HOW WE MAY USE YOUR PERSONAL INFORMATION 8.1 We will use the personal information You provide to Us to:
Information Technology Accessibility Standards Any information technology related products or services purchased, used or maintained through this Grant must be compatible with the principles and goals contained in the Electronic and Information Technology Accessibility Standards adopted by the Architectural and Transportation Barriers Compliance Board under Section 508 of the federal Rehabilitation Act of 1973 (29 U.S.C. §794d), as amended. The federal Electronic and Information Technology Accessibility Standards can be found at: xxxx://xxx.xxxxxx-xxxxx.xxx/508.htm.
SERVICE MONITORING, ANALYSES AND ORACLE SOFTWARE 11.1 We continuously monitor the Services to facilitate Oracle’s operation of the Services; to help resolve Your service requests; to detect and address threats to the functionality, security, integrity, and availability of the Services as well as any content, data, or applications in the Services; and to detect and address illegal acts or violations of the Acceptable Use Policy. Oracle monitoring tools do not collect or store any of Your Content residing in the Services, except as needed for such purposes. Oracle does not monitor, and does not address issues with, non-Oracle software provided by You or any of Your Users that is stored in, or run on or through, the Services. Information collected by Oracle monitoring tools (excluding Your Content) may also be used to assist in managing Oracle’s product and service portfolio, to help Oracle address deficiencies in its product and service offerings, and for license management purposes.
CAUTIONS FOR GLOBAL USE AND EXPORT AND IMPORT COMPLIANCE Due to the global nature of the internet, through the use of our network you hereby agree to comply with all local rules relating to online conduct and that which is considered acceptable Content. Uploading, posting and/or transferring of software, technology and other technical data may be subject to the export and import laws of the United States and possibly other countries. Through the use of our network, you thus agree to comply with all applicable export and import laws, statutes and regulations, including, but not limited to, the Export Administration Regulations (xxxx://xxx.xxxxxx.xxx.xxx/bis/ear/ear_data.html), as well as the sanctions control program of the United States (xxxx://xxx.xxxxxxxx.xxx/resource- center/sanctions/Programs/Pages/Programs.aspx). Furthermore, you state and pledge that you:
Access to Personal Information by Subcontractors Supplier agrees to require any subcontractors or agents to which it discloses Personal Information under this Agreement or under any SOW to provide reasonable assurance, evidenced by written contract, that they will comply with the same or substantially similar confidentiality, privacy and security obligations with respect to such Personal Information as apply to Supplier under this Agreement or any SOW. Supplier shall confirm in writing to DXC that such contract is in place as a condition to DXC’s approval of use of a subcontractor in connection with any SOW. Upon request of DXC, Supplier will provide to DXC a copy of the subcontract or an extract of the relevant clauses. Supplier shall ensure that any failure on the part of any subcontractor or agent to comply with the Supplier obligations under this Agreement or any SOW shall be grounds to promptly terminate such subcontractor or agent. If during the term of this Agreement or any SOW, DXC determines, in its exclusive discretion, that any Supplier subcontractor or agent cannot comply with the Supplier obligations under this Agreement or with any SOW, then DXC may terminate this Agreement in whole or in part (with respect to any SOW for which such subcontractor or agent is providing services), if not cured by Supplier within the time prescribed in the notice of such deficiency.
Abuse and Neglect of Children and Vulnerable Adults:
Abuse Registry Party agrees not to employ any individual, to use any volunteer or other service provider, or to otherwise provide reimbursement to any individual who in the performance of services connected with this agreement provides care, custody, treatment, transportation, or supervision to children or to vulnerable adults if there has been a substantiation of abuse or neglect or exploitation involving that individual. Party is responsible for confirming as to each individual having such contact with children or vulnerable adults the non-existence of a substantiated allegation of abuse, neglect or exploitation by verifying that fact though (a) as to vulnerable adults, the Adult Abuse Registry maintained by the Department of Disabilities, Aging and Independent Living and (b) as to children, the Central Child Protection Registry (unless the Party holds a valid child care license or registration from the Division of Child Development, Department for Children and Families). See 33 V.S.A. §4919(a)(3) and 33 V.S.A. §6911(c)(3).
Requester and Approved User Responsibilities The Requester agrees through the submission of the DAR that the PI named has reviewed and understands the principles for responsible research use and data management of the genomic datasets as defined in the NIH Security Best Practices for Controlled-Access Data Subject to the GDS Policy. The Requester and Approved Users further acknowledge that they are responsible for ensuring that all uses of the data are consistent with national, tribal, and state laws and regulations, as appropriate, as well as relevant institutional policies and procedures for managing sensitive genomic and phenotypic data. The Requester certifies that the PI is in good standing (i.e., no known sanctions) with the institution, relevant funding agencies, and regulatory agencies and is eligible to conduct independent research (i.e., is not a postdoctoral fellow, student, or trainee). The Requester and any Approved Users may use the dataset(s) only in accordance with the parameters described on the study page and in the 1 If contractor services are to be utilized, PI requesting the data must provide a brief description of the services that the contractor will perform for the PI (e.g., data cleaning services) in the research use statement of the DAR. Additionally, the Key Personnel section of the DAR must include the name of the contractor’s employee(s) who will conduct the work. These requirements apply whether the contractor carries out the work at the PI’s facility or at the contractor’s facility. In addition, the PI is expected to include in any contract agreement requirements to ensure that any of the contractor’s employees who have access to the data adhere to the NIH GDS Policy, this Data Use Certification Agreement, and the NIH Security Best Practices for Controlled-Access Data Subject to the GDS Policy. Note that any scientific collaborators, including contractors, who are not at the Requester must submit their own DAR. Addendum to this Agreement for the appropriate research use, as well as any limitations on such use, of the dataset(s), as described in the DAR, and as required by law. Through the submission of this DAR, the Requester and Approved Users acknowledge receiving and reviewing a copy of the Addendum which includes Data Use Limitation(s) for each dataset requested. The Requester and Approved Users agree to comply with the terms listed in the Addendum. Through submission of the DAR, the PI and Requester agree to submit a Project Renewal or Project Close-out prior to the expiration date of the one (1) year data access period. The PI also agrees to submit an annual Progress Update prior to the one (1) year anniversary2 of the project, as described under Research Use Reporting (Term 10) below. By approving and submitting the attached DAR, the Institutional Signing Official provides assurance that relevant institutional policies and applicable local, state, tribal, and federal laws and regulations, as applicable, have been followed, including IRB approval, if required. Approved Users may be required to have IRB approval if they have access to personal identifying information for research participants in the original study at their institution, or through their collaborators. The Institutional Signing Official also assures, through the approval of the DAR, that other institutional departments with relevant authorities (e.g., those overseeing human subjects research, information technology, technology transfer) have reviewed the relevant sections of the NIH GDS Policy and the associated procedures and are in agreement with the principles defined. The Requester acknowledges that controlled-access datasets subject to the NIH GDS Policy may be updated to exclude or include additional information. Unless otherwise indicated, all statements herein are presumed to be true and applicable to the access and use of all versions of these datasets.
NYS OFFICE OF INFORMATION TECHNOLOGY SERVICES NOTIFICATION All New York State Agencies must notify the Office of Information Technology Services of any and all plans to procure IT and IT -related products, materials and services meeting required thresholds defined in Technology Policy NYS–P08-001: xxxxx://xxx.xx.xxx/sites/default/files/documents/NYS-P08-001.pdf, as may be amended, modified or superseded. SALES REPORTING REQUIREMENTS Contractor shall furnish OGS with quarterly sales reports utilizing Appendix I - Report of Contract Sales. Purchases by Non- State Agencies, political subdivisions and others authorized by law shall be reported in the same report and indicated as required. All fields of information shall be accurate and complete. OGS reserves the right to unilaterally make revisions, changes and/or updates to Appendix I - Report of Contract Sales or to require sales to be reported in a different format without processing a formal amendment and/or modification. Further, additional related sales information and/or detailed Authorized User purchases may be required by OGS and must be supplied upon request. Reseller Sales Product sold through Reseller(s) must be reported by Contractor in the required Appendix I – Report of Contract Sales. Due Date The Appendix I - Report of Contract Sales will be quarterly (January - March, April - June, July - September and October - December). Reports will be due 1 month after the closing quarter. SERVICE REPORTS FOR MAINTENANCE/SUPPORT AND WARRANTY WORK Service Reports for Authorized User An Authorized User in an RFQ may require compliance with any or all of this section. If requested by the Authorized User, the Contractor shall furnish the Authorized User with service reports for all Maintenance/support and warranty work upon completion of the services. The service reports may include the following information in either electronic or hard copy form as designated by the Authorized User: Date and time Contractor was notified Date and time of Contractor’s arrival Make and model of the Product Description of malfunction reported by Authorized User Diagnosis of failure and/or work performed by Contractor Date and time failure was corrected by Contractor Type of service – Maintenance/support or warranty Charges, if any, for the service Service Reports for OGS
Software compliance Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license (like MIT, BSD, Apache 2.0,...). ● The license should provide unlimited access rights to the EGI community. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub13.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewing. 9 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 10 xxxxx://xxxx.xxx.xx/wiki/OMB 11 xxxx://xxx.xxx.xx/ 12 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 13 xxxxx://xxxxxx.xxx/EGI-Foundation ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators, and end users.
Public Posting of Approved Users’ Research Use Statement The PI agrees that information about themselves and the approved research use will be posted publicly on the dbGaP website. The information includes the PI’s name and Requester, project name, Research Use Statement, and a Non-Technical Summary of the Research Use Statement. In addition, and if applicable, this information may include the Cloud Computing Use Statement and name of the CSP or PCS. Citations of publications resulting from the use of controlled-access datasets obtained through this DAR may also be posted on the dbGaP website.
