Security and Compliance. 7.1. ▇▇▇▇▇▇ agrees to implement appropriate measures to ensure Security of Data Processing. Nimble regularly monitors compliance with these safeguards, and further agrees to regularly test, assess and evaluate the effectiveness of its Security of Data Processing. 7.2. Nimble shall provide Customer with reasonable assistance at Customer’s expense, where Customer believes the type of Processing performed by ▇▇▇▇▇▇ is likely to result in a high risk to the rights and freedoms of natural persons (e.g., systematic and extensive profiling, Processing sensitive Personal Data on a large scale and systematic monitoring on a large scale), and thus requires a data protection impact assessment and/or prior consultation with the relevant data protection authorities. Nimble shall provide such assistance upon Customer’s reasonable request and to the extent Customer does not otherwise have access to the relevant information, and to the extent such information is available to Nimble. 7.3. ▇▇▇▇▇▇ agrees to keep records of its Processing in compliance with Applicable Data Protection Laws and provide such records to Customer upon Customer’s reasonable request to assist Customer with complying with supervisory authorities' requests. Upon request from Customer and at Customer’s expense, ▇▇▇▇▇▇ agrees to reasonably cooperate with Customer for the purpose of verifying Nimble’s compliance with Applicable Data Protection Laws. 7.4. Nimble will promptly notify Customer, without undue delay, after ▇▇▇▇▇▇ becomes aware of any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unlawful access to any Customer’s Personal Data that is transmitted, stored or otherwise Processed by Nimble or its Sub-processors of which Nimble becomes aware. Nimble will use reasonable efforts to identify the cause of such Security Breach and shall promptly and without undue delay: (a) investigate the Security Breach and provide Customer with information about the Security Breach, including if applicable, such information a Data Processor must provide to a Data Controller under Applicable Data Protection Laws to the extent such information is reasonably available; and (b) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Security Breach to the extent the remediation is within Nimble’s reasonable control. The obligations herein shall not apply to any breach that is caused by Customer. 7.5. Nimble shall notify Customer of Security Breaches, if any, via email It is Customer’s sole responsibility to ensure it maintains accurate contact information with Nimble at all times. 7.6. Nimble’s obligation to report or respond to a Security Breach under this Section will not be construed as an acknowledgement by Nimble of any fault or liability with respect to any Security Breach.
Appears in 2 contracts