Common use of Confidentiality and Data Security Clause in Contracts

Confidentiality and Data Security. All records and information given to the Recipient by the Trust whether in verbal, written, electronic, or any other format, shall be regarded by the Recipient as confidential information. Recipient shall keep confidential, and shall cause all of its employees, agents and contractors to keep confidential, all Trust records and information, unless those Trust records are publicly available. Recipient shall not, without prior written approval of the Trust, use, publish, copy, disclose to any third party, or permit the use by any third party of any Trust confidential records and information except as otherwise stated in this Agreement, permitted by law, or approved in writing by the Trust. Recipient shall immediately forward any request or demand for Trust records or information to the Trust’s Agreement Administrator. Recipient shall use, hold, and maintain Trust confidential records and information in compliance with any and all applicable laws and regulations in facilities located within the United States, and shall maintain a secure environment that ensures confidentiality and security of all Trust confidential records and information wherever located. Recipient shall provide the Trust with access, subject to Recipient’s reasonable security requirements, for purposes of inspecting and monitoring access and use of Trust confidential records and information and evaluating security control effectiveness. Upon the expiration or termination of this Agreement, Recipient shall return Trust confidential records and information provided to Recipient or destroy such Trust confidential records and information and certify to the Trust that it has done so, as directed by the Trust. If Recipient is prevented by law or regulation from returning or destroying Trust confidential records and information, Recipient warrants it will maintain the confidentiality of, and cease to use, such Trust confidential records and information. If Recipient becomes aware of any accidental or deliberate event that results in or constitutes an imminent threat of unauthorized access, loss, disclosure, disruption, or destruction of any Trust confidential records or information, it shall notify the Trust immediately and, at its expense, take prompt steps to prevent or remediate such loss. Recipient shall safeguard all personally identifiable information (PII) it may receive in connection with the performance of this Agreement. PII means information about an individual that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records and any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information. If Recipient or any of its contractors will or may receive PII in connection with the performance of this Agreement, Recipient shall provide for the security of such PII and shall implement administrative, physical, and technical safeguards to protect PII from unauthorized access, acquisition, or disclosure, destruction, alteration, accidental loss, misuse, or damage that are no less rigorous than accepted industry practices, and shall ensure that all such safeguards, including the manner in which PII is created, collected, accessed, received, used, stored, processed, disposed of, and disclosed, comply with applicable data protection and privacy laws, as well as the terms and conditions of this Agreement. Recipient shall take full responsibility for the security of all PII in its possession or in the possession of its contractors and shall hold the Trust harmless from and against any damages or liabilities resulting from an unauthorized disclosure or data breach. Without limiting any other data privacy or security obligations imposed on Recipient under any applicable law, regulation, ordinance, or standard, if, in the course of performing this Agreement, Recipient has access to or will collect, access, use, store, process, dispose of, or disclose credit, debit, or other payment cardholder information, Recipient shall at all times remain in compliance with the Payment Card Industry Data Security Standard ("PCI DSS") requirements, including remaining aware at all times of changes to the PCI DSS and promptly implementing all procedures and practices as may be necessary to remain in compliance with the PCI DSS, in each case, at Recipient’s sole cost and expense. The Trust shall have the right, upon reasonable notice to the Recipient, to audit, review, and inspect the Recipient’s records and procedures for compliance with these confidentiality provisions.

Confidentiality and Data Security. All records and information given to the Recipient by the Trust whether in verbal, written, electronic, or any other format, shall be regarded by the Recipient as confidential information. Recipient shall keep confidential, and shall cause all of its employees, agents agents, and contractors to keep confidential, all Trust records and information, unless those Trust records are publicly available. Recipient shall not, without prior written approval of the Trust, use, publish, copy, disclose to any third party, or permit the use by any third party of any Trust confidential records and information except as otherwise stated in this Agreement, as permitted by law, or approved in writing by the Trust. Recipient shall immediately forward any request or demand for Trust records or information to the Trust’s Agreement Administrator. Recipient shall use, hold, and maintain Trust confidential records and information in compliance with any and all applicable laws and regulations in facilities located within the United States, and shall maintain a secure environment that ensures confidentiality and security of all Trust confidential records and information wherever located. Recipient shall provide the Trust with access, subject to Recipient’s reasonable security requirements, for purposes of inspecting and monitoring access and use of Trust confidential records and information and evaluating security control effectiveness. Upon the expiration or termination of this Agreement, Recipient shall return Trust confidential records and information provided to Recipient or destroy such Trust confidential records and information and certify to the Trust that it has done so, as directed by the Trust. If Recipient is prevented by law or regulation from returning or destroying Trust confidential records and information, Recipient warrants it will maintain the confidentiality of, and cease to use, such Trust confidential records and information. If Recipient becomes aware of any accidental or deliberate event that results in or constitutes an imminent threat of unauthorized access, loss, disclosure, disruption, or destruction of any Trust confidential records or information, it shall notify the Trust immediately and, at its expense, take prompt steps to prevent or remediate such loss. Recipient shall safeguard all personally identifiable information (PII) it may receive in connection with the performance of this Agreement. PII means information about an individual that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records and any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information. If Recipient or any of its contractors will or may receive PII in connection with the performance of this Agreement, Recipient shall provide for the security of such PII and shall implement administrative, physical, and technical safeguards to protect PII from unauthorized access, acquisition, or disclosure, destruction, alteration, accidental loss, misuse, or damage that are no less rigorous than accepted industry practices, and shall ensure that all such safeguards, including the manner in which PII is created, collected, accessed, received, used, stored, processed, disposed of, and disclosed, comply with applicable data protection and privacy laws, as well as the terms and conditions of this Agreement. Recipient shall take full responsibility for the security of all PII in its possession or in the possession of its contractors and shall hold the Trust harmless from and against any damages or liabilities resulting from an unauthorized disclosure or data breach. Without limiting any other data privacy or security obligations imposed on Recipient under any applicable law, regulation, ordinance, or standard, if, in the course of performing this Agreement, Recipient has access to or will collect, access, use, store, process, dispose of, or disclose credit, debit, or other payment cardholder information, Recipient shall at all times remain in compliance with the Payment Card Industry Data Security Standard ("PCI DSS") requirements, including remaining aware at all times of changes to the PCI DSS and promptly implementing all procedures and practices as may be necessary to remain in compliance with the PCI DSS, in each case, at Recipient’s sole cost and expense. The Trust shall have the right, upon reasonable notice to the Recipient, to audit, review, and inspect the Recipient’s records and procedures for compliance with these confidentiality provisions.

Confidentiality and Data Security. All records and information given to the Recipient by the Trust whether in verbal, written, electronic, or any other format, shall be regarded by the Recipient as confidential information. Recipient shall keep confidential, and shall cause contractually require all of its employees, agents agents, and contractors to keep confidential, all Trust records and information, unless those Trust records are publicly available. Recipient shall not, without prior written approval of the Trust, use, publish, copy, disclose to any third party, or permit the use by any third party of any Trust confidential records and information except as otherwise stated in this Agreement, as permitted by law, or approved in writing by the Trust. Recipient shall immediately promptly forward any request or demand for Trust records or information to the Trust’s Agreement Administrator. Recipient shall use, hold, and maintain Trust confidential records and information in compliance with any and all applicable laws and regulations in facilities located within the United States, and shall maintain a secure environment that ensures confidentiality and security of all Trust confidential records and information wherever located. Recipient shall provide the Trust with reasonable access, subject to Recipient’s reasonable security requirements, for purposes of inspecting and monitoring access and use of Trust confidential records and information and evaluating security control effectivenessRecipient’s compliance with these requirements. Upon the expiration or termination of this Agreement, Recipient shall return Trust confidential records and information provided to Recipient or destroy such Trust confidential records and information and certify to the Trust that it has done so, as directed by the Trust. If Recipient is prevented by law or regulation from returning or destroying Trust confidential records and information, Recipient warrants it will maintain the confidentiality of, and cease to use, such Trust confidential records and information. If Recipient becomes aware of any accidental or deliberate event that results in or constitutes an imminent threat of unauthorized access, loss, disclosure, disruption, or destruction of any Trust confidential records or information, it shall notify the Trust immediately promptly and, at its expense, take prompt steps to prevent or remediate such loss. Recipient shall safeguard all personally identifiable information (PII) it may receive in connection with the performance of this Agreement. PII means information about an individual that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records and any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information. If Recipient or any of its contractors will or may receive PII in connection with the performance of this Agreement, Recipient shall provide for the security of such PII and shall implement administrative, physical, and technical safeguards to protect PII from unauthorized access, acquisition, or disclosure, destruction, alteration, accidental loss, misuse, or damage that are no less rigorous than accepted industry practices, and shall ensure that all such safeguards, including the manner in which PII is created, collected, accessed, received, used, stored, processed, disposed of, and disclosed, comply with applicable data protection and privacy laws, as well as the terms and conditions of this Agreement. Recipient shall take full responsibility for the security of all PII in its possession or in the possession of its contractors and shall hold the Trust harmless from and against any damages or liabilities resulting from an unauthorized disclosure or data breach. Without limiting any other data privacy or security obligations imposed on Recipient under any applicable law, regulation, ordinance, or standard, if, in the course of performing this Agreement, Recipient has access to or will collect, access, use, store, process, dispose of, or disclose credit, debit, or other payment cardholder information, Recipient shall at all times remain in compliance with the Payment Card Industry Data Security Standard ("PCI DSS") requirements, including remaining aware at all times of changes to the PCI DSS and promptly implementing all procedures and practices as may be necessary to remain in compliance with the PCI DSS, in each case, at Recipient’s sole cost and expense. The Trust shall have the right, upon reasonable at least forty-eight (48) hours’ notice to the RecipientRecipient and during normal business hours, to audit, review, and inspect the Recipient’s records and procedures for compliance with these confidentiality provisions.

Confidentiality and Data Security. All records and information given to the Recipient by the Trust whether in verbal, written, electronic, or any other format, shall be regarded by the Recipient as confidential information. Recipient shall keep confidential, and shall cause all of its employees, agents and contractors to keep confidential, all Trust records and information, unless those Trust records are publicly available. Recipient shall not, without prior written approval of the Trust, use, publish, copy, disclose to any third party, or permit the use by any third party of any Trust confidential records and information except as otherwise stated in this Agreement, permitted by law, or approved in writing by the Trust. Recipient shall immediately forward any request or demand for Trust records or information to the Trust’s Agreement Administrator. Recipient shall use, hold, and maintain Trust confidential records and information in compliance with any and all applicable laws and regulations in facilities located within the United States, and shall maintain a secure environment that ensures confidentiality and security of all Trust confidential records and information wherever located. Recipient shall provide the Trust with access, subject to Recipient’s reasonable security requirements, for purposes of inspecting and monitoring access and use of Trust confidential records and information and evaluating security control effectiveness. Upon the expiration or termination of this Agreement, Recipient shall return Trust confidential records and information provided to Recipient or destroy such Trust confidential records and information and certify to the Trust that it has done so, as directed by the Trust. If Recipient is prevented by law or regulation from returning or destroying Trust confidential records and information, Recipient warrants it will maintain the confidentiality of, and cease to use, such Trust confidential records and information. If Recipient becomes aware of any accidental or deliberate event that results in or constitutes an imminent threat of unauthorized access, loss, disclosure, disruption, or destruction of any Trust confidential records or information, it shall notify the Trust immediately and, at its expense, take prompt steps to prevent or remediate such loss. Recipient shall safeguard all personally identifiable information (PII) it may receive in connection with the performance of this Agreement. PII means information about an individual that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records and any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information. If Recipient or any of its contractors will or may receive PII in connection with the performance of this Agreement, Recipient shall provide for the security of such PII and shall implement administrative, physical, and technical safeguards to protect PII from unauthorized access, acquisition, or disclosure, destruction, alteration, accidental loss, misuse, or damage that are no less rigorous than accepted industry practices, and shall ensure that all such safeguards, including the manner in which PII is created, collected, accessed, received, used, stored, processed, disposed of, and disclosed, comply with applicable data protection and privacy laws, as well as the terms and conditions of this Agreement. Recipient shall take full responsibility for the security of all PII in its possession or in the possession of its contractors and shall hold the Trust harmless from and against any damages or liabilities resulting from an unauthorized disclosure or data breach. Without limiting any other data privacy or security obligations imposed on Recipient under any applicable law, regulation, ordinance, or standard, ifIf, in the course of performing this Agreement, Recipient has access to or will collect, access, use, store, process, dispose of, or disclose credit, debit, or other payment cardholder information, Recipient shall at all times remain in compliance with the Payment Card Industry Data Security Standard ("PCI DSS") requirements, including remaining aware at all times of changes to the PCI DSS and promptly implementing all procedures and practices as may be necessary to remain in compliance with the PCI DSS, in each case, at Recipient’s sole cost and expense. The Trust shall have the right, upon reasonable notice to the Recipient, to audit, review, and inspect the Recipient’s records and procedures for compliance with these confidentiality provisions.