{"component": "clause", "props": {"groups": [{"size": 16, "snippet": "12.1 The Supplier shall ensure that any system on which the Supplier holds Balfour \u2587\u2587\u2587\u2587\u2587\u2587 Data, is secure and ensures complete data integrity in accordance with Good Industry Practice.", "snippet_links": [{"key": "the-supplier-shall", "type": "clause", "offset": [5, 23]}, {"key": "data-integrity", "type": "definition", "offset": [127, 141]}, {"key": "in-accordance-with", "type": "definition", "offset": [142, 160]}, {"key": "good-industry-practice", "type": "definition", "offset": [161, 183]}], "samples": [{"hash": "8IlfxqQ2rmI", "uri": "/contracts/8IlfxqQ2rmI#data-security-and-data-protection", "label": "Conditions of Purchase", "score": 32.0999424259, "published": true}, {"hash": "ohqq9KEXam", "uri": "/contracts/ohqq9KEXam#data-security-and-data-protection", "label": "Conditions of Purchase", "score": 31.6083150741, "published": true}, {"hash": "bc0r536Q9Pf", "uri": "/contracts/bc0r536Q9Pf#data-security-and-data-protection", "label": "Conditions of Purchase", "score": 30.8819670293, "published": true}], "hash": "0209bdd05e02e0bbc9fd80d6bba4b9c0", "id": 1}, {"size": 7, "snippet": "Seller will use data security procedures for Jeppesen data that conform to the highest standards in (i) Seller\u2019s industry and to those used by Seller to protect its own confidential information, or (ii) ISO 27002, whichever are more stringent. Seller\u2019s obligations under this Section 15 are a material condition of this PO. In the course of performing its obligations hereunder, Seller may have access to personal data related to identified or identifiable information of natural persons (\u201cPersonal Data\u201d). Seller will comply with all applicable privacy and data protection laws relating to Personal Data. In case of Personal Data from data subjects located in the European Union, Seller will ensure a level of data protection which is deemed adequate by the European Commission (e.g. through Model Clauses or the participation in the EU-U.S. Privacy Shield Program).", "snippet_links": [{"key": "seller-will", "type": "clause", "offset": [0, 11]}, {"key": "data-security-procedures", "type": "clause", "offset": [16, 40]}, {"key": "by-seller", "type": "clause", "offset": [140, 149]}, {"key": "confidential-information", "type": "clause", "offset": [169, 193]}, {"key": "more-stringent", "type": "definition", "offset": [228, 242]}, {"key": "section-15", "type": "definition", "offset": [276, 286]}, {"key": "condition-of", "type": "clause", "offset": [302, 314]}, {"key": "in-the-course-of", "type": "definition", "offset": [324, 340]}, {"key": "access-to-personal-data", "type": "clause", "offset": [395, 418]}, {"key": "related-to", "type": "clause", "offset": [419, 429]}, {"key": "information-of", "type": "clause", "offset": [457, 471]}, {"key": "natural-persons", "type": "clause", "offset": [472, 487]}, {"key": "comply-with", "type": "clause", "offset": [519, 530]}, {"key": "privacy-and-data-protection-laws", "type": "clause", "offset": [546, 578]}, {"key": "relating-to", "type": "definition", "offset": [579, 590]}, {"key": "in-case-of", "type": "clause", "offset": [606, 616]}, {"key": "data-subjects", "type": "clause", "offset": [636, 649]}, {"key": "located-in", "type": "definition", "offset": [650, 660]}, {"key": "the-european-union", "type": "clause", "offset": [661, 679]}, {"key": "the-european-commission", "type": "clause", "offset": [755, 778]}, {"key": "model-clauses", "type": "definition", "offset": [793, 806]}, {"key": "the-participation", "type": "clause", "offset": [810, 827]}, {"key": "privacy-shield-program", "type": "clause", "offset": [843, 865]}], "samples": [{"hash": "6u1LgM6H0Iy", "uri": "/contracts/6u1LgM6H0Iy#data-security-and-data-protection", "label": "General Terms and Conditions", "score": 24.4045174538, "published": true}, {"hash": "68jrypPnyhC", "uri": "/contracts/68jrypPnyhC#data-security-and-data-protection", "label": "General Terms and Conditions", "score": 24.4045174538, "published": true}, {"hash": "gSykpPqbw3s", "uri": "/contracts/gSykpPqbw3s#data-security-and-data-protection", "label": "General Terms and Conditions", "score": 22.1074606434, "published": true}], "hash": "705351cc925ddebf78e698a3e78dcb11", "id": 2}, {"size": 5, "snippet": "12.1 The Supplier shall ensure that any system on which the Supplier holds SB3 Data, is secure and ensures complete data integrity in accordance with Good Industry Practice.", "snippet_links": [{"key": "the-supplier-shall", "type": "clause", "offset": [5, 23]}, {"key": "data-integrity", "type": "definition", "offset": [116, 130]}, {"key": "in-accordance-with", "type": "definition", "offset": [131, 149]}, {"key": "good-industry-practice", "type": "definition", "offset": [150, 172]}], "samples": [{"hash": "bqX6jREJWoh", "uri": "/contracts/bqX6jREJWoh#data-security-and-data-protection", "label": "Conditions of Purchase", "score": 29.8974603366, "published": true}, {"hash": "keaCuA9Wwl", "uri": "/contracts/keaCuA9Wwl#data-security-and-data-protection", "label": "Conditions of Purchase", "score": 29.7660666927, "published": true}, {"hash": "hVvRMPnqrKh", "uri": "/contracts/hVvRMPnqrKh#data-security-and-data-protection", "label": "Conditions of Purchase", "score": 24.3360711841, "published": true}], "hash": "a0c50df652a7ad8966076fd534b8c09d", "id": 3}, {"size": 3, "snippet": "9.1 Data Security Frends has built in data security protections in accordance with industry standards. An overview is available at \u2587\u2587\u2587\u2587\u2587://\u2587\u2587\u2587\u2587\u2587\u2587.\u2587\u2587\u2587/legal/security, which describes the appropriate technical and organizational measures that Frends has implemented to ensure the security, privacy and confidentiality of Customer Data. \u2587\u2587\u2587\u2587\u2587\u2587 has defined security incident management policies and procedures, and will notify Customer without undue delay after becoming aware of Data Breach. Frends will take remedial steps pursuant to its security incident management policies and procedures that are necessary and reasonable to identify and remediate the cause of such Data Breach.", "snippet_links": [{"key": "data-security-protections", "type": "definition", "offset": [38, 63]}, {"key": "in-accordance-with", "type": "definition", "offset": [64, 82]}, {"key": "industry-standards", "type": "definition", "offset": [83, 101]}, {"key": "an-overview", "type": "clause", "offset": [103, 114]}, {"key": "available-at", "type": "definition", "offset": [118, 130]}, {"key": "appropriate-technical-and-organizational-measures", "type": "clause", "offset": [186, 235]}, {"key": "to-ensure", "type": "clause", "offset": [264, 273]}, {"key": "the-security", "type": "clause", "offset": [274, 286]}, {"key": "confidentiality-of-customer-data", "type": "clause", "offset": [300, 332]}, {"key": "policies-and-procedures", "type": "clause", "offset": [382, 405]}, {"key": "without-undue-delay", "type": "definition", "offset": [432, 451]}, {"key": "data-breach", "type": "definition", "offset": [476, 487]}, {"key": "remedial-steps", "type": "clause", "offset": [506, 520]}, {"key": "pursuant-to", "type": "definition", "offset": [521, 532]}, {"key": "necessary-and-reasonable", "type": "clause", "offset": [599, 623]}], "samples": [{"hash": "iD5mXpNaXuE", "uri": "/contracts/iD5mXpNaXuE#data-security-and-data-protection", "label": "Terms of Service", "score": 33.5928739533, "published": true}, {"hash": "b1N4ux3nt4R", "uri": "/contracts/b1N4ux3nt4R#data-security-and-data-protection", "label": "Terms of Service", "score": 33.5928739533, "published": true}, {"hash": "3gPK5LqcarP", "uri": "/contracts/3gPK5LqcarP#data-security-and-data-protection", "label": "Terms of Service", "score": 33.5928739533, "published": true}], "hash": "fd9b653f84132c0cda63a173c0ae92c8", "id": 4}, {"size": 2, "snippet": "The Supplier shall adhere to all applicable data protection laws and all specific data protection and security requirements agreed to in the Contract.", "snippet_links": [{"key": "the-supplier-shall", "type": "clause", "offset": [0, 18]}, {"key": "adhere-to", "type": "clause", "offset": [19, 28]}, {"key": "applicable-data-protection-laws", "type": "clause", "offset": [33, 64]}, {"key": "data-protection-and-security-requirements", "type": "definition", "offset": [82, 123]}, {"key": "agreed-to", "type": "clause", "offset": [124, 133]}, {"key": "in-the-contract", "type": "clause", "offset": [134, 149]}], "samples": [{"hash": "bwVvAhHLxza", "uri": "/contracts/bwVvAhHLxza#data-security-and-data-protection", "label": "Contract on Public Relations Services", "score": 31.6083150741, "published": true}, {"hash": "fO6zsWQzJ09", "uri": "/contracts/fO6zsWQzJ09#data-security-and-data-protection", "label": "Contract on Public Relations Services", "score": 30.5133680421, "published": true}], "hash": "95f780a05c17b1039c1835b277afd704", "id": 5}, {"size": 2, "snippet": "12.1 The Supplier shall ensure that any system on which the Supplier holds Balfour \u2587\u2587\u2587\u2587\u2587\u2587 Data, is secure and ensures complete data integrity in accordance with Good Industry Practice.\n12.2 The Supplier shall indemnify Balfour \u2587\u2587\u2587\u2587\u2587\u2587 on demand and shall keep Balfour \u2587\u2587\u2587\u2587\u2587\u2587 indemnified from and against any and all Losses arising out of or in connection with the Supplier's breach of its obligations under this Clause 12.\n12.3 Each party shall at all times comply with its respective obligations under all applicable data protection and privacy legislation (\"Data Protection Legislation\") in relation to all Balfour \u2587\u2587\u2587\u2587\u2587\u2587 Personal Data that are processed by it in connection with this Agreement, including by maintaining all necessary registrations or notifications in respect of such processing.\n12.4 The Supplier shall not process any Balfour \u2587\u2587\u2587\u2587\u2587\u2587 Data that is processed by or in connection with this Agreement for any purposes other than those expressly authorised by \u2587\u2587\u2587\u2587\u2587\u2587\u2587 \u2587\u2587\u2587\u2587\u2587\u2587 (and in any event only in the United Kingdom and only to the extent required for the performance of its obligations under this Agreement) and shall comply with all instructions given by \u2587\u2587\u2587\u2587\u2587\u2587\u2587 \u2587\u2587\u2587\u2587\u2587\u2587 from time to time in relation to such processing.\n12.5 The Supplier warrants that it has appropriate technical and organisational processes and procedures in place to safeguard against any unauthorised or unlawful processing against accidental loss or destruction of or damage to the Personal Data.", "snippet_links": [{"key": "the-supplier-shall", "type": "clause", "offset": [5, 23]}, {"key": "data-integrity", "type": "definition", "offset": [127, 141]}, {"key": "in-accordance-with", "type": "definition", "offset": [142, 160]}, {"key": "good-industry-practice", "type": "definition", "offset": [161, 183]}, {"key": "on-demand", "type": "clause", "offset": [234, 243]}, {"key": "arising-out-of", "type": "definition", "offset": [322, 336]}, {"key": "in-connection-with", "type": "clause", "offset": [340, 358]}, {"key": "breach-of", "type": "definition", "offset": [374, 383]}, {"key": "clause-12", "type": "clause", "offset": [411, 420]}, {"key": "each-party", "type": "clause", "offset": [427, 437]}, {"key": "at-all-times", "type": "definition", "offset": [444, 456]}, {"key": "comply-with", "type": "clause", "offset": [457, 468]}, {"key": "respective-obligations", "type": "clause", "offset": [473, 495]}, {"key": "privacy-legislation", "type": "clause", "offset": [537, 556]}, {"key": "data-protection-legislation", "type": "definition", "offset": [559, 586]}, {"key": "in-relation-to", "type": "clause", "offset": [589, 603]}, {"key": "in-respect-of", "type": "clause", "offset": [767, 780]}, {"key": "agreement-for", "type": "clause", "offset": [906, 919]}, {"key": "authorised-by", "type": "definition", "offset": [960, 973]}, {"key": "the-united-kingdom", "type": "clause", "offset": [1015, 1033]}, {"key": "to-the-extent", "type": "clause", "offset": [1043, 1056]}, {"key": "the-performance", "type": "clause", "offset": [1070, 1085]}, {"key": "obligations-under-this-agreement", "type": "clause", "offset": [1093, 1125]}, {"key": "from-time-to-time", "type": "clause", "offset": [1190, 1207]}, {"key": "the-supplier-warrants", "type": "clause", "offset": [1245, 1266]}, {"key": "technical-and", "type": "clause", "offset": [1291, 1304]}, {"key": "processes-and-procedures", "type": "clause", "offset": [1320, 1344]}, {"key": "in-place", "type": "definition", "offset": [1345, 1353]}, {"key": "loss-or-destruction", "type": "clause", "offset": [1434, 1453]}, {"key": "the-personal-data", "type": "definition", "offset": [1470, 1487]}], "samples": [{"hash": "jpkx67rZ064", "uri": "/contracts/jpkx67rZ064#data-security-and-data-protection", "label": "Conditions of Order", "score": 24.200137569, "published": true}, {"hash": "k3OSdswG9in", "uri": "/contracts/k3OSdswG9in#data-security-and-data-protection", "label": "Conditions of Order", "score": 23.6536618754, "published": true}], "hash": "58bfaa2c709b1f9ebf3a4a407d5945f8", "id": 6}, {"size": 1, "snippet": "Icertis has implemented and will maintain reasonable administrative, physical and technical security measures consistent with current prevailing security practices in the United States software-as-a-service industry and intended to protect against the loss, misuse, unauthorized access, alteration or disclosure of Subscriber Data. Such measures will include compliance with Icertis\u2019 Security Framework attached hereto as Exhibit B. Icertis will comply with all applicable law concerning privacy, data transfer and security. Subscriber will notify Icertis if the European Union General Data Protection Regulation (\u201cGDPR\u201d) will be applicable to Subscriber\u2019s use of the SaaS (i.e. if Subscriber will be including personal data of data subjects residing in the European Union or the UK into the SaaS). If the parties process such personal data, the Data Protection Addendum \u2013 Standard Contractual Clauses - on the Icertis website (\u2587\u2587\u2587.\u2587\u2587\u2587\u2587\u2587\u2587\u2587.\u2587\u2587\u2587/\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587) will apply. Subscriber must immediately notify Icertis of any suspected security breach at \u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587@\u2587\u2587\u2587\u2587\u2587\u2587\u2587.\u2587\u2587\u2587, followed by contacting Subscriber\u2019s customer relationship manager.", "snippet_links": [{"key": "technical-security-measures", "type": "clause", "offset": [82, 109]}, {"key": "consistent-with", "type": "clause", "offset": [110, 125]}, {"key": "security-practices", "type": "clause", "offset": [145, 163]}, {"key": "in-the-united-states", "type": "clause", "offset": [164, 184]}, {"key": "unauthorized-access", "type": "clause", "offset": [266, 285]}, {"key": "subscriber-data", "type": "definition", "offset": [315, 330]}, {"key": "compliance-with", "type": "definition", "offset": [359, 374]}, {"key": "security-framework", "type": "clause", "offset": [384, 402]}, {"key": "attached-hereto-as-exhibit", "type": "definition", "offset": [403, 429]}, {"key": "comply-with", "type": "clause", "offset": [446, 457]}, {"key": "applicable-law", "type": "clause", "offset": [462, 476]}, {"key": "data-transfer-and-security", "type": "clause", "offset": [497, 523]}, {"key": "european-union-general-data-protection-regulation", "type": "clause", "offset": [563, 612]}, {"key": "applicable-to", "type": "clause", "offset": [630, 643]}, {"key": "personal-data", "type": "clause", "offset": [711, 724]}, {"key": "data-subjects", "type": "clause", "offset": [728, 741]}, {"key": "the-parties", "type": "definition", "offset": [802, 813]}, {"key": "data-protection-addendum", "type": "definition", "offset": [846, 870]}, {"key": "standard-contractual-clauses", "type": "definition", "offset": [873, 901]}, {"key": "security-breach", "type": "clause", "offset": [1028, 1043]}, {"key": "customer-relationship-manager", "type": "definition", "offset": [1105, 1134]}], "samples": [{"hash": "crcnIEqc3bR", "uri": "/contracts/crcnIEqc3bR#data-security-and-data-protection", "label": "Saas Subscription and Services Agreement", "score": 27.7241615332, "published": true}], "hash": "6b52b8f6489e85399636c92ba1823367", "id": 7}, {"size": 1, "snippet": "9.1 Each Party shall ensure that the part of the Service and the Party\u2019s own environments, such as equipment, service production facilities and business premises, within that Party\u2019s responsibility under the Agreement, are protected against data security threats in accordance with the adequate data security procedures used by the Party and shall ensure that measures relating to data security and backup are complied with.\n9.2 Each Party is responsible for the data security of its own data system and communications network. Neither Party is responsible for the data security of the general communications network or any disturbance in the general communications network or for any other impediment affecting the use of the Service beyond its control nor for damage resulting thereof.\n9.3 Unless otherwise agreed expressly in writing, each Party shall be responsible for making back-up copies of its own data and data files and for verifying the functionality of such back-up copies.\n9.4 Customer shall comply with all applicable data protection laws, including but not limited to the General Data Protection Regulation of the European Union (2016/679/EU, \u201cGDPR\"), which relate to Customer\u2019s activities or use of the Service or Customer Material.\n9.5 In connection with the processing of personal data in the Service, Customer shall be the data controller referred to in the GDPR. Supplier shall process the personal data in question on Customer\u2019s behalf and by the order of Customer.\n9.6 Parties have agreed on the processing of personal data in more detail on a separate appendix attached to the Service Agreement.", "snippet_links": [{"key": "each-party", "type": "clause", "offset": [4, 14]}, {"key": "the-party", "type": "clause", "offset": [61, 70]}, {"key": "production-facilities", "type": "clause", "offset": [118, 139]}, {"key": "business-premises", "type": "clause", "offset": [144, 161]}, {"key": "the-agreement", "type": "clause", "offset": [204, 217]}, {"key": "in-accordance-with", "type": "definition", "offset": [263, 281]}, {"key": "data-security-procedures", "type": "clause", "offset": [295, 319]}, {"key": "relating-to", "type": "definition", "offset": [369, 380]}, {"key": "security-and-backup", "type": "clause", "offset": [386, 405]}, {"key": "responsible-for", "type": "clause", "offset": [443, 458]}, {"key": "data-system", "type": "clause", "offset": [488, 499]}, {"key": "neither-party", "type": "definition", "offset": [528, 541]}, {"key": "security-of-the", "type": "clause", "offset": [570, 585]}, {"key": "general-communications-network", "type": "definition", "offset": [586, 616]}, {"key": "in-the-general", "type": "clause", "offset": [636, 650]}, {"key": "use-of-the-service", "type": "clause", "offset": [716, 734]}, {"key": "unless-otherwise-agreed", "type": "definition", "offset": [792, 815]}, {"key": "in-writing", "type": "clause", "offset": [826, 836]}, {"key": "be-responsible", "type": "clause", "offset": [855, 869]}, {"key": "copies-of", "type": "definition", "offset": [889, 898]}, {"key": "data-files", "type": "clause", "offset": [916, 926]}, {"key": "customer-shall", "type": "clause", "offset": [991, 1005]}, {"key": "comply-with", "type": "clause", "offset": [1006, 1017]}, {"key": "applicable-data-protection-laws", "type": "clause", "offset": [1022, 1053]}, {"key": "not-limited", "type": "clause", "offset": [1069, 1080]}, {"key": "regulation-of", "type": "clause", "offset": [1112, 1125]}, {"key": "the-european-union", "type": "clause", "offset": [1126, 1144]}, {"key": "to-customer", "type": "clause", "offset": [1181, 1192]}, {"key": "customer-material", "type": "definition", "offset": [1231, 1248]}, {"key": "in-connection-with", "type": "clause", "offset": [1254, 1272]}, {"key": "the-processing-of-personal-data", "type": "clause", "offset": [1273, 1304]}, {"key": "the-data-controller", "type": "definition", "offset": [1339, 1358]}, {"key": "the-gdpr", "type": "definition", "offset": [1374, 1382]}, {"key": "supplier-shall", "type": "clause", "offset": [1384, 1398]}, {"key": "the-personal-data", "type": "definition", "offset": [1407, 1424]}, {"key": "of-customer", "type": "clause", "offset": [1475, 1486]}, {"key": "have-agreed", "type": "clause", "offset": [1500, 1511]}, {"key": "a-separate", "type": "definition", "offset": [1565, 1575]}, {"key": "service-agreement", "type": "clause", "offset": [1601, 1618]}], "samples": [{"hash": "9wEEhmyB861", "uri": "/contracts/9wEEhmyB861#data-security-and-data-protection", "label": "Service Agreement", "score": 33.68493479, "published": true}], "hash": "f66974655b4255c1419c9a1b1e61f3dc", "id": 8}, {"size": 1, "snippet": "5.1 The Merchant warrants that it shall at all times remain compliant with the applicable PCI DSS standard and that it will comply with all the requirements for obtaining and maintaining compliance as determined by Card Associations from time to time.\n5.2 The Merchant shall provide the Acquirer with annual proof of its compliance and respond to any request from the Acquirer with regard to its current compliance status which may be required by the Acquirer for purposes of reporting to Card Associations.\n5.3 If the Merchant stores Cardholder information such as Account numbers (Primary Account Number), expiration dates, and other sensitive Cardholder data in any location, the Merchant shall follow Card Associations guidelines on securing such data, in addition to applicable data protection laws.\n5.4 The Merchant must keep all systems and media containing Visa card and MasterCard account or account of any Card Association, Cardholder, or Transaction information (whether physical or electronic) in a secure manner so as to prevent access by or disclosure to any unauthorised party. The Merchant must destroy all information not necessary to retain, in a manner that will render the data unreadable.\n5.5 The Merchant shall not store CVC2 or CVV2, PIN or PIN Blocks under any circumstances.\n5.6 The Merchant shall meet all costs associated with achieving compliance and is solely responsible for any fines, costs or charges arising from not being compliant or data held by it being used for fraudulent or unauthorized purposes.\n5.7 The Merchant shall immediately notify the Acquirer of any suspected or confirmed loss or theft of any Cardholder data. In addition, The Merchant must provide reasonable access to Card Associations or an independent third party authorized by them or the Acquirer to verify the Merchant\u2019s ability to prevent future security breaches in a manner consistent with the requirements of any applicable rule.\n5.8 The Acquirer is registered as a data controller under the Data Protection Act 2017. In the exercise of its business, all personal data collected and processed will be in accordance with the current data protection legislation and the Acquirer shall ensure that any disclosure of personal data is made with the Merchant\u2019s consent or is otherwise lawful. The Merchant undertakes to provide all required information, at all times. If at a later date changes should occur to the Merchant\u2019s data or if the Merchant has an enquiry, he shall send them in writing to the Acquirer. It is expressly understood that the Merchant shall abide by all its obligations under the Data Protection Act 2017, failing which it shall hold the Acquirer harmless for any prejudice caused to the latter as a result of the Merchant\u2019s non- compliance with the Act.\n5.9 The Acquirer may transfer personal information of the Merchant to entities in other countries for the purposes of this Agreement on the basis that anyone to whom such information is passed protects it to the same standard as the Acquirer would, and in accordance with applicable laws. The Acquirer will only transfer personal information of the Merchant if it is legally obligated to do so, and where the other country has laws that adequately protect the personal information, or where the Acquirer has imposed contractual obligations on the recipients that require them to protect the personal information to the same standard as the Acquirer is legally required to.", "snippet_links": [{"key": "at-all-times", "type": "definition", "offset": [40, 52]}, {"key": "the-applicable", "type": "clause", "offset": [75, 89]}, {"key": "pci-dss", "type": "definition", "offset": [90, 97]}, {"key": "comply-with", "type": "clause", "offset": [124, 135]}, {"key": "requirements-for", "type": "clause", "offset": [144, 160]}, {"key": "maintaining-compliance", "type": "clause", "offset": [175, 197]}, {"key": "card-associations", "type": "clause", "offset": [215, 232]}, {"key": "from-time-to-time", "type": "clause", "offset": [233, 250]}, {"key": "the-merchant-shall", "type": "clause", "offset": [256, 274]}, {"key": "provide-the", "type": "clause", "offset": [275, 286]}, {"key": "proof-of", "type": "clause", "offset": [308, 316]}, {"key": "respond-to", "type": "definition", "offset": [336, 346]}, {"key": "with-regard-to", "type": "clause", "offset": [377, 391]}, {"key": "compliance-status", "type": "definition", "offset": [404, 421]}, {"key": "by-the-acquirer", "type": "clause", "offset": [444, 459]}, {"key": "for-purposes-of", "type": "clause", "offset": [460, 475]}, {"key": "reporting-to", "type": "definition", "offset": [476, 488]}, {"key": "cardholder-information", "type": "definition", "offset": [535, 557]}, {"key": "account-numbers", "type": "clause", "offset": [566, 581]}, {"key": "primary-account-number", "type": "definition", "offset": [583, 605]}, {"key": "expiration-dates", "type": "clause", "offset": [608, 624]}, {"key": "cardholder-data", "type": "definition", "offset": [646, 661]}, {"key": "in-addition-to", "type": "clause", "offset": [757, 771]}, {"key": "applicable-data-protection-laws", "type": "clause", "offset": [772, 803]}, {"key": "the-merchant-must", "type": "clause", "offset": [809, 826]}, {"key": "visa-card", "type": "definition", "offset": [865, 874]}, {"key": "mastercard-account", "type": "definition", "offset": [879, 897]}, {"key": "transaction-information", "type": "definition", "offset": [949, 972]}, {"key": "all-information", "type": "clause", "offset": [1119, 1134]}, {"key": "the-data", "type": "clause", "offset": [1189, 1197]}, {"key": "not-store", "type": "definition", "offset": [1233, 1242]}, {"key": "all-costs", "type": "definition", "offset": [1328, 1337]}, {"key": "associated-with", "type": "definition", "offset": [1338, 1353]}, {"key": "responsible-for", "type": "clause", "offset": [1389, 1404]}, {"key": "data-held", "type": "clause", "offset": [1469, 1478]}, {"key": "notify-the", "type": "clause", "offset": [1572, 1582]}, {"key": "loss-or-theft", "type": "clause", "offset": [1622, 1635]}, {"key": "access-to", "type": "definition", "offset": [1710, 1719]}, {"key": "independent-third-party", "type": "definition", "offset": [1744, 1767]}, {"key": "authorized-by", "type": "definition", "offset": [1768, 1781]}, {"key": "to-verify", "type": "definition", "offset": [1803, 1812]}, {"key": "ability-to", "type": "definition", "offset": [1828, 1838]}, {"key": "security-breaches", "type": "definition", "offset": [1854, 1871]}, {"key": "consistent-with-the", "type": "clause", "offset": [1884, 1903]}, {"key": "applicable-rule", "type": "definition", "offset": [1924, 1939]}, {"key": "data-controller", "type": "definition", "offset": [1977, 1992]}, {"key": "data-protection-act", "type": "clause", "offset": [2003, 2022]}, {"key": "exercise-of", "type": "clause", "offset": [2036, 2047]}, {"key": "data-collected", "type": "clause", "offset": [2075, 2089]}, {"key": "in-accordance-with", "type": "definition", "offset": [2112, 2130]}, {"key": "data-protection-legislation", "type": "definition", "offset": [2143, 2170]}, {"key": "disclosure-of-personal-data", "type": "clause", "offset": [2210, 2237]}, {"key": "to-provide", "type": "definition", "offset": [2322, 2332]}, {"key": "required-information", "type": "definition", "offset": [2337, 2357]}, {"key": "date-changes", "type": "clause", "offset": [2387, 2399]}, {"key": "in-writing", "type": "clause", "offset": [2490, 2500]}, {"key": "obligations-under-the", "type": "clause", "offset": [2586, 2607]}, {"key": "compliance-with-the-act", "type": "clause", "offset": [2758, 2781]}, {"key": "information-of", "type": "clause", "offset": [2822, 2836]}, {"key": "other-countries", "type": "clause", "offset": [2865, 2880]}, {"key": "for-the-purposes-of-this-agreement", "type": "clause", "offset": [2881, 2915]}, {"key": "the-basis", "type": "clause", "offset": [2919, 2928]}, {"key": "such-information", "type": "definition", "offset": [2949, 2965]}, {"key": "with-applicable-laws", "type": "clause", "offset": [3050, 3070]}, {"key": "the-personal", "type": "clause", "offset": [3239, 3251]}, {"key": "contractual-obligations", "type": "clause", "offset": [3299, 3322]}, {"key": "the-recipients", "type": "clause", "offset": [3326, 3340]}, {"key": "legally-required", "type": "definition", "offset": [3435, 3451]}], "samples": [{"hash": "g6r9sUJ1BgQ", "uri": "/contracts/g6r9sUJ1BgQ#data-security-and-data-protection", "label": "Multi Channel Acquiring Merchant Agreement", "score": 32.7910095958, "published": true}], "hash": "20602f8a64b756d0ece0b47b7063e8a4", "id": 9}, {"size": 1, "snippet": "(1) The data security and data protection requirements to be observed are specified in Annex 3. Section 18 of JIT 2015 \u2013 General Terms and Conditions shall also be applied.\n(2) The Supplier shall handle any personal data contained by the Service or received in connection with the delivery of the Service or Application only in so far as it is necessary for the fulfilment of this agreement and only until the expiry of this agreement or the Supplier\u2019s duty to provide assistance. The Supplier is not allowed to use the personal data in their own activities, process them in a manner prohibited by this agreement, combine them with other data in their possession, or to release them to third parties.\n(3) The Supplier may not handle the personal data, contained by the Service or received in connection with the delivery of the Service or Application, outside the EU or the EEA or from outside the EU or the EEA or transfer such data outside the EU or the EEA.\n(4) The limitations to liability presented in this agreement or its annexes do not apply to violations of data security and data protection.", "snippet_links": [{"key": "the-data", "type": "clause", "offset": [4, 12]}, {"key": "security-and-data-protection-requirements", "type": "clause", "offset": [13, 54]}, {"key": "annex-3", "type": "clause", "offset": [87, 94]}, {"key": "section-18", "type": "clause", "offset": [96, 106]}, {"key": "general-terms-and-conditions", "type": "definition", "offset": [121, 149]}, {"key": "the-supplier-shall", "type": "clause", "offset": [177, 195]}, {"key": "in-connection-with", "type": "clause", "offset": [258, 276]}, {"key": "delivery-of-the-service", "type": "clause", "offset": [281, 304]}, {"key": "application-only", "type": "clause", "offset": [308, 324]}, {"key": "necessary-for", "type": "definition", "offset": [344, 357]}, {"key": "agreement-or", "type": "definition", "offset": [425, 437]}, {"key": "duty-to-provide-assistance", "type": "clause", "offset": [453, 479]}, {"key": "not-allowed", "type": "clause", "offset": [497, 508]}, {"key": "the-personal-data", "type": "definition", "offset": [516, 533]}, {"key": "by-this-agreement", "type": "clause", "offset": [595, 612]}, {"key": "other-data", "type": "definition", "offset": [632, 642]}, {"key": "to-third-parties", "type": "clause", "offset": [683, 699]}, {"key": "the-eu", "type": "clause", "offset": [860, 866]}, {"key": "limitations-to-liability", "type": "clause", "offset": [969, 993]}, {"key": "in-this-agreement", "type": "clause", "offset": [1004, 1021]}], "samples": [{"hash": "5Ia5hN5Axhv", "uri": "/contracts/5Ia5hN5Axhv#data-security-and-data-protection", "label": "Agreement for the Provision of Services", "score": 31.0882152339, "published": true}], "hash": "88729dce40551427d87bc63f432cddf0", "id": 10}], "next_curs": "CmoSZGoVc35sYXdpbnNpZGVyY29udHJhY3RzckYLEhZDbGF1c2VTbmlwcGV0R3JvdXBfdjU2IipkYXRhLXNlY3VyaXR5LWFuZC1kYXRhLXByb3RlY3Rpb24jMDAwMDAwMGEMogECZW4YACAA", "clause": {"size": 45, "parents": [["prohibited-business-practices", "Prohibited Business Practices"], ["\u2587\u2587\u2587\u2587\u2587-provisions", "\u2587\u2587\u2587\u2587\u2587 Provisions"]], "title": "DATA SECURITY AND DATA PROTECTION", "children": [["data-protection", "Data Protection"], ["data-security", "Data Security"]], "id": "data-security-and-data-protection", "related": [["privacy-and-data-protection", "Privacy and Data Protection", "Privacy and Data Protection"], ["privacy-and-data-security", "Privacy and Data Security", "Privacy and Data Security"], ["data-security-and-privacy", "Data Security and Privacy", "Data Security and Privacy"], ["cybersecurity-data-protection", "Cybersecurity; Data Protection", "Cybersecurity; Data Protection"], ["data-protection-and-security", "DATA PROTECTION AND SECURITY", "DATA PROTECTION AND SECURITY"]], "related_snippets": [], "updated": "2025-07-07T12:37:48+00:00", "also_ask": [], "drafting_tip": null, "explanation": "The Data Security and Data Protection clause establishes the obligations of parties to safeguard personal and sensitive information from unauthorized access, loss, or misuse. It typically requires the implementation of appropriate technical and organizational measures, such as encryption, access controls, and regular security assessments, to ensure data is handled securely throughout its lifecycle. This clause is essential for ensuring compliance with data protection laws and regulations, and it helps mitigate the risk of data breaches and associated liabilities."}, "json": true, "cursor": ""}}