Common use of DATA SECURITY AND PROTECTION Clause in Contracts

DATA SECURITY AND PROTECTION. 6.1 The Recipient must use best practice methods to keep all Data which is in the power, possession or control of the Recipient secure and protected from unauthorised access, misuse, damage, destruction, unauthorised disclosure or modification, or theft. 6.2 Subject to clause 6.3 below, the Recipient must not distribute or release the Data to any third party, and must make sure that no one is allowed to take or send the Data to any location other than a location under the control of the Recipient without the Administering Institution’s prior written permission. 6.3 The Recipient may disclose the Data to: (a) those of its employees, officers, students and contractors who: (i) have a need to access the Data for the Purpose; (ii) are named on the Application Form; and (iii) who have agreed to use the Data in accordance with the terms of this Agreement (Authorised Users); and (b) Authorised Collaborators, on condition that the Administering Institution has confirmed in writing to the Recipient that the Authorised Collaborator has executed an Australian Genomics Data Access and Sharing Agreement with Administering Institution which governs the Authorised Collaborator’s use of the Data for the Purpose. 6.4 The Recipient is responsible for monitoring and ensuring that all Authorised Users comply with the terms of this Agreement and will be liable for any breaches by Authorised Users. 6.5 The Recipient must immediately notify the Administering Institution if any Authorised User ceases to have a legitimate reason to continue to access the Data under the terms of this Agreement (whether due to cessation or transfer of employment, change of duties or project or any other reason). 6.6 If the Recipient wishes to disclose the Data to a person or third party who is not named on the Application Form as an Authorised User or Authorised Collaborator, the Recipient must re-submit the Application Form or otherwise obtain the Administering Institution’s prior written consent to such disclosure of the Data. 6.7 In the event that Recipient becomes aware of a Data Breach (or suspected Data Breach) or any other use or disclosure of the Data that is inconsistent with this Agreement, the Recipient must: (a) notify Australian Genomics immediately by email to: xxxxxxxx@xxxxxxxxxxxxxxxxxx.xxx.xx; and (b) comply with the procedures set out in the Data Breach Policy, as applicable. 6.8 Without limiting the Recipient’s obligation to comply with the procedures set out in the Data Breach Policy, the Recipient must cooperate with the Administering Institution, and provide all reasonable assistance which the Administering Institution may request in order to remedy and otherwise manage any Data Breach, whether or not caused by or contributed to by the Recipient (or any Authorised User).

DATA SECURITY AND PROTECTION. 6.1 9.1 The Recipient must use best practice methods to keep all Data Parties acknowledge that, as between the Parties, the Customer owns its own data which is to be the subject of the Services and is responsible for the content of such data. Acora will use reasonable endeavours not to introduce into the Customer Assets or Customer’s data on those Customer Assets any viruses, disabling code or comparable phenomena. In the event that, despite the efforts of Acora under this Clause 9.1, any such viruses, disabling code or comparable phenomena are introduced to the Customer Assets and/or data within those Customer Assets by Acora, Acora will take all necessary steps to remove such viruses, disabling code or comparable phenomena from the Customer Assets and to restore any affected data. 9.2 The Customer acknowledges and agrees that Acora will not have any responsibility for the day-to-day and operational management of the Customer’s data (including but without limitation any of the Customer’s data that relates to Customer’s clients and/or customers) and/or the use and manipulation of such data. The Customer further acknowledges and agrees that it remains responsible at all times for the use and management of all such Customer data. 9.3 The Parties will each be responsible for securing the physical security of the premises which such Party occupies and controls to prevent unauthorised access to the Customer Assets or Acora Assets and any data that will be held by that Party at such premises in relation to the Agreement. 9.4 Where and to the extent that Acora processes Personal Data on behalf of the Customer as part of the Services, the Parties acknowledge that, for the purposes of the DPA, the Customer is the data controller and Acora is the data processor in respect of any Personal Data held by and/or used by the Customer and which is handled by Acora as part of or in performance of the Services. Acora warrants that in the powerprocessing of such Customer Personal Data, possession or control of the Recipient secure and protected from unauthorised access, misuse, damage, destruction, unauthorised disclosure or modification, or theft. 6.2 Subject to clause 6.3 below, the Recipient must not distribute or release the Data to any third party, and must make sure that no one is allowed to take or send the Data to any location other than a location under the control of the Recipient without the Administering Institution’s prior written permission. 6.3 The Recipient may disclose the Data toit will: (a) those of its employees, officers, students and contractors who: (i) have a need to access act only on instructions from the Data for the PurposeCustomer; (iib) are named on process such Personal Data in compliance with all applicable laws, enactments, regulations, orders, standards and other similar instruments; (c) have in place appropriate technical and organisational security measures against unauthorised or unlawful processing of the Application FormPersonal Data and against accidental loss or destruction of, or damage to, the Personal Data; and (iiid) take reasonable steps to ensure the reliability of all its employees who have agreed access to the Personal Data. 9.5 In relation to Personal Data of the Customer, the Customer acknowledges and agrees that: (a) Acora is reliant on the Customer for direction as to the extent to which Acora is entitled to use and process the Personal Data in accordance with and, consequently, Acora will not be liable for any claim brought by a Data Subject arising from any action or omission by Acora, to the terms of this Agreement (Authorised Users)extent that such action or omission resulted directly from the Customer's instructions; and (b) Authorised Collaboratorsthe Customer remains responsible for its own legal, on condition regulatory and contractual compliance in relation to the obtaining, holding and use of Personal Data to which it has access and which is to be the subject of the Services, including the extent to which the Customer is permitted to supply to and allow such data to be used by Acora as part of the Services. 9.6 Subject to the provisions of Clause 18.2, Acora may authorise a third party to process the Personal Data provided that the Administering Institution has confirmed in writing to the Recipient that the Authorised Collaborator has executed an Australian Genomics Data Access contract between Acora and Sharing Agreement with Administering Institution which governs the Authorised Collaborator’s use of the Data for the Purpose. 6.4 The Recipient is responsible for monitoring and ensuring that all Authorised Users comply with the terms of this Agreement and will be liable for any breaches by Authorised Users. 6.5 The Recipient must immediately notify the Administering Institution if any Authorised User ceases to have a legitimate reason to continue to access the Data under the terms of this Agreement (whether due to cessation or transfer of employment, change of duties or project or any other reason). 6.6 If the Recipient wishes to disclose the Data to a person or such third party who is not named on contains terms which are substantially the Application Form same as an Authorised User or Authorised Collaborator, the Recipient must re-submit the Application Form or otherwise obtain the Administering Institution’s prior written consent to such disclosure of the Data. 6.7 In the event that Recipient becomes aware of a Data Breach (or suspected Data Breach) or any other use or disclosure of the Data that is inconsistent with this Agreement, the Recipient must: (a) notify Australian Genomics immediately by email to: xxxxxxxx@xxxxxxxxxxxxxxxxxx.xxx.xx; and (b) comply with the procedures those set out in Clauses 9.4 and 9.5 inclusive; and terminates automatically on termination of the Data Breach Policy, as applicableAgreement. 6.8 Without limiting the Recipient’s obligation to comply with the procedures set out in the Data Breach Policy, the Recipient must cooperate with the Administering Institution, and provide all reasonable assistance which the Administering Institution may request in order to remedy and otherwise manage any Data Breach, whether or not caused by or contributed to by the Recipient (or any Authorised User).