If you are accepting this DPA on behalf of the Client, you represent and warrant that: (a) you are duly authorized to represent Client; and (b) you accept the terms of this DPA on behalf of Client. If Client executes a separate Data Processing Agreement with Bizhaven, that Data Processing Agreement will apply to the Parties relationship in addition to this DPA. Bizhaven reserves the right to update this DPA from time to time in order to comply with revisions, amendments, or updates to Applicable Privacy Laws (as defined below). Client’s continued use of the Services shall constitute acceptance of any such updates.
1.1 In this DPA, the following terms (and derivations thereof) have the meanings set out below:
1.1.1 “California Consumer Privacy Act of 2018” or “CCPA” means Title 1.81.5., California Consumer Privacy Act of 2018, Cal Civ Code § 1798.100 et. seq. and any and all amendments thereto;
1.1.2 “Consumer” means a natural person who is a resident of the United States and utilizes economic goods and services.
1.1.3 “Client Data” means any data, file attachments, text, images, reports, Personal Information, or other content that is uploaded or submitted by Client and is processed by Bizhaven on behalf of Client.
1.1.4 “Data Protection Laws” means any applicable local, state and federal laws, rules and regulations relating to the use, collection, retention, storage, security, disclosure, transfer, sale or other processing or Personal Information (as this term is defined below), including, but not limited to the CCPA, including any amendments and any implementing regulations thereto that become effective on or after the effective date of this DPA.
1.1.5 “Personal Information” means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Consumer or household. “Personal information” does not include publicly available information. For these purposes, “publicly available” means information that is lawfully made available from federal, state, or local government records.
1.1.6 “Services” means professional services, data processing and any service or application provided by Bizhaven to Client and/or as referenced in the Agreement, including without limitation any operation or set of operations that are performed on Client Data by either automated or not automated means.
1.1.7 “Subcontractor” means any person or company appointed by or on behalf of Bizhaven to process Client Data on behalf of Client in connection with the Agreement. Client hereby expressly consents to Bizhaven engaging Subcontractors to process and store Client Data, and specifically agrees to use of AWS, Cycle and Vultr as subcontractors to process and store Client Data.
1.2 Capitalized terms not defined herein have the meaning given in the Agreement between Bizhaven and Client. The word “include” shall be construed to mean “include without limitation,” and any derivations thereof shall be construed accordingly. All “Section” references shall be to this DPA unless otherwise specified.
Client shall retain its right, title and interest, including all intellectual property rights, in and to all Client Data.
3. Bizhaven Responsibilities
3.1 Bizhaven will collect, use, retain and process Client Data for the purpose of providing the Services set forth in the Agreement and in accordance with Client’s instructions.
3.2 Bizhaven is a “Service Provider” for Client as defined in CCPA Section 1798.140(v), and Client is the “Data Controller.”
3.3 Bizhaven acknowledges and affirms it is prohibited from: (i) selling Personal Information; (ii) retaining, using, or disclosing Personal Information for a commercial purpose other than providing the Services; and (iii) retaining, using, or disclosing the Personal Information outside of the Agreement between Bizhaven and Client.
3.4 Bizhaven agrees to reasonably cooperate with Client, at Client’s expense, to assist Client with compliance with Data Protection Laws, including to respond to requests for Consumer Data access, reporting or deletion.
3.5 If and to the extent Client instructs Bizhaven to delete a Consumer’s personal information, Bizhaven agrees to delete or de-identify such information within thirty (30) days of receipt of the request.
4. Protection of Client Data
Transmission of Client Data between Bizhaven and Client will be done in a secured method, by a process mutually agreed by the Parties. Bizhaven represents that it has established and maintains reasonable administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of Client Data that meets or exceeds standard industry practices.
5. Deletion of Client Data
Bizhaven will delete and destroy, as required by Client, all Client Data in Bizhaven’s possession or control upon request from Client. If Client so requests, Bizhaven shall provide a certificate, signed by an officer of Bizhaven, certifying that all Client Data has been deleted.
6. Representation and Warranties
6.1 Bizhaven represents and warrants to Client that it has an information security policy and maintains an information security program that has administrative, technical, and physical safeguards sufficient to protect the security of any Client Data hereunder.
6.2 Client represents and warrants that it is responsible for obtaining all of the necessary authorizations and approvals to use, provide, store, and process Client Data to enable Bizhaven to provide the Services.
6.3 Each party represents and warrants that it shall comply with its obligations under Applicable Privacy Laws with respect to any Personal Information processed under this DPA.
7. General Terms
7.1 Order of precedence. With regard to the subject matter of this DPA, in the event of inconsistencies between the provisions of this DPA and any other Agreements between the parties (except where explicitly agreed otherwise in writing, signed on behalf of the parties), Agreements entered into or purported to be entered into after the date of this DPA, the provisions of this DPA shall prevail.
7.2 Changes in Data Protection Laws. If any variation is required to this DPA as a result of a change in Data Protection Law, then either Party may provide written notice to the other Party of that change in law. The Parties will discuss and negotiate in good faith any necessary variations to this DPA to address such changes. If Client gives notice under this Section 7.2, the parties shall without undue delay discuss the proposed variations and negotiate in good faith with a view to agreeing and implementing those or alternative variations designed to address the requirements identified in Client’s notice (to the extent such variations are reasonable with regard to Bizhaven’s business operations) as soon as is reasonably practicable.
7.3 Severability. Should any provision of this DPA be invalid or unenforceable, then the remainder of this DPA shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.