Sparkler Breach Notification Procedures
Last Updated September 19, 2021
Sparkler will inform Client as soon as possible, and no later than 24 hours after Sparkler knows of any actual or suspected unauthorized access, collection, acquisition, use, transmission, disclosure, corruption or loss of Client Data (a “Security Incident”). Sparkler will remedy each Security Incident in a timely manner and provide Client written details regarding Sparkler’s internal investigation regarding each Security Incident. When permitted by applicable laws Sparkler agrees not to notify any regulatory authority, nor any customer, on behalf of Client unless Client specifically requests in writing that Sparkler does so and Client reserves the right to review and approve the form and content of any notification before it is provided to any party. Sparkler will cooperate and work together with Client to formulate and execute a plan to rectify all confirmed Security Incidents. “Client Data” shall mean any data which Sparkler is provided to by Client or has access to pursuant to an agreement entered into between Sparkler and Client.
To the extent permitted by applicable law, in the event Sparkler receives a request or order from a governmental body (such as a subpoena, court order, or search warrant) seeking data that includes any Client Information, Sparkler will provide sufficient notice to Client to enable Client to seek a protective order or other appropriate remedy.