Return/Destruction of PHI 15.1 Business Associate in connection with the expiration or termination of the contract or grant shall return or destroy, at the discretion of the Covered Entity, all PHI received from Covered Entity or created or received by Business Associate on behalf of Covered Entity pursuant to this contract or grant that Business Associate still maintains in any form or medium (including electronic) within thirty (30) days after such expiration or termination. Business Associate shall not retain any copies of the PHI. Business Associate shall certify in writing for Covered Entity (1) when all PHI has been returned or destroyed and (2) that Business Associate does not continue to maintain any PHI. Business Associate is to provide this certification during this thirty (30) day period.
15.2 Business Associate shall provide to Covered Entity notification of any conditions that Business Associate believes make the return or destruction of PHI infeasible. If Covered Entity agrees that return or destruction is infeasible, Business Associate shall extend the protections of this Agreement to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible for so long as Business Associate maintains such PHI. This shall also apply to all Agents and Subcontractors of Business Associate.
Return or Destruction of Confidential Information If an Interconnection Party provides any Confidential Information to another Interconnection Party in the course of an audit or inspection, the providing Interconnection Party may request the other party to return or destroy such Confidential Information after the termination of the audit period and the resolution of all matters relating to that audit. Each Interconnection Party shall make Reasonable Efforts to comply with any such requests for return or destruction within ten days of receiving the request and shall certify in writing to the other Interconnection Party that it has complied with such request.
Data Return and Destruction of Data (a) Protecting PII from unauthorized access and disclosure is of the utmost importance to the EA, and Contractor agrees that it is prohibited from retaining PII or continued access to PII or any copy, summary or extract of PII, on any storage medium (including, without limitation, in secure data centers and/or cloud-based facilities) whatsoever beyond the period of providing Services to the EA, unless such retention is either expressly authorized for a prescribed period by the Service Agreement or other written agreement between the Parties, or expressly requested by the EA for purposes of facilitating the transfer of PII to the EA or expressly required by law. As applicable, upon expiration or termination of the Service Agreement, Contractor shall transfer PII, in a format agreed to by the Parties to the EA.
(b) If applicable, once the transfer of PII has been accomplished in accordance with the EA’s written election to do so, Contractor agrees to return or destroy all PII when the purpose that necessitated its receipt by Contractor has been completed. Thereafter, with regard to all PII (including without limitation, all hard copies, archived copies, electronic versions, electronic imaging of hard copies) as well as any and all PII maintained on behalf of Contractor in a secure data center and/or cloud-based facilities that remain in the possession of Contractor or its Subcontractors, Contractor shall ensure that PII is securely deleted and/or destroyed in a manner that does not allow it to be retrieved or retrievable, read or reconstructed. Hard copy media must be shredded or destroyed such that PII cannot be read or otherwise reconstructed, and electronic media must be cleared, purged, or destroyed such that the PII cannot be retrieved. Only the destruction of paper PII, and not redaction, will satisfy the requirements for data destruction. Redaction is specifically excluded as a means of data destruction.
(c) Contractor shall provide the EA with a written certification of the secure deletion and/or destruction of PII held by the Contractor or Subcontractors.
(d) To the extent that Contractor and/or its subcontractors continue to be in possession of any de-identified data (i.e., data that has had all direct and indirect identifiers removed), they agree not to attempt to re-identify de-identified data and not to transfer de-identified data to any party.
Notification of personal data breach 1. In case of any personal data breach, the data processor shall, without undue delay after having become aware of it, notify the data controller of the personal data breach.
2. The data processor’s notification to the data controller shall, if possible, take place within 24 hours after the data processor has become aware of the personal data breach to enable the data controller to comply with the data controller’s obligation to notify the personal data breach to the competent supervisory authority, cf. Article 33
Return or Destruction Upon termination of this Agreement or upon any earlier written request by Sponsor at any time, Institution shall return to Sponsor, or destroy, at Sponsor’s option, all Confidential Information other than Study Data.
Contact in Event of Unauthorized Transfer If you believe your Card and/or access code has been lost or stolen or that someone has transferred or may transfer money from your account without your permission, either call us immediately at:
CERTIFICATION OF NONSEGREGATED FACILITIES (Applicable to construction contracts exceeding $10,000) The Contractor certifies that it does not maintain or provide for its establishments, and that it does not permit employees to perform their services at any location, under its control, where segregated facilities are maintained. It certifies further that it will not maintain or provide for employees any segregated facilities at any of its establishments, and it will not permit employees to perform their services at any location under its control where segregated facilities are maintained. The Contractor agrees that a breach of this certification is a violation of the equal opportunity clause of this contract. As used in this certification, the term “segregated facilities” means any waiting rooms, work areas, rest rooms and wash rooms, restaurants and other eating areas, time clocks, locker rooms, and other storage or dressing areas, parking lots, drinking fountains, recreation or entertainment areas, transportation and housing facilities provided for employees which are segregated by explicit directive or are, in fact, segregated on the basis of race, color, religion, or national origin because of habit, local custom, or any other reason. The Contractor further agrees that (except where it has obtained for specific time periods) it will obtain identical certification from proposed subcontractors prior to the award of subcontracts exceeding $10,000 which are not exempt from the provisions of the equal opportunity clause; that it will retain such certifications in its files; and that it will forward the preceding notice to such proposed subcontractors (except where proposed subcontractors have submitted identical certifications for specific time periods).
Selection of Subcontractors, Procurement of Materials and Leasing of Equipment The contractor shall not discriminate on the grounds of race, color, religion, sex, national origin, age or disability in the selection and retention of subcontractors, including procurement of materials and leases of equipment. The contractor shall take all necessary and reasonable steps to ensure nondiscrimination in the administration of this contract.
a. The contractor shall notify all potential subcontractors and suppliers and lessors of their EEO obligations under this contract.
b. The contractor will use good faith efforts to ensure subcontractor compliance with their EEO obligations.
Personal Data Breach Notification SAP will notify Customer without undue delay after becoming aware of any Personal Data Breach and provide reasonable information in its possession to assist Customer to meet Customer’s obligations to report a Personal Data Breach as required under Data Protection Law. SAP may provide such information in phases as it becomes available. Such notification shall not be interpreted or construed as an admission of fault or liability by SAP.
RETURN AND DELETION OF PERSONAL DATA 7.1 We shall return to You and, to the extent allowed by applicable law, delete Your Personal Data as set out in the Agreement. We are obliged to ensure that any Sub-processors adhere to the same obligation
