Laserfiche WebLink
Motorola provides to Customer. Customer must be responsible for any reasonable costs arising <br />from Motorola's provision of such assistance under this Section. <br />7. Data Transfers <br />Motorola agrees that it must not make transfers of Personal Data under this Agreement from one <br />jurisdiction to another unless such transfers are performed in compliance with this Addendum and <br />applicable Data Protection Laws. Motorola agrees to enter into appropriate agreements with its <br />affiliates and Sub -processors, which will permit Motorola to transfer Personal Data to its affiliates <br />and Sub -processors. Motorola agrees to amend as necessary its agreement with Customer to <br />permit transfer of Personal Data from Motorola to Customer. Motorola also agrees to assist the <br />Customer in entering into agreements with its affiliates and Sub -processors if required by <br />applicable Data Protection Laws for necessary transfers. <br />8. Security. Motorola must implement appropriate technical and organizational measures <br />to ensure a level of security appropriate to the risk posed by the Processing of Personal Data, <br />taking into account the costs of implementation; the nature, scope, context, and purposes of the <br />Processing; and the risk of varying likelihood and severity of harm to the data subjects. The <br />appropriate technical and organizational measures implemented by Motorola are set forth in <br />Annex III. In assessing the appropriate level of security, Motorola must weigh the risks presented <br />by Processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized <br />disclosure of, or access to personal data transmitted, stored or otherwise Processed. <br />9. Security Incident Notification. If Motorola becomes aware of a Security Incident, then <br />Motorola must (i) notify Customer of the Security Incident without undue delay, (ii) investigate the <br />Security Incident and apprise Customer of the details of the Security Incident and (iii) take <br />commercially reasonable steps to stop any ongoing loss of Personal Data due to the Security <br />Incident if in the control of Motorola. Notification of a Security Incident must not be construed as <br />an acknowledgement or admission by Motorola of any fault or liability in connection with the <br />Security Incident. Motorola must make reasonable efforts to assist Customer in fulfilling <br />Customer's obligations under Data Protection Laws to notify the relevant supervisory authority <br />and Data Subjects about such incident. <br />10. Data Retention and Deletion <br />Except for anonymized Customer Data, as described above, or as otherwise provided under the <br />Agreement, Motorola must delete all Customer Data no later than ninety (90) days following <br />termination or expiration of the MCA or the applicable Addendum or Ordering Document unless <br />otherwise required to comply with applicable law. <br />11. Audit Rights <br />11.1 Periodic Audit. Motorola will allow Customer to perform an audit of reasonable scope <br />and duration of Motorola operations relevant to the Products and Services purchased under the <br />Agreement, at Customer's sole expense, for verification of compliance with the technical and <br />organizational measures set forth in Annex II if (i) Motorola notifies Customer of a Security <br />Incident that results in actual compromise to the Products and/or Services purchased; or (ii) if <br />Customer reasonably believes Motorola is not in compliance with its security commitments under <br />this DPA, or (iii) if such audit is legally required by the Data Protection Laws. Any audit must be <br />conducted in accordance with the procedures set forth in Section 11.3 of this DPA and may not <br />be conducted more than one time per year. If any such audit requires access to confidential <br />Data Processing Addendum V.2022.12 5 <br />