Komiko takes the protection of its customers data seriously and has made significant financial investments to maintain the protection of all PII that it processes. For the purposes of this Agreement, the term “PII” and all forms of the word “process” shall have the same definitions as given to such terms in the VeraSafe Privacy Program Certification Criteria (the “Certification Criteria”) located at https://www.verasafe.com/privacy-services/certification-standard/, as amended from time to time. To maintain compliance with the Certification Criteria as well as other applicable data protection laws and frameworks, Komiko:
- To the extent it is required to process PII for the purpose of performing its obligations under the Agreement, Komiko agrees and warrants that it and any subcontractor(s) will provide at least the same level of protection for such PII as would be required by the General Data Protection Regulation of the European Union (Regulation (EU) 2016/679) were the Regulation to apply to such data processing.
- Komiko agrees and warrants that it, and any subcontractor(s), will not process PII received from the Company for any purpose outside the limited, explicit scope defined by the Agreement and/or any attached Schedule(s) or Statement(s) of Work (SOW(s)).
- Komiko agrees and warrants that it will maintain the confidentiality of PII that it and its subcontractors process on behalf of the Company and will limit access to such PII to employees and subcontractors (i) who have a legitimate need to access such PII for performance under the Agreement, and (ii) who have committed themselves to confidentiality by the execution of a nondisclosure agreement or who are under a preexisting statutory obligation of confidentiality.
- Komiko agrees and warrants that, in the event that it or any of its employees or subcontractors becomes unable to satisfy the data protection obligations referred to in subsections (a) through (c) of this Section 13 (a “Decreased Protection Standards Event”), it shall notify the Company immediately by the most efficient method of notice available to it under the Agreement.
Upon receipt of notice pursuant to Section 13(d) above, the Company shall have the right to terminate the Agreement immediately, notwithstanding any other termination provisions of the Agreement. In the alternative, the Company may, at its sole discretion, give Komiko a reasonable amount of time to cure the circumstances or system issues that caused the Decreased Protection Standards Event. Upon receipt of assurances satisfactory to the Company that the Decreased Protection Standards Event has been cured, the Company may, in its sole discretion, opt to continue the term of the Agreement until its natural termination.
- Notwithstanding any provisions of the Agreement to the contrary (including, but not limited to, provisions related to the nondisclosure of confidential information by either party), the Company shall have the right to provide a summary or a representative copy of this clause and any other relevant privacy provisions of the Agreement to applicable regulatory authorities identified in the Certification Criteria as well as other applicable data protection laws and frameworks (including, but not limited to, the U.S. Department of Commerce or the Federal Trade Commission) upon request by such.
- It is intended by the parties that all provisions of this section be severable. If any term or provision hereof is illegal or invalid for any reason whatsoever, such illegality or invalidity shall not affect the validity or legality of the remainder of this section or the Agreement, and any such unenforceable term or provision shall be modified to the minimum extent necessary to make the term or provision enforceable.