Let's Talk! +1 (646) 216-7541

  Top 5 Automations in Banking, Mortgage & Insurance | Online Event | October 06th, 2022 | 12PM EST Register

California Consumer Privacy Act (CCPA) Addendum

Updated: 28th June 2022

This CCPA Data Processing Addendum (the “Addendum”) reflects the requirements of the California Consumer Privacy Act of 2018 and its implementing regulations, as amended or superseded from time to time (California Civil Code §§ 1798.100 to 1798.199) (the “CCPA”). This Addendum makes clear that OpenBots Inc is acting as a Service Provider for CCPA purposes.

This Addendum is an addendum to the Customer Terms of Service (“Agreement”) and its incorporated Customer Data Processing Agreement (the “DPA”) between OpenBots Inc (“OPENBOTS”) and the Customer (each a “Party”; collectively the “Parties”) and is in effect for so long as OPENBOTS maintains Personal Information (as defined in and to the extent protected by the CCPA) provided by Customer or which is collected on behalf of Customer by OPENBOTS (hereinafter, the “Personal Information”). This Addendum shall only apply and bind the Parties if and to the extent Customer is a Business under the CCPA. This Addendum prevails over any conflicting terms of the Agreement or DPA, but does not otherwise modify the Agreement or DPA. All capitalized terms not defined in this Addendum shall have the meanings set forth in the CCPA. Customer enters into this Addendum on behalf of itself and, to the extent required under the CCPA, in the name and on behalf of its authorized affiliates (defined below).

The parties agree as follows:

1. Definitions
  • 1.1. “Affiliate” means an entity that directly or indirectly Controls, is Controlled by or is under common Control with an entity.
  • 1.2. “Authorized Affiliate” means any of Customers’ Affiliate(s) permitted to or otherwise receiving the benefit of the Services pursuant to the Agreement.
  • 1.3. Service providers are defined by CCPA as “for profit” entities that process information on behalf of an organization and to which the organization discloses a consumer’s personal information for a business purpose, pursuant to a written contract.
  • 1.4. Third parties are defined by CCPA as “a person to whom the business discloses a consumer’s personal information for a business purpose pursuant to a written contract” providing the written contract includes certain conditions.
  • 1.5. “CCPA” means the California Consumer Privacy Act of 2018, as amended, and any regulations promulgated thereunder. The terms “aggregate consumer information”, “business”, “business purpose”, “de-identified information”, “personal information”, “processing”, and “sell”, shall have the same meaning as in the CCPA.
2. Scope and Applicability of this Addendum.
  • 2.1. This Addendum applies to the collection, retention, use, and disclosure of the Personal Information to provide Services to Customer pursuant to the Agreement or to perform a Business Purpose.
  • 2.2. Customer is a Business and appoints OPENBOTS as a Service Provider to process the Personal Information on behalf of Customer. Customer is responsible for compliance with the requirements of the CCPA applicable to Businesses.
  • 2.3. OPENBOTS’s collection, retention, use, or disclosure of Personal Information for its own purposes independent of providing the Services specified in the Agreement are outside the scope of this Addendum.
3. Restrictions on Processing.
  • 3.1. OPENBOTS is prohibited from retaining, using, or disclosing the Personal Information for any purpose other than for the specific purpose of performing the Services specified in the Agreement for Customer, as set out in this Addendum, or as otherwise permitted by the CCPA.
  • 3.2. OPENBOTS shall not further collect, sell, or use the Personal Information except as necessary to perform the Business Purpose. For the avoidance of doubt, OPENBOTS shall not use the Personal Information for the purpose of providing services to another person or entity, except that OPENBOTS may combine Personal Information received from one or more entities to which it provides similar services to the extent necessary to detect data security incidents, or protect against fraudulent or illegal activity.
  • 3.3 OPENBOTS will work in good faith to cooperate and assist Customer with any reasonable written request from Customer to comply with its obligation under the CCPA to respond to verifiable consumer requests to access or delete personal information that OPENBOTS may be processing on Customer’s behalf.
4. Notice.
  • 4.1. Customer represents and warrants that it has provided notice that the Personal Information is being used or shared consistent with Cal. Civ. Code 1798.140(t)(2)(C)(i).
5. Consumer Rights.
  • 5.1. OPENBOTS shall provide reasonable assistance to Customer in facilitating compliance with Consumer rights requests.
  • 5.2. Upon direction by Customer and within a commercially reasonable amount of time, OPENBOTS shall delete the Personal Information.
  • 5.2.1 OPENBOTS shall not be required to delete any of the Personal Information to comply with a Consumer’s request directed by Customer if it is necessary to maintain such information in accordance with Cal. Civ. Code 1798.105(d), in which case OPENBOTS shall promptly inform Customer of the exceptions relied upon under 1798.105(d) and OPENBOTS shall not use the Personal Information retained for any other purpose than provided for by that exception.
6. De-identified Information.
  • 6.1. In the event that either Party shares de-identified Information with the other Party, the receiving Party warrants that it:
    • 1. has implemented technical safeguards that prohibit reidentification of the Consumer to whom the information may pertain;
    • 2. has implemented business processes that specifically prohibit reidentification of the information;
    • 3. has implemented business processes to prevent inadvertent release of de-identified Information;
    • 4. will make no attempt to re-identify the information.
7. Mergers, Sale, or other asset transfer.
  • 7.1. In the event that either Party transfers to a Third Party the Personal Information of a Consumer as an asset that is part of a merger, acquisition, bankruptcy, or other transaction in which the third party assumes control of all or part of such Party to the Agreement, that information shall be used or shared consistently with applicable law. If a Third Party materially alters how it uses or shares the Personal Information of a Consumer in a manner that is materially inconsistent with the promises made at the time of collection, it shall provide prior notice of the new or changed practice to the Consumer in accordance with applicable law.
8. As required by law.
  • 8.1. Notwithstanding any provision to the contrary of the Agreement, the DPA or this Addendum, OPENBOTS may cooperate with law enforcement agencies concerning conduct or activity that it reasonably and in good faith believes may violate international, federal, state, or local law.
9. No Sale of Personal Information.
  • 9.1. The Parties acknowledge and agree that the exchange of Personal Information between the Parties does not form part of any monetary or other valuable consideration exchanged between the Parties with respect to the Agreement, the DPA or this Addendum.