by and between
you, as a user of the iubenda service
and
iubenda s.r.l.
Via San Raffaele, 1
20121 Milan
Italy
legal representative, Andrea Giannangelo
Therefore, business and Service Provider agree as follows:
1. Definitions. For purposes of this Addendum, the terms below shall only have the meanings set forth below. Capitalized terms used but not otherwise defined in this Addendum have the meanings set forth in the Agreement.
1.1 “CCPA” means the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (CPRA) of 2020.
1.2 “Personal Information” means any “personal information” (as defined in the CCPA) contained within the data or set of data that the Service Provider “processes” (as defined in the CCPA) on behalf of the "business" (as defined in the CCPA) for a business purpose (as defined in the CCPA), in connection with the performance of the Services under the Agreement.
2. Service Provider Obligations.
2.1 the Service Provider undertakes to comply with all applicable CCPA requirements and to provide the same level of privacy protection as is required by the CCPA.
2.2 to the extent that the Service Provider processes the Personal Information on behalf of the business for a business purpose under the Agreement, it acts as “service provider” (as defined in the CCPA) and shall process the User Personal Information solely for the business purpose under the Agreement.
2.3 the Service Provider shall not retain, use, disclose or otherwise process the Personal Information for any purpose other than for the business purpose specified in the Agreement, including retaining, using or disclosing personal information for a commercial purpose other than the business purposes specified in the contract or as otherwise permitted by the CCPA. The Service Provider shall return or delete all the Personal Information once the Services have been performed, or sooner if so directed by the business.
2.4 the Service Provider shall follow all the business’s instructions regarding the return or destruction of the Personal Information.
2.5 the Service Provider shall not “sell” nor "share" (as defined in the CCPA) any of the User Personal Information.
2.6 the Service Provider shall not retain, use or disclose the Personal Information outside of the direct business relationship with the business.
2.7 the Service Provider shall not combine the Personal Information it receives from the business with personal information it receives from or on behalf of another person or persons or that it collects from its own interaction with the consumer, provided that the Service Provider may combine the Personal Information to perform any business purpose identified by the California Privacy Protection Agency’s regulations.
2.8 the Service Provider shall assist the business in fulfilling its obligations to respond to verifiable "consumer" (as defined under the CCPA) requests related to their Personal Information including, but not limited to, by providing access to, correcting or deleting relevant Personal Information in Service Provider’s possession. The Service Provider shall also notify its own service providers or contractors to delete the Personal Information.
2.9 If the Service Provider receives a verifiable consumer request to delete Personal Information that the Service Provider collects, maintains, or otherwise processes on behalf of the business, the Service Provider shall inform the consumer that it should submit the request directly to the business and, when feasible, provide the consumer with the relevant contact information.
2.10 the Service Provider shall enter into written agreements with each third party subcontractor that processes the Personal Information that obligate the subcontractor to comply with terms that are at least as restrictive as those imposed on the Service Provider under this Addendum, including the prohibition of the sale and sharing of the Personal Information.
2.11 the Service Provider undertakes to notify the business whenever it decides it can no longer meet its obligations under the CCPA.
3. No Consideration.
Notwithstanding anything in the Agreement entered into between the Service Provider and the business, the Service Provider’s access to the Personal Information is not part of the consideration exchanged by the parties in respect of the Agreement.
4. Duration of this Addendum.
Notwithstanding the expiration of the Agreement, this Addendum will remain in effect until, and automatically expire upon, Service Provider’s deletion or return of all the Personal Information to the business.
5. Conflicts.
In the event of any conflict or inconsistency between this Addendum and the terms of the Agreement, this Addendum shall prevail, notwithstanding any statement to the contrary in the Agreement.