Duration of Processing The Parties will Process Shared Personal Data during the Term of the underlying RRA to which this this Data Processing Addendum is applicable, but will abide by the terms of this Data Processing Addendum for the duration of the Processing if in excess of that term, and unless otherwise agreed upon in writing.
Scope of Processing The subject-matter of Processing of Personal Data by Okta is the performance of the Service pursuant to the Agreement. The duration of the Processing, the nature and purpose of the Processing, the types of Personal Data and categories of Data Subjects Processed under this DPA are further specified in Appendix 1 to this DPA.
Details of Processing 3.1. For details of how personal data is processed under this Agreement, please register to see our "GDPR Portal" at xxxxx://xxxxxx- xxxxxxx.xxxxx.xxx/Xxxxxxx/x/xxxx-xxx. You may also request a copy of the Product Fact Sheet from Your Access Account Manager.
Description of Processing Include a description of how the disclosed information will be processed by each receiving party.
Incident Notice and Remediation If Contractor becomes aware of any Incident, it shall notify the State immediately and cooperate with the State regarding recovery, remediation, and the necessity to involve law enforcement, as determined by the State. Unless Contractor can establish that none of Contractor or any of its agents, employees, assigns or Subcontractors are the cause or source of the Incident, Contractor shall be responsible for the cost of notifying each person who may have been impacted by the Incident. After an Incident, Contractor shall take steps to reduce the risk of incurring a similar type of Incident in the future as directed by the State, which may include, but is not limited to, developing and implementing a remediation plan that is approved by the State at no additional cost to the State.
Records of Processing Activities 6.1 The Data Processor shall keep records of all categories of processing activities performed on behalf of the Data Controller. Records of Processing activities shall include at least the following:
Security of processing (a) The data importer and, during transmission, also the data exporter shall implement appropriate technical and organisational measures to ensure the security of the data, including protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to that data (hereinafter ‘personal data breach’). In assessing the appropriate level of security, the Parties shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subjects. The Parties shall in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner. In case of pseudonymisation, the additional information for attributing the personal data to a specific data subject shall, where possible, remain under the exclusive control of the data exporter. In complying with its obligations under this paragraph, the data importer shall at least implement the technical and organisational measures specified in Annex II. The data importer shall carry out regular checks to ensure that these measures continue to provide an appropriate level of security.
Purpose of Processing The purpose of the data Processing is the provision of the Services pursuant to this Agreement.
Review by the Association of Procurement Decisions The Procurement Plan shall set forth those contracts which shall be subject to the Association’s Prior Review. All other contracts shall be subject to Post Review by the Association.
Response/Compliance with Audit or Inspection Findings A. Grantee must act to ensure its and its Subcontractors’ compliance with all corrections necessary to address any finding of noncompliance with any law, regulation, audit requirement, or generally accepted accounting principle, or any other deficiency identified in any audit, review, or inspection of the Contract and the services and Deliverables provided. Any such correction will be at Grantee’s or its Subcontractor's sole expense. Whether Xxxxxxx's action corrects the noncompliance shall be solely the decision of the System Agency.
