Customer Identification Program Notice To help the U.S. government fight the funding of terrorism and money laundering activities, U.S. Federal law requires each financial institution to obtain, verify, and record certain information that identifies each person who initially opens an account with that financial institution on or after October 1, 2003. Certain of PNC’s affiliates are financial institutions, and PNC may, as a matter of policy, request (or may have already requested) the Fund’s name, address and taxpayer identification number or other government-issued identification number, and, if such party is a natural person, that party’s date of birth. PNC may also ask (and may have already asked) for additional identifying information, and PNC may take steps (and may have already taken steps) to verify the authenticity and accuracy of these data elements.
Non-Identification Approved Users agree not to use the requested datasets, either alone or in concert with any other information, to identify or contact individual participants from whom data and/or samples were collected. Approved Users also agree not to generate information (e.g., facial images or comparable representations) that could allow the identities of research participants to be readily ascertained. These provisions do not apply to research investigators operating with specific IRB approval, pursuant to 45 CFR 46, to contact individuals within datasets or to obtain and use identifying information under an 2 The project anniversary date can be found in “My Projects” after logging in to the dbGaP authorized-access portal. IRB-approved research protocol. All investigators including any Approved User conducting “human subjects research” within the scope of 45 CFR 46 must comply with the requirements contained therein.
Customer Identification Program (A) To assist the Fund in complying with requirements regarding a customer identification program in accordance with applicable regulations promulgated by U.S. Department of Treasury under Section 326 of the USA PATRIOT Act ("CIP Regulations"), BNYM will do the following: (i) Implement procedures which require that prior to establishing a new account in the Fund BNYM obtain the name, date of birth (for natural persons only), address and government-issued identification number (collectively, the "Data Elements") for the "Customer" (defined for purposes of this Agreement as provided in 31 CFR 1024.100(c)) associated with the new account. (ii) Use collected Data Elements to attempt to reasonably verify the identity of each new Customer promptly before or after each corresponding new account is opened. Methods of verification may consist of non-documentary methods (for which BNYM may use unaffiliated information vendors to assist with such verifications) and documentary methods (as permitted by 31 CFR 1024.220), and may include procedures under which BNYM personnel perform enhanced due diligence to verify the identities of Customers the identities of whom were not successfully verified through the first- level (which will typically be reliance on results obtained from an information vendor) verification process(es). (iii) Record the Data Elements and maintain records relating to verification of new Customers consistent with 31 CFR 1024.220(a)(3). (iv) Regularly report to the Fund about measures taken under (i)-(iii) above. (v) If BNYM provides services by which prospective Customers may subscribe for shares in the Fund via the Internet or telephone, BNYM will work with the Fund to notify prospective Customers, consistent with 31 CFR 1024.220(a)(5), about the program conducted by the Fund in accordance with the CIP Regulations. (B) To assist the Fund in complying with the Customer Due Diligence Requirements for Financial Institutions promulgated by FinCEN (31 CFR § 1020.230) pursuant to the Bank Secrecy Act ("CDD Rule"), BNYM will maintain and implement written procedures that are reasonably designed to: (i) Obtain information of a nature and in a manner permitted or required by the CCD Rule in order to identify each natural person who is a "beneficial owner" (as that term is defined in the CDD Rule) of a legal entity at the time that such legal entity seeks to open an account as a shareholder of the Fund, unless that legal entity is excluded from the CDD Rule or an exemption provided for in the CDD Rule applies; and (ii) Verify the identity of each beneficial owner so identified according to risk based procedures to the extent reasonable and practicable, in accordance with the minimum requirements of the CDD Rule. (C) Nothing in Section (3) shall be construed to require BNYM to perform any course of conduct that is not required for Fund compliance with the CIP Regulations or CDD Rule, including by way of illustration not limitation the collection of Data Elements or verification of identity for individuals opening Fund accounts through financial intermediaries which use the facilities of the NSCC. (D) BNYM agrees to permit inspections relating to the CIP services provided hereunder by U.S. Federal departments or regulatory' agencies with appropriate jurisdiction and to make available to examiners from such departments or regulatory agencies such information and records relating to the CIP services provided hereunder as such examiners shall reasonably request.
Indirect Identifiers Any information that, either alone or in aggregate, would allow a reasonable person to be able to identify a student to a reasonable certainty Information in the Student’s Educational Record Information in the Student’s Email
Customer Identification Unless Elastic has first obtained Customer's prior written consent, Elastic shall not identify Customer as a user of the Products, on its website, through a press release issued by Elastic and in other promotional materials.
Research Use Reporting To assure adherence to NIH GDS Policy, the PI agrees to provide annual Progress Updates as part of the annual Project Renewal or Project Close-out processes, prior to the expiration of the one (1) year data access period. The PI who is seeking Renewal or Close-out of a project agree to complete the appropriate online forms and provide specific information such as how the data have been used, including publications or presentations that resulted from the use of the requested dataset(s), a summary of any plans for future research use (if the PI is seeking renewal), any violations of the terms of access described within this Agreement and the implemented remediation, and information on any downstream intellectual property generated from the data. The PI also may include general comments regarding suggestions for improving the data access process in general. Information provided in the progress updates helps NIH evaluate program activities and may be considered by the NIH GDS governance committees as part of NIH’s effort to provide ongoing stewardship of data sharing activities subject to the NIH GDS Policy.
Anti-Money Laundering and Identity Theft Prevention Related Duties Subject to the terms and conditions set forth herein, the Trust hereby delegates to the Transfer Agent the Delegated Anti-Money Laundering Duties and, where applicable, the Delegated Identity Theft Prevention Duties that are set forth in the Trust’s Anti-Money Laundering (“AML”) Program and Identity Theft Prevention Program (“IDTPP”) as described below. The Transfer Agent agrees to perform the Delegated Anti-Money Laundering Duties and the Delegated Identity Theft Prevention Duties, with respect to ownership of shares in the Fund for which the Transfer Agent maintains the applicable information subject to and in accordance with the terms and conditions of the Contract.
Anti-Money Laundering and Red Flag Identity Theft Prevention Programs The Trust acknowledges that it has had an opportunity to review, consider and comment upon the written procedures provided by USBFS describing various tools used by USBFS which are designed to promote the detection and reporting of potential money laundering activity and identity theft by monitoring certain aspects of shareholder activity as well as written procedures for verifying a customer’s identity (collectively, the “Procedures”). Further, the Trust and USBFS have each determined that the Procedures, as part of the Trust’s overall Anti-Money Laundering Program and Red Flag Identity Theft Prevention Program, are reasonably designed to: (i) prevent each Fund from being used for money laundering or the financing of terrorist activities; (ii) prevent identity theft; and (iii) achieve compliance with the applicable provisions of the Bank Secrecy Act, Fair and Accurate Credit Transactions Act of 2003 and the USA Patriot Act of 2001 and the implementing regulations thereunder. Based on this determination, the Trust hereby instructs and directs USBFS to implement the Procedures on the Trust’s behalf, as such may be amended or revised from time to time. It is contemplated that these Procedures will be amended from time to time by the parties as additional regulations are adopted and/or regulatory guidance is provided relating to the Trust’s anti-money laundering and identity theft responsibilities. USBFS agrees to provide to the Trust: (a) Prompt written notification of any transaction or combination of transactions that USBFS believes, based on the Procedures, evidence money laundering or identity theft activities in connection with the Trust or any Fund shareholder; (b) Prompt written notification of any customer(s) that USBFS reasonably believes, based upon the Procedures, to be engaged in money laundering or identity theft activities, provided that the Trust agrees not to communicate this information to the customer; (c) Any reports received by USBFS from any government agency or applicable industry self-regulatory organization pertaining to USBFS’ Anti-Money Laundering Program or the Red Flag Identity Theft Prevention Program on behalf of the Trust; (d) Prompt written notification of any action taken in response to anti-money laundering violations or identity theft activity as described in (a), (b) or (c) immediately above; and (e) Certified annual and quarterly reports of its monitoring and customer identification activities pursuant to the Procedures on behalf of the Trust. The Trust hereby directs, and USBFS acknowledges, that USBFS shall (i) permit federal regulators access to such information and records maintained by USBFS and relating to USBFS’ implementation of the Procedures, on behalf of the Trust, as they may request, and (ii) permit such federal regulators to inspect USBFS’ implementation of the Procedures on behalf of the Trust.
Safeguarding and Protecting Children and Vulnerable Adults The Supplier will comply with all applicable legislation and codes of practice, including, where applicable, all legislation and statutory guidance relevant to the safeguarding and protection of children and vulnerable adults and with the British Council’s Child Protection Policy, as notified to the Supplier and amended from time to time, which the Supplier acknowledges may include submitting to a check by the UK Disclosure & Barring Service (DBS) or the equivalent local service; in addition, the Supplier will ensure that, where it engages any other party to supply any of the Services under this Agreement, that that party will also comply with the same requirements as if they were a party to this Agreement.
Personally Identifiable Information (PII); Security a. If Grantee or any of its subcontractors may or will create, receive, store or transmit PII under the terms of this Agreement, Grantee must provide for the security of such PII, in a form acceptable to Florida Housing, without limitation, non-disclosure, use of appropriate technology, security practices, computer access security, data access security, data storage encryption, data transmission encryption, security inspections and audits. Grantee shall take full responsibility for the security of all data in its possession or in the possession of its subcontractors and shall hold Florida Housing harmless for any damages or liabilities resulting from the unauthorized disclosure of loss thereof. b. If Grantee or any of its subcontractors may or will create, receive, store or transmit PII under the terms of this Agreement, Grantee shall provide Florida Housing with insurance information for stand-alone cyber liability coverage, including the limits available and retention levels. If Grantee does not carry stand-alone cyber liability coverage, Grantee agrees to indemnify costs related to notification, legal fees, judgments, settlements, forensic experts, public relations efforts, and loss of any business income related to this Agreement. c. Grantee agrees to maintain written policies and procedures for PII and/or data classification. This plan must include disciplinary processes for employees that violate these guidelines. d. Grantee agrees at all times to maintain reasonable network security that, at a minimum, includes a network firewall. e. Grantee agrees to protect and maintain the security of data with protection security measures that include maintaining secure environments that are patched and up to date with all appropriate security updates as designated by a relevant authority (e.g. Microsoft notifications, Common Vulnerabilities and Exposures (CVE) database, etc.) Grantee agrees that PII shall be appropriately destroyed based on the format stored upon the expiration of any applicable retention schedules. f. Grantee agrees that any and all transmission or exchange of system application data with Florida Housing and/or any other parties shall take place via secure Advanced Encryption Standards (AES), e.g. HTTPS, FTPS, SFTP or equivalent means. All data stored as a part of backup and recovery processes shall be encrypted, using AES. g. If Grantee reasonably suspects that a cybersecurity event or breach of security has occurred, they must notify Florida Housing’s Contract Administrator within 48 hours. h. In the event of a breach of PII or other sensitive data, Grantee must abide by provisions set forth in Section 501.171, Fla. Stat. Additionally, Grantee must immediately notify Florida Housing in writing of the breach and any actions taken in response to such a breach. As the information becomes available the statement must include, at a minimum, the date(s) and number of records affected by unauthorized access, distribution, use, modification or disclosure of PII; Grantee’s corrective action plan; and the timelines associated with the corrective action plan.
