Use of Issuer PII. The Issuer does not grant the Asset Representations Reviewer any rights to Issuer PII except as provided in this Agreement. The Asset Representations Reviewer will use Issuer PII only to perform its obligations under this Agreement or as specifically directed in writing by the Issuer and will only reproduce Issuer PII to the extent necessary for these purposes. The Asset Representations Reviewer must comply with all laws applicable to PII, Issuer PII and the Asset Representations Reviewer’s business, including any legally required codes of conduct, including those relating to privacy, security and data protection. The Asset Representations Reviewer will protect and secure Issuer PII. The Asset Representations Reviewer will implement privacy or data protection policies and procedures that comply with applicable law and this Agreement. The Asset Representations Reviewer will implement and maintain reasonable and appropriate practices, procedures and systems, including administrative, technical and physical safeguards to (i) protect the security, confidentiality and integrity of Issuer PII, (ii) ensure against anticipated threats or hazards to the security or integrity of Issuer PII, (iii) protect against unauthorized access to or use of Issuer PII and (iv) otherwise comply with its obligations under this Agreement. These safeguards include a written data security plan, employee training, information access controls, restricted disclosures, systems protections (e.g., intrusion protection, data storage protection and data transmission protection) and physical security measures.
Use of Issuer PII. The Asset Representations Reviewer will not disclose Issuer PII to its personnel or allow its personnel access to Issuer PII except (A) for the Asset Representations Reviewer personnel who require Issuer PII to perform a Review, (B) with the prior consent of the Issuer and the Servicer or (C) as required by applicable law. When permitted, the disclosure of or access to Issuer PII will be limited to the specific information necessary for the individual to complete the assigned task. The Asset Representations Reviewer will inform personnel with access to Issuer PII of the confidentiality requirements in this Agreement and train its personnel with access to Issuer PII on the proper use and protection of Issuer PII. The Asset Representations Reviewer will not sell, disclose, provide or exchange Issuer PII with or to any third party without the prior consent of the Issuer and the Servicer.
Use of Issuer PII. The Issuer does not grant the Asset Representations Reviewer any rights to Issuer PII except as provided in this Agreement. The Asset Representations Reviewer will use Issuer PII only to perform its obligations under this Agreement or as specifically directed in writing by the Issuer and will only reproduce Issuer PII to the extent necessary for these purposes. The Asset Representations Reviewer must comply with all laws, rules, regulations and orders (including without limitation § 501(b) of the Gxxxx-Xxxxx-Xxxxxx Act and the Interagency Guidelines Establishing Standards for Safeguarding Customer Information (12 C.F.R. Section 208, Appendix D-2)) applicable to PII, Issuer PII or the Asset Representations Reviewer's business, including any legally required codes of conduct, including those relating to privacy, security and data protection (collectively, “Privacy Laws”). The Asset Representations Reviewer will protect and secure Issuer PII and prevent the improper use or disclosure thereof. The Asset Representations Reviewer will implement privacy or data protection policies and procedures that comply with applicable law and this Agreement. The Asset Representations Reviewer will implement and maintain reasonable and appropriate practices, procedures and systems, including administrative, technical and physical safeguards to (i) protect the security, confidentiality and integrity of Issuer PII, (ii) ensure against anticipated threats or hazards to the security or integrity of Issuer PII, (iii) protect against unauthorized access to or use of Issuer PII and (iv) otherwise comply with its obligations under this Agreement. These safeguards include a written data security plan, employee training, information access controls, restricted disclosures, systems protections (e.g., intrusion protection, data storage protection and data transmission protection) and physical security measures.
