Common use of Security and Data Privacy Clause in Contracts

Security and Data Privacy. (a) GE Digital shall use reasonable efforts to implement appropriate security measures, in accordance with GE Digital’s standard security policies applicable to the GE Digital Offerings, including but not limited to the Data Protection Plan which shall apply to the Predix platform and is available at ▇▇▇.▇▇▇▇▇▇.▇▇/▇▇▇▇▇, (each a “Data Protection Plan”) designed to secure ▇▇▇▇▇ ▇▇▇▇▇▇ Content against unauthorized, accidental, or unlawful loss, access, or disclosure. Where there is a conflict between the Data Protection Plan and this Agreement, this Agreement shall control. GE Digital reserves the right to modify Data Protection Plans from time to time in a manner consistent with Section 2.01(d) upon prompt written notice to ▇▇▇▇▇ ▇▇▇▇▇▇. With respect to ▇▇▇▇▇ ▇▇▇▇▇▇ Content, GE Digital shall act as the data processor of ▇▇▇▇▇ ▇▇▇▇▇▇ Content in accordance with ▇▇▇▇▇ ▇▇▇▇▇▇’ instructions as contemplated by this Agreement. If ▇▇▇▇▇ ▇▇▇▇▇▇ Content includes any data subject to specific legal or regulatory requirements (including, but not limited to, health care data, sensitive personal information, export-controlled data, or sensitive government data), then ▇▇▇▇▇ ▇▇▇▇▇▇ shall be responsible for determining whether any GE Hosted Service meets such requirements, unless GE Digital has expressly stated in this Agreement, a Statement of Work or an Order that the Service is designed to meet such requirements. However, ▇▇▇▇▇ ▇▇▇▇▇▇ shall be entitled to rely upon written statements from GE Digital as to the features of any GE Hosted Service in order to make any such determination. (b) Subject to any third-party restrictions or Intellectual Property rights, ▇▇▇▇▇ ▇▇▇▇▇▇ consents to GE Digital’s collection, use, and disclosure of information associated with the Services as described in this Agreement and the applicable Data Protection Plan, and in particular to the processing of ▇▇▇▇▇ ▇▇▇▇▇▇ Content in, and the transfer of ▇▇▇▇▇ ▇▇▇▇▇▇ Content into, any country in which GE Digital or GE Digital’s Affiliates or subcontractors maintain facilities (including the United States), but only to the extent permitted by applicable Law. GE Digital shall treat ▇▇▇▇▇ ▇▇▇▇▇▇ contact information (including personal information of ▇▇▇▇▇ ▇▇▇▇▇▇ representatives) in accordance with GE Digital’s Privacy Policy available at ▇▇▇.▇▇▇▇▇▇.▇▇/▇▇▇▇▇; provided that GE Digital shall not expand the scope of GE Digital’s Privacy Policy as of the date hereof to apply to other topics without the prior written approval of ▇▇▇▇▇ ▇▇▇▇▇▇. Subject to any applicable customer restrictions communicated to GE Digital in writing, ▇▇▇▇▇ ▇▇▇▇▇▇ consents to the disclosure of ▇▇▇▇▇ ▇▇▇▇▇▇ Content to GE Digital’s subcontractors, provided that the subcontractors are bound to maintain and use ▇▇▇▇▇ ▇▇▇▇▇▇ Content solely in accordance with this Agreement. Each Party may conduct periodic screenings of the other and of its beneficial owners, including screening against official government lists that restrict business dealings with certain parties, for the purpose of satisfying local and multi-national legal obligations and such Party’s risk management requirements. Each Party consents to such screenings and is responsible for providing any notices and obtaining any consents necessary for such screenings.

Security and Data Privacy. (a) GE Digital shall use reasonable efforts to implement appropriate security measures, in accordance with GE Digital’s standard security policies applicable to the GE Digital Offerings, including but not limited to the Data Protection Plan which shall apply to the Predix platform and is available at ▇▇▇.▇▇▇▇▇▇.▇▇/▇▇▇▇▇, ▇ (each a “Data Protection Plan”) designed to secure ▇▇▇▇▇ ▇▇▇▇▇▇ Content against unauthorized, accidental, or unlawful loss, access, or disclosure. Where there is a conflict between the Data Protection Plan and this Agreement, this Agreement shall control. GE Digital reserves the right to modify Data Protection Plans from time to time time, provided that any such changes when taken as a whole shall not provide for lower data security protections than those provided in a manner consistent with Section 2.01(d) upon prompt written notice to ▇▇▇▇▇ ▇▇▇▇▇▇the Data Protection Plan effective as of the MPSA Trigger Date. With respect to ▇▇▇▇▇ ▇▇▇▇▇▇ Content, GE Digital shall act as the data processor of ▇▇▇▇▇ ▇▇▇▇▇▇ Content in accordance with ▇▇▇▇▇ ▇▇▇▇▇▇’ instructions as contemplated by this Agreement. If ▇▇▇▇▇ ▇▇▇▇▇▇ Content includes any data subject to specific legal or regulatory requirements (including, but not limited to, health care data, sensitive personal information, export-controlled data, or sensitive government data), then ▇▇▇▇▇ ▇▇▇▇▇▇ shall be responsible for determining whether any GE Hosted Service meets such requirements, unless GE Digital has expressly stated in this Agreement, a Statement of Work or an Order that the GE Hosted Service is designed to meet such requirements. However, ▇▇▇▇▇ ▇▇▇▇▇▇ shall be entitled to rely upon written statements from GE Digital as to the features of any GE Hosted Service in order to make any such determination. (b) Subject to any third-party restrictions or Intellectual Property rights, ▇▇▇▇▇ ▇▇▇▇▇▇ consents to GE Digital’s collection, use, and disclosure of information associated with the Services GE Digital Offerings as described in this Agreement and the applicable Data Protection Plan, and in particular to the processing of ▇▇▇▇▇ ▇▇▇▇▇▇ Content in, and the transfer of ▇▇▇▇▇ ▇▇▇▇▇▇ Content into, any country in which GE Digital or GE Digital’s Affiliates or subcontractors maintain facilities (including the United States), but only to the extent permitted by applicable Law. GE Digital shall treat ▇▇▇▇▇ ▇▇▇▇▇▇ contact information (including personal information of ▇▇▇▇▇ ▇▇▇▇▇▇ representatives) in accordance with GE Digital’s Privacy Policy available at ▇▇▇.▇▇▇▇▇▇.▇▇/▇▇▇▇▇; provided that GE Digital shall not expand the scope of GE Digital’s Privacy Policy as of the date hereof to apply to other topics without the prior written approval of ▇▇▇▇▇ ▇▇▇▇▇▇. Subject to any applicable customer restrictions communicated to GE Digital in writing, ▇▇▇▇▇ ▇▇▇▇▇▇ consents to the disclosure of ▇▇▇▇▇ ▇▇▇▇▇▇ Content to GE Digital’s subcontractors, provided that the subcontractors are bound to maintain and use ▇▇▇▇▇ ▇▇▇▇▇▇ Content solely in accordance with this Agreement, including the confidentiality provisions set forth herein. Each Party may conduct periodic screenings of the other and of its beneficial owners, including screening against official government lists that restrict business dealings with certain parties, for the purpose of satisfying local and multi-national legal obligations and such Party’s risk management requirements. Each Party consents to such screenings and is responsible for providing any notices and obtaining any consents necessary for such screenings.

Security and Data Privacy. (a) GE Digital shall use reasonable efforts to implement appropriate security measures, in accordance with GE Digital’s standard security policies applicable to the GE Digital Offerings, including but not limited to the Data Protection Plan which shall apply to the Predix platform and is available at ▇▇▇.▇▇▇▇▇▇.▇▇/▇▇▇▇▇, (each a “Data Protection Plan”) designed to secure ▇▇▇▇▇ ▇▇▇▇▇▇ Content against unauthorized, accidental, or unlawful loss, access, or disclosure. Where there is a conflict between the Data Protection Plan and this Agreement, this Agreement shall control. GE Digital reserves the right to modify Data Protection Plans from time to time in a manner consistent with Section 2.01(d) upon prompt written notice to ▇▇▇▇▇ ▇▇▇▇▇▇. With respect to ▇▇▇▇▇ ▇▇▇▇▇▇ Content, GE Digital shall act as the data processor of ▇▇▇▇▇ ▇▇▇▇▇▇ Content in accordance with ▇▇▇▇▇ ▇▇▇▇▇▇’ instructions as contemplated by this Agreement. If ▇▇▇▇▇ ▇▇▇▇▇▇ Content includes any data subject to specific legal or regulatory requirements (including, but not limited to, health care data, sensitive personal information, export-controlled data, or sensitive government data), then ▇▇▇▇▇ ▇▇▇▇▇▇ shall be responsible for determining whether any GE Hosted Service meets such requirements, unless GE Digital has expressly stated in this Agreement, a Statement of Work or an Order that the Service is designed to meet such requirements. However, ▇▇▇▇▇ ▇▇▇▇▇▇ shall be entitled to rely upon written statements from GE Digital as to the features of any GE Hosted Service in order to make any such determination. (b) Subject to any third-party restrictions or Intellectual Property rights, ▇▇▇▇▇ ▇▇▇▇▇▇ consents to GE Digital’s collection, use, and disclosure of information associated with the Services as described in this Agreement and the applicable Data Protection Plan, and in particular to the processing of ▇▇▇▇▇ ▇▇▇▇▇▇ Content in, and the transfer of ▇▇▇▇▇ ▇▇▇▇▇▇ Content into, any country in which GE Digital or GE Digital’s Affiliates or subcontractors maintain facilities (including the United States), but only to the extent permitted by applicable Law. GE Digital shall treat ▇▇▇▇▇ ▇▇▇▇▇▇ contact information (including personal information of ▇▇▇▇▇ ▇▇▇▇▇▇ representatives) in accordance with GE Digital’s Privacy Policy available at ▇▇▇.▇▇▇▇▇▇.▇▇/▇▇▇▇▇; provided that GE Digital shall not expand the scope of GE Digital’s Privacy Policy as of the date hereof to apply to other topics without the prior written approval of ▇▇▇▇▇ ▇▇▇▇▇▇. Subject to any applicable customer restrictions communicated to GE Digital in writing, ▇▇▇▇▇ ▇▇▇▇▇▇ consents to the disclosure of ▇▇▇▇▇ ▇▇▇▇▇▇ Content to GE Digital’s subcontractors, provided that the subcontractors are bound to maintain and use ▇▇▇▇▇ ▇▇▇▇▇▇ Content solely in accordance with this Agreement. Each Party may conduct periodic screenings of the other and of its beneficial owners, including screening against official government lists Page 29 of 42 that restrict business dealings with certain parties, for the purpose of satisfying local and multi-national legal obligations and such Party’s risk management requirements. Each Party consents to such screenings and is responsible for providing any notices and obtaining any consents necessary for such screenings.