State Data Privacy & Protection Addendum
This State Data Privacy & Protection Addendum is between Infutor Data Solutions, LLC (“Service Provider”) and you (“Company”), and is effective as of the date of acceptance. This addendum sets forth the terms and conditions relating to processing of Company’s Personal Information in connection with the products, services or activities provided by Service Provider to Company pursuant to the applicable agreements in effect between the parties (“Agreements”).
In the event of a conflict between the terms of the Agreements and this addendum, the addendum will control.
Company is the Controller of Personal Information and has entered into Agreements with Service Provider for the Processing of such Personal Information on Company’s behalf. The Agreements identify the purposes of Processing the Personal Information, the type(s) of Personal Information to be Processed, and the duration of such Processing as necessary for Business Purposes and any other purposes agreed to by Company and Service Provider in the Agreements.
Therefore, Company and Service Provider agree as follows:
“Applicable Law” means statutes, rules, and regulations adopted that are applicable to the Personal Information including, but not limited to the California Consumer Privacy Act, the California Privacy Rights Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, the Utah Consumer Privacy Act, and the Virginia Consumer Data Protection Act.
“Business Purpose” means the use of Personal Information for the Company’s operational purposes, or other notified purposes, or for Processor’s operational purposes, provided that the use of such Personal Information shall be reasonably necessary and proportionate to achieve the purpose for which the Personal Information was collected or Processed or for another purpose that is compatible with the context in which the Personal Information was collected.
“Commercial Purposes” is as defined under the Applicable Law.
“Controller” means the entity that, alone or jointly with others, determines the purposes and means of Processing Personal Information.
“Cross-context Behavioral Advertising” is as defined under the Applicable Law.
“Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, is linked or could reasonably be linked, directly or indirectly, with a particular natural person or household, subject to any exceptions or exclusions under Applicable Law.
“Process” “Processes” or “Processing” means any operation, or set of operations, performed on Personal Information by automated or manual means, including the collection, use, storage, disclosure, analysis, deletion, or modification of such Personal Information.
“Processor” or “Service Provider” means the entity that Processes Personal Information on behalf of the Controller.
“Sell” or “Sale” generally means providing Personal Information by any means in exchange for monetary or other valuable consideration, and specifically is as defined under the Applicable Law.
“Share” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, Personal Information for Cross-context Behavioral Advertising, whether or not for monetary or other valuable consideration.
“Subprocessor” means any third party engaged by, or on behalf of, Service Provider to Process Personal Information.