IDENTIFYING INFORMATION AND PRIVACY NOTIFICATION (a) FEDERAL EMPLOYER IDENTIFICATION NUMBER and/or FEDERAL SOCIAL SECURITY NUMBER. As a condition to NYSERDA’s obligation to pay any invoices submitted by Contractor pursuant to this Agreement, Contractor shall provide to NYSERDA its Federal employer identification number or Federal social security number, or both such numbers when the Contractor has both such numbers. Where the Contractor does not have such number or numbers, the Contractor must give the reason or reasons why the payee does not have such number or numbers.
Data Security and Privacy Plan As more fully described herein, throughout the term of the Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Master Agreement are as follows:
(a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy.
(b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Master Agreement.
(c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Master Agreement between Chazy Central Rural School District and [Name of Vendor].” Vendor’s obligations described within this section include, but are not limited to:
(i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Master Agreement shall apply to the subcontractor, and
(ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Master Agreement.
(d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access.
(e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.
Your Privacy Protecting your privacy is very important to us. Please review our Privacy Policy in order to better understand our commitment to maintaining your privacy, as well as our use and disclosure of your information.
Data Privacy The Employee hereby explicitly and unambiguously consents to the collection, use and transfer, in electronic or other form, of the Employee’s personal data as described in this Agreement by and among, as applicable, the Company and its Affiliates for the exclusive purpose of implementing, administering and managing the Employee’s participation in the Plan. The Employee understands that the Company and its Affiliates may hold certain personal information about the Employee, including, but not limited to, the Employee’s name, home address and telephone number, date of birth, social insurance number or other identification number, salary, nationality, job title, any Shares or directorships held in the Company or any Affiliate, details of all Performance Shares or any other entitlement to Shares awarded, canceled, exercised, vested, unvested or outstanding in the Employee’s favor, for the exclusive purpose of implementing, administering and managing the Plan (“Personal Data”). The Employee understands that Personal Data may be transferred to any third parties assisting in the implementation, administration and management of the Plan, that these recipients may be located in the United States, the Employee’s country, or elsewhere, and that the recipient’s country may have different data privacy laws and protections than the Employee’s country. The Employee authorizes the recipients to receive, possess, use, retain and transfer the Personal Data, in electronic or other form, for the purposes of implementing, administering and managing the Employee’s participation in the Plan, including any requisite transfer of such Personal Data as may be required to a broker or other third party with whom the Employee may elect to deposit any Shares received upon vesting of the Performance Shares. The Employee understands that refusal or withdrawal of the consents herein may affect the Employee’s ability to participate in the Plan or to realize benefits from the Performance Shares. For more information on the consequences of the Employee’s refusal to consent or withdrawal of consent, the Employee understands that he or she may contact his or her local human resources representative.
Data Security and Privacy Except as would not, individually or in the aggregate, reasonably be expected to be material to the business of the Company Group, taken as a whole, the Company and each of its Subsidiaries (i) is in compliance with all Data Security Requirements and (ii) has taken commercially reasonable steps consistent with standard industry practice by companies of similar size and maturity, and in compliance in all material respects with all Data Security Requirements to protect (A) the confidentiality, integrity, availability and security of its Business Systems that are involved in the Processing of Personally Identifiable Information, in the conduct of the business of the Company and its Subsidiaries as currently conducted; and (B) Personally Identifiable Information Processed by or on behalf of the Company or such Subsidiary or on their behalf from unauthorized use, access, disclosure, theft and modification. Except as would not, individually or in the aggregate, reasonably be expected to be material to the business of the Company Group, taken as a whole, (i) there are, and since January 1, 2022, have been, no pending complaints, investigations, inquiries, notices, enforcement proceedings, or Actions by or before any Governmental Authority and (ii) since January 1, 2022, no fines or other penalties have been imposed on or written claims, notice, complaints or other communications have been received by the Company or any Subsidiary, relating to any Specified Data Breach or alleging non-compliance with any Data Security Requirement. The Company and each of its Subsidiaries have not, since January 1, 2022, (1) experienced any Specified Data Breaches, or (2) been involved in any Legal Proceedings related to or alleging any violation of any Data Security Requirements by the Company Group or any Specified Data Breaches, each except as would not be material to the business of the Company Group, taken as a whole. The consummation of the transactions contemplated by this Agreement will not cause the Company Group to breach any Data Security Requirement, except as would not reasonably be expected to be material to the business of the Company Group, taken as a whole.