A cloud-based administration,
engagement, and analytics platform

Data Security Addendum

1. BACKGROUND
1.1 In the event that Vitech Processes any Personal Data (each as defined below) on behalf of Customer, this Data Security Addendum (the “DSA“) will be supplemental to the Agreement and apply to the Processing of such Personal Data. In the event of a conflict between any of the provisions of this DSA and the provisions of the Agreement, the provisions of this DSA will prevail. This DSA is between Vitech and the Customer (each a “Party” and collectively the “Parties“).

2. DEFINITIONS
2.1 Unless otherwise set out below, each capitalized term in this DSA will have the meaning set out in the Agreement, and the following capitalized terms used in this DSA will be defined as follows:

(a) “Personal Data” means personally identifiable information (as that term is defined under applicable privacy and data security law) or non-public personal information (as that term is defined under the Gramm-Leach-Bliley Act of 1996, as amended).

(b) “Process” and its derivatives means to (a) obtain, access, collect, reproduce, merge, modify, organize, combine, log, catalog, maintain, store, copy, or adapt; (b) use, retrieve, output, transmit, share, transfer, distribute, or otherwise provide and make available; or (c) block, erase, disclose or destroy.

(c) “Security Incident” means any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, any Personal Data that Vitech stores on behalf of Customer that is caused by Vitech.

3. DATA PROCESSING AND SECURITY
3.1 Data Processing and Security. Vitech has adopted and implemented, and will maintain, reasonable and appropriate technical, organizational, administrative, and other security measures designed to help prevent the destruction, loss, unauthorized access to, or unauthorized use of Personal Data stored on Vitech’s systems, as well as procedures for business continuity, disaster recovery, and responding to, managing, investigating and remediating incidents involving such Personal Data, including the provision of reasonably timely notice thereof.

3.2 Compliance with Applicable Privacy and Data Security Laws. To the extent Vitech Processes Personal Data on behalf of Customer in Vitech’s performance under an Agreement, Vitech will comply with the intent of applicable privacy and data security law with respect to all such Personal Data but, because the laws of the several states treat identical types of information differently, will not be responsible for idiosyncratic variations in state law unless: (a) Vitech is made expressly aware of the state of residence of a data subject; and (b) the specific state law requirement .

3.3 Required consents. Where required by applicable privacy and data security laws, Customer represents and warrants that it has obtained (or will obtain prior to the provision of such Personal Data to Vitech, as applicable) all necessary consents for the Processing of Personal Data by Vitech in accordance with the Agreement.

4. SECURITY INCIDENT NOTIFICATION
4.1 Security Incident Notification. If Vitech becomes aware of a Security Incident, Vitech will (a) notify Customer of the Security Incident within 72 hours, (b) investigate the Security Incident and provide such reasonable assistance to Customer (and any law enforcement or regulatory official) as required to investigate the Security Incident, and (c) take reasonable steps to remedy any non-compliance with this DSA.

4.2 Vitech Employees and Personnel. Vitech will treat Personal Data as the confidential information of the Customer, and will require that any employees or other personnel have agreed in writing to protect the confidentiality and security of Personal Data.

5. QUESTIONNAIRES
5.1 Questionnaires. Vitech will, upon request from Customer, respond to reasonable questionnaires by Customer (or a third-party auditor on behalf of, and mandated by, Customer) provided such questionnaires are not provided more than once per year. If a third party is to administer the questionnaire on behalf of Customer, the third party must be mutually agreed to by Vitech and Customer and must execute a written confidentiality agreement with Vitech that is acceptable to Vitech before responding to the questionnaire. Customer and its third-party auditor will comply with any and all Vitech policies and provided to Customer and/or such third-party auditor in connection with such questionnaire and the responses to such questionnaire will be deemed Confidential Information of Vitech.


A cloud-based administration,
engagement, and analytics platform

Data Security Addendum

1. BACKGROUND
1.1 In the event that Vitech Processes any Personal Data (each as defined below) on behalf of Customer, this Data Security Addendum (the “DSA“) will be supplemental to the Agreement and apply to the Processing of such Personal Data. In the event of a conflict between any of the provisions of this DSA and the provisions of the Agreement, the provisions of this DSA will prevail. This DSA is between Vitech and the Customer (each a “Party” and collectively the “Parties“).

2. DEFINITIONS
2.1 Unless otherwise set out below, each capitalized term in this DSA will have the meaning set out in the Agreement, and the following capitalized terms used in this DSA will be defined as follows:

(a) “Personal Data” means personally identifiable information (as that term is defined under applicable privacy and data security law) or non-public personal information (as that term is defined under the Gramm-Leach-Bliley Act of 1996, as amended).

(b) “Process” and its derivatives means to (a) obtain, access, collect, reproduce, merge, modify, organize, combine, log, catalog, maintain, store, copy, or adapt; (b) use, retrieve, output, transmit, share, transfer, distribute, or otherwise provide and make available; or (c) block, erase, disclose or destroy.

(c) “Security Incident” means any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, any Personal Data that Vitech stores on behalf of Customer that is caused by Vitech.

3. DATA PROCESSING AND SECURITY
3.1 Data Processing and Security. Vitech has adopted and implemented, and will maintain, reasonable and appropriate technical, organizational, administrative, and other security measures designed to help prevent the destruction, loss, unauthorized access to, or unauthorized use of Personal Data stored on Vitech’s systems, as well as procedures for business continuity, disaster recovery, and responding to, managing, investigating and remediating incidents involving such Personal Data, including the provision of reasonably timely notice thereof.

3.2 Compliance with Applicable Privacy and Data Security Laws. To the extent Vitech Processes Personal Data on behalf of Customer in Vitech’s performance under an Agreement, Vitech will comply with the intent of applicable privacy and data security law with respect to all such Personal Data but, because the laws of the several states treat identical types of information differently, will not be responsible for idiosyncratic variations in state law unless: (a) Vitech is made expressly aware of the state of residence of a data subject; and (b) the specific state law requirement .

3.3 Required consents. Where required by applicable privacy and data security laws, Customer represents and warrants that it has obtained (or will obtain prior to the provision of such Personal Data to Vitech, as applicable) all necessary consents for the Processing of Personal Data by Vitech in accordance with the Agreement.

4. SECURITY INCIDENT NOTIFICATION
4.1 Security Incident Notification. If Vitech becomes aware of a Security Incident, Vitech will (a) notify Customer of the Security Incident within 72 hours, (b) investigate the Security Incident and provide such reasonable assistance to Customer (and any law enforcement or regulatory official) as required to investigate the Security Incident, and (c) take reasonable steps to remedy any non-compliance with this DSA.

4.2 Vitech Employees and Personnel. Vitech will treat Personal Data as the confidential information of the Customer, and will require that any employees or other personnel have agreed in writing to protect the confidentiality and security of Personal Data.

5. QUESTIONNAIRES
5.1 Questionnaires. Vitech will, upon request from Customer, respond to reasonable questionnaires by Customer (or a third-party auditor on behalf of, and mandated by, Customer) provided such questionnaires are not provided more than once per year. If a third party is to administer the questionnaire on behalf of Customer, the third party must be mutually agreed to by Vitech and Customer and must execute a written confidentiality agreement with Vitech that is acceptable to Vitech before responding to the questionnaire. Customer and its third-party auditor will comply with any and all Vitech policies and provided to Customer and/or such third-party auditor in connection with such questionnaire and the responses to such questionnaire will be deemed Confidential Information of Vitech.


A cloud-based administration,
engagement, and analytics platform

Data Security Addendum

1. BACKGROUND
1.1 In the event that Vitech Processes any Personal Data (each as defined below) on behalf of Customer, this Data Security Addendum (the “DSA“) will be supplemental to the Agreement and apply to the Processing of such Personal Data. In the event of a conflict between any of the provisions of this DSA and the provisions of the Agreement, the provisions of this DSA will prevail. This DSA is between Vitech and the Customer (each a “Party” and collectively the “Parties“).

2. DEFINITIONS
2.1 Unless otherwise set out below, each capitalized term in this DSA will have the meaning set out in the Agreement, and the following capitalized terms used in this DSA will be defined as follows:

(a) “Personal Data” means personally identifiable information (as that term is defined under applicable privacy and data security law) or non-public personal information (as that term is defined under the Gramm-Leach-Bliley Act of 1996, as amended).

(b) “Process” and its derivatives means to (a) obtain, access, collect, reproduce, merge, modify, organize, combine, log, catalog, maintain, store, copy, or adapt; (b) use, retrieve, output, transmit, share, transfer, distribute, or otherwise provide and make available; or (c) block, erase, disclose or destroy.

(c) “Security Incident” means any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, any Personal Data that Vitech stores on behalf of Customer that is caused by Vitech.

3. DATA PROCESSING AND SECURITY
3.1 Data Processing and Security. Vitech has adopted and implemented, and will maintain, reasonable and appropriate technical, organizational, administrative, and other security measures designed to help prevent the destruction, loss, unauthorized access to, or unauthorized use of Personal Data stored on Vitech’s systems, as well as procedures for business continuity, disaster recovery, and responding to, managing, investigating and remediating incidents involving such Personal Data, including the provision of reasonably timely notice thereof.

3.2 Compliance with Applicable Privacy and Data Security Laws. To the extent Vitech Processes Personal Data on behalf of Customer in Vitech’s performance under an Agreement, Vitech will comply with the intent of applicable privacy and data security law with respect to all such Personal Data but, because the laws of the several states treat identical types of information differently, will not be responsible for idiosyncratic variations in state law unless: (a) Vitech is made expressly aware of the state of residence of a data subject; and (b) the specific state law requirement .

3.3 Required consents. Where required by applicable privacy and data security laws, Customer represents and warrants that it has obtained (or will obtain prior to the provision of such Personal Data to Vitech, as applicable) all necessary consents for the Processing of Personal Data by Vitech in accordance with the Agreement.

4. SECURITY INCIDENT NOTIFICATION
4.1 Security Incident Notification. If Vitech becomes aware of a Security Incident, Vitech will (a) notify Customer of the Security Incident within 72 hours, (b) investigate the Security Incident and provide such reasonable assistance to Customer (and any law enforcement or regulatory official) as required to investigate the Security Incident, and (c) take reasonable steps to remedy any non-compliance with this DSA.

4.2 Vitech Employees and Personnel. Vitech will treat Personal Data as the confidential information of the Customer, and will require that any employees or other personnel have agreed in writing to protect the confidentiality and security of Personal Data.

5. QUESTIONNAIRES
5.1 Questionnaires. Vitech will, upon request from Customer, respond to reasonable questionnaires by Customer (or a third-party auditor on behalf of, and mandated by, Customer) provided such questionnaires are not provided more than once per year. If a third party is to administer the questionnaire on behalf of Customer, the third party must be mutually agreed to by Vitech and Customer and must execute a written confidentiality agreement with Vitech that is acceptable to Vitech before responding to the questionnaire. Customer and its third-party auditor will comply with any and all Vitech policies and provided to Customer and/or such third-party auditor in connection with such questionnaire and the responses to such questionnaire will be deemed Confidential Information of Vitech.

    © Vitech Systems Sub LLC 2020. All rights reserved. | Privacy Policy. Vitech refers to Vitech Systems Sub LLC and may sometimes refer to VSG Hosting Sub LLC. Vitech Systems Sub LLC is a separate legal entity from VSG Hosting Sub LLC.