Data Handling Clause Samples

Data Handling. 32.1 You must ensure that your business fully complies with the Security Standards. You must maintain an Incident Response Plan for immediate reporting and handling of any exposure of Cardholder Data at your business. 32.2 If you know of or suspect a Data Breach at your company or that of any Agent, you must: (a) report the Data Breach immediately to Windcave; (b) take appropriate action, including withdrawal of internet shopping facilities if appropriate, to minimise the ongoing risk to Cardholder Information, until such time as investigation and rectification of the Data Breach is completed; (c) implement and follow the Incident Response Plan; (d) maintain a rigorous audit trail of all actions taken to isolate and rectify the event; (e) assist ▇▇▇▇▇▇▇▇ to the best of your abilities including providing detailed statements and schedules of Card accounts exposed by the Data Breach; (f) allow Windcave employees, contractors, or those of any Payment Scheme, acting reasonably, full access to your systems and databases for the purpose of Forensic Review, to ascertain the cause and impact of the exposure; (g) undergo a full PCI DSS accreditation to be allowed to continue processing Transactions. 32.3 You are liable for all costs, charges and/or fines imposed by the Payment Schemes, Applicable Law or regulators, due to any Data Breach, including but not restricted to: (a) any fines for Data Breach including for a failure to report the Data Breach in a timely fashion; (b) any costs levied by the Payment Schemes for monitoring and/or reissue of credit cards compromised by the Data Breach; (c) all costs for Forensic Review including following termination of this Agreement; and (d) costs for corrective action to address the cause of the Data Breach and for re-certification with PCI DSS. 32.4 You must not sell, purchase, provide or exchange any information or document relating to a Cardholder, a Cardholder’s account number or a Transaction to any person other than us, the Card Issuer or as required by law. 32.5 You must ensure that any full card-read data in respect of Cards accessed by you in connection with a Transaction (or otherwise in connection with the Agreement) is stored only on an electronic file in a secure environment with restricted access in compliance with the Security Standards and Windcave’s compliance requirements, for the sole purpose of providing documentation for exception processing. You must not record, store, replicate or otherwise use full car...

Data Handling. A. Contractor may not maintain or forward these State Records to or from any other facility or location, except for the authorized and approved purposes of backup and disaster recovery purposes, without the prior written consent of the State. Contractor may not maintain State Records in any data center or other storage location outside the United States for any purpose without the prior express written consent of OIS. B. Contractor shall not allow remote access to State Records from outside the United States, including access by Contractor’s employees or agents, without the prior express written consent of OIS. Contractor shall communicate any request regarding non-U.S. access to State Records to the Security and Compliance Representative for the State. The State shall have sole discretion to grant or deny any such request. C. Upon request by the State made any time prior to 60 days following the termination of this Contract for any reason, whether or not the Contract is expiring or terminating, Contractor shall make available to the State a complete download file of all State data. i. This download file shall be made available to the State within 10 Business Days of the State’s request, shall be encrypted and appropriately authenticated, and shall contain, without limitation, all State Records, Work Product, and system schema and transformation definitions, or delimited text files with documents, detailed schema definitions along with attachments in its native format. ii. Upon the termination of Contractor’s provision of data processing services, Contractor shall, as directed by the State, return all State Records provided by the State to Contractor, and the copies thereof, to the State or destroy all such State Records and certify to the State that it has done so. If any legal obligation imposed upon Contractor prevents it from returning or destroying all or part of the State Records provided by the State to Contractor, Contractor shall guarantee the confidentiality of all State Records provided by the State to Contractor and will not actively process such data anymore. Contractor shall not interrupt or obstruct the State’s ability to access and retrieve State Records stored by Contractor. D. The State retains the right to use the established operational services to access and retrieve State Records stored on Contractor’s infrastructure at its sole discretion and at any time. Upon request of the State or of the supervisory authority, Contractor shall sub...

Data Handling. 9.1. You represent and warrant to Gelato that you have any and all necessary rights to handle and ship any parcels for which you would use the services (including the Shipping API Services). You warrant and represent that such parcels, and the goods therein do not violate third party rights, whether intellectual property rights, export/import regulations, environmental regulations, consumer protection rights or other regulations in any jurisdiction the goods may be directed to or transiting as a consequence of the logistics services. 9.2. You acknowledge that shipment data will be processed by Logistics Providers for fulfillment purposes.

Data Handling. A. Contractor may not maintain or forward these State Records to or from any other facility or location, except for the authorized and approved purposes of backup and disaster recovery purposes, without the prior written consent of the State. Contractor may not maintain State Records in any data center or other storage location outside the United States for any purpose without the prior express written consent of OIS. B. Contractor shall not allow remote access to State Records from outside the United States, including access by Contractor’s employees or agents, without the prior express written consent of OIS. Contractor shall communicate any request regarding non-U.S. access to State Records to the Security and Compliance Representative for the State. The State shall have sole discretion to grant or deny any such request.

Data Handling. Where it is agreed that there is no Processing of Personnel Data or disclosure of CUSTOMER Data: delete “(including CUSTOMER Data)” from Clause 11.2; the warranty in Clause 12.1.6 shall be deleted and the remaining Clauses renumbered accordingly; Clauses 14 to 16 (inclusive) shall be marked “Not Used” and Schedules 2-14 and 2-15 marked “Not Used”; delete “The CONTRACTOR acknowledges that the CUSTOMER Data is the property of the CUSTOMER and the CUSTOMER hereby reserves all Intellectual Property Rights which may subsist in the CUSTOMER Data.” from Clause 17.1; delete the following sentence from Clause 34.3: “The CONTRACTOR cannot claim relief from a Force Majeure Event to the extent that it is required to comply with the BCDR Plan but has failed to do so.”; all corresponding definitions in Schedule 2-1 shall be deleted save those definitions used elsewhere in the Contract and the definition of CUSTOMER Confidential Information shall be amended by removing “Personal Data, CUSTOMER Data”; and delete paragraph 5 in Schedule 2-6.

Data Handling. If Customer is disclosing to SISW any information that is (i) Covered Defense Information or Controlled Unclassified Information as defined in U.S. Government regulations, or (ii) subject to Export Laws that require controlled data handling, Customer will notify SISW personnel in advance of each instance of disclosure and will use the notification tools and methods specified by SISW.

Data Handling. The Contractor shall handle all data received or generated under this contract as For Official Use Only (FOUO) material unless otherwise marked. Public release of unclassified, uncontrolled DoD information accessed under this contract shall be approved by the Contracting Officer, after it has been routed through the MCSC Security, Public Affairs and OPSEC representatives. The Contractor shall handle all information received or generated in accordance with its classification and be in compliance with all required PWS references and other required Government policies and procedures that include DOD/Navy/GCSS-MC PMO in the text of a Task Order.

Data Handling. For the purposes of this Clause 5, the terms “Data Controller”, “Data Processor”, “Data Subject”, “Personal Data”, “Process” and “Processing shall have the meaning prescribed under the Data Protection Act 1998. i. Adaptavist shall comply with any notification requirements under the DPA and both Parties will duly observe all their obligations under the DPA which arise in connection with this Agreement. ii. To the extent that Adaptavist acquires from the Client any Personal Data in connection with the Services, Adaptavist shall act as a Data Processor only. The Client shall remain as Data Controller in respect of such Personal Data and Adaptavist shall act only on the instructions of the Client and take appropriate technical and organisational measures against unauthorised or unlawful processing of Personal Data and against loss or destruction of or corruption to any such Personal Data.

Data Handling. The Contractor shall encrypt Non-Public Data at rest, in use, and in transit with controlled access.