California Data Privacy Addendum

This California Data Privacy Addendum (“CDPA“) forms part of the Terms of Service available at us.qrdigicard.com/terms, or, if applicable, any other separate written agreement (the “Agreement“), by and between QR DigiCard, Netspot USA LLC (“QR DigiCard“) and the Customer named in the Agreement, pursuant to which Customer has purchased a subscription to access and use the Service (as defined in the Agreement). The parties intend this CDPA to be an extension of the Agreement that will outline certain requirements for QR DigiCard’s processing of certain personal data provided or made available by Customer, or collected or otherwise obtained by QR DigiCard, in the course of providing services to Customer.
Definitions.

CCPA” means the California Consumer Privacy Act of 2018 as set forth in California Civil Code § 1798.100 et seq. and all other applicable laws or regulations relating to the Processing of Personal Information that may exist in the relevant jurisdiction.

“Business,” “Business Purpose,” “Consumer,” “Person,” “Personal Information,” “Sell,” “Service Provider” and “Third Party”” shall have the meanings set forth in the CCPA.

All other defined terms shall have the meanings set forth in the Agreement.

Terms

The terms of this CDPA shall continue concurrently for the term of the Agreement.

The parties agree that Customer is a Business and QR DigiCard is its Service Provider in relation to this CDPA and Personal Information that is Processed in the course of QR DigiCard’s provision of the Services set forth in the Agreement. The parties agree to comply at all times with the applicable provisions of the CCPA in respect to the collection, transmission, and processing of all Personal Information exchanged or shared pursuant to the Agreement.

The subject-matter of the Processing of Personal Information covered by this CDPA is the Services ordered by Customer through QR DigiCard and provided by QR DigiCard to Customer as set out in the Agreement.

QR DigiCard certifies that it understands the restrictions set forth in Section 1798.140(w)(2)(A) of the CCPA and will comply with them.

QR DigiCard shall not Sell Personal Information.

In respect of Personal Information Processed in the course of providing the Services, QR DigiCard:

shall Process Personal Information only in accordance with the documented instructions from Customer (as set out in this CDPA or the Agreement or as otherwise notified by Customer to QR DigiCard from time to time); provided QR DigiCard may Process Personal Information for Business Purposes under the CCPA or another applicable law or regulation, and in such cases QR DigiCard will inform Customer of such requirement prior to the Processing unless that law prohibits this on important grounds of public interest;

may hire other companies to provide limited services on its behalf, provided that QR DigiCard complies with the provisions of this clause. Any such subcontractors will be permitted to Process Personal Information only to deliver the Services. QR DigiCard remains responsible for its subcontractors’ compliance with the obligations of this CDPA, and QR DigiCard shall ensure that any subcontractors to whom QR DigiCard transfers Personal Information will have entered into written agreements with QR DigiCard requiring that the subcontractor abide by terms substantially similar to this CDPA; and

shall reasonably assist the Customer with its obligation to respond to requests from Consumers under the CCPA (including requests for information relating to the Processing, and requests relating to access, rectification, erasure or portability of the Personal Information) provided that QR DigiCard reserves the right to reimbursement from Customer for the reasonable cost of any time, expenditures or fees incurred in connection with such assistance.

Miscellaneous

Except as expressly provided in this CDPA, the parties intend no amendment or modification of the Agreement or in such other addendum or supplement which may have been signed by the parties.

Any notice to be provided under this CDPA to Customer shall be sent via email to the email address associated with Customer’s account.

This CDPA supplements the terms of the Agreement. In the event of any conflict between this CDPA and the Agreement regarding the processing of Consumers’ Personal Information, the terms of this CDPA shall control.

If any provision of this CDPA is held by a court of competent jurisdiction to be contrary to the law, the provision shall be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of this CDPA shall remain in full force and effect.

No waiver under this CDPA will be valid or binding unless set forth in writing and duly executed by the party against whom enforcement of such waiver is sought. Any such waiver will constitute a waiver only with respect to the specific matter described therein and will in no way impair the rights of the party granting such waiver in any other respect or at any other time. Any delay or forbearance by either party in exercising any right hereunder will not be deemed a waiver of that right.