Personally Identifiable Information (PII); Security a. If Grantee or any of its subcontractors may or will create, receive, store or transmit PII under the terms of this Agreement, Grantee must provide for the security of such PII, in a form acceptable to Florida Housing, without limitation, non-disclosure, use of appropriate technology, security practices, computer access security, data access security, data storage encryption, data transmission encryption, security inspections and audits. Grantee shall take full responsibility for the security of all data in its possession or in the possession of its subcontractors and shall hold Florida Housing harmless for any damages or liabilities resulting from the unauthorized disclosure of loss thereof. b. If Grantee or any of its subcontractors may or will create, receive, store or transmit PII under the terms of this Agreement, Grantee shall provide Florida Housing with insurance information for stand-alone cyber liability coverage, including the limits available and retention levels. If Grantee does not carry stand-alone cyber liability coverage, Grantee agrees to indemnify costs related to notification, legal fees, judgments, settlements, forensic experts, public relations efforts, and loss of any business income related to this Agreement. c. Grantee agrees to maintain written policies and procedures for PII and/or data classification. This plan must include disciplinary processes for employees that violate these guidelines. d. Grantee agrees at all times to maintain reasonable network security that, at a minimum, includes a network firewall. e. Grantee agrees to protect and maintain the security of data with protection security measures that include maintaining secure environments that are patched and up to date with all appropriate security updates as designated by a relevant authority (e.g. Microsoft notifications, Common Vulnerabilities and Exposures (CVE) database, etc.) Grantee agrees that PII shall be appropriately destroyed based on the format stored upon the expiration of any applicable retention schedules. f. Grantee agrees that any and all transmission or exchange of system application data with Florida Housing and/or any other parties shall take place via secure Advanced Encryption Standards (AES), e.g. HTTPS, FTPS, SFTP or equivalent means. All data stored as a part of backup and recovery processes shall be encrypted, using AES. g. If Grantee reasonably suspects that a cybersecurity event or breach of security has occurred, they must notify Florida Housing’s Contract Administrator within 48 hours. h. In the event of a breach of PII or other sensitive data, Grantee must abide by provisions set forth in Section 501.171, Fla. Stat. Additionally, Grantee must immediately notify Florida Housing in writing of the breach and any actions taken in response to such a breach. As the information becomes available the statement must include, at a minimum, the date(s) and number of records affected by unauthorized access, distribution, use, modification or disclosure of PII; Grantee’s corrective action plan; and the timelines associated with the corrective action plan.
Personally Identifiable Information By submitting any of your personally identifiable information, such as your name, address, email address, phone number or fax number, to us, you consent to our privacy policy located at xxx.xxxxxxxx.xxx/xxxxx.
Personal Information 23.1 Subject to any applicable laws, the Licensee authorises XXXXX to: 23.1.1 use any Personal Information that SAMRO for the purposes of processing, executing and administering the Agreement; calculating Licence Fees; collecting the Licence Fees; 23.1.2 informing the Licensee of any SAMRO news and information or information relating to the Agreement; 23.1.3 informing the Licensee of any amendment, Tariff amendment or General Amendment to this Agreement. 23.1.4 access the Licensees Personal Information from credit bureaux relating to the Licensees payment profile for purposes of financial risk assessment, fraud prevention and debtor tracing and that we may disclose the necessary Personal Information to any such credit bureaux. 23.1.5 obtain, capture store, process, analyse and use the Licensees personal information for SAMRO marketing purposes in relation to XXXXX’s business of managing its Repertoire.
Customer Identification Unless Elastic has first obtained Customer's prior written consent, Elastic shall not identify Customer as a user of the Products, on its website, through a press release issued by Elastic and in other promotional materials.
Personal Items In accordance with Departmental policy, employees will be reimbursed for personal items required on the job that are lost, damaged or destroyed in the line of duty. Reimbursement will be up to an amount of $100 per occurrence, excluding prescription eyewear.
Customer Identification Program (A) To assist the Fund in complying with requirements regarding a customer identification program in accordance with applicable regulations promulgated by U.S. Department of Treasury under Section 326 of the USA PATRIOT Act ("CIP Regulations"), BNYM will do the following: (i) Implement procedures which require that prior to establishing a new account in the Fund BNYM obtain the name, date of birth (for natural persons only), address and government-issued identification number (collectively, the "Data Elements") for the "Customer" (defined for purposes of this Agreement as provided in 31 CFR 1024.100(c)) associated with the new account. (ii) Use collected Data Elements to attempt to reasonably verify the identity of each new Customer promptly before or after each corresponding new account is opened. Methods of verification may consist of non-documentary methods (for which BNYM may use unaffiliated information vendors to assist with such verifications) and documentary methods (as permitted by 31 CFR 1024.220), and may include procedures under which BNYM personnel perform enhanced due diligence to verify the identities of Customers the identities of whom were not successfully verified through the first- level (which will typically be reliance on results obtained from an information vendor) verification process(es). (iii) Record the Data Elements and maintain records relating to verification of new Customers consistent with 31 CFR 1024.220(a)(3). (iv) Regularly report to the Fund about measures taken under (i)-(iii) above. (v) If BNYM provides services by which prospective Customers may subscribe for shares in the Fund via the Internet or telephone, BNYM will work with the Fund to notify prospective Customers, consistent with 31 CFR 1024.220(a)(5), about the program conducted by the Fund in accordance with the CIP Regulations. (B) To assist the Fund in complying with the Customer Due Diligence Requirements for Financial Institutions promulgated by FinCEN (31 CFR § 1020.230) pursuant to the Bank Secrecy Act ("CDD Rule"), BNYM will maintain and implement written procedures that are reasonably designed to: (i) Obtain information of a nature and in a manner permitted or required by the CCD Rule in order to identify each natural person who is a "beneficial owner" (as that term is defined in the CDD Rule) of a legal entity at the time that such legal entity seeks to open an account as a shareholder of the Fund, unless that legal entity is excluded from the CDD Rule or an exemption provided for in the CDD Rule applies; and (ii) Verify the identity of each beneficial owner so identified according to risk based procedures to the extent reasonable and practicable, in accordance with the minimum requirements of the CDD Rule. (C) Nothing in Section (3) shall be construed to require BNYM to perform any course of conduct that is not required for Fund compliance with the CIP Regulations or CDD Rule, including by way of illustration not limitation the collection of Data Elements or verification of identity for individuals opening Fund accounts through financial intermediaries which use the facilities of the NSCC. (D) BNYM agrees to permit inspections relating to the CIP services provided hereunder by U.S. Federal departments or regulatory' agencies with appropriate jurisdiction and to make available to examiners from such departments or regulatory agencies such information and records relating to the CIP services provided hereunder as such examiners shall reasonably request.
De-Identified Data Provider agrees not to attempt to re-identify de-identified Student Data. De-Identified Data may be used by the Provider for those purposes allowed under FERPA and the following purposes: (1) assisting the LEA or other governmental agencies in conducting research and other studies; and (2) research and development of the Provider's educational sites, services, or applications, and to demonstrate the effectiveness of the Services; and (3) for adaptive learning purpose and for customized student learning. Provider's use of De-Identified Data shall survive termination of this DPA or any request by XXX to return or destroy Student Data. Except for Subprocessors, Xxxxxxxx agrees not to transfer de- identified Student Data to any party unless (a) that party agrees in writing not to attempt re-identification, and (b) prior written notice has been given to the LEA who has provided prior written consent for such transfer. Prior to publishing any document that names the LEA explicitly or indirectly, the Provider shall obtain the LEA’s written approval of the manner in which de-identified data is presented.
Privacy and Personal Information (a) This clause 14 applies where this agreement amounts to a “service arrangement” under the Information Privacy Act 2009 (Qld). (b) For the purpose of this clause 14, Personal Information has the meaning given in the Information Privacy Act 2009 (Qld). (c) If the Recipient collects or has access to Personal Information in order to undertake the Activity, the Recipient must: (i) comply with Parts 1 and 3 of Chapter 2 of the Information Privacy Act 2009 (Qld) in relation to the discharge of its obligations under this agreement (including its obligations regarding Reports), as if the Recipient was the Department; (ii) ensure that Personal Information is protected against loss and against unauthorised access, use, modification, disclosure or other misuse; (iii) not use Personal Information other than for the purposes of undertaking the Activity, unless required or authorised by law; (iv) not disclose Personal Information without the consent of the Department, unless required or authorised by law; (v) not transfer Personal Information outside of Australia without the consent of the Department; (vi) ensure that access to Personal Information is restricted to those of the Recipient's employees and officers who require access in order to perform their duties; (vii) ensure that the Recipient's officers and employees do not access, use or disclose Personal Information other than in the performance of their duties; (viii) ensure that the Recipient's subcontractors who have access to Personal Information comply with obligations the same as those imposed on the the Recipient under this clause 14; (ix) fully co-operate with the Department to enable the Department to respond to applications for access to, or amendment of a document containing an individual’s Personal Information and to privacy complaints; and (x) comply with such other privacy and security measures as the Department reasonably advises the Recipient in writing from time to time. (d) The Recipient must immediately notify the Department on becoming aware of any breach, suspected breach or complaint alleging something that would, if proved, be a breach of clause 14(c) and provide full details of the breach, suspected breach or complaint. (e) On request by the Department, the Recipient must obtain from its Representatives engaged for the purposes of this agreement, an executed deed of privacy in a form acceptable to the Department.
Safeguards for Personal Information Supplier agrees to develop, implement, maintain, and use administrative, technical, and physical safeguards, as deemed appropriate by DXC, to preserve the security, integrity and confidentiality of, and to prevent intentional or unintentional non-permitted or violating use or disclosure of, and to protect against unauthorized access to or accidental or unlawful destruction, loss, or alteration of, the Personal Information Processed, created for or received from or on behalf of DXC in connection with the Services, functions or transactions to be provided under or contemplated by this Agreement. Such safeguards shall meet all applicable legal standards (including any encryption requirements imposed by law) and shall meet or exceed accepted security standards in the industry, such as ISO 27001/27002. Supplier agrees to document and keep these safeguards current and shall make the documentation available to DXC upon request. Supplier shall ensure that only Supplier’s employees or representatives who may be required to assist Supplier in meeting its obligations under this Agreement shall have access to the Personal Information.
Personal Information security breach Supplier/Service Provider’s Obligations a) The Supplier/Service Provider shall notify the Information Officer of Transnet, in writing as soon as possible after it becomes aware of or suspects any loss, unauthorised access or unlawful use of any personal data and shall, at its own cost, take all necessary remedial steps to mitigate the extent of the loss or compromise of personal data and to restore the integrity of the affected Goods/Services as quickly as is possible. The Supplier/Service Provider shall also be required to provide Transnet with details of the persons affected by the compromise and the nature and extent of the compromise, including details of the identity of the unauthorised person who may have accessed or acquired the personal data. b) The Supplier/Service Provider shall provide on-going updates on its progress in resolving the compromise at reasonable intervals until such time as the compromise is resolved. c) Where required, the Supplier/Service Provider may be required to notify the South African Police Service; and/or the State Security Agency and where applicable, the relevant regulator and/or the affected persons of the security breach. Any such notification shall always include sufficient information to allow the persons to take protective measures against the potential consequences of the compromise. d) The Supplier/Service Provider undertakes to co‑operate in any investigation relating to security which is carried out by or on behalf of Transnet including providing any information or material in its possession or control and implementing new security measures.
