Personal Data Security Breaches Sample Clauses
Personal Data Security Breaches. (1) To the extent the Personal Data Security Breach is within HPES’ areas of control, HPES will: (a) take the actions required by Schedule 7 and Section 20.2(D); (b) assist and cooperate with HPI in HPI’s investigation of the Personal Data Security Breach, including by (i) providing HPI (or any third party designated by HPI) with access to any HPES Personnel to the extent such HPES Personnel have knowledge of any activities giving rise to or information related to the Personal Data Security Breach, (ii) providing HPI with physical access to the Service Locations and resources affected by the Personal Data Security Breach, (iii) facilitating interviews with HPES Personnel and others involved in the Personal Data Security Breach, and (iv) making available to HPI all relevant records, logs, files and data relating to the Personal Data Security Breach; (c) cooperate with HPI (as required by HPI) in any litigation or other formal action relating to the Personal Data Security Breach; (d) provide such information and assistance as is required to timely respond to or otherwise address any inquiry, access request, complaint, enforcement notice or similar action made by applicable data subjects; (e) cooperate with law enforcement or regulatory officials (as requested by HPI) in connection with any investigations or government actions relating to such Personal Data Security Breach; and (f) promptly take such measures as are reasonably necessary to prevent a recurrence of such Personal Data Security Breach (including as set forth in any HPI-approved remediation plan).
(2) HPI will have the sole right to determine (a) whether notice of a Personal Data Security Breach is to be provided to any individuals, Governmental Authorities, consumer reporting agencies or others (b) the contents of such notice, (c) whether any type of remediation may be offered to affected persons, and (d) the nature and extent of any such remediation. HPES will provide any such notices as directed by HPI.
(3) If the Personal Data Security Breach is caused by HPES’ acts or omissions, HPES will be responsible for (a) fines, penalties, interest and other amounts required to be paid by HPI under any Law or by Governmental Authority, or incurred to satisfy an order or directive of a Governmental Authority; and (b) expenses, liabilities, assessments and costs (including reasonable attorney’s fees and disbursements) incurred by HPI in connection with such Personal Data Security Breach, including: (i) ex...
Personal Data Security Breaches. Should the Service Provider become aware of a personal data security breach, defined according to the GDPR as a breach in security that causes the destruction, loss or accidental or illicit alteration of personal data transmitted, stored or processed in another way, or the non-authorised communication of or access to such data, affecting the personal data for which the the Data Controller is responsible, originating in the systems the Service Provider is responsible for managing, maintaining or administering, the Service Provider must notify the Customer of the security breach in line with the provisions set out in the current regulations. From the moment they become aware of the security breach, the Service Provider must adopt the necessary measure to remedy this, including, if necessary, measures to offset any potential negative consequences. Notwithstanding the foregoing, the Service Provider will execute any instructions they might receive from the Data Controller as quickly as possible. The notification referred to in the first section must: a) include the name of the Service Provider and contact details of the single point of contact designated by the Service Provider for the personal data security breach: b) describe the nature of the personal data security breach, including, where possible, the categories and approximate number of data subjects affected, and the categories and approximate number of personal data records affected; c) describe the possible consequences of the personal data security breach: d) describe the measures taken to remedy the breach, including, where appropriate, measures to mitigate any possible negative effects, as well as any incident ticket or tracking number assigned to the personal data security breach. In all cases, the Service Provider will implement and maintain a documented process of security incident management that will, at least, include the following information regarding potential personal data security breaches: identification, date of detection, category, prioritisation, scale, investigation and diagnosis, resolution, recovery and closure.