Personal Data Breach. 7.1 Processor shall notify Company without undue delay upon Processor becoming aware of a Personal Data Breach affecting Company Personal Data, providing Company with sufficient information to allow the Company to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.
7.2 Processor shall co-operate with the Company and take reasonable commercial steps as are directed by Company to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
Personal Data Breach a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the Shared Personal Data.
Personal Data Breach. We shall notify you without undue delay upon us or any Subprocessor becoming aware of a Personal Data Breach affecting your Personal Data, providing you with information (as and when available) to assist you to meet any obligations to report or inform affected Data Subjects of the Personal Data Breach under Applicable Data Protection Laws.
Personal Data Breach. 8.1 Vendor shall notify Company without undue delay upon Vendor or any Subprocessor becoming aware of a Personal Data Breach affecting Company Personal Data, providing Company with sufficient information to allow each Company Group Member to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.
8.2 Vendor shall co-operate with Company and each Company Group Member and take such reasonable commercial steps as are directed by Company to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
Personal Data Breach. The Data Processor should inform the Data Controller immediately of any actual or suspected personal data breaches in order that the Data Controller can comply with its obligations to inform the Information Commissioners Office (ICO) within 72 hours. The email address xxx@xxxxxx.xxx.xx should be used to inform the Data Controller of any actual or suspected personal data breaches.
Personal Data Breach. 5.1 Processor will promptly and without undue delay notify Controller if any Personal Data is lost or destroyed or becomes damaged, corrupted, or unusable. Processor will restore such Personal Data at its own expense.
5.2 Processor will immediately and without undue delay notify Controller if it becomes aware of:
(a) any accidental, unauthorised or unlawful processing of the Personal Data; or
(b) any Personal Data Breach.
5.3 Where Processor becomes aware of (a) and/or (b) of clause 5.2, it shall, without undue delay, also provide Controller with the following information:
(a) description of the causes and nature of (a) and/or (b), including the categories and approximate number of both Data Subjects and Personal Data records concerned;
(b) the likely consequences; and
(c) description of the measures taken or proposed to be taken to address (a) and/or (b), including measures to mitigate its possible adverse effects.
5.4 Immediately following any unauthorised or unlawful Personal Data processing or Personal Data Breach, the parties will coordinate with each other to investigate the matter. Processor will reasonably cooperate with Controller in Controller's handling of the matter, including:
(a) assisting with any investigation;
(b) providing Controller with physical access to any facilities and operations affected;
(c) facilitating interviews with Processor's employees, former employees and others involved in the matter;
(d) making available all relevant records, logs, files, data reporting and other materials required to comply with all Data Protection Legislation or as otherwise reasonably required by Controller; and
(e) taking reasonable and prompt steps to mitigate the effects and to minimise any damage resulting from the Personal Data Breach or unlawful Personal Data processing.
5.5 Processor will not inform any third party of any Personal Data Breach without first obtaining Controller's prior written consent, except when required to do so by law.
5.6 Processor agrees that Controller has the sole right to determine:
(a) whether to provide notice of the Personal Data Breach to any Data Subjects, supervisory authorities, regulators, law enforcement agencies or others, as required by law or regulation or in Controller's discretion, including the contents and delivery method of the notice; and
(b) whether to offer any type of remedy to affected Data Subjects, including the nature and extent of such remedy.
5.7 Processor will cover all reasonable expenses a...
Personal Data Breach. 11.1 The Data Controller acknowledge and agree that the Data Processor shall not be deemed responsible for Personal Data Breach not imputable to the Data Processor’s negligence.
11.2 If the Data Processor becomes aware of a Personal Data Breach, it will:
a) take appropriate actions to contain and mitigate such Personal Data Breach, including notifying the Data Controller, without undue delay, to enable the Data Controller to expeditiously implement its response program. Notwithstanding the above, the Data Processor reserves the right to determine the measures it will take to comply with Applicable Data Protection Laws or to protect its rights and interests;
b) cooperate with the Data Controller to investigate: the nature, the categories and approximate number of Data Subjects concerned, the categories and approximate number of Personal Data records concerned and the likely consequences of any such Personal Data Breach in a manner which is commensurate with its seriousness and its overall impact on the Data Controller and the delivery of the Service under this DPA;
c) where Applicable Data Protection Laws require notification to relevant Supervisory Authorities and impacted Data Subjects of such a Personal Data Breach, and as it relates to the Client Personal Data, defer to and take instructions from Data Controller, as Data Controller has the sole right to determine the measures that it will take to comply with Applicable Data Protection Laws or remediate any risk, including without limitation:
i. whether notice is to be provided to any individuals, regulators, law enforcement agencies, consumer reporting agencies, or others as required Applicable Data Protection Laws, or in Data Controller's discretion; and
ii. the contents of such notice, whether any type of remediation may be offered to affected Client Data Subjects, and the nature and extent of any such remediation.
Personal Data Breach. 8.1 UKG will notify Customer without undue delay and in accordance with Data Protection Laws upon UKG or any Subprocessor becoming aware of a Personal Data Breach affecting Customer Personal Data, providing Customer with sufficient information to allow Customer to meet its obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.
8.2 In the event of a Personal Data Breach, the Parties will reasonably cooperate with each other, and UKG shall take commercially reasonable steps to keep Customer informed as to the investigation, mitigation and remediation of any such Personal Data Breach.
8.3 Except as may be required by Applicable Law, UKG will not notify Customer’s affected Data Subjects about a Personal Data Breach without Customer’s prior written consent.
Personal Data Breach. In case of a breach of Patients Data or Study Data discovered by any PARTY, the PARTIES shall fully collaborate with each other as required by applicable law. The PARTY responsible for the location where the Personal Data Breach has occurred (e.g. EBMT for a breach of the EBMT REGISTRY data base) shall (i) ensure immediate and appropriate action is taken to contain the breach and mitigate its potential impact on Patients, (ii) notify the other PARTIES of the breach without undue delay (see DPO details below), and , where feasible, no later than 24 hours after having become aware of it, (iii) perform a risk assessment of the breach for the Patients. If the EBMT REGISTRY has been breached, EBMT shall be responsible for making the decision whether to notify the Personal Data Breach to the Lead Supervisory Authority of the EBMT REGISTRY and proceed to the notification thereof in accordance with the principles set forth in Article 33 of GDPR. If the breach has occurred at the CENTER, the CENTER shall be responsible for making the decision whether to notify the Personal Data Breach to its Competent Supervisory Authority. If Study Data has been breached, the PARTY who has initiated the study shall be responsible, with the assistance of the CENTER, for making the decision whether to notify the Personal Data Breach to the Competent Supervisory Authorities. In case Patients must be informed, the PARTIES collaborate to prepare the content of the information and agree on the PARTY who will inform Patients in accordance with the principles set forth in Article 34 of GDPR. Where possible, the information is provided to Patients by the INVESTIGATOR. DPO’s contacts: EBMT: The Data Protection Officer Edifici Xx. Xxxxxxxx Xxxxx x Xxxxx Xxxxxxx Xxxxxx, 000 00000 Xxxxxxxxx (Xxxxx) E-mail: xxxx.xxxxxxxxxx@xxxx.xxx SFGM-TC: Xxx Xxxxxxxx Xxxxxxxx E-mail : xxx-xxxxxx@xxxxxx.xxxxxx Tel : +00 (0)0 00 00 00 55 CENTER: To be completed Violation des Données personnelles : En cas de violation de Données des Patients ou de Données de l'Étude découverte par l'une des PARTIES, les PARTIES collaboreront pleinement entre elles comme l'exige le droit applicable. La PARTIE responsable de la localisation de la Violation de Données à caractère personnel (par exemple, l’EBMT pour une violation de la base de données du REGISTRE EBMT) doit (i) s'assurer que des mesures immédiates et appropriées sont prises pour contenir la violation et atténuer son impact potentiel sur les Patients, (ii) notifier ...
Personal Data Breach. 10.1 The Processor shall notify the Controller without undue delay after becoming aware of (and in any event within 72 hours of discovering) any accidental or unlawful destruction, loss, alteration or unauthorised disclosure or access to any Personal Data (“Personal Data Breach”).
10.2 The Processor shall take all commercially reasonable measures to secure the Personal Data, to limit the effects of any Personal Data Breach, and to assist the Controller in meeting the Controller’s obligations under applicable law.
