Common use of Personal Data Breach Clause in Contracts

Personal Data Breach. 5.1 Processor will promptly and without undue delay notify Controller if any Personal Data is lost or destroyed or becomes damaged, corrupted, or unusable. Processor will restore such Personal Data at its own expense. 5.2 Processor will immediately and without undue delay notify Controller if it becomes aware of: (a) any accidental, unauthorised or unlawful processing of the Personal Data; or (b) any Personal Data Breach. 5.3 Where Processor becomes aware of (a) and/or (b) of clause 5.2, it shall, without undue delay, also provide Controller with the following information: (a) description of the causes and nature of (a) and/or (b), including the categories and approximate number of both Data Subjects and Personal Data records concerned; (b) the likely consequences; and (c) description of the measures taken or proposed to be taken to address (a) and/or (b), including measures to mitigate its possible adverse effects. 5.4 Immediately following any unauthorised or unlawful Personal Data processing or Personal Data Breach, the parties will coordinate with each other to investigate the matter. Processor will reasonably cooperate with Controller in Controller's handling of the matter, including: (a) assisting with any investigation; (b) providing Controller with physical access to any facilities and operations affected; (c) facilitating interviews with Processor's employees, former employees and others involved in the matter; (d) making available all relevant records, logs, files, data reporting and other materials required to comply with all Data Protection Legislation or as otherwise reasonably required by Controller; and (e) taking reasonable and prompt steps to mitigate the effects and to minimise any damage resulting from the Personal Data Breach or unlawful Personal Data processing. 5.5 Processor will not inform any third party of any Personal Data Breach without first obtaining Controller's prior written consent, except when required to do so by law. 5.6 Processor agrees that Controller has the sole right to determine: (a) whether to provide notice of the Personal Data Breach to any Data Subjects, supervisory authorities, regulators, law enforcement agencies or others, as required by law or regulation or in Controller's discretion, including the contents and delivery method of the notice; and (b) whether to offer any type of remedy to affected Data Subjects, including the nature and extent of such remedy. 5.7 Processor will cover all reasonable expenses associated with the performance of the obligations under clause 5.2 and clause 5.4 unless the matter arose from Controller's specific instructions, negligence, wilful default or breach of this Agreement, in which case Controller will cover all reasonable expenses.

Personal Data Breach. 5.1 Processor 6.1 The Provider will promptly and in any event without undue delay notify Controller if any Personal Data is lost or destroyed or becomes damaged, corrupted, or unusable. Processor will restore such Personal Data at its own expense. 5.2 Processor will immediately and without undue delay notify Controller the Customer in writing if it becomes aware of: (a) the loss, unintended destruction or damage, corruption, or unusability of part or all of the Personal Data. The Provider will restore such Personal Data at its own expense as soon as possible. (b) any accidental, unauthorised or unlawful processing of the Personal Data; or (bc) any Personal Data Breach. 5.3 6.2 Where Processor the Provider becomes aware of (a), (b) and/or (bc) of clause 5.2above, it shallwill, without undue delay, also provide Controller the Customer with the following written information: (a) description of the causes and nature of (a), (b) and/or (bc), including the categories of in-scope Personal Data and approximate number of both Data Subjects and the Personal Data records concerned; (b) the likely consequences; and (c) a description of the measures taken or proposed to be taken to address (a), (b) and/or (bc), including measures to mitigate its possible adverse effects. 5.4 6.3 Immediately following any accidental, unauthorised or unlawful Personal Data processing or Personal Data Breach, the parties will coordinate co-ordinate with each other to investigate the matter. Processor Further, the Provider will reasonably cooperate co-operate with Controller the Customer at no additional cost to the Customer, in Controllerthe Customer's handling of the matter, includingincluding but not limited to: (a) assisting with any investigation; (b) providing Controller the Customer with physical access to any facilities and operations affected; (c) facilitating interviews with Processorthe Provider's employees, former employees and others involved in the mattermatter including, but not limited to, its officers and directors; (d) making available all relevant records, logs, files, data reporting and other materials required to comply with all Data Protection Legislation or as otherwise reasonably required by Controllerthe Customer; and (e) taking reasonable and prompt steps to mitigate the effects and to minimise any damage resulting from the Personal Data Breach or accidental, unauthorised or unlawful Personal Data processing. 5.5 Processor 6.4 The Provider will not inform any third third-party of any accidental, unauthorised or unlawful processing of all or part of the Personal Data and/or a Personal Data Breach without first obtaining Controllerthe Customer's prior written consent, except when required to do so by domestic law. 5.6 Processor 6.5 The Provider agrees that Controller the Customer has the sole right to determine: (a) whether to provide notice of the accidental, unauthorised or unlawful processing and/or the Personal Data Breach to any Data Subjects, supervisory authoritiesthe Commissioner, other in-scope regulators, law enforcement agencies or others, as required by law or regulation or in Controllerthe Customer's discretion, including the contents and delivery method of the notice; and (b) whether to offer any type of remedy to affected Data Subjects, including the nature and extent of such remedy. 5.7 Processor 6.6 The Provider will cover all reasonable expenses associated with the performance of the obligations under clause 5.2 and 6.1 to clause 5.4 6.3 unless the matter arose from Controllerthe Customer's specific written instructions, negligence, wilful default or breach of this Agreement, in which case Controller the Customer will cover all reasonable expenses. 6.7 The Provider will also reimburse the Customer for actual reasonable expenses that the Customer incurs when responding to an incident of accidental, unauthorised or unlawful processing and/or a Personal Data Breach to the extent that the Provider caused such, including all costs of notice and any remedy as set out in Clause 6.5.

Personal Data Breach. 5.1 Processor 6.1 The Provider will promptly immediately or within 72 hours and in any event without undue delay notify Controller the Customer if any Personal Data is lost it becomes aware of: a) the loss, unintended destruction or destroyed or becomes damageddamage, corruptedcorruption, or unusableunusability of part or all of the Personal Data. Processor The Provider will restore such Personal Data at its own expenseexpense as soon as possible. 5.2 Processor will immediately and without undue delay notify Controller if it becomes aware of: (ab) any accidental, unauthorised unauthorized or unlawful processing of the Personal Data; or (bc) any Personal Data Breach. 5.3 6.2 Where Processor the Provider becomes aware of (a), (b) and/or (bc) of clause 5.2above, it shall, without undue delay, also provide Controller the Customer with the following information: (a) description of the causes and nature of (a), (b) and/or (bc), including the categories of in-scope Personal Data and approximate number of both Data Subjects and the Personal Data records concerned; (b) the likely consequences; and (c) a description of the measures taken or proposed to be taken to address (a), (b) and/or (bc), including measures to mitigate its possible adverse effects. 5.4 6.3 Immediately following any unauthorised accidental, unauthorized or unlawful Personal Data processing or Personal Data Breach, the parties will coordinate co-ordinate with each other to investigate the matter. Processor Further, the Provider will reasonably cooperate co-operate with Controller the Customer at no additional cost to the Customer, in Controllerthe Customer's handling of the matter, includingincluding but not limited to: (a) assisting with any investigation; (b) providing Controller the Customer with physical access to any facilities and operations affected; (c) facilitating interviews with Processorthe Provider's employees, former employees and others involved in the mattermatter including, but not limited to, its officers and directors; (d) making available all relevant records, logs, files, data reporting and other materials required to comply with all Data Protection Legislation or as otherwise reasonably required by Controllerthe Customer; and (e) taking reasonable and prompt steps to mitigate the effects and to minimise minimize any damage resulting from the Personal Data Breach or accidental, unauthorized or unlawful Personal Data processing. 5.5 Processor 6.4 The Provider will not inform any third party of any accidental, unauthorized or unlawful processing of all or part of the Personal Data and/or a Personal Data Breach without first obtaining Controllerthe Customer's prior written consent, except when required to do so by domestic law. 5.6 Processor 6.5 The Provider agrees that Controller the Customer has the sole right to determine: (a) whether to provide notice of the accidental, unauthorized or unlawful processing and/or the Personal Data Breach to any Data Subjects, supervisory authoritiesthe Commissioner, other in-scope regulators, law enforcement agencies or others, as required by law or regulation or in Controllerthe Customer's discretion, including the contents and delivery method of the notice; and (b) whether to offer any type of remedy to affected Data Subjects, including the nature and extent of such remedy. 5.7 Processor 6.6 The Provider will cover all reasonable expenses associated with the performance of the obligations under clause 5.2 and clause 5.4 Clause 6.3 unless the matter arose from Controllerthe Customer's specific written instructions, negligence, wilful willful default or breach of this Agreement, in which case Controller the Customer will cover all reasonable expenses. 6.7 The Provider will also reimburse the Customer for actual reasonable expenses that the Customer incurs when responding to an incident of accidental, unauthorized or unlawful processing and/or a Personal Data Breach to the extent that the Provider caused such, including all costs of notice and any remedy as set out in clause 6.5.

Personal Data Breach. 5.1 Processor Nuclei will promptly and without undue delay notify Controller the Customer if any Personal Data is lost or destroyed or becomes damaged, corrupted, or unusable. Processor Nuclei will restore such Personal Data at its own expense. 5.2 Processor Nuclei will immediately promptly and without undue delay notify Controller the Customer if it becomes aware of: (a) any accidental, unauthorised unauthorized or unlawful processing of the Personal Data; or (b) any Personal Data Breach. 5.3 Where Processor Nuclei becomes aware of (a) and/or (b) of clause 5.2above, it shall, without undue delay, also provide Controller the Customer with the following information: (a) description of the causes and nature of (a) and/or (b), including the categories and approximate number of both Data Subjects and Personal Data records concerned; (b) the likely consequences; and (c) description of the measures taken taken, or proposed to be taken to address (a) and/or (b), including measures to mitigate its possible adverse effects. 5.4 Immediately following any unauthorised unauthorized or unlawful Personal Data processing or Personal Data Breach, the parties will coordinate co-ordinate with each other to investigate the matter. Processor Nuclei will reasonably cooperate co-operate with Controller the Customer in Controllerthe Customer's handling of the matter, including: (a) assisting with any investigation; (b) providing Controller the Customer with physical access to any facilities and operations affected; (c) facilitating interviews with Processor's Xxxxxx’s employees, former employees and others involved in the matter; (d) making available all relevant records, logs, files, data reporting and other materials required to comply with all Data Protection Legislation or as otherwise reasonably required by Controllerthe Customer; and (e) taking reasonable and prompt steps to mitigate the effects and to minimise minimize any damage resulting from the Personal Data Breach or unlawful Personal Data processing. 5.5 Processor Nuclei will not inform any third party of any Personal Data Breach without first obtaining Controllerthe Customer's prior written consent, except when required to do so by law. 5.6 Processor Xxxxxx agrees that Controller the Customer has the sole right to determine: (a) whether to provide notice of the Personal Data Breach to any Data Subjects, supervisory authorities, regulators, law enforcement agencies or others, as required by law or regulation or in Controllerthe Customer's discretion, including the contents and delivery method of the notice; and (b) whether to offer any type of remedy to affected Data Subjects, including the nature and extent of such remedy. 5.7 Processor The Customer will cover all reasonable expenses associated with the performance of the obligations under clause 5.2 and clause 5.4 unless 5.4. 5.8 The Customer will also reimburse Nuclei for actual reasonable expenses that Nuclei incurs when responding to a Personal Data Breach to the matter arose from Controller's specific instructionsextent that the Customer caused such a Personal Data Breach, negligence, wilful default or breach including all costs of this Agreement, notice and any remedy as set out in which case Controller will cover all reasonable expensesclause.

Personal Data Breach. 5.1 Processor 6.1 TripStax will promptly within 48 hours and in any event without undue delay notify Controller if any Personal Data is lost or destroyed or becomes damaged, corrupted, or unusable. Processor will restore such Personal Data at its own expense. 5.2 Processor will immediately and without undue delay notify Controller the Customer in writing if it becomes aware of: (a) the loss, unintended destruction or damage, corruption, or un-usability of part or all of the Personal Data. TripStax will restore such Personal Data at its own expense as soon as possible. (b) any accidental, unauthorised or unlawful processing of the Personal Data; or (bc) any Personal Data Breach. 5.3 6.2 Where Processor TripStax becomes aware of (a), (b) and/or (bc) of clause 5.2above, it shallwill, without undue delay, also provide Controller the Customer with the following written information: (a) description of the causes and nature of (a), (b) and/or (bc), including the categories of in-scope Personal Data and approximate number of both Data Subjects and the Personal Data records concerned; (b) the likely consequences; and (c) a description of the measures taken or proposed to be taken to address (a), (b) and/or (bc), including measures to mitigate its possible adverse effects. 5.4 6.3 Immediately following any accidental, unauthorised or unlawful Personal Data processing or Personal Data Breach, the parties will coordinate co-ordinate with each other to investigate the matter. Processor Further, TripStax will reasonably cooperate co-operate with Controller the Customer at no additional cost to the Customer (if the Data Breach is caused by TripStax), in Controllerthe Customer's handling of the matter, includingincluding but not limited to: (a) assisting with any investigation; (b) providing Controller the Customer with physical access to any facilities and operations affected; (c) facilitating interviews with Processor's TripStax employees, former employees and others involved in the mattermatter including, but not limited to, its officers and directors; (d) making available all relevant records, logs, files, data reporting and other materials required to comply with all Data Protection Legislation or as otherwise reasonably required by Controllerthe Customer; and (e) taking reasonable and prompt steps to mitigate the effects and to minimise any damage resulting from the Personal Data Breach or accidental, unauthorised or unlawful Personal Data processing. 5.5 Processor 6.4 TripStax will not inform any third third-party of any accidental, unauthorised or unlawful processing of all or part of the Personal Data and/or a Personal Data Breach without first obtaining Controllerthe Customer's prior written consent, except when required to do so by domestic or EU law. 5.6 Processor 6.5 TripStax agrees that Controller the Customer has the sole right to determine: (a) whether to provide notice of the accidental, unauthorised or unlawful processing and/or the Personal Data Breach to any Data Subjects, supervisory authoritiesthe Commissioner, other in-scope regulators, law enforcement agencies or others, as required by law or regulation or in Controllerthe Customer's discretion, including the contents and delivery method of the notice; and (b) whether to offer any type of remedy to affected Data Subjects, including the nature and extent of such remedy. 5.7 Processor 6.6 TripStax will cover all reasonable expenses associated with the performance of the its obligations under clause 5.2 and 6.1 to clause 5.4 6.3 unless the matter arose from Controllerthe Customer's specific instructions, negligence, wilful default or breach of this Agreement, in which case Controller the Customer will cover all reasonable expensesexpenses including those incurred by TripStax.

Personal Data Breach. 5.1 Processor 6.1 The Provider will promptly within 24 hours and in any event without undue delay notify Controller the Customer in writing if any Personal Data is lost it becomes aware of:‌ (a) the loss, unintended destruction or destroyed or becomes damageddamage, corruptedcorruption, or unusableunusability of part or all of the Personal Data. Processor The Provider will restore such Personal Data at its own expenseexpense as soon as possible. 5.2 Processor will immediately and without undue delay notify Controller if it becomes aware of: (ab) any accidental, unauthorised or unlawful processing of the Personal Data; or (bc) any Personal Data Breach. 5.3 6.2 Where Processor the Provider becomes aware of (a), (b) and/or (bc) of clause 5.2above, it shallwill, without undue delay, also provide Controller the Customer with the following written information: (a) description of the causes and nature of (a), (b) and/or (bc), including the categories of in-scope Personal Data and approximate number of both Data Subjects and the Personal Data records concerned; (b) the likely consequences; and (c) a description of the measures taken or proposed to be taken to address (a), (b) and/or (bc), including measures to mitigate its possible adverse effects. 5.4 6.3 Immediately following any accidental, unauthorised or unlawful Personal Data processing or Personal Data Breach, the parties will coordinate co-ordinate with each other to investigate the matter. Processor Further, the Provider will reasonably cooperate co-operate with Controller the Customer at no additional cost to the Customer, in Controllerthe Customer's handling of the matter, including:including but not limited to:‌ (a) assisting with any investigation; (b) providing Controller the Customer with physical access to any facilities and operations affected; (c) facilitating interviews with Processorthe Provider's employees, former employees and others involved in the mattermatter including, but not limited to, its officers and directors; (d) making available all relevant records, logs, files, data reporting and other materials required to comply with all Data Protection Legislation or as otherwise reasonably required by Controllerthe Customer; and (e) taking reasonable and prompt steps to mitigate the effects and to minimise any damage resulting from the Personal Data Breach or accidental, unauthorised or unlawful Personal Data processing. 5.5 Processor 6.4 The Provider will not inform any third third-party of any accidental, unauthorised or unlawful processing of all or part of the Personal Data and/or a Personal Data Breach without first obtaining Controllerthe Customer's prior written consent, except when required to do so by domestic law. 5.6 Processor 6.5 The Provider agrees that Controller the Customer has the sole right to determine:determine:‌ (a) whether to provide notice of the accidental, unauthorised or unlawful processing and/or the Personal Data Breach to any Data Subjects, supervisory authoritiesthe Commissioner, other in-scope regulators, law enforcement agencies or others, as required by law or regulation or in Controllerthe Customer's discretion, including the contents and delivery method of the notice; and (b) whether to offer any type of remedy to affected Data Subjects, including the nature and extent of such remedy. 5.7 Processor 6.6 The Provider will cover all reasonable expenses associated with the performance of the obligations under clause 5.2 and 6.1 to clause 5.4 6.3 unless the matter arose from Controllerthe Customer's specific written instructions, negligence, wilful default or breach of this Agreement, in which case Controller the Customer will cover all reasonable expenses. 6.7 The Provider will also reimburse the Customer for actual reasonable expenses that the Customer incurs when responding to an incident of accidental, unauthorised or unlawful processing and/or a Personal Data Breach to the extent that the Provider caused such, including all costs of notice and any remedy as set out in Clause 6.5.

Personal Data Breach. 5.1 Processor 6.1 The Provider will promptly and without undue delay immediately notify Controller Chemonics in writing if any Personal Data is lost it becomes aware of:‌ (a) the loss, unintended destruction or destroyed or becomes damageddamage, corruptedcorruption, or unusableunusability of part or all of the Chemonics Personal Data. Processor The Provider will restore such Chemonics Personal Data at its own expenseexpense as soon as possible. 5.2 Processor will immediately and without undue delay notify Controller if it becomes aware of: (ab) any accidental, unauthorised or unlawful processing of the Chemonics Personal Data; or (bc) any Personal Data Breachpersonal data breach. 5.3 6.2 Where Processor the Provider becomes aware of (a), (b) and/or (bc) of clause 5.2above, it shallwill, without undue delay, also provide Controller Chemonics with the following written information: (a) description of the causes and nature of (a), (b) and/or (bc), including the categories of in-scope Chemonics Personal Data and approximate number of both Data Subjects data subjects and the Chemonics Personal Data records concerned; (b) the likely consequences; and (c) a description of the measures taken or proposed to be taken to address (a), (b) and/or (bc), including measures to mitigate its possible adverse effects. 5.4 6.3 Immediately following any accidental, unauthorised or unlawful Chemonics Personal Data processing or Personal Data Breachpersonal data breach, the parties will coordinate co-ordinate with each other to investigate the matter. Processor Further, the Provider will reasonably cooperate co-operate with Controller Chemonics at no additional cost to Chemonics, in Controller's Chemonics’ handling of the matter, including:including but not limited to:‌ (a) assisting with any investigation; (b) providing Controller Chemonics with physical access to any facilities and operations affected; (c) facilitating interviews with Processorthe Provider's employees, former employees and others involved in the mattermatter including, but not limited to, its officers and directors; (d) making available all relevant records, logs, files, data reporting and other materials required to comply with all Data Protection Legislation or as otherwise reasonably required by ControllerChemonics; and (e) taking reasonable and prompt steps to mitigate the effects and to minimise any damage resulting from the Personal Data Breach personal data breach or accidental, unauthorised or unlawful Chemonics Personal Data processing. 5.5 Processor 6.4 The Provider will not inform any third third-party of any accidental, unauthorised or unlawful processing of all or part of the Chemonics Personal Data Breach and/or a personal data breach without first obtaining Controller's prior Chemonics’ written consent, except when required to do so by domestic law. 5.6 Processor 6.5 The Provider agrees that Controller Chemonics has the sole right to determine: (a) whether to provide notice of the Personal Data Breach accidental, unauthorised or unlawful processing and/or the personal data breach to any Data Subjectsdata subjects, supervisory authoritiesthe Commissioner, other in-scope regulators, law enforcement agencies or others, as required by law or regulation or in Controller's Chemonics’ discretion, including the contents and delivery method of the notice; and (b) whether to offer any type of remedy to affected Data Subjectsdata subjects, including the nature and extent of such remedy. 5.7 Processor 6.6 The Provider will cover all reasonable expenses associated with the performance of the obligations under clause 5.2 and 6.1 to clause 5.4 6.3 unless the matter arose from Controller's Chemonics’ specific written instructions, negligence, wilful default or breach of this AgreementDPA, in which case Controller Chemonics will cover all reasonable expenses. 6.7 The Provider will also reimburse Chemonics for all expenses that Chemonics incurs when responding to an incident of accidental, unauthorised or unlawful processing and/or a personal data breach to the extent that the Provider caused such, including all costs of notice and any remedy as set out in clause 6.5.

Personal Data Breach. 5.1 Processor 6.1 The Provider will promptly immediately and in any event without undue delay notify Controller if any Personal Data is lost or destroyed or becomes damaged, corrupted, or unusable. Processor will restore such Personal Data at its own expense. 5.2 Processor will immediately and without undue delay notify Controller the Customer in writing if it becomes aware of: (a) of any accidental, unauthorised Personal Data Breach involving part or unlawful processing all of the Personal Data; or. (b) any 6.2 Where the Provider becomes aware of a Personal Data Breach. 5.3 Where Processor becomes aware of (a) and/or (b) of clause 5.2, it shallwill, without undue delay, also provide Controller the Customer with the following written information: (a) description of the causes and nature of (a) and/or (b)the breach, including the categories of in-scope Personal Data and approximate number of both Data Subjects and the Personal Data records concerned; (b) the likely consequences; and (c) a description of the measures taken or proposed to be taken to address (a) and/or (b)the breach, including measures to mitigate its possible adverse effects. 5.4 6.3 Immediately following any unauthorised or unlawful Personal Data processing or Personal Data Breach, the parties will coordinate co-ordinate with each other to investigate the matter. Processor Further, the Provider will reasonably cooperate co-operate with Controller the Customer at no additional cost to the Customer, in Controllerthe Customer's handling of the matter, includingincluding but not limited to: (a) assisting with any investigation; (b) providing Controller the Customer with physical access to any facilities and operations affected; (c) facilitating interviews with Processorthe Provider's employees, former employees and others involved in the mattermatter including, but not limited to, its officers and directors; (d) making available all relevant records, logs, files, data reporting and other materials required to comply with all Data Protection Legislation or as otherwise reasonably required by Controllerthe Customer; and (e) taking reasonable and prompt steps to mitigate the effects and to minimise any damage resulting from the Personal Data Breach or accidental, unauthorised or unlawful Personal Data processing. 5.5 Processor 6.4 The Provider will not inform any third third-party of any accidental, unauthorised or unlawful processing of all or part of the Personal Data and/or a Personal Data Breach without first obtaining Controllerthe Customer's prior written consent, except when required to do so by domestic or EU law. 5.6 Processor 6.5 The Provider agrees that Controller the Customer has the sole right to determine: (a) whether to provide notice of the accidental, unauthorised or unlawful processing and/or the Personal Data Breach to any Data Subjects, supervisory authoritiesthe Commissioner, other in-scope regulators, law enforcement agencies or others, as required by law or regulation or in Controllerthe Customer's discretion, including the contents and delivery method of the notice; and (b) whether to offer any type of remedy to affected Data Subjects, including the nature and extent of such remedy. 5.7 Processor 6.6 The Provider will cover all reasonable expenses associated with the performance of the obligations under clause 5.2 and clause 5.4 6.1 to 6.3 unless the matter arose from Controllerthe Customer's specific written instructions, negligence, wilful default or breach of this Agreement, in which case Controller the Customer will cover all reasonable expenses. 6.7 The Provider will also reimburse the Customer for actual reasonable expenses that the Customer incurs when responding to an incident of accidental, unauthorised or unlawful processing and/or a Personal Data Breach to the extent that the Provider caused such, including all costs of notice and any remedy as set out in 6.5.

Personal Data Breach. 5.1 Processor 6.1 Emspace will promptly promptly, and without undue delay in any event within 48 hours, notify Controller if any Personal Data is lost or destroyed or becomes damaged, corrupted, or unusable. Processor will restore such Personal Data at its own expense. 5.2 Processor will immediately and without undue delay notify Controller the Customer in writing if it becomes aware of: (a) the loss, unintended destruction or damage, corruption, or un-useability of part or all of the Personal Data. Emspace will restore as soon as possible such Personal Data at its own expense; (b) any accidental, unauthorised or unlawful processing of the Personal Data; or (bc) any Personal Data Breach. 5.3 6.2 Where Processor Emspace becomes aware of (a), (b) and/or (bc) of clause 5.2above, it shallwill, without undue delay, also provide Controller the Customer with the following written information: (a) description of the causes and nature of (a), (b) and/or (bc), including the categories of in-scope Personal Data and approximate number of both Data Subjects and the Personal Data records concerned; (b) the likely consequences; and (c) a description of the measures taken or proposed to be taken to address (a), (b) and/or (bc), including measures to mitigate its possible adverse effects. 5.4 6.3 Immediately after the Customer has been notified pursuant to clause 6.1, following any accidental, unauthorised or unlawful Personal Data processing or Personal Data Breach, the parties will coordinate co-ordinate with each other to investigate the matter. Processor Further, Emspace will reasonably cooperate co-operate with Controller the Customer in Controllerthe Customer's handling of the matter, includingincluding but not limited to: (a) assisting with any investigation; (b) providing Controller the Customer with physical access to any facilities and operations affected; (c) facilitating interviews with Processor's Emspace’s employees, former employees and others involved in the mattermatter including, but not limited to, its officers and directors; (d) making available all relevant records, logs, files, data reporting and other materials required to comply with all Data Protection Legislation or as otherwise reasonably required by Controllerthe Customer; and (e) taking reasonable and prompt steps to mitigate the effects and to minimise any damage resulting from the Personal Data Breach or accidental, unauthorised or unlawful Personal Data processing. 5.5 Processor 6.4 Emspace will not inform any third third-party of any accidental, unauthorised or unlawful processing of all or part of the Personal Data and/or a Personal Data Breach without first obtaining Controllerthe Customer's prior written consent, except when required to do so by domestic or EU law. 5.6 Processor 6.5 Emspace agrees that Controller the Customer has the sole right to determine: (a) determine whether to provide notice of the accidental, unauthorised or unlawful processing and/or the Personal Data Breach to any Data Subjects, supervisory authoritiesthe Commissioner, other in-scope regulators, law enforcement agencies or others, as required by law or regulation or in Controllerthe Customer's discretion, including the contents and delivery method of the notice; and (b) whether to . The Customer shall not offer any type of remedy to affected Data SubjectsSubjects without the prior written approval of Emspace, including the nature and extent of such remedyapproval not to be unreasonably withheld or delayed. 5.7 Processor 6.6 The Customer will cover all reasonable expenses and time costs associated with the performance of the Emspace’s obligations under clause 5.2 and clause 5.4 clauses 6.1 to 6.3 inclusive unless the matter arose from Controller's specific instructions, Emspace’s negligence, wilful default or breach of this Agreement, in which case Controller Emspace will cover all of its expenses and time costs. 6.7 Emspace will also reimburse the Customer for actual reasonable expensesexpenses that the Customer incurs when responding to an incident of accidental, unauthorised or unlawful processing and/or a Personal Data Breach to the extent that Emspace caused such an incident and/or Personal Data Breach, including all costs of notice and any remedy as set out in clause 6.5.

Personal Data Breach. 5.1 Processor 6.1 [PROCESSOR] will promptly and without undue delay notify Controller [CONTROLLER] if any Personal Data is lost or destroyed or becomes damaged, corrupted, or unusable. Processor [PROCESSOR] will restore such Personal Data at its own expense. 5.2 Processor 6.2 [PROCESSOR] will immediately and without undue delay as soon as reasonably practicable notify Controller [CONTROLLER] if it becomes aware of: (a) any accidental, unauthorised or unlawful processing of the Personal Data; or (b) any Personal Data Breach. 5.3 6.3 Where Processor [PROCESSOR] becomes aware of (a) and/or (b) of clause 5.2above, it shall, without undue delay, also provide Controller [CONTROLLER] with the following information: (a) description of the causes and nature of (a) and/or (b), including the categories and approximate number of both Data Subjects and Personal Data records concerned; (b) the likely consequences; and (c) description of the measures taken taken, or proposed to be taken to address (a) and/or (b), including measures to mitigate its possible adverse effects. 5.4 6.4 Immediately following any unauthorised or unlawful Personal Data processing or Personal Data Breach, the parties will coordinate co-ordinate with each other to investigate the matter. Processor [PROCESSOR] will reasonably cooperate co-operate with Controller [CONTROLLER] in Controller's [CONTROLLER]’s handling of the matter, including: (a) assisting with any investigation; (b) providing Controller [CONTROLLER] with physical access to any facilities and operations affected; (c) facilitating interviews with Processor's [PROCESSOR]’s employees, former employees and others involved in the matter; (d) making available all relevant records, logs, files, data reporting and other materials required to comply with all Data Protection Legislation or as otherwise reasonably required by Controller[CONTROLLER]; and (e) taking reasonable and prompt steps to mitigate the effects and to minimise any damage resulting from the Personal Data Breach or unlawful Personal Data processing. 5.5 Processor 6.5 [PROCESSOR] will not inform any third party of any Personal Data Breach without first obtaining Controller's [CONTROLLER]’s prior written consent, except when required to do so by law. 5.6 Processor 6.6 [PROCESSOR] agrees that Controller [CONTROLLER] has the sole right to determine: (a) whether to provide notice of the Personal Data Breach to any Data Subjects, supervisory authorities, regulators, law enforcement agencies or others, as required by law or regulation or in Controller's [CONTROLLER]’s discretion, including the contents and delivery method of the notice; and (b) whether to offer any type of remedy to affected Data Subjects, including the nature and extent of such remedy. 5.7 Processor 6.7 [PROCESSOR] will cover all reasonable expenses associated with the performance of the obligations under clause 5.2 6.2 and clause 5.4 6.4 unless the matter arose from Controller's [CONTROLLER]’s specific instructions, negligence, wilful default or breach of this Agreement, in which case Controller [CONTROLLER] will cover all reasonable expenses. 6.8 [PROCESSOR] will also reimburse [CONTROLLER] for actual reasonable expenses that [CONTROLLER] incurs when responding to a Personal Data Breach to the extent that [PROCESSOR] caused such a Personal Data Breach, including all costs of notice and any remedy as set out in clause 6.6.

Personal Data Breach. 5.1 6.1 The Processor will promptly and without undue delay immediately notify Controller the Controllers if any Personal Data is lost or destroyed or becomes damaged, corrupted, or unusable. The Processor will restore such Personal Data at its their own expense. 5.2 6.2 The Processor will immediately and without undue delay notify Controller the Controllers if it becomes they become aware of: (a) any accidental, unauthorised or unlawful processing of the Personal Data; or (b) any Personal Data Breach. 5.3 6.3 Where the Processor becomes aware of (a) and/or (b) of clause 5.2above, it shall, without undue delay, also provide Controller the Controllers with the following information: (a) 6.3.1 description of the causes and nature of (a) and/or (b), including the categories and approximate number of both Data Subjects and Personal Data records concerned; (b) 6.3.2 the likely consequences; and (c) 6.3.3 description of the measures taken or proposed to be taken to address (a) and/or (b), including measures to mitigate its possible adverse effects. 5.4 6.4 Immediately following any unauthorised or unlawful Personal Data processing or Personal Data Breach, the parties will coordinate co-ordinate with each other to investigate the matter. The Processor will reasonably cooperate co-operate with Controller the Controllers in Controller's the Controllers’ handling of the matter, including: (a) 6.4.1 assisting with any investigation; (b) 6.4.2 providing Controller the Controllers with physical access to any facilities and operations affected; (c) 6.4.3 facilitating interviews with the Processor's ’s employees, former employees and others involved in the matter; (d) 6.4.4 making available all relevant records, logs, files, data reporting and other materials required to comply with all Data Protection Legislation or as otherwise reasonably required by Controllerthe Controllers; and (e) 6.4.5 taking all reasonable and prompt steps to mitigate the effects and to minimise any damage resulting from the Personal Data Breach or unlawful Personal Data processing. 5.5 6.5 The Processor will not inform any third party of any Personal Data Breach without first obtaining Controller's the Controllers’ prior written consent, except when required to do so by law. 5.6 6.6 The Processor agrees that Controller has the Controllers have the sole right to determine: (a) 6.6.1 whether to provide notice of the Personal Data Breach to any Data Subjects, supervisory authorities, regulators, law enforcement agencies or others, as required by law or regulation or in Controller's the Controllers’ discretion, including the contents and delivery method of the notice; and (b) 6.6.2 whether to offer any type of remedy to affected Data Subjects, including the nature and extent of such remedy. 5.7 6.7 The Processor will cover all reasonable expenses associated with the performance of the obligations under clause 5.2 and clause 5.4 6.2 to 6.4 unless the matter arose from Controller's the Controllers’ specific instructions, negligence, wilful default or breach of this Agreement, in which case Controller the Controllers will cover all reasonable expenses. 6.8 The Processor will also reimburse the Controllers for actual reasonable expenses that the Controllers incurs when responding to a Personal Data Breach to the extent that the Processor caused such a Personal Data Breach, including all costs of notice and any remedy as set out in clause 6.6.

Personal Data Breach. 5.1 6.1 The Processor will promptly immediately and in any event without undue delay notify the Controller if any Personal Data is lost or destroyed or becomes damaged, corrupted, or unusable. Processor will restore such Personal Data at its own expense. 5.2 Processor will immediately and without undue delay notify Controller in writing if it becomes aware of: (a) the loss, unintended destruction or damage, corruption, or unusability of part or all of the Personal Data. (b) any accidental, unauthorised or unlawful processing of the Personal Data; or (bc) any Personal Data Breach. 5.3 6.2 Where the Processor becomes aware of (a), (b) and/or (bc) of clause 5.2above, it shallwill, without undue delay, also provide the Controller with the following written information: (a) description of the causes and nature of (a), (b) and/or (bc), including the categories of in-scope Personal Data and approximate number of both Data Subjects and the Personal Data records concerned; (b) the likely consequences; and (c) a description of the measures taken or proposed to be taken to address (a), (b) and/or (bc), including measures to mitigate its possible adverse effects. 5.4 6.3 Immediately following any accidental, unauthorised or unlawful Personal Data processing or Personal Data Breach, the parties will coordinate co-ordinate with each other to investigate the matter. Further, the Processor will reasonably cooperate co-operate with the Controller in the Controller's ’s handling of the matter, includingincluding but not limited to: (a) assisting with any investigation; (b) providing Controller with physical access to any facilities and operations affected; (c) facilitating interviews with the Processor's ’s employees, former employees and others involved in the mattermatter including, but not limited to, its officers and directors; (dc) making available all relevant records, logs, filesfiles, data reporting and other materials required to comply with all Data Protection Legislation or as otherwise reasonably required by the Controller; and (ed) taking reasonable and prompt steps to mitigate the effects and to minimise any damage resulting from the Personal Data Breach or accidental, unauthorised or unlawful Personal Data processing. 5.5 6.4 The Processor will not inform any third third-party (including the Supervisory Authority) of any accidental, unauthorised or unlawful processing of all or part of the Personal Data and/or a Personal Data Breach without first first obtaining the Controller's prior ’s written consent, except when required to do so by domestic or EU law. 5.6 6.5 The Processor agrees that the Controller has the sole right to determine: (a) whether to provide notice of the accidental, unauthorised or unlawful processing and/or the Personal Data Breach to any Data Subjects, supervisory authoritiesthe Supervisory Authority, other in-scope regulators, law enforcement agencies or others, as required by law or regulation or in the Controller's ’s discretion, including the contents and delivery method of the notice; and (b) whether to offer any type of remedy to affected Data Subjects, including the nature and extent of such remedy. 5.7 6.6 The Processor will cover all reasonable expenses associated with the performance of the obligations under clause 5.2 and clause 5.4 6.1 to 6.3 unless the matter arose from the Controller's specific ’s specific written instructions, negligence, wilful default or breach of this Agreement, in which case the Controller will cover all reasonable expenses. 6.7 The Processor will also reimburse the Controller for actual reasonable expenses that the Controller incurs when responding to an incident of accidental, unauthorised or unlawful processing and/or a Personal Data Breach to the extent that the Processor caused such.

Personal Data Breach. 5.1 Processor 6.1 The Provider will promptly immediately and in any event without undue delay notify Controller if any Personal Data is lost or destroyed or becomes damaged, corrupted, or unusable. Processor will restore such Personal Data at its own expense. 5.2 Processor will immediately and without undue delay notify Controller the Customer in writing to the registration email address if it becomes aware of: (a) the loss, unintended destruction or damage, corruption, or unusability of part or all of the Personal Data. The Provider will restore such Personal Data at its own expense as soon as possible. (b) any accidental, unauthorised or unlawful processing of the Personal Data; or (bc) any Personal Data Breach. 5.3 6.2 Where Processor the Provider becomes aware of (a), (b) and/or (bc) of clause 5.2above, it shallwill, without undue delay, also provide Controller the Customer with the following written information: (a) description of the causes and nature of (a), (b) and/or (bc), including the categories of in-scope Personal Data and approximate number of both Data Subjects and the Personal Data records concerned; (b) the likely consequences; and (c) a description of the measures taken or proposed to be taken to address (a), (b) and/or (bc), including measures to mitigate its possible adverse effects. 5.4 6.3 Immediately following any accidental, unauthorised or unlawful Personal Data processing or Personal Data Breach, the parties will coordinate co-ordinate with each other to investigate the matter. Processor Further, the Provider will reasonably cooperate co-operate with Controller the Customer at no additional cost to the Customer, in Controllerthe Customer's handling of the matter, includingincluding but not limited to: (a) assisting with any investigation; (b) providing Controller the Customer with physical access to any facilities and operations affected; (c) facilitating interviews with Processorthe Provider's employees, former employees and others involved in the mattermatter including, but not limited to, its officers and directors; (d) making available all relevant records, logs, files, data reporting and other materials required to comply with all Data Protection Legislation or as otherwise reasonably required by Controllerthe Customer; and (e) taking reasonable and prompt steps to mitigate the effects and to minimise any damage resulting from the Personal Data Breach or accidental, unauthorised or unlawful Personal Data processing. 5.5 Processor 6.4 The Provider will not inform any third third-party of any accidental, unauthorised or unlawful processing of all or part of the Personal Data and/or a Personal Data Breach without first obtaining Controllerthe Customer's prior written consent, except when required to do so by domestic or EU law. 5.6 Processor 6.5 The Provider agrees that Controller the Customer has the sole right to determine: (a) whether to provide notice of the accidental, unauthorised or unlawful processing and/or the Personal Data Breach to any Data Subjects, supervisory authoritiesthe Supervisory authority, other in-scope regulators, law enforcement agencies or others, as required by law or regulation or in Controllerthe Customer's discretion, including the contents and delivery method of the notice; and (b) whether to offer any type of remedy to affected Data Subjects, including the nature and extent of such remedy. 5.7 Processor 6.6 The Provider will cover all reasonable expenses associated with the performance of the obligations under clause 5.2 and 6.1 to clause 5.4 6.3 unless the matter arose from Controllerthe Customer's specific written instructions, negligence, wilful default or breach of this Agreement, in which case Controller the Customer will cover all reasonable expenses. 6.7 The Provider will also reimburse the Customer for actual reasonable expenses that the Customer incurs when responding to an incident of accidental, unauthorised or unlawful processing and/or a Personal Data Breach to the extent that the Provider caused such, including all costs of notice and any remedy as set out in Clause 6.5.

Personal Data Breach. 5.1 Processor 6.1 The Provider will promptly immediately and in any event without undue delay notify Controller Chemonics if any Personal Data is lost it becomes aware of:‌ (a) the loss, unintended destruction or destroyed or becomes damageddamage, corruptedcorruption, or unusableunusability of part or all of the Authority Personal Data. Processor The Provider will restore such Authority Personal Data at its own expense. 5.2 Processor will immediately and without undue delay notify Controller if it becomes aware of:expense as soon as possible; (ab) any accidental, unauthorised or unlawful processing of the Authority Personal Data; or (bc) any Personal Data Breachpersonal data breach. 5.3 6.2 Where Processor the Provider becomes aware of (a), (b) and/or (bc) of clause 5.2above, it shall, without undue delay, also provide Controller Chemonics with the following information: (a) description of the causes and nature of (a), (b) and/or (bc), including the categories of in-scope Authority Personal Data and approximate number of both Data Subjects data subjects and the Authority Personal Data records concerned; (b) the likely consequences; and (c) a description of the measures taken or proposed to be taken to address (a), (b) and/or (bc), including measures to mitigate its possible adverse effects. 5.4 6.3 Immediately following any accidental, unauthorised or unlawful Authority Personal Data processing or Personal Data Breachpersonal data breach, the parties will coordinate co-ordinate with each other to investigate the matter. Processor Further, the Provider will reasonably cooperate co- operate with Controller Chemonics and/or the Authority at no additional cost to Chemonics, in Controller's Chemonics’ handling of the matter, including:including but not limited to:‌ (a) assisting with any investigation; (b) providing Controller Chemonics and/or the Authority with physical access to any facilities and operations affected; (c) facilitating interviews with Processorthe Provider's employees, former employees and others involved in the mattermatter including, but not limited to, its officers and directors; (d) making available all relevant records, logs, files, data reporting and other materials required to comply with all Data Protection Legislation or as otherwise reasonably required by ControllerChemonics and/or the Authority; and (e) taking reasonable and prompt steps to mitigate the effects and to minimise any damage resulting from the Personal Data Breach personal data breach or accidental, unauthorised or unlawful Authority Personal Data processing. 5.5 Processor 6.4 The Provider will not inform any third party of any accidental, unauthorised or unlawful processing of all or part of the Authority Personal Data Breach and/or a personal data breach without first obtaining Controller's prior Chemonics’ written consent, except when required to do so by domestic law. 5.6 Processor 6.5 The Provider agrees that Controller has Chemonics and/or the Authority have the sole right to determine:determine:‌ (a) whether to provide notice of the Personal Data Breach accidental, unauthorised or unlawful processing and/or the personal data breach to any Data Subjectsdata subjects, supervisory authoritiesthe Commissioner, other in-scope regulators, law enforcement agencies or others, as required by law or regulation or in Controller's Chemonics’ and/or the Authority’s discretion, including the contents and delivery method of the notice; and (b) whether to offer any type of remedy to affected Data Subjectsdata subjects, including the nature and extent of such remedy. 5.7 Processor 6.6 The Provider will cover all reasonable expenses associated with the performance of the obligations under clause 5.2 and 6.1 to clause 5.4 6.3 unless the matter arose from ControllerChemonics’ and/or the Authority's specific written instructions, negligence, wilful default or breach of this AgreementDSPA, in which case Controller Chemonics will cover all reasonable expenses. 6.7 The Provider will also reimburse Chemonics for all expenses that Chemonics and/or the Authority incurs when responding to an incident of accidental, unauthorised or unlawful processing and/or a personal data breach to the extent that the Provider caused such, including all costs of notice and any remedy as set out in clause 6.5.