Laserfiche WebLink
CentralSquare remains required by law to disclose any Confidential Information, CentralSquare shall <br />disclose only that portion of the Confidential Information that CentralSquare is legally required to disclose. <br />9.2. Upon expiration or termination of this Agreement, or upon demand by CentralSquare, Customer shall (i) <br />return to CentralSquare all copies of CentralSquare's Confidential Information in Customer's possession <br />or under CentralSquare's control, or (ii) destroy all copies of CentralSquare's Confidential Information in <br />Customer's possession and so certify such destruction to CentralSquare in writing. Notwithstanding the <br />foregoing, Customer may retain data or records in electronic form containing Confidential Information for <br />the purposes of backup, recovery, contingency planning, or business continuity planning, so long as such <br />data or records, to the extent not permanently deleted or overwritten in the ordinary course of business, <br />are not accessible in the ordinary course of business and are not accessed except as required by <br />Customer only for backup, recovery, contingency planning, or business continuity purposes. <br />9.3. Public Records Act. Notwithstanding anything to the contrary in this Agreement, CentralSquare <br />acknowledges that City is a public agency subject to disclosure requirements on the California Public <br />Records Act ("CPRA"). In the event of a request for information under the CPRA marked by CentralSquare <br />as "Confidential information," City will make reasonable efforts to provide notice to CentralSquare prior to <br />such disclosure, allowing enough time for CentralSquare to seek a protective order, injunctive relief, or other <br />appropriate remedy. If CentralSquare contends that any documents are exempt from the CPRA and wishes <br />to prevent disclosure, it is required, at its own, cost, liability, and expense to obtain a protective order, <br />injunctive relief or other appropriate remedy from a court having jurisdiction over the matter at least two (2) <br />days before City's deadline to respond to the CPRA request. If CentralSquare fails to obtain such a remedy <br />before the deadline for City's response to the CPRA request, City will disclose the requested information <br />and shall not be liable or responsible for such disclosure. <br />10. Security. <br />10.1. CentralSquare will implement commercially reasonable administrative, technical and physical safeguards <br />designed to ensure the security and confidentiality of Customer Data, protect against any anticipated <br />threats or hazards to the security or integrity of Customer Data, and protect against unauthorized access <br />or use of Customer Data. CentralSquare will review and test such safeguards on no less than an annual <br />basis. <br />10.2. Customer shall maintain, in connection with the operation or use of the Solutions, adequate technical and <br />procedural access controls and system security requirements and devices, necessary for data privacy, <br />confidentiality, integrity, authorization, authentication and non -repudiation and virus detection and <br />eradication. <br />10.3. To the extent that Authorized Users are permitted to have access to the Solutions, Customer shall <br />maintain agreements with such Authorized Users that adequately protect the confidentiality and <br />Intellectual Property Rights of CentralSquare in the Solutions and Documentation, and disclaim any <br />liability or responsibility of CentralSquare with respect to such Authorized Users. <br />11. Personal Data. If CentralSquare processes or otherwise has access to any personal data or personal <br />information on Customer's behalf when performing CentralSquare 's obligations under this Agreement, then: <br />11.1. Customer shall be the data controller (where "data controller" means an entity which alone orjointly with <br />others determines purposes for which and the manner in which any personal data are, or are to be, <br />processed) and CentralSquare shall be a data processor (where "data processor" means an entity <br />which processes the data only on behalf of the data controller and not for any purposes of its own); <br />11.2. Customer shall ensure that it has obtained all necessary consents and it is entitled to transfer the relevant <br />personal data or personal information to CentralSquare so that CentralSquare may lawfully use, process <br />and transfer the personal data and personal information in accordance with this Agreement on <br />Customer's behalf, which may include CentralSquare processing and transferring the relevant personal <br />data or personal information outside the country where Customer and the Authorized Users are located <br />in order for CentralSquare to provide the Solutions and perform its other obligations under this <br />Agreement; and <br />11.3. CentralSquare shall process personal data and information only in accordance with lawful and reasonable <br />instructions given by Customer and as set out in and in accordance with the terms of this Agreement; <br />and <br />REV: 12-22-2020 PR <br />ATTY/AGR.2020.307/Central Square (Page 7 of 26) <br />