Last updated: September 5, 2024
This Data Processing Addendum (the “Addendum”) is incorporated into and forms part of the agreement between Traffic Data Labs LLC (“ContactLevel”) and the Client, based on the ContactLevel Services Agreement (the “Agreement”), which outlines the provision of ContactLevel Data Services (the “Services”) to the Client. Any terms not specifically defined in this Addendum will follow the meanings provided in the Agreement. Unless stated otherwise, the terms of the Agreement remain unchanged and fully enforceable.
1. Effectiveness
a. Scope. This Addendum applies only as required by Data Protection Laws concerning the applicable Client Personal Data. If there is any inconsistency between the Agreement and this Addendum regarding Processing, the terms of this Addendum shall prevail.
b. Termination. This Addendum will come to an end upon the earliest of the following: (i) termination of the Agreement (without affecting any accrued rights and obligations that survive such termination); (ii) as terminated by the terms of this Addendum; or (iii) as mutually agreed upon by the parties in writing.
2. Definitions
In this Addendum, the following definitions apply:
• Client Personal Data refers to any Personal Data obtained from or on behalf of the Client under the Agreement, which is subject to Data Protection Laws. • Controller refers to an entity that determines the purposes and methods for Processing Personal Data. • Data Protection Laws means the privacy and security regulations applicable to the Processing of Client Personal Data under the Agreement, including European and U.S. Data Protection Laws, where applicable. • Data Subject refers to any individual who can be identified, directly or indirectly, and whose Personal Data is being processed. • European Data Protection Laws means, where applicable: (a) the EU General Data Protection Regulation 2016/679 (“GDPR”); (b) the GDPR as integrated into UK law by the European Union (Withdrawal) Act 2018 and other related UK laws (“UK GDPR”); (c) the Swiss Federal Act on Data Protection (“Swiss FADP”); and (d) any other relevant laws concerning the protection of Client Personal Data within the European Economic Area, United Kingdom, or Switzerland. • Personal Data refers to information that can identify, relate to, describe, or be linked, either directly or indirectly, to a particular individual, including terms like “personally identifiable information,” “personal information,” or “personal data” as defined under Data Protection Laws. • Process refers to any operation or series of operations conducted on Personal Data, whether automated or not, including but not limited to collecting, organizing, structuring, storing, altering, retrieving, using, disclosing, or erasing Personal Data. • Processor refers to an entity that Processes Personal Data on behalf of a Controller. • Security Incident refers to a breach of ContactLevel’ security that results in the unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Client Personal Data held by ContactLevel. Incidents such as unsuccessful log-in attempts, pings, port scans, denial-of-service attacks, or other network attacks that do not result in data compromise are not considered Security Incidents. • Standard Contractual Clauses refers to either Module Two (Transfer controller to processor) or Module Three (Transfer processor to processor) of the clauses approved by the European Commission for data transfers outside of the EU, as amended in Appendix 3. • Subprocessor refers to any Processor that ContactLevel may engage in connection with the Processing of Client Personal Data under the Agreement. • Supervisory Authority refers to an independent public authority responsible for ensuring compliance with Data Protection Laws. • United States Data Protection Laws refers to the applicable privacy laws in the U.S., including but not limited to: (a) the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, “CCPA”); (b) the Virginia Consumer Data Protection Act (“VCDPA”); (c) the Colorado Privacy Act (“CPA”); (d) the Utah Consumer Privacy Act (“UCPA”); (e) Connecticut’s SB6, An Act Concerning Personal Data Privacy and Online Monitoring (“CTDPA”); and (f) any other U.S. laws or regulations concerning the protection of Client Personal Data.
ContactLevel, Traffic Data Labs LLC
1309 Coffeen Avenue, STE 1200, Sheridan, Wyoming 82801