DATA SECURITY AND SAFEGUARDS Sample Clauses

DATA SECURITY AND SAFEGUARDS. Supplier shall implement and maintain at all times appropriate organisational, operational, managerial, physical and technical measures to protect the Personal Data and Purchaser’s any other data against accidental, unauthorised or unlawful destruction, loss, alteration, disclosure or access, so that all processing is in compliance with the Laws and Purchaser’s reasonable written instructions, especially where the processing involves the transmission of data over a network. These measures ensure a level of security appropriate to the risks presented by the Processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation. Technical safeguards shall include all technical security controls defined by Supplier, following the recommendations as laid out in ISO/IEC 27000 series (or equivalent, such as SSAE-16(2)) or other recommendations adapted to a level which is suitable, taking into consideration the degree of sensitivity of the personal data, the particular risks which exist, existing technical possibilities, and the costs for carrying out the measures. Supplier shall limit access to the Personal Data to authorised and properly trained personnel with a well-defined “need-to-know” basis, and who are bound by appropriate confidentiality obligations. Supplier shall also ensure by technical and organisational means that Purchaser’s Personal Data is not processed for different purposes (e.g. for different Supplier customers) and that the Personal Data is processed separately from the data of other Supplier customers. Supplier warrants that in performing the Services under the Agreement all necessary precautions are taken by Supplier to prevent loss and alteration of any data, to prevent unauthorised access to Purchaser’s IT environment, to prevent introduction of viruses to Purchaser’s systems, and to prevent improper access to Purchaser’s IT environment and confidential information of Purchaser.
Sample 1Sample 2Sample 3See All (7)
AutoNDA by SimpleDocs
DATA SECURITY AND SAFEGUARDS. The Data Applicant and Data Recipient agree to establish, comply with, and update appropriate administrative, technical, and physical safeguards to protect the confidentiality of MHDO Data and to prevent unauthorized use, access to, or disclosure of the MHDO Data other than as provided for by this Agreement. MHDO Data shall be stored and accessed only in areas that are physically safe from access by unauthorized persons at all times. The MHDO Data shall be protected electronically to prevent unauthorized access by computer, remote access, or any other means. The Data Applicant and Data Recipient agree that all MHDO Data and work product derived therefrom that has not been approved by MHDO for publication will be encrypted at rest and in transit. Block level encryption of all media is required where MHDO data are stored. The strength of data encryption must be a certified algorithm which is 256 bit or higher. Any encryption keys protecting the storage or transmission of MHDO Data, including the MHDO encryption key, shall only be used by individual persons specified on this MHDO DUA. Such keys shall be stored and transmitted separately from the information they protect. The Data Applicant and Data Recipient expressly agree that MHDO Data will not be accessed, tested, maintained, backed-up, transmitted, or stored outside of the United States. The Data Applicant and Data Recipient may not sell, re-package or in any way make MHDO Data available at the individual element level, unless the ultimate viewers of that data have applied to MHDO for this data, been approved for such access and signed an MHDO DUA. The Data Applicant and Data Recipient shall immediately inform the MHDO of any legal process by which third parties try to obtain access to MHDO data held by the Data Applicant or Data Recipient or any subcontractor and shall not turn over any data except as permitted by MHDO. The Data Applicant and Data Recipient agree to report to the MHDO: all security incidents including attempted or successful unauthorized access, use, disclosure, modification or destruction of MHDO Data; interference with system operation in an information system that contains MHDO Data; and specifically, any potential or actual breach of Protected Health Information (PHI) from the MHDO Data. Data Applicant and Data Recipient shall report any such actual or suspected security incident to the MHDO Executive Director within 24 hours after it is discovered. The Data Applicant and Data Recip...
Sample 1Sample 2Sample 3See All (4)
DATA SECURITY AND SAFEGUARDS. The Supplier shall (i) implement and maintain appropriate organizational, operational, managerial, physical and technical measures to protect the Personal Data and any other Sanoma’s data against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure or access, especially where the Processing involves the transmission of data over a network; (ii) assess the measures necessary to ensure a level of security appropriate to the risks presented by the Processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation; (iii) ensure that technical measures comply with industry standards and best practices such as ISO 27001/27002 (or equivalent, such as SSAE-16(2)); (iv) limit access to the Personal Data to authorized and properly trained personnel with a well-defined “need-to-know” basis, and who are bound by appropriate confidentiality obligations; (v) ensure by technical and organizational means that Personal Data is not Processed for different purposes (e.g. for the Supplier’s other customers’ purposes); (vi) ensure that the Personal Data is Processed separately from the data of other Supplier’s customers; and (vii) take all necessary precautions in performing the Services to prevent: loss and alteration of any data, unauthorized access to Sanoma’s IT environment, introduction of viruses to Sanoma’s systems, improper access to Sanoma’s IT environment and confidential information of Sanoma.
Sample 1Sample 2Sample 3
DATA SECURITY AND SAFEGUARDS. 4.1. Talshir shall use appropriate safeguards and data security measures and comply with Subpart C of 45 C.F.R. Part 164 of HIPAA with respect to electronic PHI, to prevent use or disclosure of PHI other than as provided for by this BAA. 4.2. Talshir shall employ appropriate administrative, technical and physical safeguards, consistent with the size and complexity of Subcontractor’s operations, comply with applicable requirements of this BAA, the Privacy Rule, the Security Rule and the Breach Notification Rule to protect the confidentiality of PHI and to prevent the use or disclosure of PHI in any manner inconsistent with the terms of this Agreement. 4.3. Those measures shall include (as a minimum): a) Implementation of security-related policies and procedures, standards and practices designated for the protection of PHI; b) Minimalization of PHI processing; c) Use of encryption and pseudonymization where needed and possible; d) Implementation of data protection measures by default and by design; e) The use of proper firewalls and antivirus systems; f) Managing organizational passwords policy which enforces complexity requirements; g) Managing strict access authorization policy which ensures that any access to PHI by Talshir employees shall be strictly limited to employees which are in need for that data, for the provision of the Services; h) Keeping backup and recovery capabilities; i) The use of other state of the art technological and organizational controls mitigating data protection risks or any data breach or loss.
Sample 1
DATA SECURITY AND SAFEGUARDS. EPG and/or its Data Processors shall implement and maintain, at all times, appropriate organizational, operational, managerial, physical and technical measures to protect the Personal Data and any other data against accidental, unauthorised or unlawful destruction, loss, alteration, disclosure or access so that all processing is in compliance with Laws and written instructions, especially where the processing involves the transmission of data over a network. These measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation. Technical safeguards shall include all technical security controls defined or indicated by EPG, following the recommendations as laid out in ISO/IEC 27000 series (‘Information Security Management Systems (ISMS) standards’, or equivalent). Access to Personal Data shall be limited to authorised and properly trained personnel with a well-defined “need-to-know” basis, and who are bound by appropriate confidentiality obligations. EPG and/or its Data Processors shall also ensure, by technical and organizational means, that Personal Data is not processed for different purposes and that the Data is processed separately from the Data of other third-party entities. In terms of the main Agreement, this present Policy document and any applicable Descriptions of Services or other Appendices, all necessary precautions are taken to prevent loss and alteration of any data, to prevent unauthorised access to EPG’s I.T. environment, to prevent introduction of viruses to EPG’s systems, and to prevent improper access to EPG’s I.T. environment and Confidential Information.
Sample 1
DATA SECURITY AND SAFEGUARDS. The [Universities] shall (i) implement and maintain appropriate organizational, operational, managerial, physical and technical measures to protect the Personal Data and any other Publisher’s data against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure or access, especially where the Processing involves the transmission of data over a network; (ii) assess the measures necessary to ensure a level of security appropriate to the risks presented by the Processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation; (iii) ensure that technical measures comply with industry standards and best practices such as ISO 27001/27002 (or equivalent); (iv) limit access to the Personal Data to authorized and properly trained personnel with a well-defined “need-to-know” basis, and who are bound by appropriate confidentiality obligations; and (v) ensure by technical and organizational means that Personal Data is not Processed for different purposes.
Sample 1
DATA SECURITY AND SAFEGUARDS 
Sample 1
AutoNDA by SimpleDocs

Related to DATA SECURITY AND SAFEGUARDS

  • Security and Safety A. The Contractor warrants it is and shall remain in compliance with all applicable local, state and federal laws, regulations, codes and ordinances relating to fire, construction, building, health, food service and safety, including but not limited to the Hotel and Motel Fire Safety Act of 1990, Public Law 101-391. The Judicial Council may terminate this Agreement, pursuant to the termination for cause provision set forth herein, without penalty or prejudice if the Contractor fails to comply with the foregoing requirements. B. The Contractor shall assure that each Attendee is advised of all the appropriate precautions that should be taken to provide for the Attendee’s safety while on the Property. The Contractor shall take every reasonable precaution to provide for the security of Attendees and their belongings. C. The Contractor shall immediately advise the Judicial Council’s staff of any known problems that involve the Attendees during the Program including, but not limited to, assaults, burglaries, accidents, and/or illnesses.

  • Data Security and Privacy (a) Each Group Member is, and at all times, has been, in compliance in all material respects with (i) all applicable Data Protection Laws, including, to the extent applicable, but not limited to the GDPR and those relating to cross-border transfers; (ii) all applicable contractual obligations of each Loan Party and its Subsidiaries concerning data privacy and security relating to Personal Data in the possession or control of any Group Member or maintained by third parties on behalf of such Group Member and having access to such information under contracts (or portions thereof) to which a Group Member is a party; and (iii) all applicable data transfer agreements and data processing agreements, including the EU standard contractual clauses, to which a Group Member is a party (collectively, “Privacy Agreements”): (b) Each Group Member is, and has been, in compliance in all material respects with all applicable prior and current written internal and public-facing privacy policies and notices of the Group Members regarding the collection, retention, use, processing, disclosure and distribution of Personal Data by the Group Members or their respective agents (collectively, the “Privacy Policies”), and the Privacy Policies have been maintained to be consistent in all material respects with the actual practices of each Group Member. The Privacy Policies contemplate the Group Members’ current uses of the Personal Data, and to the extent required under applicable Data Protection Laws, each Group Member has sought and obtained the appropriate consent from the applicable data subject for such uses. The Privacy Policies have made all material disclosures to users, customers, employees, or other individuals required by Data Protection Laws. (c) Each Group Member has implemented and maintains a commercially reasonable security program (“Security Program”) that (i) complies in all material respects with all applicable Data Protection Laws, applicable Privacy Policies, and applicable Privacy Agreements, and (ii) includes commercially reasonable administrative, technical, organization, and physical security procedures and measures designed to preserve the security and integrity of all Personal Data and any other sensitive or confidential information or data related to each Group Member (collectively, “Company Sensitive Information”) in such Group Member’s possession or control and to protect such Company Sensitive Information against unauthorized or unlawful processing, access, acquisition, use, theft, interruption, modification, disclosure, loss, destruction or damage. (d) Except as disclosed on Schedule 4.23(d), there has been (i) no actual, suspected or alleged (in writing) incidents of unauthorized access, use, intrusion, disclosure or breach of the security of any information technology systems owned or controlled by a Group Member or any of their contractors and used by such contractors on behalf of a Group Member, and (ii) no actual, suspected or alleged (in writing) incidents of unauthorized acquisition, destruction, damage, disclosure, loss, corruption, alteration, or use of any Company Sensitive Information, in each case that could reasonably be expected to cause a Material Adverse Effect. (e) Each Group Member has a valid and legal right (whether contractually, by applicable law or otherwise) to access or use all Personal Data that is accessed and used by or on behalf of a Group Member in connection with the sale, use and/or operation of their products, services and businesses. (f) Except as would not reasonably be expected to have a Material Adverse Effect, there is no pending or to the knowledge of any Loan Party, threatened in writing, complaints, claims, demands, inquiries, proceedings, or other notices, including any notices of any investigation or other legal proceedings, regarding a Group Member, initiated by (i) any Governmental Authority, including the United States Federal Trade Commission, a state attorney general, data protection authority or similar state official, or a supervisory authority; (ii) any counterparty to, or subject of, a Privacy Agreement; or (iii) any self-regulatory authority or entity, alleging that any activity of a Group Member: (1) is in violation of any applicable Data Protection Laws, (2) is in violation of any Privacy Agreements, (3) is in violation of any Privacy Policies or (4) is otherwise in violation of any person’s privacy, personal or confidentiality rights.

  • Data Security and Privacy Plan As more fully described herein, throughout the term of the Subscription Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Agreement between [Xxxxx-Fultonville Central School District] and [Vendor Name].” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

  • Security Safeguards Contractor shall maintain a comprehensive security program that is reasonably designed to protect the security, privacy, confidentiality, and integrity of District Data. Contractor shall store and process District Data in accordance with industry standards and best practices, including implementing appropriate administrative, physical, and technical safeguards that are no less rigorous than those outlined in CIS Critical Security Controls (CIS Controls), as amended, to secure such data from unauthorized access, disclosure, alteration, and use. Contractor shall ensure that all such safeguards, including the manner in which District Data is collected, accessed, used, stored, processed, disposed of and disclosed, comply with all applicable federal and state data protection and privacy laws, regulations and directives, including without limitation the Act, as well as the terms and conditions of this Addendum. Without limiting the foregoing, and unless expressly agreed to the contrary in writing, Contractor warrants that all electronic District Data will be encrypted in transmission and at rest in accordance with NIST Special Publication 800-57, as amended, or such other standard as the District’s Chief Privacy Officer or designee may agree to in writing. Contractor shall also encrypt any backup, backup media, removable media, tape, or other copies. In addition, Contractor shall fully encrypt disks and storage for all laptops and mobile devices.

  • Safety and Security Procedures Contractor shall maintain and enforce, at the Contractor Work Locations, industry-standard safety and physical security policies and procedures. While at each JBE Work Location, Contractor shall comply with the safety and security policies and procedures in effect at such JBE Work Location.

  • Cybersecurity; Data Protection The Company’s information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with the operation of the business of the Company as currently conducted, free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. The Company has implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect its material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with its business, and there have been no breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same. The Company is presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification, except where the failure to be in compliance would not, individually or in the aggregate, have a Material Adverse Effect.

  • Data Privacy and Security Laws The Company is, and at all prior times was, in material compliance with all applicable state and federal data privacy and security laws and regulations in the United States, including, without limitation, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act, and all applicable provincial and federal data privacy and security laws and regulations in Canada, including without limitation the Personal Information Protection and Electronic Documents Act (S.C. 2000, c. 5) (“PIPEDA”); and the Company has taken commercially reasonable actions to prepare to comply with, and have been and currently are in compliance with, the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”). To ensure compliance with the Privacy Laws, the Company has in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; (iv) “personal information”, “personal health information”. and “business contact information” as defined by PIPEDA; (v) “personal data” as defined by GDPR; and (vi) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company has at all times made all disclosures to users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. The Company further certifies: (i) it has not received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

  • Data Security The Provider agrees to utilize administrative, physical, and technical safeguards designed to protect Student Data from unauthorized access, disclosure, acquisition, destruction, use, or modification. The Provider shall adhere to any applicable law relating to data security. The provider shall implement an adequate Cybersecurity Framework based on one of the nationally recognized standards set forth set forth in Exhibit “F”. Exclusions, variations, or exemptions to the identified Cybersecurity Framework must be detailed in an attachment to Exhibit “H”. Additionally, Provider may choose to further detail its security programs and measures that augment or are in addition to the Cybersecurity Framework in Exhibit “F”. Provider shall provide, in the Standard Schedule to the DPA, contact information of an employee who XXX may contact if there are any data security concerns or questions.

  • COMPLIANCE WITH BREACH NOTIFICATION AND DATA SECURITY LAWS Contractor shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law § 899-aa and State Technology Law § 208) and commencing March 21, 2020 shall also comply with General Business Law § 899-bb.

  • Privacy and Data Security (a) In the prior three (3) years, the Company and its Subsidiaries have been in compliance with Privacy Laws, and in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a whole. (b) In the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data. (c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments. (d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data. (e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediated), and to the Company’s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT Systems.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!