Security Incident Notification. The Transfer Agent shall promptly notify the Trust but in no event later than 72 hours following discovery of any Security Incident(s). Such notification shall include the extent and nature of such intrusion, disclosure, or unauthorized access, the identity of the compromised Customer Confidential Information (to the extent it can be ascertained), how the Transfer Agent was affected by the Security Incident, and its response to such Security Incident. The Transfer Agent shall use continuous and diligent efforts to remedy the cause and the effects of such Security Incident in an expeditious manner and deliver to the Trust a root cause analysis and future incident Mitigation plan with regard to any such incident. The Transfer Agent shall reasonably cooperate with the Trust’s investigation and response to each Security Incident. If the Trust determines in its sole discretion that it may need or be required to notify any individual(s) as a result of a Security Incident, the Trust shall have the right to control all such notifications and the Transfer Agent shall bear all direct costs associated with the notification, to the extent the notification and corresponding actions are required by U.S. law, and subject to the limitation of liability set forth in the Agreement. Without limiting the foregoing, unless otherwise required by U.S. law, no such notifications shall be made by the Transfer Agent without the Trust’s prior written consent and the Trust shall, together with the Transfer Agent, determine the content and delivery of all such notifications. For the avoidance of doubt, the Transfer Agent shall be solely responsible for all costs and expenses, subject to the limitations of liability under the Agreement that the Trust and/or the Transfer Agent may incur to the extent that they are attributable to or arise from the Transfer Agent’s breach of its confidentiality obligations under the Agreement.
Security Incident Notification. DST shall promptly notify Fund but in no event later than 48 hours following confirmed Security Incident(s). Such notification shall include the extent and nature of such intrusion, disclosure, or unauthorized access, the identity of the compromised Fund Confidential Information (to the extent it can be ascertained), how DST was affected by the Security Incident, and its response to such Security Incident.
Security Incident Notification. Khan Academy's incident response procedures include procedures to provide prompt notification regarding security incidents as required by applicable laws, including a description of the security incident based on available information, and contact information for the Khan Academy representative(s) who will be available to assist the School District. To the extent that the incident triggers third party notice requirements under applicable laws, Khan Academy will either provide direct notification to affected persons or assist the School District in providing such notifications to affected School users. Nothing in the Agreement restricts Khan Academy's ability to provide separate breach notifications to its customers, including parents and other individuals with Website accounts. Physical security. Access to Khan Academy’s headquarters office is restricted to authorized personnel and visitors. All external entrances are locked and require badge access. Visitors must check in at the front desk, sign in using an electronic sign-in system, wear a visitor badge and be accompanied by their host during the visit. Rights to Challenge Accuracy of Information Held Supplemental information for Parents is included in Exhibit 2. The supplemental information includes information regarding how a Parent may challenge the accuracy of Student data that is collected by Khan Academy. A Parent, Student, eligible student, teacher or principal may challenge the accuracy of the student data that is collected by Khan Academy by notice to Khan Academy (choose “Report a problem” in Khan Academy’s Help Center) or send an email to xxxxxxx@xxxxxxxxxxx.xxx. Teachers or principals may also submit notices to xxxxxxxxxxxxxxxxxx@xxxxxxxxxxx.xxx. In the event that Khan Academy refers a Parent, Student or Eligible student request to review or correct education records to the School District, the School District will follow the necessary and proper procedures under the Family Educational Rights and Privacy Act (FERPA) and New York Education Law §2-d. The School District will provide Khan Academy with the name and contact information (including email) of the School District 's representative that will be responsible for responding to any such request. Khan Academy will respond in a reasonably timely manner to the School District's request for assistance with any request to view or correct Student data held by Khan Academy, consistent with the functionality of the Services. Deletion or transfer u...
Security Incident Notification. If R3 becomes aware of a personal data breach which is likely to result in a risk to the rights and freedom of natural persons while processed by R3 (each a “Security Incident”), R3 will without undue delay (1) notify Customer of the Security Incident and provide Customer with detailed information about the Security Incident; (2) investigate the cause of the Security Incident; and (3) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Security Incident. Notification(s) of Security Incidents will be delivered to Customer by any means R3 selects, including via email. It is Customer’s sole responsibility to ensure that R3 has accurate contact information for delivery of such notifications. Customer is solely responsible for complying with its obligations under incident notification laws applicable to Customer and fulfilling any third-party notification obligations related to any Security Incident, but R3 shall give Customer such assistance as Customer reasonably requests and R3 is reasonably able to provide in relation to the performance of any such third party notification obligations which arise as a result of a breach by R3 of this Addendum. R3’s obligation to report or respond to a Security Incident under this section is not an acknowledgement by R3 of any fault or liability with respect to the Security Incident. Customer must notify R3 promptly about any possible misuse of its accounts or authentication credentials or any security incident related to a Product or Service. Data Transfers and Location Customer Personal Data that R3 processes about the Customer may be transferred to, and stored and processed in, the United States or any other country in which R3 or its Affiliates or sub-contractors (“Subprocessors”) with access to Customer Personal Data operate. Customer appoints R3 to perform any such transfer of Customer Personal Data to any such country and to store and process Customer Personal Data to provide the Products and Services. All transfers of Customer Personal Data to a third country or an international organization will be subject to appropriate safeguards as described in Article 46 of the GDPR and such transfers and safeguards will be documented according to Article 30(2) of the GDPR.
Security Incident Notification i) The Business Associate will, upon learning of a successful unauthorized access, use, or disclosure of ePHI, report this type of security incident to Covered Entity in accordance Section 7(a) above if such security incident caused a privacy breach and in accordance with Section 7(b) above if such security incident caused a security breach.
Security Incident Notification. The Security Incident handling process defined in the OST will apply to the IRS 1075 Covered Services. In addition, the parties agree to the following:
Security Incident Notification a. If Microsoft becomes aware of any unlawful access to any Customer Data stored on Microsoft’s equipment or in Microsoft’s facilities, or unauthorized access to such equipment or facilities resulting in loss, disclosure, or alteration of Customer Data (each a “Security Incident”), Microsoft will promptly: (a) notify Customer of the Security Incident; (b) investigate the Security Incident and provide Customer with detailed information about the Security Incident; and (c) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Security Incident.
Security Incident Notification. If Microsoft becomes aware of any unlawful access to any Customer Data or Support Data stored on Microsoft’s equipment or in Microsoft’s facilities, or unauthorized access to such equipment or facilities resulting in loss, disclosure, or alteration of Customer Data or Support Data (each a “Security Incident”), Microsoft will promptly (1) notify Customer of the Security Incident; (2) investigate the Security Incident and provide Customer with detailed information about the Security Incident, including, if known, the date or estimated date of the unlawful access and the categories of data affected; and (3) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Security Incident. Given the nature of the Online Services and Microsoft's privacy policies, Microsoft will generally not have knowledge of the data or categories of data stored by Customer. In the event of unlawful access, Microsoft's ability to provide detailed information about the data accessed may be limited. Microsoft will provide such details about the unlawful access as are reasonably available to it. Notification(s) of Security Incidents will be delivered to one or more of Customer’s administrators by any means Microsoft selects, including via email. It is Customer’s sole responsibility to ensure Customer’s administrators maintain accurate contact information on each applicable Online Services portal. Microsoft’s obligation to report or respond to a Security Incident under this section is not an acknowledgement by Microsoft of any fault or liability with respect to the Security Incident. Customer must notify Microsoft promptly about any possible misuse of its accounts or authentication credentials or any security incident related to an Online Service.
Security Incident Notification. In the event of a Security Incident affecting End User personal data, Palo Alto Networks will without undue delay:
Security Incident Notification. If WhosOnLocation becomes aware of any unlawful access to any Customer Data stored on WhosOnLocation’s equipment or in WhosOnLocation’s facilities, or unauthorized access to such equipment or facilities resulting in loss, disclosure, or alteration of Customer Data (each a “Security Incident”), WhosOnLocation will promptly:
