Usage Data 7.1. The parties shall supply data on usage of the Licensed Work that is available to them during the term of this Licence. Notwithstanding the foregoing, the parties shall neither assemble nor provide data from which an individual user could be identified.
System Access CUSTOMER agrees to provide to PROVIDER, at CUSTOMER’S expense, necessary access to the mainframe computer and related information technology systems (the “System”) on which CUSTOMER data is processed during the times (the “Service Hours”) specified in the PSAs, subject to reasonable downtime for utility outages, maintenance, performance difficulties and the like. In the event of a change in the Service Hours, CUSTOMER will provide PROVIDER with at least fifteen (15) calendar days written notice of such change.
System Use (a) An electronic site access system may be used on site, subject to the requirements of this statement.
(b) The system operates via:
(i) a facial recognition device; and
(ii) an electronic gate.
(c) The system will be installed at the access and egress point/s of the site and will only be utilised to identify presence on site.
(d) The purpose for which the electronic site access system will be implemented is to ensure:
(i) avoiding unauthorised access to site;
(ii) confirmation and co-ordination of effort in emergency situations; and
(iii) confirmation that all entrants to site have received a site specific induction;
(e) The only personal data collected by the system is a site entrant’s:
(i) image;
(ii) first & last name;
(iii) mobile phone number;
(iv) email address; and
(v) employer’s name. (the Collected Data)
(f) The Collected Data will only be held or used for the purposes specified above, unless otherwise by consent or required by law.
(g) The Employer will not use the electronic site access control system to verify who was on a site at a particular time for the purpose of:
(i) evaluating whether a variation claim regarding labour costs made by a subcontractor can be substantiated;
(ii) taking disciplinary action against an Employee, or assisting a subcontractor to take disciplinary action against its own employees, regarding their start and finish times; or
(iii) otherwise generally tracking a worker’s movements whilst on the site.
System Logging The system must maintain an automated audit trail which can 20 identify the user or system process which initiates a request for PHI COUNTY discloses to 21 CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY, 22 or which alters such PHI. The audit trail must be date and time stamped, must log both successful and 23 failed accesses, must be read only, and must be restricted to authorized users. If such PHI is stored in a 24 database, database logging functionality must be enabled. Audit trail data must be archived for at least 3 25 years after occurrence.
Malicious Use of Orphan Glue Records Registry Operator shall take action to remove orphan glue records (as defined at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/en/committees/security/sac048.pdf) when provided with evidence in written form that such records are present in connection with malicious conduct.
