(a) “Personal Data” means any information relating to a project or services that can be used to identify, locate, or contact an individual, including, but not limited to: (a) first and last name; (b) home or other physical address; (c) telephone number; (d) email address or online identifier associated with an individual; (e) employment, financial, or health information; or (f) any other information relating to an individual that is combined with any of the above.
(b) “Processing” means any operation or set of operations that is performed upon Personal Data, whether or not by automatic means, including, but not limited to, collection, recording, organization, storage, access, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, making available, alignment, combination, blocking, deleting, erasure, or destruction.
(c) “Data Security Breach” means: (a) the loss or misuse (by any means) of Personal Data; (b) the inadvertent, unauthorized, and/or unlawful Processing, disclosure, access, alteration, corruption, transfer, or sale or rental, destruction, or use of Personal Data; or (c) any other act or omission that compromises the security, confidentiality, or integrity of Personal Data.
(d) “Technical and Organizational Security Measures” means measures aimed at preventing a Data Security Breach, including but not limited such breach resulting from or arising out of Company's internal use, Processing or other transmission of Personal Data, whether between or among Company's subsidiaries and affiliates, or any other person or entity acting on behalf of Company.
(e) “Provider ” means any person or any entity or affiliate on behalf of said person who provides Personal Data to the Company its subsidiaries and affiliates.
(f) Company means Legalwise or any person entity or affiliate on behalf of Legalwise who receives Personal Data from Providers.
1.2 Obligations of Company
(a)Company shall Process Personal Data only on the instruction of Provider and in accordance with this Agreement and applicable privacy and data protection laws. Provider hereby instructs Company, and Company hereby agrees, to Process Personal Data as necessary to perform Company's obligations under this Agreement or any Agreement reached between Provider and Company whether in relation to a simple enquiry around the use of its Products & Services, and/or the receipt of Products and Services provided by the Company, and for no other purpose.
(b) Company shall not create or maintain data which are derivative of Personal Data except for the purpose of performing its obligations under this Agreement and/or in accordance with the Providers requests and/or as required by the Company in order to comply with Providers requests, and/or in connection with any other agreement between Company and Provider regarding the Company’s products & services.
(c) At any and all times during which Company is Processing Personal Data, Company shall:
(i) Have in place appropriate and reasonable Technical and Organizational Security Measures (consistent with the type of Personal Data being Processed and the Services being provided by Company, and as determined by Company in its sole discretion), and shall include physical, electronic and procedural safeguards to protect the Personal Data supplied to Company against any Data Security Breach;
(ii) Comply with all applicable privacy and data protection laws to which it is subject;
(iii) Not, by any negligent act or omission, place itself in violation of any privacy or data protection law in relation to which the Provider may suffer a loss;
(iv) Notify the Provider of any Data Security Breach and assist and cooperate with Provider concerning any disclosures to affected parties and other remedial measures
(v) Return or destroy (at the election of Provider), or cause or arrange for the return or destruction of, all Personal Data subject to this Agreement, upon the expiration or earlier termination of this Agreement, or when there is no longer any legitimate business need (as determined by Company) to retain such Personal Data, or otherwise and on the instruction of Provider, but in no event later than twenty eight (28) business days from the date of such expiration, earlier termination, expiration of the legitimate business need, or instruction;
The Company is not prohibited however from entering into or receiving separate written consent from any principle investigator it identifies for use in Company's business. The Provider also agrees that generic Personal Data can be used for the purpose of generating general marketing and statistical information and trends in relation to Company business and the profiles of users, but notes that the actual Personal Data relating to individual Providers may not be published or shared unless with the express consent of the Provider.
(vi) Not permit any officer, director, employee, agent, other representative, subsidiary, affiliate, or any other person or entity acting on behalf of Company to Process Personal Data unless such Processing is in compliance with this Agreement and/or any other Agreements relating to the sale and/or provision and/or use of the Companys products and/or services as between the Provider and the Company, and as may be necessary in order to carry out Company's obligations under this and any other Agreement between Provider and Company;
(vii) Not disclose Personal Data to any third party (including, but not limited to, Company's subsidiaries and affiliates and any person or entity acting on behalf of Company) unless with respect to each such disclosure: (A) the disclosure is necessary in order to carry out Company's obligations under this Agreement and/or any other Agreement between the Provider and the Company; (B) such third party is bound by the same provisions and obligations set forth in this Agreement; (C) Company has received Providers prior consent;
(viii) Establish policies and procedures to provide all reasonable and prompt assistance to Provider in responding to any and all requests, complaints, or other communications received from any individual who is or may be the subject of any Personal Data Processed by Company.