Laserfiche WebLink
f. The Contractor shall not use any information collected in connection with the Services <br />issued from this Master Agreement for any purpose other than fulfilling the Services. <br />3. Data Location: The Contractor shall provide its services to the Purchasing Entity and its end <br />users solely from data centers in the U.S. Storage of Purchasing Entity data at rest shall be <br />located solely in data centers in the U.S. The Contractor shall not allow its personnel or <br />contractors to store Purchasing Entity data on portable devices, including personal computers, <br />except for devices that are used and kept only at its U.S. data centers. The Contractor shall <br />permit its personnel and contractors to access Purchasing Entity data remotely only as required <br />to provide technical support. The Contractor may provide technical user support on a 24/7 basis <br />using a Follow the Sun model, unless otherwise prohibited in a Participating Addendum. <br />4. Security Incident or Data Breach Notification: The Contractor shall inform the Purchasing Entity <br />of any security incident or data breach related to Purchasing Entity's Data within the possession <br />or control of the Contractor and related to the service provided under the Master Agreement, <br />Participating Addendum, or SLA. Such notice shall include, to the best of Contractor's <br />knowledge at that time, the persons affected, their identities, and the Confidential Information <br />and Data disclosed, or shall include if this information is unknown. <br />a. Security Incident Reporting Requirements: The Contractor shall report a security <br />incident to the Purchasing Entity identified contact immediately as soon as possible or <br />promptly without out reasonable delay, or as defined in the SLA. <br />b. Breach Reporting Requirements: If the Contractor has actual knowledge of a confirmed <br />data breach that affects the security of any purchasing entity's content that is subject to <br />applicable data breach notification law, the Contractor shall (1) as soon as possible or <br />promptly without out reasonable delay notify the Purchasing Entity, unless shorter time is <br />required by applicable law, and (2) take commercially reasonable measures to address the <br />data breach in a timely manner. <br />S. Breach Responsibilities: This section only applies when a Data Breach occurs with respect to <br />Personal Data within the possession or control of the Contractor and related to the service <br />provided under the Master Agreement, Participating Addendum, or SLA. <br />a. The Contractor, unless stipulated otherwise, shall immediately notify the appropriate <br />Purchasing Entity identified contact by telephone in accordance with the agreed upon <br />security plan or security procedures if it reasonably believes there has been a security <br />incident. <br />b. The Contractor, unless stipulated otherwise, shall promptly notify the appropriate <br />Purchasing Entity identified contact within 48 hours or sooner by telephone, unless shorter <br />time is required by applicable law, if it has confirmed that there is, or reasonably believes <br />that there has been a data breach. The Contractor shall (1) cooperate with the Purchasing <br />Entity as reasonably requested by the Purchasing Entity to investigate and resolve the Data <br />Breach, (2) promptly implement necessary remedial measures, if necessary, and (3) <br />document responsive actions taken related to the Data Breach, including any post -incident <br />