Security Incident Notification. The Transfer Agent shall promptly notify the Trust but in no event later than 72 hours following discovery of any Security Incident(s). Such notification shall include the extent and nature of such intrusion, disclosure, or unauthorized access, the identity of the compromised Customer Confidential Information (to the extent it can be ascertained), how the Transfer Agent was affected by the Security Incident, and its response to such Security Incident. The Transfer Agent shall use continuous and diligent efforts to remedy the cause and the effects of such Security Incident in an expeditious manner and deliver to the Trust a root cause analysis and future incident Mitigation plan with regard to any such incident. The Transfer Agent shall reasonably cooperate with the Trust’s investigation and response to each Security Incident. If the Trust determines in its sole discretion that it may need or be required to notify any individual(s) as a result of a Security Incident, the Trust shall have the right to control all such notifications and the Transfer Agent shall bear all direct costs associated with the notification, to the extent the notification and corresponding actions are required by U.S. law, and subject to the limitation of liability set forth in the Agreement. Without limiting the foregoing, unless otherwise required by U.S. law, no such notifications shall be made by the Transfer Agent without the Trust’s prior written consent and the Trust shall, together with the Transfer Agent, determine the content and delivery of all such notifications. For the avoidance of doubt, the Transfer Agent shall be solely responsible for all costs and expenses, subject to the limitations of liability under the Agreement that the Trust and/or the Transfer Agent may incur to the extent that they are attributable to or arise from the Transfer Agent’s breach of its confidentiality obligations under the Agreement.
Security Incident Notification. DST shall promptly notify Fund but in no event later than 48 hours following confirmed Security Incident(s). Such notification shall include the extent and nature of such intrusion, disclosure, or unauthorized access, the identity of the compromised Fund Confidential Information (to the extent it can be ascertained), how DST was affected by the Security Incident, and its response to such Security Incident.
Security Incident Notification. Khan Academy's incident response procedures include procedures to provide prompt notification regarding security incidents as required by applicable laws, including a description of the security incident based on available information, and contact information for the Khan Academy representative(s) who will be available to assist the School District. To the extent that the incident triggers third party notice requirements under applicable laws, Khan Academy will either provide direct notification to affected persons or assist the School District in providing such notifications to affected School users. Nothing in the Agreement restricts Khan Academy's ability to provide separate breach notifications to its customers, including parents and other individuals with Website accounts.
Security Incident Notification. In the event of a Security Incident affecting End User personal data, Palo Alto Networks will without undue delay:
i. inform End User of the Security Incident pursuant to section 13.j below;
ii. investigate and provide End User with detailed information about the Security Incident; and
iii. take reasonable steps to mitigate the effects and minimize any damage resulting from the Security Incident as required by applicable law.
Security Incident Notification. If R3 becomes aware of a personal data breach which is likely to result in a risk to the rights and freedom of natural persons while processed by R3 (each a “Security Incident”), R3 will without undue delay (1) notify Customer of the Security Incident and provide Customer with detailed information about the Security Incident; (2) investigate the cause of the Security Incident; and (3) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Security Incident. Notification(s) of Security Incidents will be delivered to Customer by any means R3 selects, including via email. It is Customer’s sole responsibility to ensure that R3 has accurate contact information for delivery of such notifications. Customer is solely responsible for complying with its obligations under incident notification laws applicable to Customer and fulfilling any third-party notification obligations related to any Security Incident, but R3 shall give Customer such assistance as Customer reasonably requests and R3 is reasonably able to provide in relation to the performance of any such third party notification obligations which arise as a result of a breach by R3 of this Addendum. R3’s obligation to report or respond to a Security Incident under this section is not an acknowledgement by R3 of any fault or liability with respect to the Security Incident. Customer must notify R3 promptly about any possible misuse of its accounts or authentication credentials or any security incident related to a Product or Service. Customer Personal Data that R3 processes about the Customer may be transferred to, and stored and processed in, the United States or any other country in which R3 or its Affiliates or sub-contractors (“Subprocessors”) with access to Customer Personal Data operate. Customer appoints R3 to perform any such transfer of Customer Personal Data to any such country and to store and process Customer Personal Data to provide the Products and Services. All transfers of Customer Personal Data to a third country or an international organization will be subject to appropriate safeguards as described in Article 46 of the GDPR and such transfers and safeguards will be documented according to Article 30(2) of the GDPR.
Security Incident Notification i) The Business Associate will, upon learning of a successful unauthorized access, use, or disclosure of ePHI, report this type of security incident to Covered Entity in accordance Section 7(a) above if such security incident caused a privacy breach and in accordance with Section 7(b) above if such security incident caused a security breach.
ii) The Business Associate will, upon learning of a successful unauthorized modification or destruction of ePHI or interference with system operations in TECHNOLOGY TOOL(S)' information systems, report this type of security incident to Covered Entity within 10 days after the Business Associate learns of such successful security incident.
iii) The Business Associate will record any attempted, but unsuccessful unauthorized access, use, disclosure, modification, or destruction of ePHI or interference with system operations in the Business Associate’s information systems of which the Business Associate is aware. The Business Associate’s will retain such records for at least 12 calendar months following the recording of each such attempted, but unsuccessful security incident and will make such records available to Covered Entity within 10 days of receipt of Covered Entity's request for them.
Security Incident Notification. Notification(s) of Security Incidents will take place under clause 11.
Security Incident Notification. If Lotame has determined that a Security Incident has occurred, Lotame will (1) notify Data Provider of the Security Incident without undue delay but no later than the timeframes set forth in an Applicable Data Protection and Privacy Laws, and (2) promptly take appropriate measures to address the Security Incident, including measures to mitigate any adverse effects resulting from the Security Incident in accordance with its established procedures. Lotame’s obligation to report a Security Incident under this section is not and will not be construed as an acknowledgement by Lotame of any fault or liability with respect to the Security Incident. Lotame will cooperate with and provide reasonable assistance to Data Provider by including in the notification such information about the Security Incident as Lotame is able to disclose to enable Data Provider to notify Supervisory Authorities or Users (as applicable) of the Security Incident as may be required under an Applicable Data Protection and Privacy Law, taking into account the information available to Lotame, and any restrictions on disclosing the information related to the Security Incident. Notification of Security Incidents will be delivered to the Data Protection/Privacy Contact identified in the Agreement via email. It is each party’s sole responsibility to ensure it maintains accurate contact information at all times. Data Provider is solely responsible for complying with incident notification laws applicable to Data Provider and fulfilling any third-party notification obligations related to any Security Incident (for example, to Third Party Sources).
Security Incident Notification. If Microsoft becomes aware of any unlawful access to any Customer Data or Support Data stored on Microsoft’s equipment or in Microsoft’s facilities, or unauthorized access to such equipment or facilities resulting in loss, disclosure, or alteration of Customer Data or Support Data (each a “Security Incident”), Microsoft will promptly (1) notify Customer of the Security Incident; (2) investigate the Security Incident and provide Customer with detailed information about the Security Incident, including, if known, the date or estimated date of the unlawful access and the categories of data affected; and (3) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Security Incident. Given the nature of the Online Services and Microsoft's privacy policies, Microsoft will generally not have knowledge of the data or categories of data stored by Customer. In the event of unlawful access, Microsoft's ability to provide detailed information about the data accessed may be limited. Microsoft will provide such details about the unlawful access as are reasonably available to it. Notification(s) of Security Incidents will be delivered to one or more of Customer’s administrators by any means Microsoft selects, including via email. It is Customer’s sole responsibility to ensure Customer’s administrators maintain accurate contact information on each applicable Online Services portal. Microsoft’s obligation to report or respond to a Security Incident under this section is not an acknowledgement by Microsoft of any fault or liability with respect to the Security Incident. Customer must notify Microsoft promptly about any possible misuse of its accounts or authentication credentials or any security incident related to an Online Service. Microsoft will comply with the provisions of New Hampshire’s data breach statute (RSA 359- C:19 et. seq.), as applicable, in the event of a Security Incident.
Security Incident Notification. If HotelFlex or any Subprocessor becomes aware of a Security Incident, HotelFlex will (a) notify the Customer of the Security Incident within 72 hours, (b) investigate the Security Incident and provide such reasonable assistance to the Customer (and any law enforcement or regulatory official) as required to investigate the Security Incident, and (c) take steps to remedy any non-compliance with this DPA.