Notification to Customer. Upon confirmation that a Personal Data Security Incident has occurred related to any Personal Data covered by this DPA, ▇▇▇▇▇▇ will investigate the incident in accordance with its Incident Response Policy and: (1) Where Oyster is a Controller, to the extent permitted (or required) by applicable law, notify Customer and any affected EOR Team Members without undue delay, such notice to be delivered to Customer in accordance with Section 8.1 of this DPA; (2) Where Oyster is a Processor, to the extent permitted (or required) by applicable law, notify Customer without undue delay, such notice to be delivered to Customer in accordance with Section 8.1 of this DPA in no more than 1 business day (3) To the extent such Personal Data Security Incident is caused by ▇▇▇▇▇▇’s violations of its obligations under this DPA, take such reasonable remedial steps to address the incident and prevent any further incidents; and (4) Promptly provide Customer with all relevant information in its possession as reasonably required under Applicable Data Protection Law, to comply with any reporting obligations of a relevant regulatory authority concerning such incident.
Appears in 2 contracts
Sources: Customer Data Processing Agreement, Customer Data Processing Addendum