Personal Information Processing Agreement
NXT Generation LLC, a California limited liability company ("the Company").
you (the “Customer”)
A. Having noted changes to data protection law being introduced by among others, the California Consumer Privacy Act of 2018, as amended from time to time, and
B. Being mindful of their own direct responsibilities and liabilities under data protection law.
The parties have agreed to enter into this PIPA to govern their rights and obligations under Data Protection Law in relation to the processing of personal information, in so far as this is required by the CCPA and other applicable law.
1.1. “Affiliate” means an entity that directly or indirectly controls or owns, or is owned or controlled, or is under common control or ownership with another entity. Any references to the Company or the Customer shall be construed to mean reference to their respective Affiliates;
1.2. "Data Protection Law" means California Consumer Privacy Act of 2018 (the “CCPA”) as amended from time to time; the California Online Privacy Protection Act of 2003 as amended from time to time; and the California Electronic Communications Privacy Act as amended from time to time;
1.3. "Service Provider" has the same meaning as the one provided for in Section 1798.140(ag) of the CCPA. For the purposes of this PIPA and Terms, the Service Provider is the Company;
1.4. "The Terms" means either the Company’s [standard T&Cs] for Customers (as the same may be modified from time to time) or any other separately negotiated agreement between the Company and the Customer concerning the Customer’s use of the Company’s marketing services or the Customer Order Form (the “Services”);
1.5. All definitions in Section 1798.140 of the CCPA shall apply to this PIPA;
1.6. All capitalized terms shall have the meaning given in the Terms.
2. GENERAL PROVISIONS
2.1. This PIPA is hereby incorporated into and forms part of the Terms. In the event and to the extent of a conflict with any provision of the Terms relating to Data Protection Law, this PIPA shall prevail. Save as specifically amended herein, all of the provisions of the Terms, save to the extent modified by this PIPA, are unaffected and shall continue to apply.
2.2. The parties acknowledge that the rights and obligations of this PIPA are supported by the consideration provided under the Terms.
2.3. This PIPA together with the Terms represent the Customer’s complete and final documented instructions to the Company, which may change from time to time, for the processing of personal information on the Customer's behalf, including for the avoidance of doubt with regard to transfers of personal information as described in Clause 8 below.
2.4. This PIPA applies where and only to the extent that the Company processes personal information that originates from California and/or is otherwise subject to Data Protection Law.
2.5. Each party’s and all of its Affiliates’ liability, taken together in the aggregate, arising out of or related to this PIPA or the SCCs, whether in contract, tort or under any other theory of liability, is subject to any limitation of liability provisions set out in the Terms, and any reference herein to the liability of any party means the aggregate liability of that party and all of its Affiliates under the Terms.
3. PERSONAL INFORMATION PROCESSING
3.1. The Company may process, on behalf of the Customer, personal information:
3.1.1. relating to consumers identified in the process of generating marketing leads for the Customer in accordance with the Terms and for the length of time permitted under the Terms;
3.1.2. by automated means for the purpose of fulfilling its obligations under the Terms or as otherwise required by law;
3.1.3. such as individual names, physical addresses, email addresses, IP addresses, internet browser types, phone numbers, and any other information that consumers submit on the Company's landing pages.
4. UNDERTAKINGS OF THE COMPANY
4.1. The Company undertakes to implement appropriate technical and organizational measures sufficient to ensure that any processing of personal information it undertakes on behalf of the Customer will meet the requirements of Data Protection Law and will ensure the protection of the rights of the consumer to whom the personal information relates. With regard to the above, the Company hereby undertakes to:
4.1.1. only act on the documented instructions of the Customer, as amended from time to time, unless otherwise required by law;
4.1.2. ensure that persons authorized to process the personal information in compliance with the CCPA, if any, are subject to a duty of confidence;
4.1.3. ensure a level of security of personal information processing appropriate to the risk involved in such processing;
4.1.4. only engage third parties as subcontractors in the processing of personal information on behalf of the Customer on terms substantially similar to the terms of this PIPA and in compliance with the CCPA;
4.1.5. assist the Customer, insofar as this is possible taking into account the nature of the relevant processing, in fulfilling the Customer's obligations with respect to the exercise of consumers’ rights laid down in Data Protection Law (it being understood that the Company will be entitled to make reasonable charges to the Customer reflecting the level of assistance required);
4.1.6. reasonably assist the Customer, while taking into account the nature of the processing and the information available to the Company, in meeting its obligations under Data Protection Law in relation to the security of processing, the notification of personal information breaches and data protection impact assessments (it being understood that the Company will be entitled to make reasonable charges to the Customer reflecting the level of assistance required);
4.1.7. for all personal information obtained from, or on behalf of, the Customer in the performance of the Services, Company shall not: (i) sell such personal information; (ii) retain, use, or disclose such personal information for a purpose other than for the performance of the Services; (iii) retain, use, or disclose such personal information outside of the direct business relationship between the Company and Customer; or (iv) combine such personal information with personal information that Company receives from, or on behalf of, another person or persons, or collects from Company’s own interaction with the consumer, provided that Company may combine personal information to perform any business purpose as defined in regulations adopted pursuant to Section 1798.185(a)(10) of the CCPA, except as provided for in Section 1798.140(e)(6) of the CCPA and in regulations adopted by the California Privacy Protection Agency.
4.1.8. delete and/or return to the Customer all personal information obtained from the Customer within a reasonable time following the Customer’s request following expiry of the Terms, save for any personal information the Company is obliged to retain under law;
4.1.9. allow for and contribute to audits conducted by or on behalf of the Customer and make available to the Customer information necessary to verify that the Customer and the Company are both meeting their obligations under this PIPA (it being understood that the Company will be entitled to make reasonable charges to the Customer reflecting the level of assistance required);
4.1.10. attend to queries related to Data Protection Law that the Customer may have in relation to this PIPA or the Terms, which are to be directed to firstname.lastname@example.org.
5. UNDERTAKINGS OF THE CUSTOMER
5.1. The Customer hereby:
5.1.1. acknowledges, with respect to personal information acquired by the Customer, it is solely responsible for the accuracy, quality, and legality of personal information and the means by which it was acquired;
5.1.2. grants permission to the Company to use third party subcontractors on its behalf for the purposes of fulfilling the Company's obligations under this PIPA (and the Company shall, upon request, make a list of such subcontractors available to the Customer within a reasonable time);
5.1.3. instructs the Company to process personal information on its behalf for the purposes of fulfilling its obligations under this PIPA; and
5.1.4. acknowledges that, as a business that collects and/or controls the collection of a consumer’s personal information, it is ultimately responsible for ensuring that personal information is processed in accordance with Data Protection Law.
6. THIRD PARTIES
6.1. The Company has engaged Microsoft Online Services to facilitate the provisions of its own marketing services to the Customer, on terms substantially similar to these of this PIPA. The Company will procure that any agreements it enters into with any other third parties will be on such terms as well. In the event the Company engages additional or alternative third parties as subcontractors it will notify the Customer in writing.
7. SECURITY MEASURES
7.1. The Company maintains a robust set of security measures for ensuring the ongoing confidentiality, integrity and availability of personal information, and the resilience of the hardware and software systems in use. Such security measures are subject to continuing technical progress and development.
7.2. Further information on the security measures the Company has in place is available on request made via email to email@example.com.
8. PERSONAL INFORMATION TRANSFERS OUTSIDE THE UNITED STATES
8.1. The Customer acknowledges and agrees that the Company or its subcontractors may transfer personal information outside the United States to the extent necessary to provide the services specified in the Terms.
8.2. Any international transfers pursuant to clause 8.1, to the extent that these include the processing of personal information covered by Data Protection Law, shall be made solely pursuant to an appropriate safeguard or otherwise permitted by law.
9. DISPUTE RESOLUTION
9.1 Both parties agree to arbitrate any dispute arising from the PIPA or your use of the Company’s website and/or Services, except that neither party is required to arbitrate any dispute in which either party seeks equitable and other relief for the alleged unlawful use of copyrights, trademarks, trade names, logos, trade secrets, or patents. ARBITRATION PREVENTS EITHER PARTY FROM SUING IN COURT OR FROM HAVING A JURY TRIAL. Both parties agree that they will notify each other in writing of any dispute within thirty (30) days of when it arises. Notice to the Company shall be sent to: NXT GENERATION LLC, Attn: Legal, 1401 21st St., STE R, Sacramento, CA 95811. Both parties further agree: to attempt informal resolution prior to any demand for arbitration; that any arbitration will occur in Los Angeles County, California; that arbitration will be conducted confidentially by a single arbitrator in accordance with the rules of JAMS; and that the state or federal courts in Los Angeles County, California have exclusive jurisdiction over any appeals of an arbitration award and over any suit between the parties not subject to arbitration. Other than class procedures and remedies discussed below, the arbitrator has the authority to grant any remedy that would otherwise be available in court. Any dispute between the parties will be governed by these terms and the laws of the State of California and applicable United States law, without giving effect to any conflict of laws principles that may provide for the application of the law of another jurisdiction. Whether the dispute is heard in arbitration or in court, neither party will commence against the other a class action, class arbitration, or other representative action or proceeding.
9.2 BOTH PARTIES AGREE THAT ANY CAUSE OF ACTION ARISING OUT OF OR RELATED TO THE PIPA AND/OR THE SERVICES PROVIDED BY THE COMPANY MUST COMMENCE WITHIN ONE (1) YEAR AFTER THE CAUSE OF ACTION ACCRUES. OTHERWISE, SUCH CAUSE OF ACTION IS PERMANENTLY BARRED.
10. FINAL PROVISIONS
10.1 If any provision of this PIPA is or becomes invalid, illegal or unenforceable, it shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable. If such modification is not possible, the relevant provision shall be deemed deleted. Any modification to or deletion of a provision under this Clause shall not affect the validity and enforceability of the rest of this PIPA.
10.2 Each party warrants to the other that (i) it has full capacity and authority and all necessary licenses, permits and consents to enter into and to perform its obligations under this PIPA and (ii) this PIPA is executed by its duly authorized representative.
10.3 TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, THE CUSTOMER AGREES TO INDEMNIFY, DEFEND, AND HOLD THE COMPANY HARMLESS FROM ANY CLAIMS, LOSSES, DAMAGES, DEMANDS, EXPENSES, COSTS, AND LIABILITIES, INCLUDING LEGAL FEES AND EXPENSES, ARISING OUT OF OR RELATED TO ANY VIOLATION BY THE CUSTOMER OF THIS PIPA, OR ANY BREACH OF THE REPRESENTATIONS, WARRANTIES, AND COVENANTS MADE BY THE CUSTOMER HEREIN. THE CUSTOMER AGREES TO PROMPTLY NOTIFY THE COMPANY OF ANY THIRD-PARTY CLAIM, AND THE COMPANY RESERVES THE RIGHT, AT THE CUSTOMER’S EXPENSE, TO ASSUME THE EXCLUSIVE DEFENSE AND CONTROL OF ANY MATTER FOR WHICH THE CUSTOMER IS REQUIRED TO INDEMNIFY THE COMPANY, AND THE CUSTOMER AGREES TO COOPERATE WITH THE COMPANY’S DEFENSE OF THESE CLAIMS. THE COMPANY WILL USE REASONABLE EFFORTS TO NOTIFY THE CUSTOMER OF ANY SUCH CLAIM, ACTION, OR PROCEEDING UPON BECOMING AWARE OF IT. FOR THIS CLAUSE, “THE COMPANY” INCLUDES THE COMPANY’S SUBSIDIARIES, AFFILIATES, MEMBERS, MANAGERS, AGENTS AND THIRD-PARTY SERVICE PROVIDERS.
10.4 TO THE FULLEST EXTENT PERMITTED BY LAW, THE COMPANY’S LIABILITY FOR DAMAGES IS LIMITED TO THE AMOUNT OF MONEY THE COMPANY HAS EARNED THROUGH THE COMPANY’S PROVISION OF SERVICES. FOR THIS CLAUSE, “THE COMPANY” INCLUDES THE COMPANY’S SUBSIDIARIES, AFFILIATES, MEMBERS, MANAGERS, AGENTS AND THIRD-PARTY SERVICE PROVIDERS.
10.5 TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW: (A) THE COMPANY’S WEBSITE AND SERVICES, AND THE CONTENT AND MATERIALS CONTAINED THEREIN ARE PROVIDED ON AN “AS IS” BASIS WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, EXCEPT AS EXPRESSLY PROVIDED TO THE CONTRARY IN WRITING BY THE COMPANY; (B) THE COMPANY DISCLAIMS ALL OTHER WARRANTIES, STATUTORY, EXPRESS, OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT AS TO THE COMPANY’S WEBSITE AND SERVICES, INCLUDING ANY INFORMATION, CONTENT, OR MATERIALS CONTAINED THEREIN; (C) THE COMPANY DOES NOT REPRESENT OR WARRANT THAT THE CONTENT OR MATERIALS ON THE COMPANY’S WEBSITE ARE ACCURATE, COMPLETE, RELIABLE, CURRENT, OR ERROR-FREE; (D) THE COMPANY IS NOT RESPONSIBLE FOR TYPOGRAPHICAL ERRORS OR OMISSIONS RELATING TO TEXT OR PHOTOGRAPHY; AND (E) WHILE THE COMPANY ATTEMPTS TO MAKE YOUR ACCESS AND USE OF THE COMPANY’S WEBSITE SAFE, THE COMPANY CANNOT AND DOES NOT REPRESENT OR WARRANT THAT THE COMPANY’S WEBSITE IS FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS, AND THEREFORE, THE CUSTOMER SHOULD USE INDUSTRY-RECOGNIZED SOFTWARE TO DETECT AND DISINFECT VIRUSES FROM ANY DOWNLOAD. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY THE CUSTOMER OR THE COMPANY OR through THE COMPANY’S WEBSITE WILL CREATE ANY WARRANTY NOT EXPRESSLY STATED HEREIN.