Legal
Data Protection Agreement
This Data Protection Agreement (“DPA”) pertains to the Software Licensing Agreement (“Agreement”) between EdgeCortix Inc. (“Service Provider”) and you as our customer (“Customer”) and forms part of the Agreement.
Service Provider performs certain services for Customer under the Agreement (“Services”), and as part of the Services, Service Provider may given or have access to Personal Information of Customer, as that term is used and understood under Data Privacy Laws (defined below). This DPA outlines how Service Provider will handle Personal Information of Customer. :
- Definitions
- “Cross-context behavioral advertising” means the targeting of advertising to a consumer based on the consumer’s personal information obtained from the consumer’s activity across businesses, distinctly- branded websites, applications, or services, other than the business, distinctly-branded website, application, or service with which the consumer intentionally interacts.
- “Data Privacy Laws” means all applicable laws, rules, regulations, and other legal or self-regulatory requirements in any jurisdiction relating to privacy, data protection, data security, breach notification, or the Processing (as defined below) of Personal Information.
- “Personal Information” includes all information that identifies a person as defined by Applicable Data Privacy Laws.
- “Process” and “Processing” mean any operation or set of operations performed in relation to Personal Information, including but not limited to the collection, storage, and use of Personal Information.
- “Security Breach” means the unauthorized or unlawful destruction, loss, alteration, disclosure, or Processing of Personal information.
- “Sale” or “Sell” or “Third Party” will have the meanings set forth in California Civil Code § 1798.140 and other applicable Data Privacy Laws.
- “Service Provider” includes the term “Processor” and similar terms, and such terms will have the same meaning as defined by applicable Data Privacy Laws.
- “Share,” “Shared,” or “Sharing” will have the meanings set forth in California Civil Code 1798.140 and other applicable Data Privacy Laws.
- “Subprocessor” means any subcontractor that Processes Personal Information on Service Provider’s behalf.
- Service Provider Obligations
- Service Provider will Process Personal Information for the limited purpose of providing the Services to Customer enumerated in the Agreement or as otherwise instructed by Customer in writing. All Processing of Personal Information by Service Provider will be in compliance with Data Privacy Laws.
- Without limiting the foregoing, Service Provider will not: (i) Sell Personal Information; (ii) Share Personal Information for Cross-context Behavioral Advertising purposes; (iii) retain, use, or disclose any Personal Information for any purpose, including any commercial purpose, other than for the business purposes specified in the Agreement or as otherwise instructed by Customer in writing; (iv) retain, use, or disclose any Personal Information to any third party outside of the direct business relationship between Customer and Service Provider; (v) violate any applicable restrictions enumerated in Data Privacy Laws, including those on combining the Personal Information that Service Provider receives from, or on behalf of, Customer with Personal Information that Service Provider receives from, or on behalf of, another person or persons, or that Service Provider collects from any interaction between itself and any individual; or (vi) engage in any Processing of Personal Information that is prohibited or not permitted by “Processors” or “Service Providers” under Data Privacy Laws.
- Service Provider will not attempt to re-identify any pseudonymized, anonymized, aggregate, or de-identified Personal Information. Service Provider will take reasonable measures to ensure that any deidentified data cannot be associated with any individual, and Service Provider will not attempt to reidentify the data, in accordance with applicable Data Privacy Laws.
- In the event Service Provider is legally obligated to provide any Personal Information to a third party: (i) Service Provider will promptly provide Customer with a reasonable opportunity to contest the legal obligation or to seek protection for the disclosure; and (ii) Service Provider, after consultation with Customer and Service Provider’s legal counsel, will disclose only the minimum amount of Personal Information necessary to comply with the legal obligation.
- Service Provider will promptly notify Customer if Service Provider determines that it can no longer meet its obligations under this DPA or Data Privacy Laws or that it has breached any of its obligations in this DPA or violated any Data Privacy Laws.
- Except as may be necessary to comply with legal obligations, Service Provider will delete all Personal Information from its systems upon the end of the Services relating to the Processing. In the event that Service Provider is legally required to maintain such Personal Information, Service Provider will provide notice of the same to Customer. Thereafter, such Personal Information may continue to be stored within Service Provider’s system, but will not be Processed in any other way and will comply with all applicable Data Privacy Laws.
- Service Provider grants to Customer the right, upon reasonable notice, to take reasonable and appropriate steps to stop and remediate any unauthoried use of Personal Information.
- Service Provider will endeavor to modify or amend this DPA in the event new or changed Data Privacy Laws require such modification or amendment.
- Assistance with Processing. If Service Provider engages any Subprocessor or other person to assist it in Processing Personal Information, such Subprocessors or persons engaged will:
- Have been selected through steps reasonably designed to ensure such Subprocessor’s or person’s reliability, competence and trustworthiness, including conducting appropriate background checks where legally able to do so;
- Have received the training necessary to facilitate Service Provider’s compliance with this DPA;
- Have entered into an appropriate written agreement obligating such Subprocessor or person to comply with Data Privacy laws and to Process Personal Information only as allowed by this DPA; and
- Receive from Service Provider access to Personal Information only to the extent that such access is needed to enable the Subcontractor or person to carry out the obligations for which such Subcontractor or person has been engaged.
- Assistance With Data Privacy Law Compliance. The parties will reasonably cooperate with and assist each other to ensure their respecrtive compliance obligations under the Data Privacy Laws, taking into account the nature of the Service Provider's processing and the information available to the Service Provider. Without limiting the foregoing:
- Service Provider will notify Customer as soon as possible, but at least within three (3) business days of receiving any request or complaint related to any Personal Information.
- Service Provider will not respond to any such requests unless Customer has authorized Service Provider in writing to do so, except to the extent Service Provider has an obligation under applicable law to respond directly.
- If Service Provider has an obligation under applicable law to respond directly, it will, unless legally prohibited from doing so, notify Customer of this requirement prior to making the initial notification and comply with Customer’s reasonable instructions in responding to such request.
- In the event Customer requests Service Provider to delete or modify any Personal Information, Service Provider will promply do so and will pass along those deletion or modification requests to downstream parties in accordance with Data Privacy Laws.
- Security. Service Provider will implement appropriate technical and organizational measures to ensure a level of security for the Personal Information appropriate to the risk and in all cases such measures will be in compliance with applicable Data Privacy Laws
- Security Breach. Service Provider will comply with all Security Breach-related obligations applicable to it under Data Privacy Laws. Taking into account the nature of Processing and the information available to it, Service Provider will provide reasonable assistance to Customer in complying with Customer’s Security Breach-related obligations.
DATE LAST MODIFIED: August 21, 2024