Common use of Confidentiality and Data Security Clause in Contracts

Confidentiality and Data Security. Contractor agrees and warrants that it will maintain in strict confidence Confidential Information. The term “Confidential Information” includes (i) any information Mercy Corps provides to Contractor that Mercy Corps identifies as confidential; (ii) the terms and conditions of this Agreement (including all Statements of Services); (iii) nonpublic information concerning the affairs, activities, policies, proposals, projects, employees, donors or potential donors, finances, property or method(s) of operation, trade secrets, know-how and similar information of Mercy Corps, its affiliates, as well as any third party and its affiliates with which Mercy Corps may collaborate, and (iv) any Mercy Corps information that contains personally identifiable information hereby defined as information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual (referred to as “PII”). Contractor agrees to the following: a. Contractor will comply with the Mercy Corps’ Responsible Data Policy and all Federal, State and applicable laws and regulations governing the confidentiality and privacy of the information provided under this Agreement. b. Contractor will treat Confidential Information with the same standard of care that it may use to maintain its own confidential information, provided that the standard is not negligent. This includes maintaining appropriate technical and organizational measures to protect Confidential Information against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and provide a level of security appropriate to the risk represented by the processing and the nature of the data to be protected. c. Contractor agrees to the implement and follow additional data security requirements concerning PII and hereby represents and warrants the following: 1) At all times during the term of this Agreement, with respect to PII, Contractor is capable of providing, and will maintain, reasonable physical, technical and administrative safeguards appropriate for any PII received from Mercy Corps, or created or received on Mercy Corps’ behalf: 2) Contractor will ensure that any transmission specifically of donor data containing PII between Mercy Corps and Contractor is conducted via secure FTP or secure/encrypted email, or other mutually agreed upon secure file sharing platform; and 3) Contractor will maintain sufficient procedures to detect and respond to any attempted unauthorized acquisition or use of PII in paper or electronic form or interference with information system operations affecting electronic PII. d. Contractor agrees to use Confidential Information only as required by to perform its services for Mercy Corps under this Agreement, and will not reveal it to a third party or use for any other purpose without the prior written consent of Mercy Corps. Except as otherwise authorized in advance by Mercy Corps, Contractor will not provide to any third party either access to, or information about, Mercy Corps systems, platforms, and other mechanisms without the express written permission in each instance. e. At the termination of the Agreement, Contractor will return to Mercy Corps all Confidential Information provided by Mercy Corps to Contractor, or otherwise take appropriate measures as requested by Mercy Corps to remove any copies of Confidential Information in Contractor’s possession and cause its subcontractors, agents, and others involved in the services to do the same.

Confidentiality and Data Security. Contractor agrees and warrants that it will maintain in strict confidence Confidential Information. The term “Confidential Information” includes (i) any information Mercy Corps provides to Contractor that Mercy Corps identifies as confidential; (ii) the terms and conditions of this Agreement (including all Statements of Services); (iii) nonpublic information concerning the affairs, activities, policies, proposals, projects, employees, donors or potential donors, finances, property or method(s) of operation, trade secrets, know-how and similar information of Mercy Corps, its affiliates, as well as any third party and its affiliates with which Mercy Corps may collaborate, and (iv) any Mercy Corps information that contains personally identifiable information hereby defined as information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual (referred to as “PII”). Contractor agrees to the following: a. Contractor will comply with the Mercy Corps’ Responsible Data Policy and all Federal, State and applicable laws and regulations governing the confidentiality and privacy of the information provided under this Agreement.. If Contractor will be processing Confidential Information of persons that are subject to General Data Protection Regulation (GDPR), then Contractor shall complete and adhere to Schedule III to this agreement, including providing Mercy Corps with a complete and accurate list of data sub-processors that will be utilized
as part of Contractor operations. Mercy Corps reserves the right to reject any sub-processors that, in its sole discretion, it deems inadequate to comply with the terms herein related to data processing.
b. Contractor will treat Confidential Information with the same standard of care that it may use to maintain its own confidential information, provided that the standard is not negligent. This includes maintaining appropriate technical and organizational measures to protect Confidential Information against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and provide a level of security appropriate to the risk represented by the processing and the nature of the data to be protected. c. Contractor agrees to the implement and follow additional data security requirements concerning PII and hereby represents and warrants the following: 1) At all times during the term of this Agreement, with respect to PII, Contractor is capable of providing, and will maintain, reasonable physical, technical and administrative safeguards appropriate for any PII received from Mercy Corps, or created or received on Mercy Corps’ behalf: 2) Contractor will ensure that any transmission specifically of donor data containing PII between Mercy Corps and Contractor is conducted via secure FTP or secure/encrypted email, or other mutually agreed upon secure file sharing platform; and 3) Contractor will maintain sufficient procedures to detect and respond to any attempted unauthorized acquisition or use of PII in paper or electronic form or interference with information system operations affecting electronic PII. d. Contractor agrees to use Confidential Information only as required by to perform its services for Mercy Corps under this Agreement, and will not reveal it to a third party or use for any other purpose without the prior written consent of Mercy Corps. Except as otherwise authorized in advance by Mercy Corps, Contractor will not provide to any third party either access to, or information about, Mercy Corps systems, platforms, and other mechanisms without the express written permission in each instance. e. At the termination of the Agreement, Contractor will return to Mercy Corps all Confidential Information provided by Mercy Corps to Contractor, or otherwise take appropriate measures as requested by Mercy Corps to remove any copies of Confidential Information in Contractor’s possession and cause its subcontractors, agents, and others involved in the services to do the same.

Confidentiality and Data Security. Contractor agrees 7.1 Each party shall treat information received from the other that is designated as “confidential” at or prior to disclosure (“Confidential Information”) as strictly confidential. FIS designates all information relating to the Services, Third Party Services, Software, Deliverables, Specifications and warrants that it will maintain in strict confidence the terms of the Agreement as its Confidential Information. The term Client designates non-public financial information that is personally identifiable to a Customer (referenced in the Xxxxx-Xxxxx-Xxxxxx Act of 1999 as “Non-public Personal Information” or “NPI”) as its Confidential Information” includes . 7.2 Each party shall: (i) any information Mercy Corps provides restrict disclosure of the other party’s Confidential Information to Contractor that Mercy Corps identifies as confidentialemployees and agents solely on a “need to know” basis in accordance with the Agreement; (ii) the terms advise its employees and conditions agents of this Agreement (including all Statements of Services)their confidentiality obligations; (iii) nonpublic information concerning require agents to protect and restrict the affairs, activities, policies, proposals, projects, employees, donors or potential donors, finances, property or method(s) use of operation, trade secrets, know-how and similar information of Mercy Corps, its affiliates, as well as any third party and its affiliates with which Mercy Corps may collaborate, and the other party’s Confidential Information; (iv) use the same degree of care to protect the other party’s Confidential Information as it uses to safeguard its own Confidential Information of similar importance; (v) establish procedural, physical and electronic safeguards, designed to meet the objectives of the FFIEC Interagency Guidelines, to prevent the compromise or unauthorized disclosure of Confidential Information; and (vi) notify the other party of any Mercy Corps information unauthorized possession or use of its Confidential Information as soon as possible following notice of that contains personally identifiable information hereby defined unauthorized use or possession. FIS shall promptly notify Client of any incident that has resulted or is likely to result in the misuse of NPI, and shall comply with all Laws regarding NPI that are applicable to it as information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual (referred to as “PII”)third party processor. Contractor agrees FIS shall adhere to the following: a. Contractor will comply with the Mercy Corps’ Responsible Data Policy privacy policies and all Federal, State and applicable laws and regulations governing the confidentiality and privacy of the information provided under this Agreement. b. Contractor will treat Confidential Information with the same standard of care that it may use to maintain its own confidential information, provided that the standard is not negligent. This includes maintaining appropriate technical and organizational security measures to protect the Non-public Personal Information of Client’s customers imposed pursuant to Title V of the Xxxxx-Xxxxx-Xxxxxx Act of 1999 and Massachusetts data privacy laws and regulations, including Mass. X.X. x. 93H, 201 C.M.R. §17 (Standards for the Protection of Personal Information of Residents of the Commonwealth), and any other Massachusetts data privacy law and regulations which may subsequently be enacted and issued, all as they may be modified from time to time. FIS shall not send or store any Non-public Personal Information of Client’s customers outside of the United States. 7.3 Confidential Information against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and provide a level of security appropriate to shall remain the risk represented by the processing and the nature property of the data party from or through whom it was provided. Except for NPI, neither party shall be obligated to preserve the confidentiality of any information that: (i) was previously known; (ii) is a matter of public knowledge; (iii) was or is independently developed; (iv) is released for disclosure with written consent; or (v) is received from a third party to whom it was disclosed without restriction. Disclosure of Confidential Information shall be protected. c. Contractor agrees permitted if it is: (a) required by law; (b) in connection with the tax treatment or tax structure of the Agreement; or (c) in response to a valid order of a U.S. court or other governmental body, provided the implement owner receives written notice and follow additional data security requirements concerning PII and hereby represents and warrants the following: 1) At all times during the term is afforded a reasonable opportunity to obtain a protective order. Upon partial termination of this Agreement, Agreement with respect to PIIone or more services, Contractor is capable of providing, and will maintain, reasonable physical, technical and administrative safeguards appropriate for any PII each party shall destroy the other party’s Confidential Information relating exclusively to that service according to written instructions received from Mercy Corpsby the party disclosing such Confidential Information, or created or if the other party that received on Mercy Corps’ behalf: 2) Contractor will ensure that any transmission specifically of donor data containing PII between Mercy Corps and Contractor is conducted via secure FTP or secure/encrypted email, or other mutually agreed upon secure file sharing platform; and 3) Contractor will maintain sufficient procedures to detect and respond to any attempted unauthorized acquisition or use of PII in paper or electronic form or interference with information system operations affecting electronic PII. d. Contractor agrees to use such Confidential Information only as required by declines to perform its services for Mercy Corps under this Agreementfollow such instructions, and will not reveal it said Confidential Information shall be returned to a third party or use for any other purpose without the prior written consent of Mercy Corpsdisclosing party. Except as otherwise authorized in advance by Mercy Corps, Contractor will not provide to any third party either access to, or information about, Mercy Corps systems, platforms, and other mechanisms without the express written permission in each instance. e. At the Upon termination of the Agreement, Contractor will return to Mercy Corps all each party shall destroy any remaining Confidential Information provided by Mercy Corps to Contractor, or otherwise take appropriate measures as requested by Mercy Corps to remove any copies of Confidential Information in Contractor’s possession and cause its subcontractors, agents, and others involved the other party in the services same manner or, return it to do the samedisclosing party at its expense.

Confidentiality and Data Security. Contractor agrees and warrants that it will maintain in strict confidence Confidential Information. The term “Confidential Information” includes (i) any information Mercy Corps provides to Contractor that Mercy Corps identifies as confidential; (ii) the terms and conditions of this Agreement (including all Statements of Services); (iii) nonpublic information concerning the affairs, activities, policies, proposals, projects, employees, donors or potential donors, finances, property or method(s) of operation, trade secrets, know-know- how and similar information of Mercy Corps, its affiliates, as well as any third party and its affiliates with which Mercy Corps may collaborate, and (iv) any Mercy Corps information that contains personally identifiable information hereby defined as information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual (referred to as “PII”). Contractor agrees to the following: a. Contractor will comply with the Mercy Corps’ Responsible Data Policy and all Federal, State and applicable laws and regulations governing the confidentiality and privacy of the information provided under this Agreement. b. Contractor will treat Confidential Information with the same standard of care that it may use to maintain its own confidential information, provided that the standard is not negligent. This includes maintaining appropriate technical and organizational measures to protect Confidential Information against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and provide a level of security appropriate to the risk represented by the processing and the nature of the data to be protected. c. Contractor agrees to the implement and follow additional data security requirements concerning PII and hereby represents and warrants the following: 1) i. At all times during the term of this Agreement, with respect to PII, Contractor is capable of providing, and will maintain, reasonable physical, technical and administrative safeguards appropriate for any PII received from Mercy Corps, or created or received on Mercy Corps’ behalf:; 2) ii. Contractor will ensure that any transmission specifically of donor data containing PII between Mercy Corps and Contractor is conducted via secure FTP or secure/encrypted email, or other mutually agreed upon secure file sharing platform; and 3) iii. Contractor will maintain sufficient procedures to detect and respond to any attempted unauthorized acquisition or use of PII in paper or electronic form or interference with information system operations affecting electronic PII. d. Contractor agrees to use Confidential Information only as required by to perform its services for Mercy Corps under this Agreement, and will not reveal it to a third party or use for any other purpose without the prior written consent of Mercy Corps. Except as otherwise authorized in advance by Mercy Corps, Contractor will not provide to any third party either access to, or information about, Mercy Corps systems, platforms, and other mechanisms without the express written permission in each instance. e. At the termination of the Agreement, Contractor will return to Mercy Corps all Confidential Information provided by Mercy Corps to Contractor, or otherwise take appropriate measures as requested by Mercy Corps to remove any copies of Confidential Information in Contractor’s possession and cause its subcontractors, agents, and others involved in the services to do the same.

Confidentiality and Data Security. Contractor (a) All Confidential Information shall be held in the strictest confidence and will not be disclosed by the Recipient or its Representatives except as specifically permitted by the terms of this Agreement. Recipient and its Representatives will use the Confidential Information solely for the purpose of performing under and in compliance with the terms of this Agreement, will not use the Confidential Information for any other purpose, and will not disclose or communicate the Confidential Information, directly or indirectly, to any other Person, except as permitted under this Agreement. Recipient further agrees and warrants that it the Confidential Information will maintain be disclosed only to such of its Representatives who need to examine or use the Confidential Information for the purposes described above. The Recipient shall be responsible for any breach of this Agreement by any of its Representatives. (b) In the event that Recipient or any of its Representatives is requested or required (by oral question, interrogatories, requests for information or documents, subpoenas, civil investigation or similar process) to disclose any of the Confidential Information, Recipient will provide the Disclosing Party with prompt notice of such requests so that the Disclosing Party may (i) seek an appropriate protective order or (ii) if disclosure is required or deemed advisable, cooperate with the Recipient in strict confidence an attempt to obtain an order or reliable assurance that confidential treatment will be accorded to any portion of the Confidential Information. The term “cost of obtaining any protective order or assurance shall be borne by the Disclosing Party. (c) Each party shall implement and maintain commercially reasonable information security measures consistent with industry standards to protect against unauthorized access to or use of the other party’s Confidential Information” includes . The Subservicer has implemented and will maintain security measures designed to meet the obligations of the Guidelines. The Subservicer shall promptly provide Servicer with notice of any unauthorized access to or use of Nonpublic Personal Information relating to a mortgagor of a Mortgage Loan which warrants consumer notice pursuant to the Guidelines. The Subservicer and the Servicer agree and acknowledge that as to all Nonpublic Personal Information received or obtained by either of them or their Representatives, with respect to any mortgagor of a Mortgage Loan: (i) any such information Mercy Corps provides shall be held by the Subservicer, the Servicer or their respective Representatives in accordance with all applicable law, including but not limited to Contractor that Mercy Corps identifies as confidential; the Guidelines and the privacy provisions of the Xxxxx-Xxxxx-Xxxxxx Act of 1999 and applicable state law and regulations thereunder and (ii) the terms and conditions of this Agreement (including all Statements of Services); (iii) nonpublic such information concerning the affairs, activities, policies, proposals, projects, employees, donors is in connection with a proposed or potential donors, finances, property or method(s) of operation, trade secrets, know-how and similar information of Mercy Corps, its affiliates, as well as any third party and its affiliates with which Mercy Corps may collaborate, and (iv) any Mercy Corps information that contains personally identifiable information hereby defined as information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable actual secondary market sale related to a specific individual (referred to as “PII”). Contractor agrees to the following: a. Contractor will comply with the Mercy Corps’ Responsible Data Policy and all Federal, State and applicable laws and regulations governing the confidentiality and privacy transaction of the information provided under this Agreementmortgagor for the purposes of 16 C.F.R., Section 313.14(a)(3). b. Contractor will treat Confidential Information with (d) Upon the same standard of care that it may use to maintain its own confidential information, provided that the standard is not negligent. This includes maintaining appropriate technical and organizational measures to protect Confidential Information against accidental termination or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and provide a level of security appropriate to the risk represented by the processing and the nature of the data to be protected. c. Contractor agrees to the implement and follow additional data security requirements concerning PII and hereby represents and warrants the following: 1) At all times during the term expiration of this Agreement, with respect the Recipient shall promptly surrender to PII, Contractor is capable the Disclosing Party all of providing, and will maintain, reasonable physical, technical and administrative safeguards appropriate for any PII received from Mercy Corps, or created or received on Mercy Corps’ behalf: 2) Contractor will ensure that any transmission specifically of donor data containing PII between Mercy Corps and Contractor is conducted via secure FTP or secure/encrypted email, or other mutually agreed upon secure file sharing platform; and 3) Contractor will maintain sufficient procedures to detect and respond to any attempted unauthorized acquisition or use of PII in paper or electronic form or interference with information system operations affecting electronic PII. d. Contractor agrees to use the Confidential Information only in the Recipient’s possession, or, at the Disclosing Party’s option, completely and permanently destroy all copies thereof and shall provide to Disclosing Party a certificate of a senior officer certifying that it has done so; provided, however, that unless the Subservicer has resigned or has been terminated as required by the servicer pursuant to perform its services for Mercy Corps under this Agreement, and will not reveal it the Subservicer shall retain the Subservicing Files. Notwithstanding anything herein to a third party or the contrary, the Recipient may retain such information as may be required by law. Further, to the extent destruction is required hereunder Recipient shall only be required to use all commercially reasonable efforts to destroy any electronic information from its computer systems. (e) The Recipient shall be responsible for any other purpose without the prior written consent breach of Mercy Corps. Except as otherwise authorized in advance by Mercy Corps, Contractor will not provide to any third party either access to, or information about, Mercy Corps systems, platforms, and other mechanisms without the express written permission in each instance. e. At the termination of the Agreement, Contractor will return to Mercy Corps all Confidential Information provided by Mercy Corps to Contractor, or otherwise take appropriate measures as requested by Mercy Corps to remove any copies of Confidential Information in Contractor’s possession and cause its subcontractors, agents, and others involved in the services to do the same.this Section 8.10

Confidentiality and Data Security. Contractor agrees and warrants that it will maintain in strict confidence Confidential Information. The term “Confidential Information” includes (i) any information Mercy Corps provides to Contractor that Mercy Corps identifies as confidential; (ii) the terms and conditions of this Agreement (including all Statements of Services); (iii) nonpublic information concerning the affairs, activities, policies, proposals, projects, employees, donors or potential donors, finances, property or method(s) of operation, trade secrets, know-how and similar information of Mercy Corps, its affiliates, as well as any third party and its affiliates with which Mercy Corps may collaborate, and (iv) any Mercy Corps information that contains personally identifiable information hereby defined as information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual (referred to as “PII”). Contractor agrees to the following: a. Contractor will comply with the Mercy Corps’ Responsible Data Policy and all Federal, State and applicable laws and regulations governing the confidentiality and privacy of the information provided under this Agreement. If Contractor will be processing Confidential Information of persons that are subject to General Data Protection Regulation (GDPR), then Contractor shall complete and adhere to Schedule III to this agreement, including providing Mercy Corps with a complete and accurate list of data sub-processors that will be utilized as part of Contractor operations. Mercy Corps reserves the right to reject any sub-processors that, in its sole discretion, it deems inadequate to comply with the terms herein related to data processing. b. Contractor will treat Confidential Information with the same standard of care that it may use to maintain its own confidential information, provided that the standard is not negligent. This includes maintaining appropriate technical and organizational measures to protect Confidential Information against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and provide a level of security appropriate to the risk represented by the processing and the nature of the data to be protected. c. Contractor agrees to the implement and follow additional data security requirements concerning PII and hereby represents and warrants the following: 1) At all times during the term of this Agreement, with respect to PII, Contractor is capable of providing, and will maintain, reasonable physical, technical and administrative safeguards appropriate for any PII received from Mercy Corps, or created or received on Mercy Corps’ behalf: 2) Contractor will ensure that any transmission specifically of donor data containing PII between Mercy Corps and Contractor is conducted via secure FTP or secure/encrypted email, or other mutually agreed upon secure file sharing platform; and 3) Contractor will maintain sufficient procedures to detect and respond to any attempted unauthorized acquisition or use of PII in paper or electronic form or interference with information system operations affecting electronic PII. d. Contractor agrees to use Confidential Information only as required by to perform its services for Mercy Corps under this Agreement, and will not reveal it to a third party or use for any other purpose without the prior written consent of Mercy Corps. Except as otherwise authorized in advance by Mercy Corps, Contractor will not provide to any third party either access to, or information about, Mercy Corps systems, platforms, and other mechanisms without the express written permission in each instance. e. At the termination of the Agreement, Contractor will return to Mercy Corps all Confidential Information provided by Mercy Corps to Contractor, or otherwise take appropriate measures as requested by Mercy Corps to remove any copies of Confidential Information in Contractor’s possession and cause its subcontractors, agents, and others involved in the services to do the same.