Privacy and Data Security Standards
These Privacy and Data Security Standards apply to Customers of the NetSense services. In the event of a conflict between these terms and any other agreement referencing these terms, these terms will control.
Section 1: Customer Responsibilities
1.1 Use of Raw Data. Customer will not permit the use of any Raw Data or disclose (or permit the disclosure of) any Raw Data to any third party except as expressly permitted and authorized in an agreement and solely in accordance with the terms thereof and hereof. To the extent Customer processes, uses or otherwise accesses Raw Data for its own benefit or discloses (or permits the disclosure of) any Raw Data to any third party, Customer agrees that it is solely responsible for such disclosure, processing, use or access and that, in no event, will Sensity be liable for such disclosure, processing, use or access. Any use of Raw Data other than as expressly permitted by an agreement is strictly prohibited.
1.2 Notice and Consent. Customer agrees that it is solely responsible for obtaining all required consents in connection with any use of the Sensity Services or the Hardware Products and that such consent will be compliant with all Applicable Law, including data protection legislation and other privacy laws, rules, and regulations. Without limiting the foregoing, before collecting any data from individuals, Customer must provide adequate notice of what data Customer collects and how it will be used and/or shared and obtain any necessary consents.
Section 2: Security Safegaurds
Customer is fully responsible for any authorized or unauthorized collection, storage, use, disclosure, processing of or access to data collected, stored, used, disclosed, processed or otherwise accessed by Customer. Customer will implement and maintain administrative, physical and technical safeguards (“Safeguards”) that prevent the collection, use, disclosure of, or access to any data derived directly or indirectly from the Sensity Services or the Hardware Products in any manner not authorized under the agreement, including, without limitation, a written information security program that meets best industry practices to safeguard such data. Such information security program will include, without limitation, (i) adequate physical security of all premises in which any data derived directly or indirectly from the Sensity Services or the Hardware Products will be processed and/or stored; (ii) reasonable precautions taken with respect to the employment of, and access given to, Customer personnel, including background checks and security clearances that assign specific access privileges to individuals, training of employees on the proper use of the computer security system and the importance of information security, and restricting access to records and files containing any data derived directly or indirectly from the Sensity Services or the Hardware Products to those who need such information to perform their job duties; and (iii) an appropriate network security program, including designation of one or more employees to coordinate the security program, monitoring of systems for unauthorized use of or access to any data derived directly or indirectly from the Sensity Services or the Hardware Products, appropriate access and data integrity controls, testing and auditing of all controls, appropriate corrective action and incident response plans, and encryption of all records and files containing any data derived directly or indirectly from the Sensity Services or the Hardware Products that will travel across public networks, be transmitted wirelessly, or be transmitted outside of the Customer’s secure system.
Section 3: Security Audits
Upon reasonable advance notice, Sensity, its authorized representatives, or an independent third party, may conduct an information security audit of Customer’s internal systems and procedures regarding the retention of Raw Data and any other data derived directly or indirectly from the Sensity Services or the Hardware Products. Customer will (a) cooperate with any such audit, (b) address any security shortcomings identified in the audit by implementing industry best practices, and (c) certify in writing to Sensity that Customer has corrected any such shortcomings within thirty (30) days of receiving notice of the audit results. All costs of the audit, excluding any costs to address or correct security shortcomings, will be borne by Sensity.
Section 4: Security Breach
Customer will immediately notify Sensity of any actual, probable or reasonable suspected breach of security involving its systems or any loss, misuse, or accidental or unauthorized access, disclosure, alteration, or destruction of Raw Data or any other data accessed or stored by Customer (each, a “Security Breach”). In any notification to Sensity, Customer will designate a single individual employed by Customer who must be available to Sensity 24-hours per day, 7-days per week as a contact regarding Customer’s obligations. Customer will immediately (a) notify Sensity of any third-party legal processes relating to the Security Breach; (b) help Sensity investigate, remedy, and take any other action the Sensity deems necessary regarding the Security Breach and any dispute, inquiry, investigation, or claim concerning the Security Breach; and (c) provide Sensity with assurance satisfactory to Sensity that such Security Breach will not recur.
Without limiting the generality of the foregoing, Customer will take the following actions in the event of any Security Breach: (i) If Sensity reasonably believes that any Applicable Law requires that Sensity provide notice of a Security Breach to any affected individuals, state Attorneys General, or other governmental or other agencies or entities, whether foreign or domestic (“Notice”), then Customer will cooperate with Sensity in the preparation and provision of such Notice; (ii) Customer will reimburse Sensity for Sensity’s out-of-pocket costs and expenses arising out of a Security Breach, regardless of whether a claim is asserted against Sensity, including without limitation (x) the cost of preparing and delivering any Notice, and (y) any attorneys’ fees, costs or expenses associated with the preparation of such Notices; and (iii) if Sensity reasonably believes it is necessary to provide each affected individual of a Security Breach one (1) year of identity protection and/or credit insurance services in order to comply with Applicable Law or to avoid injury to its customers, then Customer will bear the reasonable, out-of-pocket costs of providing such services from a nationally recognized supplier of such services, to be determined in Sensity’s sole discretion.
Section 5: Representations and Warranties