Snippets from MSA and DPA
- Data Loss Plan
Data Security. Kokomo shall ensure that its personnel and subcontractors who have access to Customer Data shall, at all times, utilize appropriate administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of the Service and all Customer Data (including, to the extent applicable, use of encryption, firewall protection, intrusion detection and prevention tools and network management applications), all in accordance with generally accepted industry standards and the requirements of applicable data protection and privacy laws and regulations. In the event that Kokomo discovers any breach of security with respect to the Services or any Customer Data (“Security Breach”), Kokomo shall: (i) immediately (within 24 hours) notify Customer of the Security Breach; (ii) perform an investigation to learn the cause of the Security Breach; (iii) take commercially reasonable measures to prevent such a Security Breach in the future; and (iv) take commercially reasonable efforts to resolve any such Security Breach and fully cooperate with Customer in complying with any notification or other regulatory requirements that may result from such Security Breach.
- Data Destruction
Return or Destruction of Client Data. At any time and upon Customer’s written request, Kokomo24/7 shall, within ten (10) business days, return all originals and copies of Customer Data, whether in printed or electronic form, including any and all backups and archived data. In lieu of a return of Customer Data, but only with the Client’s written consent, Kokomo24/7 will promptly destroy all originals and copies of Customer Data, whether in printed or electronic form, including any and all backups and archived data, in accordance with industry standards and the federal government’s best practices.
The parties agree that on the termination of the provision of Services, Vendor and any Sub-processor shall, at the choice of Customer, return all Customer Personal Data transferred and the copies thereof to Customer or shall destroy all the Customer Personal Data and certify to Customer that it has done so, unless legislation imposed upon Vendor or any Sub-processor, as applicable, prevents it from returning or destroying all or part of the Customer Personal Data transferred. In that case, Vendor warrants that it will guarantee the confidentiality of the Customer Personal Data transferred and will not actively process the Customer Personal Data transferred anymore.