Data Export Except as permitted in writing by Citizens’ Contract Manager or designee, Vendor and Vendor Staff are prohibited from: (a) performing any Services outside of the United States; or, (b) sending, transmitting, or accessing any Citizens Confidential Information outside of the United States.
Supplier Diversity Seller shall comply with Xxxxx’s Supplier Diversity Program in accordance with Appendix V.
Obligations of the data exporter The data exporter agrees and warrants:
(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
(b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses;
(c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;
(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
(e) that it will ensure compliance with the security measures;
(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
(g) to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
(i) that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
(j) that it will ensure compliance with Clause 4(a) to (i). The data importer agrees and warrants:
(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;
(d) that it will promptly notify the data exporter about:
(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
(ii) any accidental or unauthorised access, and
(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
(f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
(h) that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;
(i) that the processing services by the subprocessor will be carried out in accordance with Clause 11;
(j) to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.
The Web Services E-Verify Employer Agent agrees to, consistent with applicable laws, regulations, and policies, commit sufficient personnel and resources to meet the requirements of this MOU.
Data Input Control It will be possible to retrospectively examine and establish whether and by whom Personal Data have been entered, modified or removed from SAP data processing systems.
Distributor The Trust hereby appoints the Distributor as general distributor of shares of beneficial interest (“Series shares”) of the Trust’s WCM Funds series (the “Series”) during the term of this Agreement. The Trust reserves the right, however, to refuse at any time or times to sell any Series shares hereunder for any reason deemed adequate by the Board of Trustees of the Trust.
Subscriber Data Subscriber will timely supply Netgateway, in a form acceptable to Netgateway, with all data necessary for Netgateway to perform the ongoing services to be provided hereunder. It is the sole responsibility of Subscriber to insure the completeness and accuracy of such data.
Data Encryption Contractor must encrypt all State data at rest and in transit, in compliance with FIPS Publication 140-2 or applicable law, regulation or rule, whichever is a higher standard. All encryption keys must be unique to State data. Contractor will secure and protect all encryption keys to State data. Encryption keys to State data will only be accessed by Contractor as necessary for performance of this Contract.
The Contractor must 16.1.1. treat all Authority Protected Information as confidential and safeguard it accordingly, implementing appropriate technical and organisational measures to protect Authority Protected Information against disclosure;
16.1.2. only use the Authority Protected Information for the purposes of performing its obligations under the Framework Agreement;
16.1.3. only disclose the Authority Protected Information to such Contractor Representatives that are directly involved in the performance of the Framework Agreement and need to know the information; and
16.1.4. not disclose any Authority Protected Information without the prior written consent of the Authority.
Device Data We may share certain personal information and device-identifying technical data about you and your devices with third party service providers, who will compare and add device data and fraud data from and about you to a database of similar device and fraud information in order to provide fraud management and prevention services, which include but are not limited to identifying and blocking access to the applicable service or Web site by devices associated with fraudulent or abusive activity. Such information may be used by us and our third party service providers to provide similar fraud management and prevention services for services or Web sites not provided by us. We will not share with service providers any information that personally identifies the user of the applicable device.
