|
DocuSign Envelope ID:90A54439-23B9-40AF-8246-BFCAAEAA529D
<br /> 8.3 Immediately following any unauthorized or unlawful Personal Information processing or
<br /> Security Breach, the Parties will coordinate with each other to investigate the matter. Submittable
<br /> will reasonably co-operate with Customer in Customer's handling of the matter, including:
<br /> (a) taking such industry standard actions as may be necessary to preserve forensic
<br /> evidence;
<br /> (b) assisting with any investigation;
<br /> (c) providing Customer or Customer's designee with remote and physical access to
<br /> any facilities and operations affected;
<br /> (d) facilitating interviews with Submittable's employees, former employees, and
<br /> others involved in the matter; and
<br /> (e) making available all relevant records, logs, files, data reporting, and other
<br /> materials required to comply with all Privacy and Data Protection Requirements or as
<br /> otherwise reasonably required by Customer. All information provided to Customer under this
<br /> Section may be redacted to remove any information from the materials that may compromise
<br /> the security of Submittable's information technology environment or the confidentiality of any
<br /> third-party confidential information, provided that such removal does not prevent Customer
<br /> from understanding the substance of the materials.
<br /> 8.4 Submittable will not inform any third party of any Security Breach without first
<br /> obtaining Customer's prior written consent, except when Law or regulation requires it.
<br /> 8.5 Unless applicable Law requires otherwise, Submittable agrees that Customer has the
<br /> sole right to determine:
<br /> (a) whether to provide notice of the Security Breach to any Data Subjects, regulators,
<br /> Supervisory Authority, law enforcement agencies, or others, as required by Law or regulation or
<br /> in Customer's discretion, including the contents and delivery method of the notice; and
<br /> (b) whether to offer any type of remedy to affected Data Subjects, including the
<br /> nature and extent of such remedy.
<br /> 8.6 Submittable will cover all reasonable expenses associated with the performance of the
<br /> obligations under Section 8.2 and Section 8.3, unless the matter arose from (a) Customer's specific
<br /> instructions; (b) any negligence, willful default, or breach of this DPA by Customer, or any employee,
<br /> agent, contractor, representative, or Authorized Affiliate of Customer; (c) any breach or unauthorized
<br /> access of the system, server(s), network(s), website(s), information, data, or records of Customer
<br /> which were not in the possession and control of Submittable or its Sub-processors; or (d) any Security
<br /> Breach which originated with, was caused by, or resulted from any Customer owned and operated
<br /> server, website, system, software, or network, which were not the result of any actions or inactions of
<br /> Submittable or its Sub-processors, which in any of the foregoing cases Customer will cover all
<br /> reasonable expenses.
<br /> 8.7 Submittable will also reimburse Customer for actual reasonable expenses Customer
<br /> incurs when responding to and mitigating damages, to the extent that Submittable solely caused a
<br /> Security Breach, including all costs of notice and any remedy as set out in Section 8.5.
<br /> 8.8 In the event of a Security breach, each Party shall use all reasonable efforts in good faith
<br /> to mitigate any reputational and brand damage to the other affected Party.
<br /> 8.9 TO THE GREATEST EXTENT ALLOWED BY LAW, IN NO EVENT WILL THE
<br /> COLLECTIVE AGGREGATE LIABILITY OF SUBMITTABLE, ITS LICENSORS, SERVICE
<br /> PROVIDERS, SUB-PROCESSORS, SUBCONTRACTORS, AND SUPPLIERS ARISING OUT OF OR
<br /> RELATED TO THIS DPA, WHETHER ARISING UNDER OR RELATED TO ANY SECURITY
<br /> BREACH, BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY,
<br /> Submittable Customer Terms of Service v1.1—Exhibit B Page 6 of 12
<br />
|