Notification of personal data breach 1. In case of any personal data breach, the data processor shall, without undue delay after having become aware of it, notify the data controller of the personal data breach.
2. The data processor’s notification to the data controller shall, if possible, take place within 24 hours after the data processor has become aware of the personal data breach to enable the data controller to comply with the data controller’s obligation to notify the personal data breach to the competent supervisory authority, cf. Article 33
Identification of Goods Identification of the goods shall not be deemed to have been made until both Buyer and Seller have agreed that the goods in question are to be appropriate to the performance of this Agreement.
Non-Identification Approved Users agree not to use the requested datasets, either alone or in concert with any other information, to identify or contact individual participants from whom data and/or samples were collected. Approved Users also agree not to generate information (e.g., facial images or comparable representations) that could allow the identities of research participants to be readily ascertained. These provisions do not apply to research investigators operating with specific IRB approval, pursuant to 45 CFR 46, to contact individuals within datasets or to obtain and use identifying information under an 2 The project anniversary date can be found in “My Projects” after logging in to the dbGaP authorized-access portal. IRB-approved research protocol. All investigators including any Approved User conducting “human subjects research” within the scope of 45 CFR 46 must comply with the requirements contained therein.
Protection of Personal Data 25.1 The Parties agree that they may obtain and have access to personal data for the duration of the Agreement for the fulfilment of the rights and obligations contained herein. In performing the obligations as set out in this Agreement, the Parties shall at all times ensure that:
a) they process data only for the express purpose for which it was obtained;
b) once processed for the purposes for which it was obtained, all data will be destroyed to an extent that it cannot be reconstructed to its original form;
c) data is provided only to authorised personnel who strictly require the personal data to carry out the Parties’ respective obligations under this Agreement;
d) they do not disclose personal data of the other Party, other than in terms of this Agreement;
e) they have all reasonable technical and organisational measures in place to protect all personal data from unauthorised access and/or use;
f) they have appropriate technical and organisational measures in place to safeguard the security, integrity and authenticity of all data in its possession or under its control in terms of this Agreement;
g) such personal data is protected against unauthorised or unlawful processing, accidental loss, destruction or damage, alteration, disclosure or access.
25.2 The Parties agree that if personal data will be processed for additional purposes beyond the original purpose for which it was obtained, explicit consent must be obtained beforehand from those persons whose information will be subject to further processing.
25.3 Should it be necessary for either Party to disclose or otherwise make available the personal data to any third party (including sub-contractors and employees), it may do so only with the prior written permission of the other Party. The Party requiring such permission shall require of all such third parties, appropriate written undertakings to be provided, containing similar terms to that set forth in this clause 25, and dealing with that third party's obligations in respect of its processing of the personal data. Following approval by the other Party, the Party requiring permission agrees that the provisions of this clause 25 shall mutatis mutandis apply to all authorised third parties who process personal data.
25.4 The Parties shall ensure that any persons authorized to process data on their behalf (including employees and third parties) will safeguard the security, integrity and authenticity of all data. Where necessary to meet this requirement, the Parties shall keep all personal data and any analyses, profiles, or documents derived therefrom logically separated from all other data and documentation held by it.
25.5 The Parties shall carry out regular assessments to identify all reasonably foreseeable internal and external risks to the personal data in its possession or under its control. The Parties shall implement and maintain appropriate safeguards against the risks which it identifies and shall also regularly verify that the safeguards which it has in place has been effectively implemented.
25.6 The Parties agree that they will promptly return or destroy any personal data in their possession or control which belongs to the other Party once it no longer serves the purpose for which it was collected in relation to this Agreement, subject to any legal retention requirements. This may be at the request of the other Party and includes circumstances where a person has requested the Parties to delete all instances of their personal data. The information will be destroyed in such a manner that it cannot be reconstructed to its original form, linking it to any particular individual or organisation.
Types of Personal Data Contact Information, the extent of which is determined and controlled by the Customer in its sole discretion, and other Personal Data such as navigational data (including website usage information), email data, system usage data, application integration data, and other electronic data submitted, stored, sent, or received by end users via the Subscription Service.
RETURN AND DELETION OF PERSONAL DATA 7.1 We shall return to You and, to the extent allowed by applicable law, delete Your Personal Data as set out in the Agreement. We are obliged to ensure that any Sub-processors adhere to the same obligation
Compliance with laws; payment of Permits/Licenses All services to be performed by Contractor pursuant to this Agreement shall be performed in accordance with all applicable Federal, State, County, and municipal laws, including, but not limited to, Health Insurance Portability and Accountability Act of 1996 (HIPAA) and all Federal regulations promulgated thereunder, as amended, and the Americans with Disabilities Act of 1990, as amended, and Section 504 of the Rehabilitation Act of 1973, as amended and attached hereto and incorporated by reference herein as Attachment “I,” which prohibits discrimination on the basis of handicap in programs and activities receiving any Federal or County financial assistance. Such services shall also be performed in accordance with all applicable ordinances and regulations, including, but not limited to, appropriate licensure, certification regulations, provisions pertaining to confidentiality of records, and applicable quality assurance regulations. In the event of a conflict between the terms of this agreement and State, Federal, County, or municipal law or regulations, the requirements of the applicable law will take precedence over the requirements set forth in this Agreement. Contractor will timely and accurately complete, sign, and submit all necessary documentation of compliance.
Identification of Data a. All Background, Third Party Proprietary and Controlled Government Data provided by Disclosing Party shall be identified in the Annex under which it will be provided.
b. NASA software and related Data provided to Partner shall be identified in the Annex under which it will be used. Notwithstanding H.4., Software and related Data will be provided to Partner under a separate Software Usage Agreement (SUA). Partner shall use and protect the related Data in accordance with this Article. Unless the SUA authorizes retention, or Partner enters into a license under 37 C.F.R. Part 404, the related Data shall be disposed of as instructed by NASA.
Protection of Personal Information Party agrees to comply with all applicable state and federal statutes to assure protection and security of personal information, or of any personally identifiable information (PII), including the Security Breach Notice Act, 9 V.S.A. § 2435, the Social Security Number Protection Act, 9 V.S.A. § 2440, the Document Safe Destruction Act, 9 V.S.A. § 2445 and 45 CFR 155.260. As used here, PII shall include any information, in any medium, including electronic, which can be used to distinguish or trace an individual’s identity, such as his/her name, social security number, biometric records, etc., either alone or when combined with any other personal or identifiable information that is linked or linkable to a specific person, such as date and place or birth, mother’s maiden name, etc.
Type and Jurisdiction of Organization, Organizational and Identification Numbers The type of entity of such Grantor, its state of organization, the organizational number issued to it by its state of organization and its federal employer identification number are set forth on Exhibit A.
