Last Updated: February 7, 2022
Service Provider – Cal. Civ. Code 1798.105 (3) – A service provider shall cooperate with the business in responding to a verifiable consumer request, and at the direction of the business, shall delete, or enable the business to delete and shall notify any of its own service providers or contractors to delete personal information about the consumer collected, used, processed, or retained by the service provider or the contractor.
A service provider shall not be required to comply with a deletion request submitted by the consumer directly to the service provider to the extent the service provider has collected, used, processed, or retained the consumer’s personal information in its role as a service provider to the business. Businesses are exempted from the requirements of the CCPA as long as they meet the definition of a Service Provider.
Definition – a legal entity that:
(1) only processes information on behalf of a business;
(2) to which the business discloses a consumer’s personal information for a business purpose pursuant to a written contract;
(3) provided that the contract prohibits the entity from:
(a) Retaining, using, or disclosing the personal information for any purpose other than for the business purposes specified in the contract for the business;(b) Retaining, using, or disclosing the information outside of the direct business relationship between the service provider and the business;(c) Combining the personal information that the service provider receives from the business, provided that the service provider may combine personal information to perform any business purpose.
DATA PROCESSING AGREEMENT
Publisher and ZeetoGroup, LLC ("Zeeto") entered into an agreement under which Zeetohad agreed to provide certain Services in accordance with such agreement (the “Agreement”). This Data Processing Agreement (the “DPA”) is incorporated by reference into the Agreement and shall be effective as of the effective date of the Agreement. Defined terms set forth in the Agreement apply to the interpretation of this DPA.
1. Definitions. Capitalized terms used but not defined within this DPA shall have the meaning set forth in the Agreement. The following definitions and rules of interpretation apply in this Agreement:
a. “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity.
b. “CCPA” means the California Consumer Privacy Right Act of 2018, as amended (Cal. Civ. Code §§ 1798.100 to 1798.199), the CCPA Regulations (Cal. Code Regs. tit. 11, §§ 999.300 to 999.337), and any related regulations or guidance provided by the California Attorney General. Terms defined in the CCPA, including Personal Information and business purposes, carry the same meaning in this Agreement.
c. “Contracted Business Purpose” means the Services performed by Zeeto on behalf of Publisher, as described and defined in the Agreement.
d. “Publisher Personal Information” means the Personal Information maintained by Publisher and processed by Zeeto on behalf of Publisher in connection with Zeeto’s provision of the Services.
2. Scope of this Agreement. This Agreement reflects the requirements of the CCPA and is made to describe Zeeto’s role as a Service Provider under the CCPA. The parties acknowledge and agree that in its role as a Service Provider, Zeeto may receive, process, and disclose certain Publisher Personal Information to Publisher in performing the Contracted Business Purpose.
3. Use of Publisher Personal Information. Zeeto will only collect, use, retain, or disclose Publisher Personal Information for the Contracted Business Purpose. Zeeto will not collect, use, retain, disclose, sell, or otherwise make Publisher Personal Information available for any purpose unrelated to the Contracted Business Purpose. In the event the law requires Zeeto disclose Publisher Personal Information for a purpose unrelated to the Contracted Business Purpose, Zeeto shall inform Publisher of the legal requirement. Zeeto may aggregate, deidentify, or anonymize Personal Information in a manner that renders the information incapable of being associated with an individual. Zeeto may use such aggregated, deidentified, or anonymized Personal Information for its own business purposes.
4. Verifiable Consumer Requests. Zeeto will reasonably cooperate and assist Publisher with meeting Publisher’s CCPA compliance obligations and responding to CCPA-related inquiries, including responding to verifiable consumer requests, taking into account the nature of Zeeto’s processing and the information available to Zeeto. Zeeto shall notify Publisher without undue delay if Zeeto receives a request, notice, or communication directly or indirectly from a consumer relating to either party’s compliance with the CCPA. Zeeto may direct the consumer to submit their request directly to Publisher.
5. Applicable Law.
Both parties will comply with all applicable requirements of all laws and regulations of the United States of America, including the CCPA, when collecting, using, retaining, disclosing, or processing Personal Information. Publisher represents and warrants that it and its Affiliates have provided the applicable privacy notices as required under the CCPA. Zeeto may update this DPA from time to time as a result of changes to applicable law.