This Data Processing Rider is hereby incorporated into the Agreement to which it is attached. For purposes of this Rider, the Definitions in the Agreement shall apply unless defined below.
Regulated Personal InformationThe parties agree that it is not necessary for FREVVO to receive personal information about individuals that is regulated ("PII") in order to provide the Service to Customer, and that Customer shall be responsible for the PII that it makes available to FREVVO in using the Service. FREVVO shall comply with the requirements of applicable laws that regulate FREVVO's processing of PII. Customer shall indemnify and defend FREVVO from and against any and all claims, allegations, litigations, arbitrations, damages, losses, expenses and costs (including reasonable attorney's fees) that are suffered or incurred by FREVVO as a result of (a) the content of the PII provided to FREVVO, or (b) Customer's breaches of its obligations with respect to PII, whether legal, contractual or otherwise.
Data SafeguardsFREVVO agrees to use commercially reasonable efforts to implement physical, administrative and technical measures and safeguards appropriate for PII in its possession. The safeguards currently in effect are described on FREVVO's website and supplemented by security compliance materials made available by Amazon.com, Inc. regarding the use of its Amazon Web Services platform ("Security Materials"). By using the Service, Customer agrees that the Security Materials describe safeguards that are adequate for Customer's purposes. The Security Materials also describe FREVVO's data encryption practices.
Breaches; Security Incidents; NotificationIn the event that Customer's PII is accessed by unauthorized persons, whether accidentally or intentionally and unlawfully (a "Breach"), FREVVO will notify Customer promptly after learning of the Breach and assessing its scope and severity. FREVVO agrees to cooperate with reasonable Customer requests for information about the Breach, and FREVVO will take those actions required of it by applicable law with respect to the PII Breach. FREVVO will use commercially reasonable efforts to remediate the conditions that resulted in the Breach.
Information AccessIn the event of a Breach and upon reasonable written request from Customer, FREVVO agrees to make available to Customer operational and technical records relating to the storage and processing of that Breached PII that were kept in the ordinary course of business while providing the Service to Customer. This may include, to the extent available, system access logs for systems that store or transmit PII, and a description of the PII that was exposed in the Breach. Notwithstanding anything else to the contrary herein, (i) nothing in this Rider or Agreement will require FREVVO to provide any documentation or information if it violates the privacy, security, or confidentiality of any third party, and (ii) any information or documentation provided by FREVVO to Customer with respect to information privacy, security, or confidentiality shall be deemed proprietary information and Confidential Information of FREVVO.
DestructionUpon termination or expiration of the Service, FREVVO will within a reasonable time thereafter delete the PII in its possession. Customer acknowledges that a copy of PII may temporarily remain in archive or backup systems, and that FREVVO will use commercially reasonable efforts to remove PII from such systems.
Liability; InsuranceFREVVO carries privacy insurance covering Breaches of PII with a limit of at least $1,000,000. Notwithstanding anything contrary, FREVVO's entire liability to Customer with respect to PII made available to FREVVO under the Agreement shall be limited to direct damages actually incurred or suffered by Customer as a direct result of FREVVO's failure to comply with its obligations under this Data Protection Rider, up to the total amount of insurance proceeds paid by FREVVO's insurance carrier for such Breach.
Relation to HIPAAThis Regulated Data Security Rider shall not apply to protected health information, as defined by the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") or the rules and regulations promulgated thereunder, to the extent governed by a business associate agreement (as defined by HIPAA). Customer is prohibited from transmitting or making available to FREVVO any protected health information.
Relation to PCIThis Regulated Data Security Rider shall not apply to protected information, as defined by the Payment Card Industry Data Security Standard ("PCI DSS") or the rules and regulations promulgated thereunder.
Changes in LawThe parties agree to modify or amend this Data Protection Rider as required by applicable law.