Use and Disclosure of Confidential Information Notwithstanding anything to the contrary contained in this Agreement, and in addition to and not in lieu of other provisions in this Agreement:
Authorization to Release and Transfer Necessary Personal Information The Grantee hereby explicitly and unambiguously consents to the collection, use and transfer, in electronic or other form, of the Grantee’s personal data by and among, as applicable, the Company and its Subsidiaries for the exclusive purpose of implementing, administering and managing the Grantee’s participation in the Plan. The Grantee understands that the Company may hold certain personal information about the Grantee, including, but not limited to, the Grantee’s name, home address and telephone number, date of birth, social security number (or any other social or national identification number), salary, nationality, job title, number of Award Units and/or shares of Common Stock held and the details of all Award Units or any other entitlement to shares of Common Stock awarded, cancelled, vested, unvested or outstanding for the purpose of implementing, administering and managing the Grantee’s participation in the Plan (the “Data”). The Grantee understands that the Data may be transferred to the Company or to any third parties assisting in the implementation, administration and management of the Plan, that these recipients may be located in the Grantee’s country or elsewhere, and that any recipient’s country (e.g., the United States) may have different data privacy laws and protections than the Grantee’s country. The Grantee understands that he or she may request a list with the names and addresses of any potential recipients of the Data by contacting his or her local human resources representative or the Company’s stock plan administrator. The Grantee authorizes the recipients to receive, possess, use, retain and transfer the Data, in electronic or other form, for the sole purpose of implementing, administering and managing the Grantee’s participation in the Plan, including any requisite transfer of such Data to a broker or other third party assisting with the administration of Award Units under the Plan or with whom shares of Common Stock acquired pursuant to the vesting of the Award Units or cash from the sale of such shares may be deposited. Furthermore, the Grantee acknowledges and understands that the transfer of the Data to the Company or to any third parties is necessary for the Grantee’s participation in the Plan. The Grantee understands that the Grantee may, at any time, view the Data, request additional information about the storage and processing of the Data, require any necessary amendments to the Data or refuse or withdraw the consents herein by contacting the Grantee’s local human resources representative or the Company’s stock plan administrator in writing. The Grantee further acknowledges that withdrawal of consent may affect his or her ability to vest in or realize benefits from the Award Units, and the Grantee’s ability to participate in the Plan. For more information on the consequences of refusal to consent or withdrawal of consent, the Grantee understands that he or she may contact his or her local human resources representative or the Company’s stock plan administrator.
Permitted Use and Disclosures Each Party hereto may use or disclose Information disclosed to it by the other Party to the extent such use or disclosure: (i) is reasonably necessary in complying with Applicable Laws or otherwise submitting information to tax or other governmental authorities, (ii) is provided by the receiving Party to Third Parties, on a strictly as-needed basis, for consulting services, conducting Preclinical or Clinical Development, CMC/Process Development, Manufacturing, external testing, market research, or otherwise exercising its rights or performing its obligations hereunder; provided, that such Third Parties are obligated to maintain the confidentiality of such other Party’s Information as set forth herein for the benefit of such other Party for a period of at least the term of the agreement with such Third Party and for a period of *** thereafter; (iii) is included in submissions by the receiving Party to Governmental Authorities to facilitate the issuance of approvals for NDAs and NDA Equivalents for the Product, provided that reasonable measures shall be taken to assure confidential treatment of such Information; or (iv) is to Third Parties in connection with a receiving Party’s efforts to secure financing or enter into strategic partnerships, provided such Information is disclosed only on a need-to-know basis and under confidentiality provisions at least as stringent as those in this Agreement. Additionally, Bayer may disclose to Mitsui any Information received from Licensee hereunder; provided, that such disclosure is reasonably considered by Bayer to be necessary to comply with the terms and conditions of the Patent License Agreement; and further provided, that Mitsui is obligated to maintain the confidentiality of Licensee’s Information as set forth herein for the benefit of Licensee. Notwithstanding the foregoing, if a receiving Party is required to make any such disclosure of the disclosing Party’s confidential Information, other than pursuant to a confidentiality agreement, the receiving Party will give reasonable advance notice to the disclosing Party of such disclosure and, save to the extent inappropriate in the case of patent applications, will use its reasonable efforts to secure confidential treatment of such Information prior to its disclosure (whether through protective orders or otherwise).
Permitted Uses and Disclosures i. Business Associate shall use and disclose PHI only to accomplish Business Associate’s obligations under the Contract.
i. To the extent Business Associate carries out one or more of Covered Entity’s obligations under Subpart E of 45 C.F.R. Part 164, Business Associate shall comply with any and all requirements of Subpart E that apply to Covered Entity in the performance of such obligation.
ii. Business Associate may disclose PHI to carry out the legal responsibilities of Business Associate, provided, that the disclosure is Required by Law or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that:
A. the information will remain confidential and will be used or disclosed only as Required by Law or for the purpose for which Business Associate originally disclosed the information to that person, and;
B. the person notifies Business Associate of any Breach involving PHI of which it is aware.
iii. Business Associate may provide Data Aggregation services relating to the Health Care Operations of Covered Entity. Business Associate may de-identify any or all PHI created or received by Business Associate under this Agreement, provided the de-identification conforms to the requirements of the HIPAA Rules.
Use and Disclosure of Protected Health Information The Business Associate must not use or further disclose protected health information other than as permitted or required by the Contract or as required by law. The Business Associate must not use or further disclose protected health information in a manner that would violate the requirements of HIPAA Regulations.
Permitted Uses and Disclosure by Business Associate (1) General Use and Disclosure Provisions Except as otherwise limited in this Section of the Contract, Business Associate may use or disclose PHI to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in this Contract, provided that such use or disclosure would not violate the HIPAA Standards if done by Covered Entity or the minimum necessary policies and procedures of the Covered Entity.
Handling Sensitive Personal Information and Breach Notification A. As part of its contract with HHSC Contractor may receive or create sensitive personal information, as section 521.002 of the Business and Commerce Code defines that phrase. Contractor must use appropriate safeguards to protect this sensitive personal information. These safeguards must include maintaining the sensitive personal information in a form that is unusable, unreadable, or indecipherable to unauthorized persons. Contractor may consult the “Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals” issued by the U.S. Department of Health and Human Services to determine ways to meet this standard.
B. Contractor must notify HHSC of any confirmed or suspected unauthorized acquisition, access, use or disclosure of sensitive personal information related to this Contract, including any breach of system security, as section 521.053 of the Business and Commerce Code defines that phrase. Contractor must submit a written report to HHSC as soon as possible but no later than 10 business days after discovering the unauthorized acquisition, access, use or disclosure. The written report must identify everyone whose sensitive personal information has been or is reasonably believed to have been compromised.
C. Contractor must either disclose the unauthorized acquisition, access, use or disclosure to everyone whose sensitive personal information has been or is reasonably believed to have been compromised or pay the expenses associated with HHSC doing the disclosure if:
1. Contractor experiences a breach of system security involving information owned by HHSC for which disclosure or notification is required under section 521.053 of the Business and Commerce Code; or
2. Contractor experiences a breach of unsecured protected health information, as 45 C.F.R. §164.402 defines that phrase, and HHSC becomes responsible for doing the notification required by 45 C.F.R. §164.404. HHSC may, at its discretion, waive Contractor's payment of expenses associated with HHSC doing the disclosure.
Permitted Uses and Disclosures by Business Associate Except as otherwise limited by this Agreement, Business Associate may make any uses and disclosures of Protected Health Information necessary to perform its services to Covered Entity and otherwise meet its obligations under this Agreement, if such use or disclosure would not violate the Privacy Rule if done by Covered Entity. All other uses or disclosures by Business Associate not authorized by this Agreement or by specific instruction of Covered Entity are prohibited.
Identification and Disclosure of Privacy and Security Offices Business Associate and Subcontractors shall provide, within ten (10) days of the execution of this agreement, written notice to the Covered Entity’s contract/grant manager the names and contact information of both the HIPAA Privacy Officer and HIPAA Security Officer. This information must be updated any time either of these contacts changes.
UPDATING AND DISCLOSING FINANCIAL INFORMATION You will provide facts
