Notification of personal data breach 1. In case of any personal data breach, the data processor shall, without undue delay after having become aware of it, notify the data controller of the personal data breach.
2. The data processor’s notification to the data controller shall, if possible, take place within 24 hours after the data processor has become aware of the personal data breach to enable the data controller to comply with the data controller’s obligation to notify the personal data breach to the competent supervisory authority, cf. Article 33
CERTIFICATION REGARDING CERTAIN FOREIGN-OWNED COMPANIES IN CONNECTION WITH CRITICAL INFRASTRUCTURE (Texas law as of September 1, 2021) By submitting a proposal to this Solicitation, you certify that you agree to the following required by Texas law as of September 1, 2021: Proposing Company is prohibited from entering into a contract or other agreement relating to critical infrastructure that would grant to the company direct or remote access to or control of critical infrastructure in this state, excluding access specifically allowed by the Proposing Company for product warranty and support purposes. Company, certifies that neither it nor its parent company nor any affiliate of company or its parent company, is (1) owned by or the majority of stock or other ownership interest of the company is held or controlled by individuals who are citizens of China, Iran, North Korea, Russia, or a designated country; (2) a company or other entity, including governmental entity, that is owned or controlled by citizens of or is directly controlled by the government of China, Iran, North Korea, Russia, or a designated country; or (3) headquartered in China, Iran, North Korea, Russia, or a designated country. For purposes of this contract, “critical infrastructure” means “a communication infrastructure system, cybersecurity system, electric grid, hazardous waste treatment system, or water treatment facility.” See Tex. Gov’t Code § 2274.0101(2) of SB 1226 (87th leg.). The company verifies and certifies that company will not grant direct or remote access to or control of critical infrastructure, except for product warranty and support purposes, to prohibited individuals, companies, or entities, including governmental entities, owned, controlled, or headquartered in China, Iran, North Korea, Russia, or a designated country, as determined by the Governor.
Protection of Personal Data 25.1 The Parties agree that they may obtain and have access to personal data for the duration of the Agreement for the fulfilment of the rights and obligations contained herein. In performing the obligations as set out in this Agreement, the Parties shall at all times ensure that:
a) they process data only for the express purpose for which it was obtained;
b) once processed for the purposes for which it was obtained, all data will be destroyed to an extent that it cannot be reconstructed to its original form;
c) data is provided only to authorised personnel who strictly require the personal data to carry out the Parties’ respective obligations under this Agreement;
d) they do not disclose personal data of the other Party, other than in terms of this Agreement;
e) they have all reasonable technical and organisational measures in place to protect all personal data from unauthorised access and/or use;
f) they have appropriate technical and organisational measures in place to safeguard the security, integrity and authenticity of all data in its possession or under its control in terms of this Agreement;
g) such personal data is protected against unauthorised or unlawful processing, accidental loss, destruction or damage, alteration, disclosure or access.
25.2 The Parties agree that if personal data will be processed for additional purposes beyond the original purpose for which it was obtained, explicit consent must be obtained beforehand from those persons whose information will be subject to further processing.
25.3 Should it be necessary for either Party to disclose or otherwise make available the personal data to any third party (including sub-contractors and employees), it may do so only with the prior written permission of the other Party. The Party requiring such permission shall require of all such third parties, appropriate written undertakings to be provided, containing similar terms to that set forth in this clause 25, and dealing with that third party's obligations in respect of its processing of the personal data. Following approval by the other Party, the Party requiring permission agrees that the provisions of this clause 25 shall mutatis mutandis apply to all authorised third parties who process personal data.
25.4 The Parties shall ensure that any persons authorized to process data on their behalf (including employees and third parties) will safeguard the security, integrity and authenticity of all data. Where necessary to meet this requirement, the Parties shall keep all personal data and any analyses, profiles, or documents derived therefrom logically separated from all other data and documentation held by it.
25.5 The Parties shall carry out regular assessments to identify all reasonably foreseeable internal and external risks to the personal data in its possession or under its control. The Parties shall implement and maintain appropriate safeguards against the risks which it identifies and shall also regularly verify that the safeguards which it has in place has been effectively implemented.
25.6 The Parties agree that they will promptly return or destroy any personal data in their possession or control which belongs to the other Party once it no longer serves the purpose for which it was collected in relation to this Agreement, subject to any legal retention requirements. This may be at the request of the other Party and includes circumstances where a person has requested the Parties to delete all instances of their personal data. The information will be destroyed in such a manner that it cannot be reconstructed to its original form, linking it to any particular individual or organisation.
Obligation after the termination of personal data processing services
Certification Regarding Prohibition of Boycotting Israel (Tex Gov. Code 2271)
Consideration of Criminal History in Hiring and Employment Decisions 10.14.1 Contractor agrees to comply fully with and be bound by all of the provisions of Chapter 12T, “City Contractor/Subcontractor Consideration of Criminal History in Hiring and Employment Decisions,” of the San Francisco Administrative Code (“Chapter 12T”), including the remedies provided, and implementing regulations, as may be amended from time to time. The provisions of Chapter 12T are incorporated by reference and made a part of this Agreement as though fully set forth herein. The text of the Chapter 12T is available on the web at xxxx://xxxxx.xxx/olse/fco. Contractor is required to comply with all of the applicable provisions of 12T, irrespective of the listing of obligations in this Section. Capitalized terms used in this Section and not defined in this Agreement shall have the meanings assigned to such terms in Chapter 12T.
10.14.2 The requirements of Chapter 12T shall only apply to a Contractor’s or Subcontractor’s operations to the extent those operations are in furtherance of the performance of this Agreement, shall apply only to applicants and employees who would be or are performing work in furtherance of this Agreement, and shall apply when the physical location of the employment or prospective employment of an individual is wholly or substantially within the City of San Francisco. Chapter 12T shall not apply when the application in a particular context would conflict with federal or state law or with a requirement of a government agency implementing federal or state law.
CERTIFICATION REGARDING BOYCOTTING CERTAIN ENERGY COMPANIES (Texas law as of September 1, 2021) By submitting a proposal to this Solicitation, you certify that you agree, when it is applicable, to the following required by Texas law as of September 1, 2021: If (a) company is not a sole proprietorship; (b) company has ten (10) or more full-time employees; and (c) this contract has a value of $100,000 or more that is to be paid wholly or partly from public funds, the following certification shall apply; otherwise, this certification is not required. Pursuant to Tex. Gov’t Code Ch. 2274 of SB 13 (87th session), the company hereby certifies and verifies that the company, or any wholly owned subsidiary, majority-owned subsidiary, parent company, or affiliate of these entities or business associations, if any, does not boycott energy companies and will not boycott energy companies during the term of the contract. For purposes of this contract, the term “company” shall mean an organization, association, corporation, partnership, joint venture, limited partnership, limited liability partnership, or limited liability company, that exists to make a profit. The term “boycott energy company” shall mean “without an ordinary business purpose, refusing to deal with, terminating business activities with, or otherwise taking any action intended to penalize, inflict economic harm on, or limit commercial relations with a company because the company (a) engages in the exploration, production, utilization, transportation, sale, or manufacturing of fossil fuel-based energy and does not commit or pledge to meet environmental standards beyond applicable federal and state law, or (b) does business with a company described by paragraph (a).” See Tex. Gov’t Code § 809.001(1).
Certification Regarding Prohibition of Certain Terrorist Organizations (Tex Gov. Code 2270) Certification Regarding Prohibition of Boycotting Israel (Tex. Gov. Code 2271) 5 Certification Regarding Prohibition of Contracts with Certain Foreign-Owned Companies (Tex. Gov. 5 Code 2274) 5 Certification Regarding Prohibition of Discrimination Against Firearm and Ammunition Industries (Tex.
Transfer of Personal Data The Participant authorizes, agrees and unambiguously consents to the transmission by the Company (or any Subsidiary) of any personal data information related to the RSUs awarded under this Agreement for legitimate business purposes (including, without limitation, the administration of the Plan). This authorization and consent is freely given by the Participant.
Protection of Personal Information Party agrees to comply with all applicable state and federal statutes to assure protection and security of personal information, or of any personally identifiable information (PII), including the Security Breach Notice Act, 9 V.S.A. § 2435, the Social Security Number Protection Act, 9 V.S.A. § 2440, the Document Safe Destruction Act, 9 V.S.A. § 2445 and 45 CFR 155.260. As used here, PII shall include any information, in any medium, including electronic, which can be used to distinguish or trace an individual’s identity, such as his/her name, social security number, biometric records, etc., either alone or when combined with any other personal or identifiable information that is linked or linkable to a specific person, such as date and place or birth, mother’s maiden name, etc.
