Deletion of Data. Upon termination of the Services (for any reason) and if requested by Customer in writing, RSA shall, as soon as reasonably practicable and in accordance with applicable law, delete the Personal Data on RSA systems, PROVIDED that RSA may: (a) retain one copy of the Personal Data as necessary to comply with any legal, regulatory, judicial, audit, or internal compliance requirements; and (b) defer the deletion of the Personal Data to the extent and for the duration that any Personal Data or copies thereof cannot reasonably and practically be expunged from RSA’s systems. The parties hereby expressly acknowledge that Customer instructs RSA to maintain back-up files of all Customer data (which may include Personal Data), for the duration established in the Agreement. For such retention or deferral periods as set forth above, the provisions of this DPA shall continue to apply to such Personal Data. RSA reserves the right to charge Customer for any reasonable costs and expenses incurred by RSA in deleting the Personal Data pursuant to this clause. A certificate of destruction will be provided upon request.
Appears in 4 contracts
Sources: Data Processing Addendum, Data Processing Addendum, Data Processing Addendum