DATA SECURITY AND COMPLIANCE Clause Samples

DATA SECURITY AND COMPLIANCE. 4.1 The Security Provisions set out Supplier’s responsibility in respect of its handling of the Client Data. 4.2 The Personal Data Processing Provisions set out each of the Party’s responsibilities in respect of Personal Data compliance (as defined within such provisions).

DATA SECURITY AND COMPLIANCE. 12.1. The Personal Data Processing Provisions set out each of the Party’s responsibilities in respect of Personal Data compliance (as defined within such provisions).

DATA SECURITY AND COMPLIANCE. 11.1 The Consultant shall employ appropriate security practices to protect USNH data under the “Consultant’s Control”, here defined as data on the Consultant’s networks and on the servers and other devices connected to Consultant’s network, while on Consultant’s personal computers and backups, in Consultant’s e-mail, while being transmitted or transported by the consultant, and while stored in Consultant’s office or other facilities. The Consultant understands that “Restricted Information”, as defined by USNH, requires protection mandated by legal requirements and that as a service provider to or representative of USNH, the Consultant has the same duty to protect that information as does USNH. The Consultant agrees to fill out the UNH Technology Vendor Questionnaire and to include the answers as an exhibit in the signed contract. USNH reserves the final determination whether the answers provided by the consultant are applicable and sufficient. The Consultant affirms that the Consultant is aware of and understands all laws and regulations that are applicable to the services provided under this contract. These laws and regulations may include, but are not limited to FERPA, HIPAA, GLB, FTC Red Flags Rule and NH RSA 359-C:20. 11.2 The Consultant shall be responsible for compliance with all notification, reporting, and other legal requirements relating to any unauthorized release of data under the Consultant’s Control, or other breach of security including but not limited to NH RSA 359-C:20, entitled “Notification of Security Breach Required.” Consultant shall also be responsible for compliance with all notification, reporting, and other legal requirements relating to any unauthorized release of data or other breach of security that arises out of any act or failure to act on the part of Consultant, regardless of whether such act or failure to act was negligent, grossly negligent, or intentional. Under any circumstance covered by this section, USNH, at its sole discretion, may also comply with any notification, reporting, or other legal requirement, provided, however, that USNH’s compliance shall not relieve Consultant of any of its responsibilities set forth in this section or otherwise existing under applicable law. 11.3 USNH has developed an Identity Theft Prevention Program pursuant to the Federal Trade Commission’s (FTC) Red Flags Rule, which implements Section 114 of the Fair and Accurate Credit Transactions Act of 2003. The Consultant is or shall become f...

DATA SECURITY AND COMPLIANCE. 3.25.1 Each of the Acquired Companies complies, and (a) with respect to DSL, has in the past three (3) years and (b) with respect to BEOP, since July 1, 2024 complied, in each case, in all material respects, with (i) its internal privacy and data security policies, (ii) all applicable rules of self-regulatory organizations and codes of conduct, (iii) industry standards, guidelines and best practices concerning the Processing of Personal Information, (iv) all public statements, representations, obligations, promises, and commitments of the Acquired Companies concerning the privacy, security or the Processing of Personal Information, and (v) all Data Security Requirements. The Acquired Companies have provided true, accurate, complete and up-to-date versions of the documents referenced in the foregoing clauses (i) and (iv) to Purchaser. Neither the negotiation nor consummation of the transaction contemplated by this Agreement, nor any disclosure or transfer of information in connection therewith, will breach or otherwise cause any violation of any Data Security Requirement or require the consent, waiver or authorization of, or declaration, filing or notification to, any Person, including any Governmental Entity, under any such Data Security Requirement. All vendors, processors, subcontractors and other Persons acting for or on behalf of the Acquired Companies in connection with the Processing of Personal Information or that otherwise have been authorized to have access to the Seller IT Assets or the Personal Information in the possession or control of the Acquired Companies (the foregoing as “Processors”) are subject to contractual requirements, compliant with all applicable Data Security Requirements, regarding the Processing of Personal Information, and such Processors (a) with respect to DSL, has in the past three (3) years and (b) with respect to BEOP, since July 1, 2024, complied, in each case, in all material respects, with the Data Security Requirements and applicable contractual requirements. The Acquired Companies have not transferred or authorized the transfer of Personal Information outside of its relevant originating country, except where such transfers have complied with Data Security Requirements. The Acquired Companies have not combined, transferred, shared or sole any Personal Information in violation of any Data Security Requirements. There are no, and (a) with respect to DSL, in the past three (3) years and (b) with respect to BEOP, since Ju...

DATA SECURITY AND COMPLIANCE. The Security Provisions set out Concentra’s responsibility in respect of its handling of the Client Data. The Personal Data Processing Provisions set out each of the Party’s responsibilities in respect of Personal Data compliance (as defined within such provisions). The Client shall pay Concentra the Fees annually in advance unless otherwise stated on the applicable Order Form. At the commencement of each year of the Term, Concentra reserves the right to increase the Fees by an amount not to exceed 7% per year. Concentra shall notify the Client of any such increases at least 30 days in advance of each anniversary of the effective date (as specified in the Order Form relating to each ordered Service). The Client shall pay Concentra for all other applicable fees and out-of-pocket expenses (including, but not limited to, reasonable and customary travel, accommodation, and living expenses) incurred by Concentra in the performance of the Services, which shall be calculated in accordance with Concentra’s then applicable expenses policy and included with any invoice from Concentra. The Client shall pay each undisputed invoice within 30 days of its invoice date. The Client shall not be permitted to make any deduction from the Fees whether in respect of set-off, counterclaim or otherwise. Without prejudice to any of its other rights, if the Client fails to make any payment when due, Concentra shall be entitled to: suspend provision of the Services for so long as any payment due hereunder remains outstanding; and/or charge interest on the overdue amount at the greater of 4% above the Bank of England’s base rate or the maximum rate allowable per the Applicable Law on all such past due amounts. All fees set forth in the Agreement are exclusive of applicable taxes and duties, including UK VAT, GST and/or applicable sales or usage tax. The Client will provide Concentra with any information Concentra may reasonably request in order to determine whether Concentra is obligated to collect UK VAT, GST sales or usage tax from the Client, including the Client’s UK VAT, GST or tax payer identification number. If the Client is legally entitled to an exemption from any sales, use, or similar transaction tax, the Client is responsible for providing Concentra with legally sufficient tax exemption certificates or other comparable documentation for each taxing jurisdiction. Concentra will apply the tax exemption certificates or other documents to charges under the Client’s account oc...

DATA SECURITY AND COMPLIANCE. Supplier agrees to Data Security and Compliance terms as outlined in Exhibit B

DATA SECURITY AND COMPLIANCE. Jobspeaker will maintain the security of data received from College regarding its Students and Alumni in accordance with applicable law. Each party agrees to handle all data regarding Students and Alumni in accordance with the terms of its privacy policy, this Agreement and all applicable law. In furtherance, and not in limitation, of the foregoing, ▇▇▇▇▇▇▇▇▇▇ agrees that it may create, receive from or on behalf of College, or have access to, records or record systems that are subject to the Family Educational Rights and Privacy Act ("FERPA"), 20 U.S.C. Section 1232g (collectively, the "FERPA Records"). ▇▇▇▇▇▇▇▇▇▇ represents, warrants, and agrees that it will: (a) hold the FERPA Records in strict confidence and not use or disclose the FERPA Records except as (i) permitted or required by this Agreement, (ii) required by law, or (iii) otherwise authorized by College in writing;

DATA SECURITY AND COMPLIANCE. 4.1. Kantata maintains administrative, physical, and technical safeguards in connection with the Subscription Services that are no less rigorous than accepted industry practices for information security and shall ensure that all such Subscription Services safeguards, including the manner in which Customer Data is collected, accessed, used, stored, processed, and disposed of by the Subscription Services, comply with applicable export control laws, data protection and privacy laws, as well as the terms and conditions of this Agreement. 4.2. Kantata will, on an annual basis, hire a third-party auditing firm to perform a Statement on Standards for Attestation Engagements SOC 2 type 2 audit, or equivalent audit, on internal and external Kantata procedures and systems that access or contain Customer Data. Upon Customer’s written request, Kantata will provide Customer with a summary of Kantata’s SOC 2 type 2 audit report or its equivalent. Any such report shall be deemed Confidential Information of Kantata under this Agreement. 4.3. If the Customer Data contains any Personal Data, as defined under applicable law, to be processed by Kantata through the provision of the Services, from Users located in the European Union, Kantata will provide at least the level of privacy protection as is required by the applicable laws and if applicable, comply with the terms of a Data Processing Agreement between the parties. 4.4. Kantata hereby warrants that, the Subscription Services have been scanned using the most recent version of a leading commercially available virus scanning program designed to detect and remediate known viruses and other harmful and malicious elements intended to materially impact the Subscription Services (the “Malicious Elements”). 4.5. Kantata may review and monitor Customer’s use of the Subscription Services to ensure compliance with this Agreement and to evaluate and improve the performance of the Subscription Services.

DATA SECURITY AND COMPLIANCE. 6.1 The Security Provisions set out Supplier’s responsibility in respect of its handling of the Client Data.