Terms of Service
1. INTRODUCTION
1.1 These Terms of Service for Securitas Risk Intelligence Center Services (the “Terms”) govern the Subscriber’s purchase and use of risk intelligence services provided or offered by Securitas Intelligent Services AB (“Securitas”). Such services are hereinafter referred to as the “Services”. For the purpose of these Terms, the “Subscriber” shall mean the company or organization subscribing for the Services.
1.2 By making a purchase of the Services, the Subscriber (a) specifically agrees to these Terms, (b) guarantees that any information provided in the process of making the purchase is correct, and (c) warrants that the individual subscribing for the Services on behalf of the Subscriber is legally authorized to do so.
1.3 These terms also govern the Subscriber’s use of any digital services and products, including all associated features and functionalities, websites and user interfaces made available by Securitas (collectively the “Digital Services”). Unless otherwise is explicitly set out in this Agreement, the term “Digital Services” shall be considered included in the term “Services”.
2. DESCRIPTION OF THE SERVICES AND USE OF REPORTS
2.1 Through the Services, the Subscriber is provided with reports and/or alerts regarding selected security events (“Reports”). The Subscriber agrees and acknowledges that (a) Securitas, based on its expertise, may determine what to include and/or exclude in provided Reports, (b) Securitas cannot guarantee that all security events relevant for the Subscriber will be included in the Reports, (c) the Reports as such will not prevent security events from occurring, and (d) Securitas cannot guarantee that all information in the Reports is correct or complete.
2.2 By making a purchase, the Subscriber is granted a non-exclusive right to receive the Reports during the term of the subscription. The Reports are produced solely for information purposes and do not constitute any advice or recommendation by Securitas for the Subscriber to implement (or not to implement) any general or specific security measures. The Subscriber is solely responsible for its own decisions on security measures and other actions and must always make such decisions independently and based on its own investigations and risk assessments. The Subscriber is at all times solely responsible for its own outcome of using the Reports, including the lawfulness of such.
2.3 The information in the Reports is provided for the Subscriber’s internal use and is not to be used for commercial purposes.
2.4 The Subscriber may designate selected registered employees within the Subscriber’s corporate group that should receive a copy of the Reports (“Recipients”). The Subscriber agrees and acknowledges that the Subscriber is fully responsible for the Recipient’s use of the Reports and that such usage must be in line with these Terms. The Subscriber’s and the Recipients’ usage of the Reports is subject to any and all restrictions imposed in these Terms or otherwise by Securitas from time to time. The Subscriber may not designate a Recipient or in any other way make the Reports available to a natural person or legal entity established in any of the following countries or regions: Belarus, Cuba, Libya, Iran, Myanmar (Burma), North Korea (DPRK), Russia, Sudan, Syria, Venezuela, Yemen or the regions of Crimea, Donetsk and Luhansk in Ukraine.
2.5 The Subscriber agrees and acknowledges that it is the Subscriber’s responsibility to ensure that it has procured the necessary hardware and/or software and obtained any required licenses to receive the Reports and use the Services. Securitas is not responsible for any failure for the Subscriber to receive the Reports that is due to circumstances outside Securitas’ or its engaged subcontractors’ control.
3. PAYMENT
3.1 The Subscriber must pay the agreed fee for the Services. The fee for the Services is exclusive of value added tax and paid in advance. To the extent Securitas offers payment by invoice, all invoices shall be paid thirty (30) days net from the date of the invoice. Securitas may change the applicable fee for the Services with fourteen (14) days’ prior written notice (e-mail being sufficient) to the Subscriber. The changed fee will commence to apply for the upcoming subscription period.
3.2 In the event of any overdue payment, late payment interest in accordance with applicable law may be charged from the due date of the payment. Payment reminders may be subject to a certain fee.
3.3 Securitas uses a third-party payment service provider to process the Subscriber’s payment of the agreed fee. The Subscriber’s usage of such third-party services shall be in accordance with any terms adopted and implemented by such service provider. Securitas shall not be held responsible for any loss or damage incurred by the Subscriber due to (a) the payment provider's acts or omissions, or (b) any failure in the processing of funds due to circumstances outside the control of Securitas.
4. INTELLECTUAL PROPERTY RIGHTS
4.1 Right to Reports. The Subscriber is not granted any right to the Reports and its contents other than what is explicitly stipulated in these Terms. All rights pertaining to the Reports and its contents, including copyright and any other intellectual property rights, are owned or licensed by Securitas or a company within Securitas’ corporate group, and/or its licensors or contractors. Copyright notices and any other notices on ownership in the Reports or relating documentation must be preserved and may not be removed or altered by the Subscriber or a Recipient.
4.2 Digital Services. Subject to these Terms and payment of applicable fees, the Subscriber is granted a non-exclusive, non-sublicensable, non-transferable, fully revocable and limited right to permit its end-users to use the Digital Services for the Subscriber’s internal business purposes. The Digital Services including any software applications therein are not sold or transferred. Access rights granted may not be transferred, assigned or licensed in whole or in part or disposed of in any other way than is explicitly permitted by this Agreement. All rights pertaining to the Digital Services including any software applications therein, and its contents, including copyright and any other intellectual property rights pertaining to the development of, the basis for and the compiling of contents, in the Digital Services, even after installation on any device, are owned or licensed by Securitas or a company within the Securitas Group, and/or its licensors or contractors.
4.3 Trademarks. Securitas is entitled to use the Subscriber’s name and trademarks for marketing purposes, such as referring to the Subscriber as a client online, in press releases or in other marketing materials. Securitas agrees that the Subscriber may revoke or limit Securitas’ right to use such names and trademarks by providing written notice. Securitas grants no license to Securitas’ or the Services’ trademarks, product names or other brand names used by Securitas.
4.4 Feedback. If the Subscriber or a Recipient provides any feedback, ideas, suggestions, enhancement requests or recommendations to an entity within Securitas’ corporate group regarding the Services, including any data or other information pertaining to or derived from the Subscriber’s or a Recipient’s use of the Services and/or Reports (“Feedback”), the Subscriber acknowledges that all rights including any intellectual property rights to such Feedback shall be immediately and irrevocably assigned to Securitas without restriction and without any right for the Subscriber or the Recipient to any payment or other consideration. Securitas shall own all rights, title and interests in such Feedback, and such rights include but is not limited to the right for Securitas and its group companies to use, amend, translate, create derivative works from, distribute and modify such Feedback or let a third party do so on Securitas’ behalf and to transfer or license any such Feedback to third parties. Securitas and its group companies retain the right to aggregate, process and use any Feedback, regarding the use of the Services and/or Reports, in order to develop and improve the Services and/or Reports. Any trademark, logotype or other information identifying the Subscriber and/or any product or service offered by the Subscriber will be removed before any Feedback is shared outside Securitas’ corporate group.
5. PRIVACY
5.1 Securitas as data controller. In order to provide the Services, Securitas will need to process certain personal data, such as the contact details of the Recipients. Securitas processes such details as data controller. Details in relation to these processing activities can be found in the Privacy Notice as updated from time to time. The Subscriber is responsible for ensuring that all Recipients have obtained access to the Privacy Notice.
5.2 Securitas as data processor. In the event Securitas processes any personal data as a data processor on behalf of the Subscriber, the rights and obligations of the parties and the details of such processing shall be set forth in Appendix A, Data Processing Agreement.
6. DIGITAL SERVICES
6.1 Use of the Digital Services. The Subscriber agrees and acknowledges that the Subscriber is fully responsible for its end-users’ use of the Digital Services and that such usage must be in line with the Terms.
6.2 Subscriber content. All intellectual property rights to any content input or uploaded to the Services by the Subscriber shall remain with the Subscriber and/or its licensors or contractors. The Subscriber hereby grants to Securitas and its group companies a non-exclusive, non-sublicensable, non-transferable and limited right to use such content as strictly necessary to provide the Digital Services. Provided any information identifying the Subscriber and/or any end-user is removed, Securitas shall be entitled to aggregate, process and use any such content in anonymized and/or aggregated form in order to develop and improve the Digital Services or the Securitas Group’s other service offerings.
6.3 Technical pre-requisites. To function properly the Digital Services may require access to services or other technical pre-requisites provided by other parties than Securitas, such as network connections or devices. The Digital Services might not be compatible with all services or devices and the Subscriber recognizes that there may be limitations such as on which types of devices or on which browsers that the Digital Services are fully functional. Securitas may from time to time publish technical pre-requisites for the use of the Digital Services. The Subscriber must adhere to such technical pre-requisites.
6.4 No warranty. Securitas will reasonably endeavor to keep the Digital Services available and well-functioning and further undertakes to implement reasonable market standard technical security measures in the Digital Services to protect the Digital Services, the Subscriber and the end-users against anticipated threats, unauthorized access and/or unintentional loss of data. The Digital Services are however provided “as is”, with all faults and without warranty of any kind. To the maximum extent permitted by applicable law and except as expressly stated in this Agreement, Securitas makes no warranties or representations, whether expressed or implied with regard to the Digital Services and expressly disclaims any and all expressed, implied or statutory warranties, including, without limitation, any warranties of merchantability, of satisfactory quality, functionality, fitness for a particular purpose, availability, accuracy, freedom from malicious code, viruses, worms or other malware, of title, non-infringement of third party rights and any warranties arising from a course of dealing, course of performance, or usage of trade, with regard to the Digital Services. Securitas does not warrant that the Digital Services will meet certain requirements. Securitas aims to maintain the Digital Services well-functioning, but do not assume responsibility for malfunctions, failures, or difficulties with the Digital Services or that these may be resolved.
6.5 Additional terms for Digital Services. In addition to this Agreement, any and all Digital Services provided to the Subscriber shall be governed by the applicable terms and documents for published and made available by Securitas on this web page. In the event of any conflict or inconsistency between such terms and documents and this Agreement, such terms and documents shall prevail.
6.6 Decommission. Securitas reserves the right to decommission, and thus cease providing, the Digital Services during the Subscription Period provided that (a) the Digital Services are being decommissioned for all clients or that similar general business decisions have been made by the Securitas Group, and (b) that Securitas, where reasonably possible, provides at least sixty (60) days’ prior written notice.
7. AMENDMENTS
7.1 Securitas reserves the right to amend these Terms or the Services from time to time, effective immediately. The most recent version of the Terms will be published online. In the event the Subscriber does not wish to continue to subscribe to the Services under such new version of these Terms, the Subscriber may terminate the Services by either (a) actively notify Securitas in writing within thirty (30) days from the changed version entered into effect, or (b) choose not to renew the subscription for the next subscription period. In the event the Subscriber chooses to actively notify Securitas, the subscription will terminate forthwith, the new version of the Terms shall not be deemed to have applied during the period between the effective date of the new version of the Terms and Securitas’ receipt of the Subscriber’s notification, and the Subscriber will receive a proportionate re-fund of any paid but unused fees.
7.2 These Terms are provided only in the English language and if the Subscriber would like to retain a copy of the current version of the Terms, the Subscriber may download a copy of the Terms.
8. LIMITATION OF LIABILITY AND INDEMNIFICATION
8.1 Securitas’ aggregate and total liability towards the Subscriber shall be limited to an amount equivalent to the fees paid by the Subscriber during the six (6) months preceding the event giving rise to the liability. In the event these Terms have not been in effect for six (6) months at the time of the event, the average monthly fee for the Subscriber shall be calculated and multiplied by six (6).
8.2 To the extent not prohibited by law and notwithstanding anything contrary herein, in no event shall Securitas be liable for any incidental, special, exemplary, direct, indirect or consequential damages whatsoever, including, without limitation, damages for loss of use, loss of data, loss of business, loss of actual or anticipated profits or savings (including loss of contract), loss of opportunity, business interruption or any other pecuniary or commercial damages or losses, arising out of or related to the Subscriber’s and/or a Recipient’s use or inability to use the Reports and/or Services (including, for the avoidance of doubt, any decisions made or action taken or not taken based on information provided in the Reports), however caused, regardless of the theory of liability (contract, tort, including negligence or otherwise) and even if Securitas has been advised of the possibility of such damages.
8.3 Any claims towards Securitas must be made by the Subscriber in writing and without undue delay after the Subscriber has discovered or should have discovered the circumstances giving rise to the claim, which for the avoidance of doubt at all times must be within six (6) months from the occurrence of the circumstances giving raise to the claim, after which any potential claim shall be forever barred.
8.4 The limitations of liability set forth in this section 8 shall not apply in the event and to the extent Securitas’ liability towards the Subscriber (a) is caused by gross negligence or willful misconduct, (b) is caused by personal injury and such liability is not possible to limit under applicable laws and regulations, or (c) cannot be limited under applicable laws and regulations.
8.5 The Subscriber undertakes to indemnify and hold Securitas harmless from any costs, damages or losses incurred by Securitas due to a third-party claim being filed against Securitas based on any breach by the Subscriber (including its Recipients) of section 2 or section 10 of these Terms.
9. FORCE MAJEURE
9.1 Neither party shall be liable towards the other party for failing to perform its obligations under the Terms, if and to the extent such failure is due to circumstances outside such party’s or its suppliers’ control, including but not limited to war and mobilization, natural disaster, epidemic, lockout or other labor market conflict, lack of natural resources, fire, damage to equipment, revised governmental regulations, governmental interference, outage in the public transport, including energy supply, and import and export restrictions and other prohibitions outside the party’s control (“Force Majeure”).
9.2 Any party wishing to invoke Force Majeure must without undue delay inform the other party in writing of the occurrence of Force Majeure.
10. SANCTIONED OWNERSHIP AND ACTIVITIES
10.1 The Subscriber represents and warrants (a) that it is not listed on, or owned (whether directly or indirectly) or controlled by a legal entity or natural person listed on, a Sanctions List, and (b) that the Subscriber will not make the Services or the Reports available to any such legal entity or natural person.
10.2 For the purposes of these Terms, “ownership” and “control” have the meaning given to them in the applicable Sanctions or in any official guidance in relation to such Sanctions. The Subscriber furthermore represents and warrants that it does not, directly or indirectly, engage, without prior authorization from a competent authority (where permitted), in activities that are prohibited by Sanctions. The Subscriber acknowledges that any breach of this section of the Terms allows Securitas to terminate these Terms immediately. “Sanctions” shall mean any economic or financial sanctions or trade embargoes or other equivalent restrictive measures imposed, administered or enforced from time to time by any of the European Union, the governments of other member states of the European Union, the United Nations Security Council, the United States government or an United States agency (including OFAC, the US State Department, the US Department of Commerce and the US Department of Treasury) or the equivalent regulator of any other country which is relevant to these Service Terms. Furthermore, “Sanctions List” shall mean any of the lists of specifically designated nationals or designated persons or entities (or equivalent) in relation to Sanctions, each as amended, supplemented, or substituted from time to time.
11. TERMINATION AND SUSPENSION
11.1 These Terms apply from the date of purchase and shall remain effective until terminated for convenience by either party provided that written notice (e-mail or use of designated functionality for the purpose being sufficient) is given prior to the commencement of the next subscription period.
11.2 Securitas shall furthermore be entitled, without prior notice, suspend or terminate the Subscriber and/or Recipients from receiving the Reports or using the Service, effective immediately, if:
(a) Securitas has a substantiated reason to suspect that the Subscriber and/or a Recipient is using the Service and/or Reports in a manner contrary to the Terms,
(b) Securitas deems in its sole discretion that the Subscriber’s and/or a Recipient’s use of the Service and/or Reports poses a security risk to Securitas and/or another client or otherwise puts Securitas at risk of incurring any damage,
(c) the Subscriber’s payment is overdue, until any and all overdue payments are made (Securitas will however not terminate these Terms unless the Subscriber’s payment is more than fourteen (14) days overdue),
(d) a change in applicable laws or regulations causes a material change to, or has a material effect on, Securitas’ ability to provide the Services to the Subscriber, and/or
(e) the Subscriber breaches section 10 above.
11.3 Each party is furthermore entitled to terminate the Terms forthwith if the other party:
(a) commits a material breach of the Terms and does not cure the breach (if curable) within twenty (20) days following the receipt of a written notice (e-mail being sufficient) from the other party specifying the breach, and/or
(b) goes into liquidation procedure, applies for or is subject to bankruptcy, cancels its payments or in any other way can be expected to be, or going to be, insolvent.
12. GOVERNING LAW AND DISPUTES
These Terms shall be governed by Swedish law. Any dispute, controversy or claim arising out of or in connection with these Terms, or the breach, termination or invalidity thereof, shall be finally settled by arbitration in accordance with the Rules for Expedited Arbitrations of the Arbitration Institute of the Stockholm Chamber of Commerce. The seat of arbitration shall be Stockholm, Sweden. The language to be used in the arbitral proceedings shall be English.
13. MISCELLANEOUS
13.1 Subcontractors. Securitas is entitled to use sub-contractors in the delivery of the Services. A sub-contractor may be a company within Securitas’ corporate group or a third party. Securitas may, subject to these Terms and applicable rules and regulations, share information about the Subscriber or Recipients to the extent that is necessary to deliver the Services. Securitas remains fully responsible for its sub-contractors.
13.2 Confidentiality. During the term of the subscription and for a period of three (3) years thereafter, each party undertakes not to disclose information to any third party regarding the other party’s activities which may be deemed business or professional secrets without the other party’s consent. Information which the party states to be confidential shall always be deemed to be a business or professional secret. The confidentiality obligation does not include such information which a party can prove has come to its knowledge in any other way than via these Terms, or which is in the public domain. Nor does the confidentiality obligation apply when a party is statutorily required to disclose the information. A party shall ensure that confidentiality as set forth herein is observed by obtaining confidentiality understandings from personnel, or by other appropriate measures. Each party is responsible for ensuring that engaged sub-contractors and their relevant employees are also bound by confidentiality undertakings having equivalent effect. This clause shall not limit Securitas’ possibilities to share information within Securitas’ corporate group.
13.3 No waiver. No failure, omission or delay by Securitas in exercising any right or remedy under Terms will operate, or be deemed to operate, as a waiver of any such right or remedy.
13.4 Assignment. The Subscriber may not assign or transfer its rights under the Terms to a third party without Securitas’ prior written approval. Each new party to the Terms shall confirm in writing that it accepts the Terms. Securitas may, in whole or in part, assign or transfer its rights and obligations according to the Terms to another legal entity within Securitas’ corporate group. In such case, Securitas must inform the Subscriber in writing.
13.5 Contact information. Any questions concerning the services provided or these Terms may be directed to Securitas shall be sent by e-mail to ric@securitas.com or by regular mail to Securitas Intelligent Services AB, Box 12307, 102 28 Stockholm, Sweden.
To know more about how Securitas works with compliance, corporate governance, business ethics and sustainability, please visit securitas.com.
Appendix A – Data Processing Agreement
1. INTRODUCTION
1.1 This Data Processing Agreement (the “DPA”) constitutes Appendix A under the Terms. This DPA applies to any and all processing of personal data conducted by Securitas on behalf of the Subscriber, under the Terms. The Terms are incorporated into this DPA by reference.
1.2 This DPA is complemented by the Details of processing and sub-processors, which constitute an integral part of this DPA. The Details of processing and sub-processors for the Details of processing and sub-processors for the Digital Services are available here.
2. DEFINITIONS
In addition to the terms defined elsewhere in the Terms, the following terms shall have the meaning set out below:
“GDPR” means the General Data Protection Regulation (EU) (2016/679) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data;
“Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed by Securitas;
“Relevant Data Protection Legislation” means the GDPR or other applicable data privacy/protection laws and regulations; and
“Sub-processor” has the meaning given to it in section 6.1.
2.1 The terms, “third country”, “Member State”, “data subject”, “personal data”, “processing” and “supervisory authority” shall have the same meaning as in Relevant Data Protection Legislation, and their cognate terms shall be construed accordingly.
3. GENERAL PROVISIONS
3.1 Each party undertakes to only process personal data in accordance with Relevant Data Protection Legislation.
3.2 Securitas undertakes to only process personal data in accordance with the Subscriber's instructions. Securitas shall not deviate from the Subscriber's instructions, including with regard to transfers of the personal data to a third country or an international organization, unless and only to the extent that Securitas is required to do so to comply with legislation to which Securitas is subject, and in such case Securitas shall inform the Subscriber of the legal requirement prior to conducting the processing, unless the applicable legislation prohibits Securitas to provide such information.
3.3 Securitas shall immediately inform the Subscriber if, in its opinion, an instruction infringes Relevant Data Protection Legislation.
4. SECURITAS OBLIGATION TO ASSIST
4.1 Securitas shall, by technical and organizational measures and others and insofar as this is possible, assist the Subscriber to fulfill its obligations to ensure that data subjects can exercise their rights in accordance with Relevant Data Protection Legislation. Securitas shall also assist the Subscriber in relation to the Subscriber’s obligations under Articles 32–36 of the GDPR.
4.2 Securitas shall be entitled to reasonable compensation for any time spent and any costs and expenses incurred due to the fulfilment of the obligations in this section 4.
5. SECURITY
5.1 Securitas undertakes to, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing and the risk of varying likelihood and severity for the rights and freedoms of natural persons, implement technical and organizational measures in relation to personal data processed on behalf of the to ensure a level of security appropriate to that risk.
5.2 Authorization to access the personal data shall be limited to those persons who need access in order for Securitas to meet its obligations under the Terms and this DPA. Securitas shall keep all personal data strictly confidential and ensure that all individuals (such as employees) authorized to process personal data have undertaken to comply with confidentiality obligations in respect of personal data or are under an appropriate statutory obligation of confidentiality.
6. SUB-PROCESSORS
6.1 Securitas has the Subscriber’s general authorization for the engagement of the processor(s) or sub-contractor(s) specified in the Details of processing and sub-processors (each a “Sub-processor”).
6.2 Securitas shall inform the Subscriber of any intentions to add or replace a Sub-processor in the list in the Details of processing and sub-processors. Such information must be given at least thirty (30) days before such Sub-processor(s) commences any processing of personal data and may be given by updating the Details of processing and sub-processors. The Subscriber shall without undue delay and in any event within twenty (20) days after receiving such information object to any changes with regards to added or replaced Sub-processors if the Subscriber has reasonable grounds to doubt the new Sub-processor’s ability to comply with applicable Relevant Data Protection Legislation. In the event the Subscriber objects, the parties shall collaborate in good faith to find a feasible solution.
6.3 Where Securitas engages a Sub-processor, it shall do so by way of a contract which imposes on the Sub-processor, in substance, the same data protection obligations as the ones imposed on Securitas in accordance with this DPA. Securitas shall remain fully responsible to the Subscriber for the performance of the Sub-processor’s obligations.
7. AUDIT RIGHTS
7.1 Securitas shall upon the Subscriber’s request provide the Subscriber with all information necessary for the Subscriber to demonstrate Securitas's compliance with Securitas’s obligations laid down in this DPA. Such request may be made once per calendar year or if the Subscriber has reasonable and documented grounds to assume that Securitas is not fulfilling its obligations under this DPA.
7.2 In the event the Subscriber, despite receiving the information stated in section 7.1 above, has reasonable and documented grounds to assume that Securitas is not fulfilling its obligations under this DPA, the Subscriber may, by itself or through an independent third party auditor (not being a direct competitor to Securitas) mutually agreed to by the Subscriber and Securitas, audit Securitas' processing of personal data and review whether Securitas' processing of personal data is conducted in accordance with this DPA. Securitas shall assist the Subscriber and/or the appointed independent third-party auditor in conducting such audit, contribute to such audit and provide access to relevant parts of Securitas' venues and computer equipment to the extent necessary considering the purpose of the audit and provided Securitas may do so according to applicable contracts and/or laws.
7.3 The Subscriber shall notify Securitas in writing at least thirty (30) days prior to any audit. Such audit shall be conducted during normal business hours without disrupting Securitas' operations. The Subscriber and/or the independent third-party auditor shall adhere to Securitas' work rules, security requirements, standards and proposed confidentiality undertakings when conducting an audit.
7.4 Each party shall bear its own costs associated with audits conducted in accordance with this section 7.
8. INTERNATIONAL TRANSFER OF DATA
Securitas may only transfer personal data outside the EU/EEA, or hire a Sub-Processor to process personal data outside the EU/EEA, if Securitas has ensured that such transfer complies with Relevant Data Protection Legislation. At the request of the Subscriber, Securitas shall provide documentation showing the applicable legal grounds for the transfer.
9. PERSONAL DATA BREACH
If Securitas becomes aware that a Personal Data Breach has occurred, Securitas shall without undue delay provide the Subscriber with written notice hereof. Securitas shall, furthermore, without undue delay in relation to such written notice, provided that Securitas has access to such information, provide the Subscriber with:
a) a description of the nature of the Personal Data Breach, including the categories and number of data subjects concerned, and the categories and number of personal data records concerned;
b) the name and contact details to the relevant contact within Securitas from whom more information may be obtained;
c) a description of the likely consequences of the Personal Data Breach; and
d) a description of the measures taken or proposed to be taken, if any, by Securitas to address the Personal Data Breach, including, where appropriate, measures to mitigate its possible adverse effects.
10. DELETION OR RETURN OF PERSONAL DATA
10.1 Subject to this section 10, Securitas shall, on the termination of this DPA, cease to process the personal data processed on behalf of the Subscriber.
10.2 Subject to section 10.3, Securitas shall after the Terms are terminated or expires or after the end of the provision of services relating to the processing of the personal data, without undue delay and in any event no later than one (1) month thereafter delete or return personal data processed by Securitas on behalf of the Subscriber. If personal data shall be returned, it shall be returned in a common readable format agreed between the parties.
10.3 Securitas may only retain data including personal data after the termination of this DPA to the extent required by applicable EU or Member State law and only to the extent and for such period as required by applicable EU or Member State law and always provided that Securitas ensures the confidentiality of all such data including personal data and ensures that such personal data is only processed as necessary for the purpose(s) specified by applicable EU or Member State law requiring its storage and for no other purpose.
11. TERM AND TERMINATION
This DPA shall remain in force until the Terms are terminated or expires. Even if the Terms expires, the terms and conditions of the Terms shall remain in force until the respective obligations of the parties thereunder have been duly completed (and be subject to the relevant terms of this DPA and the Terms notwithstanding the fact that the same have expired).