DATA PRIVACY AND SECURITY. A. Customer Instructions and Use of Personal Data. Under this Agreement, Apple, acting as a data processor on Your behalf, may receive Personal Data if provided by You or on Your behalf and Your End Users. By entering into this Agreement, You instruct Apple to process such Personal Data, in accordance with applicable law: (i) to provide and support Your use and Your End Users’ use of the Service, including any Apple features, functionality, and services You or applicable End Users enable; (ii) pursuant to Your instructions as given through Your or applicable End Users’ use of the Service (including the Web Portal and other features and functionality of the Service); (iii) as specified under this Agreement including as set forth in Exhibit A for student End Users; and (iv) as further documented in any other written instructions given by You and acknowledged by Apple as constituting instructions under this Agreement.
B. Compliance with law. You agree that You are solely liable and responsible for ensuring Your compliance with all applicable laws, including without limitation privacy and data protection laws, regarding the use or collection of data and information through the Service. You are also responsible for all activity related to Personal Data, including but not limited to, monitoring such Personal Data and activity, and preventing and addressing inappropriate data and activity, including the removal of data and the termination of access of the End User making such data available. You are responsible for safeguarding and limiting access to End
C. Data Incidents. Apple will (i) notify Institution, without undue delay and as required by law, if Apple becomes aware that there has been a breach of security of the Service leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Institution’s Personal Data (“a Data Incident”); and (ii) take reasonable steps to minimize harm and secure Institution’s Personal Data. You are responsible for providing Apple with Institution’s updated contact information for such notification purposes. Apple will also assist Institution to the extent it involves Personal Data that Apple has access to in connection with the Service, to ensure Institution complies with its obligations to provide notice of Data Incidents to supervisory authorities or data subjects as required under Articles 33 and 34 of the GDPR, if applicable, or any other equivalent obligations under applicable l...