Common use of Data Security and Privacy Clause in Contracts

Data Security and Privacy. 5.1 The Client will provide the Data to DataFix and DataFix will only use the Data as necessary to carry out its obligations under this Agreement, and for no other purpose without the prior written consent of the Client. 5.2 DataFix shall comply with all the confidentiality, security and privacy requirements set out in this Agreement, and any additional Security and Privacy Requirements with respect to the Data that have been provided to DataFix, by the Client, in writing. To the extent DataFix possesses any Data in any form, medium or device during the Term of this Agreement or after the expiration of the Term, the foregoing obligations shall survive and continue to be in legal effect. 5.3 DataFix shall ensure that its employees and contractors are aware of their obligations regarding data security and privacy under this Section 5.0.DataFix shall limit access to Personal Information to its authorized representatives who have a clear need to know in order to provide the Services. DataFix shall ensure that such representatives have agreed to protect the confidentiality and security of the Personal Information to at least the extent provided by this Agreement and DataFix shall properly advise such representatives of the requirements under this Agreement. 5.4 DataFix will protect the security and confidentiality of the Personal Information to at least the same standard as DataFix protects its own most sensitive Confidential Information and, in any event, to at least the standard required by applicable Laws. 5.5 If either Party becomes aware of or reasonably suspects that there has been any unauthorized or improper access to, use or disclosure of any of the Personal Information (a “Security Incident”), such Party will notify the other Party forthwith and, take all reasonable steps to mitigate the Security Incident. 5.6 Without limiting any other provision in this Agreement regarding the security of information, DataFix shall have in place reasonable policies, procedures, and safeguards to protect the confidentiality and security of the Personal Information. DataFix shall ensure the physical security of the Personal Information by making reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure, disposal, loss, or modification.

Data Security and Privacy. 5.1 The data provided by Elections Newfoundland and Labrador is classified as high security and is also protected under the Privacy Act and the Elections Act, 1991. DataFix will treat this data as if they were also subject to the Privacy Act. It will be safeguarded while in our possession and kept securely both in electronic and transfer media (CD) form. 5.2 The Client will provide the Voter Data to DataFix and DataFix understands that it is imperative that the Permanent List of Electors data not be copied for uses other than the project described with the Client and only be used for electoral purposes. It will only use not be used for any purposes other than the Data as necessary to carry out its obligations under this Agreement, and for no other purpose without the prior written consent Municipal Election event. The contents of the Clientfile will not be disclosed to any other party or person for any reason. 5.2 5.3 DataFix shall comply with all of the confidentiality, security and privacy requirements set out in this AgreementAgreement (including, without limitation, the requirements of this Section 5.0, and any additional Additional Security and Privacy Requirements Requirements) with respect to the Data that have been provided to DataFix, by the Client, in writingVoter Data. To the extent DataFix possesses any Voter Data in any form, medium or device during the Term of this Agreement or after the expiration of the Termafter, the foregoing obligations shall survive and continue to be in legal effect. 5.3 5.4 Once the Voter Data is provided to DataFix, the Voter Data will be stored at DataFix’s primary site. DataFix’s primary site is locked and restricted to only DataFix shall employees. All data that flows in and out of the primary site and other equipment is encrypted and otherwise protected against access by, or disclosure to any other party. 5.5 DataFix will ensure that its Enhanced Reliability is in place for all contract employees and contractors are aware who will have access to the Permanent List of their obligations regarding data security and privacy under this Section 5.0.DataFix Electors data. 5.6 DataFix shall limit access to Personal Information to its authorized representatives who have a clear need to know in order to provide the Services. DataFix shall ensure that such representatives have agreed to protect the confidentiality and security of the Personal Information to at least the extent provided by this Agreement and DataFix shall properly advise such representatives of the requirements under this Agreement. 5.4 5.7 If DataFix will protect the security and confidentiality of the Personal Information to at least the same standard as DataFix protects its own most sensitive Confidential Information and, in any event, to at least the standard required by applicable Laws. 5.5 If either Party becomes aware of or reasonably suspects that there has been any unauthorized or improper access to, use or disclosure of any of the Personal Information Information (a “Security Incident”), such Party DataFix will notify the other Party Client forthwith and, take all reasonable steps to mitigate the Security Incident. 5.6 5.8 Without limiting any other provision in this Agreement regarding the security of information, DataFix shall have in place reasonable policies, procedures, procedures and safeguards to protect the confidentiality and security of the Personal Information. DataFix shall ensure the physical security of the Personal Information by making reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure, disposal, loss, loss or modification. 5.9 DataFix shall ensure that its employees are aware of their obligations regarding data security and privacy under this section 5.

Data Security and Privacy. 5.1 The Client will provide the Data to DataFix and DataFix will only use the Data as necessary to carry out its obligations under this Agreement, and for no other purpose without the prior written consent of the Clientpurpose. 5.2 DataFix shall comply with all the confidentiality, security and privacy requirements set out in this Agreement, and any additional Security and Privacy Requirements with respect to the Data that have been provided to DataFix, by the Client, in writingData. To the extent DataFix possesses any Data in any form, medium or device during the Term of this Agreement or after the expiration of the Term, the foregoing obligations shall survive and continue to be in legal effect. 5.3 DataFix shall ensure that its employees and contractors are aware of their obligations regarding data security and privacy under this Section 5.0.DataFix shall limit access to Personal Information to its authorized representatives who have a clear need to know in order to provide the Services. DataFix shall ensure that such representatives have agreed to protect the confidentiality and security of the Personal Information to at least the extent provided by this Agreement and DataFix shall properly advise such representatives of the requirements under this Agreement. 5.4 DataFix will protect the security and confidentiality of the Personal Information to at least the same standard as DataFix protects its own most sensitive Confidential Information and, in any event, to at least the standard required by applicable Laws. 5.5 If either Party DataFix becomes aware of or reasonably suspects that there has been any unauthorized or improper access to, use or disclosure of any of the Personal Information Information (a “Security Incident”), such Party DataFix will notify the other Party Client forthwith and, take all reasonable steps to mitigate the Security Incident. 5.6 Without limiting any other provision in this Agreement regarding the security of information, DataFix shall have in place reasonable policies, procedures, procedures and safeguards to protect the confidentiality and security of the Personal Information. DataFix shall ensure the physical security of the Personal Information by making reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure, disposal, loss, loss or modification. 5.7 DataFix shall ensure that its employees are aware of their obligations regarding data security and privacy under this section 5.

Data Security and Privacy. 5.1 The Client will provide the Data to DataFix and DataFix will only use the Data as necessary to carry out its obligations under this Agreement, and for no other purpose without the prior written consent of the Client. 5.2 DataFix shall comply with all the confidentiality, security and privacy requirements set out in this Agreement, and any additional Security and Privacy Requirements with respect to the Data that have been provided to DataFix, by the Client, in writing. To the extent DataFix possesses any Data in any form, medium or device during the Term of this Agreement or after the expiration of the Term, the foregoing obligations shall survive and continue to be in legal effect. 5.3 DataFix shall ensure that its employees and contractors are aware of their obligations regarding data security and privacy under this Section 5.0.DataFix shall limit access to Personal Information to its authorized representatives who have a clear need to know in order to provide the Services. DataFix shall ensure that such representatives have agreed to protect the confidentiality and security of the Personal Information to at least the extent provided by this Agreement and DataFix shall properly advise such representatives of the requirements under this Agreement. 5.4 DataFix will protect the security and confidentiality of the Personal Information to at least the same standard as DataFix protects its own most sensitive Confidential Information and, in any event, to at least the standard required by applicable Laws. 5.5 If either Party becomes aware of or reasonably suspects that there has been any unauthorized or improper access to, use or disclosure of any of the Personal Information Information (a “Security Incident”), such Party will notify the other Party forthwith and, take all reasonable steps to mitigate the Security Incident. 5.6 Without limiting any other provision in this Agreement regarding the security of information, DataFix shall have in place reasonable policies, procedures, and safeguards to protect the confidentiality and security of the Personal Information. DataFix shall ensure the physical security of the Personal Information by making reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure, disposal, loss, or modification.

Data Security and Privacy. 5.1 The Client will provide the Voter Data to DataFix and DataFix will only use the Voter Data as necessary to carry out its obligations under this Agreement, and for no other purpose without the prior written consent of the Clientpurpose. 5.2 DataFix shall comply with all the confidentiality, security and privacy requirements set out in this Agreement, and any additional Security and Privacy Requirements with respect to the Data that have been provided to DataFix, by the Client, in writingVoter Data. To the extent DataFix possesses any Voter Data in any form, medium or device during the Term term of this Agreement agreement or after the expiration of the Termafter, the foregoing obligations shall survive and continue to be in legal effect. 5.3 DataFix shall ensure that its employees and contractors are aware of their obligations regarding data security and privacy under this Section 5.0.DataFix shall limit access to Personal Information to its authorized representatives who have a clear need to know in order to provide the Services. DataFix shall ensure that such representatives have agreed to protect the confidentiality and security of the Personal Information to at least the extent provided by this Agreement and DataFix shall properly advise such representatives of the requirements under this Agreement. 5.4 DataFix will protect the security and confidentiality of the Personal Information to at least the same standard as DataFix protects its own most sensitive Confidential Information confidential information and, in any event, to at least the standard required by applicable Laws. 5.5 If either Party DataFix becomes aware of or reasonably suspects that there has been any unauthorized or improper access to, use or disclosure of any of the Personal Information (a “Security Incident”), such Party will notify the other Party forthwith and, take all reasonable steps to mitigate the Security Incident. 5.6 Without limiting any other provision in this Agreement regarding with regard to the security of information, DataFix shall have in place reasonable policies, procedures, procedures and safeguards to protect the confidentiality and security of the Personal Information. DataFix shall ensure the physical security of the Personal Information by making reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure, disposal, loss, loss or modification. 5.7 DataFix shall ensure that its employees are aware of their obligations regarding data security and privacy under this section 5.

Data Security and Privacy. 5.1 The Client Supplier will provide implement and maintain privacy and security measures to protect HPE Data, Services and Products in accordance with the current Data Network Security Schedule & Privacy Schedule on the HPE Supplier Portal. (xxxxx://x00000.xxx0.xxx.xxx/supplierextranet/Data_Security_and_Xxxxxxx.xx) HPE reserves the right to modify the content of the Supplier Portal and any website or web addressed referenced therein. Any terms not defined within this document will rely on the definition in the Data to DataFix and DataFix will only use the Data as necessary to carry out its obligations under this Agreement, and for no other purpose without the prior written consent of the ClientNetwork Security Schedule or Privacy Schedule. 5.2 DataFix If Supplier is providing Services related to HPE Products which are integrated into HPE Products, Supplier will also comply with HPE’S Supplier Compliance Requirements set forth in the HPE Supplier Portal (xxxxx://x00000.xxx0.xxx.xxx/supplierextranet/xxxxx.xx) 5.3 Supplier shall only collect, store, transfer, share, view, access or otherwise process (“process”) HPE Data and access information systems to the extent and manner necessary to provide the Services, software or Products, in accordance with HPE’s instructions, including as set out in this Agreement or an SOW. Any access to or use of HPE Information Systems or processing of HPE Data by or on behalf of Supplier for any other purpose shall be deemed a material breach of the Agreement by Supplier. Supplier shall not sell, rent, transfer, distribute, disclose, copy, alter, or remove HPE Data, HPE Information System, or Product unless authorized in writing by HPE. Supplier shall ensure all processing of HPE Data and provisioning of Services and Products complies with all Applicable Laws. If Supplier cannot process HPE Data or provide Services or Products in accordance with such Applicable Laws and these terms then Supplier shall immediately notify HPE in writing. 5.4 Supplier shall develop, implement and maintain a comprehensive information security program with information security industry standard safeguards, such as ISO 27001/2, to protect HPE Data against security breach and to provide secure Services or Products. 5.5 Supplier shall comply with all the confidentiality, security and privacy breach notification requirements set out in this Agreement, and any additional the Data Network Security Schedule and Privacy Requirements with respect to the Data that have been provided to DataFix, by the Client, in writing. To the extent DataFix possesses any Data in any form, medium or device during the Term of this Agreement or after the expiration of the Term, the foregoing obligations shall survive and continue to be in legal effectSchedule. 5.3 DataFix shall ensure that its employees and contractors are aware of their obligations regarding data security and privacy under this Section 5.0.DataFix shall limit access to Personal Information to its authorized representatives who have a clear need to know in order to provide the Services. DataFix shall ensure that such representatives have agreed to protect the confidentiality and security of the Personal Information to at least the extent provided by this Agreement and DataFix shall properly advise such representatives of the requirements under this Agreement. 5.4 DataFix will protect the security and confidentiality of the Personal Information to at least the same standard as DataFix protects its own most sensitive Confidential Information and, in any event, to at least the standard required by applicable Laws. 5.5 If either Party becomes aware of or reasonably suspects that there has been any unauthorized or improper access to, use or disclosure of any of the Personal Information (a “Security Incident”), such Party will notify the other Party forthwith and, take all reasonable steps to mitigate the Security Incident. 5.6 Without limiting any other provision in this Agreement regarding the security of information, DataFix shall have in place reasonable policies, procedures, and safeguards to protect the confidentiality and security of the Personal Information. DataFix shall ensure the physical security of the Personal Information by making reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure, disposal, loss, or modification.