/Docs/G/Agt-MasterService-CmA/Sec/PersonalData/0.md
  Source views: Source JSON(ish) on GitHub (VSCode)   Doc views: Document (&k=r00t): Visual Print Technical: OpenParameters Xray
{_Personal_Data} Provided to {_Supplier}
In the event that {_Supplier} accesses or otherwise {_Processes} any {_Company_Personal_Data} during its performance of the Agreement, it shall comply with the following obligations regarding {_Company_Personal_Data}:
  1. {_Supplier} shall view and {_Process} {_Company_Personal_Data} only to the extent necessary to perform {_this_Agreement} or upon {_Company}'s written instructions.
  2. {_Supplier} undertakes to keep {_Company_Personal_Data} confidential, and agrees to not disclose {_Company_Personal_Data} to third parties without having first received express written approval from {_Company}.  {_Supplier} and {_Supplier's_Personnel} shall {_Process} {_Company_Personal_Data} only on a need-to-know basis, regarding the performance of {_this_Agreement} and any PO or SOW issued pursuant to {_this_Agreement}.
  3. {_Supplier} shall implement technical and organizational measures to ensure the security and confidentiality of {_Company_Personal_Data} in order to prevent, among other things:
    1. accidental, unauthorized or unlawful destruction, alteration, modification or loss of {_Company_Personal_Data};
    2. accidental, unauthorized or unlawful disclosure or access to {_Company_Personal_Data}; and
    3. unlawful forms of {_Processing}.
     The security measures taken by {_Supplier} shall be in compliance with all applicable data protection regulations and shall be commensurate with the risks represented by the {_Processing} and the nature of the {_Company_Personal_Data} to be {_Processed}, taking into consideration the state of the art security measures available to protect such data and the implementation costs of such measures. {_Supplier} shall immediately inform {_Company} of any breach of its security and confidentiality obligations under this Section.
  4. {_Supplier} shall implement all measures necessary to ensure compliance by {_Supplier's_Personnel} with the obligations relating to {_Company_Personal_Data}. {_Supplier} shall require {_Supplier's_Personnel}, as a condition of having access to {_Company_Personal_Data}, to sign individual confidentiality agreements in which they each agree individually to comply with the obligations of this Section of the Agreement. {Schedule_B} of {_this_Agreement} shall be deemed an adequate form of confidentiality agreement. {_Company} may also require {_Supplier} to require {_Supplier's_Personnel}, as a condition of participating in specific assignments, to sign individual confidentiality agreements that are tailored for specific assignments.
  5. {_Supplier} shall comply with all applicable laws and regulations on personal data protection. {_Supplier} will process "Employment Data" consistent with the {_Company_Employment_Data_Protection_Standards}, a copy of which are located at {P1.EmploymentDataPolicyURL} and may be requested from {_Company}. In particular, if during the performance of {_this_Agreement} {_Supplier} seeks to obtain {_Company_Personal_Data} directly from {_Data_Subjects}: (i) {_Supplier} must provide such {_Data_Subjects} with the information required by applicable law and regulation and when necessary, obtain the {_Data_Subjects}' consent to acquire such information; and (ii) except for {_Supplier}'s employees or subcontractors, {_Supplier} must obtain {_Company}'s written approval of the information and consent language to be used by {_Supplier} to gather such {_Company_Personal_Data} from the {_Data_Subjects}.
  6. Upon termination of {_this_Agreement}, for whatever reason: (i) {_Supplier} shall stop any processing of {_Company_Personal_Data} and shall return to {_Company} any copy and/or reproduction thereof, and (ii) these obligations regarding {_Company_Personal_Data} shall remain in full force.