Common use of CUSTOMER DATA INCIDENT MANAGEMENT AND NOTIFICATION Clause in Contracts

CUSTOMER DATA INCIDENT MANAGEMENT AND NOTIFICATION. 7.1.1 ClickDimensions maintains security incident management policies and procedures specified in Security Documentation and, to the extent required under applicable Data Protection Laws and Regulations, shall notify Customer without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data, including Personal Data, transmitted, stored or otherwise Processed by ClickDimensions or its Sub-processors of which ClickDimensions becomes aware (a “Customer Data Incident”). ClickDimensions shall make reasonable efforts to identify the cause of such Customer Data Incident and take those steps as ClickDimensions deems necessary and reasonable in order to remediate the cause of such a Customer Data Incident to the extent the remediation is within ClickDimensions’ reasonable control. The obligations herein shall not apply to incidents that are caused by Customer or Customer’s users. 7.1.2 In the event ClickDimensions becomes aware of a Customer Data Incident, ClickDimensions shall notify Customer by email, without undue delay (and in no event greater than 48 hours), after having become aware of the occurrence. ClickDimensions will ensure that such notice complies with requirements under applicable Data Protection Laws and Regulations, including with respect to the timing and substance of such notice. Notwithstanding these requirements, such notification to Customer shall include: (i) a description of the nature of the Customer Data Incident, including, the categories and approximate number of Data Subjects concerned, the affected categories and approximate number of types of Processing of Personal Data; (ii) a description of the likely consequences of the Customer Data Incident; and (iii) a description of the measures taken or proposed to remedy the Customer Data Incident and, if necessary, the measures to mitigate or limit possible negative effects thereof. To the extent it is not possible to provide the foregoing information at the same time, the information may be provided in phases without further undue delay. 7.1.3 Taking into account the nature of Processing and the information available to ClickDimensions, ClickDimensions will provide assistance to Customer to enable Customer to fulfill its notification obligations to affected Data Subjects or relevant authorities in connection with a Customer Data Incident. At the written request of Customer, ClickDimensions shall provide reasonable assistance to Customer and take such reasonable steps as requested by Customer agreed by the parties or necessary under Data Protection Laws and Regulations to assist in the investigation, remediation, and litigation of such Customer Data Incident. Customer shall be responsible for any reasonable costs arising from ClickDimensions’ provision of such assistance unless such Customer Data Incident is determined to have been caused by ClickDimensions or its Sub-processors in which case ClickDimensions shall provide such assistance without charge.