Laserfiche WebLink
f. The Contractor shall not use any information collected in connection with the Services <br />issued from this Master Agreement for any purpose other than fulfilling the Services. <br />3. Data Location: The Contractor shall provide its services to the Purchasing Entity and its end <br />users solely from data centers in the U.S. Storage of Purchasing Entity data at rest shall be <br />located solely in data centers in the U.S. The Contractor shall not allow its personnel or <br />contractors to store Purchasing Entity data on portable devices, including personal computers, <br />except for devices that are used and kept only at its U.S. data centers. The Contractor shall <br />permit its personnel and contractors to access Purchasing Entity data remotely only as required <br />to provide technical support. The Contractor may provide technical user support on a 24/7 basis <br />using a Follow the Sun model, unless otherwise prohibited in a Participating Addendum. <br />4. Security Incident or Data Breach Notification: The Contractor shall inform the Purchasing Entity <br />of any security incident or data breach within the possession and control of the Contractor and <br />related to the service provided under the Master Agreement, Participating Addendum, or SLA. <br />Such notice shall include, to the best of Contractor's knowledge at that time, the persons <br />affected, their identities, and the Confidential Information and Data disclosed, or shall include if <br />this information is unknown. <br />a. Incident Response: The Contractor may need to communicate with outside parties <br />regarding a security incident, which may include contacting law enforcement, fielding <br />media inquiries and seeking external expertise as mutually agreed upon, defined by law <br />or contained in the Master Agreement, Participating Addendum, or SLA. Discussing <br />security incidents with the Purchasing Entity should be handled on an urgent as -needed <br />basis, as part of Contractor's communication and mitigation processes as mutually <br />agreed, defined by law or contained in the Master Agreement, Participating Addendum, <br />or SLA. <br />b. Security Incident Reporting Requirements: Unless otherwise stipulated, the Contractor <br />shall immediately report a security incident related to its service under the Master <br />Agreement, Participating Addendum, or SLA to the appropriate Purchasing Entity. <br />c. Breach Reporting Requirements: If the Contractor has actual knowledge of a confirmed <br />data breach that affects the security of any Purchasing Entity data that is subject to <br />applicable data breach notification law, the Contractor shall (1) promptly notify the <br />appropriate Purchasing Entity within 48 hours or sooner, unless shorter time is required <br />by applicable law, and (2) take commercially reasonable measures to address the data <br />breach in a timely manner <br />5. Breach Responsibilities: This section only applies when a Data Breach occurs with respect to <br />Personal Data within the possession or control of the Contractor. <br />a. The Contractor, unless stipulated otherwise, shall immediately notify the appropriate <br />Purchasing Entity identified contact by telephone in accordance with the agreed upon <br />security plan or security procedures if it reasonably believes there has been a security <br />incident. <br />