Laserfiche WebLink
requirements applicable to the processing of personal data or personal information. Consultant is <br /> acting as a Service Provider/Data Processor in relation to the City's personal data and personal <br /> information, as those terms are defined respectively under the CCPA/GDPR. The City is <br /> responsible for notifying Consultant of any data privacy laws the data provided to Consultant is <br /> subject to and the City represents and warrants it has all necessary authority (including any <br /> legally required consent from data subjects) to transfer such information and authorize <br /> Consultant to process such information in connection with the services described herein. The <br /> City agrees that Consultant has the right to generate aggregated/de-identified data from the <br /> accounting and financial data provided by the City to be used for Consultant business purposes <br /> and with the outputs owned by Consultant. For clarity, Consultant will only disclose <br /> aggregated/de-identified data in a form that does not identify the City, City employees, or any <br /> other individual or business entity and that is stripped of all persistent identifiers. The City is not <br /> responsible for Consultant's use of aggregated/de-identified data. Consultant has established <br /> information security related operational requirements that support the achievement of our <br /> information security commitments, relevant information security related laws and regulations, <br /> and other information security related system requirements. Such requirements are <br /> communicated in Consultant's policies and procedures, system design documentation, and <br /> contracts with customers. Information security policies have been implemented that define our <br /> approach to how systems and data are protected. The City is responsible for providing timely <br /> written notification to Consultant of any additions, changes or removals of access for the City's <br /> personnel to Consultant's provided systems or applications. If the City becomes aware of any <br /> known or suspected information security or privacy related incidents or breaches related to this <br /> agreement, the City should timely notify Consultant via email at <br /> dataprotectionofficerAbakertilly com. <br /> 26. Consultant Entity. Baker Tilly US, LLP is an independent member of Baker Tilly <br /> International. Baker Tilly International Limited is an English company. Baker Tilly International <br /> provides no professional services to clients. Each member firm is a separate and independent <br /> legal entity and each describes itself as such. Baker Tilly US, LLP is not Baker Tilly <br /> International's agent and does not have the authority to bind Baker Tilly International or act on <br /> Baker Tilly International's behalf. None of Baker Tilly International, Baker Tilly US, LLP, nor <br /> any of the other member firms of Baker Tilly International has any liability for each other's acts <br /> or omissions. The name Baker Tilly and its associated logo is used under license from Baker <br /> Tilly International Limited. <br /> THIS AGREEMENT executed the date and year first above written. <br /> CITY OF PLEASANTON CONSULTANT <br /> By: <br /> Gerry Beaudin, City Manager Signature <br /> ATTEST: <br /> Carol Jacobs <br /> Jocelyn Kwong, City Clerk Its: Managing Director <br /> Title <br /> Page 6 of 15 <br />