Common use of Connecticut Privacy Act Clause in Contracts

Connecticut Privacy Act. This section documents the safeguard standards imposed to protect Client information subject to the Connecticut SB 12-2 (“Conn Act”). To the extent Provider’s services constitute processing of personal information governed by Conn Act, these provisions shall apply. a. taking into account the nature of processing and the information available to Provider, providing appropriate technical and organizational measures to fulfill the controller's obligation to respond to consumer rights requests; b. taking into account the nature of processing and the information available to Provider, by assisting the controller in meeting the controller's obligations in relation to the security of processing the personal data and in relation to the notification of a breach of security of Provider’s systems, in order to meet the controller's obligations; and c. providing necessary information to enable the controller to conduct and document data protection assessments. Provider shall have a written contract with the controller that will govern the Provider’s data-processing procedures with respect to processing performed on behalf of the controller. The contract shall be binding and clearly set forth instructions for processing data, the nature and purpose of processing, the type of data subject to processing, the duration of processing and the rights and obligations of both parties. The contract shall also require that Provider: a. Ensure that each person processing personal data is subject to a duty of confidentiality with respect to the data; b. At the controller's direction, delete or return all personal data to the controller as requested at the end of the provision of services, unless retention of the personal data is required by law; c. Upon the reasonable request of the controller, make available to the controller all information in its possession necessary to demonstrate Provider’s compliance with the obligations d. after providing the controller an opportunity to object, engage any subcontractor pursuant to a written contract that requires the subcontractor to meet the obligations of Provider with respect to the personal data; and

Connecticut Privacy Act. This section documents the safeguard standards imposed to protect Client information subject to the Connecticut SB 12-2 (“Conn Act”). To the extent Provider’s services constitute processing of personal information governed by Conn Act, these provisions shall apply. a. taking into account the nature of processing and the information available to Provider, providing appropriate technical and organizational measures to fulfill the controller's obligation to respond to consumer rights requests; b. taking into account the nature of processing and the information available to Provider, by assisting the controller in meeting the controller's obligations in relation to the security of processing the personal data and in relation to the notification of a breach of security of Provider’s systems, in order to meet the controller's obligations; and c. providing necessary information to enable the controller to conduct and document data protection assessments. Provider shall have a written contract with the controller that will govern the Provider’s data-processing procedures with respect to processing performed on behalf of the controller. The contract shall be binding and clearly set forth instructions for processing data, the nature and purpose of processing, the type of data subject to processing, the duration of processing and the rights and obligations of both parties. The contract shall also require that Provider: a. Ensure that each person processing personal data is subject to a duty of confidentiality with respect to the data; b. At the controller's direction, delete or return all personal data to the controller as requested at the end of the provision of services, unless retention of the personal data is required by law; c. Upon the reasonable request of the controller, make available to the controller all information in its possession necessary to demonstrate Provider’s compliance with the obligations d. after providing the controller an opportunity to object, engage any subcontractor pursuant to a written contract that requires the subcontractor to meet the obligations of Provider with respect to the personal data; and e. allow, and cooperate with, reasonable assessments by the controller or the controller's designated assessor, or the processor may arrange for a qualified and independent assessor to conduct an assessment of Provider’s policies and technical and organizational measures in support of the obligations of the Conn Act using an appropriate and accepted control standard or framework and assessment procedure for such assessments. Provider shall provide a report of such assessment to the controller upon request. For purposes of the Conn Act, the following definitions apply: