CCPA Service Provider Addendum
This CCPA Service Provider Addendum (the “Addendum”) reflects the requirements of the California Consumer Privacy Act of 2018 and its implementing regulations, as amended or superseded from time to time (the “CCPA”).
This Addendum is an agreement between Exceed AI Ltd. (“Exceed”, “Service Provider”) and you or the entity you represent (“Customer”). This Addendum supplements Exceed’s Terms and Conditions Agreement available at https://exceed.ai/terms, as updated from time to time, between Customer and Exceed, governing Customer’s use of Exceed’s customer interaction management software, which enables personalized and automated interactions with customers and potential customer (the “Agreement”), to the extent that Customer is a Business under the CCPA and thus Exceed acts as a Service Provider as defined under the CCPA.
Exceed and Customer shall each be referred to as a “Party” and collectively, as the “Parties”.
The Parties agree, stipulate and declare as follows:
The terms used in this Addendum shall have the meanings set forth in this Addendum. Capitalised terms not otherwise defined herein shall have the meaning given to them in the Agreement. Except as modified below, the terms of the Agreement shall remain in full force and effect.
In consideration of the mutual obligations set out herein, the Parties agree that the terms and conditions set out below shall be added as an Addendum to the Agreement. Except where the context requires otherwise, references in this Addendum to the Agreement are to the Agreement as amended, and including, this Addendum.
- “CCPA” means the California Consumer Privacy Act of 2018, including amendments and final regulations.
- “Personal Information” has the same meaning given to such term under section 1798.140 the CCPA.
- “Services” means the Exceed’s Services provided to Customer under the Agreement.
- “Customer’s Personal Information” Personal Information provided to Exceed by Customer and/or collected by Exceed on behalf of Customer in order for Exceed to provide its Services under the Agreement.
- “Processing”, “Consumer” “Business Purposes”, “Sell,” and “Service Provider” have the meanings assigned to them in the CCPA.
2. Scope and Applicability of this Addendum
- This Addendum applies to Exceed’s collection, retention, use, and disclosure of Customer’s Personal Information in connection with the provision of the Services to Customer pursuant to the Agreement.
- Customer is a Business and appoints Exceed as a Service Provider to Process Customer’s Personal Information on behalf of Customer. Customer is responsible for compliance with the requirements of the CCPA applicable to Businesses.
3. Restrictions on Processing
- Exceed is prohibited from Processing the Personal Information for any purpose other than for the specific purpose of performing the Services specified in the Agreement for Customer, or for any other purpose as permitted by the CCPA.
- Exceed may aggregate, de-identify, or anonymize Personal Information so it no longer meets the Personal Information definition, and may use such aggregated, de-identified, or anonymized data for its own purposes. Exceed will not attempt to or actually re-identify any previously aggregated, de-identified, or anonymized data.
4. Required Consents and Notices to Consumers
- Customer shall comply with all the transparency and disclosure requirements with respect to Consumers whose Personal Information is Processed by Exceed in the course of the provision of the Services and in particular shall assure to comply with sections 1798.100, 1798.105, 1798.110, 1798.115, and 1798.125 and 1798.130 of the CCPA.
- Customer represents and warrants that it has provided the required notices that Customer’s Personal Information is being used or shared consistent with the provisions of the CCPA, and that it has obtained all the necessary consents, for the lawful Processing of Customer’s Personal Information.
5. Consumer Rights
- Exceed shall comply with all applicable requirements of the CCPA, and shall, where possible assist Customer with responding to CCPA Consumer Rights Requests as required by applicable CCPA requirements.
- Exceed shall promptly notify Customer of any request received by Exceed from a Consumer with respect to their Personal Information Processed by Exceed in the course of the provision of the Services, and shall not respond to the Consumer except as to direct such Consumer to contact the Customer, unless otherwise instructed by Customer.
6. Data Security
- Exceed will use commercially reasonable security procedures that are reasonably designed to maintain an industry-standard level of security, prevent unauthorized access to and/or disclosure of Customer’s Personal Information.
7. Personal Data Breach
- In the event of a known unauthorized access, exfiltration, theft, use or disclosure by an unauthorized third party of Customer’s Personal Information (“Security Breach”), Exceed will promptly notify Customer in writing of the Security Breach and shall take the steps required to mitigate the ramifications of such Security Breach.
8. Transfer of Personal information
- Exceed shall not disclose, release, transfer, make available or otherwise communicate any Customer’s Personal Information unless and to the extent that such disclosure is made to a Service Provider for the provision of the Services to Customer or for a permitted Business Purpose, provided that Exceed has entered into a written agreement with such Service Provider which imposes the same obligations on the Service Provider with regard to its Processing of Customer’s Personal Information. Notwithstanding the foregoing, nothing in this Addendum shall restrict Exceed’s ability to disclose Customer’s Personal Information to comply with any applicable laws or as otherwise permitted under the CCPA.
9. No Sale of Personal Information
- Exceed shall not sell any Customer’s Personal Information to another Business or third party without the prior written consent of Customer.
10. Legal and Other Disclosures
- Exceed shall provide Customer with reasonable cooperation and assistance, at Customer’s expense, needed to assist Customer in its compliance with any investigation by the Attorney General of Customer regarding compliancy with CCPA. Furthermore, Exceed may cooperate with law enforcement agencies concerning conduct or activity that it reasonably and in good faith believes may violate international, federal, state, or local law.
- In the event that Exceed is legally obliged to disclose Customer’s Personal Information pursuant to law, regulation, warrant, court order, or otherwise in accordance with this Addendum, promptly after it becomes aware that it will be legally obliged to make such a disclosure it shall, unless prohibited by law, notify Customer in writing of the legal directive, the reason and the form of the disclosure.
- Exceed certifies that it understands its obligations under this Addendum and the CCPA and will comply with them.
12. Liability and Indemnity
- Customer shall indemnify Exceed and will hold Exceed harmless against all claims, losses, damages and expenses incurred by Exceed arising out of a breach of this Addendum and/or the CCPA by Customer.
13. Governing Law and Jurisdiction
- This Addendum is governed by the laws of Israel. Any disputes arising from or in connection with this Addendum, shall be brought exclusively before the competent courts of Tel Aviv.
- Should any provision of this Addendum be invalid or unenforceable, then the remainder of this Addendum shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability, while preserving the Parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.