10. Security Breach Notification

  1. Security Incident. If We become aware of a Security Incident, We will without undue delay: (a) notify Customer of the Security Incident; and (b) take reasonable steps to mitigate the effects and to minimise any damage resulting from the Security Incident.

  2. Our Assistance. To assist Customer in relation to any personal data breach notifications Customer is required to make under the GDPR, We will include in the notification under section 10.1(a) such information about the Security Incident as We are reasonably able to disclose to Customer, taking into account the nature of the Service, the information available to Us, and any restrictions on disclosing the information, such as confidentiality.

  3. Unsuccessful Security Incidents. Customer agrees that: 

    1. an unsuccessful Security Incident will not be subject to this Section 10. An unsuccessful Security Incident is one that results no unauthorized access to Customer Data or to any of Our equipment or facilities storing Customer Data, and may include, without limitation, pings and other broadcast attacks on firewalls or edge servers, port scans, unsuccessful log-on attempts, denial of service attacks, packet sniffing (or other unauthorized access to traffic data that does not result in access beyond headers) or similar incidents; and 

    2. Our obligation to report or respond to a Security Incident under this Section 10 is not and will not be construed as an acknowledgement by Us of any fault or liability with respect to the Security Incident. 

  4. Communication. Notification(s) of Security Incidents, if any, will be delivered to one or more of Customer’s administrators by any means We select, including via email. It is Customer’s sole responsibility to ensure that Customer’s administrators maintain accurate contact information on the management console of the Service at all times.

  5. Privacy Impact Assessment and Prior Consultation. The information made available by Us under Section 11 is intended to assist Customer in complying with Customer’s obligations under the GDPR in respect of data protection impact assessments and prior consultation. 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request



Article is closed for comments.