The URL can be used to link to this page

2024-110 A By-law to Authorize the Execution of an Agreement between His Majesty the King in Right of Ontario, as represented by the Minister of Transportation and The Corporation of the Township of Oro-Medonte (Agreement #13459)The Corporation of the Township of Oro-Medonte By -Law No. 2024-110 A By-law to Authorize the Execution of an Agreement between His Majesty the King in Right of Ontario, as represented by the Minister of Transportation and The Corporation of the Township of Oro-Medonte (Agreement #13459) c a) tB - w O U coco O co Q N •+ N U o) cv N c CJ O C Oo ( U e= C O O NO U O Q a) 4 U O y o 4-' CII I ca L-o s o U C O 4- 0 U C 0 .U) c) a) C a) Q .E O a) U co a I- U a) a) U 2 a) O U cow L (0 OE CV � •L E E 0 O U U U-D C ca .0 _ (U CC3 LE C yaf O.+ L Q Cn C O I— ._ •— c o •( U Q_ C C O a) (13 -cE U) o � m 0) s .c c -0 C <0 U O U a) L C O It a_ a) U � co cr ro E C Cl) (� oo a) a) co -o c O O a) .— - 2 0 C- Q O - A L C -0 L '� v c - C L Y C -o C U Vo 5 O O Q) L E o o •E C3) i Q OO V O a) •— C C3) cn a) i a) _c — CO L O (U O L C in f6 'C E ° o iT3< >'— O U2 2N L C C U 0 O al Gi X in C O O co - C) c co.0 C O O C O Cn U L cn 0 o -O a) L co .0 -fl. N 3Qi U Uc E C aU ' .c(13 in O U O `_ )COL�2CLO C}i_C + �OO CO LC)a)o OC 0 om CD co rz a L O O4_aC H O x 0 p 'E C +- . t6 co) Cl- 4.- H cn moo oc C)-E-.E-90 O .Z..3 C C ECU n a) -o n C O a) o 0 Q a _O O N �•�"C7 8 79Q cn a) c L a) 2 A. co Cn co co c Y O ° O -a L� L^a' a) cv L c� mOL a) co m a) "C 'C a) c (c , U _cs•`� s �,o .c ifi I—QO oU) ) o -C< E z0 <0 2. This by-law shall take effect on the final passing thereof. This by-law shall take effect on the final passing thereof. 1 O M N CA 'O a) CI) CA R a) E C4 'C C O U a) Co -o N Co O (N 3 L m J O 03 0 The Corporation of the Township of Oro-Medonte 13459 AUTHORIZED REQUESTER AGREEMENT BETWEEN HIS MAJESTY THE KING IN RIGHT OF ONTARIO, as represented by the Minister of Transportation AND THE CORPORATION OF THE TOWNSHIP OF ORO-MEDONTE. Operating As TOWNSHIP OF ORO-MEDONTE - COST RECOVERY FOR FIRE & EMERGENCY SERVICES -1- AUTHORIZED REQUESTER AGREEMENT THIS AGREEMENT made as of the 4th day of October of 2024 (the "Effective Date"). BETWEEN: HIS MAJESTY THE KING in right of Ontario, as represented by the Minister of Transportation ("MTO") - and - THE CORPORATION OF THE TOWNSHIP OF ORO- MEDONTE. Operating as TOWNSHIP OF ORO-MEDONTE - COST RECOVERY FOR FIRE & EMERGENCY SERVICES (the "Requester"). WHEREAS: A. MTO maintains driver and vehicle databases; B. The Requester has submitted to MTO an application (the "Application") to access and use certain information contained in such databases; and C. MTO is prepared to permit the Requester to obtain such access, subject to the provisions of this Agreement. NOW THEREFORE MTO and the Requester agree as follows: ARTICLE 1 DEFINITIONS AND SCHEDULES 1.1 Defmitions. In this Authorized Requester Agreement, unless the context requires a different meaning, the following terms shall have the following meanings: "Agreement" means this agreement entitled "Authorized Requester Agreement", including the attached Schedules, any documents or instruments incorporated by reference in this agreement, and any amendments to any of the foregoing that may be agreed to in writing by MTO and the Requester or that are otherwise provided for in this agreement. "Application" means the application, in the form approved by MTO, submitted by the Requester to become an Authorized Requester. "ARIS" means the Authorized Requester Information System of MTO, which is an electronic system used by MTO to receive Licensed Information Requests from Authorized Requesters, and to send Licensed Information Responses to Authorized Requesters and to maintain client profiles, as such system may be modified by MTO from time to time. "Audit" and similar expressions mean the performance by, or on behalf of MTO, of such audits, reviews, investigations, inspections, confirmations, certifications, tests, studies and determinations of, or relating to, any matter or thing pertaining to this Agreement. "Authorized Premises" means the premises of the Requester at which are located any of the Requester's businesses or operations that relate to, or are involved in, the performance of the Requester's obligations under this Agreement or the exercise of the Requester's rights under this Agreement and which are listed in Part A-2 of Schedule "A". "Authorized Remote Server" means a Remote Server that is described in section 7.11 and listed in Part A-2 of Schedule "A". "Authorized Requester" means any person or other organization to whom MTO has, pursuant to an agreement, granted a non-exclusive, non -assignable and non -transferable licence to access and use the Licensed Information solely for Authorized Use(s). "Authorized Service Provider" means a service provider authorized by MTO to access and use the Licensed Information on behalf of the Requester, and listed in Part A-2 of Schedule "A". -2- "Authorized Service Provider Agreement" means the agreement, listed in Part A-2 of Schedule "A", between MTO and an Authorized Service Provider, under which the latter is authorized by MTO to access and use Licensed Information on behalf of the Requester. "Authorized Staff" means: (a) employees of the Requester, and (b) individual third party contractors (but not corporations, partnerships or other legal entities) engaged by the Requester to perform employee -like functions, who need to access such Licensed Information or Passwords, in order for the Requester to use the Licensed Information for Authorized Use(s) in accordance with this Agreement, and who are listed in Part A-2 of Schedule "A". "Authorized Use" has the meaning set out in Part A-1 of' Schedule "A". "Business Day" means a day other than a Saturday, Sunday or a statutory, civic or public service holiday observed in the Province of Ontario. "Claims" means any claims, demands, actions, causes of action, suits or proceedings against, or damages (including indirect, special, incidental, consequential or punitive damages), losses, liabilities or obligations of MTO, or of MTO's employees, agents or contractors. "Confidential Information" has the meaning set out in section 5.1. "Contractor Security Agreement" means a privacy and confidentiality agreement between the Requester and Authorized Staff who are individual third party contractors engaged by the Requester, in the form attached as Schedule "B-2", as may by modified by MTO from time to time. "Damages" means losses, compensation, damages (including indirect, special, incidental, consequential and punitive damages), expenditures, costs (including reasonable administrative costs and reasonable legal fees and costs), expenses, interest, liabilities, judgements, awards, taxes, fines, penalties, charges and amounts paid in settlement. "Declaration" has the meaning set out in section 9.3. "Delivery Channel" means the method or system by which a Licensed Information Request is transmitted or delivered from the Requester to MTO or by which a Licensed Information Response is transmitted or delivered from MTO to the Requester. "Disclose" means directly or indirectly disclose, provide, distribute, exchange, sell, license, lease, give, make available or permit access to or use of; and "Disclosed", "Disclosing" and "Disclosure" have corresponding meanings. "Effective Date" means the effective date of this Agreement, as set out at the beginning of this Agreement. "Employee Security Statement" means a privacy and confidentiality statement in the form attached as Schedule "B-1", as may be modified by MTO from time to time. "Event of Default" has the meaning set out in section 16.1. "Fees" means those fees set out in Schedule "C". "FOIPPA" means the Freedom of Information and Protection of Privacy Act (Ontario), as amended from time to time. "Government of Ontario" means His Majesty the King in right of Ontario or any ministry, agency, board, commission, department, corporation or other legal entity of or owned by the Government of Ontario. "Grant" has the meaning set out in section 2.1. "Information Security Plan" means the Requester's documented policies, practices and procedures described in section 7.1(d). "Licensed Information" has the meaning set out in Part A-1 of Schedule "A". -3- "Licensed Information Request" means one request for Licensed Information contained in one collection of Licensed Information and pertaining to one driver, which request is in the format stipulated by MTO from time to time, and which request is transmitted or delivered by the Requester to MTO using a Delivery Channel specified in Part A-1 of Schedule "A". "Licensed Information Response" means the Licensed Information (or other response such as "no information available") transmitted or delivered by MTO to the Requester, using a Delivery Channel specified in Part A-1 of Schedule "A", in response to a Licensed Information Request. "Licensed Personal Information" means any Licensed Information that is Personal Information. "Non -disclosure Agreement" means the agreement between the Requester and a Permitted Recipient, as described in Section 5.3(c), which is listed in Part A-2 of Schedule "A". "Password" means any password, key, code or identifier assigned to a user in connection with making Licensed Information Requests or receiving or accessing Licensed Information Responses. "Permitted Recipient" means a third party service provider or supplier who may access Licensed Information in the possession of the Requester in order to perform the Permitted Service(s) identified in a corresponding Non -disclosure Agreement approved by MTO, where access to the Licensed Information is permitted solely to the degree necessary to support the Requester in carrying out the Authorized Use(s). "Permitted Services" has the meaning set out in the Permitted Recipient Non -disclosure Agreement attached in Schedule "E". "Personal Information" means personal information as defined in FOIPPA. "Personal Information Records" means all Records of, or containing, Personal Information that is Processed by the Requester in connection with the performance by the Requester of the Requester's obligations under this Agreement or the exercise by the Requester of the Requester's rights under this Agreement. "PIPEDA" means the Personal Information Protection and Electronic Documents Act (Canada). "Pre -paid Account" has the meaning set out in section 14.2. "Privacy Default" means a breach of: (a) any Privacy Laws; or (b) any of the provisions of this Agreement relating to the Requester's compliance with the Privacy Laws, including Schedule "D"; or (c) any other provision of this Agreement where such breach involves or results in any Processing of (or failure to Process) Persona] Information that is not strictly in accordance with this Agreement. "Privacy Default Protocols" means the Requester's documented policies, practices, and procedures described in section 7.3. "Privacy Laws" means (a) FOIPPA; (b) PIPEDA; and (c) the provisions of any other law from time to time that address any Processing of (or failure to Process) Personal Information. "Process" means directly or indirectly create, access, collect, process, receive, hold, store, retain, use or Disclose; and "Processed" and "Processing" have corresponding meanings. "Records" means the records of the Requester in any format or medium, including any "record" as defined in FOIPPA. "Remote Server" means computerized hosting facilities in Canada where Licensed Information may be delivered, stored, and retrieved in an electronic format by the Requester in accordance with this Agreement. -4- "Supporting Document" means any of the documents which (a) support or verify information contained in the Application (as such information may subsequently have been changed in accordance with section 12.2 (a)); and (b) are listed in Part A-1 of Schedule "A". "Systems" means any computer equipment (including servers and related data-processing equipment), together with associated components, communications (including network communications) and connecting peripherals, hardware and supporting equipment; firmware and other software (including operating system software, utilities software, and applications software), together with supporting documentation and materials; and related services. "Term" means the initial term of this Agreement as provided in section 3.1(a), and any renewal(s) of this Agreement made in accordance with section 3.1(b). "Warranty" means any representation, warranty or condition, express, implied, collateral or statutory. 1.2 Schedules. The following attached Schedules form part of this Agreement: Schedule "A" Schedule "B-1" Schedule "B-2" Schedule "C" Schedule "D" Schedule "E" 2.1 Grant. Specifications (Part A-1 and Part A-2) Employee Security Statement Contractor Security Agreement Fee Schedule Audit, Inspection and Review Permitted Recipient Non -disclosure Agreement ARTICLE 2 GRANT OF LICENSE Subject to the provisions of this Agreement, MTO hereby grants to the Requester a non-exclusive, non -assignable and non -transferable licence (the "Grant") to access and use the Licensed Information solely for the Authorized Use(s). 2.2 Title. The Requester acknowledges and agrees that MTO (or the Government of Ontario) is and shall at all times remain the sole owner of all right, title and interest in the Licensed Information, including all intellectual property rights (such as copyright) and other proprietary rights and trade secrets. Accordingly, the Grant is not, and shall not be deemed to be, a transfer, sale or disposition of any or all of MTO's right, title or interest of any kind in the Licensed Information. 2.3 Changes in Licensed Information. (a) Despite any other provision of this Agreement, the Requester acknowledges and agrees that MTO reserves the right in its absolute discretion to add to, withdraw from, or change the content or structure of, or subject matter covered by, or cease to make available, any or all of the Licensed Information at any time. (b) Upon implementation by MTO of any of the changes contemplated in section 2.3(a) above, all references to "Licensed Information" in this Agreement shall be deemed to be amended to reflect such changes. 2.4 No Guarantees or Warranties. The Requester acknowledges and agrees that MTO does not warrant or guarantee the accuracy of the Licensed Information. -5- ARTICLE 3 TERM 3.1 Term. Subject to the provisions of this Agreement: (a) This Agreement shall be effective on the Effective Date and shall continue in force for an initial term of twelve (12) months. (b) This Agreement shall be automatically renewed for subsequent terms of twelve (12) months each, provided that: (i) neither party provides to the other, at least thirty (30) days before the expiry of the then current term, written notice of that parry's intention not to renew; (ii) if requested by MTO, prior to such renewal the Requester signs the form of authorized requester agreement that MTO then requires to be signed by Authorized Requesters; (iii) the Requester has updated the lists of Authorized Premises, Authorized Remote Servers, Authorized Staff, and Permitted Recipients contained in Part A-2 of Schedule "A" and has reviewed and affirmed such lists in accordance with sections 5.3, 7.13, and 8.1; (iv) the Requester has updated the information contained in the Application and has reviewed and affirmed such information in accordance with section 13.1; and (v) prior to such renewal the Requester has satisfied any other conditions that may be stipulated by MTO for the renewal of the Grant. 3.2 Early Termination. This Agreement shall automatically terminate in the event that MTO ceases to make available any Licensed Information to third parties outside of the Government of Ontario. 3.3 Termination Without Cause. Notwithstanding any other provision of this Agreement, this Agreement may be terminated without liability by either party giving to the other party thirty (30) calendar days prior written notice of termination. ARTICLE 4 AUTHORIZED USES 4.1 Authorized Use(s). The Requester shall access and use the Licensed Information solely for the Authorized Use(s) set out in Part A-1 of Schedule "A". 4.2 Changes to Authorized Use(s). Despite Part A-1 of Schedule "A", the Requester acknowledges and agrees that MTO shall have the right unilaterally to amend or delete any or all of the Authorized Use(s) at any time, effective upon written notice to the Requester setting out the applicable amendment(s) or deletion(s). 4.3 Informed Consent. Despite the Authorized Use(s) set out in Part A-1 of Schedule "A", if required by MTO, the Requester shall, prior to requesting, accessing or using any Licensed Information under this Agreement, obtain the informed consent of the individual to whom the Licensed Information is referable. 4.4 Records of Licensed Information Requests. Initials The Requester shall maintain records that specify the following information in respect of the Licensed Information received in response to each Licensed Information Request: -6- (a) the date of Licensed Information Request; (b) the identifying information used to request the Licensed Information; (c) the business reason for requesting such Licensed Information; (d) supporting documentation associated with the Licensed Information Request which demonstrate how the information used to conduct the Licensed Information Request was obtained (source document) in addition to supporting documentation to demonstrate how the Licensed Information provided by MTO was used in line with the Authorized Use (use document); and (e) the date the Licensed Information was destroyed in accordance with section 7.8. 4.5 Retention of Records. The Requester shall retain the records contemplated in section 4.4 throughout the Term and for three (3) years thereafter. 4.6 Demonstration that Uses Authorized. Upon MTO's request from time to time, the Requester shall reasonably demonstrate that the Requester's use of any particular Licensed Information (as specified by MTO) has been strictly in accordance with this Agreement. For avoidance of doubt, any breach of the requirements of this section 4.6 shall constitute a Privacy Default. 4.7 Data Matching and Data Profiling. (a) Subject to the Authorized Use(s), the Requester shall not develop, or derive for any purpose whatsoever, any other product, work or database in human -readable or machine-readable form or otherwise, that incorporates, modifies, or uses in any manner whatsoever, any Personal Information contained in, obtained from, or generated by the Licensed Information. This section shall not, however, apply with respect to any specific Personal Information which the Requester had in its possession prior to receiving the Licensed Information. (b) Subject to the Authorized Use(s), the Requester shall not place any data which was not obtained under this Agreement, into a database containing Personal Information obtained under this Agreement, other than as first authorized by MTO in writing. 4.8 New Data Streams: Disclosure and Uses. The restrictions described in section 4.7 also apply to new types of data streams and information, including metadata, contained in, obtained from, or generated by the Licensed Information. 4.9 Individuals Not to be Contacted. The Requester shall not use the Licensed Information directly or indirectly to locate or contact any individual to whom the Licensed Information is directly or indirectly referable, other than as expressly stated in the Authorized Use(s). 4.10 Survival For the avoidance of doubt, the obligations of the Requester contained in this Article 4 shall survive the expiry or termination of this Agreement for any reason. -7- ARTICLE 5 CONFIDENTIALITY 5.1 Confidential Information. Subject to sections 5.2, 5.3, 5.4, and 19.1 the Requester shall hold in strict confidence all Licensed Information and any other confidential information or materials of MTO, or of third parties and in the possession or control of MTO, and any information derived from any of the foregoing (collectively, the "Confidential Information"). 5.2 Maintain Confidentiality. Without limitation to section 5.1, and subject to section 19.1, the Requester shall not directly or indirectly: (a) disclose, make available, or provide or permit access to or use of, any Confidential Information for any purpose (other than to its Authorized Staff who need to know such Confidential Information in order to carry out the Requester's business, and who are permitted access to such Confidential Information strictly in accordance with Article 8); (b) reproduce or make copies, or permit any third party to reproduce or make copies, of any Confidential Information, in whole or in part (other than copies of Confidential Information made by the Authorized Staff contemplated in section 5.2 (a) in the normal course of the Requester's business), other than as expressly stated in the Authorized Use(s). 5.3 Disclosure of Licensed Information to Permitted Recipients. (a) Despite section 5.2, but subject to the provisions of sections 5.3 (b), 5.3 (c) and 5.3 (d), the Requester shall have the right to disclose particular Licensed Information (but not Passwords or any other Confidential Information) to Permitted Recipients solely for the Permitted Service(s) specified in Schedule "E" as authorized by MTO. For avoidance of doubt, unless necessary for carrying out the Permitted Service(s) specified in Schedule "E", nothing in this section 5.3 (a) permits the Requester to give a Permitted Recipient general access to the Licensed Information in the Requester's possession or control, nor entitles a Permitted Recipient to make copies of Licensed Information. (b) The Requester shall record (in such form and format as from time to time may be required by MTO) each disclosure to a Permitted Recipient. Such record shall include the particular Licensed Information disclosed, the Permitted Recipient to whom such Licensed Information was disclosed, the business purpose for such disclosure, and the date of disclosure, The Requester shall maintain such records throughout the Term and for a period of three (3) years after the expiry or termination of this Agreement. (c) Prior to making any disclosure to a Permitted Recipient, the Requester shall enter into a privacy and non -disclosure agreement with that Permitted Recipient, in the form set out in Schedule "E", or as specified by MTO in writing from time to time (the "Non -disclosure Agreement"). (d) The Requester shall ensure that each Permitted Recipient fully complies with the Non -disclosure Agreement. The Requester shall be fully liable to MTO for any breach of the Non -disclosure Agreement by a Permitted Recipient, and any such breach shall constitute a breach by the Requester of this Agreement. (e) The Requester shall retain an original copy of each Non -disclosure Agreement from the time it is executed until at least three (3) years after the date the Permitted Recipient who signed that Non -Disclosure Agreement ceases to be a Permitted Recipient. Upon executing a Non -disclosure Agreement with a Permitted Recipient, the Requester shall provide MTO with copies of the executed Non- disclosure Agreement. The Requester shall ensure every Permitted Recipient it enters into a Non -disclosure Agreement with is listed in Part A-2 of Schedule "A". The Requester shall advise MTO in writing within ten (10) days of any change in the list of Permitted Recipients. Initials -8- 5.4 Disclosures Required by Applicable Law. (a) Despite section 5.1, the Requester may, subject to sections 5.4 (b) and 5.4 (c), disclose Confidential Information to the extent required by applicable law. (b) If the Requester becomes compelled by applicable law to disclose Confidential Information, the Requester may only disclose that part of the Confidential Information that it is compelled by applicable law to disclose, and may only disclose such Confidential Information in the manner and to the extent so compelled by applicable law. (c) If the Requester becomes compelled by applicable law to disclose Confidential Information, the Requester shall notify MTO of the disclosure as soon as reasonably possible. 5.5 Survival. For the avoidance of doubt, this Article 5 shall survive the expiry or termination of this Agreement for any reason. ARTICLE 6 PRIVACY LAWS 6.1 Privacy Laws. (a) This Agreement and the rights granted to the Requester under this Agreement are subject to any restrictions, limitations or provisions of any applicable law, including the Privacy Laws or any other legislation or regulations enacted by the Government of Ontario or by the Canadian federal government, whether enacted prior to or after the date of signing this Agreement. (b) Without limiting the generality of section 6.1(a), this Agreement is subject to any provisions of any applicable law that may restrict or limit: (i) the information included in the Licensed Information; or (ii) the information that may be provided in response to a Licensed Information Request. 6.2 Requester Compliance. The Requester represents and warrants that it is, and at all times throughout the Term will remain, in full compliance with all applicable laws (including the Privacy Laws) relating to its Processing of Licensed Personal Information pursuant to this Agreement. Without limiting the generality of the foregoing, the Requester shall comply with any written instructions or directions from MTO from time to time concerning Licensed Personal Information or Personal Information Records (including the Processing of such Licensed Personal Information or Personal Information Records). 6.3 Survival For the avoidance of doubt, this Article 6 shall survive the expiry or termination of this Agreement for any reason. ARTICLE 7 PROTECTION OF CONFIDENTIAL INFORMATION 7.1 Security of Confidential Information. The Requester shall maintain the security and integrity of the Confidential Information. Without limitation to the foregoing, the Requester shall: (a) keep all copies or partial copies of the Confidential Information in a physically secure location to which access is restricted; Initials (b) ensure that access to any Confidential Information stored on a computer is Password -protected and that the Passwords are treated as Confidential Information in accordance with section 7.5 and are changed on a frequent basis; -9- (c) establish reasonable and appropriate Systems, methods and procedures to control the transmission and/or delivery of Licensed Information both internally and externally, and shall ensure that such transmission and/or delivery is conducted in a manner which protects the security of the Licensed Information to the absolute satisfaction of MTO; (d) comply with the security provisions and standards set out in Part A-1 of Schedule "A" in addition to creating, implementing and providing MTO a copy of an Information Security Plan which: (e) (i) identifies business processes which prevent or mitigate, detect and respond to the risk of a Privacy Default occurring; (ii) includes a copy of the Requester's Privacy Default Protocols as described in section 7.3; (iii) includes a business continuity plan which outlines actions to be taken by the Requester to mitigate the risk of a Privacy Default during an unforeseen disruption of the normal course of the Requester's activities and operations; (iv) includes requirements for the periodic review of the Information Security Plan by the Requester; and (v) includes details of the implementation of the Information Security Plan; and comply with such security requirements as are from time to time specified by MTO. 7.2 Upon Discovery of Privacy Default. Upon becoming aware that a Privacy Default has occurred, the Requester shall ensure: (a) the Privacy Default is contained and assessed; (b) MTO is notified in writing immediately that a Privacy Default has occurred; (c) the cause or causes of the Privacy Default are investigated in a manner commensurate with the nature and severity of the Privacy Default; and (d) corrective and remedial action is taken pursuant to the investigation to prevent further breaches and address related matters. 7.3 Privacy Default Protocols. (a) The Requester shall create, implement and document Privacy Default Protocols which shall include such terms as are deemed sufficient, in the opinion of MTO, to properly define a detailed series of actions to be taken by the Requester upon suspicion or discovery that a Privacy Default has occurred. Such Privacy Default Protocols at a minimum must: (i) include a series of steps which must be taken by the Requester and their authorized staff to mitigate any Privacy Default; (ii) include a clear process for investigating, documenting, and verifying the circumstances prior to, during, and after the Privacy Default; (iii) require the Requester and the Authorized Staff to compile information accumulated in section 7.3(a)(ii) into a final incident report which must be retained for a period of at least three (3) years after the termination of this Agreement; (iv) establish a clear escalation process which identifies specific individuals responsible for identifying, investigating, responding to, and mitigating a Privacy Default; and (v) include any other requirements as specified by MTO, from time to time. (b) The Requester shall provide MTO a current copy of its Privacy Default Protocols in accordance with section 7.1(d). -10- 7.4 Security Products. The Requester shall be responsible for the selection, implementation and maintenance of appropriate security products, tools and procedures sufficient to meet MTO's requirements for protecting the Confidential Information from improper access, loss, alteration or destruction, including Confidential Information disclosed or used by a Permitted Recipient or third party engaged to provide Authorized Remote Server services. The Requester shall be responsible for establishing, monitoring and testing the Requester's own security products, tools and procedures to ensure their adequacy. 7.5 Password Protection. (a) Deemed to be Confidential Information. Any Passwords shall be deemed to be Confidential Information for the purposes of this Agreement. (b) No Disclosure to Third Parties. For the avoidance of doubt, the Requester shall not disclose any Passwords to, or permit any access to, or use of, any Passwords by any third party, provided that nothing in this section shall prevent the Requester from disclosing Passwords to its Authorized Staff who: (i) need to know such Passwords in order for the Requester to obtain and use the Licensed Information for Authorized Use(s), and (ii) are authorized to access to such Passwords strictly in accordance with Article 8. 7.6 Restricted Access. Subject to section 19.1, the Requester shall at all times restrict access to the Confidential Information solely to Authorized Staff, in accordance with the requirements set out in this Agreement. The Requester shall be responsible to MTO for any unauthorized access to Confidential Information resulting from the Requester's failure to meet the Requester's obligations in this Agreement (including this section). 7.7 No Exposure. Subject to the Authorized Use(s) set out in Part A-1 of Schedule "A", and without limiting the generality of the restrictions or obligations placed upon the Requester in Articles 4, 5, 6 and 7, no Confidential Information shall be exposed or placed so that it can be viewed by the public and/or any non -authorized persons. 7.8 Destruction of Confidential Information. (a) Subject to sections 7.8(b), 7.8(c) and 7.8(d), the Requester shall destroy all copies of Confidential Information in its possession or control, upon or before the earlier of: (b) (i) the expiration or termination of this Agreement for any reason; (ii) thirty (30) days following completion or fulfilment of the applicable Authorized Use(s) as set out in Part A-1 of Schedule "A"; or (iii) the third Business Day after the date of suspension, cancellation or voluntary cancellation of any or all of the Requester's accounts with MTO, or any or all of the Requester's rights or privileges under this Agreement. Despite section 7.8(a), if this Agreement expires and no Event of Default has occurred and then remains outstanding, the Requester shall not be required to destroy the Confidential Information and records referred to in that section for so long as there remains in full force and effect a separate written agreement entered into by the Requester with MTO under which the Requester is authorized to possess and use that Confidential Information and those records for the purposes for which they are then being possessed and used by the Requester. (c) Despite section 7.8(a), the Requester shall not be required to destroy the Confidential Information and records referred to in that section to the extent (if any) that: (i) the Confidential Information was also separately obtained by the Requester from a third party that was not at that time under any obligation to keep such Confidential Information confidential; or -11- (ii) the Confidential Information pertains to an individual who has consented to having the Requester keep that Confidential Information (provided that such consent is given in accordance with, and in any manner or form required by, applicable law), or (iii) the Requester is required by applicable law to retain for any period of time any of the Confidential Information. The Requester shall be permitted to retain such of that Confidential Information or those records, in such form and for such period of time, as is so required by applicable law, subject to the Requester's confidentiality, non -disclosure and security obligations in this Agreement (including all of the Requester's obligations in Articles 4, 5, 6 and 7). (d) The Requester shall ensure that promptly upon the occurrence of the events described in sections 7.8(a)(i) or 7.8(a)(iii), all Permitted Recipients destroy all copies of Confidential Information in their possession or control. The Requester shall be fully liable to MTO for any failure by a Permitted Recipient to fulfil the requirements contemplated by this section 7.8(d), and any such failure shall constitute a breach by the Requester of this Agreement. The Requester agrees to indemnify and hold harmless MTO from and against any Damages that occur as a result of any such failure. (e) For the avoidance of doubt, nothing in this section 7.8 shall limit or release the Requester from the security, confidentiality and non -disclosure provisions of this Agreement, which provisions shall survive any termination or expiration of this Agreement and shall remain in full force and effect until such time as they are satisfied or by their nature expire. 7.9 Retention of Licensed Information Within Canada. Subject to sections 7.10 and 7.11, the Requester shall ensure that: (a) no Licensed Information Requests will be made, and (b) no Licensed Information Responses or Licensed Information will be received, transmitted, stored or retained by the Requester or on behalf of the Requester outside Canada for any time period, no matter how short. 7.10 [Section Intentionally Omitted]. 7.11 Authorized Remote Servers. (a) Notwithstanding section 7.9, the Requester may, with respect to its access to Licensed Information, utilize the services of a Remote Server in the manner approved by MTO provided that: (i) if the Remote Server belongs to the Requester, the Requester has advised MTO of the existence of the Remote Server and the Requester has advised MTO that the Remote Server is located in Canada and complied with any security requirements specified by MTO from time to time; (ii) if the Remote Server is provided by a third party, the Requester has: (A) entered into a written agreement with the third party providing the Remote Server, the terms of which, in the opinion of MTO, do not conflict with this Agreement and are sufficient to guarantee the privacy and security of Licensed Information while in the hands of the third party, including without limitation audit - 12 - rights of the Requester and industry -standard or higher encryption of the Licensed Information; (B) supplied to MTO the name of the third party providing the Remote Server and advised MTO that the Remote Server is located in Canada; and (C) demonstrated to MTO that it is in compliance with any security requirements specified by MTO from time to time. (b) The Requester shall, upon request, provide MTO with the results of any audits undertaken under the agreement described in section 7.11(a)(ii)(A). 7.12 Authorized Premises. The Requester shall ensure that Licensed Information Responses are received, stored and retained only in the Authorized Premises and that all of the security and confidentiality obligations of this Article 7 are met in all Authorized Premises. 7.13 Authorized Premises and Remote Servers Listed in Part A-2 of Schedule "A". The Requester covenants and warrants that all Authorized Premises and Authorized Remote Servers as of the Effective Date have been listed in Part A-2 of Schedule "A". The Requester shall, within ten (10) days of any change in the lists of Authorized Premises and/or Authorized Remote Servers, advise MTO of such change in writing or other format acceptable to MTO. ARTICLE 8 AUTHORIZED STAFF 8.1 Authorized Staff Listed in Part A-2 of Schedule "A". The Requester covenants and warrants that all Authorized Staff as of the date of this Agreement have been listed in Part A-2 of Schedule "A". The Requester shall, within ten (10) days of any change in the list of Authorized Staff, advise MTO of such change in writing or other format acceptable to MTO. MTO reserves the right in its absolute discretion: (a) to reject any employee or contractor of the Requester as an Authorized Staff member; (b) to prohibit an Authorized Staff member from accessing any Licensed Information; and (c) to require the Requester to adhere to any process or procedure specified by MTO from time to time with respect to the selection and designation of Authorized Staff members. 8.2 Employee Training, Security Statements and Contractor Security Agreements. The Requester shall require all Authorized Staff: (a) when and as required by MTO, to take such training in the handling and protection of the Licensed Information as is made available to the Requester by MTO; (b) who are Requester employees, to enter into and comply with the Employee Security Statement; and (c) who are individual third party contractors engaged by the Requester, to enter into and comply with the Contractor Security Agreement. 8.3 Authorized Staff Compliance. The Requester shall be solely responsible for ensuring that its Authorized Staff fully comply with the Requester's confidentiality and security obligations contained in this Agreement. Without limiting the generality of the foregoing, or of section 8.2, the Requester shall be solely responsible for ensuring full compliance with the Employee Security Statement and Contractor Security Agreement by Authorized Staff. The Requester shall indemnify and hold harmless MTO from and - 13 - against any Damages that occur as a result of any non-compliance with the Employee Security Statement or Contractor Security Agreement by such Authorized Staff. 8.4 Retention of Original Copies. The Requester shall retain an original copy of each Employee Security Statement and Contractor Security Agreement from the time it is executed until at least three (3) years after the date the Authorized Staff who signed that Employee Security Statement or the Contractor Security Agreement (as the case may be) ceases to be an employee or contractor of the Requester. Upon MTO's request from time to time, the Requester shall provide MTO with copies of all executed Employee Security Statements and Contractor Security Agreements. ARTICLE 9 AUDIT AND ANNUAL DECLARATIONS 9.1 Audit of Requester. The Requester shall accommodate Audits of the Requester in accordance with the provisions of Schedule "D" and shall comply with requests by MTO for reasonable assistance with any audits carried out by MTO of any applicable Authorized Service Providers. For the avoidance of doubt, this section 9.1 and Schedule "D" shall survive the expiry or termination of this Agreement for any reason. 9.2 Audit of Permitted Recipients The Requester shall ensure that each Permitted Recipient accommodates Audits of that Permitted Recipient in accordance with the provisions of Schedule "D" (as if that Permitted Recipient were the "Requester" as specified in Schedule "D"), and that such Permitted Recipient fully co- operates with and assists MTO in carrying out such Audits in accordance with such provisions. The Requester shall be fully liable to MTO for any failure by a Permitted Recipient to fulfil the requirements contemplated by this section 9.2, and any such failure shall constitute a breach by the Requester of this Agreement. The Requester agrees to indemnify and hold harmless the MTO from and against any Damages that occur as a result of any such failure. 9.3 Annual Declaration. Prior to the expiry of each current Term, the Requester shall complete, sign and submit to MTO a declaration (the "Declaration") relating to the Requester's compliance with the obligations under this Agreement during the previous twelve (12) months. The Declaration shall be in such form and format as may be specified by MTO from time to time, and shall be executed by such officer of the Requester, or other responsible person, as may be specified by MTO in the form of the Declaration. ARTICLE 10 INFORMATION TRANSMISSION 10.1 "As Requested" Basis. Licensed Information shall be provided by MTO to the Requester through the Delivery Channels and on an "as requested" basis in response to Licensed Information Requests, all in accordance with the procedures specified by MTO from time to time. The Requester acknowledges that MTO does not guarantee that it will transmit or deliver Licensed Information within a stipulated time after receipt of the applicable Licensed Information Request. 10.2 Incomplete, Inaccurate or Corrupted Documents. (a) If MTO reasonably suspects that a Licensed Information Request was incompletely or inaccurately transmitted, or corrupted in transmission, or not intended for MTO, MTO shall so notify the Requester. MTO shall not respond to such Licensed Information Request until MTO has received confirmation from the Requester of the validity and completeness of the Licensed Information Request. (b) If the Requester reasonably suspects that a Licensed Information Response was incompletely or inaccurately transmitted, or corrupted in transmission, or not intended for the Requester, the Requester shall so notify MTO. The Requester shall not rely upon any information until the Requester has received confirmation Initials -14- from MTO of the validity and completeness of the Licensed Information Response. If requested by MTO, the Requester shall return or destroy an invalid or incomplete Licensed Information Response. 10.3 Deemed Authorization. The Requester shall establish reasonable and appropriate Systems, methods and procedures to control the transmission or delivery of Licensed Information Requests and the receipt of Licensed Information Responses. Subject to section 10.2, each Licensed Information Request sent by the Requester to MTO under this Agreement shall be deemed to have been duly authorized by the Requester and shall be binding upon the Requester, unless the Requester otherwise notifies MTO before MTO responds to or makes any use of that Licensed Information Request. ARTICLE 11 AUTHORIZED REQUESTER INFORMATION SYSTEM 11.1 Electronic Requests. If the intemet has been included as a Delivery Channel in Part A-1 of Schedule "A", MTO will accept Licensed Information Requests, and will provide Licensed Information Responses in accordance with specifications set out in Part A-1 of Schedule "A" utilizing ARIS. 11.2 Password Assignment. (a) The Requester shall, in writing or other format acceptable to MTO, advise MTO of those members of the Authorized Staff whom the Requester wishes to have access to ARTS. (b) MTO, at its discretion, shall assign user identification and passwords to members of the Authorized Staff in accordance with security policies and procedures of MTO. Notwithstanding the foregoing, MTO reserves the right not to issue user identification or a password to any individual or individuals regardless of their designation as Authorized Staff. (c) The Requester shall ensure that only Authorized Staff who log onto ARIS using the user identification and password assigned to them by MTO (as such password may be changed from time to time) can gain access to the Passwords or make Licensed Information Requests or receive Licensed Information Responses through ARIS. 11.3 Requester Equipment In order to access Licensed Information utilizing ARIS, the Requester shall obtain, install and test, at the Requester's own expense, the following computer equipment, software and services, with the following minimum specifications: an Internet capable computer; a Web Browser software updated to the most current supported version available (which is compatible with ARIS); and the Requester's own intemet service account with an intemet service provider. The Requester acknowledges and agrees that MTO shall have no responsibility for providing installation, technical support, or maintenance, for any of the Requester's own Systems, and/or third -party software required to access and use ARIS. ARTICLE 12 APPLICATION INFORMATION 12.1 Warranty. The Requester represents and warrants that all information contained in the Application is true, correct and complete as of the date of the Application. -15- 12.2 Updates. (a) Within ten (10) Business Days after the occurrence of any change in any of the information contained in the Application, or any change to any of the information previously provided pursuant to this section 12.2 (a), the Requester shall notify MTO (in writing or other format acceptable to MTO) of such change. (b) Prior to the expiry of any of the Supporting Documents, and no later than ten (10) days after the date of an amendment to any of the Supporting Documents, the Requester shall provide MTO with a copy of the replacement Supporting Document, or of the amended Supporting Document, as the case may be. Upon the request of MTO, the Requester shall provide MTO with an original or certified copy of any Supporting Document. MTO reserves the right, upon notice to the Requester, to add additional documents to the list of Supporting Documents contained in Part A-1 of Schedule "A". ARTICLE 13 REVIEW AND RE —VERIFICATION 13.1 Review and Re -Verification Annually and as Required by MTO. At least thirty (30) days prior to the expiry of each current Term, and at such other times during each Term as may be required by MTO, the Requester will review and re -verify (in such form and format as may be specified by MTO from time to time) the information contained in the Application, as such information may subsequently have been changed in accordance with section 12.2 (a). ARTICLE 14 FEES 14.1 Fee Schedule. The Requester shall pay the Fees set out in the attached Schedule "C", for obtaining Licensed Information from MTO under this Agreement. 14.2 Pre -paid Account. The provisions of this section 14.2 shall be applicable if the Requester has indicated in Part A-1 of Schedule "A" that the Requester wishes to establish a pre -paid account (a "Pre -paid Account") from which MTO may debit all amounts owing from time to time under this Agreement, or if the Requester is authorized under Part A-1 of Schedule "A" to obtain Licensed Information over the telephone or through the intemet utilizing ARIS. (a) The Requester shall complete and sign such document(s) as may be required to allow MTO to debit the Pre -paid Account. (b) The Requester acknowledges and agrees that MTO may only process a Licensed Information Request where the amount remaining in the Pre -paid Account at the time of the Licensed Information Request is sufficient to cover all of the Fees payable for such Licensed Information Request. (c) The parties acknowledge and agree that the monies in the Pre -paid Account from time to time will not be designated, earmarked or credited in favour of any Licensed Information Request. Accordingly, at the time MTO receives a Licensed Information Request, so long as the balance in the Pre -paid Account is sufficient to cover the Fees payable for that Licensed Information Request, MTO may debit the Pre -paid Account by the amount of those Fees. (d) Upon the expiration or termination of this Agreement for any reason, MTO shall release to the Requester any balance remaining in the Pre -paid Account after debiting from the Pre -paid Account all Fees and other amounts owed by the Requester to MTO under this Agreement. Initials -16- 14.3 Remittance of Fees. (a) The Requester shall remit all Fee payments under section 14.1 to MTO at the following address: (b) Ministry of Transportation, Business Information Services Unit RM 178 87 Sir William Hearst Avenue Toronto ON M3M 0B4 Fee payments shall include agreement/account numbers, and may be made by cheque, money order or online payment methods approved by MTO in its sole discretion and which are subject to change from time to time. ARTICLE 15 INDEMNITY AND LIMITATION OF LIABILITY 15.1 Indemnity. The Requester agrees to defend, indemnify and hold harmless the Govemment of Ontario and its officers, employees, agents or contractors, from and against any and all Claims and Damages that may occur, by reason of: (a) any breach or deemed breach of this Agreement by the Requester; or (b) any non-compliance with Employee Security Statements or Contractor Security Agreements by any of the Authorized Staff; or (c) any non-compliance with Non -disclosure Agreements by any Permitted Recipient; or (d) any non-compliance with Authorized Service Provider Agreements by any Authorized Service Provider; or (e) any negligent, improper, or unauthorized use or dissemination of Confidential Information by the directors, officers, partners, employees, contractors (including Authorized Staff) or agents of: (f) (i) the Requester, (ii) Authorized Service Providers, (iii) Permitted Recipients, or (iv) by a third party providing an Authorized Remote Server; or inaccurate or out-of-date information contained in Licensed Information furnished to the Requester by MTO. 15.2 Limitation of Liability. (a) The Government of Ontario makes no Warranties with respect to the Licensed Information, including any Warranties that any Licensed Information (or any information contained in the Licensed Information) will be accurate, complete or up-to-date, or free of errors or omissions, in whole or in part, or that any Licensed Information will be fit for any purpose. (b) THE GOVERNMENT OF ONTARIO SHALL HAVE NO LIABILITY OF ANY KIND TO THE REQUESTER UNDER ANY LEGAL THEORY (INCLUDING NEGLIGENCE, PRODUCT LIABILITY, OR BREACH OF CONTRACT WHETHER OR NOT A FUNDAMENTAL BREACH OR BREACH OF A FUNDAMENTAL TERM). THIS LIMITATION OF LIABILITY IS INTENDED TO BE, AND WILL BE CONSIDERED TO BE, EXHAUSTIVE IN SCOPE, AND THE REQUESTER ACKNOWLEDGES THAT THIS IS THE ONLY BASIS ON WHICH MTO HAS APPROVED THE APPLICATION AND ENTERED INTO THIS AGREEMENT WITH THE REQUESTER. -17- (c) WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, IN NO EVENT WILL THE GOVERNMENT OF ONTARIO BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL OR PUNITIVE DAMAGES OR LOSSES, INCLUDING LOST PROFITS, EVEN IF THE GOVERNMENT OF ONTARIO HAS KNOWLEDGE OF THE POTENTIAL DAMAGES OR LOSSES. (d) In no event will the Government of Ontario be liable for any Damages or Claims, including any Claims for loss of profits or other incidental or consequential damages, arising out of the use of, or inability to use or access, any Licensed Information, or delays by MTO, or from failure to supply Licensed Information, or from inaccurate, incomplete or out-of-date information contained in any Licensed Information. (e) The Requester releases and forever discharges the Government of Ontario (and the Government of Ontario's officers, employees, agents and contractors) from any Claims relating to any Warranties contemplated in section 15.2(a), from any liability contemplated in sections 15.2(b) and 15.2(c) and from any Damages or Claims contemplated in section 15.2(d). 15.3 Survival The provisions of this Article 15 shall survive the expiry or termination of this Agreement for any reason. ARTICLE 16 DEFAULT AND REMEDIES 16.1 Events of Default. "Events of Default" shall include any one or more of the following: (a) the Requester becomes bankrupt or insolvent, goes into receivership, or takes the benefit of any statute from time to time in force relating to bankrupt or insolvent debtors; (b) if the Requester is a corporation, an order is made or resolution passed for the winding up of the Requester, or the Requester is dissolved; (c) the Requester ceases to carry on business in the normal course; (d) the Requester has submitted false or misleading information to MTO (including false or misleading information in the Application) or makes a false representation in this Agreement or the Application; (e) the Requester has failed to update the information contained in the Application or has failed to review and re -verify such information in accordance with sections 12.2 and 13.1; (f) there is a material degradation in the security measures (including security products, tools or procedures) that the Requester has in place to protect the Licensed Information from improper access, loss, alteration or destruction; (g) the Requester commits a Privacy Default and such Privacy Default is not curable or such Privacy Default is curable but the Requester fails to meet its obligations under section 7.2, or, if the Requester receives notice of a Privacy Default from MTO, it fails to cure the Privacy Default within twenty-four (24) hours of receiving such notice; (h) the Requester fails to make any payment as required under this Agreement, or if payment is in the form of a cheque or other negotiable instrument, such payment is rejected for insufficient funds; (i) the Requester fails to meet any other term or condition of this Agreement (excluding any other default expressly referred to in this section 16.1) and such default is not curable or such default is curable but the Requester fails to cure it within ten (10) days of receiving notice of such default from MTO; or (j) the Requester is, or is deemed to be, in default under any other agreement(s) with MTO relating to access or use of any Confidential Information. -18- 16.2 Remedies. (a) Upon the occurrence of an Event of Default, MTO shall have the right, effective immediately without notice, to: (i) terminate this Agreement; (ii) suspend or cancel any or all of the Requester's accounts with MTO; (iii) suspend or cancel any or all of the rights or privileges of the Requester under this Agreement; and/or (b) (iv) suspend or cancel any or all of the Passwords issued by MTO to the Requester. MTO may also pursue any appropriate administrative, civil and/or criminal remedies for default of any of the provisions of this Agreement. 16.3 Notification of Event of Default. The Requester shall notify MTO in writing immediately upon becoming aware that an Event of Default has occurred, or that any other provisions of this Agreement have been breached, but this section 16.3 shall not apply if the Event of Default is a Privacy Default and the Requester has complied with its obligations under section 7.2. ARTICLE 17 AMENDMENTS TO THE AGREEMENT 17.1 Amendments. The Requester acknowledges and agrees that MTO shall have the right unilaterally to amend this Agreement from time to time. Such amendments shall become effective upon the Requester's receipt of written notice of such amendments (or at any later time specified in such notice). Amendments made by MTO to the Fees set out in Schedule "C" shall become effective immediately. 17.2 Termination. If the Requester receives a notice of any amendments under section 17.1, the Requester shall have the right to terminate this Agreement effective upon written notice to MTO. ARTICLE 18 PROMOTIONAL MATERIAL 18.1 Accuracy. Any promotional or informational material disseminated by the Requester in connection with the Licensed Information or access to the Licensed Information shall be accurate and shall be consistent with the terms and provisions of this Agreement, and shall contain only factual statements relating to the Licensed Information and the purpose and conditions of access as set forth in this Agreement. For the avoidance of doubt, nothing in this section 18.1 shall be deemed to limit or release the Requester from any of the confidentiality, security or privacy provisions of this Agreement. 18.2 MTO Trade -Marks and Logo Neither MTO's name nor any MTO trade -mark or logo may be used by the Requester without the prior written consent of MTO. ARTICLE 19 AUTHORIZED SERVICE PROVIDERS 19.1 Authorized Service Provider. Where a person has entered into an Authorized Service Provider Agreement with MTO to become an Authorized Service Provider and provide services in relation to the Licensed Information on -19- behalf of the Requester, the Requester may use the Authorized Service Provider to make Licensed Information Requests and receive Licensed Information Responses, provided that: (a) the Requester has notified MTO of its intention to retain the services of the Authorized Service Provider; and (b) the Authorized Service Provider is engaged also in carrying out all, some or part of the Authorized Use(s). 19.2 Records of Licensed Information Requests. In addition to the records contemplated under section 4.4 of this Agreement, the Requester shall ensure the Authorized Service Provider also maintains such records in relation to Licensed Information Requests made and Licensed Information Responses received on behalf of the Requester. 19.3 Authorized Service Provider Default. The Requester shall advise MTO of any incident involving the Authorized Service Provider that, had it occurred under this Agreement, would be an Event of Default. The Requester acknowledges that in the event MTO exercises a remedy against the Authorized Service Provider for any default under the Authorized Service Provider Agreement, MTO shall have the right to exercise any of the remedies under section 16.2 against the Requester, as if an Event of Default had occurred under this Agreement. 19.4 Termination of Authorized Service Provider Agreement. If the Requester has engaged an Authorized Service Provider, and the Authorized Service Provider Agreement is terminated for any reason, MTO may in its sole discretion terminate this Agreement immediately upon notice to the Requester. 19.5 Cessation of Authorized Services. Where the Requester uses the services of an Authorized Service Provider, and the Authorized Service Provider for any reason ceases providing the services to the Requester, the Requester shall notify MTO as soon as possible after the cessation. Upon the cessation of such services, MTO may, in its sole discretion, terminate the Agreement. 20.1 Force Majeure. ARTICLE 20 GENERAL PROVISIONS Neither party shall be liable for delay or failure in performance resulting from acts beyond the control of that party, including acts of God, acts of war, fires, floods or other disasters, strikes, walkouts, lockouts, communication line or power failure, or failure, inoperability or destruction of computer hardware, software or firmware (unless caused by the negligence of that party), or any negligence, wilful misconduct or breach of this Agreement by the other party. 20.2 Non -Assignability. The Requester may not assign or transfer this Agreement, or any right under this Agreement, either in whole or in part. Subject to this restriction, this Agreement shall enure to the benefit of, and bind, the parties and their respective successors and assigns. 20.3 Notices. (a) Any notification or other communication to be given under the provisions of this Agreement shall be in writing and shall be given by personal delivery, or sent by electronic facsimile, or mailed by a prepaid registered mail or delivered by courier service. Subject to change by either party with written notice in accordance with this section 20.3, notices shall be addressed in accordance with the addresses set out in Part A-2 of Schedule "A". (b) Notices shall be deemed to have been effectively given on the date of personal delivery, the date of electronic facsimile transmission or the date of delivery by courier service, or in the case of service by registered mail five (5) days after the date of mailing. -20- 20.4 Waiver. Failure of MTO to complain of any act or failure to act of the Requester, or to declare the Requester in default, shall not constitute a waiver by MTO of its rights under this Agreement. No waiver of any rights under this Agreement shall be effective unless in writing, duly executed by MTO. 20.5 Entire Agreement. This Agreement constitutes the entire agreement and understanding of the parties relating to the subject matter of this Agreement and supersedes all prior understandings, discussions, negotiations, commitments, Warranties and agreements, written or oral, express or implied, between them. Notwithstanding the foregoing, this section 20.5 shall not serve to terminate or cancel any outstanding liability or payment arising out of any prior agreements or arrangements of the parties with respect to access to, and use of, the Licensed Information. Except as expressly provided in this Agreement and subject to section 17.1, this Agreement may be amended or modified only by an instrument in writing executed by each of the parties. 20.6 Survival of Provisions. Obligations under this Agreement which expressly or by their nature survive the termination or expiry of the Term will continue in force subsequent to, and in spite of, such termination or expiry until they are satisfied or by their nature expire. 20.7 Electronic Documents and Signatures. Where a requirement in this Agreement is to be carried out in writing, the writing, including the signature, may be in an electronic format, subject to the approval of MTO. 20.8 Governing Law. This Agreement shall be deemed to have been formed in the Province of Ontario and shall be governed by the laws in force in Ontario (and the laws of Canada applicable in Ontario). Each party irrevocably submits to the exclusive jurisdiction of the courts of the Province of Ontario with respect to any matter arising under, or related to, this Agreement. 20.9 French Language Clause (Quebec). The parties hereto confirm that it is their wish that this Agreement as well as other documents relating hereto, including notices, have been and shall be drawn up in the English language only. Les parties aux presentes confirment leur volont6 que cette convention de meme que tous les documents, y compris tous avis, s'y rattachant, soient rediges en langue anglaise seulement. 20.10 Interpretation. (a) Headings are not to be considered part of this Agreement, and are included solely for convenience and are not intended to be full or accurate descriptions of the content of the paragraph. (b) In this Agreement, words importing the singular number include the plural and vice versa, words importing the masculine gender include the feminine and neuter genders; words importing persons include individuals, sole proprietors, corporations, partnerships, trust and unincorporated associations. (c) Unless specified otherwise in this Agreement, a reference in this Agreement to a statute refers to that statute as in force at the Effective Date and as the same may be amended, re-enacted, consolidated and/or replaced from time to time, and any successor statute. A reference to a statute shall be deemed to include any regulations made under that statute. (d) For purposes of this Agreement, unless otherwise provided in this Agreement, a period of days or Business Days shall be deemed to: (i) begin on the first day after the event that began that period, and (ii) end at 5:00 p.m. (Eastern Standard Time or Eastern Daylight Savings Time, as the case may be) on the last day or Business Day, as the case may be, of that period. (e) In this Agreement the words "include", "includes" or "including" mean "include without limitation", "includes without limitation" and "including without limitation", respectively, and the words following `include", "includes" or "including" shall not be considered to set forth an exhaustive list. - 21 - (f) In this Agreement a reference to a thing that is listed or set out in Schedule "A" includes, where applicable, things listed or set out in the Requester's client profile in ARIS. IN WITNESS WHEREOF, each of the parties have executed and delivered this Agreement as of the date first above written. HIS MAJESTY THE KING in right of Ontario, as represented by the Minister of Transportation For: Patty Wafters, Director, Driver and Vehicle Services Branch By: Mario Hettiarachchi Senior Manager, Information Services Office Oct 24, 2024 Date: REQUESTER: � , H By: Print Name: Ms. Janette Teeter Title: Deputy Clerk Oci 24. 2024 Date: I have the authority to bind the organization. - 1 - SCHEDULE "A" SPECIFICATIONS Part A-1 A. Licensed Information: CRCCRC - Certified Collision Report - Cost Recovery PLT004 - Plate/VIN by Date Abstract with Address CRUCRC - Collision Report - Cost Recovery Any other Licensed Information not listed or set out in this section may be viewed via the ARIS profile. B. Authorized Use(s): In accordance with the terms and conditions of this Agreement as well as subsection 4.2 (2) (a) of the Highway Traffic Act, R.S.O. 1990, C. H. 8, as may be amended from time to time, the Authorized Use(s) is as identified by immediately below. AU15 - Government use for program delivery where authorized by statute. Per By -Law No. 2024-038, Schedule C - Fire & Emergency Services Any other Authorized Use(s) not listed or set out in this section may be viewed via the ARIS profile. -2- C. Delivery Channels: (a) For Licensed Information Requests: Internet (b) For Licensed Information Responses: Internet D. List of Supporting Documents: Security Statement, 9999-12-31 Reference to Legislation/By-Laws, 9999-12-31 Authorized Application Signor Data & Signature, 9999-12-31 Any other Supporting Document(s) not listed or set out in this section may be viewed via the ARTS profile. E. Prepaid Account: Yes No ❑ F. Security Provisions and Standards: Building and Office Security - Building has locks, Monitored alarm system, Office has locks, Restricted client areas, Locked filing cabinets. Computer Security - Password Protected, Inactivity time out, Anti -Virus, Firewall Security, Remote access to computer on files, Multi Authentication process, hard copies locked in a filing cabinet or safe. I will email under separate cover the Security Plan and Privacy Default Protocols prepared by staff. For myself, the Authorized Signatory, my applicable files are in a locked drawer. All hard copies and all electronic copies will be destroyed from the main system and the back ups when no longer required. -3- Part A-2 A. Addresses for Notice: (a) For MTO Information Services Office RM 178 87 Sir William Hearst Avenue Toronto ON M3M 0B4 Attention: Coordinator Business Information Services Unit Telephone: 1(800)769-2419 Email: ARIS@ontario.ca (a) For the Requester THE CORPORATION OF THE TOWNSHIP OF ORO-MEDONTE. operating as TOWNSHIP OF ORO-MEDONTE - COST RECOVERY FOR FIRE & EMERGENCY SERVICES Physical Address: 148 Line 7 S Oro-Medonte, ONTARIO LOL2E0 CANADA Mailing Address: 148Line7S Oro-Medonte, ONTARIO LOL2E0 CANADA Attention: Ms. Brittany Croisier, Fire & Emergency Services Assistant Telephone: (705) 487-2171 x3101 Facsimile: (000) 000-0000 B. List of Authorized Staff: Ms. Janette Teeter, Deputy Clerk Ms. Brittany Croisier, Fire & Emergency Services Assistant Any other Authorized Staff not listed or set out in this section may be viewed via the ARIS profile. -4- C. List of Authorized Premises: Account: 13459-001 Account Contact: Croisier, Brittany (Ms.) Physical Address: 148 Line 7 S Oro-Medonte, ONTARIO LOL2E0 CANADA Any other Authorized Premises not listed or set out in this section may be viewed via the ARIS profile. D. List of Authorized Remote Servers: -1- SCHEDULE "B-1" REOUESTER EMPLOYEE SECURITY STATEMENT 13459 Requester Name: Employee Name: Division: Position #: Telephone Number: Email Address: THE CORPORATION OF THE TOWNSHIP OF ORO-MEDONTE. operating as TOWNSHIP OF ORO-MEDONTE - COST RECOVERY FOR FIRE & EMERGENCY SERVICES Fax Number: (the "Requester") 1. The Requester is licensed to receive confidential and personal information (the "Information") from files and databases administered by the Ontario Ministry of Transportation ("MTO"). MTO and the Requester are committed to protecting this Information from unauthorized access, use or disclosure. The following policies have been adopted to address employees' responsibilities for handling and protecting this Information. 2. As an employee of the Requester, you may access this Information only when necessary to perform your duties as such employee in the course of your employment, and only for the following purposes: AU15 - Government use for program delivery where authorized by statute. Per By -Law No. 2024-038, Schedule C - Fire & Emergency Services Any other Authorized Use(s) not listed or set out in this section may be viewed via the ARIS profile. 3. You must not access or use this Information for personal reasons. (Examples of inappropriate access or misuse of Information include, but are not limited to: making inquiries for personal use or processing transactions on your own records or those of your friends or relatives; accessing Information about another person, including locating their residence address, for any reason not related to your work responsibilities or not authorized by the Requester.) 4. You may disclose Information only to individuals who have been authorized to receive it through appropriate procedures which have been authorized by MTO. (Examples of unauthorized disclosures include but are not limited to: looking up someone's address for a friend.) 5. You must take reasonable precautions to maintain the secrecy of any password you use to access Information electronically. Reasonable precautions include, but are not limited to: not telling others your password or knowingly allowing them to observe while you enter it at a terminal; and frequently changing your password (and, if you suspect your password has been used by someone else, changing it immediately and notifying the Requester); and selecting randomized strong passwords that meet current industry standards, including but not limited to: -2- • a minimum of eight (8) characters in length; • a combination of upper- and lowercase letters; and • at least one numeric and special character. 6. You must take reasonable precautions to protect data entry terminals and equipment from unauthorized access. Reasonable precautions include, but are not limited to: not leaving your terminal unattended while you are logged onto the system; exiting the database which contains any Information when you leave your workstation; securing your terminal with a locking device if one has been provided; storing in a secure place any user documentation to programs through which electronic access to any Information may be gained; and reporting any suspicious circumstances or unauthorized individuals you have observed in the work area to the Requester. I have read and I understand the security policies stated above, and will comply with them and any other security policies issued in the future by the Requester, or by MTO. I understand that failure to comply with these policies may result in disciplinary action by the Requester and/or civil or criminal prosecution in accordance with applicable statutes. Signature of Employee Date: Witnessed By Date: -1- Requester Name: SCHEDULE "B-2" CONTRACTOR SECURITY AGREEMENT 13459 THE CORPORATION OF THE TOWNSHIP (The "Requester") OF ORO-MEDONTE. operating as TOWNSHIP OF ORO-MEDONTE - COST RECOVERY FOR FIRE & EMERGENCY Contractor Name: (The "Contractor") Position: Employer Address: City, Province, Postal Code: Employer Phone #: 1. The Requester is licensed to receive confidential and personal information (the "Information") from files and databases administered by the Ontario Ministry of Transportation ("MTO"). MTO is committed to protecting this Information from unauthorized access, use or disclosure. The following policies have been adopted to address the responsibilities of the Contractor for handling and protecting this Information. In consideration of the Contractor's engagement by the Requester, the Contractor hereby agrees to abide by the terms and conditions set out in this Contractor Security Agreement. 2. The Contractor may access this Information only when necessary to perform his or her duties as such contractor in the course of the Contractor's engagement by the Requester, and only for the following purposes: AU15 - Government use for program delivery where authorized by statute. Per By -Law No. 2024-038, Schedule C - Fire & Emergency Services Any other Authorized Use(s) not listed or set out in this section may be viewed via the ARIS profile. 3. The Contractor must not access or use this Information for personal reasons. (Examples of inappropriate access or misuse of Information include, but are not limited to: making inquiries for personal use or processing transactions on the Contractor's own records or those of the Contractor's friends or relatives; accessing Information about another person, including locating their residence address, for any reason not related to the Contractor's work responsibilities or not authorized by the Requester.) 4. The Contractor may disclose Information only to individuals who have been authorized to receive it through appropriate procedures which have been authorized by MTO. (Examples of unauthorized disclosures include but are not limited to: looking up someone's address for a friend.) 5. The Contractor shall take reasonable precautions to maintain the secrecy of any password used to access Information electronically. Reasonable precautions include, but are not limited to: not telling others the Contractor's password or knowingly allowing them to observe while the Contractor enters it at a terminal; and frequently changing the Contractor's password (and, if the Contractor suspects that his or her password has been used by someone else, changing it immediately and notifying the Requester); and selecting randomized strong passwords that meet current industry standards, including but not limited to: -2- • a minimum of eight (8) characters in length; • a combination of upper- and lowercase letters; and • at least one numeric and special character. 6. The Contractor shall take reasonable precautions to protect data entry terminals and equipment from unauthorized access. Reasonable precautions include, but are not limited to: not leaving the Contractor's terminal unattended while the Contractor is logged onto the system; exiting the database which contains any Information when the Contractor leaves his or her workstation; securing the Contractor's terminal with a locking device if one has been provided; storing in a secure place any user documentation to programs through which electronic access to any Information may be gained; and reporting any suspicious circumstances or unauthorized individuals the Contractor has observed in the work area to the Requester. The Contractor acknowledges having read and understood the security policies stated in this Contractor Security Agreement, and agrees to comply with them and any other security policies issued in the future by the Requester or MTO. The Contractor understands that failure to comply with these policies may result in the termination of the Contractor's placement with the Requester and/or civil or criminal prosecution in accordance with applicable statutes. Signature of the Contractor Signature of Requester's authorized representative Date: Date: - 1 - SCHEDULE "C" FEE SCHEDULE Fees charged for Licensed Information Requests sent to the Requester in response to Licensed Information Requests sent in error will not be refunded. Connectivity: The connectivity costs will include a one time set-up fee of $250.00 for a Personal Computer (PC) connection. In addition, there will be recurring and usage charges for all hardware, software, and services required to connect to and use ARIS. Commercial Price Schedule — Certification of these products (where available) is an additional $6.00 The table below reflect standard product fees. Volume discount rates will be determined based upon previous month's total volumes. The corresponding discounted fee will be applied to the current month's volumes. MTO reserves the right to change volume discounts, standard product pricing and non-standard product pricing without notice. Any applicable volume discounts and non-standard fees, or fees for other products that are not reflected below, can be viewed by logging into ARIS. Information Product Driver Products Vehicle/Plate Products Commercial Vehicle Products Collision Report Products Base Price Per Record 14.00 14.00 5.00 14.00 - 1 - SCHEDULE "D" AUDIT. INSPECTION AND REVIEW 1. Right of Audit. 27 MTO shall have the right, from time to time, to Audit such of the Requester's businesses and operations as relate to or are involved in the performance of the Requester's obligations under this Agreement, including: (b) the Requester's security arrangements (including the Employee Security Statements and Contractor Security Agreements), and the Requester's books and records; and (c) any media of, or in the possession of, the Requester that may contain any Confidential Information. 2. Timing of Audits. The Audits contemplated in section 1 may be conducted at any time during the Requester's normal business hours either: (a) (b) upon twenty-four (24) hours' prior written notice; or without prior written notice in the case of Audits relating to possible Privacy Defaults. 3. Authorized MTO Representatives. MTO shall have the right to engage third party representatives to perform Audits contemplated in this Schedule "D". 4. Privacy Compliance. (a) Privacy -related Audits. Without limiting the generality of section 1, MTO shall have the right to conduct the Audits contemplated in section 1, to measure the Requester's compliance with: (b) (i) the Privacy Laws; (ii) the provisions of this Agreement relating to the Requester's compliance with the Privacy Laws; (iii) the provisions of Articles 4 to 8 inclusive; and (iv) any other provisions of this Agreement that relate to Personal Information or the Processing of Personal Information. Privacy Compliance Meetings. In addition to performing the Audits contemplated in section 4 (a), MTO may require the Requester to meet with MTO to review the results of such Audits as they relate to the matters referred to in section 4 (a). Such meetings shall be held at such times and places as MTO may mutually agree upon with the Requester from time to time, acting reasonably. However, if as a result of any such Audit MTO has reason to believe that the Requester has committed a Privacy Default, MTO may require such meeting to be held within one (1) Business Day of MTO's notifying the Requester in writing that MTO wishes to hold such meeting. 5. Performance Reviews. (a) Audits Relating to Overall Performance. Without limiting the generality of section 1, MTO shall have the right to conduct the Audits contemplated in section 1, to measure the Requester's overall performance of its obligations under this Agreement. (b) Meetings to Review Overall Performance. In addition to performing the Audits contemplated under section 5 (a), MTO may require the Requester to meet with MTO to review the results of such Audits as they relate to the matters referred to in section 5 (a). Such meetings shall be held from time to time at such times and places as MTO and the Requester, acting reasonably, may agree upon. Initials -2- 6. Location and Manner of Audits. The Audits contemplated in section 1 may be conducted on -site at the location(s) of any of the Requester's Authorized Premises, including the location(s) of any of the following: (a) the Employee Security Statements or Contractor Security Agreements, or the Requester's books and records; or any media in the possession or under the control of the Requester that contain any Confidential Information. (b) Such Audits may be conducted in whole or in part by remote electronic means if the Requester's electronic Systems have the functional capability of facilitating such remote Audits. 7. Requester Co-operation. The Requester shall fully co-operate with MTO in facilitating the conduct of any Audits contemplated in section 1, including providing such access, documentation, information, copies of documentation and information, and assistance as MTO may reasonably request for the purpose of such Audits. 8. Duration of Audit Rights. MTO's Audit rights as contemplated in section 1 shall be in force from the Effective Date to the date which is three (3) years after the expiration or termination of the Agreement. 9. Correction of Defaults. Without limiting or restricting any other obligations of the Requester, or rights or remedies of MTO, under this Agreement or at law or in equity: (a) the Requester shall, at its sole cost, correct any breaches by the Requester of this Agreement (including any Privacy Defaults) identified through an Audit (and in respect of which MTO has provided written notification to the Requester). Such corrections shall be done as expeditiously as reasonably possible and in any event within the applicable cure period (if any) provided in section 16.1 of the Agreement. the Requester shall notify MTO in writing upon such breaches having been corrected. (c) After receiving the notification referred to in section 9 (b) of this Schedule "D" from the Requester, MTO may conduct a follow-up Audit to confirm that all such breaches have been corrected. (d) If requested by MTO in the notification referred to in section 9 (a): (i) the Requester shall provide to MTO, within ten (10) days of receiving the notification referred to in section 9 (b) (or within five (5) days of receiving such notification, where such breaches constitute Privacy Defaults), a reasonable written plan, satisfactory to MTO, outlining the steps the Requester will take to ensure that such breaches do not occur again; and (ii) the Requester shall implement the plan provided under section 9 (d)(i). (b) 10. Costs of Audit. (a) All costs incurred by the Requester in connection with the Audits contemplated in section 1 shall remain solely the responsibility of the Requester. Except as provided in section 10 (c), all costs incurred by MTO in connection with the Audits contemplated in section 1 shall remain solely the responsibility of MTO. (c) Despite section 10 (b), if any Audit contemplated in section 1 discloses a material uncured default by the Requester under this Agreement, then the Requester shall reimburse MTO for MTO's reasonable and verifiable costs of conducting such Audit. (b) 11. Without Prejudice. For the avoidance of doubt, nothing in this Schedule "D" shall be deemed to limit or prejudice the rights of MTO or the obligations of the Requester under any other provision of this Agreement or at law or in equity. -1- Permitted Recipient: Physical Address of Permitted Recipient: Permitted Recipient Signatory* Contact Information: *This individual must have binding authority on behalf of the Permitted Recipient to sign this agreement. Authorized Requester Name: Requester's Authorized Use(s): SCHEDULE "E" NON -DISCLOSURE AGREEMENT PERMITTED RECIPIENT 13459 ("you" or "your") [Insert Legal Name of Permitted Recipient] [Insert Operating Name of Permitted Recipient if Different from Legal name] [Unit No.] [Street No.] [City/Town] [Print First Name of Signatory] [Telephone No.] [Email Address] [Street Name] [Province/Territory] [P.O. Box] [Postal/ZIP Code] [Country] [Print Sumame of Signatory] [Extension] [Fax No.] THE CORPORATION OF THE TOWNSHIP OF (the "Requester") ORO-MEDONTE. operating as TOWNSHIP OF ORO-MEDONTE - COST RECOVERY FOR FIRE & EMERGENCY SERVICES AU15 - Government use for program delivery where authorized by statute. Per By -Law No. 2024-038, Schedule C - Fire & Emergency Services -2- Permitted In accordance with the Requester's Agreement with the Ministry Service(s): of Transportation, this Permitted Recipient has been granted conditional access to Licensed Information in the possession of the Requester for the following Permitted Service(s): • The supply, support, and/or maintenance of software and/or programming services; • The supply, support, and/or maintenance of hardware, servers, and/or electronic systems; • The provision of mailing, courier, and/or customer enquiry services; • The provision of IT services related to the secure storage, backup and eventual destruction of Licensed Information; and/or • The provision of physical offsite storage services related to the secure storage, archiving and eventual destruction Licensed Information. For any other anticipated permitted services, the Requester must make arrangements with the ministry before proceeding. For avoidance of doubt, the Permitted Recipient may not make Licensed Information Requests or receive Licensed Information Responses on behalf of the Requester, and may access Licensed Information only to the degree necessary to enable the Requester to carry out the Authorized Use(s) for which the Permitted Service(s) are applicable. 0 For sufficient valuable consideration you acknowledge having received (and as a condition of receiving Confidential Information from the Requester), you understand and agree as follows: Under an agreement (the "Requester Agreement") with the Ontario Ministry of Transportation ("MTO"), the Requester is licensed to receive confidential and personal information (the "Licensed Information") from files and databases administered by MTO. II. The Requester and MTO are committed to protecting all of this Licensed Information and any information derived from the Licensed Information, (all of which is together referred to as the "Confidential Information") from unauthorized access, use or disclosure. III. The following policies, and any future policies issued by MTO and the Requester and provided to you in writing, (the "Policies") set out your responsibilities for handling and protecting this Confidential Information. As a permitted recipient of the Confidential Information (a "Permitted Recipient") you are bound by these Policies: 1. Ownership: You acknowledge and agree that the Confidential Information is and will at all times remain solely the property of MTO. 2. Confidentiality and Use: You must hold all of the Confidential Information in strict confidence. Without limiting the generality of this obligation, you must NOT directly or indirectly: (a) disclose, make available, or provide or permit access to or use of, any Confidential Information to ANY other party (including, but not limited to, any third party contractor) for any purpose. The ONLY exception is that you may permit those of your employees who need to know that Confidential Information for the Permitted Service(s) indicated above. This exception only applies after you have fully informed those employees of, and required those employees to fully comply with, the Policies, and have obtained from each of the employees a signed Employee Security Statement in the form appended to this Agreement as Attachment "A". You will be fully liable to the Requester and MTO for any failure of your employees to fully comply with the Policies, Future Policies will be considered to have been "issued" by MTO or the Requester when you are notified in writing of those Policies; -3- (b) make any full or partial copies (in any format or media) of any of the Confidential Information (other than copies necessary to carry out the Permitted Service(s)); or (c) use any of the Confidential Information for any purpose other than the Permitted Service(s). To avoid any doubt, you must never access, use or disclose any of the Confidential Information for any reasons that do not meet the requirements of both policies 2(a) and 2(b) above, such as for personal reasons (e.g. looking up someone's address for a friend). 3. Destruction of Confidential Information: Where copies of Confidential Information have been made or received in accordance with Policy 2(b) of this Agreement, you must destroy all copies of Confidential Information in your possession or control upon completion or fulfillment of the applicable Permitted Service(s) for which conditional access to the Confidential Information has been authorized. 4. MTO Audit: You must accommodate audits by MTO in accordance with the MTO Audit Policy (a copy of which is appended to this Agreement as Attachment "B", and which you acknowledge having, read and understood), and fully co-operate with and assist MTO in carrying out such audits in accordance with such MTO Audit Policy. 5. Access and Use Only From Premises Approved by Requester: You may only access and use the Confidential Information from premises approved by the Requester. You must never copy or remove any Confidential Information from such premises. 6. Data Matching or Profiling: Subject to the Permitted Services referred to above, you must not: (a) develop or derive for any purpose whatsoever, any other product, work or database, in human -readable or machine-readable form or otherwise, that incorporates, modifies, or uses in any manner whatsoever, any personal information contained in or obtained from the Confidential Information. (This does not, however, apply to any specific personal information that you had in your possession prior to receiving the Confidential Information); or (b) place any data which was not obtained directly or indirectly from the Requester, into a database containing personal information obtained directly or indirectly from the Requester. 7. No Contacting Individuals: You must not use the Confidential Information directly or indirectly to locate or contact any individual to whom the Confidential Information is directly or indirectly referable. To avoid any doubt, nothing in this Policy 7 will limit or release you from any of your other obligations under this Agreement, which obligations will remain in full force and effect. 8. Comply with Law: You must at all times remain in full compliance with all applicable laws relating to any access, use or disclosure of any personal information contained in the Confidential Information. You must also comply with any written instructions or directions from MTO from time to time concerning such personal information (to the extent that the Requester notifies you of such instructions or directions). 9. Secrecy of Passwords: You must take reasonable precautions to maintain the secrecy of any password you use to access Confidential Information electronically. Reasonable precautions include, but are not limited to: not telling others your password or knowingly allowing them to observe while it is entered at a terminal; frequently changing your password (and, if you suspect your password has been used by someone else, changing it immediately); and selecting randomized strong passwords that meet current industry standards, including but not limited to: • a minimum of eight (8) characters in length; • a combination of upper- and lowercase letters; and • at least one numeric and special character. 10. Access to Terminals: You must take reasonable precautions to protect data entry terminals and equipment from unauthorized access. Reasonable precautions include, but are not limited to: not leaving your terminal unattended while logged onto the system; exiting the database which contains any Confidential Information when leaving the workstation; securing your terminal with a locking device if one has been provided; and storing in a secure place any user documentation to programs through which electronic access to any Confidential Information may be gained. -4- IV. All of your obligations in this Agreement will survive the expiry or any termination of your relationship with the Requester, and will continue in full force and effect subsequently until they are satisfied or by their nature expire. V. If any provision of this Agreement is illegal, invalid or unenforceable, it will be severed. No waiver of any provision of this Agreement by the Requester will constitute a waiver of any other provisions (whether or not similar) or a continuing waiver. This Agreement will be governed by Ontario law and the laws of Canada applicable in Ontario. You and the Requester agree to attom to the non-exclusive jurisdiction of the courts of Ontario for the resolution of any disputes arising out of, or in connection with, this Agreement. This Agreement may not be assigned by you, but otherwise will be binding upon and enure to the benefit of you and the Requester and the respective heirs, executors, administrators, successors and permitted assigns of you and the Requester. VI. MTO Right to Enforce this Agreement: You and the Requester acknowledge and agree that: (a) While MTO is not a party to this Agreement and has no obligations under this Agreement, MTO will have the right to directly enforce your obligations in clause III above as if MTO were a party to this Agreement; (h) In furtherance of clause VI(a) above, the Requester will be a trustee of MTO (and MTO's successors and assigns) for the limited purpose of holding your obligations in clause III above in trust for MTO (and MTO's successors and assigns). To the extent that clause III incorporates any defined terms, the defmitions of such terms as provided in this Agreement will be considered to be incorporated into clause III for the purposes of this clause VI; (c) For avoidance of doubt clauses VI(a) and VI(b) mean that in addition to the Requester enforcing your obligations under this Agreement (in the Requester's capacity as a party to this Agreement), MTO (and MTO's successors and assigns) may also enforce your obligations in clause III above in MTO's own right and MTO will not be required to add the Requester as a party to any proceedings for such enforcement; and (d) The trust created in favour of MTO (and its successors and assigns), as contemplated above, being coupled with an interest, may not be revised or revoked without the prior written consent of MTO (or such successors and assigns, as the case may be). You acknowledge that you have read and understand the provisions of this Agreement (including, but not limited to, the Policies set out or referred to above), and will comply with them and with any other Policies issued in the future by MTO or the Requester. You understand that failure to comply with the Policies or any such other Policies or changes will be a breach of this Agreement and (among other things) may result in civil or criminal prosecution in accordance with applicable statutes. Insert Name of Permitted Recipient Authorized Signature of Permitted Recipient Date: Insert Name of Requester Authorized Signature of Requester Date: I have the authority to bind the organization -5- Requester Name: Permitted Recipient Name: Employee Name: Division: Position: Permitted Service(s): ATTACJ,ENT "A" of NON -DISCLOSURE AGREEMENT PERMITTED RECIPIENT EMPLOYEE SECURITY STATEMENT (Permitted Recipient) THE CORPORATION OF THE TOWNSHIP OF ORO-MEDONTE. operating as TOWNSHIP OF ORO-MEDONTE - COST RECOVERY FOR FIRE & EMERGENCY SERVICES [Insert Legal Name of Permitted Recipient] [Print First Name] [Position Title] [Print Surname] (the "Requester") (the "Permitted Recipient") [Position No.] In accordance with the Requester's Agreement with the Ministry of Transportation, this Permitted Recipient has been granted conditional access to Licensed Information in the possession of the Requester for the following Permitted Service(s): • The supply, support, and/or maintenance of software ❑ and/or programming services; • The supply, support, and/or maintenance of hardware, 0 servers, and/or electronic systems; • The provision of mailing, courier, and/or customer 0 enquiry services; • The provision of IT services related to the secure storage, backup and eventual destruction of Licensed Information; and/or • The provision of physical offsite storage services related to the secure storage, archiving and eventual destruction Licensed Information. For any other anticipated permitted services, the Requester must make arrangements with the ministry before proceeding. For avoidance of doubt, the Permitted Recipient may not make Licensed Information Requests or receive Licensed Information Responses on behalf of the Requester, and may access Licensed Information only to the degree necessary to enable the Requester to carry out the Authorized Use(s) for which the Permitted Service(s) are applicable. 0 0 The Requester is licensed to receive confidential and personal information (the "Information") from files and databases administered by the Ontario Ministry of Transportation ("MTO"). Under an agreement with the Requester, the Permitted Recipient has been authorized to access the Information. The Requester and MTO are committed to protecting this Information from unauthorized access, use or disclosure. The following policies have been adopted to address employees' responsibilities for handling and protecting this Information. 1. As an employee of the Permitted Recipient, you may access this Information only when necessary to perform your duties as such employee in the course of your employment, and only for the Permitted Service(s) identified in the table of this Employee Security Statement. 2 You must not access or use this Information for personal reasons. (Examples of inappropriate access or misuse of Information include, but are not limited to: making inquiries for personal use or processing transactions on your own records or those of your friends or relatives; accessing Information about another person, including locating their residence address, for any reason not related to your work responsibilities or not authorized by the Permitted Recipient.) -6- 3. You may disclose Information only to individuals who have been authorized to receive it through appropriate procedures which have been authorized by MTO. (Examples of unauthorized disclosures include but are not limited to: looking up someone's address for a friend.) 4. You must take reasonable precautions to maintain the secrecy of any password you use to access Information electronically. Reasonable precautions include, but are not limited to: not telling others your password or knowingly allowing them to observe while you enter it at a terminal; and frequently changing your password (and, if you suspect your password has been used by someone else, changing it immediately and notifying the Permitted Recipient); and selecting randomized strong passwords that meet current industry standards, including but not limited to: • a minimum of eight (8) characters in length; • a combination of upper- and lowercase letters; and • at least one numeric and special character. 5. You must take reasonable precautions to protect data entry terminals and equipment from unauthorized access. Reasonable precautions include, but are not limited to: not leaving your terminal unattended while you are logged onto the system; exiting the database which contains any Information when you leave your workstation; securing your terminal with a locking device if one has been provided; storing in a secure place any user documentation to programs through which electronic access to any Information may be gained; and reporting any suspicious circumstances or unauthorized individuals you have observed in the work area to the Permitted Recipient. I have read and I understand the security policies stated above, and will comply with them and any other security policies (or changes to policies) issued in the future by the Permitted Recipient, Requester or MTO. I understand that failure to comply with these policies (or any such other policies or changes to policies) may result in disciplinary action by the Permitted Recipient and/or civil or criminal prosecution in accordance with applicable statutes. Signature of Employee Date: Witnessed By Date: -7- Permitted Recipient: Requester Name: ATTACHMENT "B" of NON -DISCLOSURE AGREEMENT PERMITTED RECIPIENT MTO AUDIT POLICY 13459 (Permitted Recipient) [Insert Legal Name of Permitted Recipient] THE CORPORATION OF THE TOWNSHIP OF ORO-MEDONTE. operating as TOWNSHIP OF ORO-MEDONTE - COST RECOVERY FOR FIRE & EMERGENCY SERVICES Permitted Recipient Initials ("you" or "your") (the "Requester") This is the MTO Audit Policy referred to in the Permitted Recipient Non -disclosure Agreement that you signed with the Requester (the "Permitted Recipient Non -disclosure Agreement"). Capitalized terms that are used in this MTO Audit Policy, but not defined in this MTO Audit Policy, have the meanings given to them in the Permitted Recipient Non -disclosure Agreement. In this MTO Audit Policy, the following defined terms have the following meanings: "Audit" and similar expressions means such audits, reviews, investigations, inspections, confirmations, certifications, tests, studies and determinations performed by, on behalf of or for MTO pursuant to section 1 below. "Business Day" means a day other than a Saturday, Sunday or a statutory, civic or public service holiday observed in the Province of Ontario. "include", "includes" or "including" mean "include without limitation", "includes without limitation" and "including without limitation", respectively, and the words following "include", `includes" or "including" will not be considered to set out an exhaustive list, "Privacy Default" means a breach of: (i) any Privacy Laws, or (ii) any of the provisions of the Permitted Recipient Non -disclosure Agreement. "Privacy Laws" means the Freedom of Information and Protection of Privacy Act (Ontario), and the provisions of any other law from time that are applicable to you and that address the collection, use or disclosure of personal information. 1. Right of Audit. MTO will have the right, from time to time, to Audit such of your businesses and operations as relate to, or are involved in, your possession or control of Confidential Information. Subject to the provisions of this MTO Audit Policy and applicable law (including the Privacy Laws and the provisions of any other law from time that are applicable to MTO and that address the collection, use or disclosure of personal information) from time to time (including any disclosures that may be required by such laws), and subject to any agreements between MTO and its employees from time to time, MTO will (and will require any third party representatives referred to in section 3 to) hold in confidence any of your confidential information which is disclosed or made available to MTO (or such third party representatives) in connection with an Audit carried out under this MTO Audit Policy. 2. Timing of Audits. The Audits contemplated in section 1 may be conducted at any time during your normal business hours either: (a) upon twenty-four (24) hours' prior written notice; or (b) without prior notice in the case of Audits relating to possible Privacy Defaults. 3. Authorized MTO Representatives. MTO will have the right to engage third party representatives to perform Audits contemplated in section 1. -8- 4. Privacy Compliance. (a) Privacy -related Audits. Without limiting the generality of section 1, MTO will have the right to conduct the Audits contemplated in section 1, to measure your compliance with: (A) the Privacy Laws; or (B) the provisions of the Permitted Recipient Non -disclosure Agreement. (b) Privacy Compliance Meetings. In addition to performing the Audits contemplated under section 4(a), MTO may require you to meet with MTO to review the results of such Audits as they relate to the matters referred to in section 4(a). Such meetings will be held at such times and places as MTO may mutually agree upon with you from time to time acting reasonably. However, if as a result of any such Audit MTO has reason to believe that you have committed a Privacy Default, MTO may require such meeting to be held within one (1) Business Day of MTO notifying you in writing that MTO wishes to hold such meeting. 5. Performance Reviews. (a) Audits Relating to Overall Performance. Without limiting the generality of section 1, MTO will have the right to conduct the Audits contemplated in section 1, to measure your overall performance of your obligations under the Permitted Recipient Non -disclosure Agreement. (b) Meetings to Review Overall Performance. In addition to performing the Audits contemplated under section 5(a), MTO may require you to meet with MTO to review the results of such Audits as they relate to the matters referred to in section 5(a). Such meetings will be held at such times and places as MTO may mutually agree upon with you from time to time acting reasonably. 6. Location and Manner of Audits. The Audits contemplated in section 1 may be conducted on -site at the location(s) of: (a) any of your businesses or operations that relate to or are involved in the performance of your obligations to the Requester; or (b) any media in your possession or control that contains Confidential Information. Such Audits may be conducted in whole or in part by remote electronic means if your computer systems have the functional capability of facilitating such remote Audits. 7. Co-operation. You must fully co-operate with MTO in facilitating the conduct of any Audits contemplated in section 1, including providing such access, documentation, information, copies of documentation and information, and assistance as MTO may reasonably request for the purpose of such Audits. 8. Duration of Audit Rights. MTO's Audit rights as contemplated in section 1 will be in force from the date you receive a copy of this MTO Audit Policy to the date which is three years after you cease to be a Permitted Recipient. 9. Correction of Defaults. Without limiting or restricting any other obligations you may have, or rights or remedies MTO may have, under this MTO Audit Policy or at law or in equity: (a) You will, at your sole cost, correct any Privacy Defaults (including any breaches of the Permitted Recipient Non -disclosure Agreement) identified through an Audit (and in respect of which MTO provides written notification to you), and will do so as expeditiously as reasonably possible and in any event within twenty- four (24) hours' of receiving notice of such Privacy Default from MTO. (b) (c) You will notify MTO in writing upon such breaches having being corrected. After receiving such notification from you, MTO may conduct a follow-up Audit to confirm that all such breaches have been corrected. -9- (d) If requested by MTO in the notification referred to in section 9(a): (i) you will provide to MTO, within five (5) days of receiving the notification referred to in section 9(a), a reasonable written plan outlining the steps you will take to ensure that such Privacy Defaults do not reoccur; and (ii) you will implement the plan provided under section 9(d)(i). 10. Costs of Audit. (a) All costs incurred by you in connection with the Audits contemplated in section 1 will remain solely your responsibility. (b) Except as provided in section 10(c), all costs incurred by MTO in connection with the Audits contemplated in section 1 will remain solely the responsibility of MTO. (c) Despite section 10(b): (i) if any Audit contemplated in section 1 discloses a material uncured default by you under the Permitted Recipient Non -disclosure Agreement, then you must reimburse MTO for MTO's reasonable and verifiable costs of conducting such Audit; (ii) if any Confidential Information is in your possession or control at a location outside of Ontario, then you must reimburse MTO for MTO's reasonable and verifiable costs of conducting Audits (as contemplated in section 1) at such location(s) outside of Ontario. However, MTO shall only have the right to obtain reimbursement under this section 10(c)(ii) in respect of one such Audit in each calendar year. For the avoidance of doubt, nothing in this section 10(c)(ii) will be considered to in any way reduce or waive your obligations wider section 4 of the Permitted Recipient Non -disclosure Agreement. 11. Without Prejudice. To avoid any doubt, nothing in this MTO Audit Policy will be deemed to limit or prejudice MTO's rights or your obligations under the Permitted Recipient Non -disclosure Agreement or at law or in equity.