This Addendum comprises a variation, and is supplemental to, the End User License EULA (the “EULA”) for the provision of Software as set out in the EULA (the “Services”). In the event of any conflict between the EULA and this Addendum, the terms and conditions of this Addendum shall control. Except to the extent expressly superseded or modified in this Addendum, the terms and conditions of the EULA will apply to this Addendum and remain in full force and effect.
1.1 “Applicable EU Law” means any applicable law of the European Union (or the law of one or more of the Member States of the European Union).
1.2 “California Privacy Law” means, as applicable, the California Consumer Privacy Act and related regulations and, when effective, the California Privacy Rights Act and related regulations.
1.3 “CPA” means, when effective, the Colorado Privacy Act and related regulations.
1.4 “Data Processing Particulars” means in relation to any Processing under this Addendum:
1.5 “PIPEDA” means the Personal Information Protection and Electronic Documents Act, SC 2000, c.5.
1.6 “Privacy Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, theft, or unauthorized access to or disclosure of Personal Information.
1.7 “Privacy Laws” means any law, statute, declaration, decree, directive, legislative enactment, order, ordinance, regulation or other binding restriction (as amended, consolidated or re-enacted from time to time) governing the Processing or protection of Personal Information, including for example, and without limitation, EU GDPR and Directive 2002/58/EC, UK GDPR, PIPEDA, California Privacy Law, the VCDPA, and the CPA.
1.8 “Processing”, “Processed” or “Process” means any operation or set of operations which is performed on Personal Information or on sets of Personal Information, whether or not by automated means, such as but not limited to collection, use, modification, retrieval, disclosure, retention, storage, deletion and/or management of Personal Information.
1.9 “Supervisory Authority” means an independent public authority that is established by an EU Member State to monitor the application of the EU GDPR or by the United Kingdom to monitor the application of the UK GDPR.
1.10 “UK GDPR” means the EU GDPR as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 (and see section 205(4)) and the UK Data Protection Act 2018 (as amended).
1.11 “VCDPA” means, when effective, the Virginia Consumer Data Protection Act.
1.12 Unless otherwise provided a capitalised term that is not defined in this Addendum shall have the meaning given to it in the EULA and the words and expressions in, and the rules of interpretation of, the EULA shall have the same meaning in this Addendum.
2.1 Customer and Service Provider shall each comply with all Privacy Laws that apply to it in relation to any Personal Information Processed in connection with this Addendum, as set out in the Data Processing Particulars at Annex A to this Addendum.
2.2 Customer agrees that it has:
2.3 In the course of Processing Personal Information on behalf of Customer as detailed in Annex A to this Addendum, Service Provider shall:
Service Provider shall provide, and Customer agrees to accept, Service Provider’s most current third-party certifications as may be relevant and available in respect of the Services.
Subject to Clause 6, Customer acknowledges and agrees that Service Provider shall use sub-processors (including Service Provider affiliates) to provide the Services, including the Processing activities set out in Annex A. Service Provider shall enter into a written contract with each such sub-processor that imposes obligations on the sub-processor that are sufficient to permit Service Provider to comply with its obligations under this Addendum. Prior to appointing any new sub-processor in addition to or in lieu of those listed in Annex C, Service Provider shall notify Customer of such sub-processors, whereupon Customer shall have ten (10) days to object to such appointment by providing detailed reasons in writing for such objection to Service Provider, at which point Customer will be deemed to have given written consent to appoint and use such sub-processor if Service Provider has not received an objection from Customer. If Customer objects in writing to the proposed appointment, the Parties shall work together in good faith to resolve Customer’s reasonable concerns.
Service Provider shall notify Customer without undue delay upon Service Provider becoming aware of a Privacy Breach.
Customer acknowledges and agrees that in the course of providing the Services to Customer, Service Provider may transfer Personal Information that is subject to Applicable EU Law to sub-processors in countries outside of the European Economic Area (“EEA”). Subject to section 4 of this Addendum, Service Provider shall ensure that appropriate transfer mechanisms are in place within the meaning of Applicable EU Law.
7.1 This Addendum shall come into force on the Effective Date and shall remain in force until the termination or expiry of the EULA.
7.2 Upon the termination of the EULA or at such other times as instructed by Customer in writing, Service Provider shall either return or securely dispose of the Personal Information and all existing copies, subject to Service Provider’s requirements to retain certain Personal Information in order to comply with its legal and regulatory obligations and applicable law or as otherwise necessary in the context of any disputes or litigation. In the event applicable law does not permit Service Provider to comply with the delivery or destruction of the Personal Information, Service Provider warrants that it shall ensure the confidentiality of the Personal Information in accordance with applicable law.
8.1 This Addendum and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws specified in the EULA.
8.2 The Customer and Service Provider agree that the courts specified in the EULA shall have exclusive jurisdiction to settle any dispute or claim that arises out of or in connection with this Addendum or its subject matter or formation (including non-contractual disputes or claims).