Common use of Security of Customer Information Clause in Contracts

Security of Customer Information. a) To effect the purposes of this Master Agreement, COMPANY, BPPR or one of their respective Subsidiaries may from time to time provide EVERTEC with information or access to information concerning COMPANY, BPPR, or one of their respective Subsidiaries and persons or entities who obtain financial products or services from COMPANY, BPPR, or their respective Subsidiaries, including without limitation, client account information (“Customer Information”). EVERTEC acknowledges that its right to use the Customer Information may be limited by obligations of Company, BPPR or one of their respective Subsidiaries under the Xxxxx-Xxxxx-Xxxxxx Act of 1999 (Public Law 106-102, 113 Stat. 1138) (the “Gramm Act”) and its implementing regulations (e.g., Federal Reserve Regulation P, Securities and Exchange Commission Regulation S-P) and other federal and state laws and regulations regarding privacy and the confidentiality of customer records. EVERTEC shall be responsible for establishing and maintaining an information security program that complies with the Legal Requirements. To protect the privacy of the Customer Information, EVERTEC shall: (i) limit access to the Customer Information to its employees and agents who have a need to know to carry out the purposes for which the Customer Information was disclosed; and (ii) use the Customer Information only for purposes of carrying out its obligations hereunder. Furthermore, EVERTEC agrees to (i) protect and hold all Customer Information in strict confidence and to take all reasonable steps necessary to protect the Customer Information from unauthorized and/or inadvertent disclosure; (ii) give immediate verbal and written notification to COMPANY or BPPR, or one of their respective Subsidiaries, as applicable of any court order or legal action requiring the disclosure of Customer Information and, to the extent allowable under the law, hold the Customer Information in confidence while COMPANY, BPPR or one of their respective Subsidiaries seeks a protective order; (iii) give prompt notification of any unauthorized or inadvertent disclosure of the Customer Information; (iv) upon request of COMPANY, BPPR or one of their respective Subsidiaries promptly return or destroy all Customer Information belonging to COMPANY, BPPR, or one of their respective Subsidiaries, as applicable, including all copies thereof; and (v) implement security measures designed to (a) ensure the security, integrity and confidentiality of the Customer Information; (b) protect against any anticipated threats or hazards to the security or integrity of the Customer Information; and (c) protect against unauthorized access to or use of the Customer Information.

Security of Customer Information. a) To effect the purposes of this Master Agreement, COMPANY, BPPR or one of their respective Subsidiaries may from time to time provide EVERTEC with information or access to information concerning COMPANY, BPPR, or one of their respective Subsidiaries BPPR and persons or entities who obtain financial products or services from COMPANY, BPPR, or their respective Subsidiaries, including without limitation, client account information (“Customer Information”). EVERTEC acknowledges that its right to use the Customer Information may be limited by obligations of Company, BPPR or one of their respective Subsidiaries under the Xxxxx-Xxxxx-Xxxxxx Act of 1999 (Public Law 106-102, 113 Stat. 1138) (the “Gramm Act”) and its implementing regulations (e.g., Federal Reserve Regulation P, Securities and Exchange Commission Regulation S-P) and other federal and state laws and regulations regarding privacy and the confidentiality of customer records. EVERTEC shall be responsible for establishing and maintaining an information security program that complies with the Legal Requirements. To protect the privacy of the Customer Information, EVERTEC shall: (i) limit access to the Customer Information to its employees and agents who have a need to need-to-know to carry out the purposes for which the Customer Information was disclosed; and (ii) use the Customer Information only for purposes of carrying out its obligations hereunder. Furthermore, EVERTEC agrees to (i) protect and hold all Customer Information in strict confidence and to take all reasonable steps necessary to protect the Customer Information from unauthorized and/or inadvertent disclosure; (ii) give immediate verbal and written notification to COMPANY or BPPR, or one of their respective Subsidiaries, as applicable of any court order or legal action requiring the disclosure of Customer Information and, to the extent allowable under the law, hold the Customer Information in confidence while COMPANY, BPPR or one of their respective Subsidiaries seeks a protective order; (iii) give prompt notification of any unauthorized or inadvertent disclosure of the Customer Information; (iv) upon request of COMPANYBPPR, BPPR or one of their respective Subsidiaries promptly return or destroy all Customer Information belonging to COMPANY, BPPR, or one of their respective Subsidiaries, as applicable, including all copies thereof; and (v) implement security measures designed to (a) ensure the security, integrity and confidentiality of the Customer Information; (b) protect against any anticipated threats or hazards to the security or integrity of the Customer Information; and (c) protect against unauthorized access to or use of the Customer Information.

Security of Customer Information. a) To effect the purposes of this Master Agreement, COMPANY, BPPR or one of their respective Subsidiaries may from time to time provide EVERTEC with information or access to information concerning COMPANY, BPPR, or one of their respective Subsidiaries BPPR and persons or entities who obtain financial products or services from COMPANY, BPPR, or their respective Subsidiaries, including without limitation, client account information (“Customer Information”). EVERTEC acknowledges that its right to use the Customer Information may be limited by obligations of Company, BPPR or one of their respective Subsidiaries under the XxxxxGramm-XxxxxLexxx-Xxxxxx Act of Xxx xx 1999 (Public Law 106-102, 113 Stat. 1138) (the “Gramm Act”) and its implementing regulations (e.g., Federal Reserve Regulation P, Securities and Exchange Commission Regulation S-P) and other federal and state laws and regulations regarding privacy and the confidentiality of customer records. EVERTEC shall be responsible for establishing and maintaining an information security program that complies with the Legal Requirements. To protect the privacy of the Customer Information, EVERTEC shall: (i) limit access to the Customer Information to its employees and agents who have a need to know need‑to‑know to carry out the purposes for which the Customer Information was disclosed; and (ii) use the Customer Information only for purposes of carrying out its obligations hereunder. Furthermore, EVERTEC agrees to (i) protect and hold all Customer Information in strict confidence and to take all reasonable steps necessary to protect the Customer Information from unauthorized and/or inadvertent disclosure; (ii) give immediate verbal and written notification to COMPANY or BPPR, or one of their respective Subsidiaries, as applicable of any court order or legal action requiring the disclosure of Customer Information and, to the extent allowable under the law, hold the Customer Information in confidence while COMPANY, BPPR or one of their respective Subsidiaries seeks a protective order; (iii) give prompt notification of any unauthorized or inadvertent disclosure of the Customer Information; (iv) upon request of COMPANYBPPR, BPPR or one of their respective Subsidiaries promptly return or destroy all Customer Information belonging to COMPANY, BPPR, or one of their respective Subsidiaries, as applicable, including all copies thereof; and (v) implement security measures designed to (a) ensure the security, integrity and confidentiality of the Customer Information; (b) protect against any anticipated threats or hazards to the security or integrity of the Customer Information; and (c) protect against unauthorized access to or use of the Customer Information.. -8-