Security Procedures; Compliance. Apple shall use industry-standard measures to safeguard Personal Data during the transfer, processing, and storage of Personal Data as part of the Service. As part of these measures, Apple will use commercially reasonable efforts to encrypt Personal Data at rest and in transit; ensure the ongoing confidentiality, integrity, availability and resilience of the Service; in the event of an issue, restore the availability of Personal Data in a timely manner; and regularly test, assess, and evaluate the effectiveness of such measures. Apple will take appropriate steps to ensure compliance with security procedures by its employees, contractors and Sub-processors, and Apple shall ensure that any persons authorized to process such Personal Data comply with applicable laws regarding the confidentiality and security of Personal Data with regards to the Service. Encrypted Personal Data may be stored at Apple’s geographic discretion. To the extent Apple is acting as a data processor, Apple will assist You with ensuring Your compliance, if applicable, with the following: (a) Article 28 of the GDPR (by allowing for and contributing to audits; provided, that Apple’s ISO 27001 and ISO 27018 certifications shall be considered sufficient for such required audit purposes); (b) Article 32 of the GDPR (by implementing the security procedures set forth in this Section 9.3 and by maintaining the ISO 27001 and ISO 27018 Certifications); (c) Articles 33 and 34 of the GDPR or other equivalent obligations under law (by assisting You with providing required notice of a Data Incident to a supervisory authority or data subjects); (d) laws requiring Institution to conduct data protection impact assessments or to consult with a supervisory authority prior to processing; and (e) an investigation by a data protection regulator or similar authority regarding Personal Data. If required by law, Apple will ensure that any international data transfer is done only to a country that ensures an adequate level of protection, has provided appropriate safeguards as set forth in applicable law, such as those in Articles 46 and 47 of the GDPR (e.g., standard data protection clauses), or is subject to a derogation in Article 49 of the GDPR. If You are required to enter a data transfer agreement to transfer data to a third country, You agree to enter into the applicable data transfer agreement for Your jurisdiction as executed by Apple at xxxxx://xxxxx.xxx/legal/enterprise/datatransfer. Apple is not respo...
