Common use of Colorado Clause in Contracts

Colorado. If the First Party has determined that the Consumer is a resident of Colorado, the Service Provider shall: (i) notwithstanding the instructions of the First Party: (1) ensure that each person Processing the Personal Information is subject to a duty of confidentiality with respect to the Personal Information; and (2) engage a Subprovider only after providing the First Party with an opportunity to object and pursuant to a written contract in accordance with Section 8.4 that requires the Subprovider to meet the obligations of the Processor with respect to the Personal Information being Processed; (ii) taking into account the context of Processing, and with the First Party, implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk and establish a clear allocation of the responsibilities between the First Party and the Service Provider to implement the measures; (iii) at the choice of the First Party, delete Personal Information Processed on behalf of the First Party as requested at the end of the provision of services, unless retention of the Personal Information is required by applicable law; (iv) make available to the First Party all information necessary to demonstrate compliance with the obligations in this Agreement and the CPA; and (v) allow for, and participate in, reasonable audits and inspections by the First Party or the First Party’s designated auditor. Alternatively, with the First Party’s consent, the Service Provider may arrange for a qualified and independent auditor to conduct, at least annually and at the Service Provider’s expense, an audit of the Service Provider’s policies and technical and organizational measures in support of the obligations under this Agreement and the CPA using an appropriate and accepted control standard or framework and audit procedure for the audits as applicable. The Service Provider shall provide a report of the audit to the First Party upon request.

Colorado. If the First Party has determined that the Consumer is a resident of Colorado, the Service Provider shall: (i) notwithstanding the instructions of the First Party: (1) ensure that each person Person Processing the Personal Information is subject to a duty of confidentiality with respect to the Personal Information; and (2) engage a Subprovider only after providing the First Party with an opportunity to object and pursuant to a written contract in accordance with Section 8.4 8.3 that requires the Subprovider to meet the obligations of the Processor with respect to the Personal Information being Processed; (ii) taking into account the context of Processing, and with the First Party, implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk and establish a clear allocation of the responsibilities between the First Party and the Service Provider to implement the measures; (iii) at the choice of the First Party, delete Personal Information Processed on behalf of the First Party as requested at the end of the provision of services, unless retention of the Personal Information is required by applicable law; (iv) make available to the First Party all information necessary to demonstrate compliance with the obligations in this Agreement and the CPAColorado Act; and (v) allow for, and participate in, reasonable audits and inspections by the First Party or the First Party’s designated auditor. Alternatively, with the First Party’s consent, the Service Provider may arrange for a qualified and independent auditor to conduct, at least annually and at the Service Provider’s expense, an audit of the Service Provider’s policies and technical and organizational measures in support of the obligations under this Agreement and the CPA Colorado Act using an appropriate and accepted control standard or framework and audit procedure for the audits as applicable. The Service Provider shall provide a report of the audit to the First Party upon request.