Data Security and Privacy Except as would not, individually or in the aggregate, reasonably be expected to be material to the business of the Company Group, taken as a whole, the Company and each of its Subsidiaries (i) is in compliance with all Data Security Requirements and (ii) has taken commercially reasonable steps consistent with standard industry practice by companies of similar size and maturity, and in compliance in all material respects with all Data Security Requirements to protect (A) the confidentiality, integrity, availability and security of its Business Systems that are involved in the Processing of Personally Identifiable Information, in the conduct of the business of the Company and its Subsidiaries as currently conducted; and (B) Personally Identifiable Information Processed by or on behalf of the Company or such Subsidiary or on their behalf from unauthorized use, access, disclosure, theft and modification. Except as would not, individually or in the aggregate, reasonably be expected to be material to the business of the Company Group, taken as a whole, (i) there are, and since January 1, 2022, have been, no pending complaints, investigations, inquiries, notices, enforcement proceedings, or Actions by or before any Governmental Authority and (ii) since January 1, 2022, no fines or other penalties have been imposed on or written claims, notice, complaints or other communications have been received by the Company or any Subsidiary, relating to any Specified Data Breach or alleging non-compliance with any Data Security Requirement. The Company and each of its Subsidiaries have not, since January 1, 2022, (1) experienced any Specified Data Breaches, or (2) been involved in any Legal Proceedings related to or alleging any violation of any Data Security Requirements by the Company Group or any Specified Data Breaches, each except as would not be material to the business of the Company Group, taken as a whole. The consummation of the transactions contemplated by this Agreement will not cause the Company Group to breach any Data Security Requirement, except as would not reasonably be expected to be material to the business of the Company Group, taken as a whole.
Data Security and Privacy Plan As more fully described herein, throughout the term of the Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Master Agreement are as follows:
(a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy.
(b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Master Agreement.
(c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Master Agreement between Chazy Central Rural School District and [Name of Vendor].” Vendor’s obligations described within this section include, but are not limited to:
(i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Master Agreement shall apply to the subcontractor, and
(ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Master Agreement.
(d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access.
(e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.
Security and Privacy Security and privacy policies for the Genesys Cloud Service addressing use of Customer Data, which are incorporated by reference and may be updated from time to time in accordance with Section 10.12 of the Agreement, are located at ▇▇▇▇▇://▇▇▇▇.▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/articles/purecloud-security-compliance/.
PERSONAL INFORMATION PRIVACY AND SECURITY CONTRACT 11 Any reference to statutory, regulatory, or contractual language herein shall be to such language as in 12 effect or as amended.
13 A. DEFINITIONS
Privacy and Personal Information We respect Your privacy and will only use and disclose Your personal information in accordance with the Australian Privacy Principles as set out in the Privacy Act 1988 (Cth) and in accordance with Our Privacy Policy. We will otherwise comply with all relevant privacy legislation in relation to Your personal information. Unless We are permitted to do otherwise under this Contract, We will keep Your information confidential. In particular We will keep Your information confidential unless:
a) We have Your prior written consent; or
b) the Law (including any regulatory, accounting, governmental, Ministerial or stock exchange requirement) requires or permits Us to disclose certain information; or
c) We need to use the information for Our regulatory reporting or compliance, or in any legal or regulatory proceedings; or
d) the information is already in the public domain; or
e) We believe You have used electricity illegally and, as a result, We provide relevant information to the Economic Regulation Authority or the Director of Energy Safety; or
f) We use the information for business purposes.
g) You have not paid Your electricity bill, and We disclose information to a credit reporting agency, but We will not provide information about a default to a credit reporting agency if:
(i) You have made a complaint in good faith about the default and the complaint has not been resolved; or
(ii) You have requested Us to review Your electricity bill and the review is not yet completed. To ensure your information remains confidential, we will:
1) Provide Our staff with training around Australian Privacy Principles to ensure Your privacy is maintained;
2) Maintain up to date protection software for all electronically stored information;
3) Where possible, hold Your information on Our internal company network to minimise the risk of an electronic breach, or alternatively use secure, encrypted data centres;
4) Protect all of Our electronic data which contains Your information with passwords. The availability of these passwords will only be provided to staff that require access to the information for ongoing operational purposes;
5) Request that any third parties who require access to Your information provide assurances that they will comply with the Privacy Act;
6) Once no longer required for Our business or compliance purposes, We will destroy Your information as soon as practicable. For more information about Our Privacy Policy, visit Our website or call Us.