Export Control Compliance User acknowledges that Center is an open laboratory for fundamental research that has many foreign persons as its employees and students. User understands and agrees that under no circumstances will User bring export control-listed items, or unpublished software source code or technical information in the form of defense articles or technical data regulated by the International Traffic in Arms Regulations (ITAR), to Center. Use of Center or facilities for activity subject to the ITAR, including the development, assembly or fabrication of defense articles identified on the US Munitions List, is prohibited.
CEQA Compliance The District has complied with all assessment requirements imposed upon it by the California Environmental Quality Act (Public Resource Code Section 21000 et seq. (“CEQA”) in connection with the Project, and no further environmental review of the Project is necessary pursuant to CEQA before the construction of the Project may commence.
Export Compliance The Services, Content, other technology We make available, and derivatives thereof may be subject to export laws and regulations of the United States and other jurisdictions. Each party represents that it is not named on any U.S. government denied-party list. You shall not permit Users to access or use any Service or Content in a U.S.-embargoed country (currently Cuba, Iran, North Korea, Sudan or Syria) or in violation of any U.S. export law or regulation.
Regulatory Compliance Neither Borrower nor any of its Subsidiaries is an “investment company” or a company “controlled” by an “investment company” under the Investment Company Act of 1940, as amended. Neither Borrower nor any of its Subsidiaries is engaged as one of its important activities in extending credit for margin stock (under Regulations X, T and U of the Federal Reserve Board of Governors). Borrower and each of its Subsidiaries has complied in all material respects with the Federal Fair Labor Standards Act. Neither Borrower nor any of its Subsidiaries is a “holding company” or an “affiliate” of a “holding company” or a “subsidiary company” of a “holding company” as each term is defined and used in the Public Utility Holding Company Act of 2005. Neither Borrower nor any of its Subsidiaries has violated any laws, ordinances or rules, the violation of which could reasonably be expected to have a Material Adverse Change. Neither Borrower’s nor any of its Subsidiaries’ properties or assets has been used by Borrower or such Subsidiary or, to Borrower’s knowledge, by previous Persons, in disposing, producing, storing, treating, or transporting any hazardous substance other than in material compliance with applicable laws. Borrower and each of its Subsidiaries has obtained all consents, approvals and authorizations of, made all declarations or filings with, and given all notices to, all Governmental Authorities that are necessary to continue their respective businesses as currently conducted. None of Borrower, any of its Subsidiaries, or any of Borrower’s or its Subsidiaries’ Affiliates or any of their respective agents acting or benefiting in any capacity in connection with the transactions contemplated by this Agreement is (i) in violation of any Anti-Terrorism Law, (ii) engaging in or conspiring to engage in any transaction that evades or avoids, or has the purpose of evading or avoiding or attempts to violate, any of the prohibitions set forth in any Anti-Terrorism Law, or (iii) is a Blocked Person. None of Borrower, any of its Subsidiaries, or to the knowledge of Borrower and any of their Affiliates or agents, acting or benefiting in any capacity in connection with the transactions contemplated by this Agreement, (x) conducts any business or engages in making or receiving any contribution of funds, goods or services to or for the benefit of any Blocked Person, or (y) deals in, or otherwise engages in any transaction relating to, any property or interest in property blocked pursuant to Executive Order No. 13224, any similar executive order or other Anti-Terrorism Law.
PCI Compliance Company shall not connect to or utilize any computer network or systems of the Aviation Authority, including, without limitation, for transmission of credit card payments. Company shall be solely responsible for providing and maintaining its own computer networks and systems and shall ensure its system ensure its system used to collect, process, store or transmit credit card or customer credit card and/or personal information is compliant with all applicable Payment Card Industry (“PCI”) Data Security Standard (“DSS”).
1. Company shall, within 5 days, notify the Aviation Authority of any security malfunction or breach, intrusion or unauthorized access to cardholder or other customer data, and shall comply with all then applicable PCI requirements.
2. Company, in addition to notifying the Aviation Authority and satisfying the PCI requirements, will immediately take the remedial actions available under the circumstances and provide the Aviation Authority with an explanation of the cause of the breach or intrusion and the proposed remediation plan. Company will notify the Aviation Authority promptly if it learns that it is no longer PCI DSS compliant and will immediately provide the Aviation Authority with a report on steps being taken to remediate the non-compliance status and provide evidence of compliance once PCI DSS compliance is achieved.
3. Company, its successor’s and assigns, will continue to comply with all provisions of this Agreement relating to accidents, incidents, damages and remedial requirements after the termination of this Agreement.
4. Company shall ensure strict compliance with PCI DSS for each credit card transaction and acknowledges responsibility for the security of cardholder data. Company will create and maintain reasonable detailed, complete and accurate documentation describing the systems, processes, network segments, security controls and dataflow used to receive, process transmit store and secure Customer’s cardholder data. Such documentation shall conform to the most current version of PCI DSS.
5. Company must maintain PCI Certification as a bankcard merchant at the Airport. Company is responsible, at Company’s own expense, to contract and pay for all quarterly, annual or other required assessments, remediation activities related to processes within Concessionaire’s control, analysis or certification processes necessary to maintain PCI certification as a bankcard merchant.
6. PCI DSS - Company shall make available on the Premises, within 24 hours upon request by the Aviation Authority, such documentation, policies, procedures, reports, logs, configuration standards and settings and all other documentation necessary for the Aviation Authority to validate Company’s compliance with PCI DSS as well as make available to the individuals responsible for implementing, maintaining and monitoring those system components and processes. Requested logs must be made available to the Aviation Authority in electronic format compatible with computers used by the Aviation Authority.
7. Evidence of PCI DSS Compliance – Company agrees to supply their PCI DSS compliance status and evidence of its most recent validation of compliance upon execution of the Contract. Company must supply to the Aviation Authority evidence of validation of compliance at least annually to be delivered along with the Annual Certification of Fees in accordance with Article 5.C. of this Agreement.
Privacy Compliance The Provider shall comply with all applicable federal, state, and local laws, rules, and regulations pertaining to Student Data privacy and security, all as may be amended from time to time.
