Confidentiality and Security
Last updated: 16/ 01/ 2019
1. Confidentiality
1.1 Definition of Confidential Information
For the purposes of this Agreement, “Confidential Information” includes all non-public information, whether in written, oral, electronic, or other form, disclosed by one Party (the “Disclosing Party”) to the other Party (the “Receiving Party”) that is designated as confidential or that, given the nature of the information or the circumstances surrounding its disclosure, should reasonably be understood to be confidential. This includes, but is not limited to, business plans, technical data, product ideas, customer lists, financial data, and proprietary software.
1.2 Obligations of Confidentiality
The Receiving Party shall:
– (a) Use the Confidential Information solely for the purpose of performing its obligations under this Agreement;
– (b) Not disclose such Confidential Information to any third party without the prior written consent of the Disclosing Party, except as permitted herein;
– (c) Take all reasonable measures to protect the confidentiality of the Confidential Information, which measures shall be at least as protective as those taken to protect its own confidential information of like nature but in no event less than a reasonable standard of care.
1.3 Exceptions to Confidential Information
Confidential Information does not include information that:
– (a) Is or becomes generally known to the public through no breach of any obligation owed to the Disclosing Party;
– (b) Was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party;
– (c) Is received from a third party without breach of any obligation owed to the Disclosing Party; or
– (d) Was independently developed by the Receiving Party without use of or reference to the Disclosing Party’s Confidential Information.
1.4 Compelled Disclosure
If the Receiving Party is compelled by law or legal process to disclose Confidential Information, it shall provide the Disclosing Party with prompt prior notice of such requirement, to the extent legally permitted, and shall assist the Disclosing Party in seeking a protective order or other appropriate remedy.
1.5 Return or Destruction of Confidential Information
Upon termination of this Agreement or at the request of the Disclosing Party, the Receiving Party shall promptly return or destroy all materials containing Confidential Information and certify in writing that it has done so, except to the extent that the Receiving Party is required to retain such information by applicable law.
2. Security
2.1 Data Protection Measures
AdeptForms shall implement and maintain reasonable administrative, physical, and technical safeguards designed to protect the confidentiality, integrity, and availability of Customer data. These measures shall be consistent with industry standards and comply with applicable laws and regulations, including the Personal Data Protection Act 2012 (PDPA) of Singapore.
2.2 Access Controls
AdeptForms shall ensure that access to Customer data is restricted to those employees, contractors, and agents who need such access to fulfill AdeptForms’ obligations under this Agreement. All such individuals shall be bound by confidentiality obligations.
2.3 Data Breach Notification
In the event of any unauthorized access to or disclosure of Customer data (a “Data Breach”), AdeptForms shall notify the Customer without undue delay and in any event within 24 hours of becoming aware of the Data Breach. Such notice shall include all relevant information relating to the nature of the breach, the data affected, and the steps AdeptForms is taking to mitigate the breach and prevent future occurrences.
2.4 Incident Response
AdeptForms shall maintain an incident response plan and take reasonable steps to immediately limit, contain, and investigate any suspected security incident or Data Breach. AdeptForms shall cooperate with the Customer in investigating and remedying any such incident.
2.5 Data Backup and Recovery
AdeptForms shall implement and maintain procedures for the regular backup of Customer data and shall ensure that such data can be recovered in the event of a failure or data loss incident.
2.6 Security Audits
AdeptForms shall conduct regular security audits and assessments to ensure compliance with this Agreement and applicable laws. Upon request, AdeptForms shall provide the Customer with a summary of the results of such audits and assessments.
3. Compliance with Laws
3.1 Regulatory Compliance
AdeptForms shall comply with all applicable data protection and privacy laws, including the PDPA, and any other relevant regulations, in the handling and processing of Customer data.
4. Term and Survival
4.1 Term
The obligations of confidentiality and security under this section shall commence on the Effective Date of this Agreement and continue for the duration of the Agreement and for a period of five (5) years thereafter, except for trade secrets, which shall be protected indefinitely.