CCPA DATA PROCESSING ADDENDUM

Pursuant to the Master Service Agreement and agreements incorporating it (jointly referred to as the “Agreement“) between Customer, on behalf of itself and its affiliates (“Customer“), and Vendor, and in furtherance of obligations under the California Consumer Privacy Act of 2018 (California Civil Code §§ 1798.100 to 1798.199) and its implementing regulations, as amended or superseded from time to time (“CCPA”), the Parties hereby adopt this CCPA Addendum (“CCPA Addendum“) for so long as Vendor maintains Personal Information on behalf of Customer. This CCPA Addendum prevails over any conflicting terms of the Agreement, but does not otherwise modify the Agreement.

BRYTER US Inc., 33 Irving Place, Suite 5007, New York, NY 10003, US (hereinafter “Vendor“) and the Customer (hereinafter “Customer“), together also referred to as the “Parties” and each also referred to as a “Party” hereby agree as follows:

1. Definitions.

The capitalized terms used in this CCPA Addendum and not otherwise defined in the Agreement, shall have the meaning set forth in this CCPA Addendum.

2. Roles and Scope.

2.1. This CCPA Addendum applies to the collection, retention, use, disclosure, and sale of Personal Information provided by Customer or which is collected on behalf of Customer by Vendor (the Personal Information“) to provide services to Customer pursuant to the Agreement or to perform a business purpose.

2.2. Customer is a business and appoints Vendor as a service provider to process the Personal Information on behalf of Customer.

2.3. Vendor’s collection, retention, use, disclosure, or sale of Personal Information for its own purposes independent of Customer’s use of the services specified in the Agreement are outside the scope of this CCPA Addendum.

3. Restrictions on Processing.

3.1. Vendor is prohibited from retaining, using, or disclosing the Personal Information for any purpose other than for the specific purpose of performing the services specified in the Agreement for Customer, as set out in this CCPA Addendum, or as otherwise permitted by the CCPA Addendum.

3.2. Vendor shall not further collect, sell, or use the Personal Information except as necessary to perform the business purpose. For the avoidance of doubt, Vendor shall not use the Personal Information for the purpose of providing services to another person or entity, except as permitted by the CCPA Addendum.

4. Notice.

Customer represents and warrants that it has provided notice that the Personal Information is being used or shared consistent with Cal. Civ. Code 1798.140(t)(2)(C)(i).

5. End User Rights.

5.1. Vendor shall provide reasonable assistance to Customer in facilitating compliance with End User rights requests.

5.2. Upon direction by Customer, and in any event no later than 30 days after receipt of a request from Customer, Vendor shall promptly delete the Personal Information as directed by Customer.

Vendor shall not be required to delete any of the Personal Information to comply with an End User’s request directed by Customer if it is necessary to maintain such information in accordance with Cal. Civ. Code 1798.105(d), in which case Vendor shall promptly inform Customer of the exceptions relied upon under 1798.105(d) and Vendor shall not use the Personal Information retained for any other purpose than provided for by that exception.

6. Deidentified Information.

In the event that either Party shares deidentified information with the other Party, the receiving Party warrants that it: (i) has implemented technical safeguards that prohibit reidentification of the End User to whom the information may pertain; (ii) has implemented business processes that specifically prohibit reidentification of the information; (iii) has implemented business processes to prevent inadvertent release of deidentified information; and (iv) will make no attempt to reidentify the information.

7. Mergers, Sales, or Other Asset Transfers.

In the event that either Party transfers to a third party the Personal Information of an End User as an asset that is part of a merger, acquisition, bankruptcy, or other transaction in which the third party assumes control of all or part of such Party to the Agreement, that information shall be used or shared consistently with applicable law. If a third party materially alters how it uses or shares the Personal Information of an End User in a manner that is materially inconsistent with the promises made at the time of collection, it shall provide prior notice of the new or changed practice to the End User in accordance with applicable law.

8. As Required by Law.

Notwithstanding any provision to the contrary of the Agreement or this CCPA Addendum, Vendor may cooperate with law enforcement agencies concerning conduct or activity that it reasonably and in good faith believes may violate federal, state, or local law.

9. Indemnification.

To the extent that the Agreement requires Vendor to collect, use, retain, disclose, or reidentify any Personal Information as directed by Customer, Customer shall be solely liable and shall hold harmless and indemnify Vendor for any damages or reasonable costs, including attorneys’ fees and interest, arising from or related to the collection, use, retention, disclosure, or reidentification of such Personal Information by Vendor as directed by Customer.

10. Security.

Vendor hereby represents and warrants that it shall implement and maintain no less than reasonable security procedures and practices, appropriate to the nature of the information, to protect the Personal Information from unauthorized access, destruction, use, modification, or disclosure.

11. Sale of Information.

The Parties acknowledge and agree that the exchange of Personal Information between the Parties does not form part of any monetary or other valuable consideration exchanged between the Parties with respect to the Agreement or this CCPA Addendum.

Version: 5.0 (May 2024)

Book a personalized demo