PRIVACY BEE PROVIDES ITS SERVICE SOLELY ON THE TERMS AND CONDITIONS SET FORTH IN THIS AGREEMENT AND ON THE
CONDITION THAT THE CLIENT ACCEPTS AND COMPLIES WITH THEM. BY EXECUTING THIS AGREEMENT, OR OTHERWISE CLICKING
THE “ACCEPT” BUTTON, THE CLIENT (A) ACCEPTS THIS AGREEMENT AND AGREES THAT IT IS LEGALLY BOUND BY ITS TERMS;
AND (B) REPRESENTS AND WARRANTS THAT: (I) IF AN INDIVIDUAL, THE CLIENT IS OF LEGAL AGE TO ENTER INTO A
BINDING AGREEMENT; AND (II) IF OTHER THAN AN INDIVIDUAL, THE CLIENT IS A CORPORATION, GOVERNMENTAL
ORGANIZATION OR OTHER LEGAL ENTITY, AND THE INDIVIDUAL ENTERING INTO THIS AGREEMENT HAS THE RIGHT, POWER,
AND AUTHORITY TO ENTER INTO THIS AGREEMENT ON BEHALF OF THE CLIENT ORGANIZATION AND SUCH ORGANIZATION WILL
BE AND IS BOUND TO ITS TERMS. IF THE CLIENT DOES NOT AGREE TO THE TERMS OF THIS AGREEMENT, THEN PRIVACY BEE
WILL NOT AND DOES NOT AGREE TO PROVIDE SERVICES TO THE CLIENT, AND THE CLIENT MUST NOT USE THE SERVICES.
For good and valuable consideration, the receipt and sufficiency of which is hereby
acknowledged, you and Privacy Bee hereby agree as follows:
Definitions. For all
purposes of this
Agreement, the following terms shall have the meanings set forth below:
- “Confidential Information” means any information that is disclosed, provided or made
accessible
by, or on behalf of, one Party to the other Party in connection with this Agreement, and which is
identified as “confidential” or “proprietary” or which, given the nature of the information or
material, or the circumstances surrounding the disclosure or provision, reasonably should be
understood to be confidential or proprietary (including any Client Data, proprietary strategies,
specifications, reports, analyses, pricing, trade secrets, data, or reports used by us in performing
Services, and any other information or material expressly identified by the Disclosing Party as being
proprietary or confidential or that a reasonable person in the place of the Receiving Party would
recognize as being proprietary or confidential information of the Disclosing Party). Notwithstanding
the foregoing, the term “Confidential Information” shall not include any information that (i) is or
becomes generally available to the public other than as a result of an unauthorized disclosure by the
Receiving Party or any of its directors, officers, managers, shareholders, members, agents or
contractors (“Representatives”) or by any other person or entity owing a duty of
confidentiality to
the Disclosing Party with respect to such information; (ii) can be shown was already known to the
Receiving Party on a non-confidential basis prior to its being disclosed by the Disclosing Party to
the Receiving Party; (iii) is disclosed to the Receiving Party by a third-party where such disclosure
is made without violating any confidentiality obligation owed by such third-party to the Disclosing
Party, or (iv) is developed by the Receiving Party without reliance upon or use of any of the
Confidential Information. For purposes of this Agreement, ‘Confidential Information of a Party’ means
information of such Party, disclosed or otherwise provided by or on behalf of such party (the
“Disclosing Party”) to the other Party (the “Receiving Party”) orally, electronically,
in writing, or
otherwise, under circumstances reasonably indicating that it is confidential or proprietary.
- “Client Data” shall mean and shall include any of Client’s Confidential Information, and any
Personally Identifiable Information relating to any Participants, customers, end users or employees of
the Client, its suppliers or contractors, to which Privacy Bee has or may have access in connection
with the operation or administration of its Services, or in connection with the performance thereof
for the Client under this Agreement.
- “Fee” or “Fees” shall mean the amount that the Client agrees to pay Privacy Bee in
compensation for Services rendered as set forth herein. Fees shall also include any additional
expenses specified and agreed to in this Agreement or in any Order issued hereunder.
- “Law” means any applicable provisions of laws, statutes, ordinances, rules, regulations,
permits, certificates, judgments, decisions, decrees, or orders of any governmental authority
applicable to such Person. “Law” shall be defined broadly to include laws applicable to the United
States of America and foreign countries.
- “Order” means any Order, including the first Order submitted in connection with this
Agreement, to which these Terms are attached, or any other similar order for Services issued
hereunder, that is accepted and executed by the Parties hereto. For the avoidance of doubt, an Order
may be submitted as a physical form, or may be entered into by binding ‘click-wrap’ agreement between
the Parties, and each of the same shall be considered as an effective Order issued hereunder, for all
legal purposes.
- “Participants” means the Client, the Client’s employees, contractors or affiliated personnel,
as well as certain spouses, members, or subscribers, depending on the Client’s intended use of the
Services, as selected in the applicable Order, and as described herein.
- “Personally Identifiable Information” or “PII” means information that, by itself, can
be used to identify a specific individual. PII shall include a person’s name, address, phone number or
e-mail address.
- “Services” shall mean the consumer privacy suite of services provided by Privacy Bee for the
Client as set forth in any Order issued pursuant to this Agreement, as more particularly described in
Section 2 hereof.
- “Service Terms” means any additional terms and conditions that are applicable to the use of
the specific Services ordered by the Client, and that are detailed in one or more Addenda, attached to
these Terms. In the event of any conflict between these Terms and any Service Terms, the Service Terms
shall control, unless these Terms expressly state to the contrary.
- “Term” means the term of this Agreement, which begins on the Effective Date and runs through
the date of the last effective Order issued hereunder, or its earlier termination.
Services.
2.1 Generally.
(a) Privacy Bee provides a variety of privacy services for its customers’ Participants. The Client’s
receipt of the Services will include basic (scan only) account access for all of the Client’s
Participants, and will offer additional features and services based on the access tier selected by the
Client. During the Term (as defined in Section 8.1), the Client may offer its eligible
Participants the
opportunity to enroll in one or more of the Services. To the extent requested by the Client, Privacy Bee
will provide its commercially reasonable assistance with the marketing of the Services to the Client’s
Participants. This may include onboarding, training, and support, over customary channels, including,
but not limited to, e-mail, phone, video demonstrations and live chat. To the extent eligible
Participants accept such Service offers, Privacy Bee shall enroll such eligible Participants as
Participants in accordance with Privacy Bee’s enrollment processes.
(b) Privacy Bee bases its pricing on both (i) Participant license numbers purchased (the maximum number
of Participants that the Client may have), and (ii) the Services available to such Participants that are
selected by the Client. The Client may not exceed the maximum number of Participants in its selected
tier (but the Client may have as few Participants, at any given time, as it may wish). The Client will
not be charged differentially based on the number of actual active Participants that it has at any one
given time (within the selected tier).
(c) At any time during the Term, the Client may use its account administrator interface to upgrade
either its Participant license quantity and/or the Services selected. The Client may select between and
among the Participant license quantity and the Services selection(s) by using Privacy Bee’s website,
from time to time, and each active selection will constitute an Order. Occasionally, Privacy Bee may
provide the Client, directly, with a custom-made proposal for Services, which the Client can choose to
select or decline, at the Client’s election. For the avoidance of doubt, the Client shall have no
right,
at any time, to downgrade any aspect of any Order, while the Order term is still in effect (including
the Participant license quantity or the Services selections).
(d) For the avoidance of doubt, Privacy Bee shall be providing the Services directly to the
Participants. Any change to any of the Services that constitutes a material reduction of benefits to
Participants, shall be subject to reasonable prior notice to the Client by Privacy Bee, except to the
extent any such change is made by Privacy Bee to comply with applicable legal requirements or to avoid
infringement of third-party intellectual property rights.
(e) From time to time, Privacy Bee may invite the Client to try certain Service features that are
expressly identified as “Beta”, “Alpha”, “Pre-Release”, or similar designations, or
that are otherwise
expressly identified as unsupported (“Beta Services”). Beta Services may be subject to additional
Service Terms.Notwithstanding anything to the contrary in the Agreement, the Client acknowledges and
agrees that any Beta Services are provided on an “as is” and “as available” basis without any liability
and indemnity obligations, warranty, support, maintenance, or service level obligations of any kind. The
Company does not guarantee that future versions of any Beta Services will be released or that, if such
Beta Services are made generally available, it will be substantially similar to the current Beta
Services. The Company may terminate the Client’s right to use any Beta Services, at any time and for any
reason. If the Company publicly releases any Beta Services, the Client may execute, if required, a
separate agreement to procure the relevant features (being the publicly available version of the Beta
Services) at then-current applicable fees.
2.2 Client Obligations.
(a) The Client represents and warrants that it will make the
Services available to eligible Participant solely in a manner consistent with Privacy Bee’s written
instructions and with the terms of this Agreement. The Client agrees that any questions/communications
related to the Services or applications from any eligible Participant shall be referred to Privacy Bee’s
member services and shall not be serviced by the Client. The Client shall not, in any way, characterize
the Services as insurance, identity theft protection or credit repair services, or that Privacy Bee is
an insurer or insurance broker.
(b) The Client represents and warrants that it will (i)
obtain any eligible Participant’s affirmative consent and acceptance to receive the Services as a
benefit, including agreeing to any then-current terms and conditions of Privacy Bee set forth in any
Privacy Bee onboarding materials, all prior to providing Privacy Bee any information about the eligible
Participant and their enrolling to receive Services, (ii) have all necessary consent(s), rights and
authority to provide data and personal data (including Participant PII) to Privacy Bee for processing
consistent with the Agreement and the provision of Services; and (iii) retain and keep available for
examination such consents and acceptances for the term of this Agreement and for a period of at least
five (5) years thereafter.
(c) The Client will reasonably inform Privacy Bee of
complaints from any Participant or prospective Participant, or other problems encountered in connection
with the Client’s performance of its obligations pursuant to this Agreement or in connection with
Privacy Bee’s rendering of the Services to Participants.
(d) If the Client enters into a relationship with a
third-party (broker, technology solution, etc.) to handle enrollment data, then the Client shall be
responsible for assessing the security of the third-party and ensuring that such third-party maintains
security measures in accordance with such third-party’s industry. Privacy Bee is only responsible for
assessing that the method of transmission of enrollment data between the Client’s selected third-party
and Privacy Bee (or its third-party administrator) is secure based on industry standards (SSL, TLS,
Secure File Transfer, etc.). If the Client uses a broker and such broker is expecting commissions from
Privacy Bee via a separate agreement, then the Client’s enrollment into the Services and/or delivery of
such Services may be delayed until the Client’s broker has signed the necessary documentation.
2.3 Use Restriction. To the extent appliable to
the Services which the Client has ordered from Privacy Bee, and, except as permitted under this
Agreement or as required by Law, the Client will not, and will not permit or encourage anyone else, to:
(a) license, sublicense, sell, resell, transfer, assign, distribute, or otherwise commercially exploit
or make the Services available to any third-party in any way; (b) disassemble, decompile, reverse
engineer, or otherwise attempt to derive source code or other trade secrets from the Services, or
modify, make derivative works based upon, copy, or otherwise use any ideas, features, functions, or
graphics of the Services, in order to build a (i) competitive product or service, or (ii) product using
similar features, functions, or graphics of the Services; (c) modify, remove, or obstruct any
proprietary rights statement or notice contained in the Services; (d) “crawl”, “scrape”, or “spider” any
data or portion of the Services (through use of manual or automated means); (e) send or store on the
Services (i) infringing, unlawful, or tortious material, including material which violates third-party
privacy rights, or (ii) materials containing software viruses, worms, Trojan horses, or other harmful
computer code, files, scripts, agents, or programs; (f) attempt to gain unauthorized access to the
Services, or its related systems or networks; (g) access the Services if the Client is a direct
competitor of the Company, unless the Company knowingly agrees, in writing, before the Client accesses
the Platform; (h) impersonate another user, share passwords, or provide false identity information to
access or use the Services; (i) remove, delete, add to, alter, or obscure any part or aspect of the
Services, or any warranties, disclaimers, or other notices, or any marks, symbols, or serial numbers
(including any of the Company’s marks) that appear on or in connection with the Services; (j) challenge,
or cause, induce, authorize, or assist any person to challenge, the validity, ownership, use, or
registration of any intellectual property rights in and to the Services, Documentation, or all of the
Company’s marks, or take any action in derogation of the Company’s marks, including by using, licensing,
or applying to register any mark that is identical or substantially similar to any of the Company’s
marks; (k) under or in connection with any part of this Agreement or its subject matter, perform any act
that, or fail to perform any act the omission of which, infringes, misappropriates, or otherwise
violates any intellectual property rights of the Company or other right of any person, or violates any
applicable Law; (l) use the Services in a way prohibited by applicable Law; (m) use the Services to
violate the legal rights of others, including, but not limited to, intellectual property rights, rights
of privacy and/or data protection; (n) use the Services in a way that could materially harm the
functionality or performance of the Services; (o) permit unauthorized third-parties to obtain access to
the Services; (p) use or access the Services in a manner that fails to comply with this Agreement or any
documentation provided by the Company; (q) hack or break any security mechanism on the Services, or pose
a security to any user on the Services; (r) use the Services, or any data obtained through the Services,
in a false or misleading manner, or in any manner inconsistent with this Agreement; (s) use the Services
in any way that may be offensive, profane, obscene, libelous to the Company; or (t) attempt to access
the Services by any means other than through the interface that is provided by the Company.
2.4 Suspension of Services. Any use of the
Services in violation of this Agreement by the Client, or its authorized user, that, in the Company’s
reasonable judgment, threatens the security, integrity, or availability of the Services, or that of the
Company’s other customers, may result in the Company immediately suspending the Client’s use of the
Services; however, the Company will use commercially reasonable efforts under the circumstances to
provide
the Client with notice and an opportunity to remedy such violation or threat prior to such suspension,
and
will lift any such suspension promptly upon confirmation of the remedy of any such underlying suspension
condition.
2.5 Third-Party Materials. The Services may
include, incorporate, utilize or work with other software, tools, applications, content, data or other
materials, including related documentation, that are owned by persons other than the Company and that
are
provided to the Client on license terms that are in addition to and/or different from those contained in
this Agreement (the “Third-Party Licenses”). A list of such other Third-Party Licenses, if any,
shall be
provided by the Company to the Client, upon the Client’s reasonable request to the Company. The Client
agrees to be bound by and shall comply with all Third-Party Licenses. Any breach by the Client, or any
of
its authorized users, of any Third-Party License shall be considered a breach of this Agreement as well.
2.6 Object Installation; Special Terms. In the
event that the Client has ordered certain Services (including, inter alia, the ‘Trust Badge’ and ‘Vendor
&
Cookie Consent’ Services), then the Client will be required to install certain objects in its web assets
(e.g., Javascript, cookie banner, etc.) that are provided by the Company, and the Client expressly
consents to the same. Such Services may also be subject to further Service Terms, which may be attached
hereto as one or more Addenda.
2.7 Referral Fees & Rebates; Special Terms. In
the
event that the Client has ordered certain Services (including, inter alia, the ‘Consulting’ and
‘Onboarding Support’ Services), then the Client may be eligible to receive certain referral fees and /
or
rebates from the Company, based on metrics and terms established by the Company in connection with such
Services, as communicated by the Company to the Client, from time to time. Such Services may also be
subject to further Service Terms, which may be attached hereto as one or more Addenda.
Representations and Warranties.
3.1 Privacy Bee Representations and Warranties.
Privacy Bee represents and warrants to the Client that it (i) has and will have all necessary rights and
authority to enter into this Agreement and any Order, and provide Services to the Client, (ii) will
provide all Services in a professional and workmanlike manner in accordance with industry best
practices, (iii) will comply with all applicable Laws, and (iv) will provide prompt and reasonable
notice to the Client of all material changes to any Service, or any Service Terms, or supplemental terms
of use or policies.
3.2 Client Representations and Warranties. The
Client represents and warrants that it (i) has and will have all necessary rights and authority to enter
into this Agreement and any Order and to perform its obligations hereunder; and (ii) are and will be
authorized to act on behalf of itself and each of its Participants (and will be liable for their acts
and omissions in connection with receipt of Services), if applicable. Further, the Client will (A) be
solely responsible for all use of Services pursuant to its obligations under this Agreement; (B) use the
Services in compliance with its other agreements; (C) comply with all applicable Laws, and will not
attempt to cause Privacy Bee to violate any such Laws; and (D) comply with, and agree to be bound by,
any additional Service Terms, which are provided to the Client by Privacy Bee, from time to time, with
reasonable notice.
Fees, Retainers and Payment; Remedies for Non-Payment.
4.1 Payments Generally. By acceptance of the
Services, the Client agree to pay the Fees for such Services, as detailed in the applicable Order, and
all purchases of Services through Privacy Bee’s website shall be governed by these Terms. All Fees shall
be due and payable on the time basis noted in the applicable Order, unless otherwise specified in such
Order, and, if no such specification is made, in either case, then on a due upon receipt basis. The
Client agrees to make prompt and full payment of any Fees which are not reasonably in dispute on any due
date. Unless otherwise specified, amounts owed for Services must be prepaid, in U.S. Dollars ($), by
wire transfer, check, “Automatic ACH” electronic funds transfer, credit card, or other means agreed to
in writing. No Fees owed to us will be prorated if the Client decides to cease use of the Services or
terminate this Agreement prior to the end of the Term, and the Client shall remain fully responsible for
payment of the same.
4.2 Other Fees. Other fees—such as onboarding
fees —may be charged, in accordance with Privacy Bee’s standard billing practices, in conformance with
the Client’s selections in the applicable Order.
4.3 Late Payments and Suspension. If any amount
payable by the Client is not paid when due, and is not reasonably in dispute, then, without limiting any
other rights which Privacy Bee may have as a result of such late payment, the amount unpaid shall, as a
finance charge, bear interest until paid at a monthly rate of one and one-half percent (1.50%), or the
maximum amount permitted under law, with such interest to be paid on demand together with all costs
incurred by us to collect the amounts due hereunder, including but not limited to reasonable attorneys’
fees. In addition, if the Client fails to pay fees due by the applicable payment due date and the same
are not the subject of a reasonable, good faith dispute, then Privacy Bee may suspend its provision of
the Services, in whole or in part, upon notice to the Client; provided that it will promptly
restore the
same, upon the resolution of any such dispute.
4.4 Taxes. Charges for Services do not include
any taxes or government charges levied by or due to any duly authorized taxing authority and the Client
will pay any such taxes and government charges derived from or imposed on transactions through the
Services, including sales, value-added, goods and services, use, transfer, withholding, privilege,
excise and other taxes and duties.
4.5 Additional Payment / Fees Provisions.
(a) The Client expressly authorizes Privacy Bee (and any
payment processor) to charge its payment card for all purchases that the Client makes in connection with
the Services. The bank issuing the Client’s credit card may control when to release funds in the case of
an order cancellation or refund. Privacy Bee may ask the Client to supply additional information
relevant to the transaction, including the Client’s credit card number, the expiration date of its
credit card and its principal e-mail and postal addresses for billing and notification (such
information, “Payment Information”). The Client represents and warrants that it has the legal
right to
use all payment method(s) represented by any such Payment Information. The Client may need to provide
additional information to verify its identity before completing any transaction (such information is
included within the definition of Payment Information). Privacy Bee reserves the right to use the
Payment Information that the Client provides to it in connection with any payments to provide better
service to the Client should the Client wish to use Privacy Bee Services again in the future, and to
protect Privacy Bee from fraud and other losses. Completion of a payment transaction is contingent upon:
(i) the Client providing complete personal, account, transaction and any other information needed; (ii)
authorization of the payment by the Client’s credit or debit card company, and (iii) acceptance of its
payment.
(b) Payments facilitated by the Services may be processed by
Privacy Bee’s third-party payment processor (“Payment Processor”), which, currently, is Stripe,
Inc. The
Client may be required to create an account with such Payment Processor, and by doing so, the Client is
agreeing to comply with the Payment Processor’s terms of service. The Client may need to provide
additional information to verify its identity, business, and tax information and its bank information
when it registers with the Payment Processor. If, and to the extent, that Privacy Bee accepts, holds, or
transmits funds in connection with a Client’s purchase, then the Client agrees that Privacy Bee does so,
on the Client’s behalf, as its limited agent and the Client hereby appoints Privacy Bee as its limited
agent solely for the purpose of accepting payments from, and refunding payments to, Service recipients
on the Client’s behalf. In accepting appointment as the Client’s limited agent, Privacy Bee assumes no
liability for any of the Client’s acts or omissions.
(c) Privacy Bee reserves the right to offset future payments
to the Client (“Payment Holdbacks”) in certain cases including, without limitation: (i) where the
Client’s Account is subject to excessive chargebacks resulting in additional costs or fees from the
Payment Processor; (ii) where the Payment Processor withholds a percentage of a payment as a reserve,
for example, as a result of actual or suspected fraudulent activity; or (iii) in certain cases where
Privacy Bee decides, in its sole discretion, that it is prudent or necessary to reverse a transaction.
Privacy Bee further reserves the right to implement Payment Holdbacks to the Client if payments are
deemed suspicious or fraudulent, at Privacy Bee’s sole discretion. Privacy Bee will notify the Client
that it is subject to a Payment Holdback and Privacy Bee may require that the Client provides supporting
documentation or information related to the relevant payment(s) and corresponding purchase(s). If the
Client does not provide such supporting evidence within the requested timeframe, then Privacy Bee
reserves the right to refund the payment and transfer any available funds from the Client’s wallet to
its identified bank account, or otherwise take any action that Privacy Bee feels is reasonably necessary
to comply with its compliance standards, including those imposed by any relevant financial institution,
its Payment Processor, or the credit card network rules, as well as any applicable law.
(d) The Client is solely responsible for the information that
it provides in connection with payments processed via the Services. Privacy Bee will not be liable for
failure to complete any payment from or to the Client’s account if the Client provides inaccurate or
incomplete information regarding the payment. Subject to applicable law, Privacy Bee reserves the right
to send any delinquent, past due, or any other account that is in default to collections agencies to
recover such past due amount.
(e) Except as expressly provided herein otherwise, all
sales of licenses under an Order are final, and shall not be subject to refund, in any event.
Confidentiality; Ownership and Use of Data.
5.1 Ownership of Confidential Information; Restricted
Use By virtue of this Agreement, each Party may have access to Confidential
Information of the other Party. The Receiving Party acknowledges and agrees that at all times, the
Confidential Information of the Disclosing Party is and shall be the sole and exclusive property of the
Disclosing Party, and that, except as expressly contemplated by this Agreement, the Receiving Party
shall have no right, title or interest in, to or under any such Confidential Information. The Receiving
Party shall not take any action that is inconsistent with the foregoing sentence, including (without
limitation) asserting any ownership right or interest in or to any of the Confidential Information of
the Disclosing Party or filing any application for patent, trademark or other intellectual property
registration with respect to any of such Confidential Information. Unless otherwise expressly approved
by the Disclosing Party in writing, the Receiving Party shall use the Confidential Information solely
for the purposes contemplated by this Agreement.
5.2 Non-Disclosure Unless otherwise expressly
approved by the Disclosing Party in writing, the Receiving Party shall not, nor shall it cause or permit
any of its Representatives to, disclose any Confidential Information to any person or entity, except to
the extent reasonably necessary for the Receiving Party to exercise its rights and perform its
obligations under this Agreement. The Receiving Party shall take all reasonable measures to protect the
secrecy of and avoid unauthorized disclosure or use of Confidential Information, which measures shall
include at a minimum the highest degree of care that the Receiving Party utilizes to protect its own
Confidential Information. The Receiving Party shall promptly notify the Disclosing Party in writing of
any misuse, misappropriation or unauthorized disclosure of the Disclosing Party’s Confidential
Information that may come to the Receiving Party’s attention. The Receiving Party shall advise its
Representatives who are provided access to the Confidential Information of the Disclosing Party of the
Receiving Party’s authorized use and confidentiality obligations under this Section 5 and shall
obtain
such Representative’s agreement to act in accordance with the terms of this Section 5. In any
event, the
Receiving Party shall at all times be liable for any misuse or unauthorized disclosure by any of its
Representatives of the Disclosing Party’s Confidential Information. Notwithstanding the foregoing, to
the extent that the Receiving Party is required to disclose any Confidential Information in order to
comply with applicable law or an order of a court of competent jurisdiction, such disclosure shall not
constitute a violation of this Section 5.2, provided that the Receiving Party notifies the
Disclosing
Party in writing as far in advance as reasonably possible of such required disclosure and only discloses
the minimum amount of Confidential Information necessary to comply with such applicable Law or court
order.
5.3 Duration of Restrictions The covenants and
obligations of the Receiving Party set forth in this Section 5, shall last for two (2) years from
the
date of expiration or earlier termination of the Term, and thereafter for so long as any such
Confidential Information remains protectable or legally enforceable under a related agreement or under
any applicable Law, including (without limitation) applicable copyright, trade secret and patent laws.
Data Protection and Security.
6.1 Protection of Client Data / PII Each Party
agrees that it will comply fully with all applicable Laws relating to all Personally Identifiable
Information and data privacy with respect to any such data that Privacy Bee receives or has access to
under this Agreement or in connection with the performance of any Services for the Client, and to use
its best efforts to safeguard that same against unauthorized, unlawful or accidental access, loss,
destruction, damage, disclosure, transfer or other improper use. Privacy Bee will protect all Client
Data (including PII) and will not use, disclose, or transfer across borders such Client Data (and PII),
except as necessary to perform under this Agreement, or as authorized by the data subject or in
accordance with applicable Law. In addition, Privacy Bee will timely process all duly received requests
for deletion of any Participant’s data that it receives, in accordance with applicable Law. To the
extent that the Client receives PII related to the performance of this Agreement, the Client will use
its best efforts in accordance with industry best practices to protect the privacy and legal rights of
the Client’s Participants, personnel, clients, customers and contractors, as the case may be.
6.2 Security Procedures; Breach of Security
Privacy Bee shall maintain a formal Emergency Management Plan for Data Security Incidents (the
“Plan”)
which shall include, at a minimum, the actions that shall be taken in response to a data security
incident or suspected incident and the specific responsibilities of personnel to implement such actions.
The Plan shall include a clear, documented escalation procedure and the process for notifying Client of
a data security incident. Specifically, Privacy Bee will notify Client of a data security incident that
involves the unauthorized acquisition, access, use, or disclosure of PII (a “Breach of Security”)
promptly, and without unreasonable delay, upon any discovery of the same. Such notification shall
include a description of the information affected, the identification of all Client-related individuals
believed to have been affected, and all other information reasonably necessary to provide notice to
affected entities or individuals in accordance with state data breach notification requirements. Privacy
Bee agrees to keep the Client informed of the progress and actions taken in connection with Privacy
Bee’s investigation of a Breach of Security. Privacy Bee will take all actions reasonably necessary or
appropriate to remedy a Breach of Security, including conducting an investigation into the cause of such
Breach of Security and notifying affected persons and, to the extent required by applicable Law,
government agencies accordingly.
6.3 Data Use The Client agrees that data derived
by Privacy Bee from its performance of the Services hereunder may be used for the purposes of analysis,
including statistical analysis, trend analysis, creation of data models, and creation of statistical
rules; provided that such analysis shall be performed solely by Privacy Bee and such analysis shall be
performed only in conjunction with data derived by it from its performance of services for other
customers, input by other Privacy Bee customers or obtained from third-party data sources. The results
of such analysis (“De-identified Data”) may be used by Privacy Bee for any lawful internal
purpose,
including determining future hardware and communications needs for Privacy Bee systems and determining
trends associated with warehouse use, operation, and efficacy, but shall not be sold to any third-party
or used for any other commercial purpose. Notwithstanding anything contained in this Agreement to the
contrary, De-identified Data shall not contain (i) any Confidential Information of the Client, its
affiliates and/or any Participant, (ii) any information that identifies or can be reasonably used to
identify the Client, its affiliates, suppliers or vendors, and/or any Participant or other individual
person, or (iii) any information that identifies or can be reasonably used to identify any activities or
behaviors of the Client, its affiliates and/or any Participant. Further, such De-identified Data shall
not be subject to or susceptible to any re-identification, and, upon request, Privacy Bee shall certify
the same to the Client.
Intellectual Property; Proprietary Rights.
(a) Each Party owns and retains all right, title and interest
in and to all of its intellectual property, and no rights are granted to either Party in the other’s
intellectual property, except as expressly set forth in this Agreement.
(b) For Privacy Bee, this includes all aspects of its
technology and Services, including any software or applications developed, created, or licensed by us
(or on Privacy Bee’s behalf). The Client grants to Privacy Bee a worldwide, perpetual, irrevocable,
royalty-free right to use and incorporate into the Services any suggestion, input, enhancement request,
recommendation, correction, specification, or other feedback provided by the Client or by its customers
/ clients relating to the operation of the Services.
(c) All right, title, and interest in Client Data will remain
the property of the Client. Privacy Bee has no intellectual property rights or other claim to Client
Data that is hosted, stored, or transferred to and from the Company. Privacy Bee will cooperate with the
Client to protect the Client’s intellectual property rights and Client Data. Privacy Bee will promptly
notify the Client if Privacy Bee becomes aware of any potential infringement of those rights in
accordance with the provisions of this Agreement.
(d) During the Term, the Client grants to the Company a
non-exclusive, non-transferable, non-assignable, worldwide, royalty-free, fully-paid license to access
and use Client Data, solely to provide and monitor the Services and their functionalities to the Client.
Term; Termination.
8.1 Applicable Term This Agreement shall be
effective from the Effective Date and continue until its expiration, as determined by which Services are
being provided, as detailed on any Order entered into hereunder, or its earlier termination, as
permitted hereunder (the “Term”). Generally, all licenses for Services ordered hereunder will be
for a
term of one (1) year, unless expressly stated otherwise, in connection with the Order. Except as
otherwise specified on any Order entered into hereunder, this Agreement shall automatically renew for
additional periods equal to the expiring Term, unless either Party gives notice of non-renewal at least
sixty (60) days before the end of the expiring Term.
8.2 Termination; Effect
(a) Either Party may terminate this Agreement in the event of
a material breach of the terms of this Agreement by the other Party; provided that the non-breaching
Party provides at least thirty (30) days’ notice and an opportunity to cure to the breaching Party.
(b) In the event payment has not been received on or before
the applicable due date, and is not the subject of any reasonable dispute between the Parties, Privacy
Bee may suspend its provision of Services or access to the Services until such payment is received. In
the event that payment is not received within fifteen (15) days after the applicable invoice due date,
then the Client will be invoiced for the remainder of the Term, which amount shall be immediately due
and payable, and Privacy Bee (at its sole option) may terminate this Agreement, without prejudice to its
rights to receive payment on such invoiced balance.
(c) Either Party may terminate this Agreement, without
liability to the other, in the event of judicial, regulatory or legislative change rendering performance
by such Party of this Agreement impossible or illegal, provided that the Party seeking to exercise such
termination right shall provide the other with at least thirty (30) days’ prior written notice or, if
such judicial, regulatory or legislative change necessitates such Party to terminate this Agreement upon
less than thirty (30) days’ prior written notice, such Party shall give as much notice of termination as
is reasonably possible in the circumstances.
(d) Either Party may terminate this Agreement immediately upon
the insolvency, bankruptcy, liquidation or dissolution of the other Party.
(e) Notwithstanding expiration or any earlier termination of
this Agreement, any provisions of this Agreement that, by their nature, are intended to survive, shall
so survive any expiration or termination hereof, including, but not limited to those provisions (i)
regarding each Party’s treatment of Confidential Information; (ii) regarding each Party’s intellectual
property rights; (iii) regarding indemnification obligations; and (iv) limiting or disclaiming a Party’s
warranties or liabilities, all of which shall expressly survive such any expiration or earlier
termination. In event of any duly affected termination of this Agreement by Privacy Bee pursuant to
Section 8.2(a), (b), or (d), all unpaid fees for the remainder of the then existing Term shall
become
immediately due and payable by the Client. For the avoidance of doubt, no pre-paid fees shall be subject
to any return or repayment to the Client upon any termination of this Agreement, except in the event
that this Agreement is duly terminated by the Client pursuant to Section 8.2(a), (c) or (d).
Disclaimers and Limitations of Liability.
(a) Privacy Bee does not guarantee, and shall have no
liability for, any Services downtime, including, without limitation, any downtime (i) caused by failures
of or previously scheduled maintenance to Privacy Bee’s equipment or servers, (ii) caused by outages to
any public Internet backbones, networks or servers; (iii) caused by any failures of the Client’s
equipment, systems or local access services; or (iv) relating to events beyond Privacy Bee’s control,
such as strikes, riots, insurrections, fires, floods, explosions, war, governmental actions, labor
conditions, earthquakes, natural disasters, or interruptions in Internet services to an area where
Privacy Bee or the Client’s servers are located or co-located.
(b) EXCEPT AS EXPRESSLY SET FORTH HEREIN, PRIVACY BEE
EXPRESSLY DISCLAIMS ANY AND ALL PROMISES, REPRESENTATIONS AND WARRANTIES CONCERNING THE SERVICES TO BE
RENDERED HEREUNDER OR THE RESULTS TO BE OBTAINED FROM THE SERVICES, WHETHER ORAL OR WRITTEN, EXPRESS OR
IMPLIED, PARTICULARLY INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE. IN FURTHERANCE, BUT NOT IN LIMITATION, OF THE FOREGOING, PRIVACY BEE
DOES NOT GUARANTEE, AND EXPRESSLY DISCLAIMS, THE ACCURACY OR COMPREHENSIVENESS OF ANY NOTES, FORECASTS,
ESTIMATES, PATTERN OR TREND RECOGNITION, AND RELATED ANALYSES THAT MAY BE PROVIDED BY PRIVACY BEE IN
CONNECTION WITH THE DELIVERY OF ITS SERVICES, AND THE CLIENT EXPRESSLY UNDERSTANDS, ACKNOWLEDGES AND
AGREES TO THE INHERENT LIMITATIONS OF THE SAME.
(c) EXCEPT FOR BREACHES RELATING TO WILLFUL MISCONDUCT OR
BREACHES OF OBLIGATIONS OF CONFIDENTIALITY, IN NO EVENT SHALL EITHER PARTY, OR ANY OF THEIR RESPECTIVE
SHAREHOLDERS, OFFICERS, DIRECTORS, EMPLOYEES OR REPRESENTATIVES BE LIABLE TO THE OTHER PARTY FOR ANY
SPECIAL, INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES OR ANY LOSS OF ANY NATURE, INCLUDING, BUT NOT
LIMITED TO, DAMAGES RESULTING FROM DELAY, LOSS OF PROFITS, LOST BUSINESS OPPORTUNITY, LOSS OF CONTENT,
INTERRUPTION OF BUSINESS OR LOSS OF GOODWILL, WHICH MAY ARISE IN CONNECTION WITH OR PERTAINING TO THIS
AGREEMENT, EVEN IF SUCH PARTY HAS BEEN NOTIFIED OF THE POSSIBLITY OR LIKELIHOOD OF SUCH DAMAGES
OCCURRING UNDER ANY THEORY OF LAW (INCLUDING TORT OR OTHER THEORY).
(d) EXCEPT FOR BREACHES RELATING TO WILLFUL MISCONDUCT,
BREACHES OF OBLIGATIONS OF CONFIDENTIALITY, INDEMNIFICATION OBLIGATIONS, OR CONTRACTUAL PAYMENT
OBLIGATIONS, IN NO EVENT SHALL EITHER PARTY’S CUMULATIVE LIABILITY TO THE OTHER PARTY FOR ANY CLAIM
ARISING UNDER THIS AGREEMENT EXCEED THE AMOUNTS PAID PURSUANT TO THE APPLICABLE SERVICES FROM WHICH THE
CLAIM AROSE. THE PARTIES AGREE THAT THIS LIMITATION OF LIABILITY SHALL SURVIVE IN FULL FORCE AND EFFECT
DESPITE ANY FAILURE OF AN EXCLUSIVE REMEDY.
Indemnification.
(a) Each Party (in such capacity, the “Indemnifying
Party”)
will defend, indemnify and hold harmless the other Party and its officers, directors, employees, and
agents (each, an “Indemnified Party”) from all third-party claims or liabilities (including
reasonable
outside attorneys’ fees and disbursements) to the extent arising out of or related to the Indemnifying
Party’s (i) gross negligence or willful misconduct, (ii) violation of Laws, or (iii) infringement or
misappropriation of a third-party’s U.S. patent, trademark, trade secret or copyright in connection (A)
with respect to Privacy Bee, the software and other technology owned by Privacy Bee that is used to
provide the Services hereunder, and (B) with respect to the Client, the software, creative, technology,
data, or other materials that the Client provides or Privacy Bee in connection with the Client’s receipt
of the Services (“Company Materials”) (the indemnification obligation of each Party described in
this
clause (iii), the “IP Infringement Obligation”). The previous sentence states the sole liability
of the
Indemnifying Party, and the sole remedy of the Indemnified Party, with respect to any third-party claim
arising out of the Indemnifying Party’s breach of this Agreement or intellectual property infringement
or misappropriation.
(b) The Indemnified Party must (i) promptly notify the
Indemnifying Party in writing of the any third-party claim (provided that failure to promptly
notify
will not relieve the Indemnifying Party of its indemnification obligations, except to the extent it has
been damaged by the failure), (ii) reasonably cooperate with the Indemnifying Party in the defense of
the matter, and (iii) give the Indemnifying Party primary control of the defense of the matter and
negotiations for its settlement. The Indemnified Party may, at its expense, join in the defense with
counsel of its choice. The Indemnifying Party may enter into a settlement only if it (x) involves only
the payment of money damages by the Indemnifying Party, and (y) includes a complete release of liability
in favor of the Indemnified Party; any other settlement will be subject to written consent of the
Indemnified Party (not to be unreasonably withheld or delayed).
(c) Privacy Bee’s IP Infringement Obligation will not apply to
claims to the extent arising from (i) the Client’s use of the Services in violation of this Agreement;
(ii) the Company Materials’ infringement or misappropriation of a third-party’s U.S. patent, trademark,
trade secret or copyright; or (iii) the combination, operation or use of the Service with any product or
service not provided by Privacy Bee. The Client’s IP Infringement Obligation will not apply to claims to
the extent arising from (I) Privacy Bee’s provision of the Services in violation of this Agreement; or
(II) the Services’ infringement or misappropriation of a third-party’s U.S. patent, trademark, trade
secret or copyright. If a Service becomes, or in Privacy Bee’s reasonable opinion is likely to become,
the subject of an intellectual property infringement claim, then Privacy Bee will promptly notify the
Client and, at its sole option and expense, may either: (x) procure the right to continue providing the
Services as contemplated by this Agreement; (y) modify the Services to render it non infringing; or (z)
replace the Services with a functionally equivalent, non infringing service. If none of the foregoing
options is commercially practicable, then each Party will have the right to terminate this Agreement
with respect to the infringing Service.
Dispute Resolution.
(a) EACH PARTY HEREBY EXPRESSLY, KNOWINGLY AND IRREVOCABLY
WAIVES ANY RIGHT TO A TRIAL BY JURY IN CONNECTION WITH ANY DISPUTE RELATING TO OR ARISING UNDER THIS
AGREEMENT.
(b) To ensure the timely and economical resolution of any
disputes that may arise in connection with this Agreement, the Parties agree that they will work
together for at least ten (10) business days, in good faith, to resolve any disputes which may arise
between them in connection herewith, and, if agreed by the Parties, will engage in guided mediation. In
the event that any such dispute cannot be reasonably be so resolved, then any and all disputes, claims,
or causes of action arising from or relating to the enforcement, breach, performance, negotiation,
execution, or interpretation of this Agreement shall be resolved, to the fullest extent permitted by
law, by final, binding and confidential arbitration, by a single arbitrator conducted by JAMS, under its
then applicable rules of commercial arbitration.
Miscellaneous.
(a) Governing Law. This Agreement is governed by
the laws of the State of Georgia (US), excluding its conflicts of laws rules. THE EXCLUSIVE JURISDICTION
AND VENUE FOR ALL DISPUTES HEREUNDER WILL BE THE STATE AND FEDERAL COURTS IN THE COUNTY OF FULTON AND
STATE OF GEORGIA (US), AND THE PARTIES HEREBY CONSENT TO PERSONAL JURISDICTION IN THOSE COURTS.
(b) Publicity; Press Releases. Each Party grants
the other Party the limited right to use the other Party’s name and logo on its website(s), customer
lists and informational or promotional materials, and, in connection therewith, each Party grants to the
other, during the Term, a non-exclusive, non-transferrable, revocable, limited right and license to use
the name and logo of the other in accordance with the owner’s standard and customary usage guide (as
applicable), as the same shall be provided by each Party to the other. Notwithstanding the foregoing,
any such use shall be removed or modified promptly upon any reasonable request for the same, or promptly
following any expiration or termination hereof. Neither Party will issue any public communications
concerning this relationship without the prior written consent of the other Party.
(c)
Notices. All notices given under this
Agreement must be in writing (which term shall include notices to a Party’s principal business address,
and by e-mail) and shall be deemed given when delivered. All notices to Privacy Bee shall be sent
to
[email protected], and all notices to the Client shall be duly delivered to it at the address
and /
or e-mail address that has been provided to Privacy Bee in on first Order, or subsequently changed by
notice duly given.
(d) Assignment. Neither Party may assign or
transfer any part of this Agreement without the written consent of the other Party, which shall not be
unreasonably withheld, conditioned or delayed; except that this Agreement may be assigned without
consent, but by notice (x) to a person or entity who acquires, by sale, merger or otherwise, all or
substantially all of the assigning Party’s assets, equity ownership or business, or (y) to a Party’s
affiliate, provided that any such affiliate is objectively capable of fulfilling the assigning Party’s
obligations hereunder. Subject to the foregoing, this Agreement will bind and inure to the benefit of
the Parties, their respective successors and permitted assigns. Any attempted assignment in violation of
this provision will be void and of no effect.
(f) Entire Agreement. This Agreement is the
Parties’ entire agreement relating to its subject matter contained herein and supersedes any prior or
contemporaneous agreements related thereto, including any exhibits for use of any Services executed
prior to the Effective Date of this Agreement.
(g) Waiver and Severability. Either Party’s
waiver of any breach of any provision of this Agreement does not waive any other breach, and shall not
be construed as a waiver of any future breach. Either Party’s failure to insist on strict performance of
any covenant or obligation in this Agreement will not be a waiver of such Party’s right to demand strict
performance in the future. If any provision of the Agreement is found unenforceable, it and any related
provisions will be interpreted to best accomplish the unenforceable provision’s essential purpose, and,
further, any such provision may be severed from this Agreement, by any tribunal of competent
jurisdiction, in which case, the remainder of this Agreement shall remain in full force and effect.
(h) Subcontractors. Each Party shall be
permitted to use subcontractors in connection with its performance under this Agreement, but, in any
such event, such Party shall remain fully liable for any such subcontractors’ acts and omissions.
(i) Relationship of the Parties. The Parties
hereto are independent contractors, and this Agreement does not create an agency, partnership or joint
venture, of any kind.
(e) Counterparts; Electronic Execution and/or
Delivery. The Parties may execute and/or deliver this Agreement in one or more counterparts
and by any conventionally accepted form of electronic transmission, including e-mail / PDF, which, when
taken together, shall constitute one instrument.
[End of Subscription Agreement Terms and Conditions – Continue for Additional
Service Terms]
The following additional terms and conditions are applicable to
the Client’s use of the Privacy Bee ‘Consent Core Platform’.
Definitions. In addition to the terms otherwise defined in this Agreement, the
following terms have the definitions below:
“Affiliates” means an entity that directly or indirectly
controls, is controlled by, or is under common control with a Party, where “control” means an ownership,
voting, or similar interest representing fifty percent (50.0%) or more of the total interests then
outstanding.
“Authorized Users” means individuals, including the
Customer’s employees, consultants, contractors, and agents, who are provided access to the Consent Core
Platform by the Customer and an account to access the same, pursuant to the Customer’s Subscription to the
Consent Core Platform.
“Consent Core Platform” or “Platform” means the
Company’s
privacy management software, which verifies Privacy Requests submitted by Data Subjects, enables customers
to streamline its Privacy Request compliance, and allows for such Privacy Requests submitted by Data
Subjects to be subsequently fulfilled by the Company and disseminated back to the Data Subject.
“Data Subject” means a Person who is submitting Privacy
Requests directed towards the Customer. For the avoidance of doubt, a Data Subject shall also include and
encompass a Person’s authorized agent who submits a Privacy Request on the Person’s behalf.
“Personal Data” or “Personal Information” means
any data or
information collected by the Customer that identifies, relates to, describes, is reasonably capable of
being associated with, or could reasonably be linked, directly or indirectly, with a Data Subject. For the
avoidance of doubt, Personal Data shall include all “sensitive” Personal Data, as may be defined in
applicable Laws.
“Privacy Requests” means any request, inquiry,
submission, or the like, submitted, entered, or provided by a Data Subject which is, in any way, related
to Personal Data, privacy generally, privacy choices, or a Data Subject’s data or information generally,
including, but not necessarily limited to, inter alia, Data Subject requests for deletion or erasure of
Personal Data (including, requests to be “forgotten” as specified in certain Laws), requests to access
Personal Data which has been collected, requests to know what Personal Data has been collected, requests
to correct or rectify inaccurate or incomplete Personal Data, requests for the disclosure of Personal
Data, requests to inquire into what Personal Data is sold, shared, and to whom, requests to opt-out of the
sale or sharing of Personal Data, requests to limit the use and disclosure of sensitive Personal Data,
requests to restrict the processing of Personal Data, requests for the purpose of withdrawing a Data
Subject’s consent to the processing of its Personal Data, requests to unsubscribe to the collection or
processing of personal Data, any Data Subject Access Requests (“DSARS”), requests related to
privacy
choices, etc.
“Subscription”, as used in this Addendum specifically,
means the access license to the Consent Core Platform and accompany services provided via the Consent Core
Platform granted on a recurring basis under this Agreement.
“Third-Party” means any person who is not the Company,
the Customer, or an Authorized User.
- Customer Responsibilities and Obligations.
2.1 Data Subject Privacy Request Submissions.
(a) The Client shall cause all Data Subject
Privacy Requests to
be submitted by Data Subjects via the Consent Core Platform. For the avoidance of doubt, during the Term,
the Client shall not process any Data Subject Privacy Requests itself, or through any Third-Party (all of
the same must be processed through the Company).
(b) As such, the Client shall be responsible for ensuring that
the Company is listed as, becomes, is appointed, or is considered for all legal purposes as the Client’s
legal agent for the submission, handling, verification, and processing of Data Subject Privacy Requests
submitted to or received by the Client, which shall be set forth and provided in, among others, as the
case may be, the Client’s privacy policy. In addition to naming the Client as the legal agent as described
in this Section 2.1, the Client’s Privacy Policy shall (i) provide a URL link, as provided by the
Company
to the Client, to the Consent Core Platform where the Data Subject may submit its Privacy Requests, and
(ii) grant the Client the right to share Data Subject Personal Data with the Company.
2.2 Alternative Privacy Request Option. If the Client is
required, due to applicable Law, to provide its Data Subjects with more than one option/vehicle for
submitting Data Subject Privacy Requests (i.e., the Client is required by Law to provide an option in
addition to the submission by Data Subjects of Privacy Requests via the Consent Core Platform), then the
Client shall provide its Data Subjects with a Company-provided phone number which Data Subjects may use to
submit Privacy Requests. Upon written request, the Client will designate a phone number which may be
utilized by the Client’s Data Subjects to submit Privacy Requests. Such Company-provided phone number
shall be listed by the Client on the Client’s Privacy Policy. Any Privacy Requests submitted by Data
Subjects via the Company-provided phone number will be entered manually into the Consent Core Platform by
the Company.
2.3 Cookie Consent Banner. If the Client currently
utilizes or, at any time, decides to deploy, a cookie consent banner script, or any notice which informs
persons of the Client’s use of cookies, on its website or platform, then the Client agrees to utilize and
deploy the Company’s cookie consent banner, which will be provided by the Company via any Services
documentation, or as requested by the Client, from time to time.
2.4 Client Applicable Law Compliance. The Client agrees
to comply with and be responsible for complying with all applicable Laws, including, but not limited to,
local, state, national, and foreign laws, treaties, and regulations, such as, and among other applicable
Laws, all Laws related to data privacy (including all U.S. State-specific Privacy Laws in effect on the
Effective Date, and from time to time, and the General Data Protection Regulation of the European Union),
data security, privacy management, privacy requests and privacy request compliance, and Personal Data
collection and sharing, currently in effect and those which may come into effect during the Term, in
connection with the Client’s and its Authorized Users’ compliance with and fulfillment of Privacy
Requests, use of the Consent Core Platform, and the collection and sharing of Data Subjects’ Personal
Data. The Client agrees that it will promptly notify the Company of any violation of this Section
2.
- Services Provided or to be Conducted by the Parties.
3.1 Services to be Provided by the Company. The Company
will provide the following services via the Consent Core Platform with respect to Privacy Requests
submitted by Data Subjects via the Consent Core Platform:
(a) The Company will configure its Consent Core Platform to
allow for Data Subjects to fill out and submit Privacy Requests via the Consent Core Platform. If the
Customer’s Data Subjects are able to submit Privacy Requests via a Company-provided phone number, whereby
such phone number must be requested by the Customer and required by applicable Law as set forth in
Section
2.2 herein, then the Company will manually input any Privacy Requests received by such Data Subjects
into
Consent Core Platform.
(b) The Company will receive all Privacy Requests submitted by
Data Subjects via the Consent Core Platform and will take all necessary steps to validate the submitted
Privacy Requests, including, but not limited to, requesting certain additional information and/or sending
e-mail verifications in order to authenticate a given Data Subject, as may be necessary in light of the
nature of the Privacy Request, Personal Data requested, or pursuant to applicable Law.
(c) Upon the Company’s validation of Privacy Requests, the
Privacy Requests will be accessible and viewable by the Client within the Consent Core Platform, whereby
the Client will then have the responsibility of complying with any Privacy Requests requiring Client
action. In addition to being notified within the Consent Core Platform of Privacy Requests, the Client may
elect, with the Company’s subsequent approval, to be notified of and/or disseminated the Privacy Requests
submitted on, received by, or otherwise manually entered into the Consent Core Platform via an API
integration, or, instead, sent in batches, on certain intervals to be mutually agreed upon by the Parties,
via batches of e-mails or CSV files. If the Company does offer or allow an API integration between or with
the Client’s database(s) and the Consent Core Platform, as previously described, then the Client agrees to
accept responsibility for any damages and/or losses caused to the Consent Core Platform, or the Client’s
database(s), as a result of, or in connection with the API integration.
(d) Upon the Client taking the proper actions as required or
necessitated by a given Privacy Request and confirming within the Consent Core Platform that the Company
has complied with and honored such specific Privacy Request, as further described in Section 3.2
below, if
required or necessitated based on the type of Privacy Request, then the Company will respond to or
otherwise notify the Data Subject accordingly.
3.2 Actions to be Performed by the Client. The Client
will be responsible for performing the following actions with respect to Privacy Requests submitted by
Data Subjects:
(a) Upon the Company’s validation of a Privacy Request, the
Client shall be responsible for taking all required and necessary steps to comply with and honor such
Privacy Request, such as, for example, deleting all Personal Data of a specific Data Subject which has
been collected by the Client or correcting / rectifying inaccurate Personal Data of a Data Subject. The
Client shall, therefore, in complying with a given Privacy Request and as such Privacy Request may
necessitate, be responsible for deleting, correcting, gathering / compiling, adjusting, etc. the Data
Subject’s Personal Data held by the Client in its own internal databases or elsewhere.
(b) The Client will then confirm and certify, in such manner as
provided for within the Consent Core Platform, that it has complied with and honored a given Privacy
Request. For the avoidance of doubt, the Client is solely responsible for complying with and honoring
Privacy Requests, i.e., taking all required or necessary steps to satisfy such Privacy Requests, within
the applicable Privacy Request response time deadlines as may be required by applicable Law, from time to
time. As such, the Company shall not be liable to the Client, the Data Subject, or any Third-Party for a
Privacy Request which was not complied with within the relevant Privacy Request response time deadline
mandated under applicable Law.
(c) If compliance with such Privacy Request requires the Data
Subject to be provided with certain Personal Data, or otherwise certain information or documents, then the
Client will upload the applicable Personal Data, information, or documents to the Consent Core Platform,
which the Company will then send to the Data Subject in response to the Data Subject’s Privacy Request.
3.3 Contacting Data Subjects.
(a) The Client expressly agrees that the Company may contact
Data Subjects for any purpose which is allowed by and executed in accordance with applicable Laws,
including, but not limited to, for marketing and promotion purposes.
(b) The Client further expressly agrees that it will not contact
any Data Subject for any reason related to a Privacy Request – including, e.g., ‘confirmation e-mails’,
which shall be prohibited. If further communication with a Data Subject is reasonably warranted, then all
such communication around the Privacy Request must flow through the Consent Core Platform, exclusively.
3.4 Post Termination Obligations . Upon expiration or
earlier termination of any Order that is governed by these Service Terms, for any reason, the Company will
promptly terminate the Client’s access to the Consent Core Platform. To the extent Client Data remains on
the Consent Core Platform, the Company will make any Client Data available for the Client to access for a
period of thirty (30) days after such expiration or termination. After such 30-day period, the Company
will have no obligation to maintain or provide any Client Data and may thereafter, unless legally
prohibited, delete all Client Data on the Consent Core Platform, its systems, or otherwise in its
possession or under its control.