Bill of Rights for Data Privacy and Security As required by Education Law Section 2-d, the Parents Bill of Rights for Data Privacy and Security and the supplemental information for the Service Agreement are included as Exhibit A and Exhibit B, respectively, and incorporated into this DPA. Contractor shall complete and sign Exhibit B and append it to this DPA. Pursuant to Education Law Section 2-d, the EA is required to post the completed Exhibit B on its website.
Terms of Use The Clean Energy Council Limited (CEC) owns all intellectual property rights in the Solar PV Sale and Installation Agreement (Agreement).
End User This agreement shall bind the ordering activity as end user but shall not operate to bind a Government employee or person acting on behalf of the Government in his or her personal capacity.
Data Encryption Contractor must encrypt all State data at rest and in transit, in compliance with FIPS Publication 140-2 or applicable law, regulation or rule, whichever is a higher standard. All encryption keys must be unique to State data. Contractor will secure and protect all encryption keys to State data. Encryption keys to State data will only be accessed by Contractor as necessary for performance of this Contract.
END USER AGREEMENTS (“EUA GAC acknowledges that the END USER may choose to enter into an End User Agreement (“EUA) with the Contractor through this Agreement, and that the term of the EUA may exceed the term of the current H-GAC Agreement. H-GAC’s acknowledgement is not an endorsement or approval of the End User Agreement’s terms and conditions. Contractor agrees not to offer, agree to or accept from the END USER, any terms or conditions that conflict with those in Contractor’s Agreement with H-GAC. Contractor affirms that termination of its Agreement with H-GAC for any reason shall not result in the termination of any underlying EUA, which shall in each instance, continue pursuant to the EUA’s stated terms and duration. Pursuant to the terms of this Agreement, termination of this Agreement will disallow the Contractor from entering into any new EUA with END USERS. Applicable H-GAC order processing charges will be due and payable to H-GAC
Public Posting of Approved Users’ Research Use Statement The PI agrees that information about themselves and the approved research use will be posted publicly on the dbGaP website. The information includes the PI’s name and Requester, project name, Research Use Statement, and a Non-Technical Summary of the Research Use Statement. In addition, and if applicable, this information may include the Cloud Computing Use Statement and name of the CSP or PCS. Citations of publications resulting from the use of controlled-access datasets obtained through this DAR may also be posted on the dbGaP website.
Data Use Each party may use Connected Account Data in accordance with this Agreement and the consent (if any) each obtains from each Connected Account. This consent includes, as to Stripe, consent it receives via the Connected Account Agreement.
Use of Data by User Registry Operator will permit user to use the zone file for lawful purposes; provided that (a) user takes all reasonable steps to protect against unauthorized access to and use and disclosure of the data and (b) under no circumstances will Registry Operator be required or permitted to allow user to use the data to, (i) allow, enable, or otherwise support the transmission by email, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than user’s own existing customers, or (ii) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator or any ICANN-‐accredited registrar.
Customer Content As part of the Services provided under this Agreement, Customer Data will be stored and processed in the data center region specified in the applicable Ordering Document. Axway shall not access Customer Content except in response to support or technical issues where Customer provides Axway with prior Customer’s written authorization required to access such Customer Content. Axway is not responsible for unauthorized access, alteration, theft or destruction of Customer Content arising from Customer’s own or its authorized users’ actions or omissions in contravention of the Documentation. Customer’s ability to recover any lost data resulting from Axway’s misconduct is limited to restoration by Axway from the most recent back-up.
Data Security and Unauthorized Data Release The Requester and Approved Users, including the Requester’s IT Director, acknowledge NIH’s expectation that they have reviewed and agree to manage the requested controlled-access dataset(s) and any Data Derivatives of controlled-access datasets according to NIH’s expectations set forth in the current NIH Security Best Practices for Controlled-Access Data Subject to the GDS Policy and the Requester’s IT security requirements and policies. The Requester, including the Requester’s IT Director, agree that the Requester’s IT security requirements and policies are sufficient to protect the confidentiality and integrity of the NIH controlled-access data entrusted to the Requester. If approved by NIH to use cloud computing for the proposed research project, as outlined in the Research and Cloud Computing Use Statements of the Data Access Request, the Requester acknowledges that the IT Director has reviewed and understands the cloud computing guidelines in the NIH Security Best Practices for Controlled-Access Data Subject to the NIH GDS Policy. The Requester and PI agree to notify the appropriate DAC(s) of any unauthorized data sharing, breaches of data security, or inadvertent data releases that may compromise data confidentiality within 24 hours of when the incident is identified. As permitted by law, notifications should include any known information regarding the incident and a general description of the activities or process in place to define and remediate the situation fully. Within 3 business days of the DAC notification, the Requester agrees to submit to the DAC(s) a detailed written report including the date and nature of the event, actions taken or to be taken to remediate the issue(s), and plans or processes developed to prevent further problems, including specific information on timelines anticipated for action. The Requester agrees to provide documentation verifying that the remediation plans have been implemented. Repeated violations or unresponsiveness to NIH requests may result in further compliance measures affecting the Requester. NIH, or another entity designated by NIH may, as permitted by law, also investigate any data security incident or policy violation. Approved Users and their associates agree to support such investigations and provide information, within the limits of applicable local, state, tribal, and federal laws and regulations. In addition, Requester and Approved Users agree to work with the NIH to assure that plans and procedures that are developed to address identified problems are mutually acceptable and consistent with applicable law.
