Data Compliance Clause Samples

Data Compliance. 16.1. In connection with its provision of the Services under this Agreement, the Service Provider shall comply with applicable data security and privacy laws (including any applicable laws pertaining to Contractor’s handling of Personally Identifiable Information (PII), notification of security breaches, social security number protection. With respect to Contractor’s Ethernet Dedicated Internet Services, Ethernet Transport Services and Business Internet Services provided hereunder, Contractor shall adhere to the standards set forth in: X Publicly available information ▪ NIST 800-171 X Confidential Personally Identifiable Information (PII) ▪ State law on Notification of Security Breaches ▪ State Law on Social Security Number Protection ▪ State law on the Protection of Personal Information ▪ National Institute of Standards & Technology: NIST SP 800-53 Revision 4 “Moderate” risk controls ▪ Privacy Act of 1974, 5 U.S.C. 552a. X Payment Card Information ▪ Payment Card Industry Data Security Standard (PCI DSS) v 3.2 The maximum dollar amount payable under this contract is not intended as any form of a guaranteed amount. The Contractor will be paid for products or services actually delivered or performed, as specified in Attachment A, up to the maximum allowable amount specified on page 1 of this contract. 1. Prior to commencement of work and release of any payments, Contractor shall submit to the State: a. a certificate of insurance consistent with the requirements set forth in Attachment C, Section 8 (Insurance), and with any additional requirements for insurance as may be set forth elsewhere in this contract; and b. a current IRS Form W-9 (signed within the last six months). 2. Payment terms are Net 30 days from the date of invoice with all necessary and complete supporting documentation. Invoices shall itemize all work performed during the invoice period, including, as applicable, the dates of service, rates of pay, hours of work performed, and any other information and/or documentation appropriate and sufficient to substantiate the amount invoiced for payment. As applicable, a copy of the notice(s) of acceptance shall accompany invoices submitted for payment. 3. Invoices shall be sent to the address identified on the State Purchasing Entity’s Purchase Order and shall specify the address to which payments will be sent. The State of Vermont Contract Number and State Purchasing Entity’s Purchase Order Number shall appear on each invoice for all purchases placed...

Data Compliance. The Group Companies shall comply with the Cyber Security and Data Protection Related Laws in all material aspects of the existing business and the operations of the Company, including but not limited to: (i) compliance with the laws, regulations and national standards relating to personal information and/or important data collection, storage and use; (ii) prohibiting illegally providing personal information without users’ authorizations; and (iii) paying close attention to the updates of the Cyber Security and Data Protection Related Law, and ensuring that the Company’s business operations are in compliance with the valid data compliance requirements at any stage.

Data Compliance. Customer represents and warrants that it has obtained all the consents necessary for Genesys to collect, access, process, store, transmit, and otherwise use Customer Data in accordance with this Agreement. Customer acknowledges that Genesys has no control over the content of Customer Data, and Genesys expressly disclaims any duty to review or determine the legality, accuracy or completeness of Customer Data.

Data Compliance. All Service Data You provide to Provider in connection with the Services shall (i) be server-ready, meaning that they shall be in a condition and form which requires no additional manipulation or verification on the part of Provider; (ii) comply with Applicable Law, the terms and conditions of the Agreement, including the AUP, the No-Spam Policy, and any other applicable Provider’s procedures and policies that further define the provision and use of the Services; and (iii) be free of any and all malicious code, including disabling devices, drop- dead devices, time bombs, trap doors, Trojan horses, worms, computer viruses, and mechanisms that may disable or negatively impact the servers. Attempting to place or requesting placement of malicious code on Provider’s servers shall be considered a material breach of the Agreement. You hereby represent and warrant that You own or have the necessary licenses, rights, consents and permissions to use, post, place and otherwise transfer or transmit, the Service Data in connection with the Services. Provider may reject or delete Service Data that You have placed, attempted to place, or have requested be placed on Provider's servers in breach of the Agreement. Provider shall notify You of its rejection and provide You with an opportunity to amend or modify such Service Data to meet the requirements of Provider.

Data Compliance. Customer represents and warrants that it has obtained all the consents necessary for Supplier, and its licensor, Genesys, to collect, access, process, store, transmit, and otherwise use Customer Data in accordance with this Agreement. Customer acknowledges that Supplier, and its licensor, Genesys, has no control over the content of Customer Data, and Supplier, and its licensor, Genesys, expressly disclaim any duty to review or determine the legality, accuracy or completeness of Customer Data.

Data Compliance. In connection with its provision of the Services under this Agreement, the Service Provider shall comply with applicable data security and privacy laws (including any applicable laws pertaining to Contractor’s handling of Personally Identifiable Information (PII), notification of security breaches, social security number protection. With respect to Contractor’s Ethernet Dedicated Internet Services, Ethernet Transport Services and Business Internet Services provided hereunder, Contractor shall adhere to the standards set forth in: X Publicly available information ▪ NIST 800-171 X Confidential Personally Identifiable Information (PII) ▪ State law on Notification of Security Breaches ▪ State Law on Social Security Number Protection ▪ State law on the Protection of Personal Information ▪ National Institute of Standards & Technology: NIST SP 800-53 Revision 4 “Moderate” risk controls ▪ Privacy Act of 1974, 5 U.S.C. 552a. The maximum dollar amount payable under this contract is not intended as any form of a guaranteed amount. The Contractor will be paid for products or services actually delivered or performed, as specified in Attachment A, up to the maximum allowable amount specified on page 1 of this contract.

Data Compliance. (a) Both the Group Companies and any of their Affiliated Persons have, abided by applicable Cyber Security and Data Protection Related Laws, adopted sufficient technical measures and other necessary measures to protect data security when collecting, storing, using, processing, sharing, transferring, publicly disclosing and cross-border transmitting Personal Information. (b) Neither the Group Companies nor any of their Affiliated Persons have taken any action that constitutes data breach, infringement of Personal Information or violation of Laws related to Personal Information protection and cyber security, including but not limited to: (i) collecting or using Personal Information without obtaining prior consent of the Persons whose information is collected unless otherwise stipulated by laws; (ii) collecting or using Personal Information without expressly indicating the purpose, methods and scope of collecting and using Personal Information to the Person whose Personal Information is collected, or collected Personal Information unrelated to the provided services; (iii) not strictly keeping confidential the Personal Information obtained during the course of providing services, or disclosed, damaged, tampered or illegally (including without obtaining authorization or beyond the authorization scope) provided such information to others; (iv) collecting, using or processing its stored Personal Information in violation of Laws or agreements with the Person whose Personal Information is collected; and (v) stealing or otherwise unlawfully obtaining Personal Information, including obtaining Personal Information from sources that may be illegal. (c) Except as disclosed in Section 3.16(c) of the Disclosure Schedule, neither the Group Companies nor any of their Affiliated Persons have been investigated, inquired or been subject to any other actions by the regulatory authorities against the Group Companies or any of their Affiliated Persons, or sued or claimed compensation by any third party as a result of data mismanagement or illegal use of data.

Data Compliance. In connection with its provision of the Services under this Agreement, the Service Provider shall comply with applicable data security and privacy laws (including any applicable laws pertaining to Service Provider’s handling of Personally Identifiable Information (PII), notification of security breaches, social security number protection. With respect to Service Provider’s Ethernet Dedicated Internet Services, Ethernet Transport Services and Business Internet Services provided hereunder, Service Provider shall adhere to the standards set forth in: X Publicly available information ▪ NIST 800-171 X Confidential Personally Identifiable Information (PII) ▪ State law on Notification of Security Breaches ▪ State Law on Social Security Number Protection ▪ State law on the Protection of Personal Information ▪ National Institute of Standards & Technology: NIST SP 800-53 Revision 4 “Moderate” risk controls ▪ Privacy Act of 1974, 5 U.S.C. 552a. X Payment Card Information ▪ Payment Card Industry Data Security Standard (PCI DSS) v 3.2 The maximum dollar amount payable under this contract is not intended as any form of a guaranteed amount. The Service Provider will be paid for products or services actually delivered or performed, as specified in Attachment A, up to the maximum allowable amount specified on page 1 of this contract.

Data Compliance. The Group Companies shall comply with the Cyber Security and Data Protection Related Laws in all material aspects of the existing business and the operations of the Company, including but not limited to: (i) compliance with the laws, regulations and national standards relating to personal information and/or important data collection, storage and use; (ii) adding relevant data protection provisions in the data transfer agreement between the Company and the third party, or requiring the third party to sign a separate data protection agreement, and supervising third parties to implement the requirements of data security management; (iii) prohibiting illegally providing personal information without users’ authorizations; (iv) adopting technical and other necessary measures (including but not limited to the user account cancellation mechanism and user data deletion system) to the satisfaction of the Investors which comply with the Cyber Security and Data Protection Related Laws within six (6) months after the Closing, to safeguard network operation security and network information security; and (v) paying close attention to the updates of the Cyber Security and Data Protection Related Law, and ensuring that the Company’s business operations are in compliance with the valid data compliance requirements at any stage.