Protection of Your Data We will maintain administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Your Data, as described in the Documentation. Those safeguards will include, but will not be limited to, measures for preventing access, use, modification or disclosure of Your Data by Our personnel except (a) to provide the Purchased Services and prevent or address service or technical problems, (b) as compelled by law in accordance with Section 8.3 (Compelled Disclosure) below, or (c) as You expressly permit in writing.
PROTECTION OF YOUR CONTENT 5.1 In order to protect Your Content provided to Oracle as part of the provision of the Services, Oracle will comply with the applicable administrative, physical, technical and other safeguards, and other applicable aspects of system and content management, available at xxxx://xxx.xxxxxx.xxx/us/corporate/contracts/cloud-services/index.html. 5.2 To the extent Your Content includes Personal Data (as that term is defined in the applicable data privacy policies and the Data Processing Agreement (as that term is defined below)), Oracle will furthermore comply with the following: a. the relevant Oracle privacy policies applicable to the Services, available at xxxx://xxx.xxxxxx.xxx/us/legal/privacy/overview/index.html; and b. the applicable version of the Data Processing Agreement for Oracle Services (the “Data Processing Agreement”), unless stated otherwise in Your order. The version of the Data Processing Agreement applicable to Your order (a) is available at xxxxx://xxx.xxxxxx.xxx/corporate/contracts/cloud- services/contracts.html#data-processing and is incorporated herein by reference, and (b) will remain in force during the Services Period of Your order. In the event of any conflict between the terms of the Data Processing Agreement and the terms of the Service Specifications (including any applicable Oracle privacy policies), the terms of the Data Processing Agreement shall take precedence.
Use of Your Information The Beta Technology may include functionality that permits UPS to measure Your usage of its features and informs UPS of this usage electronically. UPS has the right to collect from Your computer, Your system configuration data and a log of Your activities while using the Beta Technology (the “Beta Technology Report”). UPS may use the Beta Technology Report to help conduct trouble-shooting analysis and improve the functionality of the Beta Technology. You consent and agree that UPS shall be free to reproduce, use, disclose, exhibit, display, transform, create derivative works from, and distribute to others without limitation or obligation of any type to You all comments, information, data, and suggestions, including the Beta Technology Report and feedback data (but not including financial data, financial plans or product plans not commonly known or publicly available), that You provide to UPS related to the Beta Technology. Further, UPS shall be free to use any ideas, concepts, know-how, or techniques contained in such information without limitation or obligation of any type to You.
Disclosure of Your Information We will disclose information to third parties about your account or the transfers you make:
Security of Data a. Each of the parties shall: i. ensure as far as reasonably practicable, that Data is properly stored, is not accessible to unauthorised persons, is not altered, lost or destroyed and is capable of being retrieved only by properly authorised persons; ii. subject to the provisions of Sub-Clause 8.a. ensure that, in addition to any security, proprietary and other information disclosure provision contained in the Contract, Messages and Associated Data are maintained in confidence, are not disclosed or transmitted to any unauthorised person and are not used for any purpose other than that communicated by the sending party or permitted by the Contract; and iii. protect further transmission to the same degree as the originally transmitted Message and Associated Data when further transmissions of Messages and Associated Data are permitted by the Contract or expressly authorised by the sending party. b. The sending party shall ensure that Messages are marked in accordance with the requirements of the Contract. If a further transmission is made pursuant to Sub-Clause 3. a. iii. the sender shall ensure that such markings are repeated in the further transmission. c. The parties may apply special protection to Messages by encryption or by other agreed means, and may apply designations to the Messages for protective Interchange, handling and storage procedures. Unless the parties otherwise agree, the party receiving a Message so protected or designated shall use at least the same level of protection and protective procedures for any further transmission of the Message and its Associated Data for all responses to the Message and for all other communications by Interchange or otherwise to any other person relating to the Message. d. If either party becomes aware of a security breach or breach of confidence in relation to any Message or in relation to its procedures or systems (including, without limitation, unauthorised access to their systems for generation, authentication, authorisation, processing, transmission, storage, protection and file management of Messages) then it shall immediately inform the other party of such breach. On being informed or becoming aware of a breach the party concerned shall: i. immediately investigate the cause, effect and extent of such breach; ii. report the results of the investigation to the other party; and iii. use all reasonable endeavours to rectify the cause of such breach. e. Each party shall ensure that the contents of Messages that are sent or received are not inconsistent with the law, the application of which could restrict the content of a Message or limit its use, and shall take all necessary measures to inform without delay the other party if such an inconsistency arises.
Security of Confidential Information Each party possessing Confidential Information of the other party will maintain all such Confidential Information under secure conditions, using reasonable security measures and in any event not less than the same security procedures used by such party for the protection of its own Confidential Information of a similar kind.
Security of Information Unless otherwise specifically authorized by the DOH Chief Information Security Officer, Contractor receiving confidential information under this contract assures that: • Encryption is selected and applied using industry standard algorithms validated by the National Institute of Standards and Technology (NIST) Cryptographic Algorithm Validation Program against all information stored locally and off-site. Information must be encrypted both in-transit and at rest and applied in such a way that it renders data unusable to anyone but authorized personnel, and the confidential process, encryption key or other means to decipher the information is protected from unauthorized access. • It is compliant with the applicable provisions of the Washington State Office of the Chief Information Officer (OCIO) policy 141, Securing Information Technology Assets, available at: xxxxx://xxxx.xx.xxx/policy/securing-information-technology-assets. • It will provide DOH copies of its IT security policies, practices and procedures upon the request of the DOH Chief Information Security Officer. • DOH may at any time conduct an audit of the Contractor’s security practices and/or infrastructure to assure compliance with the security requirements of this contract. • It has implemented physical, electronic and administrative safeguards that are consistent with OCIO security standard 141.10 and ISB IT guidelines to prevent unauthorized access, use, modification or disclosure of DOH Confidential Information in any form. This includes, but is not limited to, restricting access to specifically authorized individuals and services through the use of: o Documented access authorization and change control procedures; o Card key systems that restrict, monitor and log access; o Locked racks for the storage of servers that contain Confidential Information or use AES encryption (key lengths of 256 bits or greater) to protect confidential data at rest, standard algorithms validated by the National Institute of Standards and Technology (NIST) Cryptographic Algorithm Validation Program (CMVP); o Documented patch management practices that assure all network systems are running critical security updates within 6 days of release when the exploit is in the wild, and within 30 days of release for all others; o Documented anti-virus strategies that assure all systems are running the most current anti-virus signatures within 1 day of release; o Complex passwords that are systematically enforced and password expiration not to exceed 120 days, dependent user authentication types as defined in OCIO security standards; o Strong multi-factor authentication mechanisms that assure the identity of individuals who access Confidential Information; o Account lock-out after 5 failed authentication attempts for a minimum of 15 minutes, or for Confidential Information, until administrator reset; o AES encryption (using key lengths 128 bits or greater) session for all data transmissions, standard algorithms validated by NIST CMVP; o Firewall rules and network address translation that isolate database servers from web servers and public networks; o Regular review of firewall rules and configurations to assure compliance with authorization and change control procedures; o Log management and intrusion detection/prevention systems; o A documented and tested incident response plan Any breach of this clause may result in termination of the contract and the demand for return of all personal information.
PAYING YOUR BILL 10.1 What you have to pay
Using Your Card You understand that the use of your credit card or credit card account will constitute acknowledgement of receipt and agreement to the terms of the Credit Card Agreement and Credit Card Account Opening Disclosure (Disclosure). You may use your card to make purchases from merchants and others who accept your card. The credit union is not responsible for the refusal of any merchant or financial institution to honor your card. If you wish to pay for goods or services over the Internet, you may be required to provide card number security information before you will be permitted to complete the transaction. In addition, you may obtain cash advances from the Credit Union, from other financial institutions that accept your card, and from some automated teller machines (ATMs). (Not all ATMs accept your card.) If the credit union authorizes ATM transactions with your card, it will issue you a personal identification number (PIN). To obtain cash advances from an ATM, you must use the PIN issued to you for use with your card. You agree that you will not use your card for any transaction that is illegal under applicable federal, state, or local law. Even if you use your card for an illegal transaction, you will be responsible for all amounts and charges incurred in connection with the transaction. If you are permitted to obtain cash advances on your account, you may also use your card to purchase instruments and engage in transactions that we consider the equivalent of cash. Such transactions will be posted to your account as cash advances and include, but are not limited to, wire transfers, money orders, bets, lottery tickets, and casino gaming chips, as applicable. This paragraph shall not be interpreted as permitting or authorizing any transaction that is illegal.
Personal Information security breach Supplier/Service Provider’s Obligations a) The Supplier/Service Provider shall notify the Information Officer of Transnet, in writing as soon as possible after it becomes aware of or suspects any loss, unauthorised access or unlawful use of any personal data and shall, at its own cost, take all necessary remedial steps to mitigate the extent of the loss or compromise of personal data and to restore the integrity of the affected Goods/Services as quickly as is possible. The Supplier/Service Provider shall also be required to provide Transnet with details of the persons affected by the compromise and the nature and extent of the compromise, including details of the identity of the unauthorised person who may have accessed or acquired the personal data. b) The Supplier/Service Provider shall provide on-going updates on its progress in resolving the compromise at reasonable intervals until such time as the compromise is resolved. c) Where required, the Supplier/Service Provider may be required to notify the South African Police Service; and/or the State Security Agency and where applicable, the relevant regulator and/or the affected persons of the security breach. Any such notification shall always include sufficient information to allow the persons to take protective measures against the potential consequences of the compromise. d) The Supplier/Service Provider undertakes to co‑operate in any investigation relating to security which is carried out by or on behalf of Transnet including providing any information or material in its possession or control and implementing new security measures.