Common use of Xxxxx-Xxxxx-Xxxxxx Privacy Requirements Clause in Contracts

Xxxxx-Xxxxx-Xxxxxx Privacy Requirements. The Ceding Company and Reinsurer are “financial institutions” as that term is used in Title V of the Xxxxx-Xxxxx-Xxxxxx Act. The Parties may, from time to time, come into possession of “non-public personal information” as defined in Title V of the Xxxxx-Xxxxx-Xxxxxx Act. The “non-public personal information” may be transmitted by either the Ceding Company or Reinsurer to the other in accordance with the transmitting party’s then current privacy policy and practices, in order to allow the other party to perform pursuant to this Agreement. During the continuation of this Agreement and after its termination, the Ceding Company or Reinsurer shall at all times use reasonable care to maintain the confidentiality of the “non-public personal information” and shall not make any use of the “non-public personal information” beyond the purpose for which it was disclosed. The Ceding Company and Reinsurer agree that they will not transfer information to a third party, except as provided in this Agreement or as permitted by law. The Reinsurer will obtain agreements from any third parties or Reinsurers receiving non-public personal information that requires the use of reasonable care to maintain the confidentiality of the “non-public personal information”. “Non-public personal information” does not include de-identified personal data, i.e., information that does not identify, or could not reasonably be associated with, an individual. Reinsurer agrees to restrict access to personal information to those employees who need to know that information and represents that it has appropriate measures to establish a security program with respect to personal information which: (i) ensures the security and confidentiality of personal information, (ii) protects against any anticipated threats or hazards to the security or integrity of personal information, and (iii) protects against any unauthorized access to or use of

Xxxxx-Xxxxx-Xxxxxx Privacy Requirements. The Ceding Company and Reinsurer are “financial institutions” as that term is used in Title V of the Xxxxx-Xxxxx-Xxxxxx Act. The Parties may, from time to time, come into possession of “non-public personal information” as defined in Title V of the Xxxxx-Xxxxx-Xxxxxx Act. The “non-public personal information” may be transmitted by either the Ceding Company or Reinsurer to the other in accordance with the transmitting party’s then current privacy policy and practices, in order to allow the other party to perform pursuant to this Agreement. During the continuation of this Agreement and after its termination, the Ceding Company or Reinsurer shall at all times use reasonable care to maintain the confidentiality of the “non-public personal information” and shall not make any use of the “non-public personal information” beyond the purpose for which it was disclosed. The Ceding Company and Reinsurer agree that they will not transfer information to a third party, except as provided in this Agreement or as permitted by law. The Reinsurer will obtain agreements from any third parties or Reinsurers receiving non-public personal information that requires the use of reasonable care to maintain the confidentiality of the “non-public personal information”. “Non-public personal information” does not include de-identified personal data, i.e., information that does not identify, or could not reasonably be associated with, an individual. Reinsurer agrees to restrict access to personal information to those employees who need to know that information and represents that it has appropriate measures to establish a security program with respect to personal information which: (i) ensures the security and confidentiality of personal information, (ii) protects against any anticipated threats or hazards to the security or integrity of personal information, and (iii) protects against any unauthorized access to or use ofof such information including access or use that could result in substantial harm or inconvenience to any of Ceding Company’s consumers or customers.

Xxxxx-Xxxxx-Xxxxxx Privacy Requirements. The Ceding Company and Reinsurer are “financial institutions” as that term is used in Title V of the Xxxxx-Xxxxx-Xxxxxx Act. The Parties may, from time to time, come into possession of “non-public personal information” as defined in Title V of the Xxxxx-Xxxxx-Xxxxxx Act. The “non-public personal information” may be transmitted by either the Ceding Company or Reinsurer to the other in accordance with the transmitting party’s then current privacy policy and practices, in order to allow the other party to perform pursuant to this Agreement. During the continuation of this Agreement and after its termination, the Ceding Company or Reinsurer shall at all times use reasonable care to maintain the confidentiality of the “non-public personal information” and shall not make any use of the “non-public personal information” beyond the purpose for which it was disclosed. The Ceding Company and Reinsurer agree that they will not transfer information to a third party, except as provided in this Agreement or as permitted by law. The Reinsurer will obtain agreements from any third parties or Reinsurers receiving non-public personal information that requires the use of reasonable care to maintain the confidentiality of the “non-public personal information”. “Non-public personal information” does not include de-identified personal data, i.e., information that does not identify, or could not reasonably be associated with, an individual. Reinsurer agrees to restrict access to personal information to those employees who need to know that information and represents that it has appropriate measures to establish a security program with respect to personal information which: (i) ensures the security and confidentiality of personal information, (ii) protects against any anticipated threats or hazards to the security or integrity of personal information, and (iii) protects against any unauthorized access to or use ofof such information including access or use that could result in substantial harm or inconvenience to any of Ceding Company’s consumers or customers. Notwithstanding anything contained herein to the contrary, Reinsurer will immediately notify Ceding Company of any circumstances involving (i) a “Breach of Security” of personal information or (ii) a reasonable belief by Reinsurer that there may be a breach of security of personal information (the “Notification”). In addition to the Notification, no later than three (3) calendar days after detection (or later if legally acceptable but in no case more than 5 days) of the Breach of Security, Reinsurer will also provide Ceding Company with a report (the “Report”) summarizing the Breach of Security, which will include, at a minimum, the following: date, time, description, how the Breach of Security was detected, systems and/or data (including personal information) subject to unauthorized access, root cause, corrective action taken to date and any additional planned actions. Reinsurer will indemnify Cedin Company for any losses as a result of the breach. For purposes of this Agreement, “Breach of Security” means any

Xxxxx-Xxxxx-Xxxxxx Privacy Requirements. The Ceding Company and Reinsurer are “financial institutions” as that term is used in Title V of the Xxxxx-Xxxxx-Xxxxxx Act. The Parties may, from time to time, come into possession of “non-public personal information” as defined in Title V of the Xxxxx-Xxxxx-Xxxxxx Act. The “non-public personal information” may be transmitted by either the Ceding Company or Reinsurer to the other in accordance with the transmitting party’s then current privacy policy and practices, in order to allow the other party to perform pursuant to this Agreement. During the continuation of this Agreement and after its termination, the Ceding Company or Reinsurer shall at all times use reasonable care to maintain the confidentiality of the “non-public personal information” and shall not make any use of the “non-public personal information” beyond the purpose for which it was disclosed. The Ceding Company and Reinsurer agree that they will not transfer information to a third party, except as provided in this Agreement or as permitted by law. The Reinsurer will obtain agreements from any third parties or Reinsurers receiving non-public personal information that requires the use of reasonable care to maintain the confidentiality of the “non-public personal information”. “Non-public personal information” does not include de-identified personal data, i.e., information that does not identify, or could not reasonably be associated with, an individual. Reinsurer agrees to restrict access to non-public personal information to those employees who need to know that information and represents that it has appropriate measures to establish a security program with respect to non-public personal information which: (i) ensures the security and confidentiality of non-public personal information, (ii) protects against any anticipated threats or hazards to the security or integrity of non-public personal information, and (iii) protects against any unauthorized access to or use ofof such information including access or use that could result in substantial harm or inconvenience to any of Ceding Company’s consumers or customers. Notwithstanding anything contained herein to the contrary, Reinsurer will immediately notify Ceding Company of any circumstances involving (i) a “Breach of Security” of non-public personal information or (ii) a reasonable belief by Reinsurer that there may be a breach of security of non-public personal information (the “Notification”). In addition to the Notification, no later than three (3) business days after detection (or later if legally acceptable but in no case more than 5 days) of the Breach of Security, Reinsurer will also provide Ceding Company with a report (the “Report”) summarizing the Breach of Security, which will include, at a minimum, the following: date, time, description, how the Breach of Security was detected, systems and/or data (including non-public personal information) subject to unauthorized access, root cause, corrective action taken to date and any additional planned actions. Reinsurer will indemnify Ceding Company for any losses as a result of the breach. For purposes of this Agreement,