Destruction of Personal Data. For any PHI received regarding an Eligible Beneficiary referred to Contractor by EOHHS who does not enroll in Contractor’s plan, the Contractor must destroy the PHI in accordance with standards set forth in National Institute of Science and Technology (NIST) Special Publication 800‑88, Guidelines for Media Sanitizations, and all applicable State and federal Privacy and security laws including HIPAA and its related implementing regulations, at 45 C.F.R. Parts 160, 162, and 164, as may be amended from time to time. The Contractor shall also adhere to standards described in OMB Circular No. A‑130, Appendix III‑‑Security of Federal Automated Information Systems and NIST Federal Information Processing Standard 200 entitled “Minimum Security Requirements for Federal Information and Information Systems” while in possession of all PHI. Research Data The Contractor must seek and obtain prior written authorization from CMS and EOHHS for the use of any data pertaining to this Contract for research or any other purposes not directly related to the Contractor’s performance under this Contract.
Destruction of Personal Data. Upon termination of this Data Processing Agreement, or upon fulfillment of all purposes agreed in the context of the Services whereby no further processing is required, and upon the Data Controller’s written request, the Data Processor shall, at the discretion of the Data Controller, either delete, destroy or return all Personal Data to the Data Controller and destroy or return any existing copies. The Data Processor shall notify all third parties supporting its own processing of the Personal Data of the termination of the Data Processing Agreement and shall ensure that all such third parties shall either destroy the Personal Data or return the Personal Data to the Data Controller, at the discretion of the Data Controller. Assistance to Data Controller The Data Processor shall assist the Data Controller by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Data Controller’s obligation to respond to requests for exercising the data subject’s rights under EU Data Protection Law. The Data Processor shall assist the Data Controller in ensuring compliance with the obligations pursuant to Section 4 (Security) and prior consultations with supervisory authorities required under Article 36 of the GDPR taking into account the nature of processing and the information available to the Data Processor. The Data Processor shall make available to the Data Controller all information necessary to demonstrate compliance with the Data Processor’s obligations and allow for and contribute to audits, including inspections, conducted by the Data Controller or another auditor mandated by the Data Controller as described in section 4.3.
Destruction of Personal Data. After the termination of this Data Processing Agreement, the Processor shall transfer all Personal Data to the Controller within a reasonable period of time and/or shall, upon the Controller’s request, destroy or delete all Personal Data, including all (copies of) electronically recorded Personal Data, and confirm in writing to the Controller that all Personal Data has been returned, destroyed or deleted. If the Processor is required by law to keep Processing certain Personal Data, it will fulfill the Controller’s request insofar as legally permitted. At the request and expense of the Controller, the Processor shall provide this written conformation with a certified statement from a certified public IT- auditor.
Destruction of Personal Data. For any PHI received regarding an Eligible Beneficiary referred to Contractor by the Department who does not enroll in Contractor’s plan, the Contractor must destroy the PHI in accordance with standards set forth in NIST Special Publication 800-88, Guidelines for Media Sanitizations, and all applicable state and federal Privacy and security laws including HIPAA and its related implementing regulations, at 45 C.F.R. Parts 160, 162, and 164, as may be amended from time to time. The Contractor shall also adhere to standards described in OMB Circular No. A-130, Appendix III-Security of Federal Automated Information Systems and NIST Federal Information Processing Standard 200 entitled “Minimum Security Requirements for Federal Information and Information Systems” while in possession of all PHI.
Destruction of Personal Data. D10. Forthwith upon termination of this contract and pursuant to the Exit Management provisions in this Agreement (howsoever arising):
Destruction of Personal Data. Unless as otherwise instructed by the Customer or as required by applicable law, ARINC shall, after the end of the provision of Services, either (at the choice of Customer and as operationally feasible): (i) return a complete copy of all Personal Data to the Customer by secure file transfer and securely wipe all other copies of Personal Data Processed by ARINC or its Subprocessors; or (ii) securely wipe all copies of Personal Data Processed by ARINC or any of its Subprocessors.
Destruction of Personal Data. All Personal Data shared under the Agreement and held electronically shall be securely deleted in accordance with the Data Protection Legislation. All paper copies shall be securely shredded (to DIN3 grade or if superseded to the equivalent secure shredding applicable to restricted data).
Destruction of Personal Data any action in the course of which personal data is destroyed irrevocably, impossible to restore the contents of personal data in the information system of personal data and (or) which are destroyed material carriers of personal data.
Destruction of Personal Data. 6.1 The Company shall on request at any time and on the expiry or termination of the Agreement, (at no cost to the Operator) at the Operator’s option either return all of the Personal Data, and copies of it in such format as theOperator may require or securely dispose of the Personal Data, except to the extent that any applicable law requires the Company to store such Personal Data and the Company has promptly demonstrated their legal requirements to the Operator.
Destruction of Personal Data. 3.6.1. The destruction of personal data is understood as actions, as a result of which it becomes impossible to restore the content of personal data on the Site and/or as a result of which the material carriers of personal data are destroyed.
