Last Modified: 05/01/2023
In addition to other confidentiality agreements set forth, CORE agrees that it will treat confidentially any data it receives from or on behalf of the Institution relating to any identified or identifiable natural persons, whether customers, former customers, employees, business contacts, vendors or others, by reference to any name, address, telephone or fax numbers, identification numbers, or any factors specific to their economic, cultural, or social identities or preferences (collectively “Personal Data”).
CORE shall ensure that (A) Personal Data received and collected by CORE hereunder is collected, recorded, organized, disclosed, transferred, stored, deleted, processed (both electronically and manually) or otherwise used (collectively “Processed”) only in accordance with these Terms and Conditions, or as otherwise instructed from time to time by the Institution; (B) Personal Data is not disclosed or transferred to any third party or to any jurisdiction other than where it was received without the prior written permission from the Institution, except (1) as specifically stated in any SOW or (2) where such disclosure or transfer is required by any applicable law, regulation or supervisory authority, in which case CORE shall, wherever possible, notify the Institution promptly (and in any event within five days of receipt) in writing prior to complying with any such request for disclosure or transfer, and that CORE shall comply with all reasonable directions of the Institution with respect to such disclosure or transfer; © all Personal Data are accurate in the sense that CORE will have kept it in the same form and substance as received from the Institution, and, where necessary, kept updated, and CORE will use best efforts to ensure that any Personal Data which is inaccurate or incomplete is erased or rectified; and (D) all appropriate and legally required technical, physical and organizational security measures are taken to protect Personal Data against accidental or unlawful destruction, loss or alteration, or unauthorized access and against all unauthorized or unlawful forms of Processing and to comply with all reasonable audit requests of the Institution to ensure compliance. CORE shall promptly comply with the provisions and reasonable instructions of the Institution to return, store or destroy the Personal Data
CORE will immediately notify the Institution of any accidental, unlawful or unauthorized Processing of Personal Data and of any instances of which CORE becomes aware in which the confidentiality of the Personal Data has been breached, and will mitigate, to the extent practicable, any harmful effect of such breach.