ANNEX B: U.S. STATE PRIVACY LAWS ADDENDUM TO ADSWERVE DATA PROCESSING TERMS

This is not the current version of this document and is provided for archival purposes. View the current version.

 

1.   Introduction

 

This U.S. State Privacy Laws Addendum to the Adswerve Data Processing Terms (the “State Privacy Laws Addendum”) is entered into by Adswerve and Customer and also supplements the Agreement. This State Privacy Laws Addendum reflects the parties’ agreement on the processing of Customer Personal Data and Deidentified Data (as defined below) pursuant to the Agreement in connection with U.S. State Privacy Laws and is effective solely to the extent each U.S. State Privacy Law applies.

 

2.   Additional Definitions and Interpretation

 

2.1.   Deidentified Data” means data information that is “deidentified” (as that term is defined by the CCPA) and “de-identified data” (as defined by other U.S. State Privacy Laws), when disclosed by one party to the other.

2.2.   “Instructions” shall have the meaning given in the Data Processing Terms .

2.3.   The terms “business”, “consumer”, “controller”, “personal data”, “personal information”, “process”, “processing”, “processor”, “sale(s)”, “sell”, “service provider”, and “share” as used in this State Privacy Laws Addendum have the meanings given in the U.S. State Privacy Laws.

2.4.   Capitalized terms used but not defined in this State Privacy Laws Addendum will have the meanings given in the Data Processing Terms.

 

3.   U.S. State Privacy Law Terms

 

This Section 3 shall apply to Adswerve’s processing of Customer Personal Data, except to the extent otherwise set forth in any Schedule applicable to the Services.

3.1.   Roles and Regulatory Compliance; Authorization

(a)   Processor and Controller Responsibilities. The parties acknowledge and agree that:

(i)   Appendix 1 of the Data Processing Terms describes the subject matter and details of the processing of Customer Personal Data;

(ii)   Adswerve is a service provider and processor of Customer Personal Data under U.S. State Privacy Laws;

(iii)   Customer is a controller or processor, as applicable, of Customer Personal Data under U.S. State Privacy Laws;

(iv)   Each party will comply with the obligations applicable to it under U.S. State Privacy Laws with respect to the processing of Customer Personal Data; and

(v)   To the extent that any Usage Information is considered Personal Data, Adswerve is the controller or business with respect to such data and shall Process such data in accordance with its Privacy Policy, which can be found at https://adswerve.com/privacy-policy/.

(b)   Processor Customers. If Customer is a processor:

(i)   Customer warrants on an ongoing basis that the relevant controller has authorized: (A) the Instructions, (B) Customer’s appointment of Adswerve as another processor, and (C) Adswerve’s engagement of Subprocessors as described in Section 9 of the Data Processing Terms;

(ii)   Customer will immediately forward to the relevant controller any notice provided by Adswerve under Sections 7.3.1 (Incident Notification) and 9 (Subprocessors) of the Data Processing Terms; and

(iii)   Customer may make available to the relevant controller any information made available by Adswerve under Sections 7.5 (Customer’s Audit Rights) and 9 (Subprocessors) of the Data Processing Terms.

3.2.   Customer’s Audit Rights Under U.S. State Privacy Laws. In the event that Customer requests an audit pursuant to Section 7.5.2 of the Data Processing Terms, as an alternative to Adswerve’s obligations under such Section Adswerve may, at its sole discretion and in response to Customer’s request, initiate a third-party audit to verify Adswerve’s compliance with its obligations under this State Privacy Laws Addendum. During such an audit, Adswerve will make available to the third-party auditor all information necessary to demonstrate such compliance. Where Customer requests such an audit, Adswerve may charge a fee (based on Adswerve’s or its Service Partners’ reasonable costs) for any audit. Adswerve will provide Customer with further details of any applicable fee, and the basis of its calculation, in advance of any such audit. Customer will be responsible for any fees charged by any third-party auditor appointed by Customer to execute any such audit.

3.3.   Assistance with Impact Assessments. Adswerve will (taking into account the nature of the processing and the information available to Adswerve) assist Customer in meeting Customer’s (or, where Customer is a processor, the relevant controller’s) obligations in respect of data protection impact assessments to the extent required under U.S. State Privacy Laws by: (a) providing the Security Documentation; (b) providing the information contained in the Agreement (including this State Privacy Laws Addendum); and (c) providing or otherwise making available, in accordance with Adswerve’s or the relevant Service Partner’s standard practices, other materials concerning the nature of the applicable Services and the processing of Customer Personal Data (for example, help center materials).

3.4.   Data Subject Rights; Rectification. If Customer becomes aware that any Customer Personal Data is inaccurate or outdated, Customer will be responsible for rectifying or deleting that data if required by U.S. State Privacy Laws, including (where available) by using the functionality of the Services.

3.5.   Deidentified Data. Each party will comply with the requirements for processing Deidentified Data set out in U.S. State Privacy Laws, with respect to any Deidentified Data it receives from the other party pursuant to the Agreement.

 

4.   Adswerve’s CCPA Obligations

 

Except as otherwise set forth in any Schedule applicable to the Services, with respect to Customer Personal Data processed and to the extent that CCPA applies to such processing of Customer Personal Data, Adswerve will act as Customer’s service provider, and as such, unless otherwise permitted for service providers under CCPA, as reasonably determined by Adswerve:

(a) Adswerve will not sell or share any Customer Personal Data that it obtains from Customer in connection with the Agreement;

(b) Adswerve will not retain, use or disclose Customer Personal Data (including outside of the direct business relationship between Adswerve and Customer), other than for a business purpose under the CCPA on behalf of Customer and the specific purpose of performing the Services;

(c) Adswerve will not combine Customer Personal Data that Adswerve receives from, or on behalf of, Customer with (i) personal information that Adswerve receives from, or on behalf of, another person or persons or (ii) personal information collected from Adswerve’s own interaction with a consumer, except to the extent permitted under CCPA;

(d) Adswerve will process such Customer Personal Data for the specific purpose of performing the Services, as further described in the Agreement and supporting documentation, or as otherwise permitted under the CCPA, and the parties agree that Customer is making such Customer Personal Data available to Adswerve for such purposes;

(e) Adswerve will allow audits to verify Adswerve’s compliance with its obligations under this State Privacy Laws Addendum in accordance with Section 7.5.2 (Customer’s Audit Rights) of the Data Processing Terms and Section 3.2 (Customer’s Audit Rights Under U.S. State Privacy Laws) of this Annex B;

(f) Adswerve will notify Customer if Adswerve makes a determination that it can no longer meet its obligations under the CCPA. This Section 4(f) does not reduce either party’s rights and obligations elsewhere in the Agreement;

(g) If Customer reasonably believes that Adswerve is processing Customer Personal Data in an unauthorized manner, Customer has the right to notify Adswerve of such belief, and the parties will work together in good faith to remediate the allegedly violative processing activities, if necessary; and

(h) Adswerve will comply with applicable obligations under CCPA and will provide the same level of privacy protection as is required by CCPA.

 

5.   Changes to this State Privacy Laws Addendum

 

In addition to Section 14 of the Data Processing Terms (Modifications), Adswerve may change this State Privacy Laws Addendum without notice if the change (a) is based on applicable law, applicable regulation, a court order, or guidance issued by a governmental regulator or agency or (b) does not have a material adverse impact on Customer under U.S. State Privacy Laws, as reasonably determined by Adswerve.

 

Annex B to Adswerve Data Processing Terms

1 September 2023

 

Previous Versions: