Handling Sensitive Personal Information and Breach Notification A. As part of its contract with HHSC Contractor may receive or create sensitive personal information, as section 521.002 of the Business and Commerce Code defines that phrase. Contractor must use appropriate safeguards to protect this sensitive personal information. These safeguards must include maintaining the sensitive personal information in a form that is unusable, unreadable, or indecipherable to unauthorized persons. Contractor may consult the “Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals” issued by the U.S. Department of Health and Human Services to determine ways to meet this standard.
B. Contractor must notify HHSC of any confirmed or suspected unauthorized acquisition, access, use or disclosure of sensitive personal information related to this Contract, including any breach of system security, as section 521.053 of the Business and Commerce Code defines that phrase. Contractor must submit a written report to HHSC as soon as possible but no later than 10 business days after discovering the unauthorized acquisition, access, use or disclosure. The written report must identify everyone whose sensitive personal information has been or is reasonably believed to have been compromised.
C. Contractor must either disclose the unauthorized acquisition, access, use or disclosure to everyone whose sensitive personal information has been or is reasonably believed to have been compromised or pay the expenses associated with HHSC doing the disclosure if:
1. Contractor experiences a breach of system security involving information owned by HHSC for which disclosure or notification is required under section 521.053 of the Business and Commerce Code; or
2. Contractor experiences a breach of unsecured protected health information, as 45 C.F.R. §164.402 defines that phrase, and HHSC becomes responsible for doing the notification required by 45 C.F.R. §164.404. HHSC may, at its discretion, waive Contractor's payment of expenses associated with HHSC doing the disclosure.
File Security and Retention; Confidentiality A. USBFS and its agents will provide reasonable security provisions to ensure that unauthorized third parties do not have access to the Trust’s data bases, files, and other information provided by the Trust to USBFS for use with the Electronic Services, the names of End Users or End User transaction or account data (collectively, “Trust Files”). USBFS’s security provisions with respect to the Electronic Services, the Trust’s web site(s) and the Trust Files will be no less protected than USBFS’s security provisions with respect to its own proprietary information. USBFS agrees that any and all Trust Files maintained by USBFS for the Trust hereunder shall be available for inspection by the Trust’s regulatory authorities during regular business hours, upon reasonable prior written notice to USBFS, and will be maintained and retained in accordance with applicable requirements of the 1940 Act. USBFS will take such actions as are necessary to protect the intellectual property contained within the Trust’s web site(s) or any software, written materials, or pictorial materials describing or creating the Trust’s web site(s), including all interface designs or specifications. USBFS will take such actions as are reasonably necessary to protect all rights to the source code and interface of the Trust’s web site(s). In addition, USBFS will not use, or permit the use of, names of End Users for the purpose of soliciting any business, product, or service whatsoever except where the communication is necessary and appropriate for USBFS’s delivery of the Electronic Services.
B. USBFS shall treat as confidential and not disclose or otherwise make available any of the Trust’s lists, information, trade secrets, processes, proprietary data, information or documentation (collectively, the “Confidential Information”), in any form, to any person other than agents, employees or consultants of USBFS. USBFS will instruct its agents, employees and consultants who have access to the Confidential Information to keep such information confidential by using the same care and discretion that USBFS uses with respect to its own confidential property and trade secrets. Upon termination of the rights and responsibilities described in this Exhibit C for any reason and upon the Trust’s request, USBFS shall return to the Trust, or destroy and certify that it has destroyed, any and all copies of the Confidential Information which are in its possession.
C. Notwithstanding the above, USBFS will not have an obligation of confidentiality under this Section with regard to information that (1) was known to it prior to disclosure hereunder, (2) is or becomes publicly available other than as a result of a breach hereof, (3) is disclosed to it by a third party not subject to a duty of confidentiality, or (4) is required to be disclosed under law or by order of court or governmental agency.
Release of Confidential Information No Party shall release or disclose Confidential Information to any other person, except to its Affiliates (limited by FERC Standards of Conduct requirements), subcontractors, employees, consultants, or to parties who may be considering providing financing to or equity participation with Developer, or to potential purchasers or assignees of a Party, on a need-to-know basis in connection with this Agreement, unless such person has first been advised of the confidentiality provisions of this Article 22 and has agreed to comply with such provisions. Notwithstanding the foregoing, a Party providing Confidential Information to any person shall remain primarily responsible for any release of Confidential Information in contravention of this Article 22.
Exceptions to Confidential Information The obligations set forth in Section 13.1 (Confidential Information) shall not apply to the extent that Confidential Information includes information which is: (a) now or hereafter, through no unauthorized act or failure to act on the Receiving Party’s part, in the public domain; (b) was in the Receiving Party’s possession before receipt from the Disclosing Party and obtained from a source other than the Disclosing Party and other than through the prior relationship of the Disclosing Party and the Receiving Party before the Separation Date; (c) hereafter furnished to the Receiving Party by a third party as a matter of right and without restriction on disclosure; (d) furnished to others by the Disclosing Party without restriction on disclosure; or (e) independently developed by the Receiving Party without use of the Disclosing Party’s Confidential Information. Nothing in this Agreement shall prevent the Receiving Party from disclosing Confidential Information to the extent the Receiving Party is legally compelled to do so by any governmental, investigative or judicial agency pursuant to proceedings over which such agency has jurisdiction; provided, however, that prior to any such disclosure, the Receiving Party shall: (i) assert the confidential nature of the Confidential Information to the agency; (ii) immediately notify the Disclosing Party in writing of the agency’s order or request to disclose; and (iii) cooperate fully with the Disclosing Party in protecting against any such disclosure and/or obtaining a protective order narrowing the scope of the compelled disclosure and protecting its confidentiality.
Authorization to Release and Transfer Necessary Personal Information The Grantee hereby explicitly and unambiguously consents to the collection, use and transfer, in electronic or other form, of the Grantee’s personal data by and among, as applicable, the Company and its Subsidiaries for the exclusive purpose of implementing, administering and managing the Grantee’s participation in the Plan. The Grantee understands that the Company may hold certain personal information about the Grantee, including, but not limited to, the Grantee’s name, home address and telephone number, date of birth, social security number (or any other social or national identification number), salary, nationality, job title, number of Award Units and/or shares of Common Stock held and the details of all Award Units or any other entitlement to shares of Common Stock awarded, cancelled, vested, unvested or outstanding for the purpose of implementing, administering and managing the Grantee’s participation in the Plan (the “Data”). The Grantee understands that the Data may be transferred to the Company or to any third parties assisting in the implementation, administration and management of the Plan, that these recipients may be located in the Grantee’s country or elsewhere, and that any recipient’s country (e.g., the United States) may have different data privacy laws and protections than the Grantee’s country. The Grantee understands that he or she may request a list with the names and addresses of any potential recipients of the Data by contacting his or her local human resources representative or the Company’s stock plan administrator. The Grantee authorizes the recipients to receive, possess, use, retain and transfer the Data, in electronic or other form, for the sole purpose of implementing, administering and managing the Grantee’s participation in the Plan, including any requisite transfer of such Data to a broker or other third party assisting with the administration of Award Units under the Plan or with whom shares of Common Stock acquired pursuant to the vesting of the Award Units or cash from the sale of such shares may be deposited. Furthermore, the Grantee acknowledges and understands that the transfer of the Data to the Company or to any third parties is necessary for the Grantee’s participation in the Plan. The Grantee understands that the Grantee may, at any time, view the Data, request additional information about the storage and processing of the Data, require any necessary amendments to the Data or refuse or withdraw the consents herein by contacting the Grantee’s local human resources representative or the Company’s stock plan administrator in writing. The Grantee further acknowledges that withdrawal of consent may affect his or her ability to vest in or realize benefits from the Award Units, and the Grantee’s ability to participate in the Plan. For more information on the consequences of refusal to consent or withdrawal of consent, the Grantee understands that he or she may contact his or her local human resources representative or the Company’s stock plan administrator.
Treatment of Proprietary and Confidential Information A. Both parties agree that it may be necessary to provide each other during the term of this Agreement with certain confidential information, including trade secret information, including but not limited to, technical and business plans, technical information, proposals, specifications, drawings, procedures, customer account data and like information (hereinafter collectively referred to as “Information”). Both parties agree that all Information shall either be in writing or other tangible format and clearly marked with a confidential, private or proprietary legend, or, when the Information is communicated orally, it shall also be communicated that the Information is confidential, private or proprietary. The Information will be returned to the owner within a reasonable time. Both parties agree that the Information shall not be copied or reproduced in any form. Both parties agree to receive such Information and not disclose such Information. Both parties agree to protect the Information received from distribution, disclosure or dissemination to anyone except employees of the parties with a need to know such Information and which employees agree to be bound by the terms of this Section. Both parties will use the same standard of care to protect Information received as they would use to protect their own confidential and proprietary Information.
B. Notwithstanding the foregoing, both parties agree that there will be no obligation to protect any portion of the Information that is either: 1) made publicly available by the owner of the Information or lawfully disclosed by a nonparty to this Agreement; 2) lawfully obtained from any source other than the owner of the Information; or 3) previously known to the receiving party without an obligation to keep it confidential.
Definition of Confidential Information The term “Confidential Information” shall mean all information that either party discloses (a “Disclosing Party”) to the other party (a “Receiving Party”), whether in writing, electronically, or orally and in any form (tangible or intangible), that is confidential, proprietary, or relates to clients or shareholders (each either existing or potential). Confidential Information includes, but is not limited to:
Security of Confidential Information Each party possessing Confidential Information of the other party will maintain all such Confidential Information under secure conditions, using reasonable security measures and in any event not less than the same security procedures used by such party for the protection of its own Confidential Information of a similar kind.
Retention or destruction of Confidential Information If Network Rail or the Train Operator, as the case may be, has not received a request to return any Confidential Information to the other party under and within the time limits specified in Clause 14.3, it may destroy or retain such Confidential Information.
Access to Information; Confidentiality (a) Upon reasonable advance written notice, subject to applicable logistical restrictions or limitations as a result of COVID-19 or any COVID-19 Measures and solely for purposes of furthering the Merger Transactions, the Company shall, and shall cause each of its Subsidiaries to, afford to Parent, Merger Sub and their respective representatives reasonable access during normal business hours during the period from the date of this Agreement until the earlier of the Effective Time or the valid termination of this Agreement pursuant to Article VII, to all their respective properties, assets, books, contracts, commitments, personnel and records and, during such period, the Company shall, and shall cause each of its Subsidiaries to, furnish promptly to Parent: (i) a copy of each report, schedule, registration statement and other document filed or received by it during such period pursuant to the requirements of federal or state securities Laws and (ii) all other information concerning its business, properties and personnel as Parent or Merger Sub may reasonably request (including Tax Returns filed and those in preparation and the workpapers of its auditors). Nothing herein (including, for the avoidance of doubt, this Section 5.2(a) and Section 5.2(b)) shall require the Company or any of its Subsidiaries to provide such access or information to the extent that such action (A) would reasonably be expected to result in a waiver of attorney-client privilege, work product doctrine or similar privilege, (B) specifically relates to the evaluation, deliberation or minutes of the Company Board (or any committee or subcommittee thereof) related to the Merger Transactions, the strategic and financial alternatives process leading thereto, or any information or materials provided to the Company Board (or any committee or subcommittee thereof) in connection therewith or (C) would reasonably be expected to violate any applicable Law or any confidentiality obligation owing to a third party so long as the Company shall promptly notify Parent of any such confidentiality obligations or access restrictions and use commercially reasonable efforts to obtain the consent of such third party to provide such information and otherwise provide such access to Parent, if requested and (b) generally describe the type of information that cannot be disclosed to Parent (to the extent not prohibited by law or the underlying document). No investigation pursuant to this Section 5.2 shall affect any representation or warranty in this Agreement of any party hereto or any condition to the obligations of the parties hereto. All requests for access pursuant to this Section 5.2 must be directed to the Chief Financial Officer of the Company or another person designated in writing by the Company. Notwithstanding anything herein to the contrary, Parent and Merger Sub shall not, and shall cause their respective representatives not to, contact any partner, licensor, licensee, customer or supplier of the Company in connection with the Offer, the Merger or any of the other Merger Transactions without the Company’s prior written consent (such consent not to be unreasonably withheld, conditioned or delayed), and Parent and Merger Sub acknowledge and agree that any such contact shall be arranged by and with a representative of the Company participating.
(b) To the extent Parent requests further information or investigation of the basis of any potential violations of Law, including Customs & Trade Laws, and Anti-Bribery Laws, the Company shall, and shall cause its Subsidiaries to, cooperate with such request and make available any personnel or experts engaged by the Company or its Subsidiaries necessary to accommodate such request.
(c) The Company shall (i) notify Parent in writing as promptly as reasonably practicable after learning of any Legal Proceeding by any Person initiated against the Company or any of its Subsidiaries or, to the Knowledge of the Company, threatened against the Company, any of its Subsidiaries or any of their respective representatives in their capacity as such (a “New Litigation Claim”); (ii) notify Parent of ongoing material developments in any New Litigation Claim and any Legal Proceeding that was existing prior to the date hereof and (iii) consult in good faith with Parent regarding the conduct of the defense of any New Litigation Claim and any Legal Proceeding that was existing prior to the date hereof. With respect to any New Litigation Claim against the Company or its directors or officers relating to this Agreement or the Merger Transactions, the Company shall consult with Parent and give Parent the opportunity to participate in the defense and settlement of any such litigation, and no such settlement shall be agreed to without Parent’s prior written consent (such consent not to be unreasonably withheld, delayed or
