Common use of Additional Obligations Clause in Contracts

Additional Obligations. a. ESE shall not create or maintain data which are derivative of Confidential Customer Utility Information except for the purpose of performing its obligations under this Agreement, as authorized by the UBP or UBP DERS, or as expressly authorized by the customer, unless that use violates Federal, State, and local laws, tariffs, rules, and regulations. For purposes of this Agreement, the following shall not be considered Confidential Customer Utility Information or a derivative thereof: (i) any customer contracts, customer invoices, or any other documents created by ESE that reference estimated or actual measured customer usage information, which ESE needs to maintain for any tax, financial reporting or other legitimate business purposes consistent with the UBP or UBP DERS; and (ii) Data collected by ESE from customers through its website or other interactions based on those customers’ interest in receiving information from or otherwise engaging with ESE or its partners. b. ESE shall comply with all applicable privacy and security laws to which it is subject, including without limitation all applicable Data Protection Requirements and not, by act or omission, place Utility in violation of any privacy or security law known by ESE to be applicable to Utility. c. ESE shall have in place appropriate and reasonable processes and systems, including an Information Security Program, defined as having completed an accepted Attestation as reasonably determined by the Utility in its discretion, to protect the security of Confidential Customer Utility Information and protect against a Data Security Incident, including, without limitation, a breach resulting from or arising out of ESE’s internal use, processing, or other transmission of Confidential Customer Utility Information, whether between or among ESE’s Third-Party Representatives, subsidiaries and affiliates or any other person or entity acting on behalf of ESE, including without limitation Third-Party Representatives. The Utility’s determination is subject to the dispute resolution process under the UBP or UBP DERS. d. ESE and Utility shall safely secure or encrypt during storage and encrypt during transmission all Confidential Information, except that no encryption in transit is required for email communications. e. ESE shall establish policies and procedures to provide reasonable and prompt assistance to Utility in responding to any and all requests, complaints, or other communications received from any individual who is or may be the subject of a Data Security Incident involving Confidential Customer Utility Information Processed by ESE to the extent such request, complaint or other communication relates to ESE’s Processing of such individual’s Confidential Customer Utility Information. f. ESE shall establish policies and procedures to provide all reasonable and prompt assistance to Utility in responding to any and all requests, complaints, or other communications received from any individual, government, government agency, regulatory authority, or other entity that is or may have an interest in the Confidential Customer Utility Information, data theft, or other unauthorized release of Confidential Customer Utility Information, disclosure of Confidential Customer Utility Information, or misuse of Confidential Customer Utility Information to the extent such request, complaint or other communication relates to ESE’s accessing or Processing of such Confidential Customer Utility Information. g. ESE will not process Confidential Customer Utility Information outside of the United States or Canada absent a written agreement with Utility. For the avoidance of doubt, Confidential Customer Utility Information stored in the United States or Canada, or other countries as agreed upon in writing will be maintained in a secure fashion at a secure location pursuant to the terms and conditions of this Agreement.

Additional Obligations. a. ESE Aggregator shall not create or maintain data which are derivative of Confidential Customer Utility Information except for the purpose of performing its obligations under this Agreement, Agreement or as authorized by the UBP or UBP DERS, or as expressly authorized by the customer, unless that use violates Federal, State, and local laws, tariffs, rules, and regulationsUtility. For purposes of this Agreement, the following shall not be considered Confidential Customer Utility Information or a derivative thereof: (i) any customer contracts, customer invoices, or any other documents created by ESE that reference estimated or actual measured customer usage information, which ESE needs to maintain for any tax, financial reporting or other legitimate business purposes consistent with the UBP or UBP DERS; and (ii) Data collected by ESE Aggregator from customers through its website or other interactions based on those customers’ interest in receiving information from or otherwise engaging with ESE Aggregator or its partnerspartners shall not be considered Confidential Utility Information or a derivative of Confidential Utility Information for the purpose of this Agreement. Aggregator shall not collect or retain customer account numbers through such interactions associated with its CCA Program. b. ESE Aggregator shall comply with all applicable privacy and security laws to which it is subject, including without limitation all applicable Data Protection Requirements and not, by act or omission, place Utility in violation of any privacy or security law known by ESE Aggregator to be applicable to Utility. c. ESE Aggregator shall have in place appropriate and reasonable processes and systems, including an Information Security Program, defined as having completed an accepted Attestation as reasonably determined by the Utility in its discretion, Program to protect the security of Confidential Customer Utility Information containing Personal Data and protect against prevent a Data Security IncidentIncident , including, without limitation, a breach resulting from or arising out of ESEAggregator’s internal use, processing, Processing or other transmission of Confidential Customer Utility InformationInformation containing Personal Data, whether between or among ESEAggregator’s Third-Party Representatives, subsidiaries and affiliates or any other person or entity acting on behalf of ESEAggregator, including without limitation Third-Third Party Representatives. The Utility’s determination is subject to the dispute resolution process under the UBP or UBP DERS. d. ESE and Utility Aggregator shall safely secure or encrypt all Confidential Utility Information during storage and encrypt during transmission all Confidential Information, except that no encryption in transit is required for email communicationsor transmission. e. ESE Aggregator shall establish policies and procedures to provide reasonable and prompt assistance to Utility in responding to any and all requests, complaints, or other communications received from any individual who is or may be the subject of a Data Security Incident involving Confidential Customer Utility Information Processed by ESE Aggregator to the extent such request, complaint or other communication relates to ESEAggregator’s Processing of such individual’s Confidential Customer Utility InformationPersonal Data. f. ESE Aggregator shall establish policies and procedures to provide all reasonable and prompt assistance to Utility in responding to any and all requests, complaints, or other communications received from any individual, government, government agency, regulatory authority, or other entity that is or may have an interest in the Confidential Customer Utility InformationPersonal Data, data theft, theft or other unauthorized release of Confidential Customer Utility InformationPersonal Data , disclosure of Confidential Customer Utility InformationPersonal Data, or misuse of Confidential Customer Utility Information Personal Data to the extent such request, complaint or other communication relates to ESEAggregator’s accessing or Processing of such Confidential Customer Utility InformationPersonal Data. g. ESE will not process Confidential Customer Utility Information outside of the United States or Canada absent a written agreement with Utility. For the avoidance of doubt, Confidential Customer Utility Information stored in the United States or Canada, or other countries as agreed upon in writing will be maintained in a secure fashion at a secure location pursuant to the terms and conditions of this Agreement.

Additional Obligations. a. ESE shall not create or maintain data which are derivative of Confidential Customer Utility Information except for the purpose of performing its obligations under this Agreement, Addendum or as authorized by the UBP or UBP DERS, or as expressly authorized by the customer, unless that use violates Federal, State, and local laws, tariffs, rules, and regulationsUtility. For purposes of this Agreement, the following shall not be considered Confidential Customer Utility Information or a derivative thereof: (i) any customer contracts, customer invoices, or any other documents created by ESE that reference estimated or actual measured customer usage information, which ESE needs to maintain for any tax, financial reporting or other legitimate business purposes consistent with the UBP or UBP DERS; and (ii) Data collected by ESE from customers through its website or other interactions based on those customers’ interest in receiving information from or otherwise engaging with ESE or its partnerspartners shall not be considered Confidential Utility Information or a derivative of Confidential Utility Information for the purpose of this Addendum. b. ESE shall comply with all applicable privacy and security laws to which it is subject, including without limitation all applicable Data Protection Requirements and not, by act or omission, place Utility in violation of any privacy or security law known by ESE to be applicable to Utility. c. ESE shall have in place appropriate and reasonable processes and systems, including an Information Security Program, defined as having completed an accepted Attestation as reasonably determined by the Utility in its sole discretion, to protect the security of Confidential Customer Utility Information and protect against prevent a Data Security Incident, including, without limitation, a breach resulting from or arising out of ESE’s internal use, processingProcessing, or other transmission of Confidential Customer Utility Information, whether between or among ESE’s Third-Third Party Representatives, subsidiaries and affiliates or any other person or entity acting on behalf of ESE, including without limitation Third-Third Party Representatives. The Utility’s determination is subject to the dispute resolution process under the UBP or UBP DERS. d. ESE and Utility shall safely secure or encrypt all Confidential Utility Information during storage and encrypt during transmission all Confidential Information, except that no encryption in transit is required for email communicationsor transmission. e. ESE shall establish policies and procedures to provide reasonable and prompt assistance to Utility in responding to any and all requests, complaints, or other communications received from any individual who is or may be the subject of a Data Security Incident involving Confidential Customer Utility Information Processed by ESE to the extent such request, complaint or other communication relates to ESE’s Processing of such individual’s Confidential Customer Utility Information. f. ESE shall establish policies and procedures to provide all reasonable and prompt assistance to Utility in responding to any and all requests, complaints, or other communications received from any individual, government, government agency, regulatory authority, or other entity that is or may have an interest in the Confidential Customer Utility Information, data theft, or other unauthorized release of Confidential Customer Utility Information, disclosure of Confidential Customer Utility Information, or misuse of Confidential Customer Utility Information to the extent such request, complaint or other communication relates to ESE’s accessing or Processing of such Confidential Customer Utility Information. g. ESE will not process Confidential Customer Utility Information outside of the United States or Canada absent a written agreement with Utility. For the avoidance of doubt, Confidential Customer Utility Information stored in the United States or Canada, or other countries as agreed upon in writing will be maintained in a secure fashion at a secure location pursuant to the terms and conditions of this Agreement.

Additional Obligations. a. ESE shall not create or maintain data which are derivative of Confidential Customer Utility Information except for the purpose of performing its obligations under this Agreement, Agreement or as authorized by the UBP or UBP DERS, or as expressly authorized by the customer, unless that use violates Federal, State, and local laws, tariffs, rules, and regulations. For purposes of this Agreement, the following shall not be considered Confidential Customer Utility Information or a derivative thereof: (i) any customer contracts, customer invoices, or any other documents created by ESE that reference estimated or actual measured customer usage information, which ESE needs to maintain for any tax, financial reporting or other legitimate business purposes consistent with the UBP or UBP DERS; and (ii) Data collected by ESE from customers through its website or other interactions based on those customers’ interest in receiving information from or otherwise engaging with ESE or its partners. b. ESE shall comply with all applicable privacy and security laws to which it is subject, including without limitation all applicable Data Protection Requirements and not, by act or omission, place Utility in violation of any privacy or security law known by ESE to be applicable to Utility. c. ESE shall have in place appropriate and reasonable processes and systems, including an Information Security Program, defined as having completed an accepted Attestation as reasonably determined by the Utility in its discretion, to protect the security of Confidential Customer Utility Information and protect against prevent a Data Security Incident, including, without limitation, a breach resulting from or arising out of ESE’s internal use, processing, or other transmission of Confidential Customer Utility Information, whether between or among ESE’s Third-Party Representatives, subsidiaries and affiliates or any other person or entity acting on behalf of ESE, including without limitation Third-Party Representatives. The Utility’s determination is subject to the dispute resolution process under the UBP or UBP DERS. d. ESE and Utility shall safely secure or encrypt during storage and encrypt during transmission all Confidential Information, except that no encryption in transit is required for email communications. e. ESE shall establish policies and procedures to provide reasonable and prompt assistance to Utility in responding to any and all requests, complaints, or other communications received from any individual who is or may be the subject of a Data Security Incident involving Confidential Customer Utility Information Processed by ESE to the extent such request, complaint or other communication relates to ESE’s Processing of such individual’s Confidential Customer Utility Information. f. ESE shall establish policies and procedures to provide all reasonable and prompt assistance to Utility in responding to any and all requests, complaints, or other communications received from any individual, government, government agency, regulatory authority, or other entity that is or may have an interest in the Confidential Customer Utility Information, data theft, or other unauthorized release of Confidential Customer Utility Information, disclosure of Confidential Customer Utility Information, or misuse of Confidential Customer Utility Information to the extent such request, complaint or other communication relates to ESE’s accessing or Processing of such Confidential Customer Utility Information. g. ESE will not process Confidential Customer Utility Information outside of the United States or Canada absent a written agreement with Utility. For the avoidance of doubt, Confidential Customer Utility Information stored in the United States or Canada, or other countries as agreed upon in writing will be maintained in a secure fashion at a secure location pursuant to the terms and conditions of this Agreement.

Additional Obligations. a. ESE x. XXXX/DC shall not create or maintain data which are derivative of Confidential Customer Utility Information except for the purpose of performing its obligations under this Agreement, Addendum or as authorized by the UBP or UBP DERS, or as expressly authorized by the customer, unless that use violates Federal, State, and local laws, tariffs, rules, and regulationsUtility. For purposes of this Agreement, the following shall not be considered Confidential Customer Utility Information or a derivative thereof: (i) any customer contracts, customer invoices, or any other documents created by ESE that reference estimated or actual measured customer usage information, which ESE needs to maintain for any tax, financial reporting or other legitimate business purposes consistent with the UBP or UBP DERS; and (ii) Data collected by ESE ESCO/DC from customers through its website or other interactions based on those customers’ interest in receiving information from or otherwise engaging with ESE ESCO/DC or its partnerspartners shall not be considered Confidential Utility Information or a derivative of Confidential Utility Information for the purpose of this Addendum. b. ESE x. XXXX/DC shall comply with all applicable privacy and security laws to which it is subject, including without limitation all applicable Data Protection Requirements and not, by act or omission, place Utility in violation of any privacy or security law known by ESE ESCO/DC to be applicable to Utility. c. ESE x. XXXX/DC shall have in place appropriate and reasonable processes and systems, including an Information Security Program, defined as having completed an accepted Attestation as reasonably determined by the Utility in its discretion, Program to protect the security of Confidential Customer Utility Information and protect against prevent a Data Security Incident, including, without limitation, a breach resulting from or arising out of ESEESCO/DC’s internal use, processingProcessing, or other transmission of Confidential Customer Utility Information, whether between or among ESEESCO/DC’s Third-Third Party Representatives, subsidiaries and affiliates or any other person or entity acting on behalf of ESEESCO/DC, including without limitation Third-Third Party Representatives. The Utility’s determination is subject to the dispute resolution process under the UBP or UBP DERS. d. ESE and Utility x. XXXX/DC shall safely secure or encrypt all Confidential Utility Information during storage and encrypt during transmission all Confidential Information, except that no encryption in transit is required for email communicationsor transmission. e. ESE x. XXXX/DC shall establish policies and procedures to provide reasonable and prompt assistance to Utility in responding to any and all requests, complaints, or other communications received from any individual who is or may be the subject of a Data Security Incident involving Confidential Customer Utility Information Processed by ESE ESCO/DC to the extent such request, complaint or other communication relates to ESEESCO/DC’s Processing of such individual’s Confidential Customer Utility Information. f. ESE x. XXXX/DC shall establish policies and procedures to provide all reasonable and prompt assistance to Utility in responding to any and all requests, complaints, or other communications received from any individual, government, government agency, regulatory authority, or other entity that is or may have an interest in the Confidential Customer Utility Information, data theft, or other unauthorized release of Confidential Customer Utility Information, disclosure of Confidential Customer Utility Information, or misuse of Confidential Customer Utility Information to the extent such request, complaint or other communication relates to ESEESCO/DC’s accessing or Processing of such Confidential Customer Utility Information. g. ESE will not process Confidential Customer Utility Information outside of the United States or Canada absent a written agreement with Utility. For the avoidance of doubt, Confidential Customer Utility Information stored in the United States or Canada, or other countries as agreed upon in writing will be maintained in a secure fashion at a secure location pursuant to the terms and conditions of this Agreement.

Additional Obligations. a. ESE shall not create or maintain data which are derivative of Confidential Customer Utility Information except for the purpose of performing its obligations under this Agreement, as authorized by the UBP or UBP DERS, or as expressly authorized by the customer, unless that use violates Federal, State, and local laws, tariffs, rules, and regulations. For purposes of this Agreement, the following shall not be considered Confidential Customer Utility Information or a derivative thereof: (i) any customer contracts, customer invoices, or any other documents created by ESE that reference estimated or actual measured customer usage information, which ESE needs to maintain for any tax, financial reporting or other legitimate business purposes consistent with the UBP or UBP DERS; and (ii) Data collected by ESE from customers through its website or other interactions based on those customers’ interest in receiving information from or otherwise engaging with ESE or its partners. b. ESE shall comply with all applicable privacy and security laws to which it is subject, including without limitation all applicable Data Protection Requirements and not, by act or omission, place Utility in violation of any privacy or security law known by ESE to be applicable to Utility. c. ESE shall have in place appropriate and reasonable processes and systems, including an Information Security Program, defined as having completed an accepted Attestation as reasonably determined by the Utility in its discretion, to protect the security of Confidential Customer Utility Information and protect against prevent a Data Security Incident, including, without limitation, a breach resulting from or arising out of ESE’s internal use, processing, or other transmission of Confidential Customer Utility Information, whether between or among ESE’s Third-Party Representatives, subsidiaries and affiliates or any other person or entity acting on behalf of ESE, including without limitation Third-Party Representatives. The Utility’s determination is subject to the dispute resolution process under the UBP or UBP DERS. d. ESE and Utility shall safely secure or encrypt during storage and encrypt during transmission all Confidential Information, except that no encryption in transit is required for email communications. e. ESE shall establish policies and procedures to provide reasonable and prompt assistance to Utility in responding to any and all requests, complaints, or other communications received from any individual who is or may be the subject of a Data Security Incident involving Confidential Customer Utility Information Processed by ESE to the extent such request, complaint or other communication relates to ESE’s Processing of such individual’s Confidential Customer Utility Information. f. ESE shall establish policies and procedures to provide all reasonable and prompt assistance to Utility in responding to any and all requests, complaints, or other communications received from any individual, government, government agency, regulatory authority, or other entity that is or may have an interest in the Confidential Customer Utility Information, data theft, or other unauthorized release of Confidential Customer Utility Information, disclosure of Confidential Customer Utility Information, or misuse of Confidential Customer Utility Information to the extent such request, complaint or other communication relates to ESE’s accessing or Processing of such Confidential Customer Utility Information. g. ESE will not process Confidential Customer Utility Information outside of the United States or Canada absent a written agreement with Utility. For the avoidance of doubt, Confidential Customer Utility Information stored in the United States or Canada, or other countries as agreed upon in writing will be maintained in a secure fashion at a secure location pursuant to the terms and conditions of this Agreement.

Additional Obligations. a. ESE NYSERDA and its Representatives shall not create or maintain data which are derivative of Confidential Customer Utility Information except for the purpose of performing its obligations under this Agreement, Agreement or as authorized by the UBP or UBP UBP-DERS, or as expressly authorized by the customer, unless that use violates Federal, State, and local laws, tariffs, rules, and regulations. For purposes of this Agreement, the following shall not be considered Confidential Customer Utility Information or a derivative thereof: (i) any customer contracts, customer invoices, or any other documents created by ESE NYSERDA or its Representatives that reference estimated or actual measured customer usage information, which ESE NYSERDA needs to maintain for any tax, financial reporting or other legitimate business purposes consistent with the UBP or UBP DERSpurposes; and (ii) Data data collected by ESE NYSERDA or its Representatives from customers through its website or other interactions based on those customers’ interest in receiving information from or otherwise engaging with ESE NYSERDA or its partners. b. ESE NYSERDA and its Representatives shall comply with all applicable privacy and security laws to which it is subject, including without limitation all applicable Data Protection Requirements and not, by act or omission, place Utility in violation of any privacy or security law known by ESE NYSERDA to be applicable to Utility. c. ESE NYSERDA and its Representatives shall have in place appropriate and reasonable processes and systems, including an Information Security Program, defined as having completed an accepted Attestation as reasonably determined by the Utility in its discretion, to protect the security of Confidential Customer Utility Information and protect against prevent a Data Security Incident, including, without limitation, a breach resulting from or arising out of ESE’s NYSERDA or its Representatives’ internal use, processingProcessing, or other transmission of Confidential Customer Utility Information, whether between or among ESENYSERDA’s Third-Party Representatives, subsidiaries and affiliates or any other person or entity acting on behalf of ESENYSERDA, including without limitation Third-Party Representatives. The Utility’s determination is subject to the dispute resolution process under the UBP or UBP UBP-DERS. d. ESE NYSERDA and its Representatives and Utility shall safely secure or encrypt during storage and encrypt during transmission all Confidential Information, except that no encryption in transit is required for email communications. e. ESE NYSERDA and its Representatives shall establish policies and procedures to provide reasonable and prompt assistance to Utility in responding to any and all requests, complaints, or other communications received from any individual who is or may be the subject of a Data Security Incident involving Confidential Customer Utility Information Processed by ESE NYSERDA or its Representatives to the extent such request, complaint or other communication relates to ESE’s NYSERDA or its Representatives’ Processing of such individual’s Confidential Customer Utility Information. f. ESE shall establish policies and procedures to provide all reasonable and prompt assistance to Utility in responding to any and all requests, complaints, or other communications received from any individual, government, government agency, regulatory authority, or other entity that is or may have an interest in the Confidential Customer Utility Information, data theft, or other unauthorized release of Confidential Customer Utility Information, disclosure of Confidential Customer Utility Information, or misuse of Confidential Customer Utility Information to the extent such request, complaint or other communication relates to ESE’s accessing or Processing of such Confidential Customer Utility Information. g. ESE will not process Confidential Customer Utility Information outside of the United States or Canada absent a written agreement with Utility. For the avoidance of doubt, Confidential Customer Utility Information stored in the United States or Canada, or other countries as agreed upon in writing will be maintained in a secure fashion at a secure location pursuant to the terms and conditions of this Agreement.

Additional Obligations. a. ESE shall not create or maintain data which are derivative of Confidential Customer Utility Company Information except for the purpose of performing its obligations under this Agreement, Agreement or as authorized by the UBP or UBP DERS, Governing Documents or as expressly authorized by the customer, unless that use violates Federal, State, and or local laws, tariffs, rules, and rules and/or regulations. For purposes of this Agreement, the following shall not be considered Confidential Customer Utility Company Information or a derivative thereof: (i) any customer contracts, customer invoices, or any other documents created by ESE that reference estimated or actual measured customer usage information, which ESE needs to maintain for any tax, financial reporting or other legitimate business purposes consistent with the UBP or UBP DERSGoverning Documents; and (ii) Data collected by ESE from customers through its website or other interactions based on those customers’ interest in receiving information from or otherwise engaging with ESE or its partners. b. ESE shall comply with all applicable privacy and security laws to which it is subject, including without limitation all applicable Data Protection Requirements and not, by act or omission, place Utility Company in violation of any privacy or security law known by ESE to be applicable to UtilityCompany. c. ESE shall have in place appropriate and reasonable processes and systems, including an Information Security Program, defined as having completed an accepted Self-Attestation attached hereto as reasonably determined Exhibit A (or in a subsequent form filed by the Utility Company in its discretiona tariff supplement for Commission review and approval), to protect the security of Confidential Customer Utility Company Information and protect against a Data Security Incident, including, without limitation, a breach resulting from or arising out of ESE’s internal use, processing, or other transmission of Confidential Customer Utility Company Information, whether between or among ESE’s Third-Third- Party Representatives, subsidiaries and affiliates or any other person or entity acting on behalf of ESE, including without limitation Third-Party Representatives. The UtilityCompany’s determination is subject to the dispute resolution process under the UBP or UBP DERSGoverning Documents. In the event the Company and ESE are unable to resolve the dispute by mutual agreement within thirty (30) days of said referral, the dispute shall be referred for mediation through the Commission’s Office of Administrative Law Judge. A party may request mediation prior to that time if it appears that informal resolution is not productive. d. ESE and Utility Company shall safely secure or encrypt during storage and encrypt during transmission all Confidential Information, except that no encryption in transit is required for email communications. e. ESE shall establish policies and procedures to provide reasonable and prompt assistance to Utility Company in responding to any and all requests, complaints, or other communications received from any individual who is or may be the subject of a Data Security Incident involving Confidential Customer Utility Company Information Processed by ESE to the extent such request, complaint or other communication relates to ESE’s Processing of such individual’s Confidential Customer Utility Company Information. f. ESE shall establish policies and procedures to provide all reasonable and prompt assistance to Utility Company in responding to any and all requests, complaints, or other communications received from any individual, government, government agency, regulatory authority, or other entity that is or may have an interest in the Confidential Customer Utility Company Information, data theft, or other unauthorized release of Confidential Customer Utility Company Information, unauthorized disclosure of Confidential Customer Utility Company Information, or misuse of Confidential Customer Utility Company Information to the extent such request, complaint or other communication relates to ESE’s accessing or Processing of such Confidential Customer Utility Company Information. g. ESE will not process Confidential Customer Utility Company Information outside of the United States or Canada absent a written agreement with UtilityCompany. For the avoidance of doubt, Confidential Customer Utility Company Information stored in the United States or Canada, or other countries as agreed upon in writing will be maintained in a secure fashion at a secure location pursuant to the terms and conditions of this Agreement. h. Any modifications to the DSA or SA will be submitted to the Pennsylvania Public Utility Commission for approval prior to implementation.

Additional Obligations. Formatted: Indent: Left: 0.5", Space After: 0 pt, Numbered + Level: 2 + Numbering Style: a, b, c, … + Start at: 1 + Alignment: Left + Aligned at: 0.56" + Indent at: 0.81" a. ESE shall not create or maintain data which are derivative of Confidential Customer Utility Information except for the purpose of performing its obligations under this Agreement, AddendumAgreement or as authorized by the Utilitythe UBP or UBP DERS, or as expressly authorized by the customer, unless that use violates Federal, State, and local laws, tariffs, rules, and regulations. For purposes of this Agreement, the following shall not be considered Confidential Customer Utility Information or a derivative thereof: (i) any customer contracts, customer invoices, or any other documents created by ESE that reference estimated or actual measured customer usage information, which ESE needs to maintain for any tax, financial reporting or other legitimate business purposes consistent with the UBP or UBP DERS; and (ii) Data collected by ESE from customers through its website or other interactions based on those customers’ interest in receiving information from or otherwise engaging with ESE or its partnerspartners shall not be considered Confidential Utility Information or a derivative of Confidential Utility Information for the purpose of this Addendum. b. ESE shall comply with all applicable privacy and security laws to which it is subject, including without limitation all applicable Data Protection Requirements and not, by act or omission, place Utility in violation of any privacy or security law known by ESE to be applicable to Utility. c. ESE shall have in place appropriate and reasonable processes and systems, including an Information Security Program, defined as having completed an accepted Attestation as reasonably determined by the Utility in its sole discretion, to protect the security of Confidential Customer Utility Information and protect against prevent a Data Security Incident, including, without limitation, a breach resulting from or arising out of ESE’s internal use, processingProcessingprocessing, or other transmission of Confidential Customer Utility Information, whether between or among ESE’s Third Third-Party Representatives, subsidiaries and affiliates or any other person or entity acting on behalf of ESE, including without limitation Third Third-Party Representatives. The Utility’s determination is subject to the dispute resolution process under the UBP or UBP DERS. d. ESE and Utility shall safely secure or encrypt all Confidential Utility Information during storage or and encrypt during transmission all Confidential Information, except that no encryption in transit is required for email communications. e. ESE shall establish policies and procedures to provide reasonable and prompt assistance to Utility in responding to any and all requests, complaints, or other communications received from any individual who is or may be the subject of a Data Security Incident involving Confidential Customer Utility Information Processed by ESE to the extent such request, complaint or other communication relates to ESE’s Processing of such individual’s Confidential Customer Utility Information. f. ESE shall establish policies and procedures to provide all reasonable and prompt assistance to Utility in responding to any and all requests, complaints, or other communications received from any individual, government, government agency, regulatory authority, or other entity that is or may have an interest in the Confidential Customer Utility Information, data theft, or other unauthorized release of Confidential Customer Utility Information, disclosure of Confidential Customer Utility Information, or misuse of Confidential Customer Utility Information to the extent such request, complaint or other communication relates to ESE’s accessing or Processing of such Confidential Customer Utility Information. g. ESE will not process Confidential Customer Utility Information outside of the United States or Canada absent a written agreement with Utility. For the avoidance of doubt, Confidential Customer Utility Information stored in the United States or Canada, or other countries as agreed upon in writing will be maintained in a secure fashion at a secure location pursuant to the terms and conditions of this Agreement.

Additional Obligations. a. ESE shall not create or maintain data which are derivative of Confidential Customer Utility Information except for the purpose of performing its obligations under this Agreement, Addendum or as authorized by the UBP or UBP DERS, or as expressly authorized by the customer, unless that use violates Federal, State, and local laws, tariffs, rules, and regulationsUtility. For purposes of this Agreement, the following shall not be considered Confidential Customer Utility Information or a derivative thereof: (i) any customer contracts, customer invoices, or any other documents created by ESE that reference estimated or actual measured customer usage information, which ESE needs to maintain for any tax, financial reporting or other legitimate business purposes consistent with the UBP or UBP DERS; and (ii) Data collected by ESE from customers through its website or other interactions based on those customers’ interest in receiving information from or otherwise engaging with ESE or its partnerspartners shall not be considered Confidential Utility Information or a derivative of Confidential Utility Information for the purpose of this Addendum.the UBP or Utility. b. ESE shall comply with all applicable privacy and security laws to which it is subject, including without limitation all applicable Data Protection Requirements and not, by act or omission, place Utility in violation of any privacy or security law known by ESE to be applicable to Utility. c. ESE shall have in place appropriate and reasonable processes and systems, including an Information Security Program, defined as having completed an accepted Attestation as reasonably determined by the Utility Utilityprovided for in its discretionsole discretionSection 5 herein, to protect the security of Confidential Customer Utility Information and protect against prevent a confirmed Data Security Incident, including, without limitation, a breach resulting from or arising out of ESE’s internal use, processingProcessing, or other transmission of Confidential Customer Utility Information, whether between or among ESE’s Third-Third Party Representatives, subsidiaries and affiliates or any other person or entity acting on behalf of ESE, including without limitation Third-Third Party Representatives. The Utility’s determination is subject to the dispute resolution process under the UBP or UBP DERS. d. ESE and Utility ESEThe Parties shall safely secure or encrypt encryptprotect all Confidential Utility Information during storage and encrypt during transmission all Confidential Information, except that no encryption in transit is required for email communicationsor transmission. e. ESE shall establish policies and procedures to provide reasonable and prompt assistance to Utility in responding to any and all requests, complaints, or other communications received from any individual who is or may be the subject of a Data Security Incident involving Confidential Customer Utility Information Processed by ESE to the extent such request, complaint or other communication relates to ESE’s Processing of such individual’s Confidential Customer Utility Information. f. ESE shall establish policies and procedures to provide all reasonable and prompt assistance to Utility in responding to any and all requests, complaints, or other communications received from any individual, government, government agency, regulatory authority, or other entity that is or may have an interest in the Confidential Customer Utility Information, data theft, or other unauthorized release of Confidential Customer Utility Information, disclosure of Confidential Customer Utility Information, or misuse of Confidential Customer Utility Information to the extent such request, complaint or other communication relates to ESE’s accessing or Processing of such Confidential Customer Utility Information. g. ESE will not process Confidential Customer Utility Information outside of the United States or Canada absent a written agreement with Utility. For the avoidance of doubt, Confidential Customer Utility Information stored in the United States or Canada, or other countries as agreed upon in writing will be maintained in a secure fashion at a secure location pursuant to the terms and conditions of this Agreement.

Additional Obligations. a. ESE ESCOESE shall not create or maintain data which are derivative of Confidential Customer Utility Utility[PAC37] Information except for the purpose of performing its obligations under this Agreement, Addendum or as authorized by the UBP or UBP DERS, or as expressly authorized by the customer, unless that use violates Federal, State, and local laws, tariffs, rules, and regulationsUtility. For purposes of this Agreement, the following shall not be considered Confidential Customer Utility Information or a derivative thereof: (i) any customer contracts, customer invoices, or any other documents created by ESE that reference estimated or actual measured customer usage information, which ESE needs to maintain for any tax, financial reporting or other legitimate business purposes consistent with the UBP or UBP DERS; and (ii) Data collected by ESE ESCOESE from customers through its website or other interactions based on those customers’ interest in receiving information from or otherwise engaging with ESE ESCOESE or its partnerspartners shall not be considered Confidential Utility Information or a derivative of Confidential Utility Information for the purpose of this Addendum. b. ESE ESCOESE shall comply with all applicable privacy and security laws to which it is subject, including without limitation all applicable Data Protection Requirements and not, by act or omission, place Utility in violation of any privacy or security law known by ESE ESCOESE to be applicable to UtilityUtility[PAC38]. c. ESE ESCOESE shall have in place appropriate and reasonable processes and systems, including an Information Security Program, defined as having completed an accepted Attestation as reasonably determined by the Utility in its sole discretion, to protect the security of Confidential Customer Utility Information and protect against prevent a Data Security Incident, including, without limitation, a breach resulting from or arising out of ESEESCOESE’s internal use, processingProcessing, or other transmission of Confidential Customer Utility Information, whether between or among ESEESCOESE’s Third-Third Party Representatives, subsidiaries and affiliates or any other person or entity acting on behalf of ESEESCOESE, including without limitation Third-Third Party Representatives. The Utility’s determination is subject to the dispute resolution process under the UBP or UBP DERS. d. ESE and Utility ESCOESE shall safely secure or encrypt all Confidential Utility Information during storage and encrypt during transmission all Confidential Information, except that no encryption in transit is required for email communicationsor transmission. e. ESE ESCOESE shall establish policies and procedures to provide reasonable and prompt prompt[PAC39] assistance to Utility in responding to any and all requests, complaints, or other communications received from any individual who is or may be the subject of a Data Security Incident involving Confidential Customer Utility Information Processed by ESE ESCOESE to the extent such request, complaint or other communication relates to ESEESCOESE’s Processing of such individual’s Confidential Customer Utility Information. f. ESE ESCOESE shall establish policies and procedures to provide all reasonable and prompt assistance to Utility in responding to any and all requests, complaints, or other communications received from any individual, government, government agency, regulatory authority, or other entity that is or may have an interest in the Confidential Customer Utility Information, data theft, or other unauthorized release of Confidential Customer Utility Information, disclosure of Confidential Customer Utility Information, or misuse of Confidential Customer Utility Information to the extent such request, complaint or other communication relates to ESEESCOESE’s accessing or Processing of such Confidential Customer Utility Information. g. ESE will not process Confidential Customer Utility Information outside of the United States or Canada absent a written agreement with Utility. For the avoidance of doubt, Confidential Customer Utility Information stored in the United States or Canada, or other countries as agreed upon in writing will be maintained in a secure fashion at a secure location pursuant to the terms and conditions of this Agreement.