Last Updated: July 10, 2023
California Consumer Privacy Act of 2018 Addendum (the “CCPA Addendum”) is made by and between Select Labs Inc. ("SELECT", "Supplier") and the entity identified as Customer ("Customer") in the SELECT Order Form or any other agreement between Customer and SELECT for the purchase of Services (in each case, the "Agreement"). This CCPA Addendum is incorporated into the Agreement between SELECT and Customer. This CCPA Addendum shall be effective for so long as the SELECT Processes Customer Personal Data. All capitalized terms not defined in this CCPA Addendum shall have the meanings set forth in the Agreement.
This CCPA Addendum applies only where, and to the extent that, Supplier processes Personal Information that is subject to the the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (the “CCPA”) on Your behalf as a Service Provider in the course of providing the Services pursuant to the Agreement. You are a Business and appoint Supplier as its Service Provider to process the Personal Information. Supplier is responsible for compliance with its obligations as a Service Provider under the CCPA Addendum and this Agreement. Customer is responsible for compliance with its own obligations as a Business under the CCPA.
With respect to the CCPA, it is the parties’ intent that Supplier is a Service Provider to Customer with respect to Personal Information. Supplier shall not (a) Sell or Share Personal Information, (b) retain, use, or disclose any Personal Information for any purpose other than for the specific purpose of providing the services specified in the Agreement (“Services”), or as otherwise permitted by the CCPA, (c) retain, use, or disclose Personal Information outside of the direct business relationship between Customer and Supplier, or (d) combine Personal Information with any other data if and to the extent this would be inconsistent with the limitations on service providers under the CCPA. Supplier hereby certifies that it understands the obligations under this Section 1 and will comply with them.
Supplier (a) acknowledges that Personal Information is disclosed by Customer only for limited purposes described in the Agreement; (b) shall comply with applicable obligations under the CCPA and shall provide the same level of privacy protection to Personal Information as is required by the CCPA; (c) shall notify Customer in writing of any determination made by Supplier that it can no longer meet its obligations under the CCPA or the Agreement; and (d) agrees that Customer has the right, upon notice, including pursuant to the preceding clause, to take reasonable and appropriate steps to stop and remediate unauthorized use of Personal Information.
The Agreement permits Supplier to create or use aggregated, anonymized or deidentified Personal Information, and such use shall be permitted only to the extent any such data constitutes “Aggregate Consumer Information” or has been “Deidentified”, and Supplier has complied with all requirements under the CCPA applicable thereto to the same extent that would be required if Supplier were a “business” with respect to such information.
The parties acknowledge and agree that Supplier’s access to and processing of Personal Information are integral to Supplier’s provision of the Application and the business relationship between the parties and are not part of the consideration exchanged by the parties in respect of the Agreement.
Supplier shall promptly take such actions and provide such information as Customer may reasonably request to help Customer perform its obligations under the CCPA with respect to requests from individuals to exercise their rights under the CCPA and other applicable privacy laws, including, without limitation, requests to access, delete, opt out of the sale of, or receive information about Personal Information pertaining to them. Supplier agrees to cooperate in good faith with Customer to further amend the Agreement as may be necessary to address compliance with the CCPA or other applicable privacy laws.
When Supplier engages any third party to process Personal Information as a sub-processor, Supplier shall: (i) notify Customer of the engagement, and (ii) enter into a written agreement with such sub-processor that complies contains privacy and security obligations substantially similar to those in this CCPA Addendum and the Agreement. Giving Customer notice of any sub-processor engagements in accordance with this Section 7 of the shall satisfy Supplier’s obligations under the CCPA to give notice of such engagements.
Supplier agrees that Customer may conduct audits to help ensure that Supplier’s use of Personal Information is consistent with Supplier’s obligations under the CCPA. Such audits shall be in accordance with any applicable audit section of the Agreement or pursuant to this CCPA Addendum if no section of the Agreement is applicable to auditing CCPA compliance.
The terms “Aggregate Consumer Information", “Commercial Purpose", "Consumer", “Deidentified", "Personal Information", “Sell", “Service Provider” and "Share" shall have the meanings given in the CCPA. “Personal Information” means any information that Supplier has at any time, whether before or after the date hereof, collected, accessed, received, used, disclosed, or otherwise processed on behalf of Customer in relation to Supplier’s provision of Services to Customer under the Agreement and that constitutes “personal information” under the CCPA.
Supplier will, upon Customer’s instruction and upon proof of such a communication, provide reasonable assistance to Customer to enable Customer to respond to any correspondence, enquiry or complaint received from a Consumer or the California Attorney General and/or the Californian Privacy Protection Agency in connection with Supplier’s the collection and processing of the Personal Information.
Nothing in this CCPA Addendum reduces Supplier’s obligations under the Agreement or permits Supplier to retain, use, disclose or otherwise process (or permit the retention, use, disclosure or processing of) Personal Information in a manner that is prohibited by the Agreement.