Report and incident Process Clause Samples

Report and incident Process. The goal of Processor’s Incident response will be to restore the confidentiality, integrity, and availability of the Services environment and the Personal Data that may be contained therein, and to establish root causes and remediation steps. Depending on the nature and scope of the Incident, Processor may also involve and work with Controller and outside law enforcement to respond to the Incident. To the extent Processor becomes aware and determines that an Incident qualifies as a breach of security leading to the misappropriation or accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed on Processor systems or the services environment that compromises the security, confidentiality or integrity of such Personal Data (“Personal Data Breach”), Processor will inform Controller of such Personal Data Breach without undue delay. Processor will take reasonable measures designed to identify the root cause(s) of the Personal Data Breach, mitigate any possible adverse effects and prevent a recurrence. As information regarding the Personal Data Breach is collected or otherwise reasonably becomes available to Processor and to the extent permitted by law, Processor will provide Controller with (i) a description of the nature and reasonably anticipated consequences of the Personal Data Breach; (ii) the measures taken to mitigate any possible adverse effects and prevent a recurrence; (iii) where possible, the categories of Personal Data and Data Subjects including an approximate number of Personal Data records and Data Subjects that were the subject of the Personal Data Breach; and (iv) other information concerning the Personal Data Breach reasonably known or available to Controller or that Controller may be required to disclose to a public Authority or affected Data Subject(s). Unless otherwise required under Applicable Data Protection Law, the parties agree to coordinate in good faith on developing the content of any related public statements or any required notices for the affected Data Subjects and/or notices to the relevant public Authorities. The initial report will be made to Data Controller’s security or privacy contact(s) designated in Cleafy’s customer support portal (or if no such contact(s) are designated, to the primary technical contact designated by Customer). As information is collected or otherwise becomes available, Data Processor shall provide without und...