Data Return and Destruction of Data (a) Protecting PII from unauthorized access and disclosure is of the utmost importance to the EA, and Contractor agrees that it is prohibited from retaining PII or continued access to PII or any copy, summary or extract of PII, on any storage medium (including, without limitation, in secure data centers and/or cloud-based facilities) whatsoever beyond the period of providing Services to the EA, unless such retention is either expressly authorized for a prescribed period by the Service Agreement or other written agreement between the Parties, or expressly requested by the EA for purposes of facilitating the transfer of PII to the EA or expressly required by law. As applicable, upon expiration or termination of the Service Agreement, Contractor shall transfer PII, in a format agreed to by the Parties to the EA.
(b) If applicable, once the transfer of PII has been accomplished in accordance with the EA’s written election to do so, Contractor agrees to return or destroy all PII when the purpose that necessitated its receipt by Contractor has been completed. Thereafter, with regard to all PII (including without limitation, all hard copies, archived copies, electronic versions, electronic imaging of hard copies) as well as any and all PII maintained on behalf of Contractor in a secure data center and/or cloud-based facilities that remain in the possession of Contractor or its Subcontractors, Contractor shall ensure that PII is securely deleted and/or destroyed in a manner that does not allow it to be retrieved or retrievable, read or reconstructed. Hard copy media must be shredded or destroyed such that PII cannot be read or otherwise reconstructed, and electronic media must be cleared, purged, or destroyed such that the PII cannot be retrieved. Only the destruction of paper PII, and not redaction, will satisfy the requirements for data destruction. Redaction is specifically excluded as a means of data destruction.
(c) Contractor shall provide the EA with a written certification of the secure deletion and/or destruction of PII held by the Contractor or Subcontractors.
(d) To the extent that Contractor and/or its subcontractors continue to be in possession of any de-identified data (i.e., data that has had all direct and indirect identifiers removed), they agree not to attempt to re-identify de-identified data and not to transfer de-identified data to any party.
Destruction of Data Provider shall destroy or delete all Personally Identifiable Data contained in Student Data and obtained under the DPA when it is no longer needed for the purpose for which it was obtained or transfer said data to LEA or LEA’s designee, according to a schedule and procedure as the parties may reasonable agree. Nothing in the DPA authorizes Provider to maintain personally identifiable data beyond the time period reasonably needed to complete the disposition.
Information and Data Upon request of the Union, the Employer agrees to furnish the Union with the following information: budgets for the Board of Regents; budgets for each College; public information used in the preparation of budgets as provided by law such as salaries; minutes of meetings of the Board; policies of the Board of Regents which apply to faculty members. Voluminous information shall be made available for inspection or will be provided at reproduction cost.
Formation and Purpose Promptly following the Effective Date, the Parties shall confer and then create the JSC and the IPC, and, optionally, create one or more of the other Committees listed in the chart below. Each Committee shall have the purpose indicated in the chart. To the extent that after conferring both Parties agree to not create a Committee (other than the JSC and the IPC), the creation of such Committee shall be deferred until one Party informs the other Party of its then desire to create the so-deferred Committee, at which point the Parties will thereafter promptly create the so-deferred Committee. Joint Steering Committee (“JSC”) Establish projects for the Bacteriophage Program and establish the priorities, as well as approve budgets for such projects. Approve all subcommittee projects and plans (except for decisions of the IPC). The JSC shall establish budgets not less than on a quarterly basis. Chemistry, Manufacturing and Controls Committee (“CMCC”) Establish project plans and review and approve activities and budgets for chemistry, manufacturing, and controls under the Bacteriophage Program. Regulatory Committee (“RC”) Review and approve all research and development plans and projects, including clinical projects, associated with any necessary regulatory approvals, all associated publications, and all regulatory filings and correspondence relating to gaining regulatory approval for new Ampliphi Products under the Bacteriophage Program; and review and approve itemized budgets with respect to the foregoing. Commercialization Committee (“CC”) Establish project plans and review and approve activities and budgets for Commercialization activities under the Bacteriophage Program. Portions herein identified by [*****] have been omitted pursuant to a request for confidential treatment under Rule 24b-2 of the Securities Exchange Act of 1934, as amended. A complete copy of this document has been filed separately with the Securities and Exchange Commission. Intellectual Property Committee (“IPC”) Evaluate all intellectual property issues in connection with the Bacteriophage Program; review and approve itemized budgets with respect to the foregoing.
Review of legality and data minimisation (a) The data importer agrees to review the legality of the request for disclosure, in particular whether it remains within the powers granted to the requesting public authority, and to challenge the request if, after careful assessment, it concludes that there are reasonable grounds to consider that the request is unlawful under the laws of the country of destination, applicable obligations under international law and principles of international comity. The data importer shall, under the same conditions, pursue possibilities of appeal. When challenging a request, the data importer shall seek interim measures with a view to suspending the effects of the request until the competent judicial authority has decided on its merits. It shall not disclose the personal data requested until required to do so under the applicable procedural rules. These requirements are without prejudice to the obligations of the data importer under Clause 14(e).
(b) The data importer agrees to document its legal assessment and any challenge to the request for disclosure and, to the extent permissible under the laws of the country of destination, make the documentation available to the data exporter. It shall also make it available to the competent supervisory authority on request.