Common use of Personal Data Breach Clause in Contracts

Personal Data Breach. 11.1 The Data Controller acknowledge and agree that the Data Processor shall not be deemed responsible for Personal Data Breach not imputable to the Data Processor’s negligence. 11.2 If the Data Processor becomes aware of a Personal Data Breach, it will: a) take appropriate actions to contain and mitigate such Personal Data Breach, including notifying the Data Controller, without undue delay, to enable the Data Controller to expeditiously implement its response program. Notwithstanding the above, the Data Processor reserves the right to determine the measures it will take to comply with Applicable Data Protection Laws or to protect its rights and interests; b) cooperate with the Data Controller to investigate: the nature, the categories and approximate number of Data Subjects concerned, the categories and approximate number of Personal Data records concerned and the likely consequences of any such Personal Data Breach in a manner which is commensurate with its seriousness and its overall impact on the Data Controller and the delivery of the Service under this DPA; c) where Applicable Data Protection Laws require notification to relevant Supervisory Authorities and impacted Data Subjects of such a Personal Data Breach, and as it relates to the Client Personal Data, defer to and take instructions from Data Controller, as Data Controller has the sole right to determine the measures that it will take to comply with Applicable Data Protection Laws or remediate any risk, including without limitation: i. whether notice is to be provided to any individuals, regulators, law enforcement agencies, consumer reporting agencies, or others as required Applicable Data Protection Laws, or in Data Controller's discretion; and ii. the contents of such notice, whether any type of remediation may be offered to affected Client Data Subjects, and the nature and extent of any such remediation.

Personal Data Breach. 11.1 The Data Controller Client acknowledge and agree that the Data Processor Swizzonic shall not be deemed responsible for Personal Data Breach not imputable to the Data ProcessorSwizzonic’s negligence. 11.2 If the Data Processor Swizzonic becomes aware of a Personal Data Breach, it will: a) take appropriate actions to contain and mitigate such Personal Data Breach, including notifying the Data ControllerClient, without undue delay, to enable the Data Controller Client to expeditiously implement its response program. Notwithstanding the above, the Data Processor Swizzonic reserves the right to determine the measures it will take to comply with Applicable Data Protection Laws or to protect its rights and interests; b) cooperate with the Data Controller Client to investigate: the nature, the categories and approximate number of Data Subjects concerned, the categories and approximate number of Personal Data records concerned and the likely consequences of any such Personal Data Breach in a manner which is commensurate with its seriousness and its overall impact on the Data Controller Client and the delivery of the Service under this DPA; c) where Applicable Data Protection Laws require notification to relevant Supervisory Authorities and impacted Data Subjects of such a Personal Data Breach, and as it relates to the Client Personal Data, defer to and take instructions from Data ControllerClient, as Data Controller Client has the sole right to determine the measures that it will take to comply with Applicable Data Protection Laws or remediate any risk, including without limitation: i. whether notice is to be provided to any individuals, regulators, law enforcement agencies, consumer reporting agencies, or others as required Applicable Data Protection Laws, or in Data ControllerClient's discretion; and ii. the contents of such notice, whether any type of remediation may be offered to affected Client Data Subjects, and the nature and extent of any such remediation.

Personal Data Breach. 11.1 The Data Controller acknowledge acknowledges and agree accepts that the Data Processor Sub-contractor shall not be deemed responsible held liable for Personal Data Breach Breaches that are not imputable attributable to the Data ProcessorSub-contractor’s negligence. 11.2 . If the Data Processor Sub-contractor of the data becomes aware of a Personal Data Breach, it will: a) he shall do as follows: ○ take the appropriate actions measures to contain limit and mitigate such Personal Data Breach, including in particular, by notifying the Data ControllerController as soon as possible, without undue delaybut under no circumstances more than twenty-four (24) hours after the Sub-contractor has become aware of this Personal Data Breach, to enable the Data Controller to expeditiously implement its response program. Notwithstanding the above, the Data Processor reserves the right to determine the measures it will take to comply with Applicable Data Protection Laws or to protect its rights and interests; b) promptly setup his program accordingly; ○ cooperate with the Data Controller to investigatedefine the following: the naturetype, the categories and approximate number of Data Subjects concernedSubjects, the categories and the approximate number of registrations of Personal Data records concerned made and the likely potential consequences of any such Personal Data Breach in a manner which is commensurate with order for the latter to be proportionate to its seriousness gravity and its overall global impact on the Data Controller and the delivery of service provision herein; When the Service under this DPA; c) where Applicable Personal Data Protection Laws require Regulations and/or any applicable regulation requires a notification to relevant the competent Supervisory Authorities and impacted the Data Subjects of such a Personal Data Breachinvolved, and insofar as it relates to the Client latter concerns the Data Controller’s Personal Data, the Sub-contractor shall defer to the latter and take the instructions from Data Controller, as the Data Controller has the sole right who, in its official capacity, is exclusively entitled to determine define the measures that it will take to be taken to comply with Applicable the Personal Data Protection Laws Regulations or remediate to remedy any risk, including without limitation: i. whether notice is to including, but not exhaustively: ○ if a notification must be provided to any individualsperson, regulatorsRegulatory body or statutory application body, law enforcement agenciesconsumption information agency or other, consumer reporting agenciessuch as required by the Personal Data Regulations, or others as required Applicable Data Protection Laws, or in at the Data Controller's ’s discretion; and ii. and ○ the contents content of such noticethis notification, whether any type of remediation if corrective measures may be offered to affected Client the Data Subjects, ’ relevant Data Controller and the nature type and extent of any such remediationthese corrective measures.

Personal Data Breach. 11.1 The Data Controller Client acknowledge and agree that the Data Processor Register shall not be deemed responsible for Personal Data Breach not imputable to the Data ProcessorRegister’s negligence. 11.2 If the Data Processor Register becomes aware of a Personal Data Breach, it will: a) take appropriate actions to contain and mitigate such Personal Data Breach, including notifying the Data ControllerClient, without undue delay, to enable the Data Controller Client to expeditiously implement its response program. Notwithstanding the above, the Data Processor Register reserves the right to determine the measures it will take to comply with Applicable Data Protection Laws or to protect its rights and interests; b) cooperate with the Data Controller Client to investigate: the nature, the categories and approximate number of Data Subjects concerned, the categories and approximate number of Personal Data records concerned and the likely consequences of any such Personal Data Breach in a manner which is commensurate with its seriousness and its overall impact on the Data Controller Client and the delivery of the Service under this DPA; c) where Applicable Data Protection Laws require notification to relevant Supervisory Authorities and impacted Data Subjects of such a Personal Data Breach, and as it relates to the Client Personal Data, defer to and take instructions from Data ControllerClient, as Data Controller Client has the sole right to determine the measures that it will take to comply with Applicable Data Protection Laws or remediate any risk, including without limitation: i. whether notice is to be provided to any individuals, regulators, law enforcement agencies, consumer reporting agencies, or others as required Applicable Data Protection Laws, or in Data ControllerClient's discretion; and ii. the contents of such notice, whether any type of remediation may be offered to affected Client Data Subjects, and the nature and extent of any such remediation.

Personal Data Breach. 11.1 The Data Controller acknowledge Client acknowledges and agree agrees that the Data Processor Register shall not be deemed responsible for Personal Data Breach not imputable to the Data ProcessorRegister’s negligence. 11.2 If the Data Processor Register becomes aware of a Personal Data Breach, it will: a) take appropriate actions to contain and mitigate such Personal Data Breach, including notifying the Data ControllerClient, without undue delay, to enable the Data Controller Client to expeditiously implement its response program. Notwithstanding the above, the Data Processor Register reserves the right to determine the measures it will take to comply with Applicable Data Protection Laws or to protect its rights and interests; b) cooperate with the Data Controller Client to investigate: the nature, the categories and approximate number of Data Subjects concerned, the categories and approximate number of Personal Data records concerned and the likely consequences of any such Personal Data Breach in a manner which is commensurate with its seriousness and its overall impact on the Data Controller Client and the delivery of the Service under this DPA; c) where Applicable Data Protection Laws require notification to relevant Supervisory Authorities and impacted Data Subjects of such a Personal Data Breach, and as it relates to the Client Personal Data, defer to and take instructions from Data ControllerClient, as Data Controller has the sole right to determine the measures that it will take to comply with Applicable Data Protection Laws or remediate any risk, including without limitation: i. whether notice is to be provided to any individuals, regulators, law enforcement agencies, consumer reporting agencies, or others as required Applicable Data Protection Laws, or in Data ControllerClient's discretion; and ii. the contents of such notice, whether any type of remediation may be offered to affected Client Data Subjects, and the nature and extent of any such remediation.

Personal Data Breach. 11.1 The Data Controller acknowledge Client acknowledges and agree agrees that the Data Processor Swizzonic shall not be deemed responsible for Personal Data Breach not imputable to the Data ProcessorSwizzonic’s negligence. 11.2 If the Data Processor Swizzonic becomes aware of a Personal Data Breach, it will: a) take appropriate actions to contain and mitigate such Personal Data Breach, including notifying the Data ControllerClient, without undue delay, to enable the Data Controller Client to expeditiously implement its response program. Notwithstanding the above, the Data Processor Swizzonic reserves the right to determine the measures it will take to comply with Applicable Data Protection Laws or to protect its rights and interests; b) cooperate with the Data Controller Client to investigate: the nature, the categories and approximate number of Data Subjects concerned, the categories and approximate number of Personal Data records concerned and the likely consequences of any such Personal Data Breach in a manner which is commensurate with its seriousness and its overall impact on the Data Controller Client and the delivery of the Service under this DPA; c) where Applicable Data Protection Laws require notification to relevant Supervisory Authorities and impacted Data Subjects of such a Personal Data Breach, and as it relates to the Client Personal Data, defer to and take instructions from Data ControllerClient, as Data Controller has the sole right to determine the measures that it will take to comply with Applicable Data Protection Laws or remediate any risk, including without limitation: i. whether notice is to be provided to any individuals, regulators, law enforcement agencies, consumer reporting agencies, or others as required Applicable Data Protection Laws, or in Data ControllerClient's discretion; and ii. the contents of such notice, whether any type of remediation may be offered to affected Client Data Subjects, and the nature and extent of any such remediation.

Personal Data Breach. 11.1 The Data Controller acknowledge and agree (a) If HotDeskPlus becomes aware, or believes or suspects, that the Data Processor shall not be deemed responsible for a Personal Data Breach not imputable has or may have occurred in relation to any Relevant Data, HotDeskPlus must: (i) immediately notify the Data Processor’s negligence. 11.2 If Customer in writing and provide the Data Processor becomes aware of a Customer with all known details relating to that actual or suspected Personal Data Breach, it will:; a(ii) take appropriate actions cooperate and comply with all reasonable directions of the Customer in relation to contain and mitigate such that actual or suspected Personal Data Breach, including notifying ; (iii) promptly take all reasonable steps to rectify or remedy that actual or suspected Personal Data Breach where possible; and (iv) cooperate with the Data Controller, without undue delay, to enable Customer in: (A) the Data Controller to expeditiously implement its response program. Notwithstanding resolution of any complaint alleging a breach of the above, the Data Processor reserves the right to determine the measures it will take to comply with Applicable Data Protection Laws or to protect its rights and interestsregarding the Relevant Data; b(B) cooperate with assisting the Data Controller Customer to investigate: meet their obligation under clause 11(b) of this Addendum to notify the nature, occurrence of the categories and approximate number of Data Subjects concerned, the categories and approximate number of Personal Data records concerned and the likely consequences of any such Personal Data Breach in that affects or relates to Relevant Data to the Supervisory Authority and to affected Data Subjects, but only where the Customer determines that such a manner which is commensurate with its seriousness and its overall impact on the Data Controller and the delivery of the Service under this DPA; c) where notification would be required by Applicable Data Protection Laws require notification Laws; and (C) any investigation by the Customer or the Supervisory Authority or other competent data privacy authorities relating to relevant Supervisory Authorities and impacted Data Subjects of such a the Personal Data Breach, and as it Breach that affects or relates to Relevant Data. (b) If the Client Customer determines that notification of the Personal Data, defer to and take instructions from Data Controller, as Data Controller has the sole right to determine the measures that it will take to comply with Applicable Data Protection Laws or remediate any risk, including without limitation: i. whether notice is to Breach would be provided to any individuals, regulators, law enforcement agencies, consumer reporting agencies, or others as required by Applicable Data Protection Laws, or the Customer will prepare a proposed statement in accordance with Applicable Data Controller's discretion; and ii. Protection Laws, obtain HotDeskPlus' written approval to that statement and the contents method of notification for issuing such notice, whether any type of remediation may be offered statement to affected Client Data Subjects, Subjects and the nature Supervisory Authority, and, when such written approval is received, issue the statement to affected individuals and extent the Supervisory Authority on behalf of any such remediationitself and HotDeskPlus.

Personal Data Breach. 11.1 The Data Controller acknowledge and agree that the Data Processor shall not be deemed responsible for Personal Data Breach not imputable to the Data Processor’s negligence. 11.2 If the Data Processor becomes aware of a Personal Data Breach, it will: a) take appropriate actions to contain and mitigate such Personal Data Breach, including notifying the Data Controller, Controller without undue delay, to enable the Data Controller to expeditiously implement its response program. Notwithstanding the above, the Data Processor reserves the right to determine the measures it will take to comply with Applicable Data Protection Laws or to protect its rights and interests; b) cooperate with the Data Controller to investigate: the nature, the categories and approximate number of Data Subjects concerned, the categories and approximate number of Personal Data records concerned and the likely consequences of any such Personal Data Breach in a manner which is commensurate with its seriousness and its overall impact on the Data Controller and the delivery of the Service under this DPA; c) where Applicable Data Protection Laws require notification to relevant Supervisory Authorities and impacted Data Subjects of such a Personal Data Breach, and as it relates to the Client Personal Data, defer to and take instructions from Data Controller, as Data Controller has the sole right to determine the measures that it will take to comply with Applicable Data Protection Laws or remediate any risk, including without limitation: i. whether notice is to be provided to any individuals, regulators, law enforcement agencies, consumer reporting agencies, or others as required Applicable Data Protection Laws, or in Data Controller's discretion; and ii. the contents of such notice, whether any type of remediation may be offered to affected Client Data Subjects, and the nature and extent of any such remediation.

Personal Data Breach. 11.1 The Data Controller acknowledge and agree that the Data Processor shall not be deemed responsible for 6.1. In respect of any Personal Data Breach not imputable or any suspected Personal Data Breach which is related to the Data Processor’s negligence.terms of this Agreement, the Provider shall: 11.2 If (a) notify Keyloop without undue delay and provide Keyloop with such details as it reasonably requires, including: i. a description of the Data Processor becomes aware nature of a the Personal Data Breach, it will: a) take appropriate actions to contain and mitigate such Breach or suspected Personal Data Breach, including notifying the categories and approximate numbers of Data ControllerSubjects and Personal Data records concerned; ii. the likely consequences of the Personal Data Breach or suspected Personal Data Breach; iii. a description of the measures taken or proposed to be taken to address the Personal Data Breach, including measures to mitigate its possible adverse effects. Where, and insofar as, it is not possible to provide all this information at the same time, the initial notification shall contain the information then available and further information shall, as it becomes available, subsequently be provided without undue delay. (b) restore any lost, to enable the destroyed, damaged, corrupted or unusable Personal Data Controller to expeditiously implement at its response programown expense as soon as possible. 6.2. Notwithstanding the aboveImmediately following any Personal Data Breach, the Data Processor reserves Parties shall co-ordinate with each other to investigate the right matter. The Provider shall reasonably co-operate with Keyloop (including the End Customer where applicable), in Keyloop’s handling of the matter, including but not limited to, where necessary: (a) assisting with the investigation and obtaining information required by Supervisory Authorities; (b) providing Keyloop with physical access to determine any facilities and operations affected; (c) facilitating interviews with the measures it will take Provider’s employees, former employees and others involved in the matter, including its officers and directors; (d) making available all relevant records, logs, files, data reporting and other materials required to comply with Applicable all Data Protection Laws or as otherwise reasonably required by Keyloop; and (e) taking reasonable and prompt steps to protect its rights mitigate the effects and interests; b) cooperate with to minimise any damage resulting from the Data Controller to investigate: the nature, the categories and approximate number of Data Subjects concerned, the categories and approximate number of Personal Data records concerned and the likely consequences Breach. 6.3. The Provider will not inform any third-party (including any Data Subject) of any such Personal Data Breach in a manner which is commensurate with its seriousness and its overall impact on the Data Controller and the delivery of the Service without first obtaining Keyloop's written consent except where required to do so under this DPA; c) where Applicable Data Protection Laws require notification to relevant Supervisory Authorities and impacted Data Subjects of such a Personal Data Breach, and as it relates to the Client Personal Data, defer to and take instructions from Data Controller, as Data Controller has the sole right to determine the measures that it will take to comply with Applicable any applicable Data Protection Laws or remediate any risk, including without limitation: i. where required to inform its advisors engaged with respect to the investigation or remediation of the Personal Data Breach or to inform its insurers. The Provider agrees that Keyloop (or the End Customer where applicable) has the sole responsibility for determining whether and how notice of the Personal Data Breach is to be provided to any individualsData Subjects or any Supervisory Authority, regulators, law enforcement agencies, consumer reporting agencies, or others as required Applicable Data Protection Laws, or in Data Controller's discretion; and ii. including the contents and delivery of such notice, whether any type of remediation may be offered to affected Client Data Subjects, and the nature and extent of any such remediation.

Personal Data Breach. 11.1 The 11.1. Data Controller acknowledge acknowledges and agree agrees that the Data Processor shall will not be deemed held responsible for any Personal Data Breach Breaches which are not imputable to the Data Processor’s negligencenegligence or wilful misconduct. 11.2 11.2. If the Data Processor becomes aware of a Personal Data Breach, it will: a) take appropriate actions to contain and mitigate such the Personal Data Breach, including notifying Data Controller as soon as possible, but in no event later than forty-eight (48) hours after Data Processor becomes aware of the Personal Data ControllerBreach, without undue delay, in order to enable the Data Controller to expeditiously implement its response programprogramme. Notwithstanding the above, the Data Processor reserves the right to determine the measures it will take to comply with the Applicable Data Protection Laws or to protect its own rights and interests; b) cooperate with the Data Controller to investigate: investigate the nature, categories and approximate number of affected Data Subjects, the categories and approximate number of Data Subjects concerned, the categories and approximate number of affected Personal Data records concerned and the likely consequences of any such the Personal Data Breach Breach, in a manner which is commensurate with its seriousness and its overall impact on the Data Controller and the delivery provision of the Service under this DPA; c) where the Applicable Data Protection Laws require notification that the Personal Data Breach be notified to relevant Supervisory Authorities and impacted affected Data Subjects of such a Personal Data Breach, and as it relates to the Client Personal DataSubjects, defer to and take instructions from Data Controller, as to the extent in which Client Personal Data is involved in the Personal Data Breach –Data Controller has the sole right is exclusively entitled to determine the measures that it will take to be taken in order to comply with the Applicable Data Protection Laws or to remediate any risk, including including, without limitation: i. whether notice is to be provided to any individuals, regulators, law enforcement agencies, consumer reporting agencies, or others others, as may be required by the Applicable Data Protection Laws, or in at Data Controller's discretion; and ii. the contents of such notice, whether any type of remediation may be offered to affected Client Data SubjectsSubjects under the Client’s responsibility, and the nature and extent of any such remediation.