Common use of Personal Information; Data Protection Clause in Contracts

Personal Information; Data Protection. Notwithstanding anything to the contrary in this Agreement, Supplier shall, and shall cause its subcontractors and all Personnel to, no later than the Effective Date, establish and implement, and thereafter maintain, a comprehensive information security program that is reasonably designed to protect the security, confidentiality, and integrity of (i) Greyhound PII (as defined below); and (ii) Greyhound Confidential Information. Such program, the content and implementation of which must be fully documented in writing, shall contain administrative, technical, and physical safeguards appropriate to Supplier’s size and complexity, the nature and scope of Supplier’s activities, and the sensitivity of the personal information and confidential information received from or collected about Greyhound, its employees, customers and contractors. As used herein, “Greyhound PII” means the personally identifiable information of Greyhound and its employees, customers, contractors, vendors and other third parties, including personal data regulated under privacy or data protection laws and non-public personal information or sensitive personal information. Examples of Greyhound PII include without limitation: names, addresses, national ID numbers (e.g., social security numbers), telephone numbers, email addresses, human resources information and data, financial account numbers, credit card information, payment information and customer account data. Any Greyhound PII collected or accessed by Supplier in the performance of this Agreement shall be limited to that which is strictly necessary to perform its obligations hereunder or to fulfill any legal requirements. Supplier must immediately notify Greyhound of any actual, suspected or alleged security breach that may result in the unauthorized use, access, disclosure, alteration or destruction of Greyhound PII. Upon request from Greyhound, Supplier shall provide Greyhound with any or all Greyhound PII in Supplier’s possession. Upon termination or expiration of this Agreement, Supplier shall within ten (10) calendar days thereafter, at Greyhound’s sole discretion either (i) provide Greyhound with all documents and materials (including any and all copies) containing Greyhound PII, together with all other materials and property of Greyhound, which are in its possession or under its control or (ii) destroy all such specified documents and materials (including any and all copies in any and all formats) and provide Greyhound with a certificate of destruction signed by an officer of Supplier.

Personal Information; Data Protection. 18.4.1 Notwithstanding anything to the contrary in this Agreement, Supplier SUPPLIER shall, and shall cause its subcontractors and all Personnel to, no later than the Effective Date, establish and implement, and thereafter maintain, a comprehensive information security program that is reasonably designed to protect the security, confidentiality, and integrity of (i) Greyhound FGA PII (as defined below)) and any applicable laws, rules or regulations associates with PII; and (ii) Greyhound FGA Confidential Information. Such program, the content and implementation of which must be fully documented in writing, shall contain administrative, technical, and physical safeguards appropriate to SupplierSUPPLIER’s size and complexity, the nature and scope of SupplierSUPPLIER’s activities, and the sensitivity of the personal information and confidential information received from or collected about GreyhoundFGA, its employees, customers and contractors. . 18.4.2 As used herein, “Greyhound FGA PII” means the personally identifiable information of Greyhound FGA and its employees, customers, contractors, vendors and other third parties, including personal data regulated under privacy or data protection laws and non-public personal information or sensitive personal information. Examples of Greyhound FGA PII include without limitation: names, addresses, national ID numbers (e.g., social security numbers), telephone numbers, email addresses, human resources information and data, financial account numbers, credit card information, payment information information, driver’s license and customer account data. . 18.4.3 Any Greyhound FGA PII collected or accessed by Supplier SUPPLIER in the performance of this Agreement shall be limited to that which is strictly necessary to perform its obligations hereunder or to fulfill any legal requirements. Supplier SUPPLIER must immediately notify Greyhound FGA of any actual, suspected or alleged security breach that may result in the unauthorized use, access, disclosure, alteration or destruction of Greyhound FGA PII. . 18.4.4 Upon request from GreyhoundFGA, Supplier SUPPLIER shall provide Greyhound FGA with any or all Greyhound FGA PII in SupplierSUPPLIER’s possession. Upon termination or expiration of this Agreement, Supplier SUPPLIER shall within ten (10) calendar days thereafter, at GreyhoundFGA’s sole discretion either (i) provide Greyhound FGA with all documents and materials (including any and all copies) containing Greyhound FGA PII, together with all other materials and property of GreyhoundFGA, which are in its possession or under its control or (ii) destroy all such specified documents and materials (including any and all copies in any and all formats) and provide Greyhound FGA with a certificate of destruction signed by an officer of SupplierSUPPLIER.