Customer Identification Program Notice To help the U.S. government fight the funding of terrorism and money laundering activities, U.S. Federal law requires each financial institution to obtain, verify, and record certain information that identifies each person who initially opens an account with that financial institution on or after October 1, 2003. Certain of PNC’s affiliates are financial institutions, and PNC may, as a matter of policy, request (or may have already requested) the Fund’s name, address and taxpayer identification number or other government-issued identification number, and, if such party is a natural person, that party’s date of birth. PNC may also ask (and may have already asked) for additional identifying information, and PNC may take steps (and may have already taken steps) to verify the authenticity and accuracy of these data elements.
Personal Data Processing 2.1 The Processor shall process Personal Data only on the basis of corresponding recorded orders from the Controller.
2.2 By way of exception, in particular in urgent cases, processing orders from the Data Controller may also be made orally. In this case, the Data Controller shall confirm as soon as possible and in writing, by any appropriate means, the instructions given orally.
2.3 Where the processing concerns the transmission of Personal Data to a third country outside the European Union or to an international organization, the Data Processor shall also comply with the relevant instructions of the Data Controller, unless different legal requirements exist under European Union laws or the laws of the Member State to which the Data Processor is subject. In such a case, the Data Processor shall inform the Data Controller before processing of the legal requirement in question, unless the said law prohibits this kind of information for reasons of substantial public interest.
2.4 The transmission of Personal Data to a third country outside the European Union is prohibited unless the Data Controller has given prior explicit approval to that end, and one of the following conditions is met: • the European Commission has resolved that an adequate level of protection of personal data is ensured in the country the Personal Data is to be transmitted; • the transmission is to be made to the U.S.A.; and the recipient of the Personal Data has acceded to and abides by the Privacy Shield Framework; • the transmission will be governed by the standard data protection clauses issued by the European Commission.
2.5 The Data Processor shall inform the Data Controller immediately upon receipt of the order or as soon as possible if he / she determines that the content of a particular processing order violates the Regulation and / or national law and / or the law of another Member State of the European Union (EU), and / or other provisions of EU law on the protection of Personal Data.
2.6 The Data Processor acknowledges that the Data Controller has full control over her Personal Data and determines any particular feature of the processing to which the Personal Data will be submitted. If the Data Processor ignores the instructions of the Data Controller and determines alone the scope, the means and generally any other matter concerning the processing of Personal Data, she shall render herself the Data Controller for the purposes of implementing the Regulation and the legal framework on the protection of Personal Data. The practical consequence of this is that, in addition to the full responsibility of the Processor towards the Controller, she shall carry the same level of responsibility vis-à-vis the independent supervisory authority (and any other competent state authority) as well as the Natural Persons - Data Subjects of the data being processed.
Vendor Identity and Contact Information It is Vendor’s sole responsibility to ensure that all identifying vendor information (name, EIN, d/b/a’s, etc.) and contact information is updated and current at all times within the TIPS eBid System and the TIPS Vendor Portal. It is Vendor’s sole responsibility to confirm that all e-correspondence issued from xxxx-xxx.xxx, xxxxxxx.xxx, and xxxxxxxxxxxxxxxx.xxx to Vendor’s contacts are received and are not blocked by firewall or other technology security. Failure to permit receipt of correspondence from these domains and failure to keep vendor identity and contact information current at all times during the life of the contract may cause loss of TIPS Sales, accumulating TIPS fees, missed rebid opportunities, lapse of TIPS Contract(s), and unnecessary collection or legal actions against Vendor. It is no defense to any of the foregoing or any breach of this Agreement that Vendor was not receiving TIPS’ electronic communications issued by TIPS to Vendor’s listed contacts.
No Reliance on Administrative Agent’s Customer Identification Program Each Lender acknowledges and agrees that neither such Lender, nor any of its Affiliates, participants or assignees, may rely on the Administrative Agent to carry out such Lender’s, Affiliate’s, participant’s or assignee’s customer identification program, or other obligations required or imposed under or pursuant to the USA Patriot Act or the regulations thereunder, including the regulations contained in 31 CFR 103.121 (as hereafter amended or replaced, the “CIP Regulations”), or any other Anti-Terrorism Law, including any programs involving any of the following items relating to or in connection with any of the Loan Parties, their Affiliates or their agents, the Loan Documents or the transactions hereunder or contemplated hereby: (i) any identity verification procedures, (ii) any recordkeeping, (iii) comparisons with government lists, (iv) customer notices or (v) other procedures required under the CIP Regulations or such other Laws.
Processing of Customer Personal Data 3.1 UKG will:
3.1.1 comply with all applicable Data Protection Laws in the Processing of Customer Personal Data; and
3.1.2 not Process Customer Personal Data other than for the purpose, and in accordance with, the relevant Customer’s instructions as documented in the Agreement and this DPA, unless Processing is required by the Data Protection Laws to which the relevant UKG Processor is subject, in which case UKG to the extent permitted by the Data Protection Laws, will inform Customer of that legal requirement before the Processing of that Customer Personal Data.
3.2 Customer hereby:
3.2.1 instructs UKG (and authorizes UKG to instruct each Subprocessor) to: (a) Process Customer Personal Data; and (b) in particular, transfer Customer Personal Data to any country or territory subject to the provisions of this DPA, in each case as reasonably necessary for the provision of the Services and consistent with the Agreement.
3.2.2 warrants and represents that it is and will at all relevant times remain duly and effectively authorized to give the instructions set out in Section 3.2.1 on behalf of each relevant Customer Affiliate; and
3.2.3 warrants and represents that it has all necessary rights in relation to the Customer Personal Data and/or has collected all necessary consents from Data Subjects to Process Customer Personal Data to the extent required by Applicable Law.
3.3 Schedule 1 to this DPA sets out certain information regarding UKG’s Processing of Customer Personal Data as required by Article 28(3) of the GDPR (and equivalent requirements of other Data Protection Laws).
Customer Identification Program (A) To assist the Fund in complying with requirements regarding a customer identification program in accordance with applicable regulations promulgated by U.S. Department of Treasury under Section 326 of the USA PATRIOT Act ("CIP Regulations"), BNYM will do the following:
(i) Implement procedures which require that prior to establishing a new account in the Fund BNYM obtain the name, date of birth (for natural persons only), address and government-issued identification number (collectively, the "Data Elements") for the "Customer" (defined for purposes of this Agreement as provided in 31 CFR 1024.100(c)) associated with the new account.
(ii) Use collected Data Elements to attempt to reasonably verify the identity of each new Customer promptly before or after each corresponding new account is opened. Methods of verification may consist of non-documentary methods (for which BNYM may use unaffiliated information vendors to assist with such verifications) and documentary methods (as permitted by 31 CFR 1024.220), and may include procedures under which BNYM personnel perform enhanced due diligence to verify the identities of Customers the identities of whom were not successfully verified through the first- level (which will typically be reliance on results obtained from an information vendor) verification process(es).
(iii) Record the Data Elements and maintain records relating to verification of new Customers consistent with 31 CFR 1024.220(a)(3).
(iv) Regularly report to the Fund about measures taken under (i)-(iii) above.
(v) If BNYM provides services by which prospective Customers may subscribe for shares in the Fund via the Internet or telephone, BNYM will work with the Fund to notify prospective Customers, consistent with 31 CFR 1024.220(a)(5), about the program conducted by the Fund in accordance with the CIP Regulations.
(B) To assist the Fund in complying with the Customer Due Diligence Requirements for Financial Institutions promulgated by FinCEN (31 CFR § 1020.230) pursuant to the Bank Secrecy Act ("CDD Rule"), BNYM will maintain and implement written procedures that are reasonably designed to:
(i) Obtain information of a nature and in a manner permitted or required by the CCD Rule in order to identify each natural person who is a "beneficial owner" (as that term is defined in the CDD Rule) of a legal entity at the time that such legal entity seeks to open an account as a shareholder of the Fund, unless that legal entity is excluded from the CDD Rule or an exemption provided for in the CDD Rule applies; and
(ii) Verify the identity of each beneficial owner so identified according to risk based procedures to the extent reasonable and practicable, in accordance with the minimum requirements of the CDD Rule.
(C) Nothing in Section (3) shall be construed to require BNYM to perform any course of conduct that is not required for Fund compliance with the CIP Regulations or CDD Rule, including by way of illustration not limitation the collection of Data Elements or verification of identity for individuals opening Fund accounts through financial intermediaries which use the facilities of the NSCC.
(D) BNYM agrees to permit inspections relating to the CIP services provided hereunder by U.S. Federal departments or regulatory' agencies with appropriate jurisdiction and to make available to examiners from such departments or regulatory agencies such information and records relating to the CIP services provided hereunder as such examiners shall reasonably request.
Customer Identification Unless Elastic has first obtained Customer's prior written consent, Elastic shall not identify Customer as a user of the Products, on its website, through a press release issued by Elastic and in other promotional materials.
Processing of Personal Data 1.1. With regard to the Processing of Personal Data, You are the controller and determine the purposes and means of Processing of Personal Data You provide to Us (“Controller”) and You appoint Us as a processor (“Processor”) to process such Personal Data (hereinafter, “Data”) on Your behalf (hereinafter, “Processing”).
1.2. The details of the type and purpose of Processing are defined in the Exhibits attached hereto. Except where the DPA stipulates obligations beyond the Term of the Agreement, the duration of this DPA shall be the same as the Agreement Term.
1.3. You shall be solely responsible for compliance with Your obligations under the applicable Data Protection Laws, including, but not limited to, the lawful disclosure and transfer of Personal Data to Us by upload of source data into the Cloud Service or otherwise.
1.4. Processing shall include all activities detailed in this Agreement and the instructions issued by You. You may, in writing, modify, amend, or replace such instructions by issuing such further instructions to the point of contact designated by Us. Instructions not foreseen in or covered by the Agreement shall be treated as requests for changes. You shall, without undue delay, confirm in writing any instruction issued orally. Where We believe that an instruction would be in breach of applicable law, We shall notify You of such belief without undue delay. We shall be entitled to suspend performance on such instruction until You confirm or modify such instruction.
1.5. We shall ensure that all personnel involved in Processing of Customer Data and other such persons as may be involved in Processing shall only do so within the scope of the instructions. We shall ensure that any person Processing Customer Data is subject to confidentiality obligations similar to the confidentiality terms of the Agreement. All such confidentiality obligations shall survive the termination or expiration of such Processing.
Data Protection and Confidentiality 9.5.1 The Tenant’s personal data, which will be processed in the execution of this Agreement will be handled in accordance with the General Data Protection Regulation (EU) 2016/679. Further details regarding this processing activity is set out in the associated Privacy Notice, which can be found at: xxxxx://xxx.xxxxxxx.xxx/privacy-policy
Handling Sensitive Personal Information and Breach Notification A. As part of its contract with HHSC Contractor may receive or create sensitive personal information, as section 521.002 of the Business and Commerce Code defines that phrase. Contractor must use appropriate safeguards to protect this sensitive personal information. These safeguards must include maintaining the sensitive personal information in a form that is unusable, unreadable, or indecipherable to unauthorized persons. Contractor may consult the “Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals” issued by the U.S. Department of Health and Human Services to determine ways to meet this standard.
B. Contractor must notify HHSC of any confirmed or suspected unauthorized acquisition, access, use or disclosure of sensitive personal information related to this Contract, including any breach of system security, as section 521.053 of the Business and Commerce Code defines that phrase. Contractor must submit a written report to HHSC as soon as possible but no later than 10 business days after discovering the unauthorized acquisition, access, use or disclosure. The written report must identify everyone whose sensitive personal information has been or is reasonably believed to have been compromised.
C. Contractor must either disclose the unauthorized acquisition, access, use or disclosure to everyone whose sensitive personal information has been or is reasonably believed to have been compromised or pay the expenses associated with HHSC doing the disclosure if:
1. Contractor experiences a breach of system security involving information owned by HHSC for which disclosure or notification is required under section 521.053 of the Business and Commerce Code; or
2. Contractor experiences a breach of unsecured protected health information, as 45 C.F.R. §164.402 defines that phrase, and HHSC becomes responsible for doing the notification required by 45 C.F.R. §164.404. HHSC may, at its discretion, waive Contractor's payment of expenses associated with HHSC doing the disclosure.
