Compliance & Privacy Sample Clauses

Compliance & Privacy. All public sector cloud data must reside in the continental U.S. Numerous regulations pertain to the storage and use of data, including federal laws and regulations such as FISMA, the National Archives and Records Management Act (NARMA), North Carolina Records Retention and Disposition Schedule, Payment Card Industry Data Security Standard (PCI DSS), the Health Insurance Portability and Accountability Act (HIPAA), and the Xxxxxxxx-Xxxxx Act, among others. Many of these regulations require regular reporting and audit trails. Cloud providers must enable their customers to comply appropriately with these regulations. Please provide details of these controls. Provider must ensure that all critical data (credit card numbers, for example) are masked and that only authorized users have access to data in its entirety. Moreover, digital identities and credentials must be protected as should any data that the provider collects or produces about customer activity in the cloud. Please provide details of these controls. City data will not be used for vendor advertising or other promotional purposes. City data will not be sold to third parties. Please provide details of these controls. Provider has the ability to preserve, identify, collect, process, analyze and produce all forms of electronic files. All public sector cloud data must be discoverable in accordance with state and federal laws. Please provide details of these controls. Provider must comply with North Carolina statutes when dealing with legal issues, such as Contracts and E-Discovery, which may vary by state. Providers must also comply with the North Carolina Municipal Records Retention and Disposition Schedule. xxxx://xxxxxxxx.xxx/ich/cco/Documents/retention_09.pdf In addition to producing logs and audit trails, provider must work with the City to ensure that these logs and audit trails are properly secured, maintained for as long as the City requires, and are accessible for the purposes of forensic investigation (e.g., e-Discovery). Please provide details of these controls. Because so much of what’s behind the cloud is hidden, the City may need to conduct an audit or review past performance and certifications to gain a degree of trust as to what is going on within the infrastructure where our data will reside. It is critical that the provider allow for external audits. Many cloud providers do not allow customers to enter their data centers. In that case, it is important that they have provisions to allow ...
Sample 1Sample 2Sample 3
AutoNDA by SimpleDocs
Compliance & Privacy. The Purchased IP is in compliance with all terms of service, terms of use, privacy policies and similar agreements or policies and applicable law governing the offering or provision of the products arising from the Purchased IP.
Sample 1
Compliance & Privacy. (a) Xxxxxxx’x performance and Company’s receipt of the Services and Alliance Benefits are subject to any requirements and restrictions under: (i) Applicable Laws, including (A) the U.S. federal Anti-Kickback Statute (42 U.S.C. § 1320a-7b) and its implementing regulations, the federal Physician Self-Referral Law (42 U.S.C. § 1395nn) and its implementing regulations, the U.S. federal Foreign Corrupt Practices Act (15 U.S.C. §§ 77d1, 78m), and the U.S. federal False Claims Act (31 U.S.C. § 3729 et seq.), (B) those setting forth privacy, data security, breach notification, or data protection requirements for protected health information, personal information, personally identifiable information, personal data, or similar terms, and (C) protections for human subjects participating in Clinical Trials or other human subjects research, in addition to other cGCP guidelines and standards; (ii) IRB determinations, approvals, instructions, policies, or other requirements; (iii) the terms of any Informed Consent, HIPAA authorization, or other privacy consent, or IRB waiver or alteration of Informed Consent, HIPAA Authorization, or other privacy consent (as applicable), and (iv) applicable Moffitt policies and procedures. Without limiting the generality of the foregoing, if Company receives any individually identifiable health information (“IIHI”), as such term is defined in HIPAA, regarding any individual under an Underlying Agreement or this Agreement, the disclosure of which had not been authorized by such individual, Company shall hold the same in confidence in compliance with all Applicable Laws regarding the confidentiality of such records and Company will protect the confidentiality and security of the IIHI as if Company is a “covered entity,” as such term is defined in HIPAA.
Sample 1

Related to Compliance & Privacy

  • Compliance with Privacy Laws NCPS represents and warrants that its collection, access, use, storage, disposal and disclosure of Personal Data does and will comply with all applicable federal and state privacy and data protection laws, as well as all other applicable regulations. Without limiting the foregoing, NCPS shall implement administrative, physical and technical safeguards to protect Personal Data that are no less rigorous than accepted industry, and shall ensure that all such safeguards, including the manner in which Personal Data is collected, accessed, used, stored, processed, disposed of and disclosed, comply with applicable data protection and privacy laws, as well as the terms and conditions of this Escrow Agreement. NCPS shall use and disclose Personal Data solely and exclusively for the purposes for which the Personal Data, or access to it, is provided pursuant to the terms and conditions of this Escrow Agreement, and not use, sell, rent, transfer, distribute, or otherwise disclose or make available Personal Data for NCPS’s own purposes or for the benefit of any party other than Issuer. For purposes of this section, “Personal Data” shall mean information provided to NCPS by or at the direction of the Issuer, or to which access was provided to NCPS by or at the direction of the Issuer, in the course of NCPS’s performance under this Escrow Agreement that: (i) identifies or can be used to identify an individual (also known as a “data subject”) (including, without limitation, names, signatures, addresses, telephone numbers, e-mail addresses and other unique identifiers); or (ii) can be used to authenticate an individual (including, without limitation, employee identification numbers, government-issued identification numbers, passwords or PINs, financial account numbers, credit report information, biometric or health data, answers to security questions and other personal identifiers), including the identifying information on individuals described in Section 12.

  • Compliance with Data Privacy Laws The Company and its Subsidiaries are, and at all prior times were, in material compliance with all applicable state and federal data privacy and security laws and regulations, including, without limitation, HIPAA, and the Company and its Subsidiaries are in compliance with the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) as applicable (collectively, the “Privacy Laws”). To ensure compliance with the Privacy Laws, the Company and its Subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). The Company and its Subsidiaries have, to the knowledge of the Company, at all times made all disclosures to users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. The Company further certifies that neither it nor any Subsidiary: (i) has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

  • Compliance Program The Company has established and administers a compliance program applicable to the Company, to assist the Company and the directors, officers and employees of the Company in complying with applicable regulatory guidelines (including, without limitation, those administered by the FDA, the EMA, and any other foreign, federal, state or local governmental or regulatory authority performing functions similar to those performed by the FDA or EMA); except where such noncompliance would not reasonably be expected to have a Material Adverse Effect.

  • Regulation M Compliance The Company has not, and to its knowledge no one acting on its behalf has, (i) taken, directly or indirectly, any action designed to cause or to result in the stabilization or manipulation of the price of any security of the Company to facilitate the sale or resale of any of the Securities, (ii) sold, bid for, purchased, or, paid any compensation for soliciting purchases of, any of the Securities, or (iii) paid or agreed to pay to any Person any compensation for soliciting another to purchase any other securities of the Company, other than, in the case of clauses (ii) and (iii), compensation paid to the Company’s placement agent in connection with the placement of the Securities.

  • Compliance Procedures The Adviser will, in accordance with Rule 206(4)-7 of the Advisers Act, adopt and implement written policies and procedures reasonably designed to prevent violations of the Advisers Act and will provide the Trust with copies of such written policies and procedures upon request.

  • Reporting Requirements The Company, during the period when the Prospectus is required to be delivered under the 1933 Act or the 1934 Act, will file all documents required to be filed with the Commission pursuant to the 1934 Act within the time periods required by the 1934 Act and the 1934 Act Regulations.

Time is Money Join Law Insider Premium to draft better contracts faster.