Last updated: 4/1/2024
The below U.S. State Specific Contract Clauses are made available by Validatar under the Master SaaS Agreement, the Validatar Cloud Terms of Service or the Validatar Cloud Evaluation Terms of Service between Validatar and Customer that expressly references this site (the “Agreement”), and, where applicable, are incorporated into the Agreement by reference. All capitalized terms not defined herein shall have the meanings set forth in the Agreement.
1. Definitions
“CCPA” means the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act.
2. U.S. State-Specific Contract Clauses Prescribed by Data Protection Laws
California: If Customer uploads Customer Personal Data to the Service, which includes personal information governed by the CCPA, then the below clauses shall additionally apply in relation to Validatar’s role as a ‘Service Provider’ for such Customer Personal Data. Terms used below that are defined by the CCPA shall have the definition in the CCPA.
- Validatar shall not sell or share Customer Personal Data.
- Validatar shall not combine Customer Personal Data with Personal Information obtained from, or on behalf of, sources other than Customer, except as expressly permitted under the CCPA. However, Customer’s use of the Service to combine Customer Personal Data with Personal Information which it receives from or on behalf of another person or persons shall be deemed combining by Customer, and not Validatar.
- Validatar shall process the Customer Personal Data on behalf of Customer only to provide the Validatar Offerings and acknowledges that Customer is disclosing the Customer Personal Data to Validatar only for the limited and specified business purpose(s) set forth within the Agreement. For the avoidance of doubt, the specific business purposes include; the Service and Technical Services (both as defined in the Agreement), as well as any support and other ancillary services (including, without limitation, services to prevent or address service or technical problems) provided pursuant to the Agreement.
- Validatar shall not retain, use, or disclose the Customer Personal Data (i) for any purposes (including commercial purposes) other than those business purposes specified in the Agreement and as described in section 3 above, or (ii) outside the direct business relationship between Validatar and Customer, unless, in each case, expressly permitted by the CCPA and its regulations.
- Validatar shall comply with all applicable sections of the CCPA and its regulations, including, with respect to Customer Personal Data, providing the same level of privacy protection as required of businesses by the CCPA and its regulations.
- Validatar’s commitments related to security and safeguards for Customer Personal Data, audits, use of its own service providers, and Validatar’s cooperation in connection with data subject requests are all as set forth in the Agreement.
- Validatar shall notify Customer no later than five business days after Validatar makes a determination that it can no longer meet its obligations under the CCPA and its regulations. Upon such notice from Validatar, Customer may direct Validatar to take reasonable and appropriate steps to stop and remediate unauthorized use of Customer Personal Data by deleting all or the relevant portion of Customer Personal Data from the Service or by such other means as agreed between the parties.