Processing of Personal Data 1.1. With regard to the Processing of Personal Data, You are the controller and determine the purposes and means of Processing of Personal Data You provide to Us (“Controller”) and You appoint Us as a processor (“Processor”) to process such Personal Data (hereinafter, “Data”) on Your behalf (hereinafter, “Processing”).
1.2. The details of the type and purpose of Processing are defined in the Exhibits attached hereto. Except where the DPA stipulates obligations beyond the Term of the Agreement, the duration of this DPA shall be the same as the Agreement Term.
1.3. You shall be solely responsible for compliance with Your obligations under the applicable Data Protection Laws, including, but not limited to, the lawful disclosure and transfer of Personal Data to Us by upload of source data into the Cloud Service or otherwise.
1.4. Processing shall include all activities detailed in this Agreement and the instructions issued by You. You may, in writing, modify, amend, or replace such instructions by issuing such further instructions to the point of contact designated by Us. Instructions not foreseen in or covered by the Agreement shall be treated as requests for changes. You shall, without undue delay, confirm in writing any instruction issued orally. Where We believe that an instruction would be in breach of applicable law, We shall notify You of such belief without undue delay. We shall be entitled to suspend performance on such instruction until You confirm or modify such instruction.
1.5. We shall ensure that all personnel involved in Processing of Customer Data and other such persons as may be involved in Processing shall only do so within the scope of the instructions. We shall ensure that any person Processing Customer Data is subject to confidentiality obligations similar to the confidentiality terms of the Agreement. All such confidentiality obligations shall survive the termination or expiration of such Processing.
Processing of Customer Personal Data 3.1 UKG will:
3.1.1 comply with all applicable Data Protection Laws in the Processing of Customer Personal Data; and
3.1.2 not Process Customer Personal Data other than for the purpose, and in accordance with, the relevant Customer’s instructions as documented in the Agreement and this DPA, unless Processing is required by the Data Protection Laws to which the relevant UKG Processor is subject, in which case UKG to the extent permitted by the Data Protection Laws, will inform Customer of that legal requirement before the Processing of that Customer Personal Data.
3.2 Customer hereby:
3.2.1 instructs UKG (and authorizes UKG to instruct each Subprocessor) to: (a) Process Customer Personal Data; and (b) in particular, transfer Customer Personal Data to any country or territory subject to the provisions of this DPA, in each case as reasonably necessary for the provision of the Services and consistent with the Agreement.
3.2.2 warrants and represents that it is and will at all relevant times remain duly and effectively authorized to give the instructions set out in Section 3.2.1 on behalf of each relevant Customer Affiliate; and
3.2.3 warrants and represents that it has all necessary rights in relation to the Customer Personal Data and/or has collected all necessary consents from Data Subjects to Process Customer Personal Data to the extent required by Applicable Law.
3.3 Schedule 1 to this DPA sets out certain information regarding UKG’s Processing of Customer Personal Data as required by Article 28(3) of the GDPR (and equivalent requirements of other Data Protection Laws).
Information and communication The Parties shall support the development of modern methods of information handling, including the media, and stimulate the effective mutual exchange of information. Priority shall be given to programmes aimed at providing the general public with basic information about the Community and the Republic of Azerbaijan, including, where possible, access to databases, in full respect of intellectual property rights.
Agreement Administration and Communications A. Under this Agreement, either of the representatives of the Judicial Council identified below will monitor the Work and act as the Judicial Council’s liaisons with the Contractor:
i. The Meeting Planner will be MPname.
B. The Judicial Council may reallocate funds between the estimated amounts set forth in Exhibit G, without an Amendment to this Agreement, as long as the total amount to be paid under this Agreement does not exceed the Contract Amount.
C. All requests and communications about the Work to be performed under this Agreement, including signing of any BEO’s, shall be made through the Meeting Planner or his or her designee or successor.
D. Any Notice from the Contractor to the Judicial Council shall be delivered to the following address: MP name, Meeting Planner Judicial Council of California 000 Xxxxxx Xxxx Xxxxxx Xxx Xxxxxxxxx, XX 00000-0000
E. Notice to the Contractor shall be directed to the Contractor’s liaison, Attn, or his or her designee or successor, at the following address: Attn: Ktr DifferentAddress1 DifferentAddress2
Notification of personal data breach 1. In case of any personal data breach, the data processor shall, without undue delay after having become aware of it, notify the data controller of the personal data breach.
2. The data processor’s notification to the data controller shall, if possible, take place within 24 hours after the data processor has become aware of the personal data breach to enable the data controller to comply with the data controller’s obligation to notify the personal data breach to the competent supervisory authority, cf. Article 33
Incident Event and Communications Management a. Incident Management/Notification of Breach - DST shall develop, implement and maintain an incident response plan that specifies actions to be taken when DST or one of its subcontractors suspects or detects that a party has gained material unauthorized access to Fund Data or systems or applications containing any Fund Data (the “Response Plan”). Such Response Plan shall include the following:
i. Escalation Procedures - An escalation procedure that includes notification to senior managers and appropriate reporting to regulatory and law enforcement agencies. This procedure shall provide for reporting of incidents that compromise the confidentiality of Fund Data (including backed up data) to Fund via telephone or email (and provide a confirmatory notice in writing as soon as practicable); provided that the foregoing notice obligation is excused for such period of time as DST is prohibited by law, rule, regulation or other governmental authority from notifying Fund.
ii. Incident Reporting - DST will use commercially reasonable efforts to promptly furnish to Fund information that DST has regarding the general circumstances and extent of such unauthorized access to the Fund Data.
NOTICE AND COMMUNICATION Communications regarding this Agreement shall be directed to: RIDEM Office of Compliance and Inspection 000 Xxxxxxxxx Xxxxxx Providence, RI 02908-5767 (401) 222-1360 ext. 7400 All communications regarding compliance with this Agreement shall be forwarded to the above-referenced addressees by certified mail.
Handling Sensitive Personal Information and Breach Notification A. As part of its contract with HHSC Contractor may receive or create sensitive personal information, as section 521.002 of the Business and Commerce Code defines that phrase. Contractor must use appropriate safeguards to protect this sensitive personal information. These safeguards must include maintaining the sensitive personal information in a form that is unusable, unreadable, or indecipherable to unauthorized persons. Contractor may consult the “Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals” issued by the U.S. Department of Health and Human Services to determine ways to meet this standard.
B. Contractor must notify HHSC of any confirmed or suspected unauthorized acquisition, access, use or disclosure of sensitive personal information related to this Contract, including any breach of system security, as section 521.053 of the Business and Commerce Code defines that phrase. Contractor must submit a written report to HHSC as soon as possible but no later than 10 business days after discovering the unauthorized acquisition, access, use or disclosure. The written report must identify everyone whose sensitive personal information has been or is reasonably believed to have been compromised.
C. Contractor must either disclose the unauthorized acquisition, access, use or disclosure to everyone whose sensitive personal information has been or is reasonably believed to have been compromised or pay the expenses associated with HHSC doing the disclosure if:
1. Contractor experiences a breach of system security involving information owned by HHSC for which disclosure or notification is required under section 521.053 of the Business and Commerce Code; or
2. Contractor experiences a breach of unsecured protected health information, as 45 C.F.R. §164.402 defines that phrase, and HHSC becomes responsible for doing the notification required by 45 C.F.R. §164.404. HHSC may, at its discretion, waive Contractor's payment of expenses associated with HHSC doing the disclosure.
Electronic and Information Resources Accessibility and Security Standards a. Applicability: The following Electronic and Information Resources (“EIR”) requirements apply to the Contract because the Grantee performs services that include EIR that the System Agency's employees are required or permitted to access or members of the public are required or permitted to access. This Section does not apply to incidental uses of EIR in the performance of the Agreement, unless the Parties agree that the EIR will become property of the State of Texas or will be used by HHSC’s clients or recipients after completion of the Agreement. Nothing in this section is intended to prescribe the use of particular designs or technologies or to prevent the use of alternative technologies, provided they result in substantially equivalent or greater access to and use of a Product.
Communications and Computer Lines Tenant may install, maintain, replace, remove or use any communications or computer wires and cables (collectively, the “Lines”) at the Project in or serving the Premises, provided that (i) Tenant shall obtain Landlord’s prior written consent to the installation of any such Lines (such consent not to be unreasonably withheld), use an experienced and qualified contractor approved in writing by Landlord (such approval not to be unreasonably withheld), and comply with all of the other provisions of Articles 7 and 8 of this Lease, (ii) an acceptable amount of space for additional Lines shall be maintained for future occupants of the Project, as determined in Landlord’s reasonable opinion, (iii) the Lines (including riser cables) shall be appropriately insulated to prevent excessive electromagnetic fields or radiation, and shall be surrounded by a protective conduit reasonably acceptable to Landlord, (iv) any Lines servicing the Premises shall comply with all Applicable Laws, (v) as a condition to permitting the installation of new Lines, Landlord may require that Tenant remove existing Lines located in or serving the Premises that will no longer be used by Tenant and repair any damage in connection with such removal, and (vi) Tenant shall pay all costs in connection therewith. Landlord reserves the right to require that Tenant remove any Lines located in or serving the Premises which are installed in violation of these provisions, or which are at any time in violation of any Applicable Laws or represent a dangerous or potentially dangerous condition. Upon the expiration of the Lease Term, or immediately following any earlier termination of this Lease, Tenant shall, at Tenant’s sole cost and expense, remove all Lines installed by Tenant, and repair any damage caused by such removal.
