Common use of Secure Connection Clause in Contracts

Secure Connection. Registrar agrees to develop and employ in its domain name registration business all necessary technology and restrictions to ensure that its connection to the System is secure. All data exchanged between Registrar's system and the System shall be protected to avoid unintended disclosure of information. Registrar shall employ commercially reasonable measures to prevent its access to the System granted hereunder from being used to (i) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than its own existing customers; or (ii) enable high volume, automated, electronic processes that send queries or data to the systems of Verisign, any other registry operated under an agreement with ICANN, or any ICANN-accredited registrar, except as reasonably necessary to register domain names or modify existing registrations in accordance with any Operational Requirements. Each EPP session shall be authenticated and encrypted using two-way secure socket layer ("SSL") protocol. Registrar agrees to authenticate every EPP client connection with the System using both an X.509 server certificate issued by a commercial Certification Authority identified by the Registry and its Registrar password, which it shall disclose only to its employees with a need to know. Registrar agrees to notify Registry within four (4) hours of learning that its Registrar password has been compromised in any way or if its server certificate has been revoked by the issuing Certification Authority or compromised in any way. Upon prior written notification to Registrar, Verisign may require other industry standard security provisions, practices or technology to ensure that the System is secure and stable, which Verisign may adopt from time to time in its sole and complete discretion. Handling of Personal Data. Verisign shall notify Registrar of the purposes for which Personal Data submitted to Verisign by Registrar is collected, the intended recipients (or categories of recipients) of such Personal Data, and the mechanism for access to and correction of such Personal Data. Verisign shall take reasonable steps to protect Personal Data from loss, misuse, unauthorized disclosure, alteration or destruction. Verisign shall not use or authorize the use of Personal Data in a way that is incompatible with the notice provided to registrars. Verisign may from time to time use the demographic data collected for statistical analysis, provided that this analysis will not disclose individual Personal Data and provided that such use is compatible with the notice provided to registrars regarding the purpose and procedures for such use.

Secure Connection. The Registrar agrees to develop and employ in its domain name registration business all necessary technology technology, procedures, processes, and restrictions to ensure that its connection to the System SRS is secure. All data exchanged between the Registrar's ’s system and the System SRS shall be protected to avoid unintended disclosure of information. The Registrar shall employ commercially reasonable measures to prevent its access to the Registry System granted hereunder from being used to to: (i1) allow, enable, or otherwise support the transmission by e-mailemail, telephone, or facsimile of mass unsolicited, commercial unsolicited advertising or solicitations to persons or entities other than its own existing customers; or (ii) enable 2)enable high volume, automated, electronic processes that send queries or data to the systems of Verisign, any other registry operated under an agreement with ICANN, or any ICANN-accredited registrarthe Registry, except as reasonably necessary to register domain names or modify existing registrations in accordance with any Operational Requirementsregistrations. Each EPP session shall be authenticated and encrypted using two-way secure socket layer ("SSL") protocol. The Registrar agrees to authenticate every EPP client Registrar connection with the System SRS using both an X.509 (i) a server certificate issued by a commercial Certification Authority identified to be chosen by the Registry Registrar, subject to Registry’s agreement, which agreement shall not be unreasonably withheld and (ii) its Registrar password, which it shall disclose only to its employees with a need to know. The Registrar agrees to notify the Registry within four (4) hours of learning that its Registrar password has been compromised in any way or if its server certificate has been revoked by the issuing Certification Authority or compromised in any way. Additionally, the Registrar must ensure that access to registrant accounts is adequately protected by, at a minimum, a secure log-in process that requires username and password authentication. Upon prior written notification to the Registrar, Verisign the Registry may require other industry standard security provisions, practices practices, or technology to ensure that the Registry System is secure and stable, which Verisign the Registry may adopt from time to time in its sole and complete discretion. Handling of Personal Data. Verisign shall notify In the event that the Registrar does not comply with the Registry standards, the Registry will provide the Registrar a 30 (thirty) days’ notice to inform the Registrar of the purposes for which Personal Data submitted need to Verisign by Registrar is collected, the intended recipients (either correct non- compliance or categories of recipients) of such Personal Dataagree on a mutually acceptable plan with Registry to correct non-compliance, and the mechanism for access time period in which such plan must be completed. Failure to and correction meet the standards at the end of such Personal Datathe agreed period will constitute a material breach of the agreement. Verisign shall take reasonable steps to protect Personal Data from loss, misuse, unauthorized disclosure, alteration or destruction. Verisign shall not use or authorize the use of Personal Data in a way that is incompatible with the notice provided to registrars. Verisign may from The Registry’s failure at any time to time use declare a material breach does not constitute a waiver of its right to do so in the demographic data collected for statistical analysis, provided that this analysis will not disclose individual Personal Data and provided that such use is compatible with the notice provided to registrars regarding the purpose and procedures for such usefuture.

Secure Connection. Registrar agrees to develop and employ in its domain name registration business all necessary technology and restrictions to ensure that its connection to the System is secure. All data exchanged between Registrar's system and the System shall be protected to avoid unintended disclosure of information. Registrar shall employ commercially reasonable measures to prevent its access to the Registry System granted hereunder from being used to (i) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than its own existing customers; or (ii) enable high volume, automated, electronic processes that send queries or data to the systems of Verisign, any other registry operated under an agreement with ICANN, or any ICANN-accredited registrar, except as reasonably necessary to register domain names or modify existing registrations in accordance with any Operational Requirementsregistrations. Each EPP session shall be authenticated and encrypted using two-way secure socket layer ("SSL") protocol. Registrar agrees to authenticate every EPP client connection with the System using both an X.509 server certificate issued by a commercial Certification Authority identified by the Registry and its Registrar password, which it shall disclose only to its employees with a need to know. Registrar agrees to notify Registry within four (4) hours of learning that its Registrar password has been compromised in any way or if its server certificate has been revoked by the issuing Certification Authority or compromised in any way. Upon prior written notification to Registrar, Verisign may require other industry standard security provisions, practices or technology to ensure that the Registry System is secure and stable, which Verisign may adopt from time to time in its sole and complete discretion. Handling of Personal Data. Verisign shall notify Registrar of the purposes for which Personal Data submitted to Verisign by Registrar is collected, the intended recipients (or categories of recipients) of such Personal Data, and the mechanism for access to and correction of such Personal Data. Verisign shall take reasonable steps to protect Personal Data from loss, misuse, unauthorized disclosure, alteration or destruction. Verisign shall not use or authorize the use of Personal Data in a way that is incompatible with the notice provided to registrars. Verisign may from time to time use the demographic data collected for statistical analysis, provided that this analysis will not disclose individual Personal Data and provided that such use is compatible with the notice provided to registrars regarding the purpose and procedures for such use.

Secure Connection. The Registrar agrees to develop and employ in its domain name registration business all necessary technology technology, procedures, processes, and restrictions to ensure that its connection to the System SRS is secure. All data exchanged between the Registrar's ’s system and the System SRS shall be protected to avoid unintended disclosure of information. The Registrar shall employ commercially reasonable measures to prevent its access to the Registry System granted hereunder from being used to (i1) allow, enable, or otherwise support the transmission by e-mailemail, telephone, or facsimile of mass unsolicited, commercial unsolicited advertising or solicitations to persons or entities other than its own existing customers; or (ii2) enable high volume, automated, electronic processes that send queries or data to the systems of Verisignthe Registry, any other registry operated under an agreement with ICANN, or any ICANN-accredited registrarthe Registrar, except as reasonably necessary to register domain names or modify existing registrations in accordance with any Operational Requirementsregistrations. Each EPP session shall be authenticated and encrypted using two-way secure socket layer ("“SSL"”) protocol. The Registrar agrees to authenticate every EPP client connection with the System SRS using both an X.509 (i) a server certificate issued by a commercial Certification Authority identified to be chosen by the Registry Registrar, subject to Registry’s agreement, which agreement shall not be unreasonably withheld and (ii) its Registrar password, which it shall disclose only to its employees with a need to know. The Registrar agrees to notify the Registry within four (4) hours of learning that its Registrar password has been compromised in any way or if its server certificate has been revoked by the issuing Certification Authority or compromised in any way. Additionally, the Registrar must ensure that access to registrant accounts is adequately protected by, at a minimum, a secure log-in process that requires username and password authentication and the Registrar must comply with all other security-related ICANN Registrar accreditation requirements. Upon prior written notification to the Registrar, Verisign the Registry may require other industry standard security provisions, practices practices, or technology to ensure that the Registry System is secure and stable, which Verisign the Registry may adopt from time to time in its sole and complete discretion. Handling of Personal Data. Verisign shall notify In the event that the Registrar does not comply with the Registry standards, the Registry will provide the Registrar a 30-day notice to inform the Registrar of the purposes for which Personal Data submitted need to Verisign by Registrar is collected, the intended recipients (either correct non-compliance or categories of recipients) of such Personal Dataagree on a mutually acceptable plan with Registry to correct non-compliance, and the mechanism for access time period in which such plan must be completed. Failure to and correction meet the standards at the end of such Personal Datathe agreed period will constitute a material breach of the agreement. Verisign shall take reasonable steps to protect Personal Data from loss, misuse, unauthorized disclosure, alteration or destruction. Verisign shall not use or authorize the use of Personal Data in a way that is incompatible with the notice provided to registrars. Verisign may from The Registry’s failure at any time to time use declare a material breach does not constitute a waiver of its right to do so in the demographic data collected for statistical analysis, provided that this analysis will not disclose individual Personal Data and provided that such use is compatible with the notice provided to registrars regarding the purpose and procedures for such usefuture.

Secure Connection. The Registrar agrees to develop and employ in its domain name registration business all necessary technology technology, procedures, processes, and restrictions to ensure that its connection to the System SRS is secure. All data exchanged between the Registrar's ’s system and the System SRS shall be protected to avoid unintended disclosure of information. The Registrar shall employ commercially reasonable measures to prevent its access to the Registry System granted hereunder from being used to to: (i1) allow, enable, or otherwise support the transmission by e-mailemail, telephone, or facsimile of mass unsolicited, commercial unsolicited advertising or solicitations to persons or entities other than its own existing customers; or (ii) enable 2)enable high volume, automated, electronic processes that send queries or data to the systems of Verisign, any other registry operated under an agreement with ICANN, or any ICANN-accredited registrarthe Registry, except as reasonably necessary to register domain names or modify existing registrations in accordance with any Operational Requirementsregistrations. Each EPP session shall be authenticated and encrypted using two-way secure socket layer ("SSL") protocol. The Registrar agrees to authenticate every EPP client Registrar connection with the System SRS using both an X.509 (i) a server certificate issued by a commercial Certification Authority identified to be chosen by the Registry Registrar, subject to Registry’s agreement, which agreement shall not be unreasonably withheld and (ii) its Registrar password, which it shall disclose only to its employees with a need to know. The Registrar agrees to notify the Registry within four (4) hours of as soon as possible after learning that its Registrar password has been compromised in any way or if its server certificate has been revoked by the issuing Certification Authority or compromised in any way. Additionally, the Registrar must ensure that access to registrant accounts is adequately protected by, at a minimum, a secure log-in process that requires username and password authentication. Upon prior written notification to the Registrar, Verisign the Registry may require other industry standard security provisions, practices practices, or technology to ensure that the Registry System is secure and stable, which Verisign the Registry may adopt from time to time in its sole and complete discretion. Handling of Personal Data. Verisign shall notify In the event that the Registrar does not comply with the Registry standards, the Registry will provide the Registrar a 30 (thirty) days’ notice to inform the Registrar of the purposes for which Personal Data submitted need to Verisign by Registrar is collected, the intended recipients (either correct non- compliance or categories of recipients) of such Personal Dataagree on a mutually acceptable plan with Registry to correct non-compliance, and the mechanism for access time period in which such plan must be completed. Failure to and correction meet the standards at the end of such Personal Datathe agreed period will constitute a material breach of the agreement. Verisign shall take reasonable steps to protect Personal Data from loss, misuse, unauthorized disclosure, alteration or destruction. Verisign shall not use or authorize the use of Personal Data in a way that is incompatible with the notice provided to registrars. Verisign may from The Registry’s failure at any time to time use declare a material breach does not constitute a waiver of its right to do so in the demographic data collected for statistical analysis, provided that this analysis will not disclose individual Personal Data and provided that such use is compatible with the notice provided to registrars regarding the purpose and procedures for such usefuture.