This Data Security Policy (“Policy”) applies to your (“Customer’s”) use of all Tangram Services (as defined below) offered by Tangram Flex, Inc. (“Tangram”). Tangram may modify this Policy at any time by posting a revised version on the Tangram website or via a banner notification in the Tangram software product, as applicable. If Customer violates this Policy or authorize or help others to do so, Tangram may suspend or terminate Customer’s use of the Tangram Services.
1. Definitions
Capitalized terms used herein shall have the meanings set forth in this Section 1.
A. “Agreement” means the Software License Agreement and any other agreement or contract entered intobetween Tangram and Customer that is governed by or otherwise incorporates this Policy.
B. “Authorized Persons” means Tangram’s employees, contractors, agents, and auditors who have a need to know or otherwise access Personal Information to enable Tangram to perform its obligations under the Agreement, and who are bound by confidentiality and other obligations sufficient to protect Personal Information in accordance with the terms and conditions of the Agreement and this Policy.
C. “Personal Information” means information that Customer provides or for which Customer provides access to Tangram, or information which Tangram creates or obtains on behalf of Customer, in accordance with the Agreement that: (i) directly or indirectly identifies an individual; or (ii) can be used to authenticate an individual. Customer’s business contact information is not by itself Personal Information.
D. “Security Incident” means any act or omission that materially compromises the security, confidentiality, or integrity of Personal Information or the physical, technical, administrative, or organizational safeguards put in place by Tangram (or any Authorized Persons), or by Customer should Tangram have access to Customer’s systems, that relate to the protection of the security, confidentiality, or integrity of Personal Information, or (ii) receipt of a complaint in relation to the privacy and data security practices of Tangram (or any Authorized Persons) or a breach or alleged breach of the Agreement or this Policy relating to such privacy and data security practices.
E. “Tangram Services” means any product, software, and/or service provided by Tangram to Customer under or in connection with any Agreement.
2. Tangram and Customer Obligations
A. Tangram will:
B. Customer will:
3. Information Security
A. Tangram will comply with applicable laws and regulations in its creation, collection, receipt, access, use, storage,disposal, and disclosure of Personal Information.
B. If, in the course of its performance under the Agreement, Tangram has access to or will collect, access, use, store, process, dispose of, or disclose credit, debit, or other payment cardholder information on Customer’s behalf, Tangram will comply with the Payment Card Industry Data Security Standard requirements, as applicable.
4. Security Incident Procedures
A. Tangram will notify Customer of a Security Incident as soon as reasonably practicable after Tangram becomes aware of it.
B. Immediately following Tangram’s notification to Customer of a Security Incident, the parties will coordinate with each other, as necessary, to investigate the Security Incident.
C. Tangram and Customer each agrees that it will not inform any third party of any Security Incident without the other party’s prior consent, other than to inform a complainant that the matter has been forwarded to the other party’s legal counsel.
5. Return or Disposal of Personal Information.
On the termination or expiration of the Agreement, Tangram will securely dispose of all Personal Information in its possession or in the possession of Authorized Persons. If Tangram is not reasonably able to dispose of Personal Information, including, but not limited to, Personal Information stored on backup media, Tangram will continue to protect such Personal Information in accordance with the terms of the Agreement until such time that it can reasonably return or securely dispose of such Personal Information.