Nonpublic Personal Information Notwithstanding any provision herein to the contrary, the Sub-Adviser agrees on behalf of itself and its directors, shareholders, officers, and employees (1) to treat confidentially and as proprietary information of the Adviser and the Trust (a) all records and other information relative to each Fund’s prior, present, or potential shareholders (and clients of said shareholders) and (b) any Nonpublic Personal Information, as defined under Section 248.3(t) of Regulation S-P (“Regulation S-P”), promulgated under the Gxxxx-Xxxxx-Xxxxxx Act (the “G-L-B Act”), and (2) except after prior notification to and approval in writing by the Adviser or the Trust, not to use such records and information for any purpose other than the performance of its responsibilities and duties hereunder, or as otherwise permitted by Regulation S-P or the G-L-B Act, and if in compliance therewith, the privacy policies adopted by the Trust and communicated in writing to the Sub-Adviser. Such written approval shall not be unreasonably withheld by the Adviser or the Trust and may not be withheld where the Sub-Adviser may be exposed to civil or criminal contempt or other proceedings for failure to comply after being requested to divulge such information by duly constituted authorities.
Personal Information 23.1 Subject to any applicable laws, the Licensee authorises XXXXX to:
23.1.1 use any Personal Information that SAMRO for the purposes of processing, executing and administering the Agreement; calculating Licence Fees; collecting the Licence Fees;
23.1.2 informing the Licensee of any SAMRO news and information or information relating to the Agreement;
23.1.3 informing the Licensee of any amendment, Tariff amendment or General Amendment to this Agreement.
23.1.4 access the Licensees Personal Information from credit bureaux relating to the Licensees payment profile for purposes of financial risk assessment, fraud prevention and debtor tracing and that we may disclose the necessary Personal Information to any such credit bureaux.
23.1.5 obtain, capture store, process, analyse and use the Licensees personal information for SAMRO marketing purposes in relation to XXXXX’s business of managing its Repertoire.
Personal Information security breach Supplier/Service Provider’s Obligations
a) The Supplier/Service Provider shall notify the Information Officer of Transnet, in writing as soon as possible after it becomes aware of or suspects any loss, unauthorised access or unlawful use of any personal data and shall, at its own cost, take all necessary remedial steps to mitigate the extent of the loss or compromise of personal data and to restore the integrity of the affected Goods/Services as quickly as is possible. The Supplier/Service Provider shall also be required to provide Transnet with details of the persons affected by the compromise and the nature and extent of the compromise, including details of the identity of the unauthorised person who may have accessed or acquired the personal data.
b) The Supplier/Service Provider shall provide on-going updates on its progress in resolving the compromise at reasonable intervals until such time as the compromise is resolved.
c) Where required, the Supplier/Service Provider may be required to notify the South African Police Service; and/or the State Security Agency and where applicable, the relevant regulator and/or the affected persons of the security breach. Any such notification shall always include sufficient information to allow the persons to take protective measures against the potential consequences of the compromise.
d) The Supplier/Service Provider undertakes to co‑operate in any investigation relating to security which is carried out by or on behalf of Transnet including providing any information or material in its possession or control and implementing new security measures.
Handling Sensitive Personal Information and Breach Notification A. As part of its contract with HHSC Contractor may receive or create sensitive personal information, as section 521.002 of the Business and Commerce Code defines that phrase. Contractor must use appropriate safeguards to protect this sensitive personal information. These safeguards must include maintaining the sensitive personal information in a form that is unusable, unreadable, or indecipherable to unauthorized persons. Contractor may consult the “Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals” issued by the U.S. Department of Health and Human Services to determine ways to meet this standard.
B. Contractor must notify HHSC of any confirmed or suspected unauthorized acquisition, access, use or disclosure of sensitive personal information related to this Contract, including any breach of system security, as section 521.053 of the Business and Commerce Code defines that phrase. Contractor must submit a written report to HHSC as soon as possible but no later than 10 business days after discovering the unauthorized acquisition, access, use or disclosure. The written report must identify everyone whose sensitive personal information has been or is reasonably believed to have been compromised.
C. Contractor must either disclose the unauthorized acquisition, access, use or disclosure to everyone whose sensitive personal information has been or is reasonably believed to have been compromised or pay the expenses associated with HHSC doing the disclosure if:
1. Contractor experiences a breach of system security involving information owned by HHSC for which disclosure or notification is required under section 521.053 of the Business and Commerce Code; or
2. Contractor experiences a breach of unsecured protected health information, as 45 C.F.R. §164.402 defines that phrase, and HHSC becomes responsible for doing the notification required by 45 C.F.R. §164.404. HHSC may, at its discretion, waive Contractor's payment of expenses associated with HHSC doing the disclosure.
