Orange County NC Website
Browse       Search
DocuSign Envelope ID:90A54439-23B9-40AF-8246-BFCAAEAA529D <br /> 6.3 Where an Authorized Affiliate becomes a party to the DPA with Submittable, it shall, to <br /> the extent required under applicable Privacy and Data Protection Requirements, be entitled to <br /> exercise the rights and seek remedies under this DPA, subject to the following: <br /> (a) except where applicable Privacy and Data Protection Requirements require the <br /> Authorized Affiliate to exercise a right or seek any remedy under this DPA against Submittable <br /> directly by itself, the parties agree that (i) Customer shall exercise any such right or seek any <br /> such remedy on behalf of the Authorized Affiliate; and (ii) Customer shall exercise any such <br /> rights under this DPA not separately for each Authorized Affiliate individually but in a <br /> combined manner for all of its Authorized Affiliates together; and <br /> (b) Customer shall, when carrying out any audit of the procedures relevant to the <br /> protection of Personal Information, take all reasonable measures to limit any impact on <br /> Submittable and its Sub-Processors by combining, to the extent reasonably possible, several <br /> audit requests carried out on behalf of different Authorized Affiliates into one single audit. <br /> 7. Security. <br /> 7.1 Submittable must at all times implement industry standard, appropriate administrative, <br /> physical and technical safeguards and measures designed to safeguard Personal Information against <br /> unauthorized or unlawful processing, access, copying, modification, storage, reproduction, display, or <br /> distribution, and against accidental loss, destruction, or damage including, but not limited to, the <br /> security measures set out in Appendix B. Submittable must document those measures in writing and <br /> periodically review them, at least annually, to ensure they remain current and complete. <br /> 7.2 Submittable shall take reasonable measures, including the collection of industry- <br /> standard audit trails to protect Personal Information against deterioration or degradation of data <br /> quality and authenticity. <br /> 7.3 Each Party will promptly notify the other if it becomes aware of any advance in <br /> technology and methods of working, which indicate that the Parties should adjust their security <br /> measures. <br /> 7.4 Submittable must take industry standard and operationally reasonable precautions to <br /> preserve the integrity of any Personal Information it processes and to prevent any corruption or loss <br /> of the Personal Information, including but not limited to establishing effective backup and data <br /> restoration procedures. <br /> 7.5 Submittable must take industry standard and operationally reasonable precautions to <br /> ensure the Services are free of any system settings or defects that would create a potential Security <br /> Breach. <br /> 7.6 All electronic transmission of Personal Information between the Parties shall be <br /> performed in a secure and encrypted manner. All data transmissions between the Parties shall <br /> include detailed audit logs of all Personal Information transfer events. <br /> 8. Security Breaches and Personal Information Loss. <br /> 8.1 Submittable will promptly notify Customer if any Personal Information is lost or <br /> destroyed or becomes damaged, corrupted, or unusable. Submittable will use best efforts to rectify <br /> the impact of the loss or corruption of such Personal Information at its own expense. <br /> 8.2 Submittable will promptly notify Customer, within forty-eight (48) hours, if it becomes <br /> aware of: <br /> (a) any unauthorized or unlawful processing of the Personal Information; or <br /> (b) any Security Breach. <br /> Submittable Customer Terms of Service v1.1—Exhibit B Page 5 of 12 <br />