Common use of Safeguarding Customer Information Clause in Contracts

Safeguarding Customer Information. (a) In providing services hereunder, each Party shall implement appropriate security measures designed to meet the objectives of applicable insurance laws and regulations, including: (i) ensuring the confidentiality, security and integrity of the other Parties’ respective information regarding its clients’ and applicants’ nonpublic confidential information (“Customer Information”); (ii) protecting against anticipated threats or hazards to the security or integrity of Customer Information; and (iii) protecting against unauthorized access to or use of Customer Information. Each Service Provider shall adjust its information security program at the request of a Service Recipient for any relevant changes dictated by a Service Recipient’s assessments of risk around its Customer Information and customer information systems. Each Party agrees that during the term of this Agreement and thereafter, it shall not use, or permit any person or entity access to, any Customer Information except as permitted in connection with the performance of services hereunder. Each Party acknowledges that it shall be permitted to disclose Customer Information only to its employees, subcontractors, consultants and agents who have a need to know such information or otherwise in connection with its performance of its duties hereunder. In addition, a Party may disclose Customer Information if such disclosure is required by law or upon order of any competent court or law enforcement agency. (b) Each Party shall monitor from time to time its Customer Information systems for security breaches, violations and suspicious activity relating to the Customer Information. If a breach, violation or suspicious activity affecting the Customer Information is detected, the Party shall (i) notify the affected Parties promptly upon knowledge of such breach, violation or suspicious activity and (ii) fix or patch the security problem within a reasonable period of time. (c) For a period of seven (7) years after the termination or expiration of this Agreement, each Party will maintain, and will provide the other Parties reasonable access to, system records and logs regarding the use of the Customer Information systems as contemplated by this Agreement. Each Party shall have the right to review and inspect such records upon thirty (30) days’ advance written notice and during reasonable business hours. Inspections permitted under this Section 15(c) shall occur no more frequently than once per year and shall be conducted under the supervision of the inspecting Party. (d) Subject to a Party’s own security requirements, each Party shall allow the other Parties to conduct, at such other Parties’ expense, reasonable inspections of the Customer Information systems upon thirty (30) days’ prior written notice and during reasonable business hours. Inspections permitted under this Section 15(d) shall occur no more frequently than once per year. (e) Confirming evidence that a Service Provider has satisfied its obligations under this Section 15 shall be made available, during normal business hours, for inspection by the applicable Service Recipient, anyone authorized by such Service Recipient and any governmental agency that has regulatory authority over such Service Recipient’s business activities.

Safeguarding Customer Information. (a) In providing services hereunder, each Party shall implement appropriate security measures designed to meet the objectives of applicable insurance laws and regulations, including: (i) ensuring the confidentiality, security and integrity of the other Parties’ respective information regarding its clients’ and applicants’ nonpublic confidential information (“Customer Information”); (ii) protecting against anticipated threats or hazards to the security or integrity of Customer Information; and (iii) protecting against unauthorized access to or use of Customer Information. Each Service Provider shall adjust its information security program at the request of a Service Recipient for any relevant changes dictated by a Service Recipient’s assessments of risk around its Customer Information and customer information systems. Each Party agrees that during the term of this Agreement and thereafter, it shall not use, or permit any person or entity access to, any Customer Information except as permitted in connection with the performance of services hereunder. Each Party acknowledges that it shall be permitted to disclose Customer Information only to its employees, subcontractors, consultants and agents who have a need to know such information or otherwise in connection with its performance of its duties hereunder. In addition, a Party may disclose Customer Information if such disclosure is required by law or upon order of any competent court or law enforcement agency. (b) Each Party shall monitor from time to time its Customer Information systems for security breaches, violations and suspicious activity relating to the Customer Information. If a breach, violation or suspicious activity affecting the Customer Information is detected, the Party shall (i) notify the affected Parties promptly upon knowledge of such breach, violation or suspicious activity and (ii) fix or patch the security problem within a reasonable period of time. (c) For a period of seven (7) years after the termination or expiration of this Agreement, each Party will maintain, and will provide the other Parties reasonable access to, system records and logs regarding the use of the Customer Information systems as contemplated by this Agreement. Each Party shall have the right to review and inspect such records upon thirty (30) days’ advance written notice and during reasonable business hours. Inspections permitted under this Section 15(c) shall occur no more frequently than once per year and shall be conducted under the supervision of the inspecting Party. (d) Subject to a Party’s own security requirements, each Party shall allow the other Parties to conduct, at such other Parties’ expense, conduct reasonable inspections of the Customer Information systems upon thirty (30) days’ prior written notice and during reasonable business hours. Inspections permitted under this Section 15(d) shall occur no more frequently than once per year. (e) Confirming evidence that a Service Provider has satisfied its obligations under this Section 15 shall be made available, during normal business hours, for inspection by the applicable a Service Recipient, anyone authorized by such a Service Recipient and any governmental agency that has regulatory authority over such the Service Recipient’s business activities.

Safeguarding Customer Information. (a) In providing services hereunderA Servicing Party acknowledges and agrees that, each solely to enable Servicing Party shall implement appropriate security measures designed to meet the objectives of applicable insurance laws and regulationsperform its obligations pursuant to this Agreement, including: (i) ensuring the confidentiality, security and integrity Receiving Party may provide to Servicing Party “nonpublic personal information,” as such term is defined in Section 509 of the other Parties’ respective Xxxxx-Xxxxx-Xxxxxx Act of 1999 and regulations promulgated thereunder, and information regarding its clients’ and applicants’ nonpublic confidential information data derived therefrom, concerning customers of Receiving Party (such Party Data being, collectively, “Customer Information”); (ii) protecting . Servicing Party further acknowledges and agrees that it shall have the right to use Customer Information solely to fulfill and perform its obligations under this Agreement and otherwise comply with legal and regulatory requirements applicable to Servicing Party. Servicing Party shall have no right to use, reuse or disclose any Customer Information to any person or entity for any reason not specifically permitted under this Agreement. Servicing Party agrees to establish and maintain appropriate controls and measures designed to ensure the security and confidentiality of Customer Information, to protect against any anticipated threats or hazards to the security or and integrity of Customer Information; such information, and (iii) protecting to protect against unauthorized access to or use of Customer Information. Each Service Provider shall adjust its information security program such information, all designed to meet the guidelines set forth at 12 C.F.R. Part 30 Appendix B. Servicing Party further agrees to require any third-party service provider utilized by Servicing Party in accordance with the request of a Service Recipient for any relevant changes dictated by a Service Recipient’s assessments of risk around its Customer Information and customer information systems. Each Party agrees that during the term terms of this Agreement to also agree in writing to establish and thereaftermaintain such controls and measures and to maintain the confidentiality of Customer Information to the same extent required of Servicing Party. Upon Receiving Party’s request, Servicing Party shall promptly provide audit reports, written test results and such other information reasonably requested by Receiving Party concerning its compliance with this Section 6(a). If Receiving Party reasonably determines that additional monitoring of Servicing Party’s information security measures is appropriate, it may, upon reasonable notice, conduct an audit of Servicing Party to determine whether Servicing Party is satisfying its obligations regarding information security. Servicing Party shall not use, promptly provide Receiving Party with complete information regarding any failure of such controls and measures or permit any person or entity access to, any security breach related to Customer Information except as permitted in connection with the performance of services hereunder. Each Party acknowledges that it shall be permitted to disclose Customer Information only to its employees, subcontractors, consultants and agents who have a need to know such information or otherwise in connection with its performance of its duties hereunder. In addition, a Party may disclose Customer Information if such disclosure is required by law or upon order of any competent court or law enforcement agencyInformation. (b) Each Subject to Section 6(a) above, the Parties agree that Party Data furnished by a Party to the other Party shall monitor from time to time its Customer Information systems be received in confidence and kept confidential by the other Party and used by the other Party only for security breaches, violations and suspicious activity relating the purpose of providing or receiving Services under this Agreement. The confidentiality obligations of this Section 6(b) do not apply to the Customer Information. If a breach, violation or suspicious activity affecting the Customer Information is detected, the Party shall extent that such information (i) notify is already lawfully known to the affected Parties promptly upon knowledge of such breach, violation or suspicious activity and other Party when received; (ii) fix thereafter becomes lawfully known from other sources; (iii) is disclosed to affiliates, auditors, agents, third party service providers or patch counsel or is voluntarily disclosed to regulators or rating agencies, provided that such entity or person has agreed in writing or is required by law to keep such information confidential, or (iv) is required by Applicable Law or court order to be disclosed by the security problem within a reasonable period other Party, provided that prior notice of time. such disclosure (cother than to its affiliates, auditors, counsel, regulators or rating agencies) For a period of seven (7) years after has been given to the termination or expiration of this Agreementother Party by the Party required to make disclosure, each Party will maintainwhen legally permissible, and will the Party required to make the disclosure shall (1) provide sufficient notice to permit the other Parties reasonable access toParty to take legal action to prevent the disclosure and (2) to the extent reasonably practicable, system records and logs regarding cause the use of the Customer Information systems as contemplated by this Agreement. Each Party shall have the right entity or person receiving such information to review and inspect such records upon thirty (30) days’ advance written notice and during reasonable business hours. Inspections permitted under this Section 15(c) shall occur no more frequently than once per year and shall be conducted under the supervision of the inspecting Partykeep it confidential. (d) Subject Servicing Party shall maintain a business continuity plan, including plans for disaster recovery, emergency preparedness and business resumption, all designed in accordance with industry standards. Servicing Party shall be solely responsible for the preparation, periodic testing, review and implementation of disaster recovery, emergency preparedness and business resumption plans, and the expenses associated with such plans. Such periodic testing shall occur at least annually. Receiving Party reserves the right to review a copy of Servicing Party’s own security requirementsdisaster recovery, each Party shall allow the other Parties to conduct, at emergency preparedness and business resumption plans and participate in such other Parties’ expense, reasonable inspections of the Customer Information systems upon thirty (30) days’ prior written notice and during reasonable business hours. Inspections permitted under this Section 15(d) shall occur no more frequently than once per yeartesting. (e) Confirming evidence The Parties agree that all information provided to it in connection with this Agreement from the other Party shall be considered confidential and proprietary information (“Confidential Information”) and shall not be disclosed to any third party without the prior written consent of the Party providing the Confidential Information (the “Disclosing Party”). Confidential Information shall include, without limitation: business operations, financial condition or assets, including, but not limited to, technical, developmental, marketing, analysis reports, sales, operating, performance, cost, know-how, documentation, marketing strategies and targeting methods, business objectives, customer and process information, computer programming techniques, and any record bearing media containing or disclosing such information and techniques of the Disclosing Party or its subcontractors or third party providers. Confidential Information shall also include, without limitation the names, addresses, and demographic, behavioral, and credit information relating to customers of the Bank. All consumer report, credit information, and non-experience information from customer applications will be treated as Confidential Information and shall not be shared with third parties or the Bank’s corporate affiliates, subsidiaries or parents of the Bank without the prior written consent of the Disclosing Party. The Party receiving Confidential Information from the Disclosing Party shall use Confidential Information only for the purpose of performing the terms of the Agreement and shall not accumulate in any way or make use of Confidential Information for any other purpose. Servicing Party shall ensure that only its employees, authorized agents, or subcontractors who are on a Service Provider has satisfied its obligations under strict “need to know” such Confidential Information to perform this Agreement will receive Confidential Information and that such persons agree to be bound by the provisions of this Section 15 shall and maintain the existence of this Agreement and the nature of their obligations hereunder strictly confidential. In addition, Servicing Party agrees that data coming from Receiving Party will be made availablekept in a secure, during normal business hours, for inspection by the applicable Service Recipient, anyone segregated manner. Receiving Party’s client information must be restricted to authorized by such Service Recipient resources and any governmental agency that has regulatory authority over such Service Recipient’s business activitiesusers.