Data Security and Privacy Clause Samples

Data Security and Privacy. 5.1 The Client will provide the Data to DataFix and DataFix will only use the Data as necessary to carry out its obligations under this Agreement, and for no other purpose without the prior written consent of the Client. 5.2 DataFix shall comply with all the confidentiality, security and privacy requirements set out in this Agreement, and any additional Security and Privacy Requirements with respect to the Data that have been provided to DataFix, by the Client, in writing. To the extent DataFix possesses any Data in any form, medium or device during the Term of this Agreement or after the expiration of the Term, the foregoing obligations shall survive and continue to be in legal effect. 5.3 DataFix shall ensure that its employees and contractors are aware of their obligations regarding data security and privacy under this Section 5.0.DataFix shall limit access to Personal Information to its authorized representatives who have a clear need to know in order to provide the Services. DataFix shall ensure that such representatives have agreed to protect the confidentiality and security of the Personal Information to at least the extent provided by this Agreement and DataFix shall properly advise such representatives of the requirements under this Agreement. 5.4 DataFix will protect the security and confidentiality of the Personal Information to at least the same standard as DataFix protects its own most sensitive Confidential Information and, in any event, to at least the standard required by applicable Laws. 5.5 If either Party becomes aware of or reasonably suspects that there has been any unauthorized or improper access to, use or disclosure of any of the Personal Information (a “Security Incident”), such Party will notify the other Party forthwith and, take all reasonable steps to mitigate the Security Incident. 5.6 Without limiting any other provision in this Agreement regarding the security of information, DataFix shall have in place reasonable policies, procedures, and safeguards to protect the confidentiality and security of the Personal Information. DataFix shall ensure the physical security of the Personal Information by making reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure, disposal, loss, or modification.

Data Security and Privacy. (a) Each Group Member is, and at all times, has been, in compliance in all material respects with (i) all applicable Data Protection Laws, including, to the extent applicable, but not limited to the GDPR and those relating to cross-border transfers; (ii) all applicable contractual obligations of each Loan Party and its Subsidiaries concerning data privacy and security relating to Personal Data in the possession or control of any Group Member or maintained by third parties on behalf of such Group Member and having access to such information under contracts (or portions thereof) to which a Group Member is a party; and (iii) all applicable data transfer agreements and data processing agreements, including the EU standard contractual clauses, to which a Group Member is a party (collectively, “Privacy Agreements”): (b) Each Group Member is, and has been, in compliance in all material respects with all applicable prior and current written internal and public-facing privacy policies and notices of the Group Members regarding the collection, retention, use, processing, disclosure and distribution of Personal Data by the Group Members or their respective agents (collectively, the “Privacy Policies”), and the Privacy Policies have been maintained to be consistent in all material respects with the actual practices of each Group Member. The Privacy Policies contemplate the Group Members’ current uses of the Personal Data, and to the extent required under applicable Data Protection Laws, each Group Member has sought and obtained the appropriate consent from the applicable data subject for such uses. The Privacy Policies have made all material disclosures to users, customers, employees, or other individuals required by Data Protection Laws. (c) Each Group Member has implemented and maintains a commercially reasonable security program (“Security Program”) that (i) complies in all material respects with all applicable Data Protection Laws, applicable Privacy Policies, and applicable Privacy Agreements, and (ii) includes commercially reasonable administrative, technical, organization, and physical security procedures and measures designed to preserve the security and integrity of all Personal Data and any other sensitive or confidential information or data related to each Group Member (collectively, “Company Sensitive Information”) in such Group Member’s possession or control and to protect such Company Sensitive Information against unauthorized or unlawful processing, acc...

Data Security and Privacy. 4.1 Merchant will retain in a secure and confidential manner, in accordance with the Operating Rules, original or complete and legible copies of each Charge Record, and each Credit Voucher required to be provided to Cardholders, for at least two (2) years or longer if required by law or the Operating Rules. Merchant shall render any materials containing Cardholder Account numbers unreadable prior to discarding. Merchant will store Charge Records in an area limited to selected personnel, and when record-retention requirements have been met, Merchant will destroy the records so that Charge Records are rendered unreadable. Merchant confirms that it is, and shall be, in full compliance during the term of this Agreement with all federal, state and local statutes, rules and regulations (including without limitation the information privacy and security requirements of the Gramm ▇▇▇▇▇ ▇▇▇▇▇▇ Act and regulations thereunder), as well as all Operating Rules, regulations and bylaws of the Card Networks and the Security Standards. Merchant will have in place and comply with at all times during the term of this Agreement a comprehensive written information security program that is designed to ensure the security, confidentiality and integrity of Transaction and Cardholder information, and includes a procedure (i) for periodic review to identify new and emerging threats and vulnerabilities and (ii) to take appropriate measures to remediate and remove such threats and vulnerabilities, all in accordance with the Security Standards. The Card Networks or Provider, and their respective representatives, may inspect the premises of Merchant or any independent contractor or agent or Merchant Servicer engaged by Merchant for compliance with security requirements. Merchant acknowledges that any failure to comply with security requirements, or to demonstrate compliance, may result in the imposition of restrictions on Merchant or the permanent prohibition of Merchant's participation in Card Programs by the Card Networks. Without limitation as to Merchant's obligations or liabilities under other provisions hereof, Merchant hereby agrees to indemnify Processor and Merchant Bank, including their officers, directors, employees, and agents, and to hold them harmless from any fines, assessments, fees and/or penalties that may be assessed by the Card Networks or any governmental agency in regards to PCI-DSS or PA-DSS or otherwise in regards to data security or any actual or suspected data ...

Data Security and Privacy. (a) Each Credit Party and its Subsidiaries is, and at all relevant times since January 31, 2022, has been, in compliance in all material respects with (i) all applicable Data Protection Laws, including but not limited to the GDPR, where applicable and any other applicable laws relating to cross-border transfers of Personal Data; (ii) all applicable contractual obligations concerning data privacy and data security relating to Personal Data in the possession or control of a Credit Party or a Subsidiary or maintained by third party processors on behalf of such Credit Party or Subsidiary and having access to such information under contracts (or portions thereof) to which a Credit Party or a Subsidiary is a party; and (iii) all applicable data transfer agreements and data processing agreements, including the EU standard contractual clauses, to which a Credit Party or a Subsidiary is a party (collectively, “Privacy Agreements”). (b) Each Credit Party and its Subsidiaries is, and at all relevant times since January 31, 2022, has been, in compliance in all material respects with all applicable written internal and public-facing binding privacy policies and notices of the Credit Parties and its Subsidiaries regarding the collection, retention, use, processing, disclosure and distribution of Personal Data by the Credit Parties or their Subsidiaries (collectively, the “Privacy Policies”), and the Privacy Policies have been maintained to be consistent in all material respects with the actual practices of each Credit Party and its Subsidiaries. The Privacy Policies contemplate the Credit Parties’ and its Subsidiaries’ current uses of the Personal Data. (c) Each Credit Party and its Subsidiaries has in place, maintains, and complies with, a comprehensive written information security program (“Security Program”) that (i) complies in all material respects with all applicable Data Protection Laws, applicable Privacy Policies, and applicable Privacy Agreements, and (ii) includes and incorporates commercially reasonable administrative, technical, organization, and physical security procedures and measures designed to preserve the security and integrity of any Personal Data and any data marked or reasonably understood to be sensitive or confidential information or data related to each Credit Party and its Subsidiaries (collectively, “Company Sensitive Information”) in the Credit Parties’ or its Subsidiaries’ possession or control and to protect such Company Sensitive Informat...

Data Security and Privacy. The Company and each of its Subsidiaries (i) is, and since August 14, 2020 has been, in material compliance with all Data Security Requirements; and (ii) since August 14, 2020, has taken commercially reasonable steps consistent with standard industry practice by companies of similar size and maturity, and in compliance in all material respects with the Data Security Requirements to protect (A) the confidentiality, integrity, availability, and security of its Business Systems that are involved in the Processing of Personally Identifiable Information, in the conduct of the business of the Company and its Subsidiaries as currently conducted; and (B) Personally Identifiable Information Processed by the Company or such Subsidiary from unauthorized use, access, disclosure, theft, and modification, except in each case as would not be material to the business of the Company Group, taken as a whole. As of the date hereof, except as would not be material to the business of the Company Group, taken as a whole, (i) there are no pending complaints, investigations, inquiries, notices, enforcement proceedings, or actions by or before any Governmental Authority and (ii) since August 14, 2020, no fines or other penalties have been imposed on or written claims for compensation have been received by the Company or any Subsidiary, for violation of any Data Security Requirement in connection with any Specified Data Breach. The Company and each of its Subsidiaries have not since August 14, 2020, (1) experienced any Specified Data Breaches; or (2) been involved in any Legal Proceedings related to any violation of any Data Security Requirements by the Company Group or any Specified Data Breaches, each except as would not be material to the business of the Company Group, taken as a whole.

Data Security and Privacy. 12.1 SERVICE PROVIDER acknowledges the importance of Data Security and agrees to adhere to the Terms and Conditions of the Data Security Policy of IIMC. 12.2 IIMC shall provide the SERVICE PROVIDER with a copy of the IIMC Data Security Policy, within a reasonable time upon signing of the Agreement. 12.3 SERVICE PROVIDER agrees that in case of breach of any of the terms of the Data Security Policy of IIMC by any its employees, the SERVICE PROVIDER shall be held liable and penalised by IIMC. 12.4 The IIMC Authorised Person shall have the sole and final powers in determining what constitutes a Breach of the Data Security policy of IIMC. 12.5 Contractor further ensures to comply with the terms and conditions and all such requirements of the Security Policies, as may be changed from time-to-time.

Data Security and Privacy. You represent to us that you do not have access to Card information (such as the cardholder’s account number, expiration date, and CVV2) and you will not request access to such Card information from us. In the event that you receive such Card information in connection with the processing services provided under this Agreement, you agree that you will not use it for any fraudulent purpose or in violation of any Card Organization Rules, including but not limited to Payment Card Industry Data Security Standards (“PCI DSS”) or applicable law. If at any time you believe that Card information has been compromised, you must notify us promptly and assist in providing notification to the proper parties. You must ensure your compliance and that of any third party service provider utilized by you, with all security standards and guidelines that are applicable to you and published from time to time by Visa, MasterCard or any other Card Organization, including, without limitation, the Visa U.S.A. Cardholder Information Security Program (“CISP”), the MasterCard Site Data Protection (“SDP”), and (where applicable), the PCI Security Standards Council, Visa, and MasterCard PA-DSS (“Payment Application Data Security Standards”) (collectively, the "Security Guidelines"). If any Card Organization requires an audit of you due to a data security compromise event or suspected event, you agree to cooperate with such audit. You may not use any Card information other than for the sole purpose of completing the transaction authorized by the customer for which the information was provided to you, or as specifically allowed by Card Organization Rules, Your Card Acceptance Guide or required by law.

Data Security and Privacy insightsoftware will use reasonable efforts, but no less than the efforts that insightsoftware uses to protect its own data of like importance, to protect the security of Customer Content while such Customer Content is held within insightsoftware’s systems, employing the data security procedures and tools described in, and in accordance with the terms of, the insightsoftware Security Addendum, available at ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/legal/contracts/info-security-addendum/ (“the Security Addendum”). insightsoftware will process personal data on Customer’s behalf as set forth in the insightsoftware Data Processing Addendum available at ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/legal/contracts/data-processing-addendum/, which is hereby incorporated by reference.

Data Security and Privacy. 9.1. Definition: For the purpose of Agreement, "Data Protection Law" means applicable laws relating to privacy and data protection, including in the case of University, the Family Educational Rights and Privacy Act ("FERPA"), and other applicable U.S. federal and California state laws on privacy and data protection; and in the case of Company, Company's applicable national and local laws on privacy and data protection. In the event any Protected Information is revealed, shared, or exchanged between the Parties, each Party agrees to comply with its obligations under all applicable Data Protection Law, and as required under Agreement. To the extent that any laws or regulations of the home country or region of a Party has extra- territorial application such as to impose legal obligations on the other Party or its conduct outside such home country or region, the other Party upon request will provide reasonable assistance to such other Party in satisfying such obligation as necessary to implement Agreement. Such reasonable assistance shall not include legal advice or opinion.