Data Subject Requests To the extent legally permitted, Okta shall promptly notify Customer if Okta receives a request from a Data Subject to exercise the Data Subject's right of access, right to rectification, restriction of Processing, erasure (“right to be forgotten”), data portability, object to the Processing, or its right not to be subject to an automated individual decision making (“Data Subject Request”). Factoring into account the nature of the Processing, Okta shall assist Customer by appropriate organizational and technical measures, insofar as this is possible, for the fulfilment of Customer’s obligation to respond to a Data Subject Request under Data Protection Laws and Regulations. In addition, to the extent Customer, in its use of the Service, does not have the ability to address a Data Subject Request, Okta shall, upon Customer’s request, provide commercially- reasonable efforts to assist Customer in responding to such Data Subject Request, to the extent that Okta is legally authorized to do so, and the response to such Data Subject Request is required under Data Protection Laws and Regulations. To the extent legally permitted, Customer shall be responsible for any costs arising from Okta’s provision of such assistance.
Data Subjects The categories of Data Subjects who we may collect Personal Data about may include the following where they are a natural person: the Customer, the directors and ultimate beneficial owner(s) of the Customer, your customers, employees and contractors, payers and payees. You may share with Airwallex some or all of the following types of Personal Data regarding Data Subjects: • full name; • email address; • phone number and other contact information; • date of birth; • nationality; • public information about the data subject; • other relevant verification or due diligence documentation as required under these terms; and • any other data that is necessary or relevant to carry out the Agreed Purposes.
Data Subject Rights (a) The data importer shall promptly notify the data exporter of any request it has received from a data subject. It shall not respond to that request itself unless it has been authorised to do so by the data exporter.
(b) The data importer shall assist the data exporter in fulfilling its obligations to respond to data subjects’ requests for the exercise of their rights under Regulation (EU) 2016/679. In this regard, the Parties shall set out in Annex II the appropriate technical and organisational measures, taking into account the nature of the processing, by which the assistance shall be provided, as well as the scope and the extent of the assistance required.
(c) In fulfilling its obligations under paragraphs (a) and (b), the data importer shall comply with the instructions from the data exporter.
Data Storage Where required by applicable law, Student Data shall be stored within the United States. Upon request of the LEA, Provider will provide a list of the locations where Student Data is stored.
Data Privacy Notice and Consent The Participant hereby explicitly and unambiguously consents to the collection, use and transfer, in electronic or other form, of his or her personal data as described in this paragraph, by and among, as applicable, the Participant’s employer and the Company and its subsidiaries and affiliates for, among other purposes, implementing, administering and managing the Participant’s participation in the Plan. The Participant understands that the Company and its subsidiaries hold certain personal information about the Participant, including the Participant’s name, home address and telephone number, date of birth, social security number or identification number, salary, nationality, job title, any Shares or directorships held in the Company, details of all options or any other entitlement to Shares awarded, canceled, exercised, vested, unvested or outstanding in the Participant’s favor, for the purpose of managing and administering the Plan (“Data”). The Participant further understands that the Company and/or its subsidiaries will transfer Data amongst themselves as necessary for employment purposes, including implementation, administration and management of the Participant’s participation in the Plan, and that the Company and/or any of its subsidiaries may each further transfer Data to Broker or such other stock plan service provider or other third parties assisting the Company with processing of Data. The Participant understands that these recipients may be located in the United States, and that the recipient’s country may have different data privacy laws and protections than in the Participant’s country. The Participant authorizes them to receive, possess, use, retain and transfer the Data, in electronic or other form, for the purposes described in this section, including any requisite transfer to Broker or such other stock plan service provider or other third party as may be required for the administration of the Plan and/or the subsequent holding of Shares of stock on the Participant’s behalf. The Participant understands that he or she may, at any time, request access to the Data, request any necessary amendments to it or refuse or withdraw the consents herein, in any case without cost, by contacting in writing his or her local human resources representative. The Participant understands, however, that withdrawal of consent may affect the Participant’s ability to participate in or realize benefits from the Plan. For more information on the consequences of refusal to consent or withdrawal of consent, the Participant understands that he or she may contact his or her local human resources representative.
Data Encryption Contractor must encrypt all State data at rest and in transit, in compliance with FIPS Publication 140-2 or applicable law, regulation or rule, whichever is a higher standard. All encryption keys must be unique to State data. Contractor will secure and protect all encryption keys to State data. Encryption keys to State data will only be accessed by Contractor as necessary for performance of this Contract.
Critical Infrastructure Subcontracts For purposes of this Paragraph, the designated countries are China, Iran, North Korea, Russia, and any countries lawfully designated by the Governor as a threat to critical infrastructure. Pursuant to Section 113.002 of the Business and Commerce Code, Contractor shall not enter into a subcontract that will provide direct or remote access to or control of critical infrastructure, as defined by Section 113.001 of the Texas Business and Commerce Code, in this state, other than access specifically allowed for product warranty and support purposes to any subcontractor unless (i) neither the subcontractor nor its parent company, nor any affiliate of the subcontractor or its parent company, is majority owned or controlled by citizens or governmental entities of a designated country; and (ii) neither the subcontractor nor its parent company, nor any affiliate of the subcontractor or its parent company, is headquartered in a designated country. Contractor will notify the System Agency before entering into any subcontract that will provide direct or remote access to or control of critical infrastructure, as defined by Section 113.001 of the Texas Business & Commerce Code, in this state.
REMOTE ACCESS SERVICES ADDENDUM The Custodian and each Fund agree to be bound by the terms of the Remote Access Services Addendum hereto.
Data shared with Subcontractors If DSHS Data provided under this Contract is to be shared with a subcontractor, the Contract with the subcontractor must include all of the data security provisions within this Contract and within any amendments, attachments, or exhibits within this Contract. If the Contractor cannot protect the Data as articulated within this Contract, then the contract with the sub- Contractor must be submitted to the DSHS Contact specified for this contract for review and approval.
DATA REQUESTS Upon the written request of the District, the State Auditor’s Office, the Appraisal District, or the Comptroller during the term of this Agreement, the Applicant, the District or any other entity on behalf of the District shall provide the requesting party with all information reasonably necessary for the requesting party to determine whether the Applicant is in compliance with its rights, obligations or responsibilities, including, but not limited to, any employment obligations which may arise under this Agreement.
