PERSONAL INFORMATION PRIVACY AND SECURITY CONTRACT 11 Any reference to statutory, regulatory, or contractual language herein shall be to such language as in 12 effect or as amended.
13 A. DEFINITIONS
Data Protection and Privacy:
Protected Health Information Party shall maintain the privacy and security of all individually identifiable health information acquired by or provided to it as a part of the performance of this Agreement. Party shall follow federal and state law relating to privacy and security of individually identifiable health information as applicable, including the Health Insurance Portability and Accountability Act (HIPAA) and its federal regulations.
Third-Party Information; Privacy or Data Protection Laws Each Party acknowledges that it and its respective Subsidiaries may presently have and, after the Effective Time, may gain access to or possession of confidential or proprietary Information of, or personal Information relating to, Third Parties: (i) that was received under confidentiality or non-disclosure agreements entered into between such Third Parties, on the one hand, and the other Party or the other Party’s Subsidiaries, on the other hand, prior to the Effective Time or (ii) that, as between the two parties, was originally collected by the other Party or the other Party’s Subsidiaries and that may be subject to and protected by privacy, data protection or other applicable Laws. Each Party agrees that it shall hold, protect and use, and shall cause its Subsidiaries and its and their respective Representatives to hold, protect and use, in strict confidence the confidential and proprietary Information of, or personal Information relating to, Third Parties in accordance with privacy, data protection or other applicable Laws and the terms of any agreements that were either entered into before the Effective Time or affirmative commitments or representations that were made before the Effective Time by, between or among the other Party or the other Party’s Subsidiaries, on the one hand, and such Third Parties, on the other hand.
Privacy of Customer Information Company Customer Information in the possession of the Agent, other than information independently obtained by the Agent and not derived in any manner from or using information obtained under or in connection with this Agreement, is and shall remain confidential and proprietary information of the Companies. Except in accordance with this Section 10.10, the Agent shall not use any Company Customer Information for any purpose, including the marketing of products or services to, or the solicitation of business from, Customers, or disclose any Company Customer Information to any Person, including any of the Agent’s employees, agents or contractors or any third party not affiliated with the Agent. The Agent may use or disclose Company Customer Information only to the extent necessary (i) for examination and audit of the Agent’s activities, books and records by the Agent’s regulatory authorities, (ii) to protect or exercise the Agent’s, the Custodian’s and the Lenders’ rights and privileges or (iii) to carry out the Agent’s, the Custodian’s and the Lenders’ express obligations under this Agreement and the other Facilities Papers (including providing Company Customer Information to Approved Investors), and for no other purpose; provided that the Agent may also use and disclose the Company Customer Information as expressly permitted by the relevant Company in writing, to the extent that such express permission is in accordance with the Privacy Requirements. The Agent shall take commercially reasonable steps to ensure that each Person to which the Agent intends to disclose Company Customer Information, before any such disclosure of information, agrees to keep confidential any such Company Customer Information and to use or disclose such Company Customer Information only to the extent necessary to protect or exercise the Agent’s, the Custodian’s and the Lenders’ rights and privileges, or to carry out the Agent’s, the Custodian’s and the Lenders’ express obligations, under this Agreement and the other Facilities Papers (including providing Company Customer Information to Approved Investors). The Agent agrees to maintain an Information Security Program and to assess, manage and control risks relating to the security and confidentiality of Company Customer Information pursuant to such program in the same manner as the Agent does so in respect of their own customers’ information, and shall implement the standards relating to such risks in the manner set forth in the Interagency Guidelines Establishing Standards for Safeguarding Company Customer Information set forth in 12 CFR Parts 30, 208, 211, 225, 263, 308, 364, 568 and 570. Without limiting the scope of the foregoing sentence, the Agent shall use at least the same physical and other security measures to protect all Company Customer Information in the Agent’s possession or control as the Agent uses for their own customers’ confidential and proprietary information.
Collection of Personal Information 10.1 The Subscriber acknowledges and consents to the fact that the Issuer is collecting the Subscriber’s personal information for the purpose of fulfilling this Agreement and completing the Offering. The Subscriber acknowledges that its personal information (and, if applicable, the personal information of those on whose behalf the Subscriber is contracting hereunder) may be included in record books in connection with the Offering and may be disclosed by the Issuer to: (a) stock exchanges or securities regulatory authorities, (b) the Issuer's registrar and transfer agent, (c) tax authorities, (d) authorities pursuant to the PATRIOT Act (U.S.A.) and (e) any of the other parties involved in the Offering, including the Issuer’s Counsel. By executing this Agreement, the Subscriber is deemed to be consenting to the foregoing collection, use and disclosure of the Subscriber's personal information (and, if applicable, the personal information of those on whose behalf the Subscriber is contracting hereunder) for the foregoing purposes and to the retention of such personal information for as long as permitted or required by applicable laws. Notwithstanding that the Subscriber may be purchasing the Note as agent on behalf of an undisclosed principal, the Subscriber agrees to provide, on request, particulars as to the nature and identity of such undisclosed principal, and any interest that such undisclosed principal has in the Issuer, all as may be required by the Issuer in order to comply with the foregoing.
10.2 Furthermore, the Subscriber is hereby notified that the Issuer may deliver to any government authority having jurisdiction over the Issuer, the Subscriber or this Subscription, including the SEC and/or any state securities commissions, certain personal information pertaining to the Subscriber, including the Subscriber’s full name, residential address and telephone number, the number of Shares or other securities of the Issuer owned by the Subscriber, the principal amount of Note purchased by the Subscriber, the total Subscription Amount paid for the Note and the date of distribution of the Note.
Freedom of Information and Protection of Privacy Act Any information provided on this contract may be subject to release under the Freedom of Information and Protection of Privacy Act. The Contractor may be consulted prior to release of any information.
IDENTIFYING INFORMATION AND PRIVACY NOTIFICATION (a) FEDERAL EMPLOYER IDENTIFICATION NUMBER and/or FEDERAL SOCIAL SECURITY NUMBER. As a condition to NYSERDA’s obligation to pay any invoices submitted by Contractor pursuant to this Agreement, Contractor shall provide to NYSERDA its Federal employer identification number or Federal social security number, or both such numbers when the Contractor has both such numbers. Where the Contractor does not have such number or numbers, the Contractor must give the reason or reasons why the payee does not have such number or numbers.
Compliance with Data Privacy Laws The Company and its Subsidiaries are, and at all prior times were, in compliance with all applicable state and federal data privacy and security laws and regulations, including without limitation HIPAA, and the Company and its Subsidiaries have taken commercially reasonable actions to prepare to comply with, and since May 25, 2018, have been and currently are in compliance with, the GDPR (EU 2016/679) (collectively, the “Privacy Laws”) except in each case, where such would not, either individually or in the aggregate, reasonably be expected to result in a Material Adverse Effect. To ensure compliance with the Privacy Laws, the Company and its Subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). The Company and its Subsidiaries have at all times made all disclosures to users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. The Company further certifies that neither it nor any Subsidiary: (i) has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.
DATA PROTECTION AND PRIVACY 14.1 In addition to Supplier’s obligations under Sections 6, 9, 10, and 15, Supplier will comply with this Section 14 when processing Accenture Personal Data. "Accenture Personal Data" means personal data owned, licensed, or otherwise controlled or processed by Accenture including personal data processed by Accenture on behalf of its clients. “Accenture Data” means all information, data and intellectual property of Accenture or its clients or other suppliers, collected, stored, hosted, processed, received and/or generated by Supplier in connection with providing the Deliverables to Accenture, including Accenture Personal Data.
Freedom of Information and Transparency 20.1 The Recipient acknowledges that the Commissioner is subject to the provisions of the FOIA and agrees to assist and co-operate with the Commissioner (at the Recipient’s expense) where necessary to enable the Commissioner to comply with any requests received under the FOIA relating to this Agreement. This includes, but is not limited to, transferring to the Commissioner any request received by the Recipient under the FOIA relating to this Agreement as soon as practicable following receipt and in any event within three working days of receipt.
20.2 In no event shall the Recipient respond to a request under the FOIA relating to this Agreement without obtaining the prior written consent of the Commissioner.
20.3 The Recipient acknowledges that the Commissioner may be obliged to disclose information under the FOIA:
20.3.1 Without consulting the Recipient; or
20.3.2 Following consultation with the Recipient and having taken into account its views. Provided that where clause 20.3.1 applies the Commissioner shall, in accordance with the recommendations of the Secretary of State for Constitutional Affairs’ Code of Practice on the discharge of a public authorities’ functions under Part 1 of FOIA, take reasonable steps, to give the Recipient advanced notice or to draw the disclosure to the Recipient’s attention after any such disclosure.
20.4 The Recipient shall ensure it retains for disclosure all information (as defined in the FOIA) produced in the course of this Agreement or relating to this Agreement and shall allow the Commissioner to inspect such records from time to time upon request.
20.5 The Recipient acknowledges that the Commissioner is subject to certain transparency and disclosure obligations set out in the Elected Local Policing Bodies Specified Information Order 2011 (as amended) (“Transparency Obligations”)
20.6 The Recipient consents to the Commissioner publishing the contents of this Agreement and information regarding any tender process related to the Purpose of the Agreement to enable the Commissioner to comply with their Transparency Obligations.
20.7 The Recipient acknowledges that:
20.7.1 The Commissioner shall be responsible for determining, at their absolute discretion, whether any information is exempt from disclosure or should be disclosed pursuant to the FOIA and/or the Transparency Obligations and to what extent any information disclosed shall be redacted; and
20.7.2 Any lists or schedules provided by the Recipient outlining confidential information are of an indicative value only and that the Commissioner may be obliged to disclose confidential information in accordance with Clause 20.3 and/or Clause 20.5.
