Provider and Customer agree to add the following terms to their Agreement:
Both sides agree to do their respective parts to comply with the California Consumer Privacy Act and its regulations, consistent with Provider’s role as a “service provider“, and not as a “third party“, under that law.
Whenever it is feasible and legal to do so, each side will give the other prompt notice of user rights requests, regulatory inquiries, and other communications under the California Consumer Privacy Act according to the notice provisions of the Agreement. Both sides agree to cooperate in good faith to respond to and honor such communications, and to meet other obligations under the California Consumer Privacy Act.
Provider may not:
sell personal information collected from consumers covered by the California Consumer Privacy Act that Customer discloses to Provider
retain, use, or disclose such information for any purpose other than for the specific purpose of performing the services specified in the contract, including retaining, using, or disclosing such information for a commercial purpose other than providing the services specified in the contract
retain, use, or disclose such information outside of the direct business relationship between Provider and Customer
Provider certifies that Provider understands the restrictions in Prohibitions and will comply with them.
Both sides agree to limit use of personal information covered by the California Consumer Privacy Act to that reasonably necessary and proportionate to achieve the purpose of the Agreement, consistent with the meaning of “business purpose“ under that law.
Provider agrees to ensure that each subcontractor that processes Customer information covered by the California Consumer Privacy Act will also qualify as a “service provider“, and not as a “third party“, under that law.
If the terms of this addendum conflict with terms of the Agreement, the terms of this addendum take precedence.