DATA INCIDENT MANAGEMENT AND NOTIFICATION. Processor maintains security incident management policies and procedures and, to the extent required under applicable Data Protection Laws, shall notify Customer without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data Processed on behalf of the Customer, including Personal Data transmitted, stored or otherwise Processed by Processor or its Sub- processors of which Processor becomes aware (a “Data Incident”). Processor shall make reasonable efforts to identify the cause of such Data Incident and take those steps as Processor deems necessary and reasonable in order to remediate the cause of such a Data Incident to the extent the remediation is within Processor’s reasonable control. The obligations herein shall not apply to incidents that are caused by Customer or Customer’s users. Customer will not make, disclose, release or publish any finding, admission of liability, communication, notice, press release or report concerning any Data Incident which directly or indirectly identifies Processor (including in any legal proceeding or in any notification to regulatory or supervisory authorities or affected individuals) without Processor’s prior written approval, unless, and solely to the extent that, Customer is compelled to do so pursuant to applicable Data Protection Laws. In the latter case, unless prohibited by law, Customer shall provide Processor with reasonable prior written notice to provide Processor with the opportunity to object to such disclosure and in any case Customer will limit the disclosure to the minimum scope required.
DATA INCIDENT MANAGEMENT AND NOTIFICATION. Processor maintains security incident management policies and procedures and, to the extent required under applicable Data Protection Laws, shall notify Client without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data Processed by Processor on behalf of the Client (a “Data Incident”). Processor shall make reasonable efforts to identify and take those steps as Processor deems necessary and reasonable in order to remediate and/or mitigate the cause of such Data Incident to the extent the remediation and/or mitigation is within Processor’s reasonable control. The obligations herein shall not apply to incidents that are caused by Client or anyone who uses the Services on Client’s behalf. Client will not make, disclose, release or publish any finding, admission of liability, communication, notice, press release or report concerning any Data Incident which directly or indirectly identifies Processor (including in any legal proceeding or in any notification to regulatory or supervisory authorities or affected individuals) without Processor’s prior written approval, unless, and solely to the extent that, Client is compelled to do so pursuant to applicable Data Protection Laws. In the latter case, unless prohibited by such laws, Client shall provide Processor with reasonable prior written notice to provide Processor with the opportunity to object to such disclosure and in any case Client will limit the disclosure to the minimum scope required.
DATA INCIDENT MANAGEMENT AND NOTIFICATION. Flipnode has in place reasonable and appropriate security incident management policies and procedures, specified in Attachment 2 of this DPA, and shall notify Customer without undue delay after becoming aware of an unlawful or accidental destruction, alteration or damage or loss, unauthorized disclosure of, or access to Personal Data, transmitted, stored or otherwise Processed by Flipnode or its non- Affiliate Sub-processors of which Flipnode becomes aware ( “Personal Data Incident”), as required under Article 33 of the GDPR. Flipnode shall make reasonable efforts to identify the cause of such Personal Data Breach, and take those steps as it deems necessary and reasonable in order to remediate the cause of such a Personal Data Breach, to the extent that the remediation is within Flipnode’s reasonable control.
DATA INCIDENT MANAGEMENT AND NOTIFICATION. Zoho has in place appropriate Security Incident management policies and procedures. In the event that Xxxx becomes aware of a Security Incident involving data stored or otherwise Processed by Zoho or its Sub-Processors, Zoho will notify Subscriber without undue delay after becoming aware of the said Security Incident. Zoho will take all commercially reasonable efforts to remediate the Security Incident and prevent recurrence. Subscriber acknowledges that Zoho's obligation specified herein shall not apply to Security Incidents caused by Subscriber or its authorized users.
DATA INCIDENT MANAGEMENT AND NOTIFICATION. 7.1 In addition to compliance with the relevant technical and organizational measures, Supplier will maintain security incident management policies and procedures and shall notify Kantar without undue delay (and in any event within 36 hours) after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Kantar Personal Data, transmitted, stored or otherwise Processed by Supplier or its Sub-processors which results in any actual loss or misuse of Kantar Personal Data (a Data Incident).
7.2 Supplier shall provide Kantar with sufficient information to allow Kantar to meet any obligations to assess and report a Data Incident under the Data Protection Laws, which may be provided in stages as it becomes available to Supplier and shall include the following:
7.2.1 A description of the nature of the Data Incident, including details of any Sub-processors involved, the categories and numbers of Data Subjects concerned, and the categories and numbers of Kantar Personal Data records concerned;
7.2.2 the name and contact details of Supplier's or the relevant Supplier Affiliate's data protection officer or other relevant contact from whom more information may be obtained;
7.2.3 the likely consequences of the Data Incident; and
7.2.4 the measures taken or proposed to be taken to address the Data Incident.
7.3 Supplier shall make all reasonable efforts to identify the cause of such Data Incident and take those steps as Kantar deems necessary and reasonable in order to remediate the cause of the Data Incident to the extent that the remediation is within Supplier’s reasonable control.
7.4 Supplier shall be liable for all costs and damages arising from a Data Incident caused by a breach of its obligations under this DPA.
7.5 Where the Supplier is acting as a Processor, in the event of a Data Incident, Kantar (subject to any obligations Kantar has to its end client(s)) shall be responsible for notifying Data Subjects and / or Supervisory Authorities. Before any such notification is made, Kantar shall, where possible, consult with and provide Supplier an opportunity to comment on any notification made in connection with a Data Incident.
DATA INCIDENT MANAGEMENT AND NOTIFICATION. Xxxxxx shall notify You without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Your Data, including Personal Data, transmitted, stored or otherwise Processed by Kandji or its Sub-processors occurring on Kandji or our Sub-Processor’s information system of which Xxxxxx becomes aware (a “Data Incident”). Xxxxxx shall make reasonable efforts to identify the cause of such Data Incident and take such steps as Xxxxxx xxxxx necessary and reasonable to remediate the cause of such a Data Incident to the extent the remediation is within Xxxxxx's reasonable control. At Your reasonable request, and to the extent Kandji is required to do so under applicable Data Protection Laws and Regulations, Xxxxxx will promptly provide You with commercially reasonable assistance as necessary to enable You to meet Your obligations under applicable Data Protection Laws and Regulations to notify authorities and/or affected Data Subjects. The obligations herein shall not apply to incidents that are caused by You or Your Users.
DATA INCIDENT MANAGEMENT AND NOTIFICATION. In respect of Customer data incident Processor shall:
7.1 notify Controller of a Personal Data Breach involving Processor or a subcontractor without undue delay (but in no event later than 72 hours after becoming aware of the incident);
7.2 make reasonable efforts to identify the cause of such incident and take those steps as Processor deems necessary and reasonable in order to remediate the cause of the incident to the extent that it is within Freshworks’ reasonable control.
7.3 provide reasonable information, cooperation and assistance to Controller in relation to any action to be taken in response to a Personal Data Breach under Data Protection Laws, including regarding any communication of the Personal Data Breach to Data Subjects and national data protection authorities. The obligations contained in Section 7 should not apply to data incidents that are caused by Customer or Customer’s users.
DATA INCIDENT MANAGEMENT AND NOTIFICATION. 7.1. Processor maintains internal security incident management policies and procedures and, to the extent required under applicable Data Protection Laws, shall notify Customer without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data Processed by Processor on behalf of the Customer (a “Data Incident”). Processor shall make reasonable efforts to identify and take those steps as Processor deems necessary and reasonable designed to remediate and/or mitigate the cause of such Data Incident to the extent the remediation and/or mitigation is within Processor’s reasonable control. The obligations herein shall not apply to Data Incidents that are caused by Customer, its Users or anyone who uses the Services on Customer’s behalf.
7.2. Customer will not make, disclose, release or publish any finding, admission of liability, communication, notice, press release or report concerning any Data Incident which directly or indirectly identifies Processor (including in any legal proceeding or in any notification to regulatory or supervisory authorities or affected individuals) without Processor’s prior written approval, unless, and solely to the extent that, Customer is compelled to do so pursuant to applicable Data Protection Laws. In the latter case, unless prohibited by such laws, Customer shall provide Processor with reasonable prior written notice to provide Processor with the opportunity to object to such disclosure and in any case Customer will limit the disclosure to the minimum scope required by such laws.
DATA INCIDENT MANAGEMENT AND NOTIFICATION. 9.1 In the event of a Personal Data Breach, Riipen shall, without undue delay, inform Customer of the Personal Data Breach and take such steps as Riipen, in its sole discretion, deems necessary and reasonable to remediate such violation (to the extent that remediation is within Riipen’s reasonable control).
9.2 In the event of a Personal Data Breach, Riipen shall, taking into account the nature of the Processing and the information available to Riipen, provide Customer with reasonable cooperation and assistance necessary for Customer to comply with its obligations under the GDPR with respect to notifying (i) the relevant Supervisory Authority and (ii) Data Subjects affected by such Personal Data Breach without undue delay.
9.3 The obligations described in Sections 9.1 and 9.2 shall not apply in the event that a Personal Data Breach results from Customer or Customer’s authorized Users’ actions or omissions.
DATA INCIDENT MANAGEMENT AND NOTIFICATION. A. Vendor shall notify Company without undue delay upon Vendor or any Sub-processor becoming aware of a Personal Data Breach affecting Company Personal Data, providing Company with sufficient information to allow each Company Group Member to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.
B. Vendor shall co-operate with Company and each Company Group Member and take such reasonable commercial steps as are directed by Company to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
