Book a Demo

Data Processing Addendum

This Data Protection Addendum (“DPA”) supplements and amends theAgreement between Company and Customer. Capitalized terms used in this DPA not defined herein shall have the same meanings as in the Agreement, except that any conflicts or inconsistencies between this DPA and the Agreement shall be interpreted in favor of this DPA.

NOW THEREFORE, inconsideration of the foregoing recitals and the mutual covenants contained herein, the parties, intending to be legally bound, agree as follows:

1.    Definitions:  

 “CCPA” means the California Consumer Privacy Act, Cal. Civ. Code §§ 1798.100et seq, and the California Privacy Rights Act of 2020, as  amended, includingany implementing regulations.

 “CDPA” means the ConnecticutData Privacy Act, S.B. 6, 2022 Gen. Assemb., Reg. Sess. (Conn. 2022), as enacted. 

 “CPA” means the Colorado Privacy Act, CO St. §6-1-1301 et seq, as amended, including any implementing regulations.

 “Business” shall have the meaning set forth in the applicable Data Protection Laws and shall include any similar terms used by the  applicable Data ProtectionLaws.

 “Consumer” shall have the meaning set forth in the applicable Data ProtectionLaws, and shall include any similar terms used by the  applicable DataProtection Laws to describe the natural person who is identified or identifiable by Personal Data.

 “DataProtection Laws” means all laws and regulations of any state or country, as amended or replaced from time to time, applicable to  each respective party relating to the Processing of Personal Data applicable to the Agreement, including, but not limited to, where  applicable,CCPA, CDPA, CPA, UDPA, and VCDPA.

 “PersonalData” shall include Customer Data, and shall have the meaning set forth in the applicable Data Protection Laws and means any  information relating to, or that can be reasonably related to, an identified or identifiable natural person; an identifiable natural person is  one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number,  location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or  social identity of that natural person.

 “Processing” or “Process”means any operation or set of operations which is performed on PersonalData, whether or not by automated  means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure  by transmission, dissemination or otherwise making available, alignment or combination, restriction, or erasure or destruction.

 “Sell” or “Sale” or “Selling” shall have the meaning set forth in the applicable Data Protection Laws.

 “Service Provider” shall have the meaning set forth in any applicable Data Protection Laws, and shall include a“Processor,” as defined in  any applicable Data Protection Laws, and a“Contractor” as defined in CCPA, and any similar terms used by the applicableData Protection  Laws. 

 “Services” means any services provided by Company or the use of Personal Data by Company as described further in the Master  Agreement or Order Form. 

 “SecurityBreach” means any confirmed or demonstrable unauthorized access to or acquisition of Personal Data as described under  applicable laws.  

 “Share” or “Sharing” shall have the meaning set forth in the applicable Data Protection Laws.

 “Sub-Processor”means any person or entity appointed by or on behalf of Company to Process Personal Data on behalf of Customer in  connection with the Master Agreement, and shall include ServiceProviders.

 “UCPA” means the Utah Consumer Privacy Act, S.B. 227, 2022 Gen. Sess. (Utah 2022), as enacted.

 “VCDPA” means the Virginia Consumer Data ProtectionAct, VA St. § 59.1-571, as amended, including any implementing regulations.

 Capitalized terms used but not defined herein or in the Master Agreement have the meanings attributed to them in the applicableData  Protection Laws.

2.    The Parties’ Rights and Obligations 

 a.  Customer is disclosing the Personal Data for Company to Process the Personal Data for the limited and specified purposes set forth  within the Agreement. 

 b.  Customer shall be solely responsible for the accuracy, quality, integrity, and legality of the Personal Data it provides to Company, or  allows Company to Process on its behalf, pursuant to the Agreement. Customer expressly warrants that it has or will obtain any legally  required consents or authorizations. Customer shall provide Company immediate notice with any material changes to its privacy policy  or similar disclosures, if such changes materially affect Company’s Processing of the Personal Data under the applicable Data Protection  Laws. 

 c.  Company acknowledges and agrees to the following provisions: