Common use of Privacy Requirements Clause in Contracts

Privacy Requirements. In providing the Administrative Services provided for under this Agreement, and in connection with maintaining, administering, handling and transferring the data of the policyholders and other recipients of benefits under the Reinsured Contracts, the Administrator shall, and shall cause its Affiliates and any permitted Subcontractors to, comply with all confidentiality and security obligations applicable to them in connection with the collection, use, disclosure, maintenance and transmission of personal, private, health or financial information about individual policyholders or benefit recipients, including the provisions of privacy policies under which such information was gathered, those laws currently in place and which may become effective during the term of this Agreement, including the Xxxxx-Xxxxx-Xxxxxx Act, the Health Insurance Portability and Accountability Act of 1996 and any other Applicable Laws. The Administrator shall entitle the Company and its agents and representatives, the Commissioner of Health and Human Services and such other Governmental Authorities, to the extent required by Applicable Law, to audit the Administrator’s compliance herewith. The Administrator shall also enable individual subjects of personally identifiable information, upon request from such individuals, to review and correct information maintained by the Administrator about them, and to restrict use of such information. The Administrator shall promptly report to the Company any violation of this provision of which the Administrator becomes aware. Unless required by Applicable Law, the Administrator shall not during the term of this Agreement, modify the privacy policies under which information utilized by the Administrator in administering the Reinsured Contracts is gathered, without the Company’s prior written consent, which consent shall not be unreasonably withheld. The parties agree to comply with the terms of the Business Associate Addendum attached hereto, if applicable, or such other written agreement as may be required by Applicable Law on the date hereof.

Privacy Requirements. In providing the Administrative Services provided for under this Agreement, and in connection with maintaining, administering, handling and transferring the data of the policyholders and other recipients of benefits under the Reinsured Contracts, the Administrator shall, and shall cause its Affiliates and any permitted Subcontractors to, comply with all confidentiality and security obligations applicable to them in connection with the collection, use, disclosure, maintenance and transmission of personal, private, health or financial information about individual policyholders or benefit recipients, including the provisions of privacy policies under which such information was gathered, those laws currently in place and which may become effective during During the term of this Agreement, including the Xxxxx-Xxxxx-Xxxxxx Act, the Health Insurance Portability and Accountability Act of 1996 and any other Applicable Laws. The Administrator shall entitle the Company and its agents and representatives, the Commissioner of Health and Human Services and such other Governmental Authorities, to the extent required by Applicable Law, to audit the Administrator’s compliance herewith. The Administrator shall also enable individual subjects of personally identifiable information, upon request from such individuals, to review and correct information maintained by the Administrator about them, and to restrict use of such information. The Administrator shall promptly report to the Company any violation of this provision of which the Administrator becomes aware. Unless required by Applicable Law, the Administrator shall not during the term of this Agreement, modify the privacy policies under which information utilized by the Administrator in administering the Reinsured Contracts is gathered, without the Company’s prior written consent, which consent shall not be unreasonably withheld. The both parties agree to comply with privacy laws directly applicable to their respective businesses. TIAA shall obtain any consents legally required relating to TIAA’s handling of Contractor’s Confidential Information. If TIAA believes that, in the terms course of providing Services under this Agreement, Contractor will have access to data that TIAA does not want Contractor’s personnel to comprehend, TIAA may encrypt such data so that it will be unintelligible. Contractor shall implement appropriate security measures, policies, and procedures that are designed to meet the objectives of the Business Associate Addendum attached heretoGramm Xxxxx Xxxxxx Act of 1999 (“GLB”). Contractor currently maintains, if applicablewith respect to “nonpublic personal information: regarding individual “consumers” or “customers” of TIAA (as such term is defined in Section 509(4) of the GLB (“Customer Information”), physical, electronic and procedural safeguards that are designed to: (a) Protect against anticipated threats or hazards to the security or integrity of the Customer Information; and (b) Protect against unauthorized access to or use of Confidential Information that could result in substantial harm or inconvenience to any customer of TIAA. Notwithstanding anything herein to the contrary, Contractor shall be permitted to disclose such other written agreement Customer Information as may be required by Applicable Law on law, regulation, judicial or administrative process or in connection with litigation pertaining thereto, provided that Contractor first gives TIAA notice and a reasonable opportunity to seek an injunction to prevent the date hereofdisclosure of Customer Information if TIAA believes that disclosure is not legally required. In addition, Contractor will promptly respond to any reasonable written request by TIAA for assistance regarding TIAA’s obligations with respect to Customer Information protected under this provision, including but not limited to TIAA’s obligation for due diligence and monitoring of Contractor’s Privacy policy and Information Security Program. Contractor agrees not to disclose the Customer Information governed by GLB and the Fair Credit Reporting Act as amended by the Fair and Accurate Credit Transactions Act of 2003, and applicable state laws, to any party not otherwise authorized to receive Confidential Information herein except as otherwise set forth herein. Contractor further agrees to notify TIAA within a reasonable time of any breach of its computer systems which may have compromised TIAA’s Customer Information as defined by CA Civil Code section 1798.82 – Breach of System Security law or other similar federal or state laws requiring notification to affected customers of TIAA.

Privacy Requirements. (a) In providing the Administrative Services provided for under this Agreement, and in connection with maintaining, administering, handling and transferring the data of the policyholders Policyholder and other recipients of benefits loss payments under the Reinsured Policies and the Subject Contracts, the Administrator shall, and shall cause its Affiliates and any permitted Subcontractors to, comply in all material respects with all confidentiality and security obligations applicable to them in connection with the collection, use, disclosure, maintenance and transmission of personal, private, health or financial information about individual policyholders Policyholders or benefit loss payment recipients, including the provisions of privacy policies under which such information was gathered, those laws currently in place and which may become effective during the term of this Agreement, including the Xxxxx-Xxxxx-Xxxxxx Act, the Health Insurance Portability and Accountability Act of 1996 1996, New York Department of Financial Services Insurance Regulation No. 173, and any other Applicable Laws. The Administrator shall entitle the Company and its agents and representatives, the Commissioner of Health and Human Services and such other Governmental Authorities, to the extent required by Applicable Law, to audit the Administrator’s compliance herewith. The To the extent required by Applicable Law, the Administrator shall also enable individual subjects of personally identifiable information, upon request from such individuals, to review and correct information maintained by the Administrator about them, and to restrict use of such information. The Administrator shall promptly report to the Company any violation of this provision Section 15.1 of which the Administrator becomes aware. Unless required by Applicable Law, the Administrator shall not during the term of this Agreement, Agreement modify the privacy policies under which information utilized by the Administrator in administering the Reinsured Policies and the Subject Contracts is gathered, without the Company’s prior written consent, which consent shall not be unreasonably withheld, conditioned or delayed. (b) The Administrator shall implement and maintain appropriate measures designed to meet the objectives of the New York Department of Financial Services Insurance Regulation No. 173 with respect to safeguarding the Company’s customer information and customer information systems. The parties agree to comply with Administrator shall adjust its information security program at the terms request of the Business Associate Addendum attached heretoCompany for any relevant changes dictated by the Company’s assessment of risk around its customer information and customer information systems. Confirming evidence that the Administrator has satisfied its obligations under this Agreement shall be made available, if applicableduring normal business hours, or such other written agreement as may be required for inspection by Applicable Law on the date hereofCompany, anyone authorized by the Company, and any Governmental Authority that has regulatory authority over the Company’s business activities.

Privacy Requirements. In providing Notwithstanding anything to the Administrative Services provided for under contrary in this Agreement, and in connection with maintainingXxxxxx, administering, handling and transferring the data of the policyholders and other recipients of benefits under the Reinsured Contractsas Administrative Agent, the Administrator shallCollateral Agent, Lender and Group Agent agrees that it is, and shall cause its Affiliates will remain, in compliance with the Privacy Requirements, will not utilize, and will not permit any permitted Subcontractors toaffiliate or any representative to utilize, comply with all confidentiality and security obligations applicable to them Non-Public Obligor Data for any purpose not in connection with the collectiontransactions contemplated under this Agreement or the related Transaction Documents, useand will maintain reasonable and adequate safeguards for the protection of all Non-Public Obligor Data, disclosurein accordance with its internal privacy policies and as required by the Privacy Requirements and other applicable Law. Xxxxxx has provided ADT with a true and correct copy of its information security policies and procedures as in effect on March 12, maintenance 2020. None of the Administrative Agent, the Collateral Agent, any Lender or any Group Agent shall provide any Non-Public Obligor Data to any other Lender, Group Agent, successor Collateral Agent or Administrative Agent, or any other prospective participant or assignee thereof, unless ADT shall have provided its consent thereto to the Administrative Agent. For the avoidance of doubt, once ADT provides its consent in respect of a Person, no additional ADT consent shall be required for future disclosure of Non-Public Obligor Data to such Person. Upon receipt of such consent, the Administrative Agent shall forward a copy thereof to the Lenders and transmission the Group Agents. In respect of personaleach such Person, privateADT shall provide the consent contemplated above if such Person has agreed to maintain reasonable and adequate safeguards for the protection of all Non-Public Obligor Data in a manner reasonably satisfactory to ADT. Notwithstanding anything to the contrary herein or in any other Transaction Document, health (i) subject to clause (iii) below, each ADT Entity shall be entitled to remove any Non-Public Obligor Data from any report, document or financial information about individual policyholders or benefit recipientsrequired to be delivered hereunder, including the provisions Information Package, and shall not be liable to any Person by reason thereof, (ii) delivery by the Administrative Agent or the Collateral Agent of privacy policies any notice or information required to be provided by it under which such information was gathered, those laws currently in place and which may become effective during this Agreement or the term of this Agreementother Transaction Documents, including the XxxxxInformation Package, shall not be deemed to be a breach of this Section 12.08(f), and (iii) upon request by the Collateral Agent or the Administrative Agent, each ADT Entity shall separately provide to the Collateral Agent and the Administrative Agent with each report, document and information from which any Non-XxxxxPublic Obligor Data has been removed, without such Non-Xxxxxx ActPublic Obligor Data removed; provided, that neither the Health Insurance Portability Collateral Agent nor the Administrative Agent shall provide (and Accountability Act of 1996 and shall not be deemed to be required to provide) such Non-Public Obligor Data to any other Applicable LawsLender, Group Agent, successor Collateral Agent or Administrative Agent, or any other prospective participant or assignee thereof except in accordance with this Section 12.08(f) or with ADT’s consent, and in no event shall Mizuho, as the Collateral Agent or the Administrative Agent, be obligated to provide (or be liable for not providing) any Non-Public Obligor Data to any other Person. The Administrator shall entitle Each of the Company Administrative Agent, Collateral Agent, each Lender and each Group Agent also agree that it will not, and will not permit any affiliate or representative other than the Servicer or its agents and representativesauthorized delegees to, contact any Obligor for any purpose; provided, however, that the Commissioner Administrative Agent or the Collateral Agent (or their respective agents) may contact an Obligor following an Event of Health and Human Services and such other Governmental AuthoritiesTermination, to the extent required by Applicable Lawexpressly set forth herein, to audit or if ADT is terminated as the Administrator’s compliance herewithServicer and a successor servicer is acting as servicer or a collection agent in respect of the applicable Pool Receivables. The Administrator shall also enable individual subjects of personally identifiable information, upon request from such individuals, to review and correct information maintained by the Administrator about them, and to restrict use of such information. The Administrator shall promptly report Except to the Company any violation extent expressly set forth herein following an Event of this provision Termination, each of which the Administrator becomes aware. Unless required by Applicable LawAdministrative Agent, the Administrator Collateral Agent, each Lender and each Group Agent (or their respective agents) shall not take any action to service, collect or administer any Pool Receivable during the term of period that ADT has the right to act as the Servicer under this Agreement. ADT and the Borrower shall not deliver (or instruct the Administrative Agent or the Collateral Agent to deliver) to any Lender or Group Agent any Non-Public Obligor Data in connection with the transactions contemplated hereby, modify the privacy policies under which information utilized by the Administrator in administering the Reinsured Contracts is gathered, without the Companyexcept with such Xxxxxx’s or Group Agent’s prior written consent, which consent shall not be unreasonably withheld. The parties agree to comply with the terms of the Business Associate Addendum attached hereto, if applicable, or such other written agreement as may be required by Applicable Law on the date hereof.

Privacy Requirements. In providing the Administrative Services provided for under this Agreement, and in connection with maintaining, administering, handling and transferring the data of the policyholders contractholders and other recipients of benefits under the Reinsured Contracts, the Administrator shall, and shall cause its Affiliates and any permitted Subcontractors to, comply with all confidentiality and security obligations applicable to them in connection with the collection, use, disclosure, maintenance and transmission of personal, private, health or financial information about individual policyholders contractholders or benefit recipients, including the provisions of privacy policies under which such information was gathered, those laws currently in place and which may become effective during the term of this Agreement, including the Xxxxx-Xxxxx-Xxxxxx Act, the Health Insurance Portability and Accountability Act of 1996 and any other Applicable Laws. The Administrator shall entitle the Company and its agents and representatives, the Commissioner of Health and Human Services and such other Governmental Authorities, to the extent required by Applicable Law, to audit the Administrator’s compliance herewith. The Administrator shall also enable individual subjects of personally identifiable information, upon request from such individuals, to review and correct information maintained by the Administrator about them, and to restrict use of such information. The Administrator shall promptly report to the Company any violation of this provision of which the Administrator becomes aware. Unless required by Applicable Law, the Administrator shall not during the term of this Agreement, modify the privacy policies under which information utilized by the Administrator in administering the Reinsured Contracts is gathered, without the Company’s prior written consent, which consent shall not be unreasonably withheld. The parties agree to comply with the terms of the Business Associate Addendum attached hereto, if applicable, or such other written agreement as may be required by Applicable Law on the date hereof.

Privacy Requirements. In providing the Administrative Services provided for under this Agreement, and in connection with maintaining, administering, handling and transferring the data of the policyholders and other recipients of benefits under the Reinsured ContractsNovated Policies, the Administrator shall, and shall cause its Affiliates and any permitted Subcontractors to, comply with all confidentiality and security obligations applicable to them in connection with the collection, use, disclosure, maintenance and transmission of personal, private, health or financial information about individual policyholders or benefit recipients, including the provisions of privacy policies under which such information was gathered, those laws currently in place and which may become effective during the term of this Agreement, including the Xxxxx-Xxxxx-Xxxxxx Act, the Health Insurance Portability and Accountability Act of 1996 and any other Applicable Laws. The Administrator shall entitle the Company and its agents and representatives, the Commissioner of Health and Human Services and such other Governmental Authorities, to the extent required by Applicable Law, to audit the Administrator’s compliance herewith. The Administrator shall also enable individual subjects of personally identifiable information, upon request from such individuals, to review and correct information maintained by the Administrator about them, and to restrict use of such information. The Administrator shall promptly report to the Company any violation of this provision of which the Administrator becomes aware. Unless required by Applicable Law, the Administrator shall not during the term of this Agreement, modify the privacy policies under which information utilized by the Administrator in administering the Reinsured Contracts Novated Policies is gathered, without the Company’s prior written consent, which consent shall not be unreasonably withheld. The parties agree to comply with the terms of the Business Associate Addendum attached hereto, if applicable, hereto or such other written agreement as may be required by Applicable Law on the date hereof.

Privacy Requirements. In providing the Administrative Services provided for under this Agreement, and in connection with maintaining, administering, handling and transferring the data of the policyholders and other recipients of benefits under the Reinsured Insurance Contracts, the Administrator shall, and shall cause its Affiliates and any permitted Subcontractors to, comply with all confidentiality and security obligations applicable to them them, in connection with the collection, use, disclosure, maintenance and transmission of personal, private, health or financial information about individual policyholders or benefit recipients, including the provisions of privacy policies under which such information was gathered, those laws currently in place and which may become effective during the term of this Agreement, including the Xxxxx-Xxxxx-Xxxxxx Act, the Health Insurance Portability and Accountability Act of 1996 and any other Applicable Laws. The Administrator shall entitle the Company and its agents and representatives, the Commissioner of Health and Human Services and such other Governmental Authorities, Authorities to the extent required by Applicable Law, to audit the Administrator’s compliance herewith. The Administrator shall also enable individual subjects of personally identifiable information, upon request from such individuals, to review and correct information maintained by the Administrator about them, and to restrict use of such information. The Administrator shall promptly report to the Company any violation of this provision of which the Administrator becomes aware. Unless required by Applicable Law, the Administrator shall not during the term of this Agreement, modify the privacy policies under which information utilized by the Administrator in administering the Reinsured Insurance Contracts is gathered, without the Company’s prior written consent, which consent shall not be unreasonably withheld. The parties hereto agree to comply with the terms of the Business Associate Addendum attached as Schedule B hereto, if applicable, or such other written agreement as may be required by Applicable Law on the date hereof.

Privacy Requirements. (a) In providing the Administrative Services provided for under this AgreementServices, and in connection with maintaining, administering, handling and transferring the data of the policyholders Contract Holders, Customers and other recipients of benefits loss payments under the Reinsured Administered Contracts, the Administrator shall, and shall cause its Affiliates and any permitted Subcontractors to, comply in all material respects with all applicable confidentiality and security obligations applicable to them in connection with the collection, use, disclosure, maintenance and transmission of personal, private, health or financial information about individual policyholders insureds, enrolled beneficiaries or benefit recipientsloss payment recipients (collectively “Nonpublic Personal Information”), including that arise under (i) those Laws applicable to the provisions of privacy policies under which such information was gathered, those laws Company that are currently in place and or which may become effective during the term of this Administrative Services Agreement, including the Xxxxx-Xxxxx-Xxxxxx Act, Act and the Standards for Privacy of Individually Identifiable Health Information and all other privacy or security regulations promulgated by the U.S. Department of Health and Human Services pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), and any other Applicable Laws(ii) the privacy policies of the Company attached as Exhibit 13.3(a) (the “Privacy Policies”), as such policies may be amended with the Administrator’s prior written consent from time to time. The Administrator shall entitle permit the Company and its agents and representatives, Secretary of the Commissioner U.S. Department of Health and Human Services and such other Governmental Authorities, to the extent required by Applicable Law, Entities to audit the Administrator’s compliance herewith. . (b) The Administrator shall also enable individual subjects of personally identifiable information, upon request from such individuals, to review and correct information maintained by the Administrator about them, and to restrict use of such information. . (c) The Administrator shall promptly report to the Company any violation of this provision Section 13.3 of which the Administrator becomes aware. Unless required by Applicable Law, the The Administrator shall not during the term of this Agreement, Administrative Services Agreement modify the privacy policies Privacy Policies under which information utilized by the Administrator in administering the Reinsured Administered Contracts is gathered, gathered without the Company’s prior written consent. (d) The Administrator will for so long as it retains Nonpublic Personal Information, which consent shall not be unreasonably withheld. The parties agree maintain adequate administrative, technical and physical safeguards in accordance with standards maintained by the Company immediately prior to comply with the terms Effective Date (taking into account the winding up and running out of the Business as contemplated under the Business Transition Agreement): (1) to insure the integrity, security and confidentiality of Nonpublic Personal Information and Customer records and information, (2) to protect against any anticipated threats or hazards to the integrity, security or confidentiality of such records, and (3) to protect against unauthorized access to or use of such records or information. (e) As the Administrator is a Business Associate Addendum of the Company (as defined by HIPAA and its implementing privacy regulations at 45 C.F.R. Parts 160 and 164, subparts A and E, and security regulations at 45 C.F.R. 160, 162 and 164, subpart C), simultaneously with the execution of this Administrative Services Agreement, the Administrator shall execute the business associate agreement attached hereto, if applicable, or such other written agreement as may be required by Applicable Law on the date hereofExhibit 13.3(e).

Privacy Requirements. In providing This paragraph sets forth the Administrative Services Bank’s obligation to maintain the confidentiality of certain information that may be provided for to the Bank or its Affiliates by or on your behalf that must be kept confidential under this Agreement, and in connection with maintaining, administering, handling and transferring the data (i) Section 504 of the policyholders and other recipients of benefits under the Reinsured Contracts, the Administrator shall, and shall cause its Affiliates and any permitted Subcontractors to, comply with all confidentiality and security obligations applicable to them in connection with the collection, use, disclosure, maintenance and transmission of personal, private, health or financial information about individual policyholders or benefit recipients, including the provisions of privacy policies under which such information was gathered, those laws currently in place and which may become effective during the term of this Agreement, including the XxxxxGxxxx-Xxxxx-Xxxxxx Financial Services Modernization Act (the “Act”); (ii) requirements adopted by the Securities Exchange Commission pursuant to Regulation S-P and/or the comparable provisions of other applicable regulations under the Act; (iii) applicable State laws or regulations, as permitted by Section 507 of the Act; and (iv) any amendments or revisions to any of the foregoing (collectively, the Health Insurance Portability “Privacy Requirements”). The definitions in Regulation S-P shall apply to capitalized terms used in this paragraph and Accountability Act not otherwise defined in this Master Agreement. If the Bank or its Affiliates were to receive Non-Public Personally Identifiable Financial Information from or on behalf of 1996 your customer, then the Bank will maintain the confidentiality of such Non-Public Personally Identifiable Financial Information, and not to disclose that information, except to the extent that such disclosure is expressly permitted by the Privacy Requirements. Non-Public Personal Financial Information of your customer will not be used by the Bank except as expressly permitted by the Privacy Requirements, taking into consideration the purposes for which such information has been provided to the Bank. In the event of any conflicts between the provisions of this paragraph and any other Applicable Lawsprovisions of this Master Agreement or any other agreement between the parties, the provisions of this paragraph shall control. The Administrator shall entitle Bank’s obligations under this paragraph will continue until (a) the Company and its agents and representatives, Bank has returned all Customer Information to you; (b) the Commissioner of Health and Human Services and Bank has destroyed such other Governmental Authorities, to the extent required by Applicable Law, to audit the Administrator’s compliance herewith. The Administrator shall also enable individual subjects of personally identifiable information, upon request from such individuals, to review and correct information maintained by the Administrator about them, and to restrict use of such information. The Administrator shall promptly report to the Company any violation of this provision of which the Administrator becomes aware. Unless required by Applicable Law, the Administrator shall not during the term of this Agreement, modify the privacy policies under which information utilized by the Administrator Customer Information in administering the Reinsured Contracts is gathered, without the Company’s prior written consent, which consent shall not be unreasonably withheld. The parties agree to comply accordance with the terms of this Master Agreement; (c) you advise the Business Associate Addendum attached heretoBank that the undertaking in this paragraph is either (i) no longer required under applicable Privacy Requirements; or (ii) the obligations created under this paragraph are enforced under a successor agreement. We will notify you within five (5) Banking Days after we discover a violation by the Bank, if applicableits employees, or such other written agreement as may be its third party service providers of this paragraph, and we will cooperate with you in taking any corrective action required by Applicable Law on under the date hereofcircumstances.

Privacy Requirements. In providing the Administrative Services provided for under this Agreement, and in connection with maintaining, administering, handling and transferring the data of the policyholders contractholders and other recipients of benefits under the Reinsured Contracts, the Administrator shall, and shall cause its Affiliates and any permitted Subcontractors to, comply with all confidentiality and security obligations applicable to them in connection with the collection, use, disclosure, maintenance and transmission of personal, private, health or financial information about individual policyholders contractholders or benefit recipients, including the provisions of privacy policies under which such information was gathered, those laws currently in place and which may become effective during the term of this Agreement, including the XxxxxGxxxx-Xxxxx-Xxxxxx Act, the Health Insurance Portability and Accountability Act of 1996 and any other Applicable Laws. The Administrator shall entitle the Company and its agents and representatives, the Commissioner of Health and Human Services and such other Governmental Authorities, to the extent required by Applicable Law, to audit the Administrator’s compliance herewith. The Administrator shall also enable individual subjects of personally identifiable information, upon request from such individuals, to review and correct information maintained by the Administrator about them, and to restrict use of such information. The Administrator shall promptly report to the Company any violation of this provision of which the Administrator becomes aware. Unless required by Applicable Law, the Administrator shall not during the term of this Agreement, modify the privacy policies under which information utilized by the Administrator in administering the Reinsured Contracts is gathered, without the Company’s prior written consent, which consent shall not be unreasonably withheld. The parties agree to comply with the terms of the Business Associate Addendum attached hereto, if applicable, or such other written agreement as may be required by Applicable Law on the date hereof.

Privacy Requirements. In providing Notwithstanding anything to the Administrative Services provided for under contrary in this Agreement, and in connection with maintainingXxxxxx, administering, handling and transferring the data of the policyholders and other recipients of benefits under the Reinsured Contractsas Administrative Agent, the Administrator shallCollateral Agent, Lender and Group Agent agrees that it is, and shall cause its Affiliates will remain, in compliance with the Privacy Requirements, will not utilize, and will not permit any permitted Subcontractors toaffiliate or any representative to utilize, comply with all confidentiality and security obligations applicable to them Non-Public Obligor Data for any purpose not in connection with the collectiontransactions contemplated under this Agreement or the related Transaction Documents, useand will maintain reasonable and adequate safeguards for the protection of all Non-Public Obligor Data, disclosurein accordance with its internal privacy Compass and as required by the Privacy Requirements and other applicable Law. Xxxxxx has provided Compass with a true and correct copy of its information security policies and procedures as in effect on March 12, maintenance 2020. None of the Administrative Agent, the Collateral Agent, any Lender or any Group Agent shall provide any Non-Public Obligor Data to any other Lender, Group Agent, successor Collateral Agent or Administrative Agent, or any other prospective participant or assignee thereof, unless Compass shall have provided its consent thereto to the Administrative Agent. For the avoidance of doubt, once Compass provides its consent in respect of a Person, no additional Compass consent shall be required for future disclosure of Non-Public Obligor Data to such Person. Upon receipt of such consent, the Administrative Agent shall forward a copy thereof to the Lenders and transmission the Group Agents. In respect of personaleach such Person, privateCompass shall provide the consent contemplated above if such Person has agreed to maintain reasonable and adequate safeguards for the protection of all Non-Public Obligor Data in a manner reasonably satisfactory to Compass. Notwithstanding anything to the contrary herein or in any other Transaction Document, health (i) subject to clause (iii) below, each ADT Entity shall be entitled to remove any Non-Public Obligor Data from any report, document or financial information about individual policyholders or benefit recipientsrequired to be delivered hereunder, including the provisions Information Package, and shall not be liable to any Person by reason thereof, (ii) delivery by the Administrative Agent or the Collateral Agent of privacy policies any notice or information required to be provided by it under which such information was gathered, those laws currently in place and which may become effective during this Agreement or the term of this Agreementother Transaction Documents, including the XxxxxInformation Package, shall not be deemed to be a breach of this Section 12.08(f), and (iii) upon request by the Collateral Agent or 751499193.15 22727329 134 the Administrative Agent, each ADT Entity shall separately provide to the Collateral Agent and the Administrative Agent with each report, document and information from which any Non-XxxxxPublic Obligor Data has been removed, without such Non-Xxxxxx ActPublic Obligor Data removed; provided, that neither the Health Insurance Portability Collateral Agent nor the Administrative Agent shall provide (and Accountability Act of 1996 and shall not be deemed to be required to provide) such Non-Public Obligor Data to any other Applicable LawsLender, Group Agent, successor Collateral Agent or Administrative Agent, or any other prospective participant or assignee thereof except in accordance with this Section 12.08(f) or with Compass’s consent, and in no event shall Mizuho, as the Collateral Agent or the Administrative Agent, be obligated to provide (or be liable for not providing) any Non-Public Obligor Data to any other Person. The Administrator shall entitle Each of the Company Administrative Agent, Collateral Agent, each Lender and each Group Agent also agree that it will not, and will not permit any affiliate or representative other than the Servicer or its agents and representativesauthorized delegees to, contact any Obligor for any purpose; provided, however, that the Commissioner Administrative Agent or the Collateral Agent (or their respective agents) may contact an Obligor following an Event of Health and Human Services and such other Governmental AuthoritiesTermination, to the extent required by Applicable Lawexpressly set forth herein, to audit or if Compass is terminated as the Administrator’s compliance herewithServicer and a successor servicer is acting as servicer or a collection agent in respect of the applicable Pool Receivables. The Administrator shall also enable individual subjects of personally identifiable information, upon request from such individuals, to review and correct information maintained by the Administrator about them, and to restrict use of such information. The Administrator shall promptly report Except to the Company any violation extent expressly set forth herein following an Event of this provision Termination, each of which the Administrator becomes aware. Unless required by Applicable LawAdministrative Agent, the Administrator Collateral Agent, each Lender and each Group Agent (or their respective agents) shall not take any action to service, collect or administer any Pool Receivable during the term of period that Compass has the right to act as the Servicer under this Agreement. Compass and the Borrower shall not deliver (or instruct the Administrative Agent or the Collateral Agent to deliver) to any Lender or Group Agent any Non-Public Obligor Data in connection with the transactions contemplated hereby, modify the privacy policies under which information utilized by the Administrator in administering the Reinsured Contracts is gathered, without the Companyexcept with such Xxxxxx’s or Group Agent’s prior written consent, which consent shall not be unreasonably withheld. The parties agree to comply with the terms of the Business Associate Addendum attached hereto, if applicable, or such other written agreement as may be required by Applicable Law on the date hereof.

Privacy Requirements. In providing the Administrative Services provided for under this Agreement, and in connection with maintaining, administering, handling and transferring the data of the policyholders and other recipients of benefits under the Reinsured Contracts, the Administrator shall, and shall cause its Affiliates and any permitted Subcontractors to, comply with all confidentiality and security obligations applicable to them in connection with the collection, use, disclosure, maintenance and transmission of personal, private, health or financial information about individual policyholders or benefit recipients, including the provisions of privacy policies under which such information was gathered, those laws currently in place and which may become effective during the term of this Agreement, including the XxxxxGxxxx-Xxxxx-Xxxxxx Act, the Health Insurance Portability and Accountability Act of 1996 and any other Applicable Laws. The Administrator shall entitle the Company and its agents and representatives, the Commissioner of Health and Human Services and such other Governmental Authorities, to the extent required by Applicable Law, to audit the Administrator’s compliance herewith. The Administrator shall also enable individual subjects of personally identifiable information, upon request from such individuals, to review and correct information maintained by the Administrator about them, and to restrict use of such information. The Administrator shall promptly report to the Company any violation of this provision of which the Administrator becomes aware. Unless required by Applicable Law, the Administrator shall not during the term of this Agreement, modify the privacy policies under which information utilized by the Administrator in administering the Reinsured Contracts is gathered, without the Company’s prior written consent, which consent shall not be unreasonably withheld. The parties agree to comply with the terms of the Business Associate Addendum attached hereto, if applicable, or such other written agreement as may be required by Applicable Law on the date hereof.

Privacy Requirements. (a) In providing the Administrative Services provided for under this Agreement, and in connection with maintaining, administering, handling and transferring the data of the policyholders Policyholder and other recipients of benefits loss payments under the Reinsured ContractsPolicies, the Administrator shall, and shall cause its Affiliates and any permitted Subcontractors to, comply in all material respects with all confidentiality and security obligations applicable to them in connection with the collection, use, disclosure, maintenance and transmission of personal, private, health or financial information about individual policyholders Policyholders or benefit loss payment recipients, including the provisions of privacy policies under which such information was gathered, those laws currently in place and which may become effective during the term of this Agreement, including the Xxxxx-Xxxxx-Xxxxxx Act, the Health Insurance Portability and Accountability Act of 1996 1996, New York Department of Financial Services Insurance Regulation No. 173, and any other Applicable Laws. The Administrator shall entitle the Company and its agents and representatives, the Commissioner of Health and Human Services and such other Governmental Authorities, to the extent required by Applicable Law, to audit the Administrator’s compliance herewith. The To the extent required by Applicable Law, the Administrator shall also enable individual subjects of personally identifiable information, upon request from such individuals, to review and correct information maintained by the Administrator about them, and to restrict use of such information. The Administrator shall promptly report to the Company any violation of this provision Section 15.1 of which the Administrator becomes aware. Unless required by Applicable Law, the Administrator shall not during the term of this Agreement, Agreement modify the privacy policies under which information utilized by the Administrator in administering the Reinsured Contracts Policies is gathered, without the Company’s prior written consent, which consent shall not be unreasonably withheld, conditioned or delayed. (b) The Administrator shall implement and maintain appropriate measures designed to meet the objectives of the New York Department of Financial Services Insurance Regulation No. 173 with respect to safeguarding the Company’s customer information and customer information systems. The parties agree to comply with Administrator shall adjust its information security program at the terms request of the Business Associate Addendum attached heretoCompany for any relevant changes dictated by the Company’s assessment of risk around its customer information and customer information systems. Confirming evidence that the Administrator has satisfied its obligations under this Agreement shall be made available, if applicableduring normal business hours, or such other written agreement as may be required for inspection by Applicable Law on the date hereofCompany, anyone authorized by the Company, and any Governmental Authority that has regulatory authority over the Company’s business activities.

Privacy Requirements. In providing the Administrative Services administrative services provided for under this Agreement, and in connection with maintaining, administering, handling and transferring the data of the policyholders and other recipients of benefits under the Reinsured ContractsPolicies, the Administrator Company shall, and shall cause its Affiliates and any permitted Subcontractors subcontractor to, comply with all confidentiality and security obligations applicable to them in connection with the collection, use, disclosure, maintenance and transmission of personal, private, health or financial information about individual policyholders or benefit recipients, including the provisions of privacy policies under which such information was gathered, those laws currently in place and which may become effective during the term of this Agreement, including the Xxxxx-Xxxxx-Xxxxxx Act, the Health Insurance Portability and Accountability Act of 1996 and any other Applicable Laws. The Administrator Company shall entitle the Company Reinsurer and its agents and representatives, the Commissioner of Health and Human Services and such other Governmental Authorities, to the extent required by Applicable Law, to audit the AdministratorCompany’s compliance herewith. The Administrator Company shall also enable individual subjects of personally identifiable information, upon request from such individuals, to review and correct information maintained by the Administrator Company about them, and to restrict use of such information. The Administrator Company shall promptly report to the Company Reinsurer any violation of this provision of which the Administrator Company becomes aware. Unless required by Applicable Law, the Administrator Company shall not during the term of this Agreement, modify the privacy policies under which information utilized by the Administrator Company in administering the Reinsured Contracts Policies is gathered, without the CompanyReinsurer’s prior written consent, which consent shall not be unreasonably withheld. The parties hereto agree to comply with the terms of the Business Associate Addendum attached hereto, if applicable, or such other written agreement as may be required by Applicable Law on the date hereof.

Privacy Requirements. In providing Notwithstanding anything to the Administrative Services provided for under contrary in this Agreement, and in connection with maintainingMizuho, administering, handling and transferring the data of the policyholders and other recipients of benefits under the Reinsured Contractsas Administrative Agent, the Administrator shallCollateral Agent, Lender and Group Agent agrees that it is, and shall cause its Affiliates will remain, in compliance with the Privacy Requirements, will not utilize, and will not permit any permitted Subcontractors toaffiliate or any representative to utilize, comply with all confidentiality and security obligations applicable to them Non-Public Obligor Data for any purpose not in connection with the collectiontransactions contemplated under this Agreement or the related Transaction Documents, useand will maintain reasonable and adequate safeguards for the protection of all Non-Public Obligor Data, disclosurein accordance with its internal privacy policies and as required by the Privacy Requirements and other applicable Law. Mizuho has provided ADT with a true and correct copy of its information security policies and procedures as in effect on March 12, maintenance 2020. None of the Administrative Agent, the Collateral Agent, any Lender or any Group Agent shall provide any Non-Public Obligor Data to any other Lender, Group Agent, successor Collateral Agent or Administrative Agent, or any other prospective participant or assignee thereof, unless ADT shall have provided its consent thereto to the Administrative Agent. For the avoidance of doubt, once ADT provides its consent in respect of a Person, no additional ADT consent shall be required for future disclosure of Non-Public Obligor Data to such Person. Upon receipt of such consent, the Administrative Agent shall forward a copy thereof to the Lenders and transmission the Group Agents. In respect of personaleach such Person, privateADT shall provide the consent contemplated above if such Person has agreed to maintain reasonable and adequate safeguards for the protection of all Non-Public Obligor Data in a manner reasonably satisfactory to ADT. Notwithstanding anything to the contrary herein or in any other Transaction Document, health (i) subject to clause (iii) below, each ADT Entity shall be entitled to remove any Non-Public Obligor Data from any report, document or financial information about individual policyholders or benefit recipientsrequired to be delivered hereunder, including the provisions Information Package, and shall not be liable to any Person by reason thereof, (ii) delivery by the Administrative Agent or the Collateral Agent of privacy policies any notice or information required to be provided by it under which such information was gathered, those laws currently in place and which may become effective during this Agreement or the term of this Agreementother Transaction Documents, including the XxxxxInformation Package, shall not be deemed to be a breach of this Section 12.08(f), and (iii) upon request by the Collateral Agent or the Administrative Agent, each ADT Entity shall separately provide to the Collateral Agent and the Administrative Agent with each report, document and information from which any Non-XxxxxPublic Obligor Data has been removed, without such Non-Xxxxxx ActPublic Obligor Data removed; provided, that neither the Health Insurance Portability Collateral Agent nor the Administrative Agent shall provide (and Accountability Act of 1996 and shall not be deemed to be required to provide) such Non-Public Obligor Data to any other Applicable LawsLender, Group Agent, successor Collateral Agent or Administrative Agent, or any other prospective participant or assignee thereof except in accordance with this Section 12.08(f) or with ADT’s consent, and in no event shall Mizuho, as the Collateral Agent or the Administrative Agent, be obligated to provide (or be liable for not providing) any Non-Public Obligor Data to any other Person. The Administrator shall entitle Each of the Company Administrative Agent, Collateral Agent, each Lender and each Group Agent also agree that it will not, and will not permit any affiliate or representative other than the Servicer or its agents and representativesauthorized delegees to, contact any Obligor for any purpose; provided, however, that the Commissioner Administrative Agent or the Collateral Agent (or their respective agents) may contact an Obligor following an Event of Health and Human Services and such other Governmental AuthoritiesTermination, to the extent required by Applicable Lawexpressly set forth herein, to audit or if ADT is terminated as the Administrator’s compliance herewithServicer and a successor servicer is acting as servicer or a collection agent in respect of the applicable Pool Receivables. The Administrator shall also enable individual subjects of personally identifiable information, upon request from such individuals, to review and correct information maintained by the Administrator about them, and to restrict use of such information. The Administrator shall promptly report Except to the Company any violation extent expressly set forth herein following an Event of this provision Termination, each of which the Administrator becomes aware. Unless required by Applicable LawAdministrative Agent, the Administrator Collateral Agent, each Lender and each Group Agent (or their respective agents) shall not take any action to service, collect or administer any Pool Receivable during the term of period that ADT has the right to act as the Servicer under this Agreement, modify the privacy policies under which information utilized by the Administrator in administering the Reinsured Contracts is gathered, without the Company’s prior written consent, which consent shall not be unreasonably withheld. The parties agree to comply with the terms of the Business Associate Addendum attached hereto, if applicable, or such other written agreement as may be required by Applicable Law on the date hereof.

Privacy Requirements. In providing the Administrative Services administrative services provided for under this Agreement, and in connection with maintaining, administering, handling and transferring the data of the policyholders and other recipients of benefits under the Reinsured ContractsPolicies, the Administrator Company shall, and shall cause its Affiliates and any permitted Subcontractors subcontractor to, comply with all confidentiality and security obligations applicable to them in connection with the collection, use, disclosure, maintenance and transmission of personal, private, health or financial information about individual policyholders or benefit recipients, including the provisions of privacy policies under which such information was gathered, those laws currently in place and which may become effective during the term of this Agreement, including the Xxxxx-Xxxxx-Xxxxxx Act, the Health Insurance Portability and Accountability Act of 1996 and any other Applicable Laws. The Administrator Company shall entitle the Company Reinsurer and its agents and representatives, the Commissioner of Health and Human Services and such other Governmental Authorities, to the extent required by Applicable Law, to audit the AdministratorCompany’s compliance herewith. The Administrator Company shall also enable individual subjects of personally identifiable information, upon request from such individuals, to review and correct information maintained by the Administrator Company about them, and to restrict use of such information. The Administrator Company shall promptly report to the Company Reinsurer any violation of this provision of which the Administrator Company becomes aware. Unless required by Applicable Law, the Administrator Company shall not during the term of this Agreement, modify the privacy policies under which information utilized by the Administrator Company in administering the Reinsured Contracts Policies is gathered, without the CompanyReinsurer’s prior written consent, which consent shall not be unreasonably withheld. The parties hereto agree to comply with the terms of the Business Associate Addendum attached hereto, if applicable, or such other written agreement as may be required by Applicable Law on the date hereof.. ARTICLE XVII MISCELLANEOUS PROVISIONS

Privacy Requirements. In providing the Administrative Services administrative services provided for under this Agreement, and in connection with maintaining, administering, handling and transferring the data of the policyholders and other recipients of benefits under the Reinsured ContractsPolicies, the Administrator Reinsurer shall, and shall cause its Affiliates and any permitted Subcontractors Subcontractor to, comply with all confidentiality and security obligations applicable to them in connection with the collection, use, disclosure, maintenance and transmission of personal, private, health or financial information about individual policyholders or benefit recipients, including the provisions of privacy policies under which such information was gathered, those laws currently in place and which may become effective during the term of this Agreement, including the Xxxxx-Xxxxx-Xxxxxx Act, the Health Insurance Portability and Accountability Act of 1996 and any other Applicable Laws. The Administrator Reinsurer shall entitle the Company and its agents and representatives, the Commissioner of Health and Human Services and such other Governmental Authorities, to the extent required by Applicable Law, to audit the AdministratorReinsurer’s compliance herewith. The Administrator Reinsurer shall also enable individual subjects of personally identifiable information, upon request from such individuals, to review and correct information maintained by the Administrator Reinsurer about them, and to restrict use of such information. The Administrator Reinsurer shall promptly report to the Company any violation of this provision of which the Administrator Reinsurer becomes aware. Unless required by Applicable Law, the Administrator Reinsurer shall not during the term of this Agreement, modify the privacy policies under which information utilized by the Administrator Reinsurer in administering the Reinsured Contracts Policies is gathered, without the Company’s prior written consent, which consent shall not be unreasonably withheld. The parties hereto agree to comply with the terms of the Business Associate Addendum attached hereto, if applicable, or such other written agreement as may be required by Applicable Law on the date hereof.