The Customer is a “business” as defined in Section 1798.140(c) of the CCPA, i.e. the Customer is the entity that determines the purposes and means of the processing of Personal Information.
Company represents and warrants that it either meets the definition of “Data Processor” under the CCPA in Section 1798.140(v) of the CCPA or (i) is an entity that provides services to a person or organization that is not a business, and would otherwise meet the requirements of a “Data Processor” under the CCPA, or (ii) is an entity that Company directs to collect Personal Information and would otherwise meet the requirements to be a Data Processor of Controller under the CCPA or (iii) meets the definition of Data Processor in § 999.314 of the CCPA regulations promulgated by the Attorney General of California, as amended. Company further represents and warrants that it is not acting as a Third Party, as defined in Section 1798.140(w) of the CCPA.
Parties agree that Data Processing covered by this Agreement does not constitute a “sale” of Personal Information, as defined in the CCPA.
Consistent with Section 1798.140(v) of the CCPA, Company shall process the Personal Information solely for: (i) a valid business purpose pursuant to this Agreement; and (ii) to perform the Services.
Pursuant to Section 1798.140(v) of the CCPA, Company shall not:
(a) sell Personal Information;
(b) retain, use, or disclose Personal Information for any purpose other than performing the Services;
(c) retain, use, or disclose Personal Information outside the business relationship between the Company and Customer;
(d) use Personal Information received from Customer or from direct interaction with the Consumer for the purpose of providing services to another person or entity. Notwithstanding the foregoing, Company may combine Personal Information collected from or on behalf of Customer in order to detect security incidents or protect against fraudulent or illegal activity.