Data Security and Privacy. (a) Each Group Member is, and at all times, has been, in compliance in all material respects with (i) all applicable Data Protection Laws, including, to the extent applicable, but not limited to the GDPR and those relating to cross-border transfers; (ii) all applicable contractual obligations of each Loan Party and its Subsidiaries concerning data privacy and security relating to Personal Data in the possession or control of any Group Member or maintained by third parties on behalf of such Group Member and having access to such information under contracts (or portions thereof) to which a Group Member is a party; and (iii) all applicable data transfer agreements and data processing agreements, including the EU standard contractual clauses, to which a Group Member is a party (collectively, “Privacy Agreements”):
(b) Each Group Member is, and has been, in compliance in all material respects with all applicable prior and current written internal and public-facing privacy policies and notices of the Group Members regarding the collection, retention, use, processing, disclosure and distribution of Personal Data by the Group Members or their respective agents (collectively, the “Privacy Policies”), and the Privacy Policies have been maintained to be consistent in all material respects with the actual practices of each Group Member. The Privacy Policies contemplate the Group Members’ current uses of the Personal Data, and to the extent required under applicable Data Protection Laws, each Group Member has sought and obtained the appropriate consent from the applicable data subject for such uses. The Privacy Policies have made all material disclosures to users, customers, employees, or other individuals required by Data Protection Laws.
(c) Each Group Member has implemented and maintains a commercially reasonable security program (“Security Program”) that (i) complies in all material respects with all applicable Data Protection Laws, applicable Privacy Policies, and applicable Privacy Agreements, and (ii) includes commercially reasonable administrative, technical, organization, and physical security procedures and measures designed to preserve the security and integrity of all Personal Data and any other sensitive or confidential information or data related to each Group Member (collectively, “Company Sensitive Information”) in such Group Member’s possession or control and to protect such Company Sensitive Information against unauthorized or unlawful processing, acc...
Data Security and Privacy. (a) Each Credit Party and its Subsidiaries will maintain compliance in all material respects with (i) all applicable Data Protection Laws, including but not limited to the GDPR and other laws relating to cross-border transfers of Personal Data; (ii) all applicable contractual obligations concerning data privacy and security relating to Personal Data in the possession or control of a Credit Party or a Subsidiary or maintained by third parties as processors on behalf of such Credit Party or Subsidiary and having access to such information under contracts (or portions thereof) to which a Credit Party or a Subsidiary is a party; and (iii) the Privacy Agreements.
(b) Each Credit Party and its Subsidiaries will maintain compliance in all material respects with all Privacy Policies consistent with the actual practices of each Credit Party and its Subsidiaries. In connection with the Credit Parties’ and their Subsidiaries’ uses of the Personal Data as permitted by the Privacy Policies, each Credit Party and its Subsidiaries will obtain the appropriate consent from the applicable data subject necessary for such uses, to the extent required under applicable Data Protection Laws. All Privacy Policies in place will make appropriate disclosures to users, customers, employees, and other individuals as required by Data Protection Laws.
(c) Each Credit Party and its Subsidiaries will maintain and comply in all material respects with its Security Program. Any Security Program of the Credit Parties or their Subsidiaries will at all times (i) comply in all material respects with all applicable Data Protection Laws, applicable Privacy Policies, and applicable Privacy Agreements, and (ii) include and incorporate commercially reasonable administrative, technical, organization, and physical security procedures and measures designed to preserve the security, integrity and confidentiality of all Personal Data or Company Sensitive Information in such Credit Party’s or Subsidiary’s possession or control, and each Credit Party and its respective Subsidiaries will use industry best practices to protect such Company Sensitive Information against unauthorized or unlawful processing, access, acquisition, use, theft, interruption, modification, disclosure, loss, destruction or damage.
(d) The Credit Parties shall take commercially reasonable steps designed to ensure that no material (i) incidents of unauthorized access, use, intrusion, disclosure or breach of the security of any informati...
Data Security and Privacy. 12.1 SERVICE PROVIDER acknowledges the importance of Data Security and agrees to adhere to the Terms and Conditions of the Data Security Policy of IIMC.
12.2 IIMC shall provide the SERVICE PROVIDER with a copy of the IIMC Data Security Policy, within a reasonable time upon signing of the Agreement.
12.3 SERVICE PROVIDER agrees that in case of breach of any of the terms of the Data Security Policy of IIMC by any its employees, the SERVICE PROVIDER shall be held liable and penalised by IIMC.
12.4 The IIMC Authorised Person shall have the sole and final powers in determining what constitutes a Breach of the Data Security policy of IIMC.
12.5 Contractor further ensures to comply with the terms and conditions and all such requirements of the Security Policies, as may be changed from time-to-time.
Data Security and Privacy. 4.1 Merchant will retain in a secure and confidential manner, in accordance with the Operating Rules, original or complete and legible copies of each Charge Record, and each Credit Voucher required to be provided to Cardholders, for at least two (2) years or longer if required by law or the Operating Rules. Merchant shall render any materials containing Cardholder Account numbers unreadable prior to discarding. Merchant will store Charge Records in an area limited to selected personnel, and when record-retention requirements have been met, Merchant will destroy the records so that Charge Records are rendered unreadable. Merchant confirms that it is, and shall be, in full compliance during the term of this Agreement with all federal, state and local statutes, rules and regulations (including without limitation the information privacy and security requirements of the Gramm Xxxxx Xxxxxx Act and regulations thereunder), as well as all Operating Rules, regulations and bylaws of the Card Networks and the Security Standards. Merchant will have in place and comply with at all times during the term of this Agreement a comprehensive written information security program that is designed to ensure the security, confidentiality and integrity of Transaction and Cardholder information, and includes a procedure (i) for periodic review to identify new and emerging threats and vulnerabilities and (ii) to take appropriate measures to remediate and remove such threats and vulnerabilities, all in accordance with the Security Standards. The Card Networks or Provider, and their respective representatives, may inspect the premises of Merchant or any independent contractor or agent or Merchant Servicer engaged by Merchant for compliance with security requirements. Merchant acknowledges that any failure to comply with security requirements, or to demonstrate compliance, may result in the imposition of restrictions on Merchant or the permanent prohibition of Merchant's participation in Card Programs by the Card Networks. Without limitation as to Merchant's obligations or liabilities under other provisions hereof, Merchant hereby agrees to indemnify Processor and Merchant Bank, including their officers, directors, employees, and agents, and to hold them harmless from any fines, assessments, fees and/or penalties that may be assessed by the Card Networks or any governmental agency in regards to PCI-DSS or PA-DSS or otherwise in regards to data security or any actual or suspected data ...
Data Security and Privacy. 9.1. Definition: For the purpose of Agreement, "Data Protection Law" means applicable laws relating to privacy and data protection, including in the case of University, the Family Educational Rights and Privacy Act ("FERPA"), and other applicable U.S. federal and California state laws on privacy and data protection; and in the case of Company, Company's applicable national and local laws on privacy and data protection. In the event any Protected Information is revealed, shared, or exchanged between the Parties, each Party agrees to comply with its obligations under all applicable Data Protection Law, and as required under Agreement. To the extent that any laws or regulations of the home country or region of a Party has extra- territorial application such as to impose legal obligations on the other Party or its conduct outside such home country or region, the other Party upon request will provide reasonable assistance to such other Party in satisfying such obligation as necessary to implement Agreement. Such reasonable assistance shall not include legal advice or opinion.
Data Security and Privacy. The Company and each of its Subsidiaries (i) is, and since the Look-Back Date has been, in compliance in all material respects with all Data Security Requirements; and (ii) since the Look-Back Date, has taken commercially reasonable steps consistent with standard industry practice by companies of similar size, and in compliance in all material respects with the Data Security Requirements to protect (A) the confidentiality, integrity, availability, and security of its Business Systems; and (B) Sensitive Data Processed by the Company or any of its Subsidiaries from unauthorized use, access, disclosure, theft, and modification. Except as would not, individually or in the aggregate, be material to the business of the Company Group, taken as a whole, the Company and each of its Subsidiaries have implemented since the Look-Back Date, and maintain, a written information security program comprising reasonable organizational, administrative, physical, and technical safeguards designed to protect the security, confidentiality, integrity, and availability of its Business Systems and all Sensitive Data it Processes that are consistent with all Laws and Contracts applicable to any member of the Company Group. Except as would not, individually or in the aggregate, be material to the business of the Company Group, taken as a whole, there are no pending complaints, investigations, inquiries, notices, enforcement proceedings, or actions by or before any Governmental Authority, and, since the Look-Back Date, no fines or other penalties have been imposed on or claims for compensation have been received by the Company or any Subsidiary, in connection with any Specified Data Breach. Except as would not, individually or in the aggregate, be material to the business of the Company Group, taken as a whole, the Company and each of its Subsidiaries have not since the Look-Back Date, (1) experienced any Specified Data Breaches; or (2) experienced any unauthorized access or acquisition of any Sensitive Data Processed by any member of the Company Group or by any third party service provider on behalf of any member of the Company Group. Except as would not, individually or in the aggregate, be material to the business of the Company Group, taken as a whole, the Company and each of its Subsidiaries have not since the Look-Back Date, been involved in any Legal Proceedings or received any notice of any claims or investigations related to any violation of any Data Security Requirement by a...
Data Security and Privacy. You represent to us that you do not have access to Card information (such as the cardholder’s account number, expiration date, and CVV2) and you will not request access to such Card information from us. In the event that you receive such Card information in connection with the processing services provided under this Agreement, you agree that you will not use it for any fraudulent purpose or in violation of any Card Organization Rules, including but not limited to Payment Card Industry Data Security Standards (“PCI DSS”) or applicable law. If at any time you believe that Card information has been compromised, you must notify us promptly and assist in providing notification to the proper parties. You must ensure your compliance and that of any third party service provider utilized by you, with all security standards and guidelines that are applicable to you and published from time to time by Visa, MasterCard or any other Card Organization, including, without limitation, the Visa U.S.A. Cardholder Information Security Program (“CISP”), the MasterCard Site Data Protection (“SDP”), and (where applicable), the PCI Security Standards Council, Visa, and MasterCard PA-DSS (“Payment Application Data Security Standards”) (collectively, the "Security Guidelines"). If any Card Organization requires an audit of you due to a data security compromise event or suspected event, you agree to cooperate with such audit. You may not use any Card information other than for the sole purpose of completing the transaction authorized by the customer for which the information was provided to you, or as specifically allowed by Card Organization Rules, Your Card Acceptance Guide or required by law.
Data Security and Privacy. 5.1 The Client will provide the Data to DataFix and DataFix will only use the Data as necessary to carry out its obligations under this Agreement, and for no other purpose without the prior written consent of the Client.
5.2 DataFix shall comply with all the confidentiality, security and privacy requirements set out in this Agreement, and any additional Security and Privacy Requirements with respect to the Data that have been provided to DataFix, by the Client, in writing. To the extent DataFix possesses any Data in any form, medium or device during the Term of this Agreement or after the expiration of the Term, the foregoing obligations shall survive and continue to be in legal effect.
5.3 DataFix shall ensure that its employees and contractors are aware of their obligations regarding data security and privacy under this Section 5.0.DataFix shall limit access to Personal Information to its authorized representatives who have a clear need to know in order to provide the Services. DataFix shall ensure that such representatives have agreed to protect the confidentiality and security of the Personal Information to at least the extent provided by this Agreement and DataFix shall properly advise such representatives of the requirements under this Agreement.
5.4 DataFix will protect the security and confidentiality of the Personal Information to at least the same standard as DataFix protects its own most sensitive Confidential Information and, in any event, to at least the standard required by applicable Laws.
5.5 If either Party becomes aware of or reasonably suspects that there has been any unauthorized or improper access to, use or disclosure of any of the Personal Information
(a “Security Incident”), such Party will notify the other Party forthwith and, take all reasonable steps to mitigate the Security Incident.
5.6 Without limiting any other provision in this Agreement regarding the security of information, DataFix shall have in place reasonable policies, procedures, and safeguards to protect the confidentiality and security of the Personal Information. DataFix shall ensure the physical security of the Personal Information by making reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure, disposal, loss, or modification.
Data Security and Privacy insightsoftware will use reasonable efforts, but no less than the efforts that insightsoftware uses to protect its own data of like importance, to protect the security of Customer Content while such Customer Content is held within insightsoftware’s systems, employing the data security procedures and tools described in, and in accordance with the terms of, the insightsoftware Security Addendum, available at xxxxx://xxxxxxxxxxxxxxx.xxx/legal/contracts/info-security-addendum/ (“the Security Addendum”). insightsoftware will process personal data on Customer’s behalf as set forth in the insightsoftware Data Processing Addendum available at xxxxx://xxxxxxxxxxxxxxx.xxx/legal/contracts/data-processing-addendum/, which is hereby incorporated by reference.
Data Security and Privacy.
11.1 Supplier will implement and maintain privacy and security measures to protect DXC Data, Services and Products in accordance with the Data Network Security Schedule ("DNSS") herein below. Additionally, these terms may be updated from time to time, and any such update may be reflected on the Supplier Portal (xxxx://xxxxxx0.xxx.xxxxxxxxxx/contact_us/downloads/Data_Network_and_Securi ty_Schedule-DNSS.pdf) These terms may be modified from time to time. Any terms not defined within this document will rely on the definition in the DNSS.
