Common use of Reporting of Data Breaches Clause in Contracts

Reporting of Data Breaches. 9 .1 IDEXX shall maintain adequate procedures designed to detect and respond to all Data Breaches in accordance with the applicable law. 9 .2 The obligation of IDEXX to notify Customer of a Data Breach and to take action in relation to a Data Breach does not lead to an acknowledgment of any defect or liability on the side of IDEXX in relation to that Data Breach. 9 .3 As soon as IDEXX detects a Data Breach of which Customer was not yet informed, IDEXX shall inform Customer without undue delay thereof in a manner determined by IDEXX. IDEXX shall inform the Customer contact provided by Customer in connection with the services. 9 .4 When Customer itself is aware of a Data Breach relevant for the provision of the Services by IDEXX, Customer shall inform IDEXX without undue delay thereof, including which measures have been or will be taken by Customer. 9 .5 Upon detection of a Data Breach by IDEXX, IDEXX shall provide all reasonable feedback to Customer about the possible impact of the Data Breach on Customer and the affected Data Subjects. The feedback includes a description of the nature and extent of the Data Breach, the measures planned and already taken to prevent damage. 9 .6 On request of Customer, IDEXX will also provide reasonably needed assistance in composing the relevant documentation in relation to the Data Breach. Customer will however remain responsible for the obligation to keep an internal overview of Data Breaches that have occurred. 9 .7 If Customer requests IDEXX to inform the affected Data Subject(s) and/or the competent Governmental Authority on the Data Breach, IDEXX shall only do so upon receiving a written and full instruction of Customer. This does not lead to any responsibility or liability for IDEXX in relation to the (notification of) the Data Breach. 10. 1 Customer may at its own expenses and upon prior consultation with IDEXX perform an audit on the Data Processing System to examine whether the reasonable technical and organizational security measures that have been taken in relation to the Personal Data processed in the context of this Data Protection Agreement are in line with the measures described in article 8. 10. 2 IDEXX shall make available to Customer all information reasonably necessary to demonstrate compliance with Customer's obligations to conclude a data processing agreement in line with the relevant requirements in this respect under the applicable law, and allow for and contribute to audits, including inspections, conducted by Customer or an auditor mandated by Customer. In consultation with IDEXX, Customer may engage a third party (expert) to perform its audit rights, provided that such third party will be bound by a confidentiality obligation. 10. 3 The execution of an audit by Customer or on behalf of Customer shall not cause any delay in the business activities of IDEXX or any of its subcontractors.

Reporting of Data Breaches. 9 .1 9.1 IDEXX shall maintain adequate procedures designed to detect and respond to all Data Breaches in accordance with the applicable law. 9 .2 9.2 The obligation of IDEXX to notify Customer of a Data Breach and to take action in relation to a Data Breach does not lead to an acknowledgment of any defect or liability on the side of IDEXX in relation to that Data Breach. 9 .3 9.3 As soon as IDEXX detects a Data Breach of which Customer was not yet informed, IDEXX shall inform Customer without undue delay thereof in a manner determined by IDEXX. IDEXX shall inform the Customer contact provided by Customer in connection with the services. 9 .4 9.4 When Customer itself is aware of a Data Breach relevant for the provision of the Services by IDEXX, Customer shall inform IDEXX without undue delay thereof, including which measures have been or will be taken by Customer. 9 .5 9.5 Upon detection of a Data Breach by IDEXX, IDEXX shall provide all reasonable feedback to Customer about the possible impact of the Data Breach on Customer and the affected Data Subjects. The feedback includes a description of the nature and extent of the Data Breach, the measures planned and already taken to prevent damage. 9 .6 9.6 On request of Customer, IDEXX will also provide reasonably needed assistance in composing the relevant documentation in relation to the Data Breach. Customer will however remain responsible for the obligation to keep an internal overview of Data Breaches that have occurred. 9 .7 9.7 If Customer requests IDEXX to inform the affected Data Subject(s) and/or the competent Governmental Authority on the Data Breach, IDEXX shall only do so upon receiving a written and full instruction of Customer. This does not lead to any responsibility or liability for IDEXX in relation to the (notification of) the Data Breach. 10. 1 Customer may at its own expenses and upon prior consultation with IDEXX perform an audit on the Data Processing System to examine whether the reasonable technical and organizational security measures that have been taken in relation to the Personal Data processed in the context of this Data Protection Agreement are in line with the measures described in article 8. 10. 2 IDEXX shall make available to Customer all information reasonably necessary to demonstrate compliance with Customer's obligations to conclude a data processing agreement in line with the relevant requirements in this respect under the applicable law, and allow for and contribute to audits, including inspections, conducted by Customer or an auditor mandated by Customer. In consultation with IDEXX, Customer may engage a third party (expert) to perform its audit rights, provided that such third party will be bound by a confidentiality obligation. 10. 3 The execution of an audit by Customer or on behalf of Customer shall not cause any delay in the business activities of IDEXX or any of its subcontractors.

Reporting of Data Breaches. 9 .1 9. 1 IDEXX shall maintain adequate procedures designed to detect and respond to all Data Breaches in accordance with the applicable law. 9 .2 9. 2 The obligation of IDEXX to notify Customer of a Data Breach and to take action in relation to a Data Breach does not lead to an acknowledgment of any defect or liability on the side of IDEXX in relation to that Data Breach. 9 .3 9. 3 As soon as IDEXX detects a Data Breach of which Customer was not yet informed, IDEXX shall inform Customer without undue delay thereof in a manner determined by IDEXX. IDEXX shall inform Customer on the Customer contact data provided by Customer in connection with as per the services.general terms and conditions of IDEXX Animana B.V. 9 .4 9. 4 When Customer itself is aware of a Data Breach relevant for the provision of the Services by IDEXX, Customer shall inform IDEXX without undue delay thereof, including which measures have been or will be taken by Customer. 9 .5 9. 5 Upon detection of a Data Breach by IDEXX, IDEXX shall provide all reasonable feedback to Customer about the possible impact of the Data Breach on Customer and the affected Data Subjects. The feedback includes a description of the nature and extent of the Data Breach, the measures planned and already taken to prevent damage. 9 .6 9. 6 On request of Customer, IDEXX will also provide reasonably needed assistance in composing the relevant documentation in relation to the Data Breach. Customer will however remain responsible for the obligation to keep an internal overview of Data Breaches that have occurred. 9 .7 9. 7 If Customer requests IDEXX to inform the affected Data Subject(s) and/or the competent Governmental Authority on the Data Breach, IDEXX shall only do so upon receiving a written and full instruction of Customer. This does not lead to any responsibility or liability for IDEXX in relation to the (notification of) the Data Breach. 10. 1 Customer may at its own expenses and upon prior consultation with IDEXX perform an audit on the Data Processing System to examine whether the reasonable technical and organizational security measures that have been taken in relation to the Personal Data processed in the context of this Data Protection Agreement are in line with the measures described in article 8. 10. 2 IDEXX shall make available to Customer all information reasonably necessary to demonstrate compliance with Customer's obligations to conclude a data processing agreement in line with the relevant requirements in this respect under the applicable law, and allow for and contribute to audits, including inspections, conducted by Customer or an auditor mandated by Customer. In consultation with IDEXX, Customer may engage a third party (expert) to perform its audit rights, provided that such third party will be bound by a confidentiality obligation. 10. 3 The execution of an audit by Customer or on behalf of Customer shall not cause any delay in the business activities of IDEXX or any of its subcontractors.