Heart Zones is committed to appropriately protecting all information relating to its customers and affiliates, as well as protecting its confidential business information (including information relating to its employees, affiliates, and customers). To achieve this goal and to minimize the risk of loss, theft, or compromise of business or patient-related information, appropriate systems, operating procedures, and policies are in effect and are regularly reviewed and updated.

Heart Zones will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.

Heart Zones will provide such notification to the District by contacting the District’s Data Protection Officer.

Heart Zones will cooperate with the District and provide as much information as possible directly to the District’s Data Protection Officer or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Heart Zones discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Heart Zones has completed or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Heart Zones representatives who can assist affected individuals that may have additional questions.