Common use of DATA INCIDENT MANAGEMENT AND NOTIFICATION Clause in Contracts

DATA INCIDENT MANAGEMENT AND NOTIFICATION. Processor maintains security incident management policies and procedures and, to the extent required under applicable Data Protection Laws, shall notify Client without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data Processed by Processor on behalf of the Client (a “Data Incident”). Processor shall make reasonable efforts to identify and take those steps as Processor deems necessary and reasonable in order to remediate and/or mitigate the cause of such Data Incident to the extent the remediation and/or mitigation is within Processor’s reasonable control. The obligations herein shall not apply to incidents that are caused by Client or anyone who uses the Services on Client’s behalf. Client will not make, disclose, release or publish any finding, admission of liability, communication, notice, press release or report concerning any Data Incident which directly or indirectly identifies Processor (including in any legal proceeding or in any notification to regulatory or supervisory authorities or affected individuals) without Processor’s prior written approval, unless, and solely to the extent that, Client is compelled to do so pursuant to applicable Data Protection Laws. In the latter case, unless prohibited by such laws, Client shall provide Processor with reasonable prior written notice to provide Processor with the opportunity to object to such disclosure and in any case Client will limit the disclosure to the minimum scope required.

DATA INCIDENT MANAGEMENT AND NOTIFICATION. Processor Hunters maintains security incident management policies and procedures and, to the extent required under applicable Data Protection Laws, shall notify Client Customer without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data Processed by Processor Hunters on behalf of the Client Customer (a “Data Incident”). Processor Hunters shall make reasonable efforts to identify and take those steps as Processor Hunters deems necessary and reasonable in order to remediate and/or mitigate the cause of such Data Incident to the extent the remediation and/or mitigation is within Processor’s Hunters’ reasonable control. The obligations herein shall not apply to incidents that are caused by Client Customer or anyone who uses the Services Service on ClientCustomer’s behalf. Client Customer will not make, disclose, release release, or publish any finding, admission of liability, communication, notice, press release release, or report concerning any Data Incident which directly or indirectly identifies Processor Hunters (including in any legal proceeding or in any notification to regulatory or supervisory authorities or affected individuals) without Processor’s Hunters’ prior written approval, unless, and solely to the extent that, Client Customer is compelled to do so pursuant to applicable Data Protection Laws. In the latter case, unless prohibited by such laws, Client Customer shall provide Processor Hunters with reasonable prior written notice to provide Processor Hunters with the opportunity to object to such disclosure disclosure, and in any case Client case, Customer will limit the disclosure to the minimum scope required.

DATA INCIDENT MANAGEMENT AND NOTIFICATION. Processor Riverside maintains security incident management policies and procedures and, to the extent required under applicable Data Protection Laws, shall notify Client Customer without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data Processed by Processor Riverside on behalf of the Client Customer (a “Data Incident”). Processor Riverside shall make reasonable efforts to identify and take those steps as Processor Riverside deems necessary and reasonable in order to remediate and/or mitigate the cause of such Data Incident to the extent the remediation and/or mitigation is within ProcessorRiverside’s reasonable control. The obligations herein shall not apply to incidents that are caused by Client Customer or anyone who uses the Services Platform on ClientCustomer’s behalf. Client Customer will not make, disclose, release or publish any finding, admission of liability, communication, notice, press release or report concerning any Data Incident which directly or indirectly identifies Processor Riverside (including in any legal proceeding or in any notification to regulatory or supervisory authorities or affected individuals) without ProcessorRiverside’s prior written approval, unless, and solely to the extent that, Client Customer is compelled to do so pursuant to applicable Data Protection Laws. In the latter case, unless prohibited by such laws, Client Customer shall provide Processor Riverside with reasonable prior written notice to provide Processor Riverside with the opportunity to object to such disclosure and in any case Client case, Customer will limit the disclosure to the minimum scope required.

DATA INCIDENT MANAGEMENT AND NOTIFICATION. Processor maintains security incident management policies and procedures and, to the extent required under applicable Data Protection Laws, shall notify Client Customer without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data Processed by Processor on behalf of the Client Customer (a “Data Incident”). Processor shall make reasonable efforts to identify and take those steps as Processor deems necessary and reasonable in order to remediate and/or mitigate the cause of such Data Incident to the extent the remediation and/or mitigation is within Processor’s reasonable control. The obligations herein shall not apply to incidents that are caused by Client Customer or anyone who uses the Services Service on ClientCustomer’s behalf. Client Customer will not make, disclose, release or publish any finding, admission of liability, communication, notice, press release or report concerning any Data Incident which directly or indirectly identifies Processor (including in any legal proceeding or in any notification to regulatory or supervisory authorities or affected individuals) without Processor’s prior written approval, unless, and solely to the extent that, Client Customer is compelled to do so pursuant to applicable Data Protection Laws. In the latter case, unless prohibited by such laws, Client Customer shall provide Processor with reasonable prior written notice to provide Processor with the opportunity to object to such disclosure and in any case Client case, Customer will limit the disclosure to the minimum scope required.

DATA INCIDENT MANAGEMENT AND NOTIFICATION. Processor maintains security incident management policies and procedures and, to the extent required under applicable Data Protection Laws, shall notify Client Customer without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data Processed by Processor on behalf of the Client Customer (a “Data Incident”). Processor shall make reasonable efforts to identify and take those steps as Processor deems necessary and reasonable in order to remediate and/or mitigate the cause of such Data Incident to the extent the remediation and/or mitigation is within Processor’s reasonable control. The obligations herein shall not apply to incidents that are caused by Client Customer or anyone who uses the Services on ClientCustomer’s behalf. Client Customer will not make, disclose, release or publish any finding, admission of liability, communication, notice, press release or report concerning any Data Incident which directly or indirectly identifies Processor (including in any legal proceeding or in any notification to regulatory or supervisory authorities or affected individuals) without Processor’s prior written approval, unless, and solely to the extent that, Client Customer is compelled to do so pursuant to applicable Data Protection Laws. In the latter case, unless prohibited by such laws, Client Customer shall provide Processor with reasonable prior written notice to provide Processor with the opportunity to object to such disclosure and in any case Client Customer will limit the disclosure to the minimum scope required.