DayOne

Data Security Policy

  1. Use of Customer Data. DayOne and DayOne Personnel may access, transmit, receive, collect, generate, use, store, process and share the Customer Data during the Term strictly to the extent necessary to provide the Services or as otherwise instructed or permitted in writing by Customer.
  2. Restrictions on Use. DayOne may not use Customer Data for any purposes, including (a) selling, renting, transferring, sublicensing, sharing or preparing derivative works in any form; (b) re-identifying or de-anonymizing, or attempting to do so with, any Customer Data or usage data, or any portions thereof; (c) deleting or modifying any Customer Data; or (d) disclosing Customer Data or any related summaries or reports to any third party.
  3. Disabling Access Credentials. DayOne shall disable the access credentials of any DayOne Personnel with access to Customer Equipment or Customer Data whose engagement or employment is terminated within 24 hours of such termination.
  4. Access to Customer Equipment. DayOne may access and use Customer Equipment only to the extent necessary to perform the Services. The parties will jointly determine the nature and extent of GDS’s access to, or use of, Customer Equipment. Unless expressly authorized by Customer, DayOne shall not download or install any software onto Customer Equipment. DayOne shall not tamper with, compromise, or circumvent any Customer security or audit measures.
  5. Security Incident. DayOne shall notify Customer within 48 hours of becoming aware of any unauthorized access, use, damage, destruction, alteration, loss or disclosure of, Customer Data (each, a “Security Incident”). Upon the discovery of a Security Incident, DayOne shall: (i) immediately investigate and take all reasonable steps to mitigate any potential damages and remediate the cause of the Security Incident; (ii) provide Customer with full details of the cause and impact of any Security Incident and provide updates on any material developments or findings; (iii) take all reasonable actions to prevent any similar reoccurrence; (iv) cooperate with Customer in its efforts to investigate, remediate and mitigate the effects of the Security Incident and fulfil its notification obligations; and (v) cooperate with Customer with respect to any litigation and/or investigation by or against third parties in connection with the Security Incident.
  6. Upon termination or expiration of the Agreement, DayOne will return or destroy all Customer Data at the request of the Customer, and if the Customer chooses to destroy it, DayOne will issue proof that it has destroyed all of the Customer Data, copies thereof, and backups thereof.
  7. DayOne shall bear no responsibility for any damages arising from the acquisition of false, misleading, inaccurate, or incomplete data, and shall likewise bear no responsibility for damages unrelated to the actions of DayOne's personnel.
  8. DayOne shall not assume liability for any security incidents, including data leakage, resulting from the Customer's actions or inactions (e.g., unauthorized internal access, password leakage, operational errors, etc.). Customer shall be solely responsible for safeguarding the security of the Customer Equipment and Customer Data.
divider