PSA - Bond Arbitrage Services - Crowe LLP

Home Browse Search

City of South Bend 7 February 14, 2020 information pursuant to this Agreement, Crowe retains its independence as required by applicable law and professional standards for purposes of providing attest services and other services. Crowe will not (1) sell Personal Data to a third party, or (2) retain, use or disclose Personal Data for any purpose other than for (a) performing the Services and its obligations on this Agreement, (b) as otherwise set forth in this Agreement, (c) to detect security incidents and protect against fraud or illegal activity, (d) to enhance and develop our products and services, including through machine learning and other similar methods and (e) as necessary to comply with applicable law or professional standards. Crowe has implemented and will maintain physical, electronic and procedural safeguards reasonably designed to (i) protect the security, confidentiality and integrity of the Personal Data, (ii) prevent unauthorized access to or use of the Personal Data, and (iii) provide proper disposal of the Personal Data (collectively, the “Safeguards”). Client represents (i) that it has the authority to provide the Personal Data to Crowe in connection with the Services, (ii) that Client has processed and provided the Personal Data to Crowe in accordance with applicable law, and (iii) will limit the Personal Data provided to Crowe to Personal Data necessary to perform the Services. To provide the Services, Client may also need to provide Crowe with access to Personal Data consisting of protected health information, financial account numbers, Social Security or other government-issued identification numbers, or other data that, if disclosed without authorization, would trigger notification requirements under applicable law ("Restricted Personal Data"). In the event Client provides Crowe access to Restricted Personal Data, Client will consult with Crowe on appropriate measures (consistent with legal requirements and professional standards applicable to Crowe) to protect the Restricted Personal Data, such as: deleting or masking unnecessary information before making it available to Crowe, using encryption when transferring it to Crowe, or providing it to Crowe only during on-site review on Client’s site. Client will provide Crowe with Restricted Personal Data only in accordance with mutually agreed protective measures. Otherwise, Client and Crowe agree each may use unencrypted electronic media to correspond or transmit information and such use will not in itself constitute a breach of any confidentiality obligations under this Agreement. Crowe will reasonably cooperate with Client in responding to or addressing any request from a consumer or data subject, a data privacy authority with jurisdiction, or the Client, as necessary to enable Client to comply with its obligations under applicable data protection laws and to the extent related to Personal Data. Client will reimburse Crowe for any out-of-pocket expenses and professional time (at Crowe’s then-current hourly rates) incurred in connection with providing such cooperation. Client will provide prompt written notice to Crowe (with sufficient detailed instructions) of any request or other act that is required to be performed by Crowe. As appropriate, Crowe will promptly delete or procure the deletion of the Personal Data, after the cessation of any Services involving the processing of Client’s Personal Data, or otherwise aggregate or de-identify the Personal Data in such a way as to reasonably prevent reidentification. Notwithstanding the forgoing, Crowe may retain a copy of the Personal Data as permitted by applicable law or professional standards, provided that such Personal Data remain subject to the terms of this Agreement. If Crowe uses a third-party provider, Crowe will include terms substantially similar to those set forth in this Data Protection Paragraph in an agreement with such provider. GENERAL DATA PROTECTION REGULATION COMPLIANCE – If and to the extent that Client provides personal data to Crowe subject to the European Union General Data Protection Regulation (“GDPR”), then in addition to the requirements of the above Data Protection section, this section will apply to such personal data (“EU Personal Data”). The parties agree that for purposes of processing the EU Personal Data, (a) Client will be the “Data Controller” as defined by the GDPR, meaning the organization that determines the purposes and means of processing the EU Personal Data; (b) Crowe will be the “Data Processor” as defined by GDPR, meaning the organization that processes the EU Personal Data on behalf of and under the instructions of the Data Controller; or (c) the parties will be classified as otherwise designated by a supervisory authority with jurisdiction. Client and Crowe each agree to comply with the GDPR requirements applicable to its respective role. Crowe has implemented and will maintain technical and organizational security safeguards reasonably designed to protect the security, confidentiality and integrity of the EU Personal Data. Client represents it has secured all required rights and authority, including consents and notices, to provide such EU Personal Data to Crowe, including without limitation authority to transfer such EU Personal Data to the U.S. or other applicable Country or otherwise make the EU Personal Data available to Crowe, for the duration of and purpose of Crowe providing the Services. The types of EU Personal Data to be processed include name, contact information, title, and other EU Personal Data that is transferred to Crowe in connection with the Services. The EU Personal Data relates to the data subject categories of individuals connected to Client, Client customers, Client vendors, and Client affiliates or subsidiaries (“Data Subjects”). Crowe will process the EU Personal Data for the following purpose: (x) to provide the Services in accordance with this Agreement, (y) to comply with other documented reasonable instructions provided