Security Event Data. Secureworks will process Security Event Data as part of its provision of Services. Customer acknowledges that Secureworks may also process Security Event Data in order to develop, enhance and/or improve its security services and the products and services it offers and provides to customers. Secureworks shall be the controller in respect of any personal data in the Security Event Data and, for the duration of its processing of such Security Event Data, Secureworks shall (i) comply with applicable Privacy Laws and (ii) safeguard such Security Event Data with security measures that are no less protective than those set out in this DPA. Restrictions on the disclosure and transfer of Personal Data in this DPA shall not apply in connection with Secureworks’ processing of the Security Event Data for the purposes described in this clause, however, Secureworks shall not disclose any Security Event Data that is traceable to Customer to any third parties (other than Affiliates and Subprocessors) unless permitted under the MSA and/or this DPA, or the disclosure is required in order to comply with applicable law or legal process. Secureworks shall not be required to return or delete Security Event Data upon termination of the Services (for any reason). Customer shall ensure its personnel and any other data subjects whose personal data is processed by Secureworks in connection with the Services are appropriately notified of the fact their personal data may be processed in connection with the development, enhancement and/or provision of Secureworks’ products or services as described in this clause. If Customer is compelled by a legally binding order (e.g. of a court or regulatory authority of competent jurisdiction) to have the Security Event Data deleted, then Secureworks agrees, as appropriate, to anonymise, pseudonymise or delete the Security Event Data that is the subject of the binding order as soon as practicable.
Security Event Data. MSSP will notify Customers (including as part of each Customer Agreement) about Secureworks’ use of Security Event Data as described in this clause 7. Secureworks will process Security Event Data as part of its provision of SaaS Solutions. Customer acknowledges that Security Event Data may also be processed in order to develop, enhance and/or improve security services and the products and services offered and provided to customers. Secureworks shall be the controller in respect of any personal data (as defined in the GDPR) in the Security Event Data and, as such, is responsible for processing the Security Event Data in accordance with applicable Privacy Laws. Restrictions on the disclosure and transfer of Personal Data in this DP Schedule shall not apply in connection with ’the processing of Security Event Data for the purposes described in this clause, PROVIDED THAT Secureworks shall not disclose any Security Event Data that is traceable to a Customer to any third parties (other than Affiliates and Subprocessors) unless permitted under this DP Schedule and/or the MSSP Addendum, or the disclosure is required in order to comply with applicable law or legal process. Secureworks shall not be required by MSSP or any Customer to return or delete Security Event Data upon termination of the SaaS Solutions (for any reason).’ If Customer is compelled by a legally binding order (e.g. of a court or regulatory authority of competent jurisdiction) to have the Security Event Data deleted, then Secureworks agrees, as legally required, to anonymize or delete the Security Event Data that is the subject of the binding order as soon as practicable following receipt of a certified copy of such binding order.
