Clients Freelancers Store Blog About Portal

Terms of Use

Last Updated: October 2025

Acceptance of the Terms of Use

These terms of use are entered into by and between You and The Uncompany, LLC (“Company,” “we,” or “us”). The following terms and conditions (“Terms of Use”) govern your access to and use of this website, including any content, functionality, and services offered on or through this website (the “Website”).

Please read the Terms of Use carefully before you start to use the Website. By using the Website, you accept and agree to be bound and abide by these Terms of Use and our Privacy Policy, incorporated herein by reference. If you do not want to agree to these Terms of Use or the Privacy Policy, you must not access or use the Website.

This Website is offered and available to users who are 13 years of age or older and reside in the United States or any of its territories or possessions. By using this Website, you represent and warrant that you are of legal age to form a binding contract with the Company and meet all of the foregoing eligibility requirements. If you do not meet all of these requirements, you must not access or use the Website.

Changes to the Terms of Use

We may revise and update these Terms of Use from time to time in our sole discretion. All changes are effective immediately when we post them and apply to all access to and use of the Website thereafter. However, any changes to the dispute resolution provisions set out in Governing Law and Jurisdiction will not apply to any disputes for which the parties have actual notice on or before the date the change is posted on the Website.

Your continued use of the Website following the posting of revised Terms of Use means that you accept and agree to the changes. You are expected to check this page each time you access this Website so you are aware of any changes, as they are binding on you.

Accessing the Website and Account Security

We reserve the right to withdraw or amend this Website, and any service or material we provide on the Website, in our sole discretion without notice. We will not be liable if for any reason all or any part of the Website is unavailable at any time or for any period. From time to time, we may restrict access to some parts of the Website, or the entire Website, to users, including registered users.

You are responsible for both:

  • Making all arrangements necessary for you to have access to the Website.
  • Ensuring that all persons who access the Website through your internet connection are aware of these Terms of Use and comply with them.

To access the Website or some of the resources it offers, you may be asked to provide certain registration details or other information. It is a condition of your use of the Website that all the information you provide on the Website is correct, current, and complete. You agree that all information you provide to register with this Website or otherwise, including, but not limited to, through the use of any interactive features on the Website, is governed by our Privacy Policy, and you consent to all actions we take with respect to your information consistent with our Privacy Policy. If you choose, or are provided with, a user name, password, or any other piece of information as part of our security procedures, you must treat such information as confidential, and you must not disclose it to any other person or entity. You also acknowledge that your account is personal to you and agree not to provide any other person with access to this Website or portions of it using your user name, password, or other security information. You agree to notify us immediately of any unauthorized access to or use of your user name or password or any other breach of security. You also agree to ensure that you exit from your account at the end of each session. You should use particular caution when accessing your account from a public or shared computer so that others are not able to view or record your password or other personal information. We have the right to disable any user name, password, or other identifier, whether chosen by you or provided by us, at any time in our sole discretion for any or no reason, including if, in our opinion, you have violated any provision of these Terms of Use.

Intellectual Property Rights

The Website and its entire contents, features, and functionality (including but not limited to all information, software, text, displays, images, video, and audio, and the design, selection, and arrangement thereof) are owned by the Company, its licensors, or other providers of such material and are protected by United States and international copyright, trademark, patent, trade secret, and other intellectual property or proprietary rights laws.

These Terms of Use permit you to use the Website for your personal, non-commercial use only. You must not reproduce, distribute, modify, create derivative works of, publicly display, publicly perform, republish, download, store, or transmit any of the material on our Website, except as follows:

  • Your computer may temporarily store copies of such materials in RAM incidental to your accessing and viewing those materials.
  • You may store files that are automatically cached by your Web browser for display enhancement purposes.
  • You may print or download one copy of a reasonable number of pages of the Website for your own personal, non-commercial use and not for further reproduction, publication, or distribution.
  • If we provide desktop, mobile, or other applications for download, you may download a single copy to your computer or mobile device solely for your own personal, non-commercial use, provided you agree to be bound by our end user license agreement for such applications.
  • If we provide social media features with certain content, you may take such actions as are enabled by such features.

You must not:

  • Modify copies of any materials from this site.
  • Use any illustrations, photographs, video or audio sequences, or any graphics separately from the accompanying text.
  • Delete or alter any copyright, trademark, or other proprietary rights notices from copies of materials from this site.

You must not access or use for any commercial purposes any part of the Website or any services or materials available through the Website. If you print, copy, modify, download, or otherwise use or provide any other person with access to any part of the Website in breach of the Terms of Use, your right to use the Website will stop immediately and you must, at our option, return or destroy any copies of the materials you have made. No right, title, or interest in or to the Website or any content on the Website is transferred to you, and all rights not expressly granted are reserved by the Company. Any use of the Website not expressly permitted by these Terms of Use is a breach of these Terms of Use and may violate copyright, trademark, and other laws.

Trademarks

The Company name and logo and all related names, logos, product and service names, designs, and slogans are trademarks of the Company or its affiliates or licensors. You must not use such marks without the prior written permission of the Company. All other names, logos, product and service names, designs, and slogans on this Website are the trademarks of their respective owners.

Prohibited Uses

You may use the Website only for lawful purposes and in accordance with these Terms of Use. You agree not to use the Website:

  • In any way that violates any applicable federal, state, local, or international law or regulation (including, without limitation, any laws regarding the export of data or software to and from the US or other countries).
  • For the purpose of exploiting, harming, or attempting to exploit or harm minors in any way by exposing them to inappropriate content, asking for personally identifiable information, or otherwise.
  • To send, knowingly receive, upload, download, use, or re-use any material that does not comply with the Content Standards set out in these Terms of Use.
  • To transmit, or procure the sending of, any advertising or promotional material without our prior written consent, including any “junk mail,” “chain letter,” “spam,” or any other similar solicitation.
  • To impersonate or attempt to impersonate the Company, a Company employee, another user, or any other person or entity (including, without limitation, by using email addresses associated with any of the foregoing).
  • To engage in any other conduct that restricts or inhibits anyone’s use or enjoyment of the Website, or which, as determined by us, may harm the Company or users of the Website, or expose them to liability.

Additionally, you agree not to:

  • Use the Website in any manner that could disable, overburden, damage, or impair the site or interfere with any other party’s use of the Website, including their ability to engage in real time activities through the Website.
  • Use any robot, spider, or other automatic device, process, or means to access the Website for any purpose, including monitoring or copying any of the material on the Website.
  • Use any manual process to monitor or copy any of the material on the Website, or for any other purpose not expressly authorized in these Terms of Use, without our prior written consent.
  • Use any device, software, or routine that interferes with the proper working of the Website.
  • Introduce any viruses, Trojan horses, worms, logic bombs, or other material that is malicious or technologically harmful.
  • Attempt to gain unauthorized access to, interfere with, damage, or disrupt any parts of the Website, the server on which the Website is stored, or any server, computer, or database connected to the Website.
  • Attack the Website via a denial-of-service attack or a distributed denial-of-service attack.
  • Otherwise attempt to interfere with the proper working of the Website.

Reliance on Information Posted

The information presented on or through the Website is made available solely for general information purposes. We do not warrant the accuracy, completeness, or usefulness of this information. Any reliance you place on such information is strictly at your own risk. We disclaim all liability and responsibility arising from any reliance placed on such materials by you or any other visitor to the Website, or by anyone who may be informed of any of its contents.

This Website may include content provided by third parties, including materials provided by other users, bloggers, and third-party licensors, syndicators, aggregators, and/or reporting services. All statements and/or opinions expressed in these materials, and all articles and responses to questions and other content, other than the content provided by the Company, are solely the opinions and the responsibility of the person or entity providing those materials. These materials do not necessarily reflect the opinion of the Company. We are not responsible, or liable to you or any third party, for the content or accuracy of any materials provided by any third parties.

Changes to the Website

We may update the content on this Website from time to time, but its content is not necessarily complete or up-to-date. Any of the material on the Website may be out of date at any given time, and we are under no obligation to update such material.

Information About You and Your Visits to the Website

All information we collect on this Website is subject to our Privacy Policy. By using the Website, you consent to all actions taken by us with respect to your information in compliance with the Privacy Policy.

Linking to the Website and Social Media Features

You may link to our homepage, provided you do so in a way that is fair and legal and does not damage our reputation or take advantage of it, but you must not establish a link in such a way as to suggest any form of association, approval, or endorsement on our part without our express written consent.

This Website may provide certain social media features that enable you to:

  • Link from your own or certain third-party websites to certain content on this Website.
  • Send emails or other communications with certain content, or links to certain content, on this Website.
  • Cause limited portions of content on this Website to be displayed or appear to be displayed on your own or certain third-party websites.

You may use these features solely as they are provided by us and solely with respect to the content they are displayed with. Subject to the foregoing, you must not:

  • Establish a link from any website that is not owned by you.
  • Cause the Website or portions of it to be displayed on, or appear to be displayed by, any other site, for example, framing, deep linking, or in-line linking.
  • Link to any part of the Website other than the homepage.
  • Otherwise take any action with respect to the materials on this Website that is inconsistent with any other provision of these Terms of Use.

You agree to cooperate with us in causing any unauthorized framing or linking immediately to stop. We reserve the right to withdraw linking permission without notice. We may disable all or any social media features and any links at any time without notice in our discretion.

Links from the Website

If the Website contains links to other sites and resources provided by third parties, these links are provided for your convenience only. This includes links contained in advertisements, including banner advertisements and sponsored links. We have no control over the contents of those sites or resources and accept no responsibility for them or for any loss or damage that may arise from your use of them. If you decide to access any of the third-party websites linked to this Website, you do so entirely at your own risk and subject to the terms and conditions of use for such websites.

Geographic Restrictions

The owner of the Website is based in the State of North Carolina in the United States. We provide this Website for use only by persons located in the United States. We make no claims that the Website or any of its content is accessible or appropriate outside of the United States. Access to the Website may not be legal by certain persons or in certain countries. If you access the Website from outside the United States, you do so on your own initiative and are responsible for compliance with local laws.

Disclaimer of Warranties

You understand that we cannot and do not guarantee or warrant that files available for downloading from the internet or the Website will be free of viruses or other destructive code. You are responsible for implementing sufficient procedures and checkpoints to satisfy your particular requirements for anti-virus protection and accuracy of data input and output, and for maintaining a means external to our site for any reconstruction of any lost data. TO THE FULLEST EXTENT PROVIDED BY LAW, WE WILL NOT BE LIABLE FOR ANY LOSS OR DAMAGE CAUSED BY A DISTRIBUTED DENIAL-OF-SERVICE ATTACK, VIRUSES, OR OTHER TECHNOLOGICALLY HARMFUL MATERIAL THAT MAY INFECT YOUR COMPUTER EQUIPMENT, COMPUTER PROGRAMS, DATA, OR OTHER PROPRIETARY MATERIAL DUE TO YOUR USE OF THE WEBSITE OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE OR TO YOUR DOWNLOADING OF ANY MATERIAL POSTED ON IT, OR ON ANY WEBSITE LINKED TO IT.

YOUR USE OF THE WEBSITE, ITS CONTENT, AND ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE IS AT YOUR OWN RISK. THE WEBSITE, ITS CONTENT, AND ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS, WITHOUT ANY WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. NEITHER THE COMPANY NOR ANY PERSON ASSOCIATED WITH THE COMPANY MAKES ANY WARRANTY OR REPRESENTATION WITH RESPECT TO THE COMPLETENESS, SECURITY, RELIABILITY, QUALITY, ACCURACY, OR AVAILABILITY OF THE WEBSITE. WITHOUT LIMITING THE FOREGOING, NEITHER THE COMPANY NOR ANYONE ASSOCIATED WITH THE COMPANY REPRESENTS OR WARRANTS THAT THE WEBSITE, ITS CONTENT, OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE WILL BE ACCURATE, RELIABLE, ERROR-FREE, OR UNINTERRUPTED, THAT DEFECTS WILL BE CORRECTED, THAT OUR SITE OR THE SERVER THAT MAKES IT AVAILABLE ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS, OR THAT THE WEBSITE OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE WILL OTHERWISE MEET YOUR NEEDS OR EXPECTATIONS.

TO THE FULLEST EXTENT PROVIDED BY LAW, THE COMPANY HEREBY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, AND FITNESS FOR PARTICULAR PURPOSE.

THE FOREGOING DOES NOT AFFECT ANY WARRANTIES THAT CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE LAW.

Limitation on Liability

TO THE FULLEST EXTENT PROVIDED BY LAW, IN NO EVENT WILL THE COMPANY, ITS AFFILIATES, OR THEIR LICENSORS, SERVICE PROVIDERS, EMPLOYEES, AGENTS, OFFICERS, OR DIRECTORS BE LIABLE FOR DAMAGES OF ANY KIND, UNDER ANY LEGAL THEORY, ARISING OUT OF OR IN CONNECTION WITH YOUR USE, OR INABILITY TO USE, THE WEBSITE, ANY WEBSITES LINKED TO IT, ANY CONTENT ON THE WEBSITE OR SUCH OTHER WEBSITES, INCLUDING ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO, PERSONAL INJURY, PAIN AND SUFFERING, EMOTIONAL DISTRESS, LOSS OF REVENUE, LOSS OF PROFITS, LOSS OF BUSINESS OR ANTICIPATED SAVINGS, LOSS OF USE, LOSS OF GOODWILL, LOSS OF DATA, AND WHETHER CAUSED BY TORT (INCLUDING NEGLIGENCE), BREACH OF CONTRACT, OR OTHERWISE, EVEN IF FORESEEABLE.

TO THE FULLEST EXTENT PROVIDED BY LAW, IN NO EVENT WILL THE COLLECTIVE LIABILITY OF THE COMPANY AND ITS SUBSIDIARIES AND AFFILIATES, AND THEIR LICENSORS, SERVICE PROVIDERS, EMPLOYEES, AGENTS, OFFICERS, AND DIRECTORS, TO ANY PARTY (REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT, OR OTHERWISE) EXCEED $500.

The limitation of liability set out above does not apply to liability resulting from our gross negligence or willful misconduct. THE FOREGOING DOES NOT AFFECT ANY LIABILITY THAT CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE LAW.

Indemnification

You agree to defend, indemnify, and hold harmless the Company, its affiliates, licensors, and service providers, and its and their respective officers, directors, employees, contractors, agents, licensors, suppliers, successors, and assigns from and against any claims, liabilities, damages, judgments, awards, losses, costs, expenses, or fees (including reasonable attorneys’ fees) arising out of or relating to your violation of these Terms of Use or your use of the Website, including, but not limited to, your User Contributions, any use of the Website’s content, services, and products other than as expressly authorized in these Terms of Use, or your use of any information obtained from the Website.

Governing Law and Jurisdiction

All matters relating to the Website and these Terms of Use, and any dispute or claim arising therefrom or related thereto (in each case, including non-contractual disputes or claims), shall be governed by and construed in accordance with the internal laws of the State of North Carolina without giving effect to any choice or conflict of law provision or rule (whether of the State of North Carolina or any other jurisdiction). Any legal suit, action, or proceeding arising out of, or related to, these Terms of Use or the Website shall be instituted exclusively in the federal courts of the United States or the courts of the State of North Carolina, although we retain the right to bring any suit, action, or proceeding against you for breach of these Terms of Use in your country of residence or any other relevant country. You waive any and all objections to the exercise of jurisdiction over you by such courts and to venue in such courts.

Arbitration

At Company’s sole discretion, it may require You to submit any disputes arising from these Terms of Use or use of the Website, including disputes arising from or concerning their interpretation, violation, invalidity, non-performance, or termination, to final and binding arbitration under the Rules of Arbitration of the American Arbitration Association applying North Carolina law.

Limitation on Time to File Claims

ANY CAUSE OF ACTION OR CLAIM YOU MAY HAVE ARISING OUT OF OR RELATING TO THESE TERMS OF USE OR THE WEBSITE MUST BE COMMENCED WITHIN ONE (1) YEAR AFTER THE CAUSE OF ACTION ACCRUES; OTHERWISE, SUCH CAUSE OF ACTION OR CLAIM IS PERMANENTLY BARRED.

Waiver and Severability

No waiver by the Company of any term or condition set out in these Terms of Use shall be deemed a further or continuing waiver of such term or condition or a waiver of any other term or condition, and any failure of the Company to assert a right or provision under these Terms of Use shall not constitute a waiver of such right or provision. If any provision of these Terms of Use is held by a court or other tribunal of competent jurisdiction to be invalid, illegal, or unenforceable for any reason, such provision shall be eliminated or limited to the minimum extent such that the remaining provisions of the Terms of Use will continue in full force and effect.

Entire Agreement

The Terms of Use and our Privacy Policy constitute the sole and entire agreement between you and the Company regarding the Website and supersede all prior and contemporaneous understandings, agreements, representations, and warranties, both written and oral, regarding the Website.

Your Comments and Concerns

This website is operated by The Uncompany, LLC.

All notices of copyright infringement claims or other feedback, comments, requests for technical support, and other communications relating to the Website should be directed to: [email protected]

PERSONAL DATA PROCESSING ADDENDUM

This Personal Data Processing Addendum (“Addendum”) supplements the agreement between Service Provider and Client ("Agreement") and will apply to the extent that Service Provider processes Personal Data on Client’s behalf pursuant to the Agreement.  In the event of a conflict between the terms of this Addendum and the Agreement, the terms of this Addendum will prevail. 

  1. Definitions. Any capitalized terms used in this Addendum that are not defined below have the meanings set forth in the Agreement.  
    1. “Applicable Data Protection Law” means any law, statute, declaration, decree, directive, legislative enactment, order, ordinance, regulation, rule, requirement or other binding restriction that applies to the Processing of Personal Data to which a party to the Agreement is subject, including without limitation GDPR and the California Consumer Privacy Act of 2018 (“CCPA”) and other laws of the United States and its states, as well as any other data protection, privacy, and information security laws and regulations that may from time to time apply to Personal Data.
    2. “Controller” means the entity which determines the purposes and means of the Processing of Personal Data.
    3. “EEA” means the Member States of the European Union, as well as Iceland, Liechtenstein, and Norway.
    4. "EEA Restricted Transfer” means (i) a transfer to a Third Country by Client of Personal Data from the EEA or Switzerland, or (ii) the onward transfer by Client to Service Provider of Personal Data that originated in the EEA or Switzerland, or is otherwise subject to the GDPR or the Swiss Federal Act on Data Protection, and for which Client is contractually obligated to impose safeguards that are equivalent to those safeguards required by Applicable Data Protection Law in the EEA or Switzerland on any third party with whom they share the Personal Data.
    5. “EU 2021 EU Standard Contractual Clauses (Modules 2 and 3, with docking clause)” means the standard contractual clauses annexed to Commission Implementing Decision (EU) (2021/914) of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament of the Council. 
    6. “GDPR” means Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016 on the Protection of Natural Persons with regard to the Processing of Personal Data and the Free Movement of Such Data, repealing Directive 95/46/EC, otherwise known as the General Data Protection Regulation, and for the purpose of this Addendum includes the corresponding laws of the United Kingdom (including the UK GDPR and Data Protection Act 2018).
    7. “Personal Data” means any and all information relating to an identified or identifiable natural person (“Data Subject”) or will have the meaning assigned to it in the Applicable Data Protection Law, including without limitation “personal information” as such term is defined in the CCPA, and refers to any such data that Client transfers or otherwise discloses to Service Provider or is Processed by Service Provider on Client’s behalf in connection with the Agreement.
    8. “Process” or “Processing” means any operation or set of operations which is performed upon Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
    9. “Processing Services” means any and all services provided by Service Provider under the Agreement that involve Processing of Personal Data.
    10.  1.10. “Processor” means the entity which Processes Personal Data on behalf of the Controller, including as applicable a “service provider” as that term is defined under Applicable Data Protection Law.
    11. “Security Breach” means any act or omission that compromises either the security, confidentiality or integrity of Personal Data or the physical, technical, administrative or organisational safeguards put in place by Service Provider, or by Client should Service Provider have access to Client’s systems, that relate to the protection of the security, confidentiality or integrity of Personal Data and/or may potentially or actually have resulted in the unauthorized access, acquisition, disclosure or use of Personal Data.  Without limiting the foregoing, a material compromise includes unauthorized access to or disclosure or acquisition of Personal Data.
    12.  1.12. “Third Country” means any country, organisation, or territory not acknowledged by the European Commission or the UK government, as applicable, to ensure an adequate level of protection for Personal Data in accordance with Article 45 of GDPR.
    13.  1.13. “UK Restricted Transfer” means (i) a transfer to a Third Country by Client of Personal Data from the United Kingdom, or (ii) the onward transfer by Client to Service Provider of Personal Data that originated in the United Kingdom, subject to the Data Protection Act 2018, and for which Client is contractually obligated to impose safeguards that are equivalent to those safeguards required by Applicable Data Protection Law in the United Kingdom on any third party with whom they share the Personal Data. 
    14.  1.14. “UK Addendum” means the International Data Transfer Addendum to the EU Commission 2021 EU Standard Contractual Clauses (Modules 2 and 3, with docking clause), version B1.0, issued by the UK Information Commissioner’s Office under S119A(1) Data Protection Act 2018 and in force as of 21 March 2022, as revised by the UK Information Commissioner’s Office from time to time. 
  2. Roles of the Parties; Description of Processing.
    1. Roles of the Parties.  The parties acknowledge that with respect to the Personal Data transferred by Client to Service Provider hereunder, Client is acting as the “Controller” or as a “Processor” of such Personal Data and Service Provider is acting as a “Processor.”  Service Provider will Process Personal Data only as necessary to perform the Processing Services and as specifically permitted by this Addendum, or as otherwise instructed in writing from time to time by Client.  Service Provider will promptly inform Client if, in the opinion of the Service Provider, an instruction from Client infringes any Applicable Data Protection Law.
    2. Description of the Processing.  Except as otherwise agreed upon in writing, the Processing Services will be as described in Schedule 1 hereto.
  3. General Obligations as Processor.
    1. Service Provider shall Process Personal Data only for limited and specified purposes as set forth in the Agreement and this Addendum, and shall not otherwise:
      1. “sell” or “share” Personal Data, as those terms are defined in Applicable Data Protection Law;
      2. retain, use, or disclose Personal Data outside of the direct business relationship between Service Provider and Client; or
      3. combine Personal Data that Service Provider receives from, or on behalf of, Client with personal information that it receives from, or on behalf of, another person or persons, or collects from its own interaction with a Data Subject.
    2. Service Provider shall comply with Applicable Data Protection Laws and will provide a level of privacy protection for Personal Data consistent with the requirements of Applicable Data Protection Law.
    3. Service Provider will promptly inform Client in writing if it makes a determination that it cannot comply with Applicable Data Protection Law or any material term of the Agreement or this Addendum regarding the Processing Services.  If this occurs or if Client notifies Service Provider of material gaps or weaknesses in Service Provider’s information security program under Section 6.2 hereof, (i) Service Provider will use reasonable efforts to remedy the non-compliance; (ii) Client will be entitled to only the affected Processing Services. Client’s sole remedy for non-compliance shall be suspension or termination of the impacted Processing Services, provided Service Provider is given at least sixty (60) days to cure, and if such non-compliance is remedied, upon resumption of the Processing Services, offset recoverable damages actually incurred by Client as a result of such non-compliance.  If Service Provider commits a material breach of the Agreement or this Addendum regarding the services, which is not cured within sixty (60) days after Service Provider provides notice in accordance with this Section 3.3 or Client notifies Service Provider of such breach, then Client may, by giving written notice to Service Provider, terminate the Agreement without charge or liability except for payment to Service Provider for Processing Services satisfactorily completed and performed by Service Provider on or before the date of termination that have not been previously paid by Client, subject to offset by recoverable damages actually incurred by Client as a result of such breach.  Any termination by Client for breach will not constitute an election of remedies and will be without prejudice as to Client’s other rights in law or equity resulting therefrom. 
    4. Service Provider will immediately inform Client in writing in the event it receives (i) any request for access to any Personal Data received from an individual who is (or claims to be) the subject of the data; (ii) any request for access to any Personal Data received by Service Provider from any government official (including any data protection agency or law enforcement agency); or (iii) any other requests with respect to Personal Data received from Client’s employees or other third parties, other than those set forth in the Agreement. Service Provider understands that it is not authorized to respond to these requests, unless explicitly authorized by Client or the response is legally required under a subpoena or similar legal document issued by a government agency that compels disclosure by Service Provider.
    5. If the Processing Services involve the collection of Personal Data directly from individuals, Service Provider will provide the individuals with a clear and conspicuous privacy notice that complies with Applicable Data Protection Law, and which notice shall be approved in advance by Client.
    6. Service Provider will cooperate with Client and representatives in responding to inquiries, claims, and complaints regarding the Processing of the Personal Data, including without limitation any exercise of Data Subject rights pursuant to GDPR Chapter 3 or other Applicable Data Protection Law.
    7. Service Provider will promptly correct any errors or inaccuracies in Personal Data to the extent they are caused by Service Provider.  At Client’s request and cost, Service Provider will promptly correct any other errors in Personal Data that Client identifies to Service Provider.
  4. Subprocessors.   
    1. General Authorization. Service Provider may engage subcontractors for the Processing of Personal Data, unless otherwise provided in the Agreement, and subject to the requirements of this Section 4.  Subcontracting of the Processing of Personal Data will be allowed pursuant to a subcontracting agreement between Service Provider and the subcontractor that imposes upon the subcontractor obligations no less protective than those set forth in this Addendum. Service Provider remains responsible and liable for its subcontractors’ compliance with the terms of the Agreement and this Addendum.
    2. Addition or Replacement of Subprocessors.  Service Provider has provided Client with a list of all subcontractors that may be used in connection with the Processing of Personal Data and their locations.  If, during the Term, Service Provider intends to add or replace subcontractor(s) involved in the Processing of Personal Data, Service Provider will inform Client in writing.
  5. Confidentiality; Data Access and Disclosure.
    1. Personal Data is considered Confidential Information of Client and Service Provider must maintain all Personal Data in strict confidence.
    2. Service Provider may disclose Personal Data to its employees and workers, but only to the extent such individuals: (i) require access to the Personal Data to perform the Processing Services; (ii) have been subject to and passed an appropriate background screening where legally permissible and appropriate; (iii) have been trained on the privacy, confidentiality and security requirements set forth in this Addendum related to the Personal Data; and (iv) are subject to an appropriate confidentiality agreement.
    3. Service Provider will not disclose, transmit, or otherwise make the Personal Data available to other third parties (including subcontractors) unless such Processing is required to perform the Processing Services and such third parties or subcontractors have been engaged in accordance with Section 4 (Subprocessors) or as otherwise explicitly authorized by Client in writing.
  6. Information Security Requirements.
    1. Technical and Organisational Measures. Service Provider will have implemented and documented appropriate operational, technical and organisational measures to protect Personal Data against accidental or unlawful destruction, alteration, unauthorized disclosure or access in light of the risks posed by the Processing.  Such measures will at least be sufficient to satisfy Article 32 of GDPR, and will include the measures set forth in Schedule 2 hereto.
    2. Information and Audits.  Subject to the terms of this Section, Client may audit Service Provider’s compliance with this Addendum. Such audit right shall be limited to once in any twelve (12) month period, unless required more frequently by a competent supervisory authority or applicable law. Client must provide at least sixty (60) days’ prior written notice. Any audit shall be conducted during normal business hours, in a manner that minimizes disruption to Service Provider’s operations, and shall be limited in scope to facilities, systems, and documentation relevant to the Processing of Personal Data under this Addendum. Any such audit shall be limited to facilities, systems, and documentation relevant to the Processing Services, shall not include access to Service Provider’s trade secrets, proprietary information, or other clients’ data, and shall be subject to Service Provider’s reasonable security, confidentiality, and safety requirements. Service Provider may satisfy audit obligations by providing recent third-party certifications or audit summaries (e.g., ISO 27001, SOC 2). Client shall bear all costs of the audit, including Service Provider’s reasonable internal costs.
    3. Taking into account the nature of the Processing and the information available to the Service Provider, Service Provider will assist Client in ensuring compliance with Client’s obligations pursuant to Articles 32-36 of GDPR or other Applicable Data Protection Law.
  7. Security Breach Procedures.
    1. In the event of a suspected or actual Security Breach, Service Provider will notify Client without undue delay after confirmation of a Personal Data Breach after Service Provider becomes aware of the same.
    2. Immediately following Service Provider’s notification to Client of a Security Breach, the parties will coordinate with each other to investigate the Security Breach. Service Provider will provide commercially reasonable cooperation and information necessary for Client to meet its legal obligations.
    3. Service Provider will use commercially reasonable efforts to contain and remedy any Security Breach caused by its material failure to comply with this Addendum, at its cost. Client bears its own costs in all other cases.
    4. Notwithstanding anything to the contrary herein or in the Agreement, Service Provider will reimburse Client only to the extent such Security Breach results from Service Provider’s material failure to comply with this Addendum. Client shall otherwise bear its own costs, including all costs of notice and/or remediation.
    5. Service Provider agrees that unless required by Applicable Data Protection Law it will not inform any third party of any Security Breach without first obtaining Client’s prior written consent.
    6. Service provider agrees to maintain and preserve all documents, records and other data related to the Security Breach.
  8. Data Destruction and Return.  At any time during the term of this Agreement at Client’s request or upon the termination or expiration of this Addendum for any reason, Service Provider will promptly return to Client all copies, whether in written, electronic or other form or media, of Personal Data in its possession or the possession of its subcontractors, or securely dispose of all such copies, and certify in writing to Client that such Personal Data has been returned to Client or disposed of securely. Service Provider will comply with reasonable directions provided by Client with respect to the return or disposal of tĥe Data, subject to Service Provider’s standard backup/retention cycles. Irreversible anonymization shall constitute deletion.

 

  1. International Data Transfers.
    1. EEA Restricted Transfers.  If and to the extent Service Provider’s performance of the Services involve an EEA Restricted Transfer, the following terms will apply with respect to such EEA Restricted Transfer provided that no Alternative Transfer Solution, as defined below, applies.
    2. Alternative Transfer Solutions. Service Provider may adopt any solution, other than the EU 2021 EU Standard Contractual Clauses (Modules 2 and 3, with docking clause) and/or the UK Addendum, that enables the transfer of Personal Data in connection with an EEA Restricted Transfer or UK Restricted Transfer in accordance with GDPR, such as binding corporate rules or another approved international data transfer framework (such solution, an “Alternative Transfer Solution”). The Alternative Transfer Solution shall apply in lieu of the EU 2021 EU Standard Contractual Clauses (Modules 2 and 3, with docking clause) and/or the UK Addendum, as applicable, to any EEA Restricted Transfers or UK Restricted Transfers, as applicable, that take place following such written approval.
    3. Supplemental Steps.  Where Applicable Data Protection Law and/or a responsible supervisory authority impose upon Client specific obligations with respect to the transfer or Processing of Personal Data that are not addressed by this Addendum, Service Provider agrees to execute supplemental data processing agreement(s) with Client or take other appropriate steps, including supplemental security and privacy measures required by such Applicable Data Protection Law or responsible supervisory authority that Client concludes, as mutually agreed by the parties in good faith, to the extent required by Applicable Data Protection Laws.  In particular, if requested, Service Provider will promptly execute the EU 2021 EU Standard Contractual Clauses (Modules 2 and 3, with docking clause) and UK Addendum, populated as reasonably required by Client.
    4. No Other Transfers.  Except as expressly provided in the Agreement, Service Provider will not transfer the Personal Data across any national borders or permit remote access to the Personal Data by any affiliate, contractor, or other third party unless Service Provider has obtained the prior written consent of Client for such transfer or access. Service Provider shall strictly comply with the requirements of Applicable Data Protection Law pertaining to the cross-border transfer of Personal Data with respect to any transfers of Personal Data made by Service Provider under the Agreement and this Addendum. 
  2. Indemnification.  Each party will indemnify the other for third-party claims arising from its own failure to comply with this Addendum. Service Provider shall not indemnify Client for claims arising from Client’s unlawful instructions, failure to obtain consents, or provision of prohibited data. Each party’s indemnification obligations under this Section 10 are subject to, and shall not exceed, the limitations of liability set forth in the Agreement. In no event shall either party’s aggregate liability under this Addendum exceed the liability cap agreed between the parties in the Agreement.
  3. Term; Modifications.   Service Provider may make changes to this Addendum from time to time (a) when the changes are required to comply with Applicable Data Protection Law, or (b) when the changes are commercially reasonable. When Service Provider makes changes to the Addendum under this Section 11.3, Service Provider will post the updated version of the Addendum on its webiste and such changes will be effective upon Service Provider’s posting of such updated version.  No other change to this Addendum will be effective unless it is in writing and signed by an authorized representative of each party.

 

 SCHEDULE 1

 

DETAILS OF THE PROCESSING 

 

  1. List of Parties:

 

Data Exporter

Name: Client that permitted Service Provider to perform the Services for Client under the Agreement between Client and Service Provider.

Contact Details: the email and mailing address(es) or Client’s primary contact person(s) as set out in the Agreement.

Activities relevant to the data transferred: Receipt and/or use of the software and/or services provided by Service Provider pursuant to the Agreement.

Role: Controller

Data Importer

Name: Service Provider that is permitted to perform the Services for Client under the Agreement between Client and Service Provider.

Contact Details: the email and mailing address(es) or Service Provider’s primary contact person(s) as set out in the Agreement.

Activities relevant to the data transferred: Provision of the software and/or services provided by Service Provider pursuant to the Agreement.

Role: Processor

 

  1. Description of Transfer:

Categories of Data Subjects whose Personal Data is transferred 

The Categories of Data Subjects may include the following:

  • Employees and contact persons of Client.
  • Prospects, customers, vendors, suppliers, and business partners of Client (who are natural persons).
  • Such other Personal Data that Client makes available to Service Provider for Processing on Client’s behalf in connection with Service Provider’s performance of the Services, as determined and controlled by Client and set forth in the Agreement and any data classification forms completed by Client pursuant to the Agreement.

 

Categories of Personal Data transferred

The Personal Data may include the following categories of data:

 

  • Business contact details
  • Personal contact details
  • Human Resources Data
  • System Access / Usage / Authorization Data
  • Contract and Invoice Data
  • Such other Personal Data that Client makes available to Service Provider for Processing on Client’s behalf in connection with Service Provider’s performance of the Services, as determined and controlled by Client and set forth in the Agreement and any data classification forms completed by Client pursuant to the Agreement.

 

Subject Matter, Nature, and Purposes of Processing

The subject matter of the Processing is Service Provider’s provision of the software and/or services described in the Agreement. The nature and purpose of the Processing is Service Provider’s provision of the software and/or services described in the Agreement.

Period for which Personal Data Will be Processed and Retained

Personal Data will be Processed and retained for the duration of the Agreement and subject to Section 8 (Data Destruction and Return) of the Addendum.

Frequency of the transfer (e.g., whether the data is transferred on a one-off or continuous basis)

Transfers will be made on a continuous basis

For transfers to Subprocessors, the subject matter, nature, and duration of the processing

The subject matter, nature, and duration of processing undertaken by Subprocessors will be the same as set forth in the Addendum and this Schedule 1 with respect to Service Provider and shall be in accordance with Section 4 (Subprocessors) of the Addendum.

C. Competent Supervisory Authority

Under the 2021 EU Standard Contractual Clauses (Modules 2 and 3, with docking clause) entered by the parties pursuant to Sections 9.1 of the Addendum under Module 2 (Transfer Controller to Processor) and Module 3 (Transfer Processor to Processor), the supervisory authority will be the competent supervisory authority that has supervision over Client located in the EEA in accordance with Section 9.1.2.7 of the Addendum and Clause 13 of the 2021 EU Standard Contractual Clauses (Modules 2 and 3, with docking clause), provided that where Section 9.1.2.7(c) of the Addendum applies, the competent supervisory authority will be the Data Protection Commission of Ireland.

 

 SCHEDULE 2

 

MANDATORY OPERATIONAL, TECHNICAL AND ORGANISATIONAL MEASURES

 

Service Provider must implement an Information Security Management System that has policies and procedures to ensure the confidentiality, integrity, and availability of Personal Data and protect it from disclosure, improper alteration, or destruction and has at least the following controls:

 

1. Access Controls – policies, procedures, and physical and technical controls: (i) to limit access to its information systems and the facility or facilities in which they are housed to properly authorized persons; (ii) to ensure that all members of its workforce who require access to Personal Data have appropriately controlled access, and to prevent those workforce members and others who should not have access from obtaining access; (iii) to authenticate and permit access only to authorized individuals and to prevent members of its workforce from providing Personal Data or information relating thereto to unauthorized individuals; and (iv) to encrypt and decrypt Personal Data where appropriate.

2. Security Awareness and Training – a security awareness and training program that includes the processing/handling of personal data for all members of Service Provider’s workforce (including management), which includes training on how to implement and comply with its information security program.

3. Security Incident Procedures – policies and procedures to detect, respond to, and otherwise address security incidents, including procedures to monitor systems and to detect actual and attempted attacks on or intrusions into Personal Data or information systems relating thereto, and procedures to identify and respond to suspected or known security incidents, mitigate harmful effects of security incidents, and document security incidents and their outcomes.

4. Contingency Planning – policies and procedures including a data backup plan and a diClientter recovery plan for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, pandemic, and natural diClientter) that prevents access to or damages Personal Data or systems that contain Personal Data.

5. Device and Media Controls – policies and procedures that govern the receipt and removal of paper, hardware and electronic media that contain Personal Data into and out of a Service Provider facility and the movement of these items within a Service Provider facility, including policies and procedures to address the final disposition of Personal Data, and/or the paper, hardware or electronic media on which it is stored, and procedures for removal of Personal Data from electronic media before the media are made available for re-use.  Devices shall use encryption consistent with industry standards and Article 32 GDPR.

6. Systems Monitoring and Logging – hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic information, including appropriate logs and reports concerning these security requirements and compliance therewith.

7. Network Security – Policies and procedures to maintain physical and technical controls to monitor and protect its network and systems against external intrusion including, but not limited to: implement secure gateways of the Service Provider’s network, utilize firewall technology at both ingress and egress points, system patches and security updates with regular reviews, approvals, and installations, restricted secure access connections for external networks, encryption protocols for network data transfers, and digital certificates to maintain integrity and non-repudiation for externally facing assets.

8. Storage and Transmission Security – technical security measures to guard against unauthorized access to Personal Data that is being transmitted over electronic communications, including a mechanism to encrypt Personal Data in electronic form while in transit and in storage on networks or systems.

9. Assigned Security Responsibility – Service Provider will designate a security official responsible for the development, implementation, and maintenance of its information security program. Service Provider will inform Client as to the person responsible for security.

10. Vulnerability Management – Service Provider will regularly test and monitor the effectiveness of its safeguards, controls, systems and procedures. Service Provider will periodically identify reasonably foreseeable internal and external risks to the security, confidentiality, availability and integrity of the Personal Data, and ensure that these risks are addressed, including, but not limited to, system patches and security updates with regular reviews, approvals, and installations. Service Provider will conduct vulnerability management appropriate to risk, which may include internal or independent testing at Service Provider’s discretion. Tests may be conducted internally or by qualified independent reviewers, at Service Provider’s discretion.

11. Adjust the Program – Service Provider will monitor, evaluate, and adjust, as appropriate, the information security program in light of any relevant changes in technology or industry security standards, the sensitivity of the Personal Data, internal or external threats to Service Provider or the Personal Data, and Service Provider’s own changing business arrangements, such as mergers and acquisitions, alliances and joint ventures, outsourcing arrangements, and changes to information systems.  

 

 

 

Annex – U.S. State Law Addendum

For purposes of the California Consumer Privacy Act as amended by the CPRA, and similar U.S. state privacy laws (including but not limited to the Colorado Privacy Act, Virginia Consumer Data Protection Act, Connecticut Data Privacy Act, Utah Consumer Privacy Act, Texas Data Privacy and Security Act, and Oregon Consumer Privacy Act), Service Provider acts as a 'service provider' or 'processor' on behalf of Client. Service Provider will not 'sell' or 'share' Personal Data, use it for cross-context behavioral advertising, or combine it with other data except as permitted under applicable law and this Addendum. Any assistance provided to Client under these laws shall be limited to available tools and provided at Client’s cost.

 

Annex – Global Data Privacy Addendum

 

For purposes of other global data privacy laws, including Brazil’s LGPD, South Africa’s POPIA, and China’s PIPL, Service Provider will comply only to the extent legally required, using commercially reasonable efforts. Any additional measures, filings, or contractual commitments required under such laws will be implemented only if mutually agreed in writing, and all associated costs shall be borne by Client. Nothing in this Annex expands Service Provider’s liability beyond that set forth in the Agreement or this DPA.

Â