Laserfiche WebLink
6.11). - Page 127 of 179 <br />3.3. In the event of or more Errors of Level 3 or higher during any calendar month, City may <br />terminate this Purchase Agreement for material breach, provided City notifies Vendor in <br />writing of termination within 30 days of the end of such calendar month. <br />Data Security <br />4. Data Security. <br />4.1. Data Ownership. City will own all right, title and interest in its data that is related to the <br />Services provided under this Purchase Agreement. Vendor shall not access City user accounts <br />or City Data except (1) as necessary to provide the Services, (2) in response to service or <br />technical issues, (3) as required by the express terms of this Purchase Agreement or (4) at <br />City's written request. <br />4.2. Data Protection. Protection of personal privacy and data shall be an integral part of the <br />business activities of Vendor to ensure there is no inappropriate or unauthorized use of City's <br />data at any time. To this end, Vendor shall safeguard the confidentiality, integrity, and <br />availability of City information and City Data, and comply with the following conditions: <br />4.2..1. Vendor shall implement and maintain appropriate administrative, technical and <br />organizational security measures to safeguard against unauthorized access, <br />disclosure or theft of Personal Data and Non -Public Data. Such security measures <br />shall be in accordance with recognized industry practice and not less stringent than <br />the measures Vendor applies to its own Personal Data and Non -Public Data of <br />similar kind. <br />4.2..2. All data obtained by Vendor in the performance of this Purchase Agreement shall <br />become and remain the property of the City, except where such data belongs to a <br />cardholder under applicable law. <br />4.3. All Personal Data and Non -Public Data shall be encrypted at rest and in transit with controlled <br />access. Unless otherwise stipulated, Vendor is responsible for encryption of the Personal Data <br />and Non -Public Data. Any stipulation of responsibilities will identify specific roles and <br />responsibilities and shall be included in a service level agreement signed by Vendor and City. <br />4.4. Vendor warrants and represents that it is PCI -DSS SAQ-D compliant and that any data <br />transmitted by the Services will be sent via industry -standard PCI -compliant means. For data <br />at rest, Vendor shall ensure hard drive encryption consistent with validated cryptography <br />standards as referenced in FIPS 140-2, Security Requirements for Cryptographic Modules for <br />all Personal Data. <br />4.5. At no time shall any data or processes — that either belong to or are intended for the use of <br />City or its officers, agents or employees — be copied, disclosed or retained by Vendor or any <br />party related to Vendor for subsequent use in any transaction that does not include the City. <br />4.6. Vendor shall not use any information collected in connection with the Services issued from <br />this Purchase Agreement for any purpose other than fulfilling the Services. <br />O7P FORM 40000, <br />166 <br />