/Docs/G/Agt-MasterService-CmA/Sec/PersonalData/0.md
  Source views: Source JSON(ish) on GitHub (VSCode)   Doc views: Document (&k=r00t): Visual Print Technical: OpenParameters Xray
Ti = {_Personal_Data} Provided to {_Supplier}
sec = In the event that {_Supplier} accesses or otherwise {_Processes} any {_Company_Personal_Data} during its performance of the Agreement, it shall comply with the following obligations regarding {_Company_Personal_Data}:
  1. {NeedToDo.sec}
  2. {Conf.sec}
  3. {Care.sec}
  4. {CareByStaff.sec}
  5. {Comply.sec}
  6. {Expire.sec}
NB = Redundant with second sentence of Engage.Conf.Sec.
NeedToDo.sec = {_Supplier} shall view and {_Process} {_Company_Personal_Data} only to the extent necessary to perform {_this_Agreement} or upon {_Company}'s written instructions.
Conf.sec = {_Supplier} undertakes to keep {_Company_Personal_Data} confidential, and agrees to not disclose {_Company_Personal_Data} to third parties without having first received express written approval from {_Company}.  {_Supplier} and {_Supplier's_Personnel} shall {_Process} {_Company_Personal_Data} only on a need-to-know basis, regarding the performance of {_this_Agreement} and any PO or SOW issued pursuant to {_this_Agreement}.
Care.sec = {Care.ImplementMeasures.sec} {Care.AdequateMeasures.sec} {Care.InformOfBreach.sec}
Care.ImplementMeasures.sec = {_Supplier} shall implement technical and organizational measures to ensure the security and confidentiality of {_Company_Personal_Data} in order to prevent, among other things: {Harm.List}
Harm.List =
  1. {Harm.Mangle.cl};
  2. {Harm.Disclose.cl}; and
  3. {Harm.UnlawfulProcessing.cl}.
Harm.Mangle.cl = accidental, unauthorized or unlawful destruction, alteration, modification or loss of {_Company_Personal_Data}
Harm.Disclose.cl = accidental, unauthorized or unlawful disclosure or access to {_Company_Personal_Data}
Harm.UnlawfulProcessing.cl = unlawful forms of {_Processing}
Care.AdequateMeasures.sec = The security measures taken by {_Supplier} shall be in compliance with all applicable data protection regulations and shall be commensurate with the risks represented by the {_Processing} and the nature of the {_Company_Personal_Data} to be {_Processed}, taking into consideration the state of the art security measures available to protect such data and the implementation costs of such measures.
Care.InformOfBreach.sec = {_Supplier} shall immediately inform {_Company} of any breach of its security and confidentiality obligations under this Section.
CareByStaff.sec = {CareByStaff.SupplierEnsures.sec} {CareByStaff.ObtainNDA.sec} {CareByStaff.FormOfNDA.sec} {CareByStaff.SpecialNDA.sec}
CareByStaff.SupplierEnsures.sec = {_Supplier} shall implement all measures necessary to ensure compliance by {_Supplier's_Personnel} with the obligations relating to {_Company_Personal_Data}.
CareByStaff.ObtainNDA.sec = {_Supplier} shall require {_Supplier's_Personnel}, as a condition of having access to {_Company_Personal_Data}, to sign individual confidentiality agreements in which they each agree individually to comply with the obligations of this Section of the Agreement.
CareByStaff.FormOfNDA.sec = {Schedule_B} of {_this_Agreement} shall be deemed an adequate form of confidentiality agreement.
CareByStaff.SpecialNDA.sec = {_Company} may also require {_Supplier} to require {_Supplier's_Personnel}, as a condition of participating in specific assignments, to sign individual confidentiality agreements that are tailored for specific assignments.
Comply.sec = {Comply.Law.sec} {Comply.EmploymentDataPolicy.sec} {Comply.Collect.sec}
Comply.Law.sec = {_Supplier} shall comply with all applicable laws and regulations on personal data protection.
Comply.EmploymentDataPolicy.sec = {_Supplier} will process "Employment Data" consistent with the {_Company_Employment_Data_Protection_Standards}, a copy of which are located at {P1.EmploymentDataPolicyURL} and may be requested from {_Company}.
Comply.Collect.sec = In particular, if during the performance of {_this_Agreement} {_Supplier} seeks to obtain {_Company_Personal_Data} directly from {_Data_Subjects}: (i) {Comply.Collect.InformSubjects.cl}; and (ii) {Comply.Collect.ObtainApproval.cl}.
Comply.Collect.InformSubjects.cl = {_Supplier} must provide such {_Data_Subjects} with the information required by applicable law and regulation and when necessary, obtain the {_Data_Subjects}' consent to acquire such information
Comply.Collect.ObtainApproval.cl = except for {_Supplier}'s employees or subcontractors, {_Supplier} must obtain {_Company}'s written approval of the information and consent language to be used by {_Supplier} to gather such {_Company_Personal_Data} from the {_Data_Subjects}
Comply.Breach.sec = Failure by {_Supplier} to comply with any obligations relating to {_Company_Personal_Data} or {_Personal_Data} set forth in {_this_Agreement} is considered a material breach of {_this_Agreement}.
Audit.sec = {Audit.OnDemand.sec} {Audit.Access.sec}
Audit.OnDemand.sec = {_Company} may conduct at any time, subject to a prior written notice to {_Supplier}, an on-site verification of {_Supplier}'s compliance with obligations relating to {_Company_Personal_Data}, even after the termination of {_this_Agreement}.
Audit.Access.sec = {_Supplier} shall provide access to all applicable facilities, equipment and records in order to conduct such verification.
Expire.sec = Upon termination of {_this_Agreement}, for whatever reason: (i) {Expire.HaltProcessing.cl}, and (ii) {Expire.Survive.cl}.
Expire.HaltProcessing.cl = {_Supplier} shall stop any processing of {_Company_Personal_Data} and shall return to {_Company} any copy and/or reproduction thereof
Expire.Survive.cl = these obligations regarding {_Company_Personal_Data} shall remain in full force
=
= [G/Z/ol/Base]