Identification of Data a. All Background, Third Party Proprietary and Controlled Government Data provided by Disclosing Party shall be identified in the Annex under which it will be provided. b. NASA software and related Data provided to Partner shall be identified in the Annex under which it will be used. Notwithstanding H.4., Software and related Data will be provided to Partner under a separate Software Usage Agreement (SUA). Partner shall use and protect the related Data in accordance with this Article. Unless the SUA authorizes retention, or Partner enters into a license under 37 C.F.R. Part 404, the related Data shall be disposed of as instructed by NASA.
Location of Records The offices where the initial Servicer keeps all of its records relating to the servicing of the Pool Receivables are located at Xxx XXX Xxxxxx, Xxxxxxx, XX 00000.
Retention of Data With regard to business transactions covered by this Agreement, Licensee must retain any records for a period of ten years starting on 1th of January of the year following the year during which the data were transmitted or otherwise transferred, or for the minimum period prescribed by applicable law, whichever is longer. In addition, Licensee must maintain current, complete and accurate reports on all of SAP’s Confidential Information in its possession or in the possession of its representatives.
Protection of Data The Contractor agrees to store Data on one or more of the following media and protect the Data as described: a. Hard disk drives. For Data stored on local workstation hard disks, access to the Data will be restricted to Authorized User(s) by requiring logon to the local workstation using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. b. Network server disks. For Data stored on hard disks mounted on network servers and made available through shared folders, access to the Data will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. For DSHS Confidential Information stored on these disks, deleting unneeded Data is sufficient as long as the disks remain in a Secure Area and otherwise meet the requirements listed in the above paragraph. Destruction of the Data, as outlined below in Section 8 Data Disposition, may be deferred until the disks are retired, replaced, or otherwise taken out of the Secure Area. c. Optical discs (CDs or DVDs) in local workstation optical disc drives. Data provided by DSHS on optical discs which will be used in local workstation optical disc drives and which will not be transported out of a Secure Area. When not in use for the contracted purpose, such discs must be Stored in a Secure Area. Workstations which access DSHS Data on optical discs must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. d. Optical discs (CDs or DVDs) in drives or jukeboxes attached to servers. Data provided by DSHS on optical discs which will be attached to network servers and which will not be transported out of a Secure Area. Access to Data on these discs will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on discs attached to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
Data Return and Destruction of Data (a) Protecting PII from unauthorized access and disclosure is of the utmost importance to the EA, and Contractor agrees that it is prohibited from retaining PII or continued access to PII or any copy, summary or extract of PII, on any storage medium (including, without limitation, in secure data centers and/or cloud-based facilities) whatsoever beyond the period of providing Services to the EA, unless such retention is either expressly authorized for a prescribed period by the Service Agreement or other written agreement between the Parties, or expressly requested by the EA for purposes of facilitating the transfer of PII to the EA or expressly required by law. As applicable, upon expiration or termination of the Service Agreement, Contractor shall transfer PII, in a format agreed to by the Parties to the EA. (b) If applicable, once the transfer of PII has been accomplished in accordance with the EA’s written election to do so, Contractor agrees to return or destroy all PII when the purpose that necessitated its receipt by Contractor has been completed. Thereafter, with regard to all PII (including without limitation, all hard copies, archived copies, electronic versions, electronic imaging of hard copies) as well as any and all PII maintained on behalf of Contractor in a secure data center and/or cloud-based facilities that remain in the possession of Contractor or its Subcontractors, Contractor shall ensure that PII is securely deleted and/or destroyed in a manner that does not allow it to be retrieved or retrievable, read or reconstructed. Hard copy media must be shredded or destroyed such that PII cannot be read or otherwise reconstructed, and electronic media must be cleared, purged, or destroyed such that the PII cannot be retrieved. Only the destruction of paper PII, and not redaction, will satisfy the requirements for data destruction. Redaction is specifically excluded as a means of data destruction. (c) Contractor shall provide the EA with a written certification of the secure deletion and/or destruction of PII held by the Contractor or Subcontractors. (d) To the extent that Contractor and/or its subcontractors continue to be in possession of any de-identified data (i.e., data that has had all direct and indirect identifiers removed), they agree not to attempt to re-identify de-identified data and not to transfer de-identified data to any party.
Sharing of Data (a) Sellers shall have the right for a period of not more than seven (7) years following the Closing Date to have reasonable access to such books, records and accounts, including financial, Tax and accounting records, correspondence, production records, employment records and other records that are transferred to Buyer pursuant to the terms of this Agreement for the limited purposes of concluding Sellers’ involvement with respect to the Acquired Assets and Assumed Liabilities prior to the Closing and for complying with their obligations under applicable Law. Buyer shall have the right for a period of not more than seven (7) years following the Closing Date to have reasonable access to those books, records and accounts, including financial, Tax and accounting records (including the work papers of Sellers’ independent accountants), correspondence, production records, employment records and other records that are retained by Sellers pursuant to the terms of this Agreement to the extent that any of the foregoing is needed by Buyer with respect to the Acquired Assets or Assumed Liabilities after the Closing and complying with its obligations under applicable Law. Neither Buyer, nor any Seller shall destroy, or otherwise cease to retain, any such books, records or accounts retained by it without first providing the other Parties with thirty (30) days prior written notice and the opportunity to obtain or copy such books, records, or accounts during such thirty (30)-day period at such other Party’s expense. Sellers shall, at their sole expense, undertake any and all measures required by applicable Law in connection with the delivery to Buyer of data pursuant to this paragraph, including measures relating to the use, disclosure and processing of personally identifiable information. (b) Promptly upon request by Buyer made at any time following the Closing Date, each Seller shall authorize the release to Buyer of all files pertaining to the Acquired Assets or Assumed Liabilities held by any federal, state, county or local authorities, agencies or instrumentalities.
Provision of Data 26.1 The Supplier shall submit all information required under applicable law and regulations, such as but not limited to information required to meet financial and administrative obligations. If Wavin has not received one or more of the requested documents within ten (10) days of making the request, Wavin shall be entitled to suspend payment until the moment of receipt, or to terminate the Agreement without any liability. 26.2 Every change in the data submitted under clause 26.1 must be immediately reported to Wavin in writing.
Destruction of Data Provider shall destroy or delete all Personally Identifiable Data contained in Student Data and obtained under the DPA when it is no longer needed for the purpose for which it was obtained or transfer said data to LEA or LEA’s designee, according to a schedule and procedure as the parties may reasonable agree. Nothing in the DPA authorizes Provider to maintain personally identifiable data beyond the time period reasonably needed to complete the disposition.
Marking of Data Pursuant to Paragraph A above, any Data delivered under this Agreement shall be marked with the following legend: Use, duplication, or disclosure is subject to the restrictions as stated in Agreement HR0011-XX-9-XXXX between the Government and the Performer.
Disposition of Data Upon written request from the LEA, Provider shall dispose of or provide a mechanism for the LEA to transfer Student Data obtained under the Service Agreement, within sixty (60) days of the date of said request and according to a schedule and procedure as the Parties may reasonably agree. Upon termination of this DPA, if no written request from the LEA is received, Provider shall dispose of all Student Data after providing the LEA with reasonable prior notice. The duty to dispose of Student Data shall not extend to Student Data that had been De-Identified or placed in a separate student account pursuant to section II 3. The LEA may employ a “Directive for Disposition of Data” form, a copy of which is attached hereto as Exhibit “D”. If the LEA and Provider employ Exhibit “D,” no further written request or notice is required on the part of either party prior to the disposition of Student Data described in Exhibit “D.