Personal Data Breach Notification SAP will notify Customer without undue delay after becoming aware of any Personal Data Breach and provide reasonable information in its possession to assist Customer to meet Customer’s obligations to report a Personal Data Breach as required under Data Protection Law. SAP may provide such information in phases as it becomes available. Such notification shall not be interpreted or construed as an admission of fault or liability by SAP.
Notification of personal data breach 1. In case of any personal data breach, the data processor shall, without undue delay after having become aware of it, notify the data controller of the personal data breach.
2. The data processor’s notification to the data controller shall, if possible, take place within 24 hours after the data processor has become aware of the personal data breach to enable the data controller to comply with the data controller’s obligation to notify the personal data breach to the competent supervisory authority, cf. Article 33
Handling Sensitive Personal Information and Breach Notification A. As part of its contract with HHSC Contractor may receive or create sensitive personal information, as section 521.002 of the Business and Commerce Code defines that phrase. Contractor must use appropriate safeguards to protect this sensitive personal information. These safeguards must include maintaining the sensitive personal information in a form that is unusable, unreadable, or indecipherable to unauthorized persons. Contractor may consult the “Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals” issued by the U.S. Department of Health and Human Services to determine ways to meet this standard.
B. Contractor must notify HHSC of any confirmed or suspected unauthorized acquisition, access, use or disclosure of sensitive personal information related to this Contract, including any breach of system security, as section 521.053 of the Business and Commerce Code defines that phrase. Contractor must submit a written report to HHSC as soon as possible but no later than 10 business days after discovering the unauthorized acquisition, access, use or disclosure. The written report must identify everyone whose sensitive personal information has been or is reasonably believed to have been compromised.
C. Contractor must either disclose the unauthorized acquisition, access, use or disclosure to everyone whose sensitive personal information has been or is reasonably believed to have been compromised or pay the expenses associated with HHSC doing the disclosure if:
1. Contractor experiences a breach of system security involving information owned by HHSC for which disclosure or notification is required under section 521.053 of the Business and Commerce Code; or
2. Contractor experiences a breach of unsecured protected health information, as 45 C.F.R. §164.402 defines that phrase, and HHSC becomes responsible for doing the notification required by 45 C.F.R. §164.404. HHSC may, at its discretion, waive Contractor's payment of expenses associated with HHSC doing the disclosure.
Personal Data Breaches 5.7.1 The Data Processor shall give immediate notice to the Data Controller if a breach occurs, that can lead to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to, personal data transmitted, stored or otherwise processed re the Personal Data processed on behalf of the Data Controller (a “Personal Data Breach”).
5.7.2 The Data Processor shall make reasonable efforts to identify the cause of such a breach and take those steps as they deem necessary to establish the cause, and to prevent such a breach from reoccurring.
Personal Data Breach 7.1 Processor shall notify Company without undue delay upon Processor becoming aware of a Personal Data Breach affecting Company Personal Data, providing Company with sufficient information to allow the Company to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.
7.2 Processor shall co-operate with the Company and take reasonable commercial steps as are directed by Company to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
Provision of Services by Third Parties The Administrator shall, to the extent it determines that it would be advisable in connection with or incidental to the activities contemplated hereby, arrange for and coordinate the services of other professionals, experts and consultants to provide any or all of the Services, in which case, the costs and expenses of such third parties for providing such services shall be borne by the Administrator other than as set forth in Section 3; it being understood that the Administrator shall not charge to the Issuer any fees in addition thereto with respect to such outsourced Painting-Level Services that are described in Section 1(a)(i) and Entity-Level Services described in Section 1(a)(ii), but the Administrator shall be entitled to reimbursement for third party costs incurred in connection with Non-Routine Services described in Section 1(a)(iii) as set forth in Section 3(b). Reimbursement for Non-Routine Services shall be reimbursed by the Issuer out of the proceeds from a sale of the Painting. In addition, Masterworks may determine to sell the Painting without engaging a third-party intermediary, in which event, the Administrator would charge the buyer of the Painting a reasonable fee not to exceed the lowest published buyer’s premium charged by Sotheby’s, Christie’s or Pxxxxxxx in effect at such time.
TERMINATION BY MPS - BREACH BY CONTRACTOR If Contractor fails to fulfill its obligations under this Contract in a timely or proper manner, or violates any of its provisions, MPS shall thereupon have the right to terminate it by giving five (5) days written notice before the effective date of termination of the Contract, specifying the alleged violations, and effective date of termination. The Contract shall not be terminated if, upon receipt of the notice, Contractor promptly cures the alleged violation with five (5) days. In the event of termination, MPS will only be liable for services rendered through the date of termination and not for the uncompleted portion, or for any materials or services purchased or paid for by Contractor for use in completing the Contract.
Obligation after the termination of personal data processing services
Protection of Personal Information Party agrees to comply with all applicable state and federal statutes to assure protection and security of personal information, or of any personally identifiable information (PII), including the Security Breach Notice Act, 9 V.S.A. § 2435, the Social Security Number Protection Act, 9 V.S.A. § 2440, the Document Safe Destruction Act, 9 V.S.A. § 2445 and 45 CFR 155.260. As used here, PII shall include any information, in any medium, including electronic, which can be used to distinguish or trace an individual’s identity, such as his/her name, social security number, biometric records, etc., either alone or when combined with any other personal or identifiable information that is linked or linkable to a specific person, such as date and place or birth, mother’s maiden name, etc.
Contractor Designation of Trade Secrets or Otherwise Confidential Information If the Contractor considers any portion of materials to be trade secret under section 688.002 or 812.081, F.S., or otherwise confidential under Florida or federal law, the Contractor must clearly designate that portion of the materials as trade secret or otherwise confidential when submitted to the Department. The Contractor will be responsible for responding to and resolving all claims for access to Contract-related materials it has designated trade secret or otherwise confidential.
