Common use of Protection of Subscriber Data Clause in Contracts

Protection of Subscriber Data. DSI shall maintain commercially reasonable administrative, physical, and technical safeguards for protection of the security, unauthorized access or disclosure of Subscriber Data. All data and information provided by Subscriber through its use of the Service is subject to DSI’s Privacy Policy, which can be viewed by clicking the “Privacy” hypertext link located within the Service. By using the Service, Subscriber accepts and agrees to be bound and abide by such Privacy Policy as set forth at the time of this Agreement. DSI may amend its Privacy Policy as required in accordance with applicable laws and regulations, but shall notify Subscriber of any changes to said policy. Should changes to the Privacy Policy conflict with Subscriber’s own responsibilities or policies, Subscriber may terminate this Agreement upon notice to DSI without default or additional charge. At all times during the Subscription term and upon written request of Subscriber within thirty (30) days after the effective date of termination or expiration of this Agreement, Subscriber data shall be available for Subscriber’s export and download at no additional cost or charge. DSI will provide all exported data in a format readable by Subscriber and may provide a data dictionary or ERD if such is required for to access, use, and read the exported data. Following the thirty (30) days aftertermination or expiration, DSI shall not be obligated to maintain Subscriber Data and may delete or destroy what remains in its possession or control unless prohibited by law. Within thirty (30) days of receiving Subscriber’s written request, DSI will delete or destroy Subscriber Data except copies required for compliance with applicable laws or made as a matter of routine information technology backup, so long as such data remains subject to the obligations of this Agreement. In consideration for and as a condition of each term of this Agreement, DSI represents that, consistent with the requirements of Section 6-1-713.5, C.R.S., as amended, DSI has implemented and shall maintain reasonable security procedures and practices that are: (i) Appropriate to the nature of the personal identifying information disclosed to SMBO; and (ii) Reasonably designed to help protect the personal identifying information from unauthorized access, use, modification, disclosure, or destruction. DSI shall have primary responsibility for implementing and maintaining reasonable security procedures and practices appropriate to the personal identifying information.

Protection of Subscriber Data. DSI shall maintain commercially reasonable administrative, physical, and technical safeguards for protection of the security, unauthorized access or disclosure of Subscriber Data. All data and information provided by Subscriber through its use of the Service is subject to DSI’s Privacy Policyprivacy policy, as amended from time-to-time, which can be viewed by clicking the “Privacy” hypertext link located within the Service. By using the Service, Subscriber accepts and agrees to be bound and abide by such Privacy Policy as set forth at the time of this Agreement. DSI may amend its Privacy Policy as required in accordance with applicable laws and regulations, but shall notify Subscriber of any changes to said privacy policy. Should changes to the Privacy Policy conflict with Subscriber’s own responsibilities or policies, Subscriber may terminate this Agreement upon notice to DSI without default or additional charge. At all times during the Subscription term and upon written request of Subscriber within thirty (30) days after the effective date of termination or expiration of this Agreement, Subscriber data shall be available for Subscriber’s export and download at no additional cost or charge. DSI will provide all exported data in a format readable by Subscriber and may provide a data dictionary or ERD if such is required for to access, use, and read the exported datadownload. Following the thirty (30) days aftertermination after termination or expiration, DSI shall not be obligated to maintain Subscriber Data and may delete or destroy what remains in its possession or control unless prohibited by law. Within thirty . (30a) days If applicable in the United States, if Subscriber is a “Covered Entity” under the Health Insurance Portability and Accountability Act of receiving 1996 (as amended from time to time, “HIPAA”), and if Subscriber must reasonably provide protected health information as defined by HIPAA in order to use the Services, DSI shall be Subscriber’s written request“Business Associate” under HIPAA, and any Subscriber Data provided by Subscriber to DSI in their capacities as a Covered Entity and Business Associate, respectively, DSI and Subscriber shall enter into a Business Associate Agreement (the form of which shall be reasonably satisfactory to DSI). (b) If applicable in the United Kingdom, Switzerland or European Economic Area (EEA), both parties will delete or destroy Subscriber Data except copies required for compliance with applicable laws or made as a matter of routine information technology backup, so long as such data remains subject to the obligations of this Agreement. In consideration for and as a condition of each term of this Agreement, DSI represents that, consistent comply with the applicable requirements of Section 6-1-713.5, C.R.S., as amended, DSI has implemented and shall maintain reasonable security procedures and practices that are: Data Protection Legislation. “Data Protection Legislation” means (i) Appropriate to the nature of the personal identifying information disclosed to SMBO; United Kingdom’s Data Protection ▇▇▇ ▇▇▇▇, and (ii) Reasonably designed to help protect the General Data Protection Regulation (“GDPR”) and any national implementing laws, regulations or secondary legislation. DSI and Subscriber agree that DSI will not be processing any personal identifying information from unauthorized accessdata on behalf of the Subscriber as “Data Controller” (defined in accordance with the Data Protection Legislation). DSI will collect, use, modificationdisclose, disclosuretransfer and store personal information when needed to administer this Agreement and for its operational and business purposes, in accordance with Data Protection Legislation. To the extent personal data from the UK, Switzerland or destructionthe EEA are processed by DSI, the terms of a data processing addendum (“DPA”) must be signed by the parties. To the extent DSI processes personal data, its binding corporate rules and the standard contract clauses shall have primary responsibility for implementing apply, as set forth in the DPA. For standard contract clauses, Subscriber and maintaining reasonable security procedures DSI agree that Subscriber is the data exporter and practices appropriate to Subscriber’s acceptance of this Agreement or applicable Order Form shall be treated as its execution of the personal identifying informationstandard contract clauses.