Reporting of Data Breaches Sample Clauses

Reporting of Data Breaches. 9 .1 IDEXX shall maintain adequate procedures designed to detect and respond to all Data Breaches in accordance with the applicable law. 9 .2 The obligation of IDEXX to notify Customer of a Data Breach and to take action in relation to a Data Breach does not lead to an acknowledgment of any defect or liability on the side of IDEXX in relation to that Data Breach. 9 .3 As soon as IDEXX detects a Data Breach of which Customer was not yet informed, IDEXX shall inform Customer without undue delay thereof in a manner determined by IDEXX. IDEXX shall inform the Customer contact provided by Customer in connection with the services. 9 .4 When Customer itself is aware of a Data Breach relevant for the provision of the Services by IDEXX, Customer shall inform IDEXX without undue delay thereof, including which measures have been or will be taken by Customer. 9 .5 Upon detection of a Data Breach by IDEXX, IDEXX shall provide all reasonable feedback to Customer about the possible impact of the Data Breach on Customer and the affected Data Subjects. The feedback includes a description of the nature and extent of the Data Breach, the measures planned and already taken to prevent damage. 9 .6 On request of Customer, IDEXX will also provide reasonably needed assistance in composing the relevant documentation in relation to the Data Breach. Customer will however remain responsible for the obligation to keep an internal overview of Data Breaches that have occurred. 9 .7 If Customer requests IDEXX to inform the affected Data Subject(s) and/or the competent Governmental Authority on the Data Breach, IDEXX shall only do so upon receiving a written and full instruction of Customer. This does not lead to any responsibility or liability for IDEXX in relation to the (notification of) the Data Breach. 10. 1 Customer may at its own expenses and upon prior consultation with IDEXX perform an audit on the Data Processing System to examine whether the reasonable technical and organizational security measures that have been taken in relation to the Personal Data processed in the context of this Data Protection Agreement are in line with the measures described in article 8. 10. 2 IDEXX shall make available to Customer all information reasonably necessary to demonstrate compliance with Customer's obligations to conclude a data processing agreement in line with the relevant requirements in this respect under the applicable law, and allow for and contribute to audits, including inspections, c...
Sample 1Sample 2See All (4)
AutoNDA by SimpleDocs
Reporting of Data Breaches. 4.1 As soon as a party detects a Personal Data Breach or reasonably suspects that a Personal Data Breach has occurred or could occur, such party shall immediately, in any case within forty-eight (48) hours after detection or suspicion of a Personal Data Breach, notify the contact person of each of the other parties referred to in the Schedule. The party who has detected or suspects a Personal Data Breach will provide all reasonably necessary or requested information, documentation and assistance, enabling the other parties to (i) notify, if applicable, the (possibly) affected Data Subjects and/or the competent governmental authorities in a timely manner and (ii) prove compliance with their data breach notification duties in accordance with the General Data Protection Regulation. 4.2 A Personal Data Breach includes the situation that the CBC or the Security Trustee has access to the Personal Data before the Personal Data have been released by the Agent (as defined in the Deposit Agreement) to either the CBC and/or the Security Trustee in line with the Servicing Agreement and the Deposit Agreement.
Sample 1Sample 2See All (4)
Reporting of Data Breaches. 6.1 Data Deliverer shall maintain adequate procedures designed to detect and respond to any Data Breaches, including procedures for preventive and corrective actions, and also to avoid recurrence of any Data Breaches. These procedures have been established in such a manner that both Parties will be able to meet their notification and documentation duties in relation to Data Breaches under the Applicable Law. 6.2 As soon as Data Deliverer detects a Data Breach or reasonably suspects that there has been a Data Breach, it shall notify Erasmus MC as soon as possible, and in any case within 24 hours upon detection or suspicion of the Data Breach. Data Deliverer shall notify Erasmus MC by e- mail and by telephone to the (back-up) contact person(s) of Erasmus MC referred to in Schedule B. 6.3 Parties shall provide each other with all reasonable assistance and shall share with each other all necessary or by the other Party requested information, so that either Party will be able to notify, if applicable, their Data Subject(s) that was (were) (possibly) affected and/or the competent governmental authorities, of the Data Breach in a timely manner and to prove compliance with their Data Breach notification duties in accordance with the Applicable Law. Parties shall enable each other to prove compliance with the Applicable Law in relation to either Party's Data Breach notification duties. Parties will consult each other on how and when the Data Subjects will be notified in a timely manner, if applicable, in accordance with the Applicable Law.
Sample 1
Reporting of Data Breaches a. The Processor will have procedures in place aimed at ensuring the reasonable detection of security incidents and data breaches and taking action in response, including remedial measures. b. In order to enable the Controller to fulfil its notification obligations, the Processor notifies the Controller of any breach of security within 24 hours. Reports include: i. the nature of the breach and, where possible, the categories of data subjects and personal data records concerned and the approximate number of data subjects and personal data records concerned; ii. the name and contact details of the Processor's data protection officer or another point of contact where further information can be obtained concerning the breach; iii. the likely consequences of the personal data breach; iv. the measures for addressing the personal data breach, including, where appropriate, the measures to mitigate its possible adverse effects. c. With regard to every breach as referred to under 9a, the Processor will ensure that it provides the Controller with all cooperation that might reasonably be expected from the Processor, including the provision of sufficient information and support relating to investigations by the supervisory authority: i. in order to rectify and investigate the breach and prevent future breaches; ii. in order to limit the impact of the breach on the privacy of data subjects; and/or iii. in order to limit the damage incurred by the Controller as a result of the breach. d. The Processor documents any personal data breaches, including the facts concerning the personal data breach, the consequences of it and any remedial measures taken. The Processor provides this documentation to the Controller as soon as it is requested following the format as is presented in Appendix D. e. Unless legally required to do so, the Processor will not notify the supervisory authority and/or data subjects of a security breach without prior written permission from the Controller.
Sample 1
Reporting of Data Breaches. 4.1. Parties are and remain independently responsible for reporting any data breaches that take place under their responsibility to the Personal Data Authority and/or the data subjects. A data breach is defined as: a security incident leading to the accidental or unlawful destruction, loss or alteration of Data or the unauthorized disclosure of or access to Data that have been transmitted, stored or otherwise processed within the meaning of Article 4 (12) of the GDPR. 4.2. The Institution is, without prejudice to the other obligations set out in this Article, obliged to reverse or minimize any negative consequences arising from a data breach as promptly as possible. 4.3. Parties will notify each other of an identified data breach relating to the data as mentioned under Article 4.1 within 24 hours of discovery. The Party nominated as data controller within the meaning of the GDPR is responsible, in conformity with the provisions of the GDPR, for deciding whether and how the Personal Data Authority and the data subjects must be informed. If the data subjects must be informed, Parties will discuss the best way to proceed with each other. Parties will assist each other to the best of their ability in this connection and will share all relevant information.
Sample 1
Reporting of Data Breaches. If the Supplier becomes aware of a data breach, the Supplier must inform the Customer without undue delay and in accordance with Applicable Data Protection Legislation. If the Customer is in breach of Applicable Data Protection Legislation and does not inform the data subjects of a data breach and the Data Protection Authority instructs the Supplier to correct the defect, the Supplier is entitled to compensation for any costs related to following the Data Protection Authority’s decision.
Sample 1
Reporting of Data Breaches. 6. 1 Notwithstanding its other obligations under the Agreement and this Data Processing Agreement, the Contractor shall maintain adequate procedures designed to detect and respond to all Data Breaches, including procedures for preventive and corrective actions, and also to avoid recurrence of any Data Breaches that occurred. These procedures have been established by the Contractor in such a manner that both the Client and the Contractor will be able to live up with their notification duties in relation to Data Breaches under the Applicable Law. 6. 2 As soon as the Contractor detects a Data Breach or reasonably suspects that a Data Breach has occurred, the Contractor shall without undue delay, in any case within 24 hours upon detection or suspicion of a Data Breach notify the Client by a direct phone call to the (backup) contact person of the Client referred to in Annex B. The Contractor shall furthermore immediately, in any case also within 24 hours upon the detection or suspicion of a Data Breach, report and/or confirm the Data Breach and provide the details of the Data Breach by email to the Client using the (backup) email addresses as indicated in Annex B as well. Should the Contractor not reach the Client immediately, then the Contractor will use all reasonable efforts to find a way of communication to contact the Client directly. 6. 3 The Contractor will see to it that the contact person and/or the backups on behalf of the Contractor mentioned in Annex B remain(s) fully at the disposal of the Client for the handling of and reporting on the Security Breach, until other (back up) contact persons have been agreed upon between Parties in writing. 6. 4 Upon discovery of a Data Breach, the Contractor shall provide reasonable feedback to the Client and provide support to the Client and the (possibly) affected Data Subjects. The feedback and support should include at least: a) a description of the nature and the scope of the Data Breach, an estimation of the amount of Data Subjects (possibly) affected and an indication of the types of the Personal Data concerned and whether or not such Personal Data was encrypted, or otherwise secured or made unintelligible or inaccessible; b) a description of the preventive and corrective measures taken and to be taken, planned and recommended to minimize possible harm, including an emergency plan, and the expected resolution and work-around time;
Sample 1
AutoNDA by SimpleDocs

Related to Reporting of Data Breaches

  • Data Breaches 4.1 The Data Processor does not guarantee that its security measures will be effective under all conditions. If the Data Processor discovers a data breach within the meaning of Article

  • Data Breach In the event of an unauthorized release, disclosure or acquisition of Student Data that compromises the security, confidentiality or integrity of the Student Data maintained by the Provider the Provider shall provide notification to LEA within seventy-two (72) hours of confirmation of the incident, unless notification within this time limit would disrupt investigation of the incident by law enforcement. In such an event, notification shall be made within a reasonable time after the incident. Provider shall follow the following process: (1) The security breach notification described above shall include, at a minimum, the following information to the extent known by the Provider and as it becomes available: i. The name and contact information of the reporting LEA subject to this section. ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice. iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided; and v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided. (2) Provider agrees to adhere to all federal and state requirements with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach. (3) Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a summary of said written incident response plan. (4) LEA shall provide notice and facts surrounding the breach to the affected students, parents or guardians. (5) In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with XXX to the extent necessary to expeditiously secure Student Data.

  • Reporting of Non-Force Majeure Events Each Party (the “Notifying Party”) shall notify the other Parties when the Notifying Party becomes aware of its inability to comply with the provisions of this Agreement for a reason other than a Force Majeure event. The Parties agree to cooperate with each other and provide necessary information regarding such inability to comply, including the date, duration, reason for the inability to comply, and corrective actions taken or planned to be taken with respect to such inability to comply. Notwithstanding the foregoing, notification, cooperation or information provided under this Article shall not entitle the Party receiving such notification to allege a cause for anticipatory breach of this Agreement.

  • Privacy of Customer Information Company Customer Information in the possession of the Agent, other than information independently obtained by the Agent and not derived in any manner from or using information obtained under or in connection with this Agreement, is and shall remain confidential and proprietary information of the Companies. Except in accordance with this Section 10.10, the Agent shall not use any Company Customer Information for any purpose, including the marketing of products or services to, or the solicitation of business from, Customers, or disclose any Company Customer Information to any Person, including any of the Agent’s employees, agents or contractors or any third party not affiliated with the Agent. The Agent may use or disclose Company Customer Information only to the extent necessary (i) for examination and audit of the Agent’s activities, books and records by the Agent’s regulatory authorities, (ii) to protect or exercise the Agent’s, the Custodian’s and the Lenders’ rights and privileges or (iii) to carry out the Agent’s, the Custodian’s and the Lenders’ express obligations under this Agreement and the other Facilities Papers (including providing Company Customer Information to Approved Investors), and for no other purpose; provided that the Agent may also use and disclose the Company Customer Information as expressly permitted by the relevant Company in writing, to the extent that such express permission is in accordance with the Privacy Requirements. The Agent shall take commercially reasonable steps to ensure that each Person to which the Agent intends to disclose Company Customer Information, before any such disclosure of information, agrees to keep confidential any such Company Customer Information and to use or disclose such Company Customer Information only to the extent necessary to protect or exercise the Agent’s, the Custodian’s and the Lenders’ rights and privileges, or to carry out the Agent’s, the Custodian’s and the Lenders’ express obligations, under this Agreement and the other Facilities Papers (including providing Company Customer Information to Approved Investors). The Agent agrees to maintain an Information Security Program and to assess, manage and control risks relating to the security and confidentiality of Company Customer Information pursuant to such program in the same manner as the Agent does so in respect of their own customers’ information, and shall implement the standards relating to such risks in the manner set forth in the Interagency Guidelines Establishing Standards for Safeguarding Company Customer Information set forth in 12 CFR Parts 30, 208, 211, 225, 263, 308, 364, 568 and 570. Without limiting the scope of the foregoing sentence, the Agent shall use at least the same physical and other security measures to protect all Company Customer Information in the Agent’s possession or control as the Agent uses for their own customers’ confidential and proprietary information.

  • Privacy Statement The Parties agree to keep all information related to the signing and fulfillment of this Agreement confidential, and not to disclose it to any third parties, except for subcontractors involved in this agreement, unless prior written consent is obtained from the other Party. Should subcontractors be engaged under this agreement, they are required to adhere to its terms and conditions.

  • Safeguarding Customer Information The Servicer has implemented and will maintain security measures designed to meet the objectives of the Interagency Guidelines Establishing Standards for Safeguarding Customer Information published in final form on February 1, 2001, 66 Fed. Reg. 8616 and the rules promulgated thereunder, as amended from time to time (the “Guidelines”). The Servicer shall promptly provide the Master Servicer, the Trustee and the NIMS Insurer information reasonably available to it regarding such security measures upon the reasonable request of the Master Servicer, the Trustee and the NIMS Insurer which information shall include, but not be limited to, any Statement on Auditing Standards (SAS) No. 70 report covering the Servicer’s operations, and any other audit reports, summaries of test results or equivalent measures taken by the Servicer with respect to its security measures to the extent reasonably necessary in order for the Seller to satisfy its obligations under the Guidelines.

  • Marking of Data Pursuant to Paragraph A above, any Data delivered under this Agreement shall be marked with the following legend: Use, duplication, or disclosure is subject to the restrictions as stated in Agreement HR0011-XX-9-XXXX between the Government and the Performer.

  • Customer Information CPNI of a Customer and any other non-public, individually identifiable information about a Customer or the purchase by a Customer of the services or products of a Party.

  • HANDLING OF CONFIDENTIAL INFORMATION The Company agrees to undertake the following in relation to IHiS’ Confidential Information: to maintain the same in confidence and to use it only for the Purpose and for no other purpose; not to make any commercial use thereof; not to use the same for the benefit of itself or of any third party other than pursuant to a further agreement with IHiS; not to use the same for the purpose of guiding or conducting a search of any information, materials or sources, whether or not available to the public, for any purpose whatsoever, including without limitation, for the purpose of demonstrating that any information falls within one of the exceptions in Clause 1.1(b); not to copy, reproduce, reverse engineer or reduce to writing any part thereof except as may be reasonably necessary for the Purpose and that any copies, reproductions or reductions to writing so made shall be the property of IHiS; not to disclose the Confidential Information whether to its employees or to third parties except in confidence to such of its Representatives who have been informed of the confidential nature thereof and who need to know the same for the Purpose and that: such Representatives are contractually obliged (whether by their contracts of employment or service, or otherwise) not to disclose the same or to use the same otherwise than for the Purpose; and the Company shall enforce such obligations at its expense, and to such extent as may be required by IHiS, in the event of a breach thereof that relates to IHiS' Confidential Information; to ensure the compliance to this NDA (including sub-clauses (a) to (f) above) on the part of its Representatives to whom Confidential Information is disclosed; and to apply to the Confidential Information no lesser security measures and degree of care than those which the Company applies to its own confidential or proprietary information of similar nature, but in no event less than reasonable care, and which the Company warrants as being adequate protection of such information from unauthorised disclosure, copying or use. The Company, as the principal party, shall be responsible and held liable for any breach of this NDA by any of its Representatives. If the Company is uncertain as to whether any information is Confidential Information, the Company shall treat the information as if it was Confidential Information, unless otherwise agreed by IHiS in writing. The Company shall immediately notify IHiS of any unauthorised disclosure or use of the Confidential Information of which the Company becomes aware and will take all steps which IHiS may require in relation to such unauthorised disclosure or use, or to prevent further unauthorised disclosure or use. Notwithstanding the foregoing, the Company shall be entitled to make any disclosure of the Confidential Information as required by law, but shall give IHiS not less than TWO (2) business days' notice of such disclosure and shall consult with IHiS prior to such disclosure with a view to avoiding such disclosure, if legally possible.

  • Data Disclosure Under Minnesota Statute § 270C.65, Subdivision 3 and other applicable law, the Contractor consents to disclosure of its social security number, federal employer tax identification number, and/or Minnesota tax identification number, already provided to the State, to federal and state agencies and state personnel involved in the payment of state obligations. These identification numbers may be used in the enforcement of federal and state laws which could result in action requiring the Contractor to file state tax returns, pay delinquent state tax liabilities, if any, or pay other state liabilities.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!