HIPAA Compliance If this Contract involves services, activities or products subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Contractor covenants that it will appropriately safeguard Protected Health Information (defined in 45 CFR 160.103), and agrees that it is subject to, and shall comply with, the provisions of 45 CFR 164 Subpart E regarding use and disclosure of Protected Health Information.
CEQA Compliance The District has complied with all assessment requirements imposed upon it by the California Environmental Quality Act (Public Resource Code Section 21000 et seq. (“CEQA”) in connection with the Project, and no further environmental review of the Project is necessary pursuant to CEQA before the construction of the Project may commence.
DBE/HUB Compliance The Engineer’s subcontracting program shall comply with the requirements of Attachment H of the contract (DBE/HUB Requirements).
Section 409A Compliance To the extent applicable, it is intended that this Agreement comply with the provisions of Section 409A of the Internal Revenue Code and the guidance promulgated thereunder (“Section 409A”). This Agreement shall be administered in a manner consistent with this intent, and any provision that would cause the Agreement to fail to satisfy Section 409A shall have no force and effect until amended by the parties to comply with Section 409A (which amendment may be retroactive to the extent permitted by Section 409A). Unless otherwise expressly provided, any payment of compensation by Company to Employee, whether pursuant to this Agreement or otherwise, shall be made no later than the 15th day of the third month (i.e., 2½ months) after the later of the end of the calendar year or the Company’s fiscal year in which Employee’s right to such payment vests (i.e., is not subject to a “substantial risk of forfeiture” for purposes of Code Section 409A). For purposes of this Agreement, “Separation from Service” shall have the meaning given to such term under Section 409A. Each payment and each installment of any severance payments provided for under this Agreement shall be treated as a separate payment for purposes of application of Section 409A. To the extent that any severance payments come within the definition of “short term deferrals” or “involuntary severance” under Section 409A, such amounts shall be excluded from “deferred compensation” as allowed under Section 409A, and shall not be subject to the following Section 409A compliance requirements. All payments of “nonqualified deferred compensation” (within the meaning of Section 409A) are intended to comply with the requirements of Section 409A, and shall be interpreted in accordance therewith. Neither party individually or in combination may accelerate, offset or assign any such deferred payment, except in compliance with Section 409A. No amount shall be paid prior to the earliest date on which it is permitted to be paid under Section 409A and Employee shall have no discretion with respect to the timing of payments except as permitted under Section 409A. Any payments to which Section 409A applies which are subject to execution of a waiver and release which may be executed and/or revoked in a calendar year following the calendar year in which the payment event (such as Separation from Service) occurs shall commence payment only in the calendar year in which the release revocation period ends as necessary to comply with Section 409A. In the event that Employee is determined to be a “key employee” (as defined and determined under Section 409A) of the Company at a time when its stock is deemed to be publicly traded on an established securities market, payments determined to be “nonqualified deferred compensation” payable upon separation from service shall be made no earlier than (i) the first day of the seventh (7th) complete calendar month following such termination of employment, or (ii) Employee’s death, consistent with the provisions of Section 409A. Any payment delayed by reason of the prior sentence shall be paid out in a single lump sum at the end of such required delay period in order to catch up to the original payment schedule. All expense reimbursement or in-kind benefits subject to Section 409A provided under this Agreement or, unless otherwise specified in writing, under any Company program or policy, shall be subject to the following rules: (i) the amount of expenses eligible for reimbursement or in-kind benefits provided during one calendar year may not affect the benefits provided during any other year; (ii) reimbursements shall be paid no later than the end of the calendar year following the year in which the Employee incurs such expenses, and the Employee shall take all actions necessary to claim all such reimbursements on a timely basis to permit the Company to make all such reimbursement payments prior to the end of said period, and (iii) the right to reimbursement or in-kind benefits shall not be subject to liquidation or exchange for another benefit. Notwithstanding anything herein to the contrary, no amendment may be made to this Agreement if it would cause the Agreement or any payment hereunder not to be in compliance with Section 409A.
PCI Compliance Company shall not connect to or utilize any computer network or systems of the Aviation Authority, including, without limitation, for transmission of credit card payments. Company shall be solely responsible for providing and maintaining its own computer networks and systems and shall ensure its system ensure its system used to collect, process, store or transmit credit card or customer credit card and/or personal information is compliant with all applicable Payment Card Industry (“PCI”) Data Security Standard (“DSS”).
1. Company shall, within 5 days, notify the Aviation Authority of any security malfunction or breach, intrusion or unauthorized access to cardholder or other customer data, and shall comply with all then applicable PCI requirements.
2. Company, in addition to notifying the Aviation Authority and satisfying the PCI requirements, will immediately take the remedial actions available under the circumstances and provide the Aviation Authority with an explanation of the cause of the breach or intrusion and the proposed remediation plan. Company will notify the Aviation Authority promptly if it learns that it is no longer PCI DSS compliant and will immediately provide the Aviation Authority with a report on steps being taken to remediate the non-compliance status and provide evidence of compliance once PCI DSS compliance is achieved.
3. Company, its successor’s and assigns, will continue to comply with all provisions of this Agreement relating to accidents, incidents, damages and remedial requirements after the termination of this Agreement.
4. Company shall ensure strict compliance with PCI DSS for each credit card transaction and acknowledges responsibility for the security of cardholder data. Company will create and maintain reasonable detailed, complete and accurate documentation describing the systems, processes, network segments, security controls and dataflow used to receive, process transmit store and secure Customer’s cardholder data. Such documentation shall conform to the most current version of PCI DSS.
5. Company must maintain PCI Certification as a bankcard merchant at the Airport. Company is responsible, at Company’s own expense, to contract and pay for all quarterly, annual or other required assessments, remediation activities related to processes within Concessionaire’s control, analysis or certification processes necessary to maintain PCI certification as a bankcard merchant.
6. PCI DSS - Company shall make available on the Premises, within 24 hours upon request by the Aviation Authority, such documentation, policies, procedures, reports, logs, configuration standards and settings and all other documentation necessary for the Aviation Authority to validate Company’s compliance with PCI DSS as well as make available to the individuals responsible for implementing, maintaining and monitoring those system components and processes. Requested logs must be made available to the Aviation Authority in electronic format compatible with computers used by the Aviation Authority.
7. Evidence of PCI DSS Compliance – Company agrees to supply their PCI DSS compliance status and evidence of its most recent validation of compliance upon execution of the Contract. Company must supply to the Aviation Authority evidence of validation of compliance at least annually to be delivered along with the Annual Certification of Fees in accordance with Article 5.C. of this Agreement.
