or such other written agreement as may be required by Applicable Law on the date hereof.

Privacy Requirements. In providing Notwithstanding anything to the Administrative Services provided for under contrary in this Agreement, and in connection with maintainingMizuho, administering, handling and transferring the data of the policyholders and other recipients of benefits under the Reinsured Contractsas Administrative Agent, the Administrator shallCollateral Agent, Lender and Group Agent agrees that it is, and shall cause its Affiliates will remain, in compliance with the Privacy Requirements, will not utilize, and will not permit any permitted Subcontractors toaffiliate or any representative to utilize, comply with all confidentiality and security obligations applicable to them Non-Public Obligor Data for any purpose not in connection with the collectiontransactions contemplated under this Agreement or the related Transaction Documents, useand will maintain reasonable and adequate safeguards for the protection of all Non-Public Obligor Data, disclosurein accordance with its internal privacy policies and as required by the Privacy Requirements and other applicable Law. Mizuho has provided ADT with a true and correct copy of its information security policies and procedures as in effect on March 12, maintenance 2020. None of the Administrative Agent, the Collateral Agent, any Lender or any Group Agent shall provide any Non-Public Obligor Data to any other Lender, Group Agent, successor Collateral Agent or Administrative Agent, or any other prospective participant or assignee thereof, unless ADT shall have provided its consent thereto to the Administrative Agent. For the avoidance of doubt, once ADT provides its consent in respect of a Person, no additional ADT consent shall be required for future disclosure of Non-Public Obligor Data to such Person. Upon receipt of such consent, the Administrative Agent shall forward a copy thereof to the Lenders and transmission the Group Agents. In respect of personaleach such Person, privateADT shall provide the consent contemplated above if such Person has agreed to maintain reasonable and adequate safeguards for the protection of all Non-Public Obligor Data in a manner reasonably satisfactory to ADT. Notwithstanding anything to the contrary herein or in any other Transaction Document, health (i) subject to clause (iii) below, each ADT Entity shall be entitled to remove any Non-Public Obligor Data from any report, document or financial information about individual policyholders or benefit recipientsrequired to be delivered hereunder, including the provisions Information Package, and shall not be liable to any Person by reason thereof, (ii) delivery by the Administrative Agent or the Collateral Agent of privacy policies any notice or information required to be provided by it under which such information was gathered, those laws currently in place and which may become effective during this Agreement or the term of this Agreementother Transaction Documents, including the XxxxxInformation Package, shall not be deemed to be a breach of this Section 12.08(f), and (iii) upon request by the Collateral Agent or the Administrative Agent, each ADT Entity shall separately provide to the Collateral Agent and the Administrative Agent with each report, document and information from which any Non-XxxxxPublic Obligor Data has been removed, without such Non-Xxxxxx ActPublic Obligor Data removed; provided, that neither the Health Insurance Portability Collateral Agent nor the Administrative Agent shall provide (and Accountability Act of 1996 and shall not be deemed to be required to provide) such Non-Public Obligor Data to any other Applicable LawsLender, Group Agent, successor Collateral Agent or Administrative Agent, or any other prospective participant or assignee thereof except in accordance with this Section 12.08(f) or with ADT’s consent, and in no event shall Mizuho, as the Collateral Agent or the Administrative Agent, be obligated to provide (or be liable for not providing) any Non-Public Obligor Data to any other Person. The Administrator shall entitle Each of the Company Administrative Agent, Collateral Agent, each Lender and each Group Agent also agree that it will not, and will not permit any affiliate or representative other than the Servicer or its agents and representativesauthorized delegees to, contact any Obligor for any purpose; provided, however, that the Commissioner Administrative Agent or the Collateral Agent (or their respective agents) may contact an Obligor following an Event of Health and Human Services and such other Governmental AuthoritiesTermination, to the extent required by Applicable Lawexpressly set forth herein, to audit or if ADT is terminated as the Administrator’s compliance herewithServicer and a successor servicer is acting as servicer or a collection agent in respect of the applicable Pool Receivables. The Administrator shall also enable individual subjects of personally identifiable information, upon request from such individuals, to review and correct information maintained by the Administrator about them, and to restrict use of such information. The Administrator shall promptly report Except to the Company any violation extent expressly set forth herein following an Event of this provision Termination, each of which the Administrator becomes aware. Unless required by Applicable LawAdministrative Agent, the Administrator Collateral Agent, each Lender and each Group Agent (or their respective agents) shall not take any action to service, collect or administer any Pool Receivable during the term of period that ADT has the right to act as the Servicer under this Agreement, modify the privacy policies under which information utilized by the Administrator in administering the Reinsured Contracts is gathered, without the Company’s prior written consent, which consent shall not be unreasonably withheld. The parties agree to comply with the terms of the Business Associate Addendum attached hereto, if applicable, or such other written agreement as may be required by Applicable Law on the date hereof.

Privacy Requirements. In providing the Administrative Services administrative services provided for under this Agreement, and in connection with maintaining, administering, handling and transferring the data of the policyholders and other recipients of benefits under the Reinsured ContractsPolicies, the Administrator Company shall, and shall cause its Affiliates and any permitted Subcontractors subcontractor to, comply with all confidentiality and security obligations applicable to them in connection with the collection, use, disclosure, maintenance and transmission of personal, private, health or financial information about individual policyholders or benefit recipients, including the provisions of privacy policies under which such information was gathered, those laws currently in place and which may become effective during the term of this Agreement, including the Xxxxx-Xxxxx-Xxxxxx Act, the Health Insurance Portability and Accountability Act of 1996 and any other Applicable Laws. The Administrator Company shall entitle the Company Reinsurer and its agents and representatives, the Commissioner of Health and Human Services and such other Governmental Authorities, to the extent required by Applicable Law, to audit the AdministratorCompany’s compliance herewith. The Administrator Company shall also enable individual subjects of personally identifiable information, upon request from such individuals, to review and correct information maintained by the Administrator Company about them, and to restrict use of such information. The Administrator Company shall promptly report to the Company Reinsurer any violation of this provision of which the Administrator Company becomes aware. Unless required by Applicable Law, the Administrator Company shall not during the term of this Agreement, modify the privacy policies under which information utilized by the Administrator Company in administering the Reinsured Contracts Policies is gathered, without the CompanyReinsurer’s prior written consent, which consent shall not be unreasonably withheld. The parties hereto agree to comply with the terms of the Business Associate Addendum attached hereto, if applicable, or such other written agreement as may be required by Applicable Law on the date hereof.. ARTICLE XVII MISCELLANEOUS PROVISIONS

Privacy Requirements. In providing the Administrative Services administrative services provided for under this Agreement, and in connection with maintaining, administering, handling and transferring the data of the policyholders and other recipients of benefits under the Reinsured ContractsPolicies, the Administrator Reinsurer shall, and shall cause its Affiliates and any permitted Subcontractors Subcontractor to, comply with all confidentiality and security obligations applicable to them in connection with the collection, use, disclosure, maintenance and transmission of personal, private, health or financial information about individual policyholders or benefit recipients, including the provisions of privacy policies under which such information was gathered, those laws currently in place and which may become effective during the term of this Agreement, including the Xxxxx-Xxxxx-Xxxxxx Act, the Health Insurance Portability and Accountability Act of 1996 and any other Applicable Laws. The Administrator Reinsurer shall entitle the Company and its agents and representatives, the Commissioner of Health and Human Services and such other Governmental Authorities, to the extent required by Applicable Law, to audit the AdministratorReinsurer’s compliance herewith. The Administrator Reinsurer shall also enable individual subjects of personally identifiable information, upon request from such individuals, to review and correct information maintained by the Administrator Reinsurer about them, and to restrict use of such information. The Administrator Reinsurer shall promptly report to the Company any violation of this provision of which the Administrator Reinsurer becomes aware. Unless required by Applicable Law, the Administrator Reinsurer shall not during the term of this Agreement, modify the privacy policies under which information utilized by the Administrator Reinsurer in administering the Reinsured Contracts Policies is gathered, without the Company’s prior written consent, which consent shall not be unreasonably withheld. The parties hereto agree to comply with the terms of the Business Associate Addendum attached hereto, if applicable, or such other written agreement as may be required by Applicable Law on the date hereof.

Privacy Requirements. In providing Notwithstanding anything to the Administrative Services provided for under contrary in this Agreement, and in connection with maintainingXxxxxx, administering, handling and transferring the data of the policyholders and other recipients of benefits under the Reinsured Contractsas Administrative Agent, the Administrator shallCollateral Agent, Lender and Group Agent agrees that it is, and shall cause its Affiliates will remain, in compliance with the Privacy Requirements, will not utilize, and will not permit any permitted Subcontractors toaffiliate or any representative to utilize, comply with all confidentiality and security obligations applicable to them Non-Public Obligor Data for any purpose not in connection with the collectiontransactions contemplated under this Agreement or the related Transaction Documents, useand will maintain reasonable and adequate safeguards for the protection of all Non-Public Obligor Data, disclosurein accordance with its internal privacy Compass and as required by the Privacy Requirements and other applicable Law. Xxxxxx has provided Compass with a true and correct copy of its information security policies and procedures as in effect on March 12, maintenance 2020. None of the Administrative Agent, the Collateral Agent, any Lender or any Group Agent shall provide any Non-Public Obligor Data to any other Lender, Group Agent, successor Collateral Agent or Administrative Agent, or any other prospective participant or assignee thereof, unless Compass shall have provided its consent thereto to the Administrative Agent. For the avoidance of doubt, once Compass provides its consent in respect of a Person, no additional Compass consent shall be required for future disclosure of Non-Public Obligor Data to such Person. Upon receipt of such consent, the Administrative Agent shall forward a copy thereof to the Lenders and transmission the Group Agents. In respect of personaleach such Person, privateCompass shall provide the consent contemplated above if such Person has agreed to maintain reasonable and adequate safeguards for the protection of all Non-Public Obligor Data in a manner reasonably satisfactory to Compass. Notwithstanding anything to the contrary herein or in any other Transaction Document, health (i) subject to clause (iii) below, each ADT Entity shall be entitled to remove any Non-Public Obligor Data from any report, document or financial information about individual policyholders or benefit recipientsrequired to be delivered hereunder, including the provisions Information Package, and shall not be liable to any Person by reason thereof, (ii) delivery by the Administrative Agent or the Collateral Agent of privacy policies any notice or information required to be provided by it under which such information was gathered, those laws currently in place and which may become effective during this Agreement or the term of this Agreementother Transaction Documents, including the XxxxxInformation Package, shall not be deemed to be a breach of this Section 12.08(f), and (iii) upon request by the Collateral Agent or 751499193.15 22727329 134 the Administrative Agent, each ADT Entity shall separately provide to the Collateral Agent and the Administrative Agent with each report, document and information from which any Non-XxxxxPublic Obligor Data has been removed, without such Non-Xxxxxx ActPublic Obligor Data removed; provided, that neither the Health Insurance Portability Collateral Agent nor the Administrative Agent shall provide (and Accountability Act of 1996 and shall not be deemed to be required to provide) such Non-Public Obligor Data to any other Applicable LawsLender, Group Agent, successor Collateral Agent or Administrative Agent, or any other prospective participant or assignee thereof except in accordance with this Section 12.08(f) or with Compass’s consent, and in no event shall Mizuho, as the Collateral Agent or the Administrative Agent, be obligated to provide (or be liable for not providing) any Non-Public Obligor Data to any other Person. The Administrator shall entitle Each of the Company Administrative Agent, Collateral Agent, each Lender and each Group Agent also agree that it will not, and will not permit any affiliate or representative other than the Servicer or its agents and representativesauthorized delegees to, contact any Obligor for any purpose; provided, however, that the Commissioner Administrative Agent or the Collateral Agent (or their respective agents) may contact an Obligor following an Event of Health and Human Services and such other Governmental AuthoritiesTermination, to the extent required by Applicable Lawexpressly set forth herein, to audit or if Compass is terminated as the Administrator’s compliance herewithServicer and a successor servicer is acting as servicer or a collection agent in respect of the applicable Pool Receivables. The Administrator shall also enable individual subjects of personally identifiable information, upon request from such individuals, to review and correct information maintained by the Administrator about them, and to restrict use of such information. The Administrator shall promptly report Except to the Company any violation extent expressly set forth herein following an Event of this provision Termination, each of which the Administrator becomes aware. Unless required by Applicable LawAdministrative Agent, the Administrator Collateral Agent, each Lender and each Group Agent (or their respective agents) shall not take any action to service, collect or administer any Pool Receivable during the term of period that Compass has the right to act as the Servicer under this Agreement. Compass and the Borrower shall not deliver (or instruct the Administrative Agent or the Collateral Agent to deliver) to any Lender or Group Agent any Non-Public Obligor Data in connection with the transactions contemplated hereby, modify the privacy policies under which information utilized by the Administrator in administering the Reinsured Contracts is gathered, without the Companyexcept with such Xxxxxx’s or Group Agent’s prior written consent, which consent shall not be unreasonably withheld. The parties agree to comply with the terms of the Business Associate Addendum attached hereto, if applicable, or such other written agreement as may be required by Applicable Law on the date hereofSECTION 12.09.

Privacy Requirements. In providing the Administrative Services administrative services provided for under this Agreement, and in connection with maintaining, administering, handling and transferring the data of the policyholders and other recipients of benefits under the Reinsured ContractsPolicies, the Administrator Company shall, and shall cause its Affiliates and any permitted Subcontractors subcontractor to, comply with all confidentiality and security obligations applicable to them in connection with the collection, use, disclosure, maintenance and transmission of personal, private, health or financial information about individual policyholders or benefit recipients, including the provisions of privacy policies under which such information was gathered, those laws currently in place and which may become effective during the term of this Agreement, including the Xxxxx-Xxxxx-Xxxxxx Act, the Health Insurance Portability and Accountability Act of 1996 and any other Applicable Laws. The Administrator Company shall entitle the Company Reinsurer and its agents and representatives, the Commissioner of Health and Human Services and such other Governmental Authorities, to the extent required by Applicable Law, to audit the AdministratorCompany’s compliance herewith. The Administrator Company shall also enable individual subjects of personally identifiable information, upon request from such individuals, to review and correct information maintained by the Administrator Company about them, and to restrict use of such information. The Administrator Company shall promptly report to the Company Reinsurer any violation of this provision of which the Administrator Company becomes aware. Unless required by Applicable Law, the Administrator Company shall not during the term of this Agreement, modify the privacy policies under which information utilized by the Administrator Company in administering the Reinsured Contracts Policies is gathered, without the CompanyReinsurer’s prior written consent, which consent shall not be unreasonably withheld. The parties hereto agree to comply with the terms of the Business Associate Addendum attached hereto, if applicable, or such other written agreement as may be required by Applicable Law on the date hereof.