Common use of Security and Data Privacy Clause in Contracts

Security and Data Privacy. Each party shall comply with applicable data privacy laws governing the protection of personal data in relation to their respective obligations under this Agreement. Where Company acts as Subscriber’s processor of personal data provided by Subscriber, the data is subject to Company’s Privacy Policy, which can be viewed by clicking the “Privacy” hypertext link located within the Cloud Service. By using the Cloud Service, Xxxxxxxxxx accepts and agrees to be bound and abide by such Privacy Policy. At all times during the Subscription term and upon written request of Subscriber within thirty (30) days after the effective date of termination or expiration of this Agreement, Subscriber Content shall be available for Subscriber’s export and download. In accordance with applicable data privacy laws following that initial period, Company shall not be obligated to maintain Subscriber Data nor Subscriber Content and may delete or destroy what remains in its possession or control. (a) If applicable in the United States, if Subscriber is a “Covered Entity” under the Health Insurance Portability and Accountability Act of 1996 (as amended from time to time, “HIPAA”), and if Subscriber must reasonably provide protected health information as defined by HIPAA in order to use the Cloud Services, Company shall be Subscriber’s “Business Associate” under HIPAA, and Company and Subscriber shall enter into a Business Associate Agreement (the form of which shall be reasonably satisfactory to Company). (b) If applicable in the United Kingdom, Switzerland or European Economic Area (EEA), both parties will comply with the applicable requirements of Data Protection Legislation. “Data Protection Legislation” means (i) the United Kingdom’s Data Protection Act 2018, and (ii) the General Data Protection Regulation (“GDPR”) and any national implementing laws, regulations or secondary legislation. Company and Subscriber agree that Company will not be processing any personal data on behalf of the Subscriber as “Data Controller” (defined in accordance with the Data Protection Legislation). Company will collect, use, disclose, transfer and store personal information when needed to administer this Agreement and for its operational and business purposes, in accordance with Data Protection Legislation. To the extent personal data from the UK, Switzerland or the EEA are processed by Company, the terms of a data processing addendum (“DPA”) must be signed by the parties. To the extent Company processes personal data, its binding corporate rules and the standard contract clauses shall apply, as set forth in the DPA. For standard contract clauses, Subscriber and Company agree that Subscriber is the data exporter and Subscriber’s acceptance of this Agreement or applicable Order shall be treated as its execution of the standard contract clauses.

Security and Data Privacy. Each party shall comply with applicable data privacy laws governing the protection of personal data in relation to their respective obligations under this Agreement. Where Company acts as Subscriber’s processor of personal data provided by Subscriber, the data is subject to Company’s Privacy Policy, which can be viewed by clicking the “Privacy” hypertext link located within the Cloud Service. By using the Cloud Service, Xxxxxxxxxx accepts and agrees to be bound and abide by such Privacy Policy. At all times during the Subscription term and upon written request of Subscriber within thirty (30) days after the effective date of termination or expiration of this Agreement, Subscriber Content shall be available for Subscriber’s export and download. In accordance with applicable data privacy laws following that initial period, Company shall not be obligated to maintain Subscriber Data nor Subscriber Content and may delete or destroy what remains in its possession or control. (a) If applicable in the United States, if Subscriber is a “Covered Entity” under the Health Insurance Portability and Accountability Act of 1996 (as amended from time to time, “HIPAA”), and if Subscriber must reasonably provide protected health information as defined by HIPAA in order to use the Cloud Services, Company shall be Subscriber’s “Business Associate” under HIPAA, and Company and Subscriber shall enter into a Business Associate Agreement (the form of which shall be reasonably satisfactory to Company). (b) If applicable in the United Kingdom, Switzerland or European Economic Area (EEA), both parties will comply with the applicable requirements of Data Protection Legislation. “Data Protection Legislation” means (i) the United Kingdom’s Data Protection Act 2018Xxx 0000, and (ii) the General Data Protection Regulation (“GDPR”) and any national implementing laws, regulations or secondary legislation. Company and Subscriber agree that Company will not be processing any personal data on behalf of the Subscriber as “Data Controller” (defined in accordance with the Data Protection Legislation). Company will collect, use, disclose, transfer and store personal information when needed to administer this Agreement and for its operational and business purposes, in accordance with Data Protection Legislation. To the extent personal data from the UK, Switzerland or the EEA are processed by Company, the terms of a data processing addendum (“DPA”) must be signed by the parties. To the extent Company processes personal data, its binding corporate rules and the standard contract clauses shall apply, as set forth in the DPA. For standard contract clauses, Subscriber and Company agree that Subscriber is the data exporter and Subscriber’s acceptance of this Agreement or applicable Order shall be treated as its execution of the standard contract clauses.