5.1 Confidential Information. Each party (for the purposes of this Article, a “Recipient”) shall maintain in strict confidence, and agrees not to disclose to any third party, except as necessary for the performance of this Agreement when authorized by the other party (for the purposes of this Article, a “Discloser”) in writing, Confidential Information that Recipient receives from Discloser or its Affiliates. “Confidential Information” means all non-public information of a competitively sensitive nature concerning Discloser or its Affiliates, including, but not limited to, this Agreement; Discloser’s Trade Secrets, as defined by applicable state law; and any other non-public information (whether in writing or retained as mental impressions) concerning Discloser’s equipment; research and development; present and future projections; operational costs and processes; pricing, cost or profit factors; quality programs; annual and long-range business plans; marketing plans and methods; customers or suppliers; contracts and bids; and personnel.
5.2 Exclusions. Confidential Information does not include: information that is or subsequently may come within the knowledge of the public generally through no fault of Recipient; information that Recipient can show was previously known to it as a matter of record at the time of receipt; information that Recipient may subsequently obtain lawfully from a third party who has lawfully obtained the information free of any confidentiality obligations; or information that Recipient may subsequently develop as a matter of record, independently of disclosure by Discloser.
5.3 Duration of Obligation. Recipient’s confidentiality obligations with respect to Confidential Information shall remain in effect until five (5) years after the termination or expiration of this Agreement; provided that Recipient’s obligations hereunder with respect to Confidential Information consisting of Trade Secrets shall remain in effect for as long as governing law allows.
5.4 Third Party Information. The confidentiality provisions in this Article apply to and shall also protect Confidential Information of third parties provided by Discloser to Recipient.
5.5 Court Order. Notwithstanding the foregoing restrictions in Sections 5.1 and 5.2, Recipient may disclose Confidential Information or Trade Secrets to the extent required by an order of any court or other governmental authority, but only after Recipient has notified Discloser and Discloser has had the opportunity, if possible, to obtain reasonable protection for such information in connection with such disclosure.
5.6 Injunctive Relief. Recipient acknowledges that disclosure of any Confidential Information or Trade Secret by it or its employees will give rise to irreparable injury to Discloser or the owner of such information, not adequately compensated by damages. Accordingly, Discloser or such other party may seek and obtain injunctive relief against the breach or threatened breach of the undertakings in this Article, in addition to any other legal remedies which may be available, without the requirement of posting bond. Recipient further acknowledges and agrees that the covenants contained in this Article are necessary for the protection of Discloser’s legitimate business interests and are reasonable in scope and content.
5.7 Additional Provisions regarding PII. In addition to the other obligations in this Article 5, TAM-C shall comply with the provisions of Exhibit A, “Personally Identifying Information.”
5.8 Retention. Recipient shall not retain Confidential Information any longer than is reasonably necessary to accomplish the intended purposes for which it was transferred as set forth in this Agreement or applicable SOW. Upon the earlier termination of this Agreement or the written request of Discloser, Recipient shall delete and/or destroy all of Discloser’s Confidential Information in Recipient’s possession, including any copies thereof, and shall deliver a written statement to Discloser within 15 days of Discloser’s request confirming that Recipient has done so.
5.9 NDA. Notwithstanding anything to the contrary contained herein, to the extent it is necessary for Client to share access to Work Product with any Third Party Service Provider as provided in and subject to Section 3.1, Client shall execute and deliver, and shall cause such Third Party Service Provider to execute and deliver, a Confidentiality and Non-Disclosure Agreement in the form attached hereto as Exhibit C (the “NDA”) in order to protect all of TAM-C’s rights in respect of the Work Product and Services.
Personally Identifying Information
Additional Provisions regarding PII. In addition to the other obligations regarding Confidential Information specified in Article 5 of the Agreement, TAM-C shall abide by the provisions of this Exhibit, “Personally Identifying Information.” For the purposes of these provisions, the term “Personally Identifying Information” or “PII” mean any information regarding identifiable individuals, including without limitation, customer, employee or member data, and the terms “process,” “processing” or “processed” in relation to PII include, without limitation, collection, recording, organization, storage, amendment, retrieval, consultation, manipulation, and erasure.
(a) General: Client has entrusted TAM-C with PII. TAM-C agrees to use reasonable measures to prevent the unauthorized processing, capture, transmission and use of PII which may be disclosed or made available to TAM-C during the course of Client’s relationship with TAM-C.
(b) Processing and Use of PII: TAM-C shall process and use PII solely in accordance with the provisions of this Agreement. Such processing shall occur at the following third-party data center in which TAM-C maintains a dedicated secure server: OnyxLight Communications, 100 West Lucerne Circle, Orlando, FL 32801 (the “Data Center”). TAM-C shall not process PII at any other location absent Client’s prior written consent, which consent may be withheld in Client’s sole discretion. TAM-C will be fully liable and responsible for all acts and omissions of the Data Center in processing Confidential Information and PII as if TAM-C were itself processing such data. TAM-C shall ensure that such processing complies with, and is provided in accordance with, the Agreement. TAM-C shall not process or use PII for any purpose not specifically set forth in this Agreement without Client’s express prior written consent. At any time, Client may make inquiries to TAM-C about PII transferred by Client and stored by TAM-C, and TAM-C agrees to provide to Client copies of such PII as maintained by TAM-C within a reasonable time and to perform corrections or deletions of, or additions to, PII as reasonably requested by Client.
(c) Inspection Rights: Client shall have the right upon reasonable prior notice to verify TAM-C’s compliance with the terms and conditions of this Agreement, or to appoint a third party under covenants of confidentiality to verify the same on Client’s behalf. TAM-C shall grant Client’s agents supervised, unimpeded access to the extent necessary to accomplish the inspection and review of all data processing facilities, data files and other documentation used by TAM-C for processing and utilizing PII. TAM-C agrees to provide reasonable assistance to Client at Client’s expense in facilitating this inspection function.
(d) Use of Subcontractors; Transmission of PII to Third Parties: TAM-C may not transfer PII to any third party without Client’s prior written consent, and then only upon such third party’s execution of an agreement containing covenants for the protection of PII no less stringent than those contained in this Agreement. Nothing in this Exhibit shall be construed to prohibit either party from sharing its own account information with any third party.
(e) Data Security: TAM-C shall implement, at a minimum, the data security measures and observe the minimum standards for the protection of PII as set forth in this Paragraph (e):
(i) Access of Persons: TAM-C agrees to use reasonable measures, which shall include encryption and two-factor authentication, to prevent unauthorized persons from gaining access to the data processing equipment or media where PII is stored or processed. TAM-C agrees to provide its employees and agents access to PII on a need-to-know basis only and agrees to cause any persons having authorized access to such information to be bound by obligations of confidentiality, non-use and non-disclosure no less stringent than those imposed upon TAM-C by this Agreement.
(ii) Data Media: TAM-C agrees to use reasonable measures, including encryption, to prevent the unauthorized reading, copying alteration or removal of the data media used by TAM-C and containing PII.
(iii) Retention: TAM-C shall not retain PII any longer than is reasonably necessary to accomplish the intended purposes for which PII was transferred as set forth in this Agreement or as required by specific government laws or regulations. Upon the earlier termination of this Agreement or the written request of Client, TAM-C shall delete and/or destroy all PII in TAM-C’s possession, including any copies thereof, and shall deliver a written statement to Client within 15 days of Client’s request confirming that TAM-C has done so. Any such deletion or destruction shall be accomplished using a method that renders partial or full reconstruction of the data not possible.
(iv) Data Memory: TAM-C agrees to use reasonable measures, including encryption, to prevent unauthorized data input into memory and the unauthorized reading, alteration or deletion of PII.
(v) Personnel: Upon request, TAM-C shall provide Client with a list of TAM-C’s employees entrusted with processing the PII transferred by TAM-C, together with a description of their access rights.
(vi) Transmission: TAM-C agrees to use reasonable measures, including encryption, to prevent PII from being read, copied, altered or deleted by unauthorized parties during the transmission thereof or during the transport of the data media on which PII is stored.
(vii) Security Logs: TAM-C agrees to maintain comprehensive security logs with respect to systems on which Client PII is processed as evidence for forensic investigations;
(f) Duration of Obligation: Recipient’s confidentiality obligations set forth in this Exhibit with respect to PII shall remain in effect in perpetuity; provided, however, that if governing law requires a reasonable limit upon the duration of such obligation for such obligation to be enforceable, the parties agree that a duration of the longer of ten (10) years from the date of this Agreement or ten (10) years from the date of receipt of the PII shall be deemed reasonable.
(g) Breach Notification. TAM-C shall report any actual or suspected security breach (data or network) to Client in a prompt and timely manner and assist Client in the investigation thereof.
(h) Incorporation of Provisions regarding Confidential Information: Except to the extent modified by Paragraph (f) above, Article 5 in the main body of this Agreement shall apply to Personally Identifying Information to the same extent as Confidential Information.
(I) Independent Recourse Mechanism
In compliance with the Privacy Shield Principles, TAM-C Solutions commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact TAM-C Solutions at:
Phone- +1 202-922-0068,
For more information please refer to – https://www.jamsadr.com/eu-us-privacy-shield.
TAM-C Solutions has further committed to refer unresolved Privacy Shield complaints to JAMS Privacy Shield, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit Jams Privacy Shield for more information or to file a complaint. The services of Jams Privacy Shield are provided at no cost to you.