Common use of Processing of Sensitive Personal Data Clause in Contracts

Processing of Sensitive Personal Data. 10.1 This paragraph 10 shall apply to “Sensitive Personal Data” being personal information revealing or concerning (directly or indirectly) racial or ethnic origin, political affiliations or opinions, religious or philosophical beliefs, trade-union membership or membership of other parties, associations or organisations of a religious, philosophical, political or trade- union nature, physical or mental health or condition including addictions, sex life, private life, social aid, the commission or alleged commission of any criminal offence or proceedings in relation thereto, other criminal behaviour or unlawful or objectionable conduct, administrative proceedings and sanctions and other judicial data. 10.2 Any transport of hardware or other physical media containing Sensitive Personal Data may only be carried out after such Sensitive Personal Data have been encrypted, using an appropriate encryption algorithm and cryptosystem. 10.3 Any transfer of Sensitive Personal Data via any telecommunications system or network may only be carried out after such Sensitive Personal Data have been encrypted, using an appropriate encryption algorithm and cryptosystem. 10.4 Each access to Sensitive Personal Data (whether manual or electronic) must be recorded indicating: (a) the date and time; (b) the identity of the user; (c) the file to which the user has had access; (d) the kind of access (e.g. read only); and (e) whether the access has been authorised or refused. Such record must be kept for at least two (2) years from the date it is entered. IHS Markit shall make such record available to Customer upon reasonable request and shall additionally submit a summary report of the access record on a monthly basis to Customer. 10.5 Back up copies shall be made of the Sensitive Personal Data and stored at a location which is different to the location where the Sensitive Personal Data are located, such storage to comply with the security requirements set out in these Information Security Terms. If the Sensitive Personal Data is taken off site, it shall be encrypted using an agreed encryption algorithm and cryptosystem. 10.6 Any maintenance on devices that store, or previously stored, Sensitive Personal Data, which requires the media to be removed from site must ensure that data is cleansed, or wiped, using the agreed cleaning process.

Processing of Sensitive Personal Data. 10.1 This paragraph 10 shall apply to “Sensitive Personal Data” being personal information revealing or concerning (directly or indirectly) racial or ethnic origin, political affiliations or opinions, religious or philosophical beliefs, trade-union membership or membership of other parties, associations or organisations of a religious, philosophical, political or trade- trade-union nature, physical or mental health or condition including addictions, sex life, private life, social aid, the commission or alleged commission of any criminal offence or proceedings in relation thereto, other criminal behaviour or unlawful or objectionable conduct, administrative proceedings and sanctions and other judicial data. 10.2 Any transport of hardware or other physical media containing Sensitive Personal Data may only be carried out after such Sensitive Personal Data have been encrypted, using an appropriate encryption algorithm and cryptosystem. 10.3 Any transfer of Sensitive Personal Data via any telecommunications system or network may only be carried out after such Sensitive Personal Data have been encrypted, using an appropriate encryption algorithm and cryptosystem. 10.4 Each access to Sensitive Personal Data (whether manual or electronic) must be recorded indicating: (a) the date and time; (b) the identity of the user; (c) the file to which the user has had access; (d) the kind of access (e.g. read only); and (e) whether the access has been authorised or refused. Such record must be kept for at least two (2) years from the date it is entered. IHS Markit shall make such record available to Customer Subscriber upon reasonable request and shall additionally submit a summary report of the access record on a monthly basis to CustomerSubscriber. 10.5 Back up copies shall be made of the Sensitive Personal Data and stored at a location which is different to the location where the Sensitive Personal Data are located, such storage to comply with the security requirements set out in these Information Security Terms. If the Sensitive Personal Data is taken off site, it shall be encrypted using an agreed encryption algorithm and cryptosystem. 10.6 Any maintenance on devices that store, or previously stored, Sensitive Personal Data, which requires the media to be removed from site must ensure that data is cleansed, or wiped, using the agreed cleaning process.

Processing of Sensitive Personal Data. 10.1 This paragraph 10 shall apply to “Sensitive Personal Data” being personal information revealing or concerning (directly or indirectly) racial or ethnic origin, political affiliations or opinions, religious or philosophical beliefs, trade-union membership or membership of other parties, associations or organisations of a religious, philosophical, political or trade- trade-union nature, physical or mental health or condition including addictions, sex life, private life, social aid, the commission or alleged commission of any criminal offence or proceedings in relation thereto, other criminal behaviour or unlawful or objectionable conduct, administrative proceedings and sanctions and other judicial data. 10.2 Any transport of hardware or other physical media containing Sensitive Personal Data may only be carried out after such Sensitive Personal Data have been encrypted, using an appropriate encryption algorithm and cryptosystem. 10.3 Any transfer of Sensitive Personal Data via any telecommunications system or network may only be carried out after such Sensitive Personal Data have been encrypted, using an appropriate encryption algorithm and cryptosystem. 10.4 Each access to Sensitive Personal Data (whether manual or electronic) must be recorded indicating: (a) the date and time; (b) the identity of the user; (c) the file to which the user has had access; (d) the kind of access (e.g. read only); and (e) whether the access has been authorised or refused. Such record must be kept for at least two (2) years from the date it is entered. IHS Markit MSFA shall make such record available to Customer upon reasonable request and shall additionally submit a summary report of the access record on a monthly basis to Customer. 10.5 Back up copies shall be made of the Sensitive Personal Data and stored at a location which is different to the location where the Sensitive Personal Data are located, such storage to comply with the security requirements set out in these Information Security Terms. If the Sensitive Personal Data is taken off site, it shall be encrypted using an agreed encryption algorithm and cryptosystem. 10.6 Any maintenance on devices that store, or previously stored, Sensitive Personal Data, which requires the media to be removed from site must ensure that data is cleansed, or wiped, using the agreed cleaning process.

Processing of Sensitive Personal Data. 10.1 This paragraph 10 shall apply to “Sensitive Personal Data” being personal information revealing or concerning (directly or indirectly) racial or ethnic origin, political affiliations or opinions, religious or philosophical beliefs, trade-union membership or membership of other parties, associations or organisations of a religious, philosophical, political or trade- trade-union nature, physical or mental health or condition including addictions, sex life, private life, social aid, the commission or alleged commission of any criminal offence or proceedings in relation thereto, other criminal behaviour or unlawful or objectionable conduct, administrative proceedings and sanctions and other judicial datajudicialdata. 10.2 Any transport of hardware or other physical media containing Sensitive Personal Data may only be carried out after such Sensitive Personal Data have been encrypted, using an appropriate encryption algorithm and cryptosystem. 10.3 Any transfer of Sensitive Personal Data via any telecommunications system or network may only be carried out after such Sensitive Personal Data have been encrypted, using an appropriate encryption algorithm and cryptosystem. 10.4 Each access to Sensitive Personal Data (whether manual or electronic) must be recorded indicating: (a) the date and time; (b) the identity of the user; (c) the file to which the user has had access; (d) the kind of access (e.g. read only); and (e) whether the access has been authorised or refused. Such record must be kept for at least two (2) years from the date it is entered. IHS Markit shall make such record available to Customer Subscriber upon reasonable request and shall additionally submit a summary report of the access record on a monthly basis to CustomerSubscriber. 10.5 Back up copies shall be made of the Sensitive Personal Data and stored at a location which is different to the location where the Sensitive Personal Data are located, such storage to comply with the security requirements set out in these Information Security Terms. If the Sensitive Personal Data is taken off site, it shall be encrypted using an agreed encryption algorithm and cryptosystem. 10.6 Any maintenance on devices that store, or previously stored, Sensitive Personal Data, which requires the media to be removed from site must ensure that data is cleansed, or wiped, using the agreed cleaning process.