US DATA PROTECTION AGREEMENT
-FOR contractors and SERVICE PROVIDERS-
This US Data Protection Agreement (“USDPA”) is made between Sportority Inc., or its applicable affiliates ("Company"), and the corresponding vendor or its applicable affiliates (“Supplier”) (Each of Company and Supplier shall hereinafter be referred to as a "Party"and collectively as the “Parties”), and forms part of and incorporated into the Parties’ applicable commercial agreement and any document related thereto(collectively, the "Agreement") pursuant to which Supplier has been engaged by Company to provide the services as per the Agreement ("Services").
In this US DPA:
"US Privacy Laws" means all applicable laws, rules, acts, decrees, directives, regulations and binding regulatory guidance pertaining to data privacy, data security or the protection of Personal Data, including the California Consumer Privacy Act of 2018, Civ. Code § 1798.100 et seq., and the regulations enacted thereunder, as amended by the California Privacy Rights Act of 2020 ("CPRA") (the CPRA, CCPA and the regulations are hereinafter referred to as the "CCPA"), Virginia Consumer Data Protection Act, Va. Civ. Code § 59.1 ("VCDPA"); any amendments or replacements to the foregoing . The terms “business”, “business purpose”, “personal information”, “processing”, "share"“sell”,"contractor" and “service provider”, shall have the same meaning as in the CCPA.
The Parties wish to ensure compliance with US Privacy Laws and hereby agree to the following:
1) Purpose of Processing. Company may disclose personal information to Supplier, and Supplier may only process such personal information solely for the purpose of enabling Supplier to perform the Services.
2) Roles of the Parties. Supplier is the service provider or contractor, as applicable, and Company is the business.
3) Duties and Restrictions on Processing.
a) Supplier shall not process the personal information other than on Company’s documented instructions.
b) Supplier shall not sell or share the personal information disclosed to it or collected by (or on its behalf) in connection with the Agreement, or, except as necessary to perform the Services, retain, collect, use or disclose the said personal information, for any purpose other than for the business purpose. Supplier shall not combine the personal information of consumers that it collects, receives from, or on behalf of, the Company with personal information that the Supplier receives from, or on behalf of, another person or persons or collects from its own interaction with consumers unless and solely to the extent necessary to perform the business purpose.
c) If Supplier engages any other person or entity to assist it in processing personal information for a business purpose on behalf of the Company (a "Subcontractor"), or if a Subcontractor engages another person or entity to assist it in processing personal information for that business purpose, Supplier shall notify Company of that engagement, and the engagement shall be pursuant to a written contract binding the Subcontractor to observe all the requirements set forth herein and under US Privacy Laws.
4) Assistance. Supplier will fully cooperate and assist Company with any request from Company to comply with its obligations under the CCPA, including to respond to a consumer request to exercise any right granted to consumers under US Privacy Laws with respect to personal information that Supplier might be processing (or which is processed on Supplier's behalf) under the Agreement.
5) Security of Processing. Supplier shall implement and maintain commercially reasonable and appropriate physical, technical and organizational security measures to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal information transmitted, stored or otherwise processed in the context of the Agreement, and shall enforce the same on its Subcontractors.
6) Compliance Monitoring.
a) Supplier must notify Company without undue delay if Supplier can no longer comply with the obligations set by US Privacy Laws and this US DPA.
b) Supplier acknowledges that Company has the legal duty and right to take reasonable and appropriate steps to ensure that Supplier processes Company personal information in a manner consistent with its obligations under the US Privacy Laws and this US DPA. In this regard, Company, may require from Supplier all information necessary to, and conduct, by itself or with an external auditor, audits, inspections, annual reviews and automatic scans of Supplier, including of Supplier documentation, systems, premises and equipment involved in the processing personal information, at least once in every twelve (12) months. Supplier shall cooperate in good faith with Company in conducting such audits, inspections annual reviews and automatic scans, which shall: (i) be conducted with reasonable advanced notice to Supplier (unless not possible due to an urgent legal need, such as a request or order by a competent authority, or the occurrence of a security breach), and (ii) shall take place during normal business hours to reasonably limit any disruption to Recipient’s business.
7) Miscellaneous.
a) Supplier hereby certifies that it understands the restrictions contained herein and under US Privacy Laws and will comply with them.
b) In the event of any conflict between the terms of this US DPA and any other agreement between the parties related to the subject matter hereof, the terms of this US DPA Addendum will prevail.
c) This US DPA shall be considered as having entered into force on the date on which Supplier began performing the Services.
d) Company may amend this US DPA at its sole discretion by posting an amended US DPA to this online link. Supplier’s continued provision of the Services after the amendment to the US DPA is posted constitutes its agreement to, and acceptance of, the amended US DPA.
