Data Processing Addendum
1.1 “Licensee Personal Data” means any Personal Data that Licensor Processes on behalf of Licensee pursuant to the Agreement.
1.2 “Data Controller”, “Data Processor”, “Data Subject”, and “Processing” shall have the meanings given to such terms in Data Protection Laws. For purposes of the California Consumer Privacy Act, the term “Data Processor” shall include a “service provider” and a “contractor”.
1.3 “Data Protection Laws” means all data protection laws of the United States and its states to the extent applicable to Licensor’s Processing of Licensee Personal Data under the Agreement.
1.4 “Effective Date” means the later of the date on which the Agreement becomes effective or the date on which Licensor first Processes Licensee Personal Data.
1.5 “Personal Data” means information relating to an identified or identifiable natural person that is “personal data”, “personal information”, “personally identifiable information” or such similar term as defined under Data Protection Laws.
1.6 “Data” means all data that is received by Customer and all other content transmitted, posted, received or created through Customer’s use of the Services or the Software.
2.1 Roles. The parties acknowledge and agree that: (a) Licensor acts as a Data Processor under Data Protection Laws in relation to any Licensee Personal Data that Licensor Processes on Licensee’s behalf; and (b) Licensee is and remains the Data Controller with respect to all such Licensee Personal Data.
2.2 Processing. The parties agree that Licensor’s provision of the Services may involve the Processing by Licensor of certain Licensee Personal Data. Licensee instructs Licensor to engage in the following processing:
2.3 Restrictions. Except as otherwise permitted by Data Protection Laws, Licensor shall not (a) sell or share (as such terms are defined by Data Protection Laws) Licensee Personal Data; (b) retain, use, or disclose the Licensee Personal Data for any purpose other than for the business purposes specified in the Agreement; (c) retain, use, or disclose Licensee Personal Data outside of the direct business relationship between Licensor and Licensee; and (d) combine the Licensee Personal Data with personal information that Licensor receives from or on behalf of another person or persons, or collects from its own interaction with the applicable Data Subject. Licensor understands the restrictions set forth herein and will comply with them.
3.1 Compliance. Licensor shall comply with all Data Protection Laws applicable to its role as a Data Processor, including, with respect to Licensee Personal Data, including implementing reasonable security procedures and practices, which are appropriate to the nature of the Licensee Personal Data, to protect Licensee Personal Data from unauthorized or illegal access, destruction, use, modification, or disclosure.
3.2 Assistance. Upon the reasonable request of Licensee, Licensor will make available to Licensee all information in Licensor’s possession that is reasonably necessary to demonstrate compliance with the obligations under Data Protection Laws. Upon the reasonable request of Licensee, Licensor shall provide assistance to enable Licensee to comply with Data Subject requests made pursuant to Data Protection Laws; provided, however, that Licensee shall be required to inform Licensor of such requests and provide Licensor the information necessary for Licensor to comply with such request.
3.3 Audits. Licensor will permit Licensee to monitor Licensor’s compliance with this DPA through measures, including, but not limited to, ongoing manual reviews and automated scans and regular assessments, audits, or other technical and operational testing at least once every 12 months. Upon reasonable and written notice and subject to obligations of confidentiality and pursuant to a non-disclosure agreement, Licensor will allow for, contribute to, and cooperate with reasonable assessments, audits, and inspections, by Licensee or a third-party auditor mutually agreed upon by the parties with respect to the Processing by Licensor of Licensee Personal Data. Alternatively, Licensor may (a) at its cost, arrange for a qualified and independent assessor/auditor to conduct (at least annually) an assessment of Licensor’s policies and technical and organizational measures in support of the obligations under Data Protection Laws using an appropriate and accepted control standard or framework and assessment procedure for such assessments; and (b) provide a report of such assessment to Licensee upon request. Licensor shall notify Licensee if it makes a determination that it can no longer meet its obligations under Data Protection Laws. Licensee shall have the right, upon notice to Licensor, to take reasonable and appropriate steps to stop and remediate any unauthorized use of Licensee Personal Data by Licensor.
3.4 Personnel. Licensor will ensure that each person processing Licensee Personal Data on behalf of Licensor is subject to a duty of confidentiality with respect to such Licensee Personal Data.
3.5 Subcontractors. After providing Licensee an opportunity to object, Licensor may engage any subcontractor to Process Licensee Personal Data, provided Licensor shall require any such subcontractor to execute a written contract that requires the subcontractor to meet the same obligations as Licensor is required to meet under this DPA with respect to Licensee Personal Data.
3.6 Licensee Responsibilities
5.1 By Licensor. Licensor its service providers and licensors are and shall at all times remain the owner of all copyright, trademarks, trade secrets, patents and any other intellectual property rights in and to the CymonixIQ+ Software License, the Services, Third Party Components and related documentation, materials, logos, names and other support materials provided pursuant to the terms of this Addendum. Customer shall acquire no right whatsoever to all or any part of the Services, Software, or underlying software except the limited right to access and use the Software and Services in accordance with the terms of this Addendum and Licensor and its licensors reserve all rights not expressly granted to software. Customer must fully reproduce any copyright or other notice marked on any part of the documentation or other materials on all authorized copies and must not alter or remove any such copyright or other notice. Customer hereby grants to Licensor a royalty-free, worldwide, irrevocable, perpetual license to use and incorporate into the Services and Software any suggestions, ideas, enhancement requests, recommendations or other feedback provided by Customer relating to the operation of the Services or Software and for any information provided by the Customer pursuant to CymonixIQ+ License Agreement.
5.2 Customer Data. As between Licensor and Customer, all Data will remain the sole and exclusive property of Customer. Customer is solely responsible for ensuring the accuracy, quality, integrity, reliability, appropriateness and right to view and use the Data. Subject to the terms and conditions of the CymonixIQ+ License Agreement, Customer grants to Licensor a world-wide, non-exclusive, royalty-free license to access the Data for the purpose of performing the Services. Access to the Data shall only be by Licensor’s employees and/or subcontractors whose job function requires access. Except as specified in this Channel Partner Agreement, Licensor may not access the Data for any other purpose without the express written consent of Customer. Access to Data by any outside party shall only be in accordance with the terms of this CymonixIQ+ License Agreement or where required by law. Customer grants to Licensor a world-wide, non-exclusive, royalty-free license to aggregate or compile Data with the customer data of other customers using the Services so long as such aggregation or compilation omits any data that would enable the identification of Customer, its Licensees or any individual, company or organization (“Aggregated Data”). Licensor shall have a worldwide, perpetual, royalty-free license to use, modify, distribute and create derivative works based on such Aggregated Data, including all reports, statistics or analyses created or derived therefrom. Additionally, Customer grants Licensor the right to access Data to provide feedback to Customer concerning its use of the Services.
5.4 Data from the Licensor. To the extent that the Data is received by the Customer either directly from the Licensor or through a third party provider that has an agreement to provide data with the Licensor, then Licensor warrants that the Data is provided with full right by Licensor to provide the Data to the Customer subject to all of the warranties and representations made on the part of the Customer and based on other information provided by the Customer to the Licensor.
6.1 Customer acknowledges and agrees that use of or connection to the Internet is inherently insecure and provides opportunity for unauthorized access by a third party to Customer’s and its Users’ (as well as Licensor’) computer systems, networks and any and all information stored therein. Customer is solely responsible for ensuring that (i) Customer’s computer systems are secure and protected from unwanted interference (such as “hackers” and viruses), (ii) all transmissions are screened for viruses or other harmful code prior to transmission to Licensor’ servers; and (iii) Data is encrypted. LICENSOR DOES NOT GUARANTEE THE PRIVACY, SECURITY, AUTHENTICITY, AND NONCORRUPTION OF ANY INFORMATION TRANSMITTED OR STORED IN ANY SYSTEM CONNECTED TO THE INTERNET. WE SHALL NOT BE RESPONSIBLE FOR ANY ADVERSE CONSEQUENCES WHATSOEVER OF CUSTOMER’S OR ITS USERS’ CONNECTION TO OR USE OF THE INTERNET, AND LICENSOR SHALL NOT BE RESPONSIBLE FOR ANY USE BY CUSTOMER OR ANY USER OF CUSTOMER’S INTERNET CONNECTION IN VIOLATION OF ANY LAW, RULE OR REGULATION
7.1 The parties and their respective employees, contractors, and agents shall cooperate with regulatory authorities in the performance of its tasks with respect to this DPA.
7.2 Licensee will indemnify, defend, and hold Licensor harmless against any claim, demand, suit or proceeding (including any damages, costs, reasonable attorney’s fees, and settlement amounts) made or brought against Licensor by a third party alleging that the Processing of Licensee Personal Data or Licensee’s use of the Services violates Data Protection Laws.
7.3 ANY CLAIMS BROUGHT UNDER THIS DPA WILL BE SUBJECT TO THE TERMS AND CONDITIONS OF THE CYMONIXIQ+ LICENSE AGREEMENT, INCLUDING THE EXCLUSIONS AND LIMITATIONS SET FORTH IN THE AADDENDUM; PROVIDED, HOWEVER, THAT THE PARTIES HAVE NOT LIMITED THEIR LIABILITY UNDER THE CYMONIXIQ+ LICENSE AGREEMENT, WITH RESPECT TO ANY DATA SUBJECT’S RIGHTS UNDER DATA PROTECTION LAWS WHERE SUCH LIMITATION WOULD BE PROHIBITED BY LAW.
7.4 In the event of a conflict between the CymonixIQ+ License Agreement (or any document referred to therein) and this DPA, the provisions of this DPA shall prevail.
7.5 All notices provided for in this DPA shall be sent to Licensor and Licensee at the addresses provided in the CymonixIQ+ License Agreement and in accordance with all requirements for service of notices set forth therein.
7.6 This DPA will terminate automatically upon the termination of the CymonixIQ+ License Agreement.