Data Breaches 4.1 The Data Processor does not guarantee that its security measures will be effective under all conditions. If the Data Processor discovers a data breach within the meaning of Article
Data Breach In the event of an unauthorized release, disclosure or acquisition of Student Data that compromises the security, confidentiality or integrity of the Student Data maintained by the Provider the Provider shall provide notification to LEA within seventy-two (72) hours of confirmation of the incident, unless notification within this time limit would disrupt investigation of the incident by law enforcement. In such an event, notification shall be made within a reasonable time after the incident. Provider shall follow the following process:
(1) The security breach notification described above shall include, at a minimum, the following information to the extent known by the Provider and as it becomes available:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either
(1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided; and
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
(2) Provider agrees to adhere to all federal and state requirements with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
(3) Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a summary of said written incident response plan.
(4) LEA shall provide notice and facts surrounding the breach to the affected students, parents or guardians.
(5) In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with XXX to the extent necessary to expeditiously secure Student Data.
Customer Data 5.1 The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
5.2 The Supplier shall follow its archiving procedures for Customer Data as set out in its Back-Up Policy available at XxxxxXXX.xxx or such other website address as may be notified to the Customer as such document may be amended by the Supplier in its sole discretion from time to time the current version of which is set out at Schedule 3 of this Agreement. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with the archiving procedure described in its Back-Up Policy. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up).
5.3 The Supplier shall, in providing the Services, comply with its Privacy and Security Policy as such document may be amended from time to time by the Supplier in its sole discretion.
5.4 If the Supplier processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf;
(b) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(c) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(d) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
5.5 The Supplier and the Customer shall comply with their respective obligations as set out in Schedule 4 of this Agreement
SERVICE MONITORING, ANALYSES AND ORACLE SOFTWARE 11.1 We continuously monitor the Services to facilitate Oracle’s operation of the Services; to help resolve Your service requests; to detect and address threats to the functionality, security, integrity, and availability of the Services as well as any content, data, or applications in the Services; and to detect and address illegal acts or violations of the Acceptable Use Policy. Oracle monitoring tools do not collect or store any of Your Content residing in the Services, except as needed for such purposes. Oracle does not monitor, and does not address issues with, non-Oracle software provided by You or any of Your Users that is stored in, or run on or through, the Services. Information collected by Oracle monitoring tools (excluding Your Content) may also be used to assist in managing Oracle’s product and service portfolio, to help Oracle address deficiencies in its product and service offerings, and for license management purposes.
11.2 We may (i) compile statistical and other information related to the performance, operation and use of the Services, and (ii) use data from the Services in aggregated form for security and operations management, to create statistical analyses, and for research and development purposes (clauses i and ii are collectively referred to as “Service Analyses”). We may make Service Analyses publicly available; however, Service Analyses will not incorporate Your Content, Personal Data or Confidential Information in a form that could serve to identify You or any individual. We retain all intellectual property rights in Service Analyses.
11.3 We may provide You with the ability to obtain certain Oracle Software (as defined below) for use with the Services. If we provide Oracle Software to You and do not specify separate terms for such software, then such Oracle Software is provided as part of the Services and You have the non-exclusive, worldwide, limited right to use such Oracle Software, subject to the terms of this Agreement and Your order (except for separately licensed elements of the Oracle Software, which separately licensed elements are governed by the applicable separate terms), solely to facilitate Your use of the Services. You may allow Your Users to use the Oracle Software for this purpose, and You are responsible for their compliance with the license terms. Your right to use any Oracle Software will terminate upon the earlier of our notice (by web posting or otherwise) or the end of the Services associated with the Oracle Software. Notwithstanding the foregoing, if Oracle Software is licensed to You under separate terms, then Your use of such software is governed by the separate terms. Your right to use any part of the Oracle Software that is licensed under the separate terms is not restricted in any way by this Agreement.
Data Encryption Contractor must encrypt all State data at rest and in transit, in compliance with FIPS Publication 140-2 or applicable law, regulation or rule, whichever is a higher standard. All encryption keys must be unique to State data. Contractor will secure and protect all encryption keys to State data. Encryption keys to State data will only be accessed by Contractor as necessary for performance of this Contract.
Personal Data Breaches 5.7.1 The Data Processor shall give immediate notice to the Data Controller if a breach occurs, that can lead to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to, personal data transmitted, stored or otherwise processed re the Personal Data processed on behalf of the Data Controller (a “Personal Data Breach”).
5.7.2 The Data Processor shall make reasonable efforts to identify the cause of such a breach and take those steps as they deem necessary to establish the cause, and to prevent such a breach from reoccurring.
Discovery of Breach It is understood and agreed that the representations and warranties (i) of the Depositor set forth in Section 2.03 hereof, (ii) of Xxxxxx Holdings set forth in the Mortgage Loan Sale Agreement and assigned to the Trustee by the Depositor hereunder and (iii) of each Transferor, assigned by Xxxxxx Holdings to the Depositor pursuant to the Mortgage Loan Sale Agreement and assigned to the Trustee by the Depositor hereunder, shall each survive delivery of the Mortgage Files and the Assignment of Mortgage of each Mortgage Loan to the Trustee and shall continue throughout the term of this Agreement. Upon discovery by any of the Depositor, the Master Servicer or the Trustee of a breach of any of such representations and warranties that adversely and materially affects the value of the related Mortgage Loan, the party discovering such breach shall give prompt written notice to the other parties. Within 90 days of the discovery of a breach of any representation or warranty given to the Trustee by the Depositor, any Transferor or Xxxxxx Holdings and assigned to the Trustee hereunder, the Depositor, such Transferor or Xxxxxx Holdings shall either (a) cure such breach in all material respects, (b) repurchase such Mortgage Loan or any property acquired in respect thereof from the Trustee at the Purchase Price or (c) within the two year period following the Closing Date, substitute a Qualifying Substitute Mortgage Loan for the affected Mortgage Loan. In the event of the discovery of a breach of any representation and warranty of any Transferor assigned to the Trustee, the Trustee shall enforce its rights under the applicable Transfer Agreement and the Mortgage Loan Sale Agreement for the benefit of the Certificateholders. As provided in the Mortgage Loan Sale Agreement, if any Transferor substitutes for a Mortgage Loan for which there is a breach of any representations and warranties in the related Transfer Agreement which adversely and materially affects the value of such Mortgage Loan and such substitute mortgage loan is not a Qualifying Substitute Mortgage Loan, under the terms of the Mortgage Loan Sale Agreement, Xxxxxx Holdings will, in exchange for such Substitute Mortgage Loan, either (i) provide the applicable Purchase Price for the affected Mortgage Loan or (ii) within two years of the Closing Date, substitute such affected Mortgage Loan with a Qualifying Substitute Mortgage Loan.
Evaluation Software If the Software is an evaluation version or is provided to You for evaluation purposes, then, unless otherwise approved in writing by an authorized representative of Licensor, Your license to use the Software is limited solely for internal evaluation purposes in non-production use and in accordance with the terms of the evaluation offering under which You received the Software, and expires 90 days from installation (or such other period as may be indicated within the Software). Upon expiration of the evaluation period, You must discontinue use of the Software, return to an original state any actions performed by the Software, and delete the Software entirely from Your system and You may not download the Software again unless approved in writing by an authorized representative of Licensor. The Software may contain an automatic disabling mechanism that prevents its use after a certain period of time. RESTRICTIONS
Device Data We may share certain personal information and device-identifying technical data about you and your devices with third party service providers, who will compare and add device data and fraud data from and about you to a database of similar device and fraud information in order to provide fraud management and prevention services, which include but are not limited to identifying and blocking access to the applicable service or Web site by devices associated with fraudulent or abusive activity. Such information may be used by us and our third party service providers to provide similar fraud management and prevention services for services or Web sites not provided by us. We will not share with service providers any information that personally identifies the user of the applicable device.
User Data We will maintain certain data that you transmit to the Services for the purpose of managing the performance of the Services, as well as data relating to your use of the Services. Although we perform regular routine backups of data, you are solely responsible for all data that you transmit or that relates to any activity you have undertaken using the Services. You agree that we shall have no liability to you for any loss or corruption of any such data, and you hereby waive any right of action against us arising from any such loss or corruption of such data.
