Privacy Policy
State Consumer Privacy Laws Addendum
This State Consumer Privacy Laws Addendum (“Addendum”) is incorporated into the Service Agreement (“Agreement”) by and between J.D. Heiskell Holding LLC (“Company”) and the various Service Providers (“Service Provider”), with an Effective Date of August 1, 2023.
1. Service Provider’s California Consumer Privacy Act Obligations
A. Service Provider acknowledges and agrees to comply with the applicable terms of the California Consumer Privacy Act of 2018 as amended (Cal. Civ. Code §§ 1798.100 – 1798.199) including applicable regulatory or other guidance (“CCPA”). The parties hereby agree that Service Provider is a “service provider” under the CCPA. Terms defined in the CCPA, including, without limitation, personal information, have the same meaning when used in this Section 1 of the Addendum unless otherwise defined herein. As a service provider for the Company, Service Provider agrees:
1) Service Provider will not collect, retain, use, or disclose personal information it accesses, receives, or creates pursuant to the Agreement (“Company Personal Information”) for any purpose other than for the purposes set out in the Agreement and as permitted under the CCPA. Service Provider acknowledges that Company is disclosing or making available Company Personal Information to Service Provider only for the limited and specified purposes and services set for in the Agreement (“Services”).
2) Service Provider will not sell or share Company Personal Information.
3) Service Provider will not collect, retain, use, or disclose Company Personal Information for any commercial purpose other than the Services, nor for any purposes outside of its direct business relationship with Company, unless expressly permitted under the CCPA. Service Provider will not combine or update Company Personal Information with personal information that it receives from or on behalf of another person, or that Service Provider collects from its own interactions with a consumer, unless permitted under the CCPA and the Company.
4) Service Provider shall comply with all applicable sections of the CCPA with respect to Company Personal Information and shall provide the level of privacy protection to Company Personal Information as is required of businesses thereunder. Such compliance may include, without limitation, implementing reasonable security procedures and practices, appropriate to the nature of the Company Personal Information, to protect that information from unauthorized or illegal access, destruction, use, modification, or disclosure in accordance with Cal. Civ. Code § 1798.81.5.
5) Service Provider will promptly notify Company if it determines that it can no longer meet its obligations under applicable provisions of the CCPA.
6) Service Provider shall comply with the Company’s right to take reasonable and appropriate steps to ensure that Service Provider uses Company Personal Information in a manner consistent with Company’s obligations under the CCPA. These steps may include, without limitation, manual reviews and automated scans of Service Provider’s information systems, and regular internal or third-party assessments, audits, or other technical and operational testing at least once every 12 months.
7) Service Provider shall comply with Company’s right, upon notice, to take reasonable and appropriate steps to stop and remediate use of Company Personal Information that is unauthorized under the CCPA, including, without limitation, requiring Service Provider to provide documentation verifying that it no longer retains or uses Company Personal Information of consumers that submitted to Company a valid request to delete.
8) In the event Service Provider is legally required to disclose personal information for a purpose unrelated to the Services, Service Provider will, unless legally prohibited, inform {00024237/2} Effective August 1, 2023 Company of the legal requirement and give it reasonable opportunity to object to or challenge the disclosure.
9) If the Services require the collection of Company Personal Information by Service Provider directly from consumers on Company’s behalf, Company will provide Service Provider a CCPA-compliant notice at collection that Service Provider shall make available to such consumers at or before collection of such information and in a manner and format consistent with the CCPA. Service Provider will not modify or alter such notice without Company’s written consent.
10) Service Provider shall reasonably cooperate with Company to comply with consumer requests made pursuant to the CCPA. In the event Service Provider receives requests directly from consumers, Service Provider will promptly inform Company of such requests, but not later than five (5) days following receipt and reasonably cooperate with Company in responding to them.
11) If Service Provider subcontracts with another person in connection with the Services, Service Provider shall (a) notify Company of the engagement and (b) have a written contract with such person that complies with CCPA, including with respect to such person’s Service Provider’s or contractors; and (c) be liable for the Services provided by its subcontractors to the same extent as if those services were provided by Service Provider.
{00024237/2} Effective August 1, 2023