胜仔芮甜甜吃葡萄事件三部曲合集!

Last Updated:听听April 29, 2025

This addendum forms part of the MyInsights System Terms, MyInsights Master Agreement or other written or electronic agreement between us (鈥�Company鈥�) and Customer that incorporates this addendum by reference (the 鈥�Agreement鈥�) for the use of the System, and sets forth the terms relating to the privacy, confidentiality and security of Personal Information (as defined below). In the event of any conflict between this addendum and the Agreement, this addendum will prevail with regard to the Processing of Personal Information. Any capitalized terms used, but not defined in this addendum have the meanings ascribed to those terms in the Agreement.

听

The parties agree as follows:

鈥�Affiliate鈥� means any entity that directly or indirectly Controls, is Controlled by or is under common Control with the applicable party, where 鈥�Control鈥� means the possession, directly or indirectly, of the power to direct or cause the direction of the management or policies of another company or legal entity, whether: (i) through the ownership of voting stock or securities; (ii) through the ownership of partnership or membership interest; (iii) by contract; or (iv) otherwise.

听

鈥�Authorized Affiliates鈥� means any of Customer鈥檚 Affiliates that are permitted to use the System under the Agreement.

听

鈥�CCPA鈥� means the California Consumer Privacy Act, Cal. Civ. Code 搂 1798.100 et seq., as amended by the California Privacy Rights Act, and its implementing regulations.

听

鈥�Data Controller鈥� means a person who alone or jointly with others determines the purposes and means of the Processing of Personal Information, including any 鈥渂usiness鈥� as that term is defined by the CCPA.

听

鈥�Data Processor鈥� means a person who Processes Personal Information on behalf of the Data Controller, including, any 鈥渟ervice provider鈥� as that term is defined by the CCPA or other applicable Privacy Laws.听听

听

鈥�Europe鈥� means the European Union, European Economic Area, Switzerland and the United Kingdom.

听

鈥�Government Authority Request鈥� means any subpoena, warrant or other judicial, regulatory, governmental or administrative order, proceeding, demand or request (whether formal or informal) by a government or quasi-governmental or other regulatory authority (including law enforcement or intelligence agencies) seeking or requiring access to or disclosure of Personal Information.

听

鈥�Information Security Incident鈥� means (i) any destruction, loss, misuse, modification, unauthorized access to, or disclosure or acquisition of, any Personal Information; or (ii) any 鈥渂reach of security safeguards鈥� or 鈥渃onfidentiality incident鈥� as defined pursuant to applicable Privacy Laws.听 Information Security Incident does not include unsuccessful attempts or activities that do not compromise the security of Personal Information, including unsuccessful login attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems.

听

鈥�Personal Information鈥� means any electronic data provided by or for Customer or its Authorized Affiliates to the Cloud Services, including MyInsights Data, that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with an identified, identifiable or particular individual or household, regardless of the media in which it is contained.听

听

鈥�PIPEDA鈥� means the Personal Information Protection and Electronic Documents Act (Canada), S.C. 2000, c. 5, as amended from time-to-time, together with the regulations thereto.

听

鈥�Process鈥�, 鈥�Processed鈥�, or 鈥�Processing鈥� means any operation or set of operations performed upon Personal Information or on sets of Personal Information, whether or not by automatic means, such as creating, collecting, procuring, obtaining, retaining, accessing, recording, organizing, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing, transmitting, aligning, combining, restricting, anonymizing, deleting or destroying the data.

听

鈥�Privacy Laws鈥� means the laws, rules, regulations, directives and governmental requirements that apply to the Processing of Personal Information pursuant to the Agreement, including, as applicable, CCPA, PIPEDA and the Provincial Privacy Laws.

听

鈥�Provincial Privacy Laws鈥� means the Personal Information Protection Act, SA 2003, c P-6.5 (Alberta), the Personal Information Protection Act, SBC 2003, c 63 (British Columbia), and the Act respecting the protection of personal information in the private sector, CQLR c P-39.1 (Quebec), each as amended from time to time and together with the regulations thereto.

听

鈥�Sell鈥� and 鈥淪hare鈥� have the meanings ascribed to those terms in the applicable Privacy Law.

听

鈥�Sub-Processor鈥� means a third party authorized as another Data Processor under this addendum to have access to and Process Personal Information to provide parts of the System.

听

听

听听听听听听听听听听听听(a.)听听听听听听听听听听听听听听听 Customer shall have exclusive authority to determine the purposes for and means of Processing Personal Information. Company shall Process Personal Information only on behalf of and for the benefit of Customer, and for the sole purpose of carrying out its obligations pursuant to the Agreement and Customer鈥檚 documented written instructions, or as otherwise required or authorized under applicable law. Company shall not Process Personal Information for any other purpose or outside of the direct business relationship between Customer and Company. Except as permitted by Privacy Laws, Company shall not combine Personal Information with other personal information that Company receives from a non-party or collects independently from the Agreement.

听 听 听 听 听 听听(b.)听听听听听听听听听听听听听听听 The Parties anticipate that Customer will act as a Data Controller and Company will act as a Data Processor with respect to the Processing of Personal Information under the Agreement as currently described in Exhibit听1 to this addendum. 听Customer shall provide all required notices to, and obtain all required consents from, all relevant individuals prior to providing any Personal Information regarding such individuals to Company (including any notices and consents required for Company to Process the Personal Information in accordance with the Agreement and this addendum), in accordance with Privacy Laws and any applicable guidance issued or published by any relevant governmental or regulatory authority (including any relevant supervisory authority or privacy commissioner); (ii) retain appropriate records of the notices and consents described above, and promptly provide evidence of such notices and consents to Company upon Company鈥檚 request; and (iii) take all reasonable steps to ensure that the Personal Information provided to Company by Customer is accurate, up-to-date, and restricted to only the minimum Personal Information required by Company for the purposes of performing the Agreement.听

听听听听听听听听听听听听(c.)听 听 听 听 听 听 听 听 Any Personal Information will, at all times, be and remain the sole property of Customer and Company will not have or obtain any rights therein except as otherwise provided in the Agreement.听

听 听 听 听 听 听 (d.)听听听听听听听听听听听听听听听 Customer enters into this addendum on behalf of itself and, to the extent required under applicable Privacy Laws, in the name and on behalf of its Authorized Affiliates, if and to the extent Company Processes Personal Information for which such Authorized Affiliates qualify as a Data Controller. For the avoidance of doubt, an Authorized Affiliate is not and does not become a party to the Agreement. All access to and use of the System by Authorized Affiliates must comply with the terms of the Agreement and any violation of the terms of the Agreement by an Authorized Affiliate will be deemed a violation by Customer. Customer shall remain responsible for coordinating all communications with Company under this addendum and be entitled to make and receive any communication in relation to this addendum on behalf of its Authorized Affiliates.

听 听 听 听 听 听听(a.)听听听听听听听听听听听听听听听 Company shall not share, transfer, disclose, make available or otherwise provide access to any Personal Information to any non-party, except as necessary for the provision of System to Customer or as otherwise permitted by the Agreement or required by applicable law. Customer provides general authorization to Company鈥檚 use of Sub-Processors to provide Processing activities on Personal Information on behalf of Company.听 Company shall enter into a written agreement with each Sub-Processor that imposes substantially similar obligations on the Sub-Processor as those imposed on Company under this addendum. Where the Sub-Processor fails to fulfil its obligations, Company shall remain fully liable to Customer for the performance of such Sub-Processor鈥檚 obligations. Upon written request, Company shall provide Customer with a list of its Sub-Processors that Process Personal Information.听

听 听 听 听 听 听听(b.)听听听听听听听听听听听听听听听 Company shall not Sell or Share Personal Information, and the Parties hereto acknowledge and agree that Customer does not Sell or Share Personal Information to Company in connection with the System provided by Company on behalf of Customer pursuant to the Agreement.

听 听 听 听 听 听听(c.)听听听听听听听听听听听听听听听 Customer agrees that Company may transfer, transmit, disclose or otherwise Process Personal Information anywhere in the world where Company or its Sub-Processors maintain data Processing operations as necessary to provide the System to Customer.听 For the avoidance of doubt, Customer acknowledges that Company and its Sub-Processors transfer and store MyInsights Data, including any Personal Information, in the United States.听 Customer shall take all steps required pursuant to Privacy Laws to permit Company and its Sub-Processors to Process Personal Information outside the province and country where the Customer and the relevant individuals are located, including without limitation, providing any required notices and conducting any required assessments with respect to such cross-border data Processing activities.听听

听 听 听 听 听 听听(d.)听听听听听听听听听听听听听听听 Customer acknowledges that its use of the System is restricted to Canada, Mexico and the United States.听 Customer states that Company will not Process Personal Information relating to individuals in Europe.听听

听 听 听 听 听 听听(e.)听听听听听听听听听听听听听听听 Company shall promptly inform Customer in writing of any enquiries, complaints or requests with respect to Personal Information received from consumers, employees, agents, consultants, contractors or others, unless restricted from doing so under applicable law. Subject to any requirements applicable to Company under applicable laws, including the Privacy Laws, Company shall respond to such requests in accordance with Customer鈥檚 instructions.听

听 听 听 听 听 听听(f.)听听听听听听听听听听听听听听听 Company and Customer shall reasonably cooperate with each other if an individual requests access or updates to, or deletions of, his or her Personal Information, requests the restriction of, or objects to, the Processing of his or her Personal Information, or makes a data portability request for any reason.听 Customer shall be responsible for any expenses that Company incurs under this section III(F).

听 听 听 听 听 听听(g.)听听听听听听听听听听听听听听听 Company shall implement and maintain a documented procedure for reviewing and responding to Government Authority Requests. Such procedure shall require that Company:

听 听 听 听 听 听 听听听听听 听 听 听 听 听 听 听 (i.)听听听听听听听听听听听听听听听听听 To the fullest extent permitted by law, promptly notify Customer, in writing, of any such Government Authority Request and cooperate with Customer in responding to such request;

听 听 听 听 听 听 听 听 听 听 听 听 听 听 听 听 (ii.)听 听 听 听 听 听 听 听 听Scrutinize any such Government Authority Request to determine whether the request is valid, legally binding and lawful and reject or contest any request that is not valid, legally binding and lawful; and

听 听 听 听 听 听 听 听 听 听 听 听 听 听 听 听 (iii.)听 听 听 听 听 听 听 听 Ensure that the Personal Information disclosed or to which access is provided is proportionate and limited to the minimum amount strictly necessary for the purpose of complying with the Government Authority Request. Company shall, to the fullest extent permitted by applicable law, remove any information prior to disclosure or access that would allow an individual to be directly identified from the data disclosed or to which access is provided.

听 听 听 听 听 听 (h.)听听听听听听听听听听听听听听听 Subject to any legal restrictions, Customer shall reasonably cooperate with Company to respond to any Government Authority Request or other demand, claim, action, complaint, investigation or audit by a third party relating to the Processing of Personal Information in connection with the Agreement (鈥淟egal Action鈥�), including but not limited to any such Legal Action by any individual whose Personal Information is Processed by Company in connection with the Agreement and/or any relevant supervisory authority or privacy commissioner.

听 听 听 听 听 听听(i.)听听听听听听听听听听听听听听听 Company shall implement and maintain appropriate, physical, technical, administrative and organizational measures to protect Personal Information against Information Security Incidents and to preserve the security and confidentiality of Personal Information processed by Company. The physical, technical, administrative and organizational measures are subject to technical progress and development, and Company may update or modify such measures from time to time provided that updates and modifications do not result in materially degrade the security of the services provided by Company to Customer.听

听 听 听 听 听 听听(a.)听听听听听听听听听听听听听听听 Each Party shall comply with all Privacy Laws in connection with Processing Personal Information pursuant to the Agreement. Company shall promptly inform Customer if, in Company鈥檚 opinion, an instruction from Customer infringes applicable Privacy Laws.听

听 听 听 听 听 听听(b.)听听听听听听听听听听听听听听听 Company certifies that it understands and will comply with the requirements and restrictions set forth in this addendum.听

听 听 听 听 听 听听(c.)听听听听听听听听听听听听听听听 Upon Customer鈥檚 request, Company shall provide reasonable assistance needed to fulfil Customer鈥檚 obligation under Privacy Laws to carry out a data protection impact assessment and any related regulatory consultation related to Customer鈥檚 use of the System, to the extent Customer does not otherwise have access to the relevant information and such information is available to Company. Notwithstanding anything to the contrary in the Agreement, Company shall provide such assistance at Customer鈥檚 expense.

听 听 听 听 听 听听(d.)听听听听听听听听听听听听听听听 Company shall take reasonable steps to ensure the reliability of any employee, agent or contractor of Company who may have access to the Personal Information, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.

听 听 听 听 听 听听(e.)听听听听听听听听听听听听听听听 Company shall promptly inform Customer in writing of any Information Security Incident of which Company becomes aware.听 Company shall make reasonable efforts to identify the cause of such Information Security Incident take such steps as Company deems necessary and reasonable to remediate the cause of such Information Security Incident to the extent the remediate is within Company鈥檚 reasonable control.听 The obligations herein shall not apply to incidents that are caused by Customer or its Authorized Affiliates.听

To the extent that deletion or return of Personal Information is not specified in the Agreement, Company will, upon receiving Customer鈥檚 written request, delete or return, as determined in Company鈥檚 sole discretion, Personal Information within a reasonable period to be confirmed by Company.听 Notwithstanding the preceding sentence, Company and its Sub-Processors may retain any Personal Information (i) required for compliance with any legal or regulatory obligation applicable to Company or any Sub-Processor, including Personal Information subject to a document retention hold established in connection with any civil or criminal investigation or litigation; (ii) contained in Company鈥檚 or any Sub-Processor鈥檚 archival or back-up computer storage that Company or Sub-Processor, as applicable, shall protect from any further processing and eventually deleted in accordance with Company鈥檚 or Sub-Processor鈥檚 deletion policies; or (iii) otherwise permitted under the Agreement.听听

Upon Customer鈥檚 written request, no more than once per year and subject to the confidently obligations set forth in the Agreement, Company shall provide Customer or its mandated auditor with the most recent certifications, summary audit reports or both, which Company has procured to demonstrate compliance with this addendum. If further information is needed by Customer to comply with its legal obligations under Privacy Laws, Customer shall submit to Company in writing a request for such information to enable Company to provide such information at Customer鈥檚 expense.

This addendum shall survive any termination or expiration of the Agreement only to the extent that Company maintains any Personal Information.

听 听 听 听 听 听听(a)听听听听听听听听听听听听听听听听听 For the avoidance of doubt, any claim or remedies Customer may have against Company or any Sub-Processor arising under or in connection with this addendum will be subject to any limitation of liability provisions (including any agreed aggregate financial cap) that apply under the Agreement.听 Customer shall indemnify Company and its Sub-Processors for any regulatory penalties incurred by Company or any Sub-Processor in relation to Personal Information that arise because of, or in connection with Customer鈥檚 failure to comply with its obligations under this addendum or any applicable Privacy Law.听 Customer further acknowledges that any regulatory penalties incurred by Company in relation to Personal Information that arise because of, or in connection with Customer鈥檚 failure to comply with its obligations under this addendum or any applicable Privacy Law will count toward and reduce Company鈥檚 liability under the Agreement as if it were liability to the Customer under the Agreement.

听 听 听 听 听 听听(b)听听听听听听听听听听听听听听听听听 Customer and Company acknowledge that laws relating to privacy and data protection, including the Privacy Laws, are evolving and that amendment to the Agreement or this addendum may be required to ensure compliance with such developments.听 The parties agree to take such action as is necessary to implement the standards and requirements of any applicable Privacy Laws, including negotiating in good faith to amend the Agreement or this addendum as necessary for compliance with such laws.

听 听 听 听 听 听听(c)听听听听听听听听听听听听听听听听听 The parties have expressly requested that this addendum and all related documents be drawn up in the English language only.听 Les parties ont express茅ment exig茅 que le pr茅sent avenant relatif au traitement des renseignements personnels ainsi que tout document s鈥檡 rattachant soient r茅dig茅s en anglais seulement.

This exhibit 1 forms part of the addendum and must be completed by the Parties.

听

a)听听听听听听听听听听听听听听听听听听听 Subject-matter and duration of the Processing activities: The Parties acknowledge that Company may Process Personal Information on behalf of Customer for the purpose of providing the System under the Agreement. The duration of the Processing is equal to the duration of the Agreement.听

a.听听听听听听听听听听听听听听听听听听听 Individuals Concerned: Personal Information concerns the following categories of individuals:

-听听听听听听听听听 Customer鈥檚 employees and contractors.

b.听听听听听听听听听听听听听听听听听听听 Categories of Personal Information: Customer may submit Personal Information to the Cloud Services, the extent of which is determined and controlled by Customer, and which might include the following categories of Personal Information:

-听听听听听听听听听 First and Last Name

-听听听听听听听听听 Title/Position/User Role

-听听听听听听听听听 Contact information (e.g. company, email address, phone number, physical business address)

-听听听听听听听听听 Geo-location data

-听听听听听听听听听 Other Personal Information Customer鈥檚 Authorized Users manually input into the Cloud Services.

c.听听听听听听听听听听听听听听听听听听听 Special categories of Personal Information (if appropriate): None.