Laserfiche WebLink
f. The Contractor shall not use any information collected in connection with the Services <br />issued from this Master Agreement for any purpose other than fulfilling the Services. <br />3. Data Location: The Contractor shall provide its services to the Purchasing Entity and its end <br />users solely from data centers in the U.S. Storage of Purchasing Entity data at rest shall be <br />located solely in data centers in the U.S. The Contractor shall not allow its personnel or <br />contractors to store Purchasing Entity data on portable devices, including personal computers, <br />except for devices that are used and kept only at its U.S. data centers. The Contractor shall <br />permit its personnel and contractors to access Purchasing Entity data remotely only as required <br />to provide technical support. The Contractor may provide technical user support on a 24/7 basis <br />using a Follow the Sun model, unless otherwise prohibited in a Participating Addendum. <br />4. Security Incident or Data Breach Notification: <br />a. Incident Response: Contractor may need to communicate with outside parties regarding <br />a security incident, which may include contacting law enforcement, fielding media inquiries <br />and seeking external expertise as mutually agreed upon, defined by law or contained in the <br />contract. Discussing security incidents with the Purchasing Entity should be handled on an <br />urgent as needed basis, as part of Contractor's communication and mitigation processes as <br />mutually agreed upon, defined by law or contained in the Master Agreement. <br />b. Security Incident Reporting Requirements: The Contractor shall report a security <br />incident to the Purchasing Entity identified contact immediately as soon as possible or <br />promptly without out reasonable delay, or as defined in the SLA. <br />c. Breach Reporting Requirements: If the Contractor has actual knowledge of a confirmed <br />data breach that affects the security of any purchasing entity's content that is subject to <br />applicable data breach notification law, the Contractor shall (1) as soon as possible or <br />promptly without out reasonable delay notify the Purchasing Entity, unless shorter time is <br />required by applicable law, and (2) take commercially reasonable measures to address the <br />data breach in a timely manner. <br />5. Personal Data Breach Responsibilities: This section only applies when a Data Breach occurs <br />with respect to Personal Data within the possession or control of the Contractor. <br />a. The Contractor, unless stipulated otherwise, shall immediately notify the appropriate <br />Purchasing Entity identified contact by telephone in accordance with the agreed upon <br />security plan or security procedures if it reasonably believes there has been a security <br />incident. <br />b. The Contractor, unless stipulated otherwise, shall promptly notify the appropriate <br />Purchasing Entity identified contact within 48 hours or sooner by telephone, unless shorter <br />time is required by applicable law, if it has confirmed that there is, or reasonably believes <br />that there has been a Data Breach. The Contractor shall (1) cooperate with the Purchasing <br />Entity as reasonably requested by the Purchasing Entity to investigate and resolve the Data <br />Breach, (2) promptly implement necessary remedial measures, if necessary, and (3) <br />