This Data Protection Addendum ("Addendum") supplements and forms an integral part of any agreement or contract ("Agreement") between Klervo LLC ("Company") and its customers, clients, vendors, partners, or other parties ("Counterparty") involving the processing of personal data. This Addendum is designed to address the obligations of the parties with respect to the protection of personal data in compliance with applicable data protection laws, regulations, and standards, including but not limited to the European Union General Data Protection Regulation ("GDPR") and the California Consumer Privacy Act ("CCPA").
∙ "Personal Data" means any information relating to an identified or identifiable natural person ("Data Subject").
∙ "Data Controller" means the entity that determines the purposes and means of the processing of Personal Data.
∙ "Data Processor" means the entity that processes Personal Data on behalf of the Data Controller.
This Addendum applies to any processing of Personal Data by the Company acting as a Data Processor on behalf of the Counterparty under the Agreement.
The Company agrees to process Personal Data only on behalf of and in accordance with the documented instructions of the Counterparty, as set forth in the Agreement, unless required to do so by applicable law. The Company shall not process Personal Data for any other purpose without prior written authorization from the Counterparty.
The Company shall implement appropriate technical and organizational measures to ensure the confidentiality, integrity, and security of Personal Data, including measures to protect against unauthorized or unlawful processing and accidental loss, destruction, or damage.
The Company shall not subcontract or engage any third-party subprocessors in the processing of Personal Data without the prior written consent of the Counterparty. In the event the Company engages subprocessors, it shall ensure that such subprocessors provide sufficient guarantees to implement appropriate technical and organizational measures in compliance with this Addendum.
The Company shall assist the Counterparty, to the extent possible, in fulfilling its obligations to respond to requests from Data Subjects exercising their rights under applicable data protection laws, including the rights of access, rectification, erasure, restriction of processing, data portability, and objection.
In the event of a Personal Data breach, the Company shall notify the Counterparty without undue delay after becoming aware of the breach. The notification shall include detailed information about the nature of the breach, the affected Personal Data, the likely consequences of the breach, and the measures taken or proposed to be taken to address the breach.
The Company shall, upon request, provide reasonable assistance to the Counterparty in conducting data protection impact assessments and consultations with supervisory authorities, as required under applicable data protection laws.
The Company shall retain Personal Data only for as long as necessary to fulfill the purposes for which it was collected or as required by applicable law. Upon termination or expiration of the Agreement, the Company shall promptly delete or return all Personal Data to the Counterparty, unless otherwise instructed by the Counterparty.
This Addendum shall be governed by and construed in accordance with the laws of the State of Texas. Any disputes arising out of or in connection with this Addendum shall be subject to the exclusive jurisdiction of the courts of Texas.
Any terms not defined in this Addendum shall have the meanings set forth in the Agreement. This Addendum constitutes the entire agreement between the parties with respect to the subject matter herein and supersedes all prior or contemporaneous agreements and understandings, whether written or oral, relating to such subject matter.
Effective Date:
This Addendum may be executed in counterparts, each of which shall be deemed an original, but all of which together shall constitute one and the same instrument.
