Exiger obligations Clause Samples

Exiger obligations. 3.1 With respect to its Processing of Personal Data under this DPE, Exiger warrants that it shall: (a) only process the Personal Data in order to provide the Services and shall act only in accordance with this Agreement and Customer's written instructions as represented by the Agreement and this DPE; (b) in the unlikely event that applicable law requires Exiger to process Personal Data other than pursuant to Customer's instruction, notify Customer (unless prohibited from so doing by applicable law); (c) without undue delay upon becoming aware, inform ▇▇▇▇▇▇▇▇ if, in ▇▇▇▇▇▇'s opinion, any instructions provided by Customer under Clause 3.10 infringe the GDPR; (d) implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks that are presented by the processing, in particular protection against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data. Such measures include, without limitation, the security measures set out in Appendix 2; (e) take reasonable steps to ensure that only authorised personnel have access to such Personal Data and that any persons whom it authorises to have access to the Personal Data are under obligations of confidentiality; (f) without undue delay upon becoming aware, notify Customer of any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data (a "Security Breach"); (g) promptly provide Customer with reasonable cooperation and assistance in respect of the Security Breach and all information in ▇▇▇▇▇▇'s possession concerning the Security Breach; (h) not make any announcement about a Security Breach (a "Breach Notice") without: (i) the prior written consent from Customer; and (ii) prior written approval by Customer of the content, media and timing of the Breach Notice; (i) promptly notify Customer if it receives a Data Subject Request. Exiger shall not respond to Data Subject Requests without Customer’s prior written consent except to confirm that such request relates to Customer. To the extent Customer does not have the ability to address a Data Subject Request (including via the Services), Exiger shall provide reasonable assistance to facilitate the Data Subject Request, provided Customer shall pay Exiger’s charges for providing such assistance, at Exiger's standard consultancy rates set out in the Agreement. (j) without undue delay follow...