/Docs/G/Agt-MasterService-CmA/Sec/PersonalData/0.md
  Source views: Source JSON(ish) on GitHub (VSCode)   Doc views: Document (&k=r00t): Visual Print Technical: OpenParameters Xray

---

(Sec = (Ti = {_Personal_Data} Provided to {_Supplier})

(sec = In the event that {_Supplier} accesses or otherwise {_Processes} any {_Company_Personal_Data} during its performance of the Agreement, it shall comply with the following obligations regarding {_Company_Personal_Data}:

1. (NeedToDo.sec = {_Supplier} shall view and {_Process} {_Company_Personal_Data} only to the extent necessary to perform {_this_Agreement} or upon {_Company}'s written instructions.)
   
2. (Conf.sec = {_Supplier} undertakes to keep {_Company_Personal_Data} confidential, and agrees to not disclose {_Company_Personal_Data} to third parties without having first received express written approval from {_Company}.  {_Supplier} and {_Supplier's_Personnel} shall {_Process} {_Company_Personal_Data} only on a need-to-know basis, regarding the performance of {_this_Agreement} and any PO or SOW issued pursuant to {_this_Agreement}.)
   
3. (Care.sec = (Care.ImplementMeasures.sec = {_Supplier} shall implement technical and organizational measures to ensure the security and confidentiality of {_Company_Personal_Data} in order to prevent, among other things: (Harm.List =
   1. (Harm.Mangle.cl = accidental, unauthorized or unlawful destruction, alteration, modification or loss of {_Company_Personal_Data})
      ;
   2. (Harm.Disclose.cl = accidental, unauthorized or unlawful disclosure or access to {_Company_Personal_Data})
      ; and
   3. (Harm.UnlawfulProcessing.cl = unlawful forms of {_Processing})
      .
   )
   )
   (Care.AdequateMeasures.sec = The security measures taken by {_Supplier} shall be in compliance with all applicable data protection regulations and shall be commensurate with the risks represented by the {_Processing} and the nature of the {_Company_Personal_Data} to be {_Processed}, taking into consideration the state of the art security measures available to protect such data and the implementation costs of such measures.)
   (Care.InformOfBreach.sec = {_Supplier} shall immediately inform {_Company} of any breach of its security and confidentiality obligations under this Section.)
   )
   
4. (CareByStaff.sec = (CareByStaff.SupplierEnsures.sec = {_Supplier} shall implement all measures necessary to ensure compliance by {_Supplier's_Personnel} with the obligations relating to {_Company_Personal_Data}.)
   (CareByStaff.ObtainNDA.sec = {_Supplier} shall require {_Supplier's_Personnel}, as a condition of having access to {_Company_Personal_Data}, to sign individual confidentiality agreements in which they each agree individually to comply with the obligations of this Section of the Agreement.)
   (CareByStaff.FormOfNDA.sec = {Schedule_B} of {_this_Agreement} shall be deemed an adequate form of confidentiality agreement.)
   (CareByStaff.SpecialNDA.sec = {_Company} may also require {_Supplier} to require {_Supplier's_Personnel}, as a condition of participating in specific assignments, to sign individual confidentiality agreements that are tailored for specific assignments.)
   )
   
5. (Comply.sec = (Comply.Law.sec = {_Supplier} shall comply with all applicable laws and regulations on personal data protection.)
   (Comply.EmploymentDataPolicy.sec = {_Supplier} will process "Employment Data" consistent with the {_Company_Employment_Data_Protection_Standards}, a copy of which are located at {P1.EmploymentDataPolicyURL} and may be requested from {_Company}.)
   (Comply.Collect.sec = In particular, if during the performance of {_this_Agreement} {_Supplier} seeks to obtain {_Company_Personal_Data} directly from {_Data_Subjects}: (i) (Comply.Collect.InformSubjects.cl = {_Supplier} must provide such {_Data_Subjects} with the information required by applicable law and regulation and when necessary, obtain the {_Data_Subjects}' consent to acquire such information)
   ; and (ii) (Comply.Collect.ObtainApproval.cl = except for {_Supplier}'s employees or subcontractors, {_Supplier} must obtain {_Company}'s written approval of the information and consent language to be used by {_Supplier} to gather such {_Company_Personal_Data} from the {_Data_Subjects})
   . )
   )
   
6. (Expire.sec = Upon termination of {_this_Agreement}, for whatever reason: (i) (Expire.HaltProcessing.cl = {_Supplier} shall stop any processing of {_Company_Personal_Data} and shall return to {_Company} any copy and/or reproduction thereof)
   , and (ii) (Expire.Survive.cl = these obligations regarding {_Company_Personal_Data} shall remain in full force)
   .)
   

)
)