Reporting Personal Data Breaches Sample Clauses

Reporting Personal Data Breaches. Providing assistance and cooperation in respect of compliance with requests from Data Subjects is understood to include, but is not limited to, the following obligations for the Processor:
AutoNDA by SimpleDocs
Reporting Personal Data Breaches. In case of Personal Data Breaches or a reasonable suspicion of a Personal Data Breach, the partner in stake must inform their company or organisations DPO/contact person. The DPO/contact person should inform XXXX-XXxxXX’s main contact person Xxxxx Xxxx (xxxxx.xxxx@xxxxx.xxxx) without undue delay and not later than 24 hours after having become aware of it.
Reporting Personal Data Breaches. 3.3.1 The supplier shall notify the customer without undue delay after becoming aware of a personal data breach. 3.3.2 Taking into account the nature of the pro- cessing and the information that the pro- cessor has available, such a notification shall: a) describe the nature of the personal data breach and, where possible, the categories and approximate number of data subjects concerned and the categories and approx- imate number of personal data records concerned, b) describe the likely consequences of the personal data breach, and c) describe the measures taken or proposed to be taken to address the personal data breach or mitigate its possible adverse ef- fects. 3.3.3 Where, and insofar as, it is not possible to provide the information at the same time, the information may be provided in phases without further undue delay. 3.3.4 If the customer, in violation of Applicable Data Protection Legislation, does not inform the data subject of a personal data breach and the Data Protection Authori- ty orders the supplier to do so in its stead, the customer shall compensate the supp- lier for the costs incurred by the supplier when complying with the Data Protection Authority’s decision.
Reporting Personal Data Breaches. 13.1. The Service Provider shall promptly notify the Customer of a Personal Data Breach impacting the Protected Data. 13.2. Any notifications made to the Customer pursuant to this section shall contain: a) a description of the nature of the incident, including where possible the categories and approximate number of data subjects concerned and the categories and approximate number of Protected Data records concerned; b) the name and contact details of the Service Provider’s data protection officer or another contact point where more information can be obtained; c) a description of the likely consequences of the incident; and d) a description of the measures taken or proposed to be taken by the Service Provider to address the incident including, where appropriate, measures to mitigate its possible adverse effects.
Reporting Personal Data Breaches. Service Provider shall report to Hyland any Personal Data Breach of which it becomes aware. Service Provider will make such report orally to Hyland within 24 hours of Service Provider’s becoming aware of the incident followed by a report in writing (e-mail is acceptable) within 24 hours of the initial oral report. The written report shall include, at a minimum subject to the availability of necessary information, the following: (1) a description of the incident; (2) the date that the incident occurred; (3) the date that Service Provider became aware of the incident;
Reporting Personal Data Breaches. Service Provider shall report to Hyland any Personal Data Breach of which it becomes aware. Service Provider will make such report within 24 hours of Service Provider’s becoming aware of the incident and such report shall include, at a minimum subject to the availability of necessary information, the following: (1) a description of the incident; (2) the date that the incident occurred; (3) the date that Service Provider became aware of the incident; (4) the identity and last known mailing address of each affected Data Subject; (5) the approximate number of affected Personal Data records involved; (6) the affected categories of Personal Data, including Sensitive Personal Data, if any, for each affected Data Subject that was affected; (7) the approximate number of Data Subjects affected; (8) an identification of any law enforcement agency or National Authority that has been contacted about the incident and contact information for the relevant official; (9) a description of the steps that have been, or will be, taken to mitigate the incident; (10) a description of the steps that have been, or will be, taken to prevent a recurrence; (11) the likely consequences of the Personal Data Breach; and (12) contact information for the person at Service Provider principally responsible for responding to the Personal Data Breach.
Reporting Personal Data Breaches. Third Party will maintain (and, if necessary, develop and implement) a written response plan to ensure that any Personal Data Breach implicating Personal Data will be promptly discovered by Third Party and promptly reported to Customer. Third Party shall report to Customer in writing within 48 hours any Personal Data Breach implicating Personal Data of which Third Party becomes aware, regardless of whether the Personal Data Breach results from the actions of Third Party or its agents or Sub-processors. Third Party shall provide the following information as and when available: (1) a description of the Personal Data Breach; (2) the date that the Personal Data Breach occurred; (3) the date and time at which the Third Party became aware of the Personal Data Breach; (4) the affected categories of Personal Data, including Special Categories of Personal Data, if any, for each affected Data Subject; (5) the approximate number of Data Subjects affected and the approximate number of records containing Personal Data; (6) a description of the steps taken to mitigate the Personal Data Breach and prevent recurrence; (7) the likely consequences of the Personal Data Breach; and (8) all other information reasonably requested by Customer in order to comply with its obligations under applicable law or contracts. Notifications. Third Party shall not notify any third party of any Personal Data Breach implicating Personal Data without Customer’s prior written authorization.
AutoNDA by SimpleDocs
Reporting Personal Data Breaches. Upon becoming aware of a Personal Data Breach, Company shall: (i) notify Customer without undue delay, and where feasible, no later than 48 hours after becoming aware of a Personal Data Breach affecting Customer Protected Data; (ii) provide timely information relating to the Personal Data Breach as it becomes known or as is reasonably requested by Customer; (iii) complete a commercially reasonable forensic investigation of the Personal Data Breach, consistent with industry standards, and share with Customer the results of such investigation; (iv) promptly take reasonable steps to contain and investigate any Personal Data Breach; and (v) cooperate with Customer as reasonably necessary to facilitate compliance with Data Protection Laws and any other applicable laws and regulations. Company's notification of or response to a Personal Data Breach shall not be construed as an acknowledgment by Company of any fault or liability with respect to such Personal Data Breach.
Reporting Personal Data Breaches. Upon becoming aware of a Personal Data Breach, Processor shall: (i) notify Controller without undue delay, and where required by Data Protection Laws, no later than 24 hours after becoming aware of a Personal Data Breach affecting Protected Data; (ii) provide timely information relating to the Personal Data Breach as it becomes known, is required by Data Protection Laws, or as is reasonably requested by Controller; (iii) complete a commercially reasonable forensic investigation of the Personal Data Breach, consistent with industry standards, and share with Controller the results of such investigation; (iv) promptly take reasonable steps to contain and investigate any Personal Data Breach; and (v) cooperate with Controller as reasonably necessary to facilitate compliance with Data Protection Laws and any other applicable laws and regulations. Processor’s notification of or response to a Personal Data Breach shall not be construed as an acknowledgment by Processor of any fault or liability with respect to such Personal Data Breach.

Related to Reporting Personal Data Breaches

  • Personal Data Breaches 5.7.1 The Data Processor shall give immediate notice to the Data Controller if a breach occurs, that can lead to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to, personal data transmitted, stored or otherwise processed re the Personal Data processed on behalf of the Data Controller (a “Personal Data Breach”). 5.7.2 The Data Processor shall make reasonable efforts to identify the cause of such a breach and take those steps as they deem necessary to establish the cause, and to prevent such a breach from reoccurring.

  • Personal Data Breach 7.1 Processor shall notify Company without undue delay upon Processor becoming aware of a Personal Data Breach affecting Company Personal Data, providing Company with sufficient information to allow the Company to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws. 7.2 Processor shall co-operate with the Company and take reasonable commercial steps as are directed by Company to assist in the investigation, mitigation and remediation of each such Personal Data Breach.

  • Handling Sensitive Personal Information and Breach Notification A. As part of its contract with HHSC Contractor may receive or create sensitive personal information, as section 521.002 of the Business and Commerce Code defines that phrase. Contractor must use appropriate safeguards to protect this sensitive personal information. These safeguards must include maintaining the sensitive personal information in a form that is unusable, unreadable, or indecipherable to unauthorized persons. Contractor may consult the “Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals” issued by the U.S. Department of Health and Human Services to determine ways to meet this standard. B. Contractor must notify HHSC of any confirmed or suspected unauthorized acquisition, access, use or disclosure of sensitive personal information related to this Contract, including any breach of system security, as section 521.053 of the Business and Commerce Code defines that phrase. Contractor must submit a written report to HHSC as soon as possible but no later than 10 business days after discovering the unauthorized acquisition, access, use or disclosure. The written report must identify everyone whose sensitive personal information has been or is reasonably believed to have been compromised. C. Contractor must either disclose the unauthorized acquisition, access, use or disclosure to everyone whose sensitive personal information has been or is reasonably believed to have been compromised or pay the expenses associated with HHSC doing the disclosure if: 1. Contractor experiences a breach of system security involving information owned by HHSC for which disclosure or notification is required under section 521.053 of the Business and Commerce Code; or 2. Contractor experiences a breach of unsecured protected health information, as 45 C.F.R. §164.402 defines that phrase, and HHSC becomes responsible for doing the notification required by 45 C.F.R. §164.404. HHSC may, at its discretion, waive Contractor's payment of expenses associated with HHSC doing the disclosure.

  • Notification of personal data breach 1. In case of any personal data breach, the data processor shall, without undue delay after having become aware of it, notify the data controller of the personal data breach. 2. The data processor’s notification to the data controller shall, if possible, take place within 24 hours after the data processor has become aware of the personal data breach to enable the data controller to comply with the data controller’s obligation to notify the personal data breach to the competent supervisory authority, cf. Article 33

  • Personal Data Breach Notification SAP will notify Customer without undue delay after becoming aware of any Personal Data Breach and provide reasonable information in its possession to assist Customer to meet Customer’s obligations to report a Personal Data Breach as required under Data Protection Law. SAP may provide such information in phases as it becomes available. Such notification shall not be interpreted or construed as an admission of fault or liability by SAP.

  • Your Personal Data 17.1. PCSIL is a registered Data Controller with the Data Protection Commission in Ireland. 17.2. In order for us to provide you with the services relating to your Account, we are required to collect and process personal data about you, Additional Cardholders and Authorised Persons, with your consent or on a legal basis to meet our obligations for Anti-Money Laundering legislation or other governmental organisation. Where applicable, if an Account holder is under 16, then parental consent is explicitly required. 17.3. Your consent will be sought for collection of your data and you have the right to agree or decline. Where you decline consent for the collection and processing of your data, we reserve our right to discontinue service due to our obligations as a financial services institution. 17.4. We may disclose or check your personal data with other organisations and obtain further information about you in order to verify your identity and comply with applicable money laundering and governmental regulations. A record of our enquiries will be left on your file. 17.5. We may pass your personal data on to third-party service providers contracted to PCSIL in the course of dealing with your Account. Any third parties that we may share your data with are obliged to keep your details secure, and to use them only to fulfil the service they provide you on our behalf. Where we transfer the personal data to a third country or international organisation, we ensure this is done securely and that they meet a minimum standard of data protection in their country. 17.6. You have the right to receive information concerning the personal data we hold about you and to rectify such data where it is inaccurate or incomplete. You have the right to object to or withdraw any consent you have given for certain types of processing such as direct marketing. 17.7. Your data will be retained for 6 years after the end of the provision of services to you, where your data will be destroyed in compliance with the requirements of the General Data Protection Regulation. 17.8. In the event that you wish to make a complaint about how your personal data is being processed by us (or third parties as described in 17.5 above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and PCSIL’s Data Protection Officer. 17.9. Our Privacy Policy provides full details on your rights as a data subject and our obligations as a data controller. Please read this document carefully and ensure you understand your rights.

  • Confidential Information Breach This shall mean, generally, an instance where an unauthorized person or entity accesses Confidential Information in any manner, including but not limited to the following occurrences: (1) any Confidential Information that is not encrypted or protected is misplaced, lost, stolen or in any way compromised; (2)one or more third parties have had access to or taken control or possession of any Confidential Information that is not encrypted or protected without prior written authorization from the State; (3) the unauthorized acquisition of encrypted or protected Confidential Information together with the confidential process or key that is capable of compromising the integrity of the Confidential Information; or (4) if there is a substantial risk of identity theft or fraud to the Client Agency, the Contractor, DAS or State.

  • Personal Information security breach Supplier/Service Provider’s Obligations a) The Supplier/Service Provider shall notify the Information Officer of Transnet, in writing as soon as possible after it becomes aware of or suspects any loss, unauthorised access or unlawful use of any personal data and shall, at its own cost, take all necessary remedial steps to mitigate the extent of the loss or compromise of personal data and to restore the integrity of the affected Goods/Services as quickly as is possible. The Supplier/Service Provider shall also be required to provide Transnet with details of the persons affected by the compromise and the nature and extent of the compromise, including details of the identity of the unauthorised person who may have accessed or acquired the personal data. b) The Supplier/Service Provider shall provide on-going updates on its progress in resolving the compromise at reasonable intervals until such time as the compromise is resolved. c) Where required, the Supplier/Service Provider may be required to notify the South African Police Service; and/or the State Security Agency and where applicable, the relevant regulator and/or the affected persons of the security breach. Any such notification shall always include sufficient information to allow the persons to take protective measures against the potential consequences of the compromise. d) The Supplier/Service Provider undertakes to co‑operate in any investigation relating to security which is carried out by or on behalf of Transnet including providing any information or material in its possession or control and implementing new security measures.

  • YOUR PERSONAL INFORMATION 17.1 We collect certain information about the purchaser and the users of the Card in order to operate the Card programme. IDT Financial Services Limited is the data controllers of Your personal data, and will manage and protect Your personal data in accordance with applicable law.IDT Financial Services Limited receives card services from First Data Slovakia s.r.o., which acts as a data processor for IDT Financial Services Limited. 17.2 We may transfer Your personal data outside the EEA to Our commercial partners where necessary to provide Our services to You, such as customer service, account administration, financial reconciliation, or where the transfer is necessary as a result of Your request, such as the processing of any international transaction. When We transfer personal data outside the EEA, We will take steps to ensure that Your personal data is afforded substantially similar protection as personal data processed within the EEA. Please be aware that not all countries have laws to protect personal data in a manner equivalent to that of the EEA. Your use of Our products and services will indicate to Us that You agree to the transfer of Your personal data outside the EEA. If You withdraw Your consent to the processing of Your personal data or its transfer outside the EEA, which You can do by using the contact details in clause 15, We will not be able to provide Our services to You. Therefore, such withdrawal of consent will be deemed to be a termination of the Agreement. 17.3 Unless You have provided Your explicit permission, Your personal data will not be used for marketing purposes by Us or Our commercial partners (unless You have independently provided Your consent to them directly), nor will it be shared with third parties unconnected with the Card scheme. 17.4 You have the right to request details of the personal information that is held about You, and You may receive this by writing to our Customer Service Center. 17.5 Please refer to the Privacy Policy of IDT Financial Services Limited xxxx://xxx.xxxxxxxxxx.xxx/privacypolicy.pdf for full details, which You accept by accepting the Agreement.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!