Safeguards Business Associate, its Agent(s) and Subcontractor(s) shall implement and use appropriate safeguards to prevent the use or disclosure of PHI other than as provided for by this Agreement. With respect to any PHI that is maintained in or transmitted by electronic media, Business Associate or its Subcontractor(s) shall comply with 45 CFR sections 164.308 (administrative safeguards), 164.310 (physical safeguards), 164.312 (technical safeguards) and 164.316 (policies and procedures and documentation requirements). Business Associate or its Agent(s) and Subcontractor(s) shall identify in writing upon request from Covered Entity all of the safeguards that it uses to prevent impermissible uses or disclosures of PHI.
Security Safeguards Contractor shall store and process District Data in accordance with commercial best practices, including implementing appropriate administrative, physical, and technical safeguards that are no less rigorous than those outlined in SANS Top 20 Security Controls, as amended, to secure such data from unauthorized access, disclosure, alteration, and use. Contractor shall ensure that all such safeguards, including the manner in which District Data is collected, accessed, used, stored, processed, disposed of and disclosed, comply with all applicable federal and state data protection and privacy laws, regulations and directives, including without limitation C.R.S. § 00-00-000 et seq., as well as the terms and conditions of this Addendum. Without limiting the foregoing, and unless expressly agreed to the contrary in writing, Contractor warrants that all electronic District Data will be encrypted in transmission and at rest in accordance with NIST Special Publication 800-57, as amended.
PERSONAL DATA PROTECTION ACT 7.1. PAH is committed to protecting the privacy, confidentiality and security of all personal data to which it is entrusted. It has been our policy to ensure your personal information are protected. With the introduction of the Malaysian Personal Data Protection Act 2010 ("PDPA"), we are even committed to ensure the privacy and confidentiality and security of all personal data are protected in line with the PDPA. We process personal data which you have provided to us voluntarily through our website upon your registration and this includes personal data such as your name, address, NRIC and contact details. In this regards, you have expressly consent to our processing of your personal data. If you give us personal data or information about another person, you must first confirm that he/she has appointed you to act for him/her, to consent to the processing of his/her personal data and to receive on his/her behalf any data protection notices. We may request your assistance to procure the consent of such persons whose personal data is provided by you to us and you agree to do so. You shall indemnify us in the event we suffer loss and damage as a result of your failure to comply with the same. We will only retain your personal data for as long as necessary for the fulfilment of the specified purposes or as legislated 7.2. E-Bidders shall be responsible for the confidentiality and use of password and not to reveal the password to anyone at any time and under any circumstances whether intentionally or unintentionally. 7.3. E-Bidders agree to comply with all the security measures related to safety of the password or generally in respect of the use of the service. In the event that the password is compromised, the E-Bidders shall immediately notify PAH.
HEALTH AND SAFETY 25.01 The Employer is subject to the provisions of the Occupational Health and Safety Act of the Province of Ontario and its regulations, including the provision that calls for a worker representative selected by the Union on the University Joint Health and Safety Committees. It is agreed that the University and the Union will cooperate to the fullest possible extent in the prevention of accidents and the promotion of safety and health at University workplaces. To this end, the parties acknowledge and agree that all University Employees on University and third-party premises where Employees work, are required to comply with work- site specific policies, procedures, regulations, and standards relating to health and safety. 25.02 The Employer recognizes the right of workers to be informed about hazards in the workplace, to be provided with appropriate training, and the right to refuse unsafe work in accordance with the Occupational Health and Safety Act where there is an immediate danger to the Employee’s health and safety or to the health and safety of others. 25.03 The Union will select a worker representative for each applicable Joint Health and Safety Committee formed under the Occupational Health and Safety Act. Time spent attending meetings of the Committee or carrying out duties as a worker representative shall be considered time worked. 25.04 A worker representative on a Joint Health and Safety Committee may become a certified worker representative on the Committee. The University will provide the required training for certification at no cost to the Employee or the Union. Time spent in such training shall be considered time worked, as outlined in Article 13 – Hours of Work and Overtime. 25.05 When a worker representative on a Joint Health and Safety Committee ceases to be employed in the Bargaining Unit, he/she will cease to be a worker representative on the Committee. 25.06 The University will supply, and Employees will wear and/or utilize, personal protective equipment and the other devices that the University requires Employees to wear and/or utilize. 25.07 The Employer shall provide information, training and supervision to an Employee to protect the health and safety of that Employee. With reference to Article 13, time spent in such training shall be considered time worked, as outlined in Article 13 – Hours of Work and Overtime. 25.08 The name and contact information of the Health and Safety Officer in each Academic Unit shall be posted in the Department/Academic Unit. 25.09 In accordance with the Occupational Health and Safety Act, persons with authority in the workplace, including any Employees, shall ensure that persons under their authority are informed of health and safety hazards, and advised of policies and procedures associated with the safe handling of materials and equipment.
Technical Safeguards 1. USAC and DSS will process the data matched and any data created by the match under the immediate supervision and control of authorized personnel to protect the confidentiality of the data, so unauthorized persons cannot retrieve any data by computer, remote terminal, or other means. 2. USAC and DSS will strictly limit authorization to these electronic data areas necessary for the authorized user to perform their official duties. All data in transit will be encrypted using algorithms that meet the requirements of the Federal Information Processing Standard (FIPS) Publication 140-2 or 140-3 (when applicable). 3. Authorized system users will be identified by User ID and password, and individually tracked to safeguard against the unauthorized access and use of the system. System logs of all user actions will be saved, tracked and monitored periodically. 4. USAC will transmit data to DSS via encrypted secure file delivery system. For each request, a response will be sent back to USAC to indicate success or failure of transmission.
Third-Party Information; Privacy or Data Protection Laws Each Party acknowledges that it and its respective Subsidiaries may presently have and, after the Effective Time, may gain access to or possession of confidential or proprietary Information of, or personal Information relating to, Third Parties: (i) that was received under confidentiality or non-disclosure agreements entered into between such Third Parties, on the one hand, and the other Party or the other Party’s Subsidiaries, on the other hand, prior to the Effective Time or (ii) that, as between the two parties, was originally collected by the other Party or the other Party’s Subsidiaries and that may be subject to and protected by privacy, data protection or other applicable Laws. Each Party agrees that it shall hold, protect and use, and shall cause its Subsidiaries and its and their respective Representatives to hold, protect and use, in strict confidence the confidential and proprietary Information of, or personal Information relating to, Third Parties in accordance with privacy, data protection or other applicable Laws and the terms of any agreements that were either entered into before the Effective Time or affirmative commitments or representations that were made before the Effective Time by, between or among the other Party or the other Party’s Subsidiaries, on the one hand, and such Third Parties, on the other hand.
Protection The Asset Representations Reviewer will take reasonable measures to protect the secrecy of and avoid disclosure and unauthorized use of Confidential Information, including those measures that it takes to protect its own confidential information and not less than a reasonable standard of care. The Asset Representations Reviewer acknowledges that Personally Identifiable Information is also subject to the additional requirements in Section 4.09.
Environment, Health, and Safety (a) To the Knowledge of AIDEA and the Acquired Companies, except as disclosed in Disclosure Schedules 3.16(b), (d), and (e), the Acquired Companies have complied with all Environmental, Health, and Safety Laws. No action, suit, proceeding, hearing, investigation, charge, complaint, claim, demand, or notice has been filed or commenced against any of the Acquired Companies alleging any failure to so comply. Without limiting the generality of the preceding sentence, the Acquired Companies, to the Knowledge of AIDEA and the Acquired Companies, have obtained and been in compliance with all of the terms and conditions of all permits, licenses, and other authorizations that are required under, and have complied with all other limitations, restrictions, conditions, standards, prohibitions, requirements, obligations, schedules, and timetables that are contained in, all Environmental, Health, and Safety Laws. (b) Except as disclosed in Disclosure Schedule 3.16(b), neither the Acquired Companies nor AIDEA with respect to the Acquired Companies, to the Knowledge of AIDEA and the Acquired Companies, has any Liability arising out of events or circumstances occurring under any Environmental, Health, and Safety Laws for contamination of, damage to, or polluting any site, location, property, natural resources, the air, or any body of water (surface or subsurface), or for any illness of, or personal injury to, or death of, any employee or other individual related to the foregoing. (c) To the Knowledge of AIDEA and the Acquired Companies, all equipment and personal property owned, leased, or used in the Operations are and have been free of hydrocarbon contamination, asbestos, PCBs, dioxins, and any other hazardous, toxic, radioactive, or dangerous substances, except for the liquefied natural gas and compressed natural gas the Acquired Companies produce, store, and handle, and except for the fuel, lubricants, refrigerants, and solvents that are used in the ordinary course of business in conducting the Operations. The liquefied natural gas and compressed natural gas of the Acquired Companies, and the fuel, lubricants, refrigerants, and solvents used in its Operations, have all been stored, handled, transported, used, and disposed of in accordance with all Environmental, Health, and Safety Laws and consistent with all standard industry practices. (d) Except as disclosed on Disclosure Schedule 3.16(d), all real property the Acquired Companies owns is, to the Knowledge of AIDEA and the Acquired Companies, free from contamination by any substance regulated under, or defined as or considered “hazardous” or “toxic” or “radioactive” or “contamination” or “pollution” under, any Environmental, Health, and Safety Laws, including but not limited to hydrocarbons, asbestos, PCBs, and dioxins. AIDEA has provided IGU with true and complete copies of all environmental assessments, studies, and reports (1) of which AIDEA and the Acquired Companies have Knowledge and (2) that reference the real property any of the Acquired Companies owns, leases, or uses. Although neither AIDEA nor the Acquired Companies has conducted any environmental assessments regarding the leased real property used by the Acquired Companies, neither AIDEA nor the Acquired Companies has Knowledge of any environmental contamination on or under the portions of any leased or used real property where any of the Operations have been conducted. (e) Except as disclosed on Disclosure Schedule 3.16(e), neither the Acquired Companies nor AIDEA has Knowledge of any leak, spill, release, discharge, or disposal of any substance regulated under, or defined as or considered “hazardous” or “toxic” or “radioactive” or “contamination” or “pollution” under any Environmental, Health, and Safety Laws that has occurred on, in, or under the real property any of the Acquired Companies owns, leases, or uses, or has ever owned, leased, or used, in conducting the Operations, that was reportable or should have been reported to any government or governmental agency, or that was or could have been subject to clean up or remediation, under any Environmental, Health, and Safety Laws. (f) Except as disclosed on Disclosure Schedule 3.16(f), to the Knowledge of AIDEA and the Acquired Companies, there is no underground storage tank present on any real property any of the Acquired Companies owns, leases, or uses or has owned, leased or used, in conducting the Operations.
Protection of Third Parties No person (including a purchaser) dealing with the Agent or a Receiver or its or his agents will be concerned to enquire: (a) whether the Secured Liabilities have become payable; (b) whether any power which the Agent or a Receiver is purporting to exercise has become exercisable or is being properly exercised; (c) whether any money remains due under the Finance Documents; or (d) how any money paid to the Agent or to that Receiver is to be applied.
Data Protection Act 7.1 With respect to the parties' rights and obligations under this Contract, the parties agree that the Department is the Data Controller and that the Contractor is the Data Processor. 7.2 The Contractor shall: 7.2.1 Process the Personal Data only in accordance with instructions from the Department (which may be specific instructions or instructions of a general nature as set out in this Contract or as otherwise notified by the Department to the Contractor during the Term); 7.2.2 Process the Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services or as is required by Law or any Regulatory Body; 7.2.3 The Contractor shall employ appropriate organisational, operational and technological processes and procedures to keep the Personal Data safe from unauthorised use or access, loss, destruction, theft or disclosure. The organisational, operational and technological processes and procedures adopted are required to comply with the requirements of ISO/IEC 27001 as appropriate to the services being provided to the Department; 7.2.4 Take reasonable steps to ensure the reliability of any Contractor Personnel who have access to the Personal Data; 7.2.5 Obtain prior written consent from the Department in order to transfer the Personal Data to any Sub-contractors or Affiliates for the provision of the Services; 7.2.6 Ensure that all Contractor Personnel required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this clause 7; 7.2.7 Ensure that none of Contractor Personnel publish, disclose or divulge any of the Personal Data to any third party unless directed in writing to do so by the Department; 7.2.8 Notify the Department within five Working Days if it receives: a request from a Data Subject to have access to that person's Personal Data; or a complaint or request relating to the Department's obligations under the Data Protection Legislation; 7.2.9 Provide the Department with full cooperation and assistance in relation to any complaint or request made, including by: - providing the Department with full details of the complaint or request; - complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the Department's instructions; - providing the Department with any Personal Data it holds in relation to a Data Subject (within the timescales required by the Department); and - providing the Department with any information requested by the Department; 7.2.10 Permit the Department or the Department’s Representative (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit the Contractor's data Processing activities (and/or those of its agents, subsidiaries and Sub-contractors) and comply with all reasonable requests or directions by the Department to enable the Department to verify and/or procure that the Contractor is in full compliance with its obligations under this Contract; 7.2.11 Provide a written description of the technical and organisational methods employed by the Contractor for processing Personal Data (within the timescales required by the Department) to be used solely for the purposes of this contract and provided that to do so would not be in breach of the Intellectual Property Rights (including Copyright) of a third party; and 7.2.12 Not process Personal Data outside the European Economic Area without the prior written consent of the Department and, where the Department consents to a transfer, to comply with: - the obligations of a Data Controller under the Eighth Data Protection Principle set out in Schedule 1 of the Data Protection Act 1998 by providing -an adequate level of protection to any Personal Data that is transferred; and - any reasonable instructions notified to it by the Department. 7.3 The Contractor shall comply at all times with the Data Protection Legislation and shall not perform its obligations under this Contract in such a way as to cause the Department to breach any of its applicable obligations under the Data Protection Legislation.