Security of Processing, Confidentiality and Personal Data Breach. 3.3.1 Without prejudice to any other obligations on You under the Agreement, You and You Affiliates shall (a) provide clear and complete information to users regarding You or You Affiliates’ collection, use and disclosure of user data (including, at a minimum, a link to Your privacy policy from Your Websites); (b) take appropriate steps to protect Personal Data from unauthorized access, use or disclosure; and (c) comply with all applicable laws regarding privacy and data collection with respect to any collection, use or disclosure of Personal Data. If a user ceases to consent or affirmatively revokes consent for You or You Affiliates’ collection, use or disclosure of his or her user data, You and You Affiliates must promptly cease all such use. Furthermore, You shall implement administrative, technical, and physical safeguards designed to protect against reasonably anticipated threats or hazards to the security, integrity, or confidentiality of Personal Data. You shall encrypt all Personal Data in accordance with industry standards for secure key and protocol negotiation and key management prior to transmission. Upon discovering a Security Breach, You will (i) promptly notify Us thereof, (ii) investigate, remediate, and mitigate the effects of the Security Breach, and (iii) provide We with assurances reasonably satisfactory to Us that such Security Breach will not recur. Additionally, if and to the extent any Security Breach or other unauthorized access, use, or disclosure of Personal Data occurs as a result of an act or omission of You, You Affiliates, You service providers, or Your Platform Providers, You will, at Your cost and expense, upon Our request, provide notices and/or undertake other related remedial measures (including notice, credit monitoring services, fraud insurance and the establishment of a call center to respond to You inquiries) which are reasonably warranted or required by law. In the event of legal proceedings, including but not limited to regulatory investigations or litigation, following or resulting from a Security Breach, You will provide We with reasonable assistance and support in responding to such proceedings.
Security of Processing, Confidentiality and Personal Data Breach. (a) The Parties must implement and maintain a comprehensive written information security program with appropriate technical and organizational measures to ensure a level of security appropriate to the risk, which includes, as appropriate: (a) the pseudonymization and encryption of Personal Data; (b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (c) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and (d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing. In assessing the appropriate level of security, the Parties must take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing of Personal Data as well as the risk of varying likelihood and severity for the rights and freedoms of Data Subjects and the risks that are presented by the Processing of Personal Data, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise Processed. (Security measures).
