Confidentiality & Non-Disclosure Agreement
1. Definition of Confidential Information
Confidential Information includes, without limitation:
- Business plans, financial records, and acquisition, expansion, marketing, and other business information and plans
- Customer and prospective customer lists, and details of agreements with customers
- Employee or personnel information (including, but not limited to, personnel, payroll, compensation and benefit data and plans)
- Technical information, software (including source code), inventions, processes, know-how, and trade secrets
- Research and development data
- Computer programs
- Information concerning sources of supply
- Information regarding the identity of Consultants and contractors and work developed by them for the Receiving Party and/or its Affiliates
- Purchasing, operating and other cost data
- Special customer needs, cost and pricing data
- Any custom terms and pricing outside of these Terms that have been uniquely negotiated between the Parties
- Regulated Sensitive Information, meaning any information required by law to be protected, safeguarded, limited access, or otherwise controlled (such as PII for CCPA/GDPR, PHI for HIPAA, and similar regulated data)
- Information that is the subject of meetings and discussions, whether recorded or otherwise
All Work Product and deliverables, and any methodologies or tools used by Company in providing the Services, shall be deemed Company’s Confidential Information. If an Engagement involves a Beneficial Client, any proprietary information of that client disclosed to Company shall be treated as Confidential Information of Prime Contractor.
2. Exclusions from Confidential Information
Confidential Information does not include information that the Recipient can demonstrate:
- (a) Is or becomes generally available to the public through no breach of this Agreement by Recipient, other than as a result of a disclosure by the Receiving Party
- (b) Was already known by or in the possession of Recipient on a non-confidential basis prior to disclosure by Discloser, and without an obligation of confidentiality
- (c) Is independently developed by Recipient without use of or reference to Discloser’s information and without breaching this Agreement
- (d) Is obtained by Recipient from a third party who had the right to disclose it without confidentiality obligation and under no obligation to keep such information confidential
- (e) Does not otherwise qualify for protection as confidential information under applicable law
3. Use and Non-Disclosure Obligations
Recipient shall use Discloser’s Confidential Information solely for the purpose of fulfilling its obligations or exercising its rights under this Agreement, applicable Engagements, and for no other purpose.
Recipient shall not disclose any of Discloser’s Confidential Information to any third party, except to its own, or its affiliates’, employees, officers, agents, or contractors; who have a need to know such information for the permitted purpose and who are bound by confidentiality obligations no less stringent than those herein.
Recipient shall not at any time, directly or indirectly, use, publish, disseminate, describe, or otherwise disclose Confidential Information in any form, to any person or entity without the Discloser’s expressed prior written consent, except as required by applicable law.
4. Safeguarding Responsibilities
Recipient shall protect the confidentiality of Discloser’s information with at least the same degree of care it uses to protect its own confidential information of similar importance, and in no event less than reasonable care. Recipient shall use its reasonable commercial efforts to safeguard Confidential Information of the other Party from access by unauthorized individuals.
Recipient is responsible for any breach of confidentiality by its representatives, employees, officers, agents, or contractors.
5. Personally Identifiable Information Requirements
The Company acknowledges that Client‘s Confidential Information may include Personally Identifiable Information relating to its customers, employees, and other third parties and shall ensure confidentiality. The Company shall comply with all applicable current and future laws relating to data privacy, Personal Information, and data protection. For information about how Company processes Personal Information in its own operations, see our Privacy Policy.
6. Breach Notification
6.1 PII Compromise Notification
In the event that the Company becomes aware, or reasonably suspects, that any Personally Identifiable Information has been compromised in any manner; the Company shall immediately notify Client in writing and provide all requested information about the event.
For purposes of this obligation, “compromise” should be read most liberally to include, without limitation:
- (i) Any unauthorized access to Personally Identifiable Information
- (ii) Any inadvertent disclosure of Personally Identifiable Information to any third party
- (iii) Any known or suspected misuse of Personally Identifiable Information, by any person, even if such person was authorized to access the Personally Identifiable Information
- (iv) Any suspected use of Personally Identifiable Information by any person outside of the scope of that person’s authority, even if such use does not result in harm to the individual data subject
- (v) Any known or suspected loss, alteration or destruction of Personally Identifiable Information other than as required, or permitted, by the Services
6.2 Security Incident Notification
The Company will notify Client immediately in writing of any intrusion or attack that is successful in accessing Client’s Confidential Information or that could reasonably be expected to have a material adverse effect on the Services.
6.3 General Breach Notification
The Receiving Party will immediately notify the Disclosing Party, in writing, in the event of any loss, unauthorized access to, disclosure or use in violation of the Agreement of a Disclosing Party’s Confidential Information known to the Receiving Party. The Receiving Party shall cooperate with the Disclosing Party to remedy such loss and/or unauthorized access to, disclosure or use of such Confidential Information.
7. Compelled Disclosure
If Recipient is required by law, regulation, or court order to disclose any of Discloser’s Confidential Information, Recipient shall, to the extent permitted, promptly notify Discloser in writing and cooperate with Discloser’s efforts to seek a protective order or other appropriate remedy.
If disclosure is still required, Recipient shall disclose only the portion of Confidential Information legally required to be disclosed and shall use commercially reasonable efforts to ensure that such information is afforded confidential treatment.
8. Duration of Obligations
The obligations in this Section commence on the Effective Date, or before, if Confidential Information was disclosed prior to the Effective Date, and continue for the term of the Agreement and thereafter as follows:
- Personally Identifiable Information: Each Party’s obligations shall survive forever.
- Trade Secrets: Any trade secrets, and any source code or other highly sensitive information that qualifies as a trade secret under applicable law, shall be maintained in confidence indefinitely, or for the maximum duration allowed by applicable law.
- Other Confidential Information: Each Party’s obligations shall continue beyond the termination or expiration of this Agreement for the earlier of:
- A period of ten (10) years following the return or destruction of all of the Disclosing Party’s Confidential Information, or
- For so long as such information qualifies as confidential information under applicable law
Notwithstanding termination of this Agreement, each Party’s obligations with respect to Confidential Information received during the term shall survive for the time periods stated herein.
9. Remedies for Breach
Unauthorized use or disclosure of Confidential Information would cause irreparable harm for which monetary damages alone may be inadequate. Each Party therefore agrees that, in the event of any breach or threatened breach of this Section, the Discloser shall be entitled to seek injunctive relief, including temporary restraining orders and preliminary or permanent injunctions, to prevent or restrain such breach, in addition to any other rights and remedies available at law or in equity. Any such relief may be sought without the necessity of posting bond.