Review of legality and data minimisation (a) The data importer agrees to review the legality of the request for disclosure, in particular whether it remains within the powers granted to the requesting public authority, and to challenge the request if, after careful assessment, it concludes that there are reasonable grounds to consider that the request is unlawful under the laws of the country of destination, applicable obligations under international law and principles of international comity. The data importer shall, under the same conditions, pursue possibilities of appeal. When challenging a request, the data importer shall seek interim measures with a view to suspending the effects of the request until the competent judicial authority has decided on its merits. It shall not disclose the personal data requested until required to do so under the applicable procedural rules. These requirements are without prejudice to the obligations of the data importer under Clause 14(e).
(b) The data importer agrees to document its legal assessment and any challenge to the request for disclosure and, to the extent permissible under the laws of the country of destination, make the documentation available to the data exporter. It shall also make it available to the competent supervisory authority on request.
Data Security and Unauthorized Data Release The Requester and Approved Users, including the Requester’s IT Director, acknowledge NIH’s expectation that they have reviewed and agree to manage the requested controlled-access dataset(s) and any Data Derivatives of controlled-access datasets according to NIH’s expectations set forth in the current NIH Security Best Practices for Controlled-Access Data Subject to the GDS Policy and the Requester’s IT security requirements and policies. The Requester, including the Requester’s IT Director, agree that the Requester’s IT security requirements and policies are sufficient to protect the confidentiality and integrity of the NIH controlled-access data entrusted to the Requester. If approved by NIH to use cloud computing for the proposed research project, as outlined in the Research and Cloud Computing Use Statements of the Data Access Request, the Requester acknowledges that the IT Director has reviewed and understands the cloud computing guidelines in the NIH Security Best Practices for Controlled-Access Data Subject to the NIH GDS Policy. The Requester and PI agree to notify the appropriate DAC(s) of any unauthorized data sharing, breaches of data security, or inadvertent data releases that may compromise data confidentiality within 24 hours of when the incident is identified. As permitted by law, notifications should include any known information regarding the incident and a general description of the activities or process in place to define and remediate the situation fully. Within 3 business days of the DAC notification, the Requester agrees to submit to the DAC(s) a detailed written report including the date and nature of the event, actions taken or to be taken to remediate the issue(s), and plans or processes developed to prevent further problems, including specific information on timelines anticipated for action. The Requester agrees to provide documentation verifying that the remediation plans have been implemented. Repeated violations or unresponsiveness to NIH requests may result in further compliance measures affecting the Requester. NIH, or another entity designated by NIH may, as permitted by law, also investigate any data security incident or policy violation. Approved Users and their associates agree to support such investigations and provide information, within the limits of applicable local, state, tribal, and federal laws and regulations. In addition, Requester and Approved Users agree to work with the NIH to assure that plans and procedures that are developed to address identified problems are mutually acceptable and consistent with applicable law.
Interpretation and Applicable Law This Agreement shall be construed and interpreted in accordance with the laws of the state in which the Real Property is located. Where required for proper interpretation, words in the singular shall include the plural; the masculine gender shall include the neuter and the feminine, and vice versa. The terms “successors and assigns” shall include the heirs, administrators, executors, successors, and assigns, as applicable, of any party hereto.
PROCLAMATION OF SALE, CONDITIONS OF SALE AND MEMORANDUM OF SALE All contents in the Proclamation of Sale and this Conditions of Sale are to be read together and shall be part of the Memorandum of Sale.
Interpretation of Contract Documents The Contract Documents shall be construed neither against nor in favor of either party, but shall be construed in a neutral manner.
Construction and Interpretation Should any provision of this Agreement require judicial interpretation, the parties hereto agree that the court interpreting or construing the same shall not apply a presumption that the terms hereof shall be more strictly construed against one party by reason of the rule of construction that a document is to be more strictly construed against the party that itself, or through its agent, prepared the same, and it is expressly agreed and acknowledged that Company and Executive and each of his and its representatives, legal and otherwise, have participated in the preparation hereof.
Data Return and Destruction of Data (a) Protecting PII from unauthorized access and disclosure is of the utmost importance to the EA, and Contractor agrees that it is prohibited from retaining PII or continued access to PII or any copy, summary or extract of PII, on any storage medium (including, without limitation, in secure data centers and/or cloud-based facilities) whatsoever beyond the period of providing Services to the EA, unless such retention is either expressly authorized for a prescribed period by the Service Agreement or other written agreement between the Parties, or expressly requested by the EA for purposes of facilitating the transfer of PII to the EA or expressly required by law. As applicable, upon expiration or termination of the Service Agreement, Contractor shall transfer PII, in a format agreed to by the Parties to the EA.
(b) If applicable, once the transfer of PII has been accomplished in accordance with the EA’s written election to do so, Contractor agrees to return or destroy all PII when the purpose that necessitated its receipt by Contractor has been completed. Thereafter, with regard to all PII (including without limitation, all hard copies, archived copies, electronic versions, electronic imaging of hard copies) as well as any and all PII maintained on behalf of Contractor in a secure data center and/or cloud-based facilities that remain in the possession of Contractor or its Subcontractors, Contractor shall ensure that PII is securely deleted and/or destroyed in a manner that does not allow it to be retrieved or retrievable, read or reconstructed. Hard copy media must be shredded or destroyed such that PII cannot be read or otherwise reconstructed, and electronic media must be cleared, purged, or destroyed such that the PII cannot be retrieved. Only the destruction of paper PII, and not redaction, will satisfy the requirements for data destruction. Redaction is specifically excluded as a means of data destruction.
(c) Contractor shall provide the EA with a written certification of the secure deletion and/or destruction of PII held by the Contractor or Subcontractors.
(d) To the extent that Contractor and/or its subcontractors continue to be in possession of any de-identified data (i.e., data that has had all direct and indirect identifiers removed), they agree not to attempt to re-identify de-identified data and not to transfer de-identified data to any party.
Production of Witnesses; Records; Cooperation (a) After the Effective Time, each Party shall use its commercially reasonable efforts to make available to the other Party, upon written request, the former, current and future directors, officers, employees, other personnel and agents of the members of its respective Group as witnesses and any books, records or other documents within its control or which it otherwise has the ability to make available without undue burden, to the extent that any such Person (giving consideration to business demands of such directors, officers, employees, other personnel and agents) or books, records or other documents may reasonably be required in connection with any Action in which the requesting Party (or member of its Group) may from time to time be involved, regardless of whether such Action is a matter with respect to which indemnification may be sought hereunder. The requesting Party shall bear all costs and expenses in connection therewith.
(b) If an Indemnifying Party chooses to defend or to seek to compromise or settle any Third-Party Claim, the other Party shall make available to such Indemnifying Party, upon written request, the former, current and future directors, officers, employees, other personnel and agents of the members of its respective Group as witnesses and any books, records or other documents within its control or which it otherwise has the ability to make available without undue burden, to the extent that any such Person (giving consideration to business demands of such directors, officers, employees, other personnel and agents) or books, records or other documents may reasonably be required in connection with such defense, settlement or compromise, or such prosecution, evaluation or pursuit, as the case may be, and shall otherwise cooperate in such defense, settlement or compromise, or such prosecution, evaluation or pursuit, as the case may be.
(c) Without limiting the foregoing, the Parties shall cooperate and consult to the extent reasonably necessary with respect to any Actions.
(d) Without limiting any provision of this Section 6.7, each of the Parties agrees to cooperate, and to cause each member of its respective Group to cooperate, with each other in the defense of any infringement or similar claim with respect any Intellectual Property and shall not claim to acknowledge, or permit any member of its respective Group to claim to acknowledge, the validity or infringing use of any Intellectual Property of a third Person in a manner that would hamper or undermine the defense of such infringement or similar claim.
(e) The obligation of the Parties to provide witnesses pursuant to this Section 6.7 is intended to be interpreted in a manner so as to facilitate cooperation and shall include the obligation to provide as witnesses inventors and other officers without regard to whether the witness or the employer of the witness could assert a possible business conflict (subject to the exception set forth in the first sentence of Section 6.7(a)).
Public Posting of Approved Users’ Research Use Statement The PI agrees that information about themselves and the approved research use will be posted publicly on the dbGaP website. The information includes the PI’s name and Requester, project name, Research Use Statement, and a Non-Technical Summary of the Research Use Statement. In addition, and if applicable, this information may include the Cloud Computing Use Statement and name of the CSP or PCS. Citations of publications resulting from the use of controlled-access datasets obtained through this DAR may also be posted on the dbGaP website.
NOTIFICATION OF PUBLIC EVENTS AND MEETINGS 2 A. CONTRACTOR shall notify ADMINISTRATOR of any public event or meeting funded in 3 whole or in part by the COUNTY, except for those events or meetings that are intended solely to serve 4 clients or occur in the normal course of business.
5 B. CONTRACTOR shall notify ADMINISTRATOR at least thirty (30) business days in advance 6 of any applicable public event or meeting. The notification must include the date, time, duration, 7 location and purpose of the public event or meeting. Any promotional materials or event related flyers 8 must be approved by ADMINISTRATOR prior to distribution. 9
