The following terms, when used in these Subscription Terms (hereafter, this “Agreement”) will have the following meanings:
1.1 “Order” means an Anonomatic quote, Statement of Work, Quotation, Quotation Terms and Conditions and order form, online order page or other similar document that sets forth the components of the Anonomatic Services to which Customer (defined below) is obtaining a subscription, applicable subscription term, pricing therefor and other relevant terms, and that references this Agreement.
1.2 “Professional Services” means the professional services provided by Anonomatic to Customer as set forth in an Order and subject to a Statement of Work.
1.3 “Proprietary Information” means any information or data disclosed or made available by either party (the “Disclosing Party”) to the other party (the “Receiving Party”) that is marked or otherwise designated as confidential or proprietary or that should otherwise be reasonably understood to be confidential in light of the nature of the information and the circumstances surrounding disclosure. Proprietary Information of Anonomatic includes, without limitation, all software, documentation and other non-public information relating to the Services or the features, functionality and performance thereof.
1.4 “Services” means Anonomatic’s solution, which may be offered as installation in Customer’s virtual private cloud or similar location or as a hosted cloud platform operated and controlled by Anonomatic, together with all related documentation provided by Anonomatic.
1.5 “Statement of Work” means a statement of work referencing this Agreement (and an applicable Order) which is mutually executed by the parties describing the Professional Services. Any such Statements of Work are hereby incorporated by reference into this Agreement.
1.6 “Quotation” means a quote related to the cost of the Services to be provided by Anonomatic to Customer and is incorporated by reference into this Agreement.
1.7 “Quotation Terms and Conditions” means a statement of additional terms and conditions that apply to the Quotation and are incorporated by reference into this Agreement.
1.8 “Term” shall mean Customer’s initial subscription term for the Services as set forth in the applicable Order along with any applicable subscription renewal terms, as described in Section 6 below.
2. SERVICES AND SUPPORT
2.1 General. Anonomatic, Inc. (“Anonomatic”) provides its Services to you (the “Customer”) pursuant to the terms of this Agreement. By entering into a Services Order with Anonomatic or otherwise registering for, accessing or using the Services, each party accepts and agrees to all of the terms of this Agreement. By entering into this Agreement on behalf of a company or other legal entity, Customer and Anonomatic represent that it each has the authority to bind such entity and its affiliates to the terms of this Agreement, and, accordingly, the terms “Customer” and “Anonomatic” shall refer to such entity and its affiliates. If either party does not have such authority, or either party does not agree to all of the terms of this Agreement, Customer may not use the Services and Anonomatic may not provide the Services to Customer. Capitalized terms not defined herein shall be given the meaning set forth in the applicable Order.
2.2 Services Offering. If Anonomatic has agreed to provide Customer an on-premises deployment of the Services, Anonomatic hereby grants Customer a non-exclusive, non-transferable, non-sublicensable license during the Term to install and use the Services solely on servers owned or controlled by Customer solely for Customer’s own business purposes, subject to any capacity or site terms or restrictions set forth in the relevant Order. If Anonomatic has agreed to host the Services for Customer, then, subject to the terms of this Agreement, Anonomatic will use commercially reasonable efforts to provide Customer the Services during the Term solely for Customer’s internal business operations, subject to any terms and restrictions set forth in each Order.
2.3 Support; Professional Service. Subject to the terms of this Agreement (and payment of all applicable fees), Anonomatic will provide customer commercially reasonable technical support and maintenance for the Services in accordance with Anonomatic’s support policy. If Customer has purchased Anonomatic’s Professional Services, Anonomatic shall use commercially reasonable efforts to provide Customer such Professional Services in a professional and workmanlike manner, subject to the terms of this Agreement and the applicable Order (including payment of all applicable Professional Services fees).
3. RESTRICTIONS AND RESPONSIBILITIES
3.1 Restrictions. Customer will only use the Services as expressly permitted herein and in the applicable Order and agrees that it will not (and will not allow any third party to), directly or indirectly: reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, ideas, know-how or algorithms relevant to the Services; modify, translate, or create derivative works based on the Services (except to the extent expressly permitted by Anonomatic in writing or authorized within the Services); remove any proprietary notices or labels; or modify, adapt, hack, or attempt to probe, scan or test the vulnerability of, the Services, or otherwise attempt to gain unauthorized access to the Services or its related systems or networks.
3.2 Compliance. Customer represents, covenants, and warrants that Customer will use the Services only in compliance with Anonomatic’s standard published policies then in effect and all applicable laws and regulations (including, without limitation, those relevant to privacy, intellectual property and the like).
3.3 Equipment. Customer shall be responsible for obtaining and maintaining any equipment and ancillary services needed to connect to, access or otherwise use the Services, including, without limitation, modems, hardware, server, software, operating systems, networking, web servers and the like (collectively, “Equipment”). Customer shall also be responsible for maintaining the security of the Equipment, Customer account, passwords (including but not limited to administrative and user passwords) and files, and for all uses of Customer account or the Equipment with or without Customer’s knowledge or consent.
3.4 Anonomatic Representations. Anonomatic represents, warrants and covenants that (i) it is a corporation duly formed and existing under the laws of the State of California and, to the extent required by applicable law, it is registered to carry on business in each of the jurisdictions in which the it operates; (ii) the execution, delivery and performance of this Agreement by Anonomatic has been duly and validly authorized by all requisite action on the part of its directors and the performance of the transactions contemplated by the Agreement and the fulfillment of the terms herein will not result in a conflict with, result in any breach of its articles of incorporation or bylaws or any of the terms and provisions of, or constitute (with or without notice or lapse of time or both) a default under any indenture, contract, agreement, mortgage, deed of trust, or other instrument to which Anonomatic is a party to; and (iii) it has all requisite power, authority and capacity to enter into and perform this Agreement and to sell and convey the Services to Customer in accordance with the provisions of this Agreement.
4. CONFIDENTIALITY; PROPRIETARY RIGHTS
4.1 Confidentiality. The Receiving Party agrees: (i) to take reasonable precautions to protect all Proprietary Information of the Disclosing Party, and (ii) not to use (except as permitted herein) or divulge to any third person (other than employees or contractors with a reasonable need to know who are bound by confidentiality obligations consistent with this Agreement) any such Proprietary Information of the Disclosing Party. The Disclosing Party agrees that the foregoing shall not apply with respect to any information that the Receiving Party can document (a) is or becomes generally available to the public through no fault of the Receiving Party, or (b) was in its possession or known by it without restriction prior to receipt from the Disclosing Party, or (c) was rightfully disclosed to it without restriction by a third party, or (d) was independently developed without use of any Proprietary Information of the Disclosing Party or (e) is required to be disclosed by law.
4.2 Data Security. Anonomatic will maintain a security program that is designed to (i) ensure the security and integrity of Customer data uploaded to the Services (if hosted by Anonomatic) by Customer or collected by Anonomatic in the provision of the Services or Professional Services (“Customer Data”); (ii) protect against threats or hazards to the security or integrity of Customer Data; and (iii) prevent unauthorized access to Customer Data. In furtherance of the foregoing, Anonomatic will maintain the administrative, physical and technical safeguards designed to protect the security of Customer Data (if hosted by Anonomatic). Anonomatic’s security safeguards include measures for preventing access, use, modification or disclosure of Customer Data by Anonomatic personnel except (a) to provide and maintain the Services and prevent or address service or technical problems, (b) as required by applicable law, or (c) as Customer expressly permits in writing or under this Agreement. Anonomatic will not materially diminish the protections provided in this Section during the term of this Agreement. To the extent that Anonomatic receives and processes any Personal Information (as defined in the DPA referenced below) contained in Customer Data that is subject to the GDPR or CCPA (as defined in the DPA), on Customer’s behalf, in the provision of the Services or Professional Services, the parties will execute Anonomatic’s Data Processing Addendum (“DPA”), and attach such DPA to this Agreement.
4.3 Proprietary Rights. Except as otherwise expressly provided in this Agreement or the relevant Order, Anonomatic shall own and retain all right, title and interest in and to (a) the Services and all improvements, enhancements or modifications thereto, (b) any software, applications, inventions or other technology developed by or on behalf of Anonomatic in connection with Services, Professional Services, or any other services or support (unless such development is subject to a separate work for hire or similar written agreement between the parties), and (c) all intellectual property rights related to any of the foregoing. If Customer provides any suggestions, comments for enhancements or functionality or other feedback to Anonomatic with respect to the Services or any of Anonomatic’s other products or services, Customer grants Anonomatic a non-exclusive, irrevocable, transferable, sublicensable license to use and otherwise exploit any intellectual property or other proprietary rights in such Feedback. For the avoidance of doubt, nothing in this Section 4.3 gives Anonomatic any rights or interest in any data provided by Customer that interacts with the Services.
4.4 Services Improvements; Aggregate Data and Marketing. Notwithstanding anything to the contrary, Anonomatic shall have the right collect and analyze data and information relating to the use and performance of various aspects of the Services and related technologies (excluding Customer Data), and Anonomatic will be free (during and after the term hereof) to use such data and information for the measurement of the use and performance of the Services. No rights or licenses are granted except as expressly set forth herein.
5. PAYMENT OF FEES
5.1 Fees. Customer will pay Anonomatic the then applicable subscription and other fees for the Services and any applicable Professional Services (or other services), as described in the relevant Order (or in the Services itself, as applicable) in accordance with the terms therein (the “Fees”). Except as otherwise expressly provided herein, all Fees are non-cancelable and non-refundable regardless of any early termination of this Agreement. If Customer’s use of the Services exceeds any applicable limits set forth on the Order or otherwise requires the payment of additional fees (per the terms of this Agreement), Customer shall be billed for such usage and Customer agrees to pay the additional fees in the manner provided herein. If Customer believes that Anonomatic has billed Customer incorrectly, Customer must contact Anonomatic no later than 60 days after the closing date on the first billing statement in which the error or problem appeared, in order to receive an adjustment or credit. Inquiries should be directed to Anonomatic’s customer support department.
5.2 Payment Terms. Anonomatic will bill through an invoice and full payment for invoices issued in any given month must be received by Anonomatic no later than thirty (30) days after the date of the invoice. Unpaid or late Fees are subject to a finance charge of 1.0% per month on any outstanding balance, or the maximum permitted by law, whichever is lower, plus all expenses of collection. Customer shall be responsible for all taxes associated with Services other than U.S. taxes based on Anonomatic’s net income.
6. TERM; TERMINATION
6.1 Term. Subject to earlier termination as provided below, this Agreement is for the initial subscription term as specified in the Order, and shall be automatically renewed for additional periods of the same duration as the initial subscription term (collectively, the “Term”), except as expressly provided in the Order, and unless either party requests termination at least thirty (30) days prior to the end of the then-current term.
6.2 Termination. In addition to any other remedies it may have, either party may also terminate this Agreement upon thirty (30) days’ written notice (or ten (10) days’ in the case of nonpayment), if the other party materially breaches any of the terms or conditions of this Agreement and such breach is not cured during the notice period. Anonomatic may also reasonably suspend Customer’s and/or any users’ access to or use of Services at any time in its commercially reasonable discretion on the advice of counsel, if it possesses a good faith belief that Customer’s use of the Services may be in violation of this Agreement or otherwise places Anonomatic (or its customers or other interests) at risk of harm, damage, loss or liability. Upon termination, Customer’s right to use the Services shall immediately terminate, all outstanding Fees due for the Services for the Term up and until the termination shall immediately become due and payable, Customer shall immediately cease us of and return (or at Anonomatic’s option destroy) all Services software and related documentation in its possession or control, and each party shall return to the other all Proprietary Information. Notwithstanding anything in this Agreement to the contrary, if Anonomatic (i) becomes unable to provide the Services received by Customer pursuant to this Agreement and the applicable Order due to events that are not solely caused by Customer’s material breach of this Agreement, or (ii) materially breaches the Agreement, Customer has the right to terminate this Agreement and upon such termination prior to the expiration of the subscription term in the applicable Order, Anonomatic shall promptly refund Customer, on a prorated basis, for any unused portion of any fees prepaid by Customer with respect this Agreement and any applicable Order. The terms of the following Sections shall survive expiration or termination of this Agreement: 3, 4, 5, 6.2, 8.2, 10 and 11.
7.1 Anonomatic shall defend, at its expense, Customer (including its officers, directors, employees, agents, assignees, and representatives), against any claims by third parties that the Services infringes or misappropriates a third party’s patent, copyright or trade secret rights, and shall pay any damages awarded or agreed to in a settlement with respect to such claims and Customer’s reasonable legal costs and expenses incurred in connection with such claims. The foregoing obligations do not apply with respect to the Services or portions or components thereof (i) not supplied by Anonomatic; (ii) combined with other products, processes or materials where the alleged infringement relates to such combination and not to the Services, (iii) where Customer continues allegedly infringing activity after being notified thereof or after being informed of modifications that would have avoided the alleged infringement, or (iv) where Customer’s use of the Services is material breach of this Agreement.
7.2 Customer shall defend, at its expense, Anonomatic (including its officers, directors, employees, agents, assignees, and representatives), against any claims by third parties arising from or related to Customer’s breach of this Agreement and shall pay any damages awarded or agreed to in a settlement with respect to such claims and Customer’s reasonable legal costs and expenses incurred in connection with such claims. The foregoing obligations do not apply with respect to claims that would not have arisen but for Anonomatic’s breach of this Agreement.
7.3 For the avoidance of doubt, any indemnification claims are subject to the limitation of liability in Section 9. The party seeking indemnification (the “Indemnitee”) shall promptly notify the other party (the “Indemnitor”) of any such claim, tender control of the defense or settlement of such claim to the Indemnitor, and provide reasonable cooperation at Indemnitor’s expense in the defense or settlement thereof. Indemnitor shall not agree to any settlement of such claim that imposes any liability or obligation on Indemnitee or that admits or implies any wrongdoing by or on behalf of Indemnitee.
8. WARRANTY AND DISCLAIMERS
8.1 Warranty. With respect to an on-premises deployment of the Services, Anonomatic warrants that the Services will conform to Anonomatic’s documentation in all material respects for a period of thirty (30) days after delivery thereof to Customer. If Anonomatic is hosting the Services on Customer’s behalf, Anonomatic warrants that it shall use reasonable efforts consistent with prevailing industry standards to operate and maintain the Services in a manner which minimizes errors and interruptions in the Services. Anonomatic shall use diligent efforts to repair or replace any portion of the Services that does not conform to the foregoing warranty.
8.2 DISCLAIMER. HOWEVER, ANONOMATIC DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR FREE; NOR DOES IT MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM USE OF THE SERVICES. EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE SERVICES AND ANY MONITORING (OR OTHER) SERVICES ARE PROVIDED “AS IS” AND ANONOMATIC DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
9. LIMITATION OF LIABILITY
NOTWITHSTANDING ANYTHING TO THE CONTRARY, EXCEPT FOR BODILY INJURY OF A PERSON, NEITHER PARTY NOR ITS SUPPLIERS (INCLUDING BUT NOT LIMITED TO ALL EQUIPMENT AND TECHNOLOGY SUPPLIERS), OFFICERS, AFFILIATES, REPRESENTATIVES, CONTRACTORS AND EMPLOYEES SHALL NOT BE RESPONSIBLE OR LIABLE WITH RESPECT TO ANY SUBJECT MATTER OF THIS AGREEMENT OR TERMS AND CONDITIONS RELATED THERETO UNDER ANY CONTRACT, GROSS NEGLIGENCE, STRICT LIABILITY OR OTHER LEGAL OR EQUITABLE THEORY: (A) FOR ANY INDIRECT, EXEMPLARY, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES; OR (B) FOR ANY AMOUNTS THAT, TOGETHER WITH AMOUNTS ASSOCIATED WITH ALL OTHER CLAIMS, EXCEED THE FEES RECEIVED BY ANONOMATIC UNDER THIS AGREEMENT IN THE 12 MONTHS PRIOR TO THE ACT THAT GAVE RISE TO THE LIABILITY, IN EACH CASE, WHETHER OR NOT EITHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
10. GOVERNMENT MATTERS
To the extent applicable, Customer may not remove or export from the United States or allow the export or re-export of the Services or anything related thereto, or any direct product thereof in violation of any restrictions, laws or regulations of the United States Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control, or any other United States or foreign agency or authority. As defined in FAR section 2.101, the Services and documentation are “commercial items” and according to DFAR section 252.227-7014(a)(1) and (5) are deemed to be “commercial computer software” and “commercial computer software documentation.” Consistent with DFAR section 227.7202 and FAR section 12.212, any use modification, reproduction, release, performance, display, or disclosure of such commercial software or commercial software documentation by the U.S. Government will be governed solely by the terms of this Agreement and will be prohibited except to the extent expressly permitted by the terms of this Agreement.
If any provision of this Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable. This Agreement is not assignable or transferable by either party without the other party’s prior written consent, except that either party may assign this Agreement without consent to a successor to all or substantially all of such party’s assets or business. Anonomatic may use subcontractors in its performance of this Agreement; provided that Anonomatic shall remain responsible for any such subcontractor’s performance hereunder. Except to the extent the parties have mutually executed and delivered a separate written agreement covering the same Anonomatic Services (a “Separate Signed Agreement”), this Agreement along with the Order is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements, communications and other understandings relating to the subject matter of this Agreement, and all waivers and modifications must be in a writing signed by both parties, except as otherwise provided herein. In the event of a conflict between the terms of this Agreement and the terms of a Separate Signed Agreement, the terms of the Separate Signed Agreement shall supersede and control. However, any different or additional terms of any purchase order, confirmation, or similar pre-printed form will have no force or effect. No agency, partnership, joint venture, or employment is created as a result of this Agreement and Customer does not have any authority of any kind to bind Anonomatic in any respect whatsoever. In any action or proceeding to enforce rights under this Agreement, the prevailing party will be entitled to recover costs and attorneys’ fees. All notices under this Agreement will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by facsimile or e-mail; the day after it is sent, if sent for next day delivery by recognized overnight delivery service; and upon receipt, if sent by certified or registered mail, return receipt requested. This Agreement shall be governed by the laws of the State of California without regard to its conflict of laws provisions. Any claim, action or proceeding arising from or relating to this Agreement may only be brought in the state or federal courts of California and each party hereby consents to the exclusive jurisdiction thereof.
Data Processing Addendum
This Data Processing Addendum (“DPA”) is entered by and between the Anonomatic, Inc. (“Anonomatic” or “Data Processor”) and Customer identified below (“Customer” or “Data Controller”). This DPA supplements the governing agreement entered into by the parties with respect to Anonomatic’s products and services (the “Governing Agreement”). Capitalized terms not expressly defined here have the same meanings as in the Governing Agreement.
This addendum is accepted and agreed to by checking terms and conditions when purchasing Anonomatic’s products and services
1. OVERVIEW OF PROCESSING. Customer and Anonomatic have entered into a Governing Agreement between the parties, for provision of the Anonomatic Service to Customer. This DPA, which is incorporated as an attachment to that agreement, describes the parties’ respective data protection obligations for the Personal Data processed on the Anonomatic Service. With respect to this Personal Data, the parties agree that: (i) Customer is the “controller” or “business” under Data Protection Laws and will comply with its corresponding obligations under applicable Data Protection Laws; and (ii) Anonomatic is the “processor” or “service provider” under Data Protection Laws and will comply with its corresponding obligations under applicable Data Protection Laws.
2. INSTRUCTIONS FOR PROCESSING. Anonomatic is authorized to process Customer’s Personal Data only in accordance with the Instructions, as defined below. Customer will ensure that it has all necessary rights and permissions to permit Personal Data to be processed in accordance with these Instructions and that it will provide Personal Data to Anonomatic only to the extent permitted by, and in compliance with, the Governing Agreement. Any additional Instructions must be agreed to in writing by Customer and Anonomatic.
3. PERSONNEL. Anonomatic will ensure that its employees and contractors who have access to Personal Data are subject to a written or legal obligation to maintain the confidentiality of that data and are adequately instructed in the good handling of Personal Data. Anonomatic will implement measures to restrict employee access to Personal Data as set out in the Security Standards.
4. SECURITY MEASURES. Anonomatic will implement appropriate technical and organisational security measures designed to protect Personal Data processed by the Anonomatic Service against unauthorised or unlawful processing, accidental or unlawful destruction, accidental loss or alteration, and unauthorised disclosure or access (the “Security Standards”). Anonomatic may modify its technical and organisational security measures from time to time to reflect process improvements or changing practices, provided that such modifications do not result in an overall degradation of the security measures specified in the Security Standards. Anonomatic has no responsibility for Customer’s systems or other third party systems, including for their security, availability, integrity or data processing activities. Customer agrees that it is solely responsible for its own use of the Anonomatic Service, including securing its account authentication credentials and choosing appropriate privacy and security settings.
5. [INTENTIONALLY LEFT BLANK]
6. DATA SUBJECT REQUESTS. Anonomatic has implemented technical and organisational measures to assist Customer with its obligation to respond to Data Subject requests under Data Protection Laws. Anonomatic will make this functionality available to Customer during Customer’s Subscription Term. Customer agrees to follow Anonomatic’s documented procedures for Data Subject requests, confirm the requester’s identity, provide sufficient information to identify relevant records containing Personal Data, review any records provided to Customer and otherwise cooperate with Anonomatic’s reasonable requests. Customer will use commercially reasonable efforts to not send duplicative or unnecessary requests to Anonomatic (for example, requests for Personal Data not processed by the Anonomatic Services). If Anonomatic receives a Data Subject request identifying Customer, Anonomatic will not respond directly unless required by law, and it will promptly forward that request to Customer.
7. BREACH NOTIFICATION. Unless prohibited by law, Anonomatic must promptly (and without undue delay) notify Customer if it becomes aware of any Breach. The notice must include, as available: (i) a description of what happened; (ii) the scope of the Breach, including a description of the type of Personal Data involved; (iii) a description of the response; and (iv) other information as may be reasonably required to be disclosed under applicable Data Protection Laws. Anonomatic will provide Customer with any other cooperation and assistance that Customer may reasonably require in relation to investigating and responding to the Breach. Anonomatic may delay its notifications as requested by law enforcement or in light of its legitimate need to investigate or remediate a Breach. For security reasons, the parties agree to keep information regarding the Breach confidential, unless a disclosure is required by law or is made to a professional adviser who needs to know the information and is subject to a duty of confidentiality. Anonomatic’s obligation to report or respond to a Breach under this Section is not an acknowledgement by Anonomatic of any fault or liability with respect to the Breach.
8. DATA DELETION. On the expiration or termination of the Governing Agreement, at Customer’s request and after permitting Customer to download available personal data for up to 30 days following expiration or termination, Anonomatic will delete Customer’s Personal Data from its production systems unless applicable law or legal process prevents it from doing so.
9. CALIFORNIA CONSUMER PROTECTION ACT. Consistent with Anonomatic’s obligations as a “service provider” under CCPA, Anonomatic will not (a) sell Personal Data; (b) retain, use or disclose any Personal Data for any purpose other than in accordance with the Instructions, including retaining, using or disclosing the Personal Data for a commercial purpose other than providing the Anonomatic Services; or (c) retain, use or disclose the Personal Data outside of the direct business relationship between Anonomatic and Customer. Notwithstanding anything in the Agreement, the parties acknowledge and agree that Anonomatic’s access to Personal Data does not constitute part of the consideration exchanged by the parties in respect of the Agreement.
10. AUDITS AND ASSISTANCE.
10.1 Assistance. Anonomatic will provide Customer with commercially reasonable information and assistance, taking into account the nature of processing and the information available to Anonomatic as a data processor, to help Customer comply with its obligations under applicable Data Protection Laws with respect to processing of Personal Data under this DPA.
10.2 Audits. Customer may request that Anonomatic make available documentation that is reasonably necessary to demonstrate compliance with this DPA and the obligations under Data Protection Laws, including the executive summary of Anonomatic’s annual security audit conducted by an independent, third party auditor. Without limiting Customer’s responsibilities under this DPA, Anonomatic will use reasonable efforts to inform Customer if it discovers, in connection with its obligations under Data Protection Laws, information that in Anonomatic’s opinion would cause Customer’s Instructions to infringe Data Protection Laws. Except with respect to audits required by a government regulator or supervisory authority, Customer agrees to exercise its audit rights under applicable Data Protection Laws as specified in this Section.
10.3 Government Requests. Anonomatic will provide Customer with reasonable access to its documentation and systems in the event of an audit required by a government regulator or supervisory authority for compliance with Data Protection Laws. Further, each party may process Personal Data where required in response to court or government agency requests or by applicable law. Unless prohibited by law, Anonomatic will promptly inform Customer if a court, regulator, government agency or supervisory authority demands access to Personal Data.
10.4 Other Provisions. The parties will mutually agree on the timing and scope of any requests and audits under this Section, which will be: (i) carried out in such a way as to not disrupt Anonomatic’s business; (ii) performed no more than twice per calendar year (unless otherwise required by government regulator or supervisory authority) and at Customer’s sole expense, including reimbursement for Anonomatic’s time spent on any on-site audit; and (iii) subject to reasonable confidentiality protections requested by Anonomatic. Any executive summaries, audit reports or other information obtained by Customer will be considered Anonomatic’s Confidential information.
11. TERM AND TERMINATION. This DPA is effective as of the Data Processing Addendum Effective Date and continues in effect until termination or expiration of the Governing Agreement. Either party has the right to terminate this DPA and the Governing Agreement if: (i) the parties agree in writing that this DPA conflicts with currently applicable Data Protection Laws, including as a result of an amendment or change in applicable law; (ii) any authority or court demands or requests changes to these agreements and the parties cannot agree on adequate amendments to reflect these changes; or (iii) Anonomatic notifies Customer in writing that it can no longer meet its obligations under applicable Data Protection Laws.
12. GENERAL. If Customer and Anonomatic have signed a prior data processing agreement, that agreement is terminated and replaced by this DPA as of the DPA Effective Date above. If any of Customer’s Affiliates is considered the data controller (either alone or jointly with Customer) of Personal Data, Customer is responsible under this DPA for this Personal Data. This DPA is incorporated as an attachment to the Governing Agreement. It is subject to all the terms and conditions of that agreement, including provisions related to limitations of liability, termination, jurisdiction and governing law. However, this DPA will control with respect to how Anonomatic will process Customer’s Personal Data.
13.1 “Affiliate” means any entity which is controlled by, in control of, or is under common control with a party to this Agreement, where “control” means either the power to direct the management or affairs of the entity or ownership of 50% or more of the voting securities of the entity.
13.2 “Breach” means a security breach of Anonomatic’s systems that has resulted in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Personal Data transmitted, stored or otherwise processed by Anonomatic.
13.3 “Data Subject” means an identified or identifiable natural person as defined under Data Protection Laws.
13.4 “Personal Data” means personal data (as defined under Data Protection Laws) provided by Customer to the Anonomatic Service concerning Data Subjects.
13.5 “Data Protection Laws” means the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), the California Consumer Protection Act (“CCPA”) and the national and state laws of the United States, United Kingdom, and the European Union relating to protection of Personal Data.
13.6 “Instructions” means Customer’s instructions to Anonomatic: (i) to provide the Anonomatic Service to Customer in accordance with the features and functionalities of the Anonomatic Service and related Documentation; (ii) through user-initiated actions on and through the Anonomatic Service, or otherwise based on Customer’s configuration and use of the Anonomatic Service; (iii) contained in the Governing Agreement and/or any applicable Order Form; and (iv) mutually agreed by the parties in writing.
13.7 “Anonomatic Service” means the “Anonomatic Service” or “Anonomatic Product,” as defined in the Governing Agreement.
EXHIBIT A TO DPA
Data controller: The data controller is:
- Customer, a company using the Anonomatic Services (as that term is defined in the DPA).
Data processor: The data processor is:
- Anonomatic, a provider of personal information anonymization, masking, redaction and other related services
Data subjects: The personal data transferred concern the following categories of data subjects (please specify):
- Customer’s end users or other individuals that Customer interacts with as determined by Customer (“Client Data Subjects”).
- Customer’s employees and other personnel who create accounts to use the Anonomatic Services (“Product Users”).
Categories of data: Personal Data processed by Anonomatic on Customer’s behalf may include the following categories of data:
- Example Data Fields: Names, email addresses, passwords, contact details, and similar Personal Data provided by Product Users when creating an Anonomatic account.
Special categories of data (if appropriate): The personal data transferred concern the following special categories of data (please specify):
- Example Special Categories: Geolocation, email content, and account login
Processing operations: The personal data transferred will be subject to the following basic processing activities (please specify):
- Anonomatic will provide personal information anonymization, masking, redaction and other related services ordered by Customer according to the Instructions (as that term is defined in the DPA). Anonomatic will also provide Product Users with reporting, communications and other features offered by Anonomatic.
Description of the technical and organisational security measures: