Common use of Confidentiality; Data Security and Privacy Clause in Contracts

Confidentiality; Data Security and Privacy. (a) Each party hereto will maintain in strict confidence all Confidential Information received from the other party. Each party agrees that it will not use, disclose to any third Person or grant use of such Confidential Information except to the extent required to receive or provide the Services or as otherwise authorized in advance by the other party in writing. Each party agrees to use at least the same standard of care as it uses to protect its own confidential information of a similar nature to ensure that its employees do not disclose or make any unauthorized use of such Confidential Information, but in no case less than a reasonable standard of care. Each party will disclose the other party’s Confidential Information only to those of such party’s employees, consultants and contractors who need to know such information to assist the party in receiving or performing the Services. Each party will promptly notify the other party upon discovery of any unauthorized use or disclosure of such party’s Confidential Information. (b) Each party will maintain industry standard data backup and recovery procedures in connection with all of their systems used in performing the Services. Each Party will maintain and enforce physical, technical and logical security procedures with respect to the access and maintenance of any Confidential Information of the other Party that is in its possession in performing the Services, which procedures shall: (a) be at least equal to industry standards; (b) comply with applicable law; and (c) provide reasonably appropriate physical, technical and organizational safeguards against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, theft or misuse. Without limiting the generality of the foregoing, each Party will take reasonable measures to secure and defend its locations and equipment against “hackers” and others who may seek, without authorization, to modify or access its systems, or the information found therein. (c) The provisions of this Section 13.16 shall be without limitation or modification of any provision set forth in the Joint Development Agreement. (d) Notwithstanding anything in Section 13.16(a) to the contrary, Service Provider agrees to keep Recipient Personal Data confidential, and agrees to not disclose Recipient Personal Data to third parties without having first received express written approval from Recipient and, if required by applicable law, the applicable Data Subject. Service Provider and Service Provider’s personnel will Process Recipient Personal Data only on a need-to-know basis in connection with the performance of the Services. (e) Service Provider will implement and maintain technical and organizational measures to ensure the security and confidentiality of Recipient Personal Data in order to prevent, among other things: (i) accidental, unauthorized or unlawful destruction, alteration, modification or loss of Recipient Personal Data, (ii) accidental, unauthorized or unlawful disclosure or access to Recipient Personal Data, and (iii) unlawful forms of processing Recipient Personal Data. The security measures taken will be in compliance with applicable data protection Laws. (f) Service Provider will comply with all applicable laws pertaining to Personal Data protection and the Processing of Personal Data, and process employment-related data consistent with Recipient’s policies. (g) Upon the expiration or termination of this Agreement for whatever reason, Service Provider will stop any Processing of Recipient Personal Data and will return to Recipient all copies of Recipient Personal Data along with all notes, analyses, compilations, forecasts, data, translations, studies, memoranda, copies, extracts, reproductions or other documents that contain such Recipient Personal Data. (h) Service Provider will immediately inform Recipient of any event involving an actual, potential or threatened compromise of the security, confidentiality or integrity of Recipient Personal Data (a “Security Breach”) and take action immediately, at its own expense, to investigate the same and to identify, prevent and mitigate the effects thereof. The content of any filings, communications, notices, press releases, or reports related to a Security Breach must be approved by Recipient prior to any publication or communication thereof to any third party.

Confidentiality; Data Security and Privacy. (a) Each party hereto will maintain in strict confidence all Confidential Information received from the other party. Each party agrees that it will not use, disclose to any third Person or grant use of such Confidential Information except to the extent required to receive or provide the Services or as otherwise authorized in advance by the other party in writing. Each party agrees to use at least the same standard of care as it uses to protect its own confidential information of a similar nature to ensure that its employees do not disclose or make any unauthorized use of such Confidential Information, but in no case less than a reasonable standard of care. Each party will disclose the other party’s Confidential Information only to those of such party’s employees, consultants and contractors who need to know such information to assist the party in receiving or performing the Services. Each party will promptly notify the other party upon discovery of any unauthorized use or disclosure of such party’s Confidential Information. (b) Each party will maintain industry standard data backup and recovery procedures in connection with all of their systems used in performing the Services. Each Party will maintain and enforce physical, technical and logical security procedures with respect to the access and maintenance of any Confidential Information of the other Party that is in its possession in performing the Services, which procedures shall: (a) be at least equal to industry standards; (b) comply with applicable law; and (c) provide reasonably appropriate physical, technical and organizational safeguards against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, theft or misuse. Without limiting the generality of the foregoing, each Party will take reasonable measures to secure and defend its locations and equipment against “hackers” and others who may seek, without authorization, to modify or access its systems, or the information found therein. (c) The provisions of this Section 13.16 shall be without limitation or modification of any provision set forth in the Joint Development Agreement. (d) Notwithstanding anything in Section 13.16(a) to the contrary, Service Provider agrees to keep Recipient Personal Data confidential, and agrees to not disclose Recipient Personal Data to third parties without having first received express written approval from Recipient and, if required by applicable law, the applicable Data Subject. Service Provider and Service Provider’s personnel will Process Recipient Personal Data only on a need-to-know basis in connection with the performance of the Services. (e) Service Provider will implement and maintain technical and organizational measures to ensure the security and confidentiality of Recipient Personal Data in order to prevent, among other things: (i) accidental, unauthorized or unlawful destruction, alteration, modification or loss of Recipient Personal Data, (ii) accidental, unauthorized or unlawful disclosure or access to Recipient Personal Data, and (iii) unlawful forms of processing Recipient Personal Data. The security measures taken will be in compliance with applicable data protection Laws. (f) Service Provider will comply with all applicable laws pertaining to Personal Data protection and the Processing of Personal Data, and process employment-related data consistent with Recipient’s policies. (g) Upon the expiration or termination of this Agreement for whatever reason, Service Provider will stop any Processing of Recipient Personal Data and will return to Recipient all copies of Recipient Personal Data along with all notes, analyses, compilations, forecasts, data, translations, studies, memoranda, copies, extracts, reproductions or other documents that contain such Recipient Personal Data. (h) Service Provider will immediately inform Recipient of any event involving an actual, potential or threatened compromise of the security, confidentiality or integrity of Recipient Personal Data (a “Security Breach”) and take action immediately, at its own expense, to investigate the same and to identify, prevent and mitigate the effects thereof. The content of any filings, communications, notices, press releases, or reports related to a Security Breach must be approved by Recipient prior to any publication or communication thereof to any third party.. * * * * *