Common use of Data Security and Privacy Plan Clause in Contracts

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Agreement between [Xxxxx-Fultonville Central School District] and [Vendor Name].” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all applicable state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policySupplement. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit Supplement below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central School District] District and [Vendor Name]Nearpod.” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality AgreementSupplement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Agreement, Vendor LINCOLN LIBRARY PRESS agrees that it will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives received from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply Participating Educational Agencies in accordance with the terms of the District’s BOCES Parents Bill of Rights for Data Security Privacy and PrivacySecurity, a copy of which is set forth below and has been signed by the VendorLINCOLN LIBRARY PRESS and is set forth below. Additional components elements of VendorLINCOLN LIBRARY PRESS’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Agreement are as follows: (a) Vendor will In order to implement all state, federal, and local data security and privacy requirements requirements, including those contained within the Subscription Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s BOCES data security and privacy policy., LINCOLN LIBRARY PRESS will: [ Lincoln Library Press does not receive any Protected Data, nor does it collect data on any individual database users. ] (b) Vendor In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the AGREEMENT, LINCOLN LIBRARY PRESS will have specific the following reasonable administrative, technical, operational and technical physical safeguards and practices in place to protect throughout the term of the AGREEMENT: [Lincoln Library Press does not receive any Protected Data that Data, nor does it receives from the District under the Subscription Agreementcollect data on any individual database users.] (c) Vendor LINCOLN LIBRARY PRESS will comply with all obligations contained within the section set forth in this Exhibit below entitled B OCES “Supplemental Information about a Subscription Agreement between [Xxxxx-Fultonville Central School District] and [Vendor Name].the AGREEMENT” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Agreementbelow. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, LINCOLN LIBRARY PRESS has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Employees of Lincoln Library Press are aware of the federal and state laws governing confidentiality of Protected Data. Lincoln Library Press does not receive any Protected Data, nor does it collect data on any individual database users. (e) Vendor LINCOLN LIBRARY PRESS [check one] will x _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the AGREEMENT. In the event that LINCOLN LIBRARY PRESS engages any subcontractors, assignees, or other authorized agents to perform its obligations under the AGREEMENT, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES “Supplemental Information about the AGREEMENT,” below. (f) LINCOLN LIBRARY PRESS will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to Data, including identify breaches and unauthorized disclosures. Vendor , and LINCOLN LIBRARY PRESS will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement. (g) LINCOLN LIBRARY PRESS will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT is terminated or expires, as more fully described in BOCES “Supplemental Information about the AGREEMENT,” below.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all applicable state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Arlington Central School District] District and [Vendor Name].Canva Pty Ltd.” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by applicable state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the applicable federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Agreement, Vendor agrees that it will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives received from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply Participating Educational Agencies in accordance with the terms of the District’s Erie 1 BOCES’ Parents Bill of Rights for Data Security Privacy and PrivacySecurity, a copy of which is set forth below and has been signed by the VendorVendor and is set forth below. Additional components elements of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Agreement are as follows: (a) Vendor will In order to implement all state, federal, and local data security and privacy requirements requirements, including those contained within the Subscription Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s Erie 1 BOCES’ data security and privacy policy, Vendor will: Review its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, state, and local laws and the terms of this Data Sharing and Confidentiality Agreement. In the event Vendor’s policy and practices are not in conformance, the Vendor will implement commercially reasonable efforts to ensure such compliance. (b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the MLSA, Vendor will have specific the following reasonable administrative, technical, operational and technical physical safeguards and practices in place throughout the term of the MLSA: ExploreLearning, LLC products are on servers and equipment owned and operated by its parent company Cambium Learning. Our servers and all user-specific data are hosted in a secure Tier 4 enterprise data center located in Texas with a failover data center in Michigan. All of our administrative controls are behind firewalls and also require username/password access, which is limited to protect Protected Data that it receives from the District under the Subscription AgreementCambium Learning operational staff. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled Erie 1 BOCES’ “Supplemental Information about a Subscription Agreement between [Xxxxx-Fultonville Central School District] and [Vendor Name].the MLSA” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Agreementbelow. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: Annually, Vendor will require that all of its employees (or officers or employees who have access to Protected Data of any of its subcontractors or assignees) undergo data security and privacy training to ensure that these individuals are aware of and familiar with all applicable data security and privacy laws. (e) The ExploreLearning, LLC subscriptions and services are SaaS-based and provider- hosted, with certain aspects of the program functionality supported for all Vendor’s K-12 educational customers through established service provider and/or subcontractor relationships to enable Vendor to provision and perform its Services under the Agreement, who are under contractual obligations of confidentiality and security with Vendor with respect to same, and Vendor shall remain responsible and liable to Erie 1 BOCES, other applicable BOCES, and each Participating Education Agency for same. Other than the foregoing, Vendor will X will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the MLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the MLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in Erie 1 BOCES’ “Supplemental Information about the MLSA,” below. (f) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify by Vendor or its assignees or subcontractors, including identifying breaches and unauthorized disclosures. , and Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 6 of this Data Sharing and Confidentiality Agreement. (g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the MLSA is terminated or expires, as more fully described in Erie 1 BOCES’ “Supplemental Information about the MLSA,” below.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational operational, and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central School District] BRIARCLIFF MANOR UFSD and [Vendor Name]Dyknow.” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Agreement, Vendor KIDS DISCOVER agrees that it will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives received from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply Participating Educational Agencies in accordance with the terms of the District’s BOCES Parents Bill of Rights for Data Security Privacy and PrivacySecurity, a copy of which is set forth below and has been signed by the VendorKIDS DISCOVER and is set forth below. Additional components elements of VendorKIDS DISCOVER’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Agreement are as follows: (a) Vendor will In order to implement all state, federal, and local data security and privacy requirements requirements, including those contained within the Subscription Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s BOCES data security and privacy policy, KIDS DISCOVER will: Not collect, record, store, or otherwise obtain any Personally Identifiable Information from any users, whether students or teachers or principals, unless it is deemed necessary in order to deliver a purchased solution from Kids Discover. For instance, under Kids Discover Online’s Library Media Plan, all usage of the solution is anonymous, utilizing a generic set of building- wide login credentials or IP Authentication. These measures will ensure that Kids Discover is in full compliance with state, federal, and local data security and privacy requirements. For more detail, please refer to the Data Security and Privacy Plan provided as an attachment to this Agreement. (b) Vendor In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the AGREEMENT, KIDS DISCOVER will have specific the following reasonable administrative, technical, operational and technical physical safeguards and practices in place throughout the term of the AGREEMENT: Please refer to protect the Data Security and Privacy Plan provided as an attachment for more details on Kids Discover’s cybersecurity framework, technology stack, safeguards, and protocols for handling Protected Data that it receives from the District under the Subscription AgreementData. (c) Vendor KIDS DISCOVER will comply with all obligations contained within the section set forth in this Exhibit below entitled B OCES “Supplemental Information about a Subscription Agreement between [Xxxxx-Fultonville Central School District] and [Vendor Name].the AGREEMENT” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Agreementbelow. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, KIDS DISCOVER has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: Please refer to the Data Security and Privacy Plan provided as an attachment for more details on how Kids Discover personnel, including contracted workers, are trained and qualified to handle Protected Data. (e) Vendor KIDS DISCOVER [check one] X will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the AGREEMENT. In the event that KIDS DISCOVER engages any subcontractors, assignees, or other authorized agents to perform its obligations under the AGREEMENT, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES “Supplemental Information about the AGREEMENT,” below. (f) KIDS DISCOVER will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to Data, including identify breaches and unauthorized disclosures. Vendor , and KIDS DISCOVER will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 B of this Data Sharing and Confidentiality Agreement. (g) KIDS DISCOVER will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT is terminated or expires, as more fully described in BOCES “Supplemental Information about the AGREEMENT,” below.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Agreement, Vendor agrees that it will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives received from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply Participating Educational Agencies in accordance with the terms of the District’s BOCES Parents Bill of Rights for Data Security Privacy and PrivacySecurity, a copy of which is set forth below and has been signed by the VendorVendor and is set forth below. Additional components elements of Vendor’s ’ Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Agreement are as follows: (a) Vendor will In order to implement all state, federal, and local data security and privacy requirements requirements, including those contained within the Subscription Agreement and this Data Sharing and Confidentiality AgreementDPA, consistent with the District’s BOCES data security _ ] and privacy policy. (b) , Vendor will have specific administrativewill: [ at a minimum, operational and technical safeguards and practices in place to protect Protected Data require that it receives from the District under the Subscription Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Agreement between [Xxxxx-Fultonville Central School District] and [Vendor Name].” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require any subcontractors or other authorized persons or entities person who may hav to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Agreement shall apply to the subcontractor, and (ii) its obligation to this DPA; follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) termination of the Subscription Agreement. (d) Vendor has provided or will this DPA; provide training on the federal and state laws governing confidentiality of Protected Data; and manage any security incidents in accordance with laws (b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENT, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENT: [ Limitation of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; and use of firewalls and username/password and other access control requirements, among other recommended best practices. (c) Vendor will comply with all obligations set forth in B OCES “Supplemental Information about the AGREEMENT” below. (d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021, Vendor provided in-person training sessions to employees with access on a regular basis, and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules that _] (e) Vendor [check one] will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENT. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENT, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES “Supplemental Information about the Vendor AGREEMENT,” below. (ef) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to Data, including identify breaches and unauthorized disclosures. , and Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 6 of this Data Sharing and Confidentiality Agreement. (g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT is terminated or expires, as more fully described in BOCES “Supplemental Information about the AGREEMENT,” below.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor Xxxxxxx will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the School or District. VendorXxxxxxx’s Plan for protecting the School or District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the School or District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the VendorXxxxxxx. Additional components of VendorXxxxxxx’s Data Security and Privacy Plan for protection of the School or District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor Quizizz will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the School or District’s data security and privacy policy. (b) Vendor Quizizz will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the School or District under the Subscription Master Agreement. (c) Vendor Xxxxxxx will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central School District] or District and [Vendor Name].Quizizz” VendorQuizizz’s obligations described within this section include, but are not limited to: : (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor Quizizz by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor Xxxxxxx has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor Quizizz will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor Quizizz will provide prompt notification to the School or District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Agreement, Vendor agrees that it will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives received from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply Participating Educational Agencies in accordance with the terms of the District’s Erie 1 BOCES’ Parents Bill of Rights for Data Security Privacy and PrivacySecurity, a copy of which is set forth below and has been signed by the VendorVendor and is set forth below. Additional components elements of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Agreement are as follows: (a) Vendor will In order to implement all state, federal, and local data security and privacy requirements requirements, including those contained within the Subscription Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s Erie 1 BOCES’ data security and privacy policy, Vendor will: Review its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, state, and local laws and the terms of this Data Sharing and Confidentiality Agreement. In the event Vendor’s policy and practices are not in conformance, the Vendor will implement commercially reasonable efforts to ensure such compliance. (b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the MLSA, Vendor will have specific the following reasonable administrative, technical, operational and technical physical safeguards and practices in place throughout the term of the MLSA: Please refer to protect Protected Data that it receives from the District under the Subscription Agreementattached Information Security Overview. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled Erie 1 BOCES’ “Supplemental Information about a Subscription Agreement between [Xxxxx-Fultonville Central School District] and [Vendor Name].the MLSA” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Agreementbelow. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: Annually, Vendor will require that all of its employees (or officers or employees of any of its subcontractors or assignees) undergo data security and privacy training to ensure that these individuals are aware of and familiar with all applicable data security and privacy laws. (e) Vendor [check one] X will will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the MLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the MLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in Erie 1 BOCES’ “Supplemental Information about the MLSA,” below. (f) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify Data, including identifying breaches and unauthorized disclosures. , and Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 6 of this Data Sharing and Confidentiality Agreement. (g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the MLSA is terminated or expires, as more fully described in Erie 1 BOCES’ “Supplemental Information about the MLSA,” below.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Agreement, Vendor agrees that it will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives received from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply Participating Educational Agencies in accordance with the terms of the District’s Erie 1 BOCES’ Parents Bill of Rights for Data Security Privacy and PrivacySecurity, a copy of which is set forth below and has been signed by the VendorVendor and is set forth below. Additional components elements of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Agreement are as follows: (a) Vendor will In order to implement all state, federal, and local data security and privacy requirements requirements, including those contained within the Subscription Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s Erie 1 BOCES’ data security and privacy policy, Vendor will: Review its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, state, and local laws and the terms of this Data Sharing and Confidentiality Agreement. In the event Vendor’s policy and practices are not in conformance, the Vendor will implement commercially reasonable efforts to ensure such compliance. (b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the MLSA, Vendor will have specific the following reasonable administrative, technical, operational and technical physical safeguards and practices in place throughout the term of the MLSA: ● Pseudonymization and encryption of PII (TLS v1.2 and v1.3 for all data in transit between clients and server and AES256-CBC (256-bit Advanced Encryption Standard in Cipher Block Chaining mode) for encrypting data at rest). ● Password protection. ● Ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services. ● Restore the availability and access to protect Protected Data that it receives from personal data in a timely manner in the District under event of a technical incident. ● Regularly test, assess and evaluate the Subscription Agreementeffectiveness of technical and organizational measures ensuring the security of the processing. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled Erie 1 BOCES’ “Supplemental Information about a Subscription Agreement between [Xxxxx-Fultonville Central School District] and [Vendor Name].the MLSA” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Agreementbelow. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: Annually, Vendor will require that all of its employees (or officers or employees of any of its subcontractors or assignees) undergo data security and privacy training to ensure that these individuals are aware of and familiar with all applicable data security and privacy laws. Vendor does not provide training on federal and state laws governing confidentiality of such data to its subcontractors. Notwithstanding the foregoing, the Vendor will execute written agreements with each subcontractor to ensure that they abide by terms consistent with and no less stringent than those outlined herein, including the obligation to provide training on the federal and state laws governing confidentiality of such data, and comply with state and federal laws and regulations. Vendor shall be liable for the acts and omissions of its subcontractors. (e) Vendor [check one] ✔ will ( will not) utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the MLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the MLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in Erie 1 BOCES’ “Supplemental Information about the MLSA,” below. (f) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify Data, including identifying breaches and unauthorized disclosures. , and Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 6 of this Data Sharing and Confidentiality Agreement. (g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the MLSA is terminated or expires, as more fully described in Erie 1 BOCES’ “Supplemental Information about the MLSA,” below.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Chazy Central Rural School District] District and [Vendor NameName of Vendor].” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Panama Central School District] and [Vendor NameName of Vendor].” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [XxxxxJasper-Fultonville Troupsburg Central School District] and [Vendor NameIXL and Quia].” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [XxxxxJasper-Fultonville Troupsburg Central School District] and [Vendor NameDeltaMath].” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Agreement, Vendor agrees that it will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives received from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply Participating Educational Agencies in accordance with the terms of the District’s BOCES Parents Bill of Rights for Data Security Privacy and PrivacySecurity, a copy of which is set forth below and has been signed by the VendorVendor and is set forth below. Additional components elements of Vendor’s ’ Data Security and Privacy Plan for protection of Plan, to the District’s Protected Data throughout the term of the Subscription Agreement extent not set forth below, are as follows:set forth in Vendor’s privacy policy located at xxxxx://xxx.xxxxxxxxxxxxxxxx.xxx/help/privacy-policy/. (a) Vendor will In order to implement all state, federal, and local data security and privacy requirements requirements, including those contained within the Subscription Agreement and this Data Sharing and Confidentiality AgreementDPA, consistent with the District’s BOCES data security and privacy policy., Vendor will: [ see attached privacy policy _ ] (b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENT, Vendor will have specific the following reasonable administrative, technical, operational and technical physical safeguards and practices in place to protect Protected Data that it receives from throughout the District under term of the Subscription Agreement.Vendor AGREEMENT: [ See attached privacy policy (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled B OCES “Supplemental Information about a Subscription Agreement between [Xxxxx-Fultonville Central School District] and [Vendor Name].the AGREEMENT” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Agreementbelow. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ See attached privacy policy (e) Vendor [check one] X will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENT. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENT, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES “Supplemental Information about the Vendor AGREEMENT,” below. (ef) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to Data, including identify breaches and unauthorized disclosures. , and Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 6 of this Data Sharing and Confidentiality Agreement. (g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT is terminated or expires, as more fully described in BOCES “Supplemental Information about the AGREEMENT,” below.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational operational, and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central School District] BRIARCLIFF MANOR UFSD and [Vendor Name].Cengage Learning, Inc..” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Crown Point Central School District] and [Vendor NameName of Vendor].” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central Jamestown City School District] District and [Vendor Name].Vista Higher Learning ” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that comply in writing with the same data protection obligations imposed on security and privacy standards required of Vendor by under this agreement and applicable state and federal law and the Subscription Agreement shall apply to the subcontractor, law. and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided required, or will provide or require training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central Jamestown City School District] District and [Vendor Name]Xxxxxx.xxx.” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Agreement between [Xxxxx-Fultonville Central School District] and [Vendor NameSkill Struck, Inc.].” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout Throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as followsset forth in detail in attached Appendix A and describe the following: (a) How Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have The specific administrative, operational and technical safeguards and practices Vendor will have in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) How Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central Jamestown City School District] District and [Vendor Name].Ultimate Drill Book, ” Vendor’s obligations described within this section includeincluding, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Whether and how Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) How Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [XxxxxWashington-Fultonville Central School District] Saratoga- Xxxxxx-Xxxxxxxx-Essex BOCES and [Vendor Name].” Amplify Education, Inc. ”. Vendor’s obligations described within this section include, but are not limited to: (i) i. its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (and ii) . its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central Jamestown City School District] District and [Vendor Name].Acadience Learning ” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill Xxxx of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational operational, and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central School District] BRIARCLIFF MANOR UFSD and [Vendor Name]GeoGebra.” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill Xxxx of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central Jamestown City School District] District and [Vendor Name].Pixton Comics Inc. ” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central Jamestown City School District] District and [Vendor Name].” Renaissance Learning. Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill Xxxx of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Lowville Academy and Central School District] and [Vendor Name]Kami.” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central Jamestown City School District] District and [Vendor Name].Lalilo ” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Agreement, Vendor agrees that it will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives received from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply Participating Educational Agencies in accordance with the terms of the District’s Erie 1 BOCES’ Parents Bill of Rights for Data Security Privacy and PrivacySecurity, a copy of which is set forth below and has been signed by the VendorVendor and is set forth below. Additional components elements of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Agreement are as follows: (a) Vendor will In order to implement all state, federal, and local data security and privacy requirements requirements, including those contained within the Subscription Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s Erie 1 BOCES’ data security and privacy policy, Vendor will: Review its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, state, and local laws and the terms of this Data Sharing and Confidentiality Agreement. In the event Vendor’s policy and practices are not in conformance, the Vendor will implement commercially reasonable efforts to ensure such compliance. (b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the MLSA, Vendor will have specific the following reasonable administrative, technical, operational and technical physical safeguards and practices in place to protect Protected throughout the term of the MLSA: Please see Vendor’s attached Data that it receives from the District under the Subscription AgreementSecurity and Privacy Plan. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled Erie 1 BOCES’ “Supplemental Information about a Subscription Agreement between [Xxxxx-Fultonville Central School District] and [Vendor Name].the MLSA” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Agreementbelow. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: Annually, Vendor will require that all of its employees (or officers or employees of any of its subcontractors or assignees) undergo data security and privacy training to ensure that these individuals are aware of and familiar with all applicable data security and privacy laws. (e) Vendor [check one] X will will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the MLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the MLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in Erie 1 BOCES’ “Supplemental Information about the MLSA,” below. (f) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify Data, including identifying breaches and unauthorized disclosures. , and Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 6 of this Data Sharing and Confidentiality Agreement. (g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the MLSA is terminated or expires, as more fully described in Erie 1 BOCES’ “Supplemental Information about the MLSA,” below.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Xxxxxxxx Central School District] District and [Vendor NameW[NeaVmideeo , Ionfc Vendor].” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all applicable state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central School District] the District and [Vendor Name]Amplify.” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill Xxxx of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational operational, and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central School District] BRIARCLIFF MANOR UFSD and [Vendor Name]Turning Technologies.” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [XxxxxJasper-Fultonville Troupsburg Central School District] and [Vendor NameAccelerate Learning and STEM Scopes].” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill Xxxx of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational operational, and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central School District] BRIARCLIFF MANOR UFSD and [Vendor Name]Breakout EDU.” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill Xxxx of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Lowville Academy and Central School District] and [Vendor Name]Pay Grade.” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Between Xxxxxx Central School District] District and [Vendor Name]Liberty Source LP.” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Agreement, Vendor agrees that it will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives received from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply Participating Educational Agencies in accordance with the terms of the District’s Erie 1 BOCES’ Parents Bill of Rights for Data Security Privacy and PrivacySecurity, a copy of which is set forth below and has been signed by the VendorVendor and is set forth below. Additional components elements of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Agreement are as follows: (a) Vendor will In order to implement all state, federal, and local data security and privacy requirements requirements, including those contained within the Subscription Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s Erie 1 BOCES’ data security and privacy policy, Vendor will: Review its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, state, and local laws and the terms of this Data Sharing and Confidentiality Agreement. In the event Vendor’s policy and practices are not in conformance, the Vendor will implement commercially reasonable efforts to ensure such compliance. (b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the MLSA, Vendor will have specific the following reasonable administrative, technical, operational and technical physical safeguards and practices in place to protect Protected throughout the term of the MLSA: NoRedInk Data that it receives from the District under the Subscription Agreement.Security Plan (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled Erie 1 BOCES’ “Supplemental Information about a Subscription Agreement between [Xxxxx-Fultonville Central School District] and [Vendor Name].the MLSA” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Agreementbelow. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: Annually, Vendor will require that all of its employees (or officers or employees of any of its subcontractors or assignees) undergo data security and privacy training to ensure that these individuals are aware of and familiar with all applicable data security and privacy laws. (e) Vendor [check one] X will will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the MLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the MLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in Erie 1 BOCES’ “Supplemental Information about the MLSA,” below. (f) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify Data, including identifying breaches and unauthorized disclosures. , and Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 6 of this Data Sharing and Confidentiality Agreement. (g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the MLSA is terminated or expires, as more fully described in Erie 1 BOCES’ “Supplemental Information about the MLSA,” below.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill Xxxx of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central Jamestown City School District] District and [Vendor Name].IXL LEARNING ” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central Jamestown City School District] District and [Vendor Name].Yabla, Inc. ” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Xxxxxx Central School District] District and [Vendor Name].Boddle Learning, Inc..” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Xxxxxxxx Central School District] District and [Vendor NameName of Vendor].” . Language Testing International, to: Vendor’s obligations described within this section include, but are not limited to:limited (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Between Xxxxxx Central School District] District and [Vendor Name]Class Solver LLC.” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Xxxxxxxx Central School District] District and [Vendor NameR[NehamabeAssoocfaites VofeWndNorY].” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational operational, and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central School District] BRIARCLIFF MANOR UFSD and [Vendor Name]VISTA Higher Learning.” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill Xxxx of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville AuSable Valley Central School District] and [Vendor Name].” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central Jamestown City School District] District and [Vendor Name].Amplify Education, Inc.” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policypolicy as provided to Vendor. (b) Vendor will have specific administrative, operational operational, and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central School District] BRIARCLIFF MANOR UFSD and [Vendor Name].Xxxxxxxxxx Xxx..” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the be subject to confidentiality and data protection obligations imposed on Vendor by state and federal law law. Scholastic ensures that its subcontractors will abide by such obligations through a combination of technical due diligence, trainings, contractual obligations, instructions, oversight, audits, and the Subscription Agreement shall apply to the subcontractorperiodic tests, scans and other assessments, as appropriate, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorizedauthorized in writing by the District to Vendor) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access (and acknowledges that officers or employees of any of its assignees must have such training prior to such access). (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill Xxxx of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Lowville Academy and Central School District] and [Vendor Name].Themes & Variations Inc.” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central Jamestown City School District] District and [Vendor Name].Wise Music Group (MusicFirst) ” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill Xxxx of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational operational, and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central School District] BRIARCLIFF MANOR UFSD and [Vendor Name]Gimkit.” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational operational, and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central School District] BRIARCLIFF MANOR UFSD and [Vendor Name].Oddcast Inc..” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central Jamestown City School District] District and [Vendor Name].American Reading Company ” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Eden Central School District] District and [Vendor NameClasswork Co (DBA Classkick)].” Vendor’s obligations described within this section include, but are not limited to: (i) i. its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its and ii.its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement comply with all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [XxxxxWashington-Fultonville Central School District] Saratoga- Xxxxxx-Xxxxxxxx-Essex BOCES and [Vendor Name].Desmos, Inc.” Vendor’s obligations described within this section include, but are not limited to: (i) i. its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements agreements, including, but not limited to, terms of service, acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (and ii) . its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. Vendor shall also ensure that any subcontractors it engages to facilitate its obligations under the Master Agreement will comply with all federal and state laws governing confidentiality of Protected Data. A current list of third party subcontractors can be found at xxxxx://xxxxxx.xxx/desmosinc/policies/blob/master/third-party-services.md which is updated from time to time. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) : Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) . Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) . [Name of Vendor] Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Xxxxxxxx Central School District] District and [Vendor Name]YouScience, LLC .” Vendor’s obligations described within this section include, but are not limited to: (i) : its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) and its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) . Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors (other than subcontractors that are limited to hosting data storage or providing technology infrastructure) or assignees) who will have access to Protected Data, prior to their receiving access. (e) . Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Agreement, Vendor agrees that it will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives received from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply Participating Educational Agencies in accordance with the terms of the District’s Bill Erie 1 BOCES’ Parents Xxxx of Rights for Data Security Privacy and PrivacySecurity, a copy of which is set forth below and has been signed by the VendorVendor and is set forth below. Additional components elements of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Agreement are as follows: (a) Vendor will In order to implement all state, federal, and local data security and privacy requirements requirements, including those contained within the Subscription Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s Erie 1 BOCES’ data security and privacy policy, Vendor will: Review its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, state, and local laws and the terms of this Data Sharing and Confidentiality Agreement. In the event Vendor’s policy and practices are not in conformance, the Vendor will implement commercially reasonable efforts to ensure such compliance. (b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the MLSA, Vendor will have specific the following reasonable administrative, technical, operational and technical physical safeguards and practices in place to protect Protected Data that it receives from throughout the District under term of the Subscription AgreementMLSA: Attachment 1: Capstone End User License Agreement (XXXX). Capstone does not collect in PPI information. No Private Student Information is collected. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled Erie 1 BOCES’ “Supplemental Information about a Subscription Agreement between [Xxxxx-Fultonville Central School District] and [Vendor Name].the MLSA” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Agreementbelow. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: Annually, Vendor will require that all of its employees (or officers or employees of any of its subcontractors or assignees) undergo data security and privacy training to ensure that these individuals are aware of and familiar with all applicable data security and privacy laws. (e) Vendor [check one] will X will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the MLSA. In the event that Vendor engages any subcontactors, assignees, or other authorized agents to perform its obligations under the MLSA, it will require such subcontactors, assignees, or other authorized agents to execute written agreements as more fully described in Erie 1 BOCES’ “Supplemental Information about the MLSA,” below. (f) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify Data, including identifying breaches and unauthorized disclosures. , and Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 6 of this Data Sharing and Confidentiality Agreement. (g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the MLSA is terminated or expires, as more fully described in Erie 1 BOCES’ “Supplemental Information about the MLSA,” below.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill Xxxx of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central Pleasantville Union Free School District] District and [Vendor Name]Quillsoft.” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Agreement between [Xxxxx-Fultonville Central School District] and [Vendor NameThe University of Texas Health Science Center at Houston].” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Agreement between [Xxxxx-Fultonville Central School District] and [Vendor NameExploreLearning, LLC].” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that with terms at least as stringent as the data protection obligations imposed on Vendor by state and federal law and the Subscription Agreement shall apply to the subcontractorAgreement, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected toProtected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill Xxxx of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational operational, and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central School District] BRIARCLIFF MANOR UFSD and [Vendor Name].Tools for Schools, Inc.” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards technicalsafeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central Jamestown City School District] District and [Vendor Name].Junior Achievement of Western New York ” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Agreement, Vendor agrees that it will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives received from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply Participating Educational Agencies in accordance with the terms of the District’s Erie 1 BOCES’ Parents Bill of Rights for Data Security Privacy and PrivacySecurity, a copy of which is set forth below and has been signed by the VendorVendor and is set forth below. Additional components elements of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Agreement are as follows: (a) Vendor will In order to implement all state, federal, and local data security and privacy requirements requirements, including those contained within the Subscription Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s Erie 1 BOCES’ data security and privacy policy, Vendor will: Review its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, state, and local laws and the terms of this Data Sharing and Confidentiality Agreement. In the event Vendor’s policy and practices are not in conformance, the Vendor will implement commercially reasonable efforts to ensure such compliance. (b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the MLSA, Vendor will have specific the following reasonable administrative, technical, operational and technical physical safeguards and practices in place to protect Protected throughout the term of the MLSA: [Insert here – also provide a copy of Data that it receives from the District under the Subscription Agreement.Security and Privacy Plan] (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled Erie 1 BOCES’ “Supplemental Information about a Subscription Agreement between [Xxxxx-Fultonville Central School District] and [Vendor Name].the MLSA” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Agreementbelow. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: Annually, Vendor will require that all of its employees (or officers or employees of any of its subcontractors or assignees) undergo data security and privacy training to ensure that these individuals are aware of and familiar with all applicable data security and privacy laws. (e) Vendor [check one] will will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the MLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the MLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in Erie 1 BOCES’ “Supplemental Information about the MLSA,” below. (f) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify Data, including identifying breaches and unauthorized disclosures. , and Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 6 of this Data Sharing and Confidentiality Agreement. (g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the MLSA is terminated or expires, as more fully described in Erie 1 BOCES’ “Supplemental Information about the MLSA,” below.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central Jamestown City School District] District and [Vendor Name]Cengage Learning.” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill Xxxx of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational operational, and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central School District] BRIARCLIFF MANOR UFSD and [Vendor Name].Newsela, Inc.” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill Xxxx of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Xxxxxxxx Central School District] District and [Vendor NameName of Vendor].” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill Xxxx of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central Pleasantville Union Free School District] District and [Vendor Name]Everyday Speech.” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Agreement, Vendor Swank Motion Pictures Inc. agrees that it will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives received from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply Participating Educational Agencies in accordance with the terms of the District’s BOCES Parents Bill of Rights for Data Security Privacy and PrivacySecurity, a copy of which is set forth below and has been signed by the VendorSwank Motion Pictures Inc. and is set forth below. Additional components elements of Vendor’s Swank Motion Pictures Inc.’ Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Agreement are as follows: (a) Vendor will In order to implement all state, federal, and local data security and privacy requirements requirements, including those contained within the Subscription Agreement and this Data Sharing and Confidentiality AgreementDPA, consistent with the District’s BOCES data security and privacy policy., Swank Motion Pictures Inc. will: [ see attached Swank Data Privacy Policy _ ] (b) Vendor In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Swank Motion Pictures Inc. AGREEMENT, Swank Motion Pictures Inc. will have specific the following reasonable administrative, technical, operational and technical physical safeguards and practices in place to protect Protected throughout the term of the Swank Motion Pictures Inc. AGREEMENT: [ See attached Swank Data that it receives from the District under the Subscription Agreement.Privacy Policy (c) Vendor Swank Motion Pictures Inc. will comply with all obligations contained within the section set forth in this Exhibit below entitled B OCES “Supplemental Information about a Subscription Agreement between [Xxxxx-Fultonville Central School District] and [Vendor Name].the AGREEMENT” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Agreementbelow. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, Swank Motion Pictures Inc. has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access., as follows: [ (e) Vendor Swank Motion Pictures Inc. [check one] will X _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Swan k Motion Pictures Inc. AGREEMENT. In the event that Swank Motion Pictures Inc. engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Swank Motion Pictures Inc. AGREEMENT, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES “Supplemental Information about the Swank Motion Pictures Inc. AGREEMENT,” below. (f) Swank Motion Pictures Inc. will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to Data, including identify breaches and unauthorized disclosures. Vendor , and Swank Motion Pictures Inc. will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 6 of this Data Sharing and Confidentiality Agreement. (g) Swank Motion Pictures Inc. will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT is terminated or expires, as more fully described in BOCES “Supplemental Information about the AGREEMENT,” below.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational operational, and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central School District] BRIARCLIFF MANOR UFSD and [Vendor Name]Savvas Learning Company LLC.” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations consistent with those imposed on Vendor by state and federal law and the Subscription Agreement shall apply to the subcontractorMaster Agreement, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of and will ensure that its subcontractors or assigneesassignees are contractually required to train their respective officers or employees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Agreement between [Xxxxx-Fultonville Central School District] and [Vendor Name]ReadWorks.” Vendor’s obligations described within this section include, but are not limited to:” (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill Xxxx of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational operational, and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central School District] BRIARCLIFF MANOR UFSD and [Vendor Name]Socrative.” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Xxxxxxxx Central School District] District and [Vendor Name]Name of Vendor] Shutterfly Lifetouch, LLC .” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Agreement, Vendor agrees that it will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives received from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply Participating Educational Agencies in accordance with the terms of the District’s Erie 1 BOCES’ Parents Bill of Rights for Data Security Privacy and PrivacySecurity, a copy of which is set forth below and has been signed by the VendorVendor and is set forth below. Additional components elements of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Agreement are as follows: (a) Vendor will In order to implement all state, federal, and local data security and privacy requirements requirements, including those contained within the Subscription Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s Erie 1 BOCES’ data security and privacy policy, Vendor will: Review its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, state, and local laws and the terms of this Data Sharing and Confidentiality Agreement. In the event Vendor’s policy and practices are not in conformance, the Vendor will implement commercially reasonable efforts to ensure such compliance. (b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the MLSA, Vendor will have specific the following reasonable administrative, technical, operational and technical physical safeguards and practices in place to protect Protected Data throughout the term of the MLSA: All data that it receives from is hosted by Eyemetric is hosted on the District under the Subscription AgreementMicrosoft Azure platform. This platform has data encryption tools that we employ, as well as conducts vulnerability scans on our software application regularly and consistently. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled Erie 1 BOCES’ “Supplemental Information about a Subscription Agreement between [Xxxxx-Fultonville Central School District] and [Vendor Name].the MLSA” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Agreementbelow. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: Annually, Vendor will require that all of its employees (or officers or employees of any of its subcontractors or assignees) undergo data security and privacy training to ensure that these individuals are aware of and familiar with all applicable data security and privacy laws. (e) Vendor will X will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the MLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the MLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in Erie 1 BOCES’ “Supplemental Information about the MLSA,” below. (f) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify Data, including identifying breaches and unauthorized disclosures. , and Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 6 of this Data Sharing and Confidentiality Agreement. (g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the MLSA is terminated or expires, as more fully described in Erie 1 BOCES’ “Supplemental Information about the MLSA,” below.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill Xxxx of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, ,consistent with the District’s data security and privacy policyandprivacypolicy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central Jamestown City School District] District and [Vendor Name]Newsela.” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill Xxxx of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational operational, and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central School District] BRIARCLIFF MANOR UFSD and [Vendor Name]Swift Education Systems.” Vendor”Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout Throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill Xxxx of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as followsset forth in detail in attached Appendix A and describe the following: (a) How Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have The specific administrative, operational and technical safeguards and practices Vendor will have in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) How Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central Jamestown City School District] District and [Vendor Name].Learning Circle Software LLC, ” Vendor’s obligations described within this section includeincluding, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Whether and how Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) How Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor Quizizz will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the School or District. VendorQuizizz’s Plan for protecting the School or District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the School or District’s Bill Xxxx of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the VendorQuizizz. Additional components of VendorQuizizz’s Data Security and Privacy Plan for protection of the School or District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor Quizizz will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the School or District’s data security and privacy policy. (b) Vendor Quizizz will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the School or District under the Subscription Master Agreement. (c) Vendor Quizizz will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central School District] or District and [Vendor Name].Quizizz” VendorQuizizz’s obligations described within this section include, but are not limited to: : (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor Quizizz by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor Quizizz has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor Quizizz will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor Quizizz will provide prompt notification to the School or District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Agreement, Vendor agrees that it will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives received from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply Participating Educational Agencies in accordance with the terms of the District’s Erie 1 BOCES’ Parents Bill of Rights for Data Security Privacy and PrivacySecurity, a copy of which is set forth below and has been signed by the VendorVendor and is set forth below. Additional components elements of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Agreement are as follows: (a) Vendor will In order to implement all state, federal, and local data security and privacy requirements requirements, including those contained within the Subscription Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s Erie 1 BOCES’ data security and privacy policy, Vendor will: Review its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, state, and local laws and the terms of this Data Sharing and Confidentiality Agreement. In the event Vendor’s policy and practices are not in conformance, the Vendor will implement commercially reasonable efforts to ensure such compliance. (b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the MLSA, Vendor will have specific the following reasonable administrative, technical, operational and technical physical safeguards and practices in place throughout the term of the MLSA: refer to protect Protected Data that it receives from the District under the Subscription Agreement.Security and Privacy Plan in Exhibit E. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled Erie 1 BOCES’ “Supplemental Information about a Subscription Agreement between [Xxxxx-Fultonville Central School District] and [Vendor Name].the MLSA” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Agreementbelow. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: Annually, Vendor will require that all of its employees (or officers or employees of any of its subcontractors or assignees) undergo data security and privacy training to ensure that these individuals are aware of and familiar with all applicable data security and privacy laws. (e) Vendor [check one] x will will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the MLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the MLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in Erie 1 BOCES’ “Supplemental Information about the MLSA,” below. (f) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify Data, including identifying breaches and unauthorized disclosures. , and Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 6 of this Data Sharing and Confidentiality Agreement. (g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the MLSA is terminated or expires, as more fully described in Erie 1 BOCES’ “Supplemental Information about the MLSA,” below.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central School District] the District and [Vendor Name]Delightex.” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Xxxxxx Central School District] District and [Vendor NameCommonLit, Inc.].” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill Xxxx of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central Pleasantville Union Free School District] District and [Vendor Name]Xxxxxxxxx.xxx.” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Xxxxx Central School District] District and [Vendor Name].CodeCombat Inc..” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central Jamestown City School District] District and [Vendor Name].XtraMath ” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational operational, and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central School District] BRIARCLIFF MANOR UFSD and [Vendor Name]Tract.” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill Xxxx of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central Jamestown City School District] District and [Vendor Name].BrainPOP ” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Xxxxxxxx Central School District] District and [Vendor NameSNkaemtcehUp of Vendor].” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policypolicy as provided to Vendor. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Xxxxxxxx Central School District] District and [Vendor Name]Xxxxxxxxxx Xxx.” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the be subject to confidentiality and data protection obligations imposed on Vendor by state and federal law law. Scholastic ensures that its subcontractors will abide by such obligations through a combination of technical due diligence, trainings, contractual obligations, instructions, oversight, audits, and the Subscription Agreement shall apply to the subcontractorperiodic tests, scans and other assessments, as appropriate, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorizedauthorized in writing by District to Vendor) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill Xxxx of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational operational, and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central School District] BRIARCLIFF MANOR UFSD and [Vendor Name]TypeTastic (Vendor).” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill Xxxx of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Lowville Academy and Central School District] and [Vendor Name]Savvas Learning Company LLC.” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the comply with data protection obligations consistent with those imposed on Vendor by state and federal law and the Subscription Agreement shall apply to the subcontractorMaster Agreement, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving accessreceivingaccess. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Agreement, Vendor agrees that it will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives received from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply Participating Educational Agencies in accordance with the terms of the District’s Erie 1 BOCES’ Parents Bill of Rights for Data Security Privacy and PrivacySecurity, a copy of which is set forth below and has been signed by the VendorVendor and is set forth below. Additional components elements of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Agreement are as follows: (a) Vendor will In order to implement all state, federal, and local data security and privacy requirements requirements, including those contained within the Subscription Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s Erie 1 BOCES’ data security and privacy policy, Vendor will: Review its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, state, and local laws and the terms of this Data Sharing and Confidentiality Agreement. In the event Vendor’s policy and practices are not in conformance, the Vendor will implement commercially reasonable efforts to ensure such compliance. (b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the MLSA, Vendor will have specific the following reasonable administrative, technical, operational and technical physical safeguards and practices in place to protect Protected throughout the term of the MLSA: [Insert here – also provide a copy of Data that it receives from the District under the Subscription AgreementSecurity and Privacy Plan] 7Mindsets does not use nor require student data records; See Exhibit E for xSEL Labs and BASE Education Data Security Plans, respectively. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled Erie 1 BOCES’ “Supplemental Information about a Subscription Agreement between [Xxxxx-Fultonville Central School District] and [Vendor Name].the MLSA” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Agreementbelow. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: Annually, Vendor will require that all of its employees (or officers or employees of any of its subcontractors or assignees) undergo data security and privacy training to ensure that these individuals are aware of and familiar with all applicable data security and privacy laws. (e) Vendor [check one] _Ö will utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the MLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the MLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in Erie 1 BOCES’ “Supplemental Information about the MLSA,” below. (f) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify Data, including identifying breaches and unauthorized disclosures. , and Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 6 of this Data Sharing and Confidentiality Agreement. (g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the MLSA is terminated or expires, as more fully described in Erie 1 BOCES’ “Supplemental Information about the MLSA,” below.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill Xxxx of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central Pleasantville Union Free School District] District and [Vendor Name]DeltaMath.” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill Xxxx of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational operational, and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central School District] BRIARCLIFF MANOR UFSD and [Vendor Name].Formative” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Agreement, Vendor agrees that it will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives received from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply Participating Educational Agencies in accordance with the terms of the District’s XXXX BOCES’ Parents Bill of Rights for Data Security Privacy and PrivacySecurity, a copy of which is set forth below and has been signed by the VendorVendor and is set forth below. Additional components elements of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Agreement are as follows: (a) Vendor will In order to implement all state, federal, and local data security and privacy requirements requirements, including those contained within the Subscription Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s XXXX BOCES’ data security and privacy policy, Vendor will: Review its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, state, and local laws and the terms of this Data Sharing and Confidentiality Agreement. In the event Vendor’s policy and practices are not in conformance, the Vendor will implement commercially reasonable efforts to ensure such compliance. (b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the MLSA, Vendor will have specific the following reasonable administrative, technical, operational and technical physical safeguards and practices in place to protect Protected throughout the term of the MLSA: [Insert here – also provide a copy of Data that it receives from the District under the Subscription Agreement.Security and Privacy Plan] (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled XXXX BOCES’ “Supplemental Information about a Subscription Agreement between [Xxxxx-Fultonville Central School District] and [Vendor Name].the MLSA” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Agreementbelow. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: Annually, Vendor will require that all of its employees (or officers or employees of any of its subcontractors or assignees) undergo data security and privacy training to ensure that these individuals are aware of and familiar with all applicable data security and privacy laws. (e) Vendor [check one] will will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the MLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the MLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in XXXX BOCES’ “Supplemental Information about the MLSA,” below. (f) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify Data, including identifying breaches and unauthorized disclosures. , and Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 6 of this Data Sharing and Confidentiality Agreement. (g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the MLSA is terminated or expires, as more fully described in XXXX BOCES’ “Supplemental Information about the MLSA,” below.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Agreement, Vendor agrees that it will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives received from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply Participating Educational Agencies in accordance with the terms of the District’s Erie 1 BOCES’ Parents Bill of Rights for Data Security Privacy and PrivacySecurity, a copy of which is set forth below and has been signed by the VendorVendor and is set forth below. Additional components elements of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Agreement are as follows: (a) Vendor will In order to implement all state, federal, and local data security and privacy requirements requirements, including those contained within the Subscription Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s Erie 1 BOCES’ data security and privacy policy, Vendor will: Review its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, state, and local laws and the terms of this Data Sharing and Confidentiality Agreement. In the event Vendor’s policy and practices are not in conformance, the Vendor will implement commercially reasonable efforts to ensure such compliance. (b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the MLSA, Vendor will have specific the following reasonable administrative, technical, operational and technical physical safeguards and practices in place throughout the term of the MLSA: access control policy designed to protect restrict access to any Protected Data that it receives from only to authorized personnel; background screening and employee training; encryption of data when in transit to Hosted Services and stored encrypted at rest; and the District under the Subscription Agreement.measures outlined in Vendor’s Information Security Schedule, which is attached as Attachment 1 to this Exhibit D. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled Erie 1 BOCES’ “Supplemental Information about a Subscription Agreement between [Xxxxxthe MLSA” below. DocuSign Envelope ID: 1EB45D86-Fultonville Central School District] and [Vendor Name].” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Agreement.3E6A-478D-84B2-7462BE67C97F (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: Annually, Vendor will require that all of its employees undergo data security and privacy training to ensure that these individuals are aware of and familiar with all applicable data security and privacy laws. (e) Vendor [ X will will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the MLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the MLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in Erie 1 BOCES’ “Supplemental Information about the MLSA,” below. (f) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify Data, including identifying breaches and unauthorized disclosures. , and Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 6 of this Data Sharing and Confidentiality Agreement. (g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the MLSA is terminated or expires, as more fully described in Erie 1 BOCES’ “Supplemental Information about the MLSA,” below.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Agreement, Vendor agrees that it will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives received from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply Participating Educational Agencies in accordance with the terms of the District’s Erie 1 BOCES’ Parents Bill of Rights for Data Security Privacy and PrivacySecurity, a copy of which is set forth below and has been signed by the VendorVendor and is set forth below. Additional components elements of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Agreement are as follows: (a) Vendor will In order to implement all state, federal, and local data security and privacy requirements requirements, including those contained within this Amendment, Vendor will: Review its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, state, and local laws and the Subscription Agreement and terms of this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Agreement, Vendor will have specific the following reasonable administrative, technical, operational and technical physical safeguards and practices in place to protect Protected Data that it receives from throughout the District under term of the Subscription Agreement: See Section 3(b) above. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled Erie 1 BOCES’ “Supplemental Information about a Subscription Agreement between [Xxxxx-Fultonville Central School District] and [Vendor Name].in the Agreement” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Agreementbelow. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: Annually, Vendor will require that all of its employees (or officers or employees of any of its subcontractors or assignees) undergo data security and privacy training to ensure that these individuals are aware of and familiar with all applicable data security and privacy laws. (e) Vendor [check one] _X will will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Agreement and agrees to be responsible for their performance subject to the terms of the Agreement and this Amendment. The list of subcontractors is located at: xxxxx://xxx.xxxxxxxxx.xxx/en-us/trust-center/privacy/data- access#subcontractors (f) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify Data, including identifying breaches and unauthorized disclosures. , and Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 6 of this Amendment. (g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data Sharing and Confidentiality Agreementat such time that the Agreement is terminated or expires, as more fully described in Erie 1 BOCES’ “Supplemental Information about the MLSA,” below.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill Xxxx of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational operational, and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central School District] BRIARCLIFF MANOR UFSD and [Vendor Name]Clever Prototypes, LLC.” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill Xxxx of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central Jamestown City School District] District and [Vendor Name]Spelling City.” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Agreement between [Xxxxx-Fultonville Central School District] and [Vendor Name]Really Great Reading.” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Agreement, Vendor agrees that it will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives received from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply Participating Educational Agencies in accordance with the terms of the District’s Erie 1 BOCES’ Parents Bill of Rights for Data Security Privacy and PrivacySecurity, a copy of which is set forth below and has been signed by the VendorVendor and is set forth below. Additional components elements of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Agreement are as follows: (a) Vendor will In order to implement all state, federal, and local data security and privacy requirements requirements, including those contained within the Subscription Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s Erie 1 BOCES’ data security and privacy policy, Vendor will: Review its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, state, and local laws and the terms of this Data Sharing and Confidentiality Agreement. In the event Vendor’s policy and practices are not in conformance, the Vendor will implement commercially reasonable efforts to ensure such compliance. (b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the MLSA, Vendor will have specific the following reasonable administrative, technical, operational and technical physical safeguards and practices in place to protect Protected Data that it receives from throughout the District under term of the Subscription Agreement.MLSA: xxxxx://xxx.xxxxxxxxxxxxxx.xxx/privacy (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled Erie 1 BOCES’ “Supplemental Information about a Subscription Agreement between [Xxxxx-Fultonville Central School District] and [Vendor Name].the MLSA” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Agreementbelow. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: Annually, Vendor will require that all of its employees (or officers or employees of any of its subcontractors or assignees) undergo data security and privacy training to ensure that these individuals are aware of and familiar with all applicable data security and privacy laws. (e) Vendor [check one] will X will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the MLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the MLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in Erie 1 BOCES’ “Supplemental Information about the MLSA,” below. (f) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify Data, including identifying breaches and unauthorized disclosures. , and Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 6 of this Data Sharing and Confidentiality Agreement. (g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the MLSA is terminated or expires, as more fully described in Erie 1 BOCES’ “Supplemental Information about the MLSA,” below.

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Master Agreement between [Xxxxx-Fultonville Central School District] PNWBOCES and [Vendor Name]Discovery Education.” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.