Common use of PERSONAL DATA INCIDENT MANAGEMENT AND NOTIFICATION Clause in Contracts

PERSONAL DATA INCIDENT MANAGEMENT AND NOTIFICATION. Braze maintains security incident management policies and procedures specified in the Security, Privacy and Architecture Datasheet and shall notify Customer without undue delay after becoming aware of a Personal Data Breach. Braze shall provide information to Customer necessary to enable Customer to comply with its obligations under Data Protection Laws and Regulations in relation to such Personal Data Breach. The content of such communication to Customer will (i) include the nature of Processing and the information available to Braze, and (ii) take into account that under applicable Data Protection Laws and Regulations, Customer may need to notify regulators or individuals of the following: (a) a description of the nature of the Personal Data Breach including, where possible, the categories and approximate number of individuals concerned and the categories and approximate number of Personal Data records concerned; (b) a description of the likely consequences of the Personal Data Breach; and (c) a description of the measures taken or proposed to be taken to address the Personal Data Breach, including, where appropriate, measures to mitigate its possible adverse effects. As between the parties, Customer is responsible for any required notification to Data Subjects and/or regulators of a Personal Data Breach. Braze shall make commercially reasonable efforts, based on its expertise, to identify the cause of such Personal Data Breach and take those steps as Braze deems necessary and reasonable in order to remediate the cause of such Personal Data Breach to the extent the remediation is within Braze’s reasonable control. The obligation to remediate the cause of a Personal Data Breach shall not apply to Personal Data Breaches that are caused by Customer or Customer’s Dashboard Users.

PERSONAL DATA INCIDENT MANAGEMENT AND NOTIFICATION. Braze maintains security incident management policies and procedures specified in the Security, Privacy and Architecture Datasheet and shall notify Customer without undue delay after becoming aware of a Personal Data Breach. Braze shall provide information to Customer necessary to enable Customer to comply with its obligations under Data Protection Laws and Regulations in relation to such Personal Data Breach. The content of such communication to Customer will (i) include the nature of Processing and the information available to Braze, and (ii) take into account that under applicable Data Protection Laws and Regulations, Customer may need to notify regulators or individuals of the following: (a) a description of the nature of the Personal Data Breach including, where possible, the categories and approximate number of individuals concerned and the categories and approximate number of Personal Data records concerned; (b) a description of the likely consequences of the Personal Data Breach; and (c) a description of the measures taken or proposed to be taken to address the Personal Data Breach, including, where appropriate, measures to mitigate its possible adverse effects. As between the parties, Customer is responsible for any required notification to Data Subjects and/or regulators of a Personal Data Breach. Braze shall make commercially reasonable efforts, based on its expertise, to identify the cause of such Personal Data Breach and take those steps as Braze deems necessary and reasonable in order to remediate the cause of such Personal Data Breach to the extent the remediation is within Braze’s reasonable control. The obligation to remediate the cause of a Personal Data Breach shall not apply to Personal Data Breaches that are caused by Customer or Customer’s Dashboard Users.

PERSONAL DATA INCIDENT MANAGEMENT AND NOTIFICATION. Braze PassKit maintains security incident management policies and procedures specified in the Security, Privacy and Architecture Datasheet and shall notify Customer without undue delay after becoming aware of a Personal Data Breach. Braze PassKit shall provide information to Customer necessary to enable Customer to comply with its obligations under Data Protection Laws and Regulations in relation to such Personal Data Breach. The content of such communication to Customer will (i) include the nature of Processing and the information available to BrazePassKit, and (ii) take into account that under applicable Data Protection Laws and Regulations, Customer may need to notify regulators or individuals of the following: (a) a description of the nature of the Personal Data Breach including, where possible, the categories and approximate number of individuals concerned and the categories and approximate number of Personal Data records concerned; (b) a description of the likely consequences of the Personal Data Breach; and (c) a description of the measures taken or proposed to be taken to address the Personal Data Breach, including, where appropriate, measures to mitigate its possible adverse effects. As between the parties, Customer is responsible for any required notification to Data Subjects and/or regulators of a Personal Data Breach. Braze PassKit shall make commercially reasonable efforts, based on its expertise, efforts to identify the cause of such Personal Data Breach and take those steps as Braze PassKit deems necessary and reasonable in order to remediate the cause of such Personal Data Breach to the extent the remediation is within BrazePassKit’s reasonable control. The obligation to remediate the cause of a Personal Data Breach shall not apply to Personal Data Breaches that are caused by Customer or Customer’s Dashboard Users.

PERSONAL DATA INCIDENT MANAGEMENT AND NOTIFICATION. Braze maintains security incident management policies and procedures specified in the Security, Privacy and Architecture Datasheet and shall notify Customer without undue delay after becoming aware of a Personal Data Breach. Braze shall provide information to Customer necessary to enable Customer to comply with its obligations under Data Protection Laws and Regulations in relation to such Personal Data Breach. The content of such communication to Customer will (i) include the nature of Processing and the information available to Braze, and (ii) take into account that under applicable Data Protection Laws and Regulations, Customer may need to notify regulators or individuals of the following: (a) a description of the nature of the Personal Data Breach including, where possible, the categories and approximate number of individuals concerned and the categories and approximate number of Personal Data records concerned; (b) a description of the likely consequences of the Personal Data Breach; and (c) a description of the measures taken or proposed to be taken to address the Personal Data Breach, including, where appropriate, measures to mitigate its possible adverse effects. As between the parties, Customer is responsible for any required notification to Data Subjects and/or regulators of a Personal Data Breach. Braze shall make commercially reasonable efforts, based on its expertise, to identify the cause of such Personal Data Breach and take those steps as Braze deems necessary and reasonable in order to remediate the cause of such Personal Data Breach to the extent the remediation is within Braze’s reasonable control. The obligation to remediate the cause of a Personal Data Breach shall not apply to Personal Data Breaches that are caused by Customer or Customer’s Dashboard Users.

PERSONAL DATA INCIDENT MANAGEMENT AND NOTIFICATION. Braze Loopy Loyalty maintains security incident management policies and procedures specified in the Security, Privacy and Architecture Datasheet and shall notify Customer without undue delay after becoming aware of a Personal Data Breach. Braze Loopy Loyalty shall provide information to Customer necessary to enable Customer to comply with its obligations under Data Protection Laws and Regulations in relation to such Personal Data Breach. The content of such communication to Customer will (i) include the nature of Processing and the information available to BrazeLoopy Loyalty, and (ii) take into account that under applicable Data Protection Laws and Regulations, Customer may need to notify regulators or individuals of the following: (a) a description of the nature of the Personal Data Breach including, where possible, the categories and approximate number of individuals concerned and the categories and approximate number of Personal Data records concerned; (b) a description of the likely consequences of the Personal Data Breach; and (c) a description of the measures taken or proposed to be taken to address the Personal Data Breach, including, where appropriate, measures to mitigate its possible adverse effects. As between the parties, Customer is responsible for any required notification to Data Subjects and/or regulators of a Personal Data Breach. Braze Loopy Loyalty shall make commercially reasonable efforts, based on its expertise, efforts to identify the cause of such Personal Data Breach and take those steps as Braze Loopy Loyalty deems necessary and reasonable in order to remediate the cause of such Personal Data Breach to the extent the remediation is within BrazeLoopy Loyalty’s reasonable control. The obligation to remediate the cause of a Personal Data Breach shall not apply to Personal Data Breaches that are caused by Customer or Customer’s Dashboard Users.