Laserfiche WebLink
Motorola provides to Customer. Customer must be responsible for any reasonable costs arising <br /> from Motorola's provision of such assistance under this Section. <br /> 7. Data Transfers <br /> Motorola agrees that it must not make transfers of Personal Data under this Agreement from one <br /> jurisdiction to another unless such transfers are performed in compliance with this Addendum and <br /> applicable Data Protection Laws. Motorola agrees to enter into appropriate agreements with its <br /> affiliates and Sub-processors, which will permit Motorola to transfer Personal Data to its affiliates <br /> and Sub-processors. Motorola agrees to amend as necessary its agreement with Customer to <br /> permit transfer of Personal Data from Motorola to Customer. Motorola also agrees to assist the <br /> Customer in entering into agreements with its affiliates and Sub-processors if required by <br /> applicable Data Protection Laws for necessary transfers. <br /> 8. Security. Motorola must implement appropriate technical and organizational measures <br /> to ensure a level of security appropriate to the risk posed by the Processing of Personal Data, <br /> taking into account the costs of implementation; the nature, scope, context, and purposes of the <br /> Processing; and the risk of varying likelihood and severity of harm to the data subjects. The <br /> appropriate technical and organizational measures implemented by Motorola are set forth in <br /> Annex III. In assessing the appropriate level of security, Motorola must weigh the risks presented <br /> by Processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized <br /> disclosure of, or access to personal data transmitted, stored or otherwise Processed. <br /> 9. Security Incident Notification. If Motorola becomes aware of a Security Incident, then <br /> Motorola must(i) notify Customer of the Security Incident without undue delay, (ii) investigate the <br /> Security Incident and apprise Customer of the details of the Security Incident and (iii) take <br /> commercially reasonable steps to stop any ongoing loss of Personal Data due to the Security <br /> Incident if in the control of Motorola. Notification of a Security Incident must not be construed as <br /> an acknowledgement or admission by Motorola of any fault or liability in connection with the <br /> Security Incident. Motorola must make reasonable efforts to assist Customer in fulfilling <br /> Customer's obligations under Data Protection Laws to notify the relevant supervisory authority <br /> and Data Subjects about such incident. <br /> 10. Data Retention and Deletion. <br /> Except for anonymized Customer Data, as described above, or as otherwise provided under the <br /> Agreement, Motorola must delete all Customer Data no later than ninety (90) days following <br /> termination or expiration of the MCA or the applicable Addendum or Ordering Document unless <br /> otherwise required to comply with applicable law. <br /> 11. Audit Rights <br /> 11.1 Periodic Audit. Motorola will allow Customer to perform an audit of reasonable scope <br /> and duration of Motorola operations relevant to the Products and Services purchased under the <br /> Agreement, at Customer's sole expense, for verification of compliance with the technical and <br /> organizational measures set forth in Annex II if (i) Motorola notifies Customer of a Security <br /> Incident that results in actual compromise to the Products and/or Services purchased; or (ii) if <br /> Customer reasonably believes Motorola is not in compliance with its security commitments under <br /> this DPA, or(iii) if such audit is legally required by the Data Protection Laws. Any audit must be <br /> conducted in accordance with the procedures set forth in Section 11.3 of this DPA and may not <br /> be conducted more than one time per year. If any such audit requires access to confidential <br /> Data Processing Addendum V.2022.12 5 <br />