WHEREAS, the parties anticipate ongoing business relations that will involve the disclosure to one another of Confidential Information (as defined below); and
WHEREAS, the parties desire to set forth their rights and obligations with respect to the use, dissemination and protection of each other’s Confidential Information.
NOW THEREFORE, in consideration of the mutual covenants and agreements set forth below, and for other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, it is understood and agreed as follows:
1. Confidential Information. All information, written, electronic or oral, relating to the business, operations, plans, services, facilities, processes, software, methodologies, technologies, intellectual property, research and development, clients and suppliers, partners, principals, employees, consultants and authorized agents of the disclosing party that is supplied by or on behalf of the disclosing party to the other party or otherwise acquired by the other party during the course of dealings between the parties or otherwise, shall be deemed “Confidential Information.”
1.1 Confidential Information, as such term relates to PwC, shall include the Confidential Information of any PwC Network Firm (as defined below) whether or not provided by PwC or PwC Network Firm. “PwC Network Firm” means the following entities: (1) an entity that has executed a written participation agreement with PricewaterhouseCoopers International Limited ("PwCIL") and/or a Name License Agreement with the PwC Business Trust; (2) an entity that has executed an agreement with any entity described in clause (1) above for the purpose of participating in PwCIL; and (3) a subsidiary or affiliate of an entity in clauses (1) and (2) above.
2. Use, Dissemination and Protection Obligations. In consideration of the disclosures hereunder, each party shall keep in confidence the other’s Confidential Information during the term of this Agreement and for a period not less than five (5) years from the date of termination of this Agreement. To this end:
(a) Each party shall use the other’s Confidential Information only for the purposes of the particular business objective or written agreement pursuant to which a given item of Confidential Information was disclosed. Upon the completion of the business objective or the termination of any written agreement pursuant to which a given item of Confidential Information was disclosed, or upon the demand of the disclosing party, an authorized officer of the recipient shall promptly, at the election of the disclosing party, either return to the disclosing party or destroy (including permanently deleting such Confidential Information from all computer records) all Confidential Information in the recipient’s possession or control relating to such business objective or written agreement, and shall certify to the disclosing party as to such return or destruction.
(b) Neither party may disclose the other’s Confidential Information to third persons without the disclosing party’s prior written consent, provided that each party may disclose the other’s Confidential Information to its employees and authorized agents, subcontractors, partners, principals and consultants on a need-to-know basis. Each party shall be responsible for ensuring that any of its employees, authorized agents, subcontractors, partners, principals and consultants who receive Confidential Information comply with the foregoing obligations.
(c) The recipient of Confidential Information shall exercise the same degree of care with respect to the disclosing party’s Confidential Information as the recipient normally takes to safeguard and preserve its own proprietary information, provided that in no event shall the degree of care be less than a reasonable degree of care. Upon discovery of any prohibited use or disclosure, the recipient of Confidential Information shall immediately notify the disclosing party in writing and shall make its best efforts to prevent any further prohibited use or disclosure; however, such remedial actions shall in no manner relieve the recipient’s obligations or liabilities for breach hereunder.
3. Limitations on Obligations. This Agreement shall not restrict disclosure or use of Confidential Information that:
(a) was, at the time of receipt, otherwise known to the recipient without restrictions as to use or disclosure;
(b) was in the public domain at the time of disclosure or thereafter enters into the public domain through no breach of this Agreement by the recipient;
(c) becomes known to the recipient from a source other than the disclosing party, which source has no duty of confidentiality with respect to the information;
(d) is independently developed by the recipient without reliance on or access to any of the disclosing party’s Confidential Information; or
(e) is required to be disclosed by a government agency or bureau, by a court of law or equity with competent jurisdiction over the recipient or by a recognized body engaged in professional self-regulation (such as national accounting or auditing associations), provided that the recipient will first have provided the disclosing party with prompt written notice of such required disclosure and will take reasonable steps to allow the disclosing party to seek a protective order with respect to the Confidential Information required to be disclosed. The recipient will promptly cooperate with and assist the disclosing party, at the disclosing party's expense, in connection with obtaining such protective order.
4. Personal Information. In addition to the requirements of paragraphs 1-2, Supplier also agrees to provide the additional protections set forth below for any Personal Information obtained from PwC or in connection with the provision of services, functions, and/or transactions to be provided under this Agreement. Personal Information means any individually identifiable information about PwC customers, clients, employees, partners, principals or other individuals about whom Supplier receives identifiable information in connection with the provision of services, functions, and/or transactions to be provided under this Agreement. Personal Information is included within the definition of Confidential Information as contained in this Agreement (and is subject to the provisions of this Agreement protecting Confidential Information), but also shall be subject to the additional protections set forth in this Paragraph 4.
4.1 Supplier agrees that it will use and disclose Personal Information only in connection with the services, functions, and/or transactions to be provided under this Agreement, or as required by law. No other use or disclosure of this information is permitted without the express written consent of PwC.
4.2 The “Limitations on Obligations” set forth in paragraph 3 (other than subparagraph (e)) of this Agreement shall not apply to Personal Information. All Personal Information obtained from PwC or in connection with the provision of services to PwC pursuant to this Agreement shall be protected pursuant to this paragraph.
4.3 In the event that Supplier receives a request from a third party to access any Personal Information in Supplier's possession, Supplier will promptly forward a copy of such request to PwC. Upon PwC's request, Supplier will make Personal Information in its possession available to PwC or any third party designated in writing by PwC, and will correct Personal Information in Supplier's possession in accordance with PwC's written instructions.
5. Safeguards. Supplier will develop, implement, maintain and use appropriate administrative, technical and physical safeguards to preserve the security, integrity and confidentiality of, and to prevent intentional or unintentional non-permitted or violating use or disclosure of, and to protect against unauthorized access to or accidental or unlawful destruction, loss or alteration of, the Personal Information or Confidential Information created or received for or from PwC in connection with the services, functions, and/or transactions to be provided under this Agreement. Supplier will document and keep these safeguards current.
6. Subcontractors. Supplier will require any of its subcontractors and agents, to which Supplier is permitted by this Agreement or in writing by PwC to disclose any of the Personal Information or Confidential Information Supplier creates or receives for or from PwC, to provide reasonable assurance, evidenced by written contract, that such subcontractor or agent will comply with the same privacy and security obligations as Supplier with respect to such Personal Information or Confidential Information.
7. Security Breaches. Supplier will report to PwC any privacy or security Incident of which it becomes aware. A privacy or security “Incident” is an unauthorized access, use, disclosure, modification or destruction of information or interference with any Personal Information or Confidential Information. Supplier will make the written report to the designated contact indicated in the Agreement or PwC’s Office of the General Counsel not more than five (5) days after Supplier learns of such non-permitted or violating use or disclosure. Supplier’s report will contain at least information concerning the nature and impact of the Incident and Supplier’s steps to mitigate this impact. Supplier further shall cooperate as reasonably requested by PwC, in order to further investigate and resolve the Incident. In the event of a breach and/or an Incident, Supplier agrees to pay all costs and expenses associated with the breach and/or the Incident, including but not limited to notification costs, and costs relating to credit monitoring.
8. Audit. Supplier shall allow PwC the right to audit Supplier’s privacy and security policies and practices (at PwC’s reasonable dis