PII Clause Samples

PII. An individual’s first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted: (i) social security number; (ii) driver license number or state identification number; (iii) account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account; (iv) email address; (v) medical information; or (vi) Client and patient. PII does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records.

PII. We will not intentionally collect any PII from your customers in the SRCL Data or otherwise, other than IP addresses and device identifiers, which may be considered PII in certain jurisdictions. You may not provide us with the PII of any customer (other than IP addresses and device identifiers), and you must comply with all applicable privacy rules and regulations regarding notification and use of any data that we collect. If you do inadvertently provide PII to us, you must immediately notify us so that we can delete such PII, and you will take all steps necessary to remediate the situation and prevent it from happening again. If we independently determine that we have received any PII from you (other than IP addresses and device identifiers), we will promptly notify you and delete such PII, and you will take all steps necessary to remediate the situation and prevent it from happening again. You will be liable to us for any breach of this term.

PII. Without limiting, and in addition to, Article 2, this Article, and Attachment 7, Vendor shall ensure that: (i) PII shall be protected in accordance with all Laws and USAC requirements, including, without limitation, relevant: (a) OMB Memorandum M-17-12; (b) guidance from the NIST including without limitation the most current revision of NIST SP 800-53 Rev. 5; and (c) FCC requirements or the most current replacement of the above; (ii) to the extent that cloud-based Services are to be employed by Vendor and interact with USAC data, Vendor shall provide documentation and proof of FedRAMP-Authorization to demonstrate compliance and such Services shall be certified by FedRAMP for use at a moderate risk by the time the cloud-based Services are implemented (USAC reserves the right to inspect the Authority to Operate or the complete package of documents for those with agency accreditation); and (iii) all Cybersecurity Incidents or Privacy Incidents resulting in any interruption to system services including the disclosure of PII, shall be tracked in accordance with NIST SP 800-53 Rev. 5, NIST SP 800-61, and OMB Memorandum M-17-12.

PII. Vendor hereby acknowledges that Comcast has a special responsibility under the law to keep personally identifiable information of its customers (“PII”) private and confidential. PII is subject to the subscriber privacy protections set forth in Section 631 of the Cable Communications Policy Act of 1984, as amended (47 USC Sec. 551), as well as other applicable federal and state laws. Vendor agrees that it shall use such information in strict compliance with Section 631, all other applicable laws governing the use, collection, disclosure and storage of such information, and the protocols set forth hereunder.

PII. We do not intend or wish to collect any personally identifiable information (“PII”) from your end users through SRCL or otherwise. Therefore, you may not provide us with the PII of any end user. PII includes a person’s name, email address, phone number, social security number, driver’s license number, credit card number, or any other information that would, directly or indirectly, identify a natural person. If you do inadvertently provide such information to us, you will immediately notify us so that we can delete such PII, and you will take all steps necessary to remediate the situation and prevent it from happening again. If we independently determine that we have received any PII from you, we will promptly notify you and delete such PII, and you will take all steps necessary to remediate the situation and prevent it from happening again. You will be liable to us for any breach of this requirement.

PII. You will not combine the Data with the Personally Identifiable Information (“PII”) of any end user. PII includes such things as, a person’s name, email address, phone number, social security number, driver’s license number, credit card number, or any other information that would, directly or indirectly, identify a natural person. If you do inadvertently breach this provision, you will take all steps necessary to remediate the situation and prevent it from happening again. You will be liable to us for any breach of this requirement.

PII. If any PII relating to an End User is collected or disclosed in connection with this Agreement, each Party acknowledges and agrees that (i) it will not disclose, transmit or otherwise use such PII except as necessary to fulfill its respective obligations under this Agreement, or as expressly set forth in its respective privacy policy; and (ii) each Party has certain ownership and use rights in the same or similar PII provided to it by the End User and such PII will be and remain the separate confidential and proprietary informationof that Party andsubject to each Party’s respective policies (including the Global Privacy Statement).

PII. In the course of the provision of the Services, Torqata may have access to certain personally identifiable information of Subscriber, the Authorized Users or the customers of Subscriber that is regulated by state and/or federal laws and regulations Subscriber PII. In accordance with the requirements imposed by applicable laws, Torqata shall, for so long as Torqata retains such Subscriber PII: (i) limit access to Subscriber PII to Torqata’s employees, agents and subcontractors who need access to Subscriber PII; and (ii) implement commercially reasonable administrative, technical and physical safeguards in accordance with SOC2 standards to help protect against unauthorized access to or disclosure of such Subscriber PII. Subscriber represents and warrants that none of the Subscriber PII is GDPR data or otherwise controlled or processed in the European Union. Until Torqata and Subscriber complete an assessment of each Party’s obligations under the California Consumer Privacy Act, Subscriber agrees to not share personal data for natural persons that are California residents (“California Residents”) as part of the POS Data transfer. In that regard, Torqata will use reasonable efforts to filter its data feeds to block information on California Residents until an assessment and decision on California PII is made by the Parties. Subscriber represents and warrants that it will not provide Torqata with, or otherwise upload or input into the Services, any Prohibited Data.

PII. Other than as set forth in Exhibit C for panel or community build services, Client acknowledges and agrees that Dynata will not disclose or permit the collection of PII of Dynata sourced research participants (“RII”) to or by Client, except in specifically described research situations, such as validation or modeling, permitted by and in accordance with generally accepted industry standards and practices applicable to Dynata’s industry, applicable law(s), and Dynata’s privacy policy. Client further agrees that it shall not collect RII from any research participant for any projects fielded through Dynata’s self-service sample purchase tool and/or API platform. Client hereby expressly acknowledges and agrees that Client is not permitted or allowed to collect or receive RII unless: (i) Dynata provides its express prior written consent to such collection or receipt, which consent may be withheld, delayed, conditioned, or denied in ▇▇▇▇▇▇’s sole discretion, and (ii) the Parties execute a separate written agreement, the form of which shall be provided by Dynata. Under no circumstances shall Client use or disclose RII for any purpose not expressly authorized within such separate agreement and Client shall not retain RII for longer than is necessary to accomplish such purpose. Client further agrees that respondents shall not be contacted by the Client except as may be necessary in furtherance of a preexisting business relationship between Client and the respondent(s) which is not otherwise prohibited by applicable law. Notwithstanding anything contained in these terms to the contrary, in no event shall deliverables (client owned work product) include RII, even if such RII is included in the survey responses, data and/or reports/records. RII shall be considered to be the Confidential Information of Dynata as defined herein.