TermsAndConditions

Service Terms and Conditions

Service Terms and Conditions

PLEASE READ THESE TERMS AND CONDITIONS OF USE CAREFULLY. THESE TERMS AND CONDITIONS OF USE MAY HAVE CHANGED SINCE YOUR LAST VISIT TO THIS WEBSITE AND TO THE PRODUCTS. YOU AGREE TO CHECK FOR UPDATES TO THESE TERMS AND CONDITIONS OF USE. BY USING THIS WEBSITE OR THE PRODUCTS, YOU INDICATE YOUR ACCEPTANCE OF THESE TERMS AND CONDITIONS OF USE. IF YOU DO NOT ACCEPT THESE TERMS AND CONDITIONS OF USE, THEN YOU MAY NOT USE THIS WEBSITE OR THE PRODUCTS.

Requirements to use LinkTrust

NO PORNOGRAPHIC, ADULT ORIENTED, SEXUALLY EXPLICIT SITES OR CONTENT ALLOWED. Customer may contact LinkTrust to arrange for LinkTrust to review questionable campaigns for compliance prior to campaign launch. Campaigns will be deemed acceptable to LinkTrust on a case by case basis. LinkTrust retains the right to from time to time audit the campaigns and material Customers are distributing through LinkTrust. If reviewed material is deemed to not meet the standards set forth in this agreement, LinkTrust will request the Customer make changes to bring the campaign and material into compliance. If Customer fails to make the necessary changes LinkTrust is authorized to remove the campaign, materials or terminate this agreement immediately, without liability to LinkTrust.

Customer shall comply with the CAN-SPAM Act or other applicable International SPAM laws for all campaigns, if Customer’s Affiliates are sending emails, then the Affiliate must comply with the CAN-SPAM Act and other applicable International SPAM laws when sending such emails with LinkTrust code in the email. If partner or Affiliates are not in compliance as determined by LinkTrust, LinkTrust reserves the right to terminate this agreement immediately, without liability to LinkTrust. LinkTrust does not permit non-compliance with the Federal CAN-SPAM Act or other international laws governing SPAM. If Customer’s domain becomes ‘blacklisted’ and adversely affects LinkTrust and LinkTrust’s ability to serve Customer, LinkTrust will take appropriate steps to assist the Customer in finding a resolution. If the SPAM agency will not remove the Customer’s domain and if a resolution cannot be found by the parties, Customer domain may be required to be removed from LinkTrust’s IP space. If Customer does not remove itself from LinkTrust’s IP space, then LinkTrust reserves the right to terminate the Agreement (and Customer’s use of the Site and/or the Services) immediately, without liability to LinkTrust.

Software and Services

Rent, Lease, or Transfer.  Customer shall not and shall not permit any third party to rent, lease, transfer or otherwise utilize rights to the Service or the Software, other than Affiliates as contemplated by these Terms and Conditions. Terms and Conditions.

Appropriate Accounts:  Customer shall not and shall not permit any third party to use a single Partner Center account for multiple business entities, unless specifically authorized by LinkTrust in writing. As a LinkTrust customer, you may not sell, assign, or transfer your service or your rights or obligations hereunder without the prior written consent of LinkTrust.

Reverse Engineering:  Customer shall not and shall not permit any third party to translate, reverse engineer, decompile, recompile, update, modify, or create derivative works based on the Service or the Software or any part of the Software or merge the Software into any other software.

Ownership of Materials: All patents, copyrights, circuit layouts, mask works, trade secrets, and other proprietary rights in or related to the Software are and will remain the exclusive property of LinkTrust, whether or not specifically recognized or perfected under the laws of the jurisdiction in which the Software is used or licensed. Customer will not take any action that jeopardizes LinkTrust’s proprietary rights or acquire any right in the Software or the Confidential Information, as defined herein. Unless otherwise agreed on a case-by-case basis, LinkTrust will own all rights in any copy, translation, modification, adaptation, or derivation of the Software or other items of Confidential Information, including any improvement or development thereof. Customer will obtain, at LinkTrust’s request, the execution of any instrument that may be appropriate to assign these rights to LinkTrust or perfect these rights in LinkTrust’s name.

Data Storage and Ownership

Data Storage. The Software and Customer Data will be hosted on LinkTrust servers, unless otherwise agreed by the parties. LinkTrust does not warrant that Customer use of the Services will be error-free or secure. In addition, the security mechanisms implemented by LinkTrust have inherent limitations that are out of the control of LinkTrust, and Customer must determine whether the Services sufficiently meet Customer’s requirements. While LinkTrust shall make every reasonable effort to protect and backup Customer and LinkTrust Data on a regular basis, other than pursuant to the confidentiality obligations with respect to Customer’s Confidential Information under the Agreement, LinkTrust is not responsible for Customer Data residing on LinkTrust servers. Customer is responsible for making and keeping current copies of Affiliates and their related information. Customer is responsible for all use of Affiliates account and confidentiality of Affiliate’s passwords and information.

Customer Data: “Customer Data” consists of the following: (i) information input into the LinkTrust interface by Customer or Affiliate, and (ii) user behavior on Customer’s web site captured by the LinkTrust Service system on the Customer’s behalf. LinkTrust agrees that Customer will own all Customer Data. LinkTrust shall not use the Customer Data except directly in furtherance of the purposes of this Agreement. LinkTrust shall not disclose the Customer Data to any third party unless directed by Customer, unless (a) such disclosure is made by LinkTrust in response to a court order, and provided that LinkTrust has given Customer reasonable notice of such court order, or (b) is in aggregate non-personally identifiable data. Upon Customer’s request, Customer is entitled to, and LinkTrust will provide Customer, at Customer’s expense, all Customer Data, in a format reasonably determined by LinkTrust.

LinkTrust’s Data: Customer Data specifically does not include any information and/or tracking methodologies generated by the LinkTrust system, regardless of whether or not the information or tracking methodology was generated as a result of Customer’s use of the LinkTrust system. All data that is not Customer Data belongs to LinkTrust (collectively “LinkTrust’s Data”). Customer agrees that LinkTrust owns all LinkTrust’s Data. Customer shall have a non-exclusive license to use LinkTrust’s Data during the term of the Agreement only as necessary to use the Services.

Term. This Agreement commences on the effective date specified in the Service Order and continues for the initial subscription term specified in the Service Order, unless this Agreement is terminated earlier in accordance with the terms of this Agreement. This Agreement automatically renews for additional successive terms as outlined in the original Service Order unless at least 30 days before the end of the then-current term either party provides written notice to the other party that it does not intend to renew.

Term and Termination

The term of this Agreement shall commence upon the effective date of the Service Order, and shall continue for the term specified in the Sservice Order, unless terminated upon the breach of this Agreement or as otherwise provided herein. LinkTrust shall have the right to immediately terminate Customer's account if Customer is engaging in violation of this Agreement and the issue cannot be cured by the process set out in this Agreement. Such improper activity may include sending or encouraging emails in violation of CAN SPAM, Adult Content or DDOS. LinkTrust reserves the right to manage and monitor Customer and Affiliate activities through various mechanisms both internal and third party to ensure network and service safety and compliance.

Customer Right to Terminate: Upon written notice to LinkTrust, Customer shall have the right to terminate this Agreement without cause. In such event: LinkTrust shall discontinue its Services with respect to this Agreement. Customer shall be obligated to pay LinkTrust for any invoices as outlined in original Service Order.

Termination of Affiliates. Customer will immediately terminate any Affiliate from using LinkTrust after notification from LinkTrust of a violation, or in the case where Customer is in violation, Customer will cease activity that violates this Agreement. If activity is instigated by Customer’s Affiliate(s), then Customer has responsibility to work with Affiliate to cease activity and rectify the current issues. Customer understands that maintaining Customer’s network connection is of the utmost importance to LinkTrust, and Customer agrees that if Customer’s Affiliates or Customer jeopardizes LinkTrust’s network connection, and/or jeopardizes LinkTrust’s business in any way, that Customer’s account may be terminated by LinkTrust. LinkTrust will assist Customer in resolving issues with Affiliates prior to terminating Customer’s account. In addition, LinkTrust reserves the right to discontinue the Site login of any Affiliate that violates the CAN-SPAM Act or any other applicable International SPAM laws and to discontinue providing advertisements to such Affiliate, at any time as determined by LinkTrust in its sole discretion. If LinkTrust decides to take such action, LinkTrust shall promptly notify Customer of its decision in writing.

Branded Platform Terms

Subject to the terms and conditions herein, LinkTrust may grant Customer the right to access and use a white-labeled version of the LinkTrust platform that is branded by LinkTrust and Customer (the “Branded Platform”) using such Customer trademarks, service marks, trade names, trade dress, logos, and other marks or branding elements as designated by Customer from time to time (collectively, the “Customer Marks”). Customer acknowledges and agrees that access to and use of the Branded Platform may require the payment of additional fees. In addition to the terms and conditions herein, access to and use of the Branded Platform may require Customer to accept and abide by additional terms and conditions applicable to such Branded Platform and any services offered on or through the Branded Platform. If such additional terms and conditions are made available to Customer in connection with the Branded Platform, those additional terms and conditions also apply to Customer’s access to and use of the Branded Platform.

By purchasing or otherwise obtaining the right to access and use the Branded Platform, Customer hereby grants to LinkTrust a non-exclusive, royalty-free, fully paid-up, worldwide right and license to use, reproduce, publish, display and distribute the Customer Marks on or in connection with the Branded Platform and related services. By designating any Customer Marks for use on or in connection with the Branded Platform or any related services, or by otherwise providing LinkTrust with access to any such Customer Marks, Customer represents and warrants to LinkTrust that: (a) Customer has all the necessary rights, consents and licenses to use the Customer Marks and to grant the foregoing license to LinkTrust; and (b) the Customer Marks do not and will not violate any applicable laws or infringe, misappropriate or otherwise violate any intellectual property rights or other proprietary rights of any third party.

Subject to Customer’s compliance with the terms and conditions herein, including the payment of any applicable fees when due to LinkTrust, LinkTrust may grant Customer the right to authorize or permit its Affiliates to access or use the Branded Platform in accordance with the terms and conditions herein. In no event shall Customer grant to its Affiliates any rights to the Branded Platform that are broader than, or otherwise inconsistent with, the rights expressly granted by LinkTrust to Customer hereunder. Prior to authorizing or permitting any Customer Affiliate to access or use the Branded Platform, including any content, functionality or services offered on or through the Branded Platform, Customer shall enter into a written agreement with such Customer Affiliate (each, an “Affiliate Agreement”) that requires each Customer Affiliate to accept, agree and adhere to all of the terms and conditions set forth herein. Each Affiliate Agreement shall also include terms that are at least as protective of the rights and information of LinkTrust under the terms herein, including, without limitation, provisions protecting LinkTrust’s intellectual property that are at least as protective of LinkTrust’s proprietary interests in the LinkTrust platform, software, products, and services as those set forth herein, including appropriate restrictions on reverse engineering, disassembling, and decompiling the LinkTrust platform, software, products and services. In addition to and without limiting the foregoing, Customer shall also include the following required flow-down provisions in each Affiliate Agreement. Customer shall not modify, or agree to any modifications to or waivers of, any of the following provisions unless approved in writing by LinkTrust on a case-by-case basis.

(1)    Affiliate hereby consents to Customer’s disclosure of Affiliate data to LinkTrust LLC (“LinkTrust”) and its affiliates, contractors and agents, and Customer’s and LinkTrust’s, its affiliates’, contractors’ and agents’ use and processing of Affiliate data, in connection with Affiliate’s access to and/or use of the Branded Platform and any related services.

(2)    Affiliate acknowledges and agrees that: (a) LinkTrust may generate, receive, maintain, transmit and otherwise have access to technical, system, usage and related information, including information about LinkTrust’s platform, software, products and services, as well as Affiliate’s products, services, systems and software, that is gathered periodically to facilitate the provision of the Branded Platform and related services (collectively, “LinkTrust Service Data”); and (b) LinkTrust may use LinkTrust Service Data to provide, maintain, protect and improve the Branded Platform and other LinkTrust products and services and to create and develop new products and services, subject to LinkTrust’s compliance with applicable law. Notwithstanding anything to the contrary, LinkTrust will own all right, title and interest in and to any products, services and intellectual property and any derivatives thereof developed by or on behalf of LinkTrust from any LinkTrust Service Data.

(3)    LinkTrust provides no warranties, covenants or guarantees under or in connection with this Affiliate Agreement, whether express, implied or statutory, all of which are hereby disclaimed. Affiliate hereby forever releases and shall hold harmless LinkTrust from and against any and all claims, suits, demands, actions, proceedings, liabilities, damages, costs and expenses, of whatever nature, arising out of or in connection with this Affiliate Agreement and/or the performance of, or any failure to perform under, this Affiliate Agreement.

(4)    LinkTrust is an intended third party beneficiary of this Affiliate Agreement with rights to directly enforce the terms of this Affiliate Agreement.

Customer shall be responsible and liable for the acts and omissions of each Customer Affiliate and its employees, users, and agents to the same extent as if such acts or omissions were by Customer, and Customer shall be responsible for all fees and expenses payable to LinkTrust hereunder. Customer acknowledges and agrees that any act or omission of its Affiliates or any of their respective employees, users or agents in connection with their access to or use of the Branded Platform and/or any related services, which act or omission would constitute a breach of the terms herein if undertaken by Customer, shall be considered a material breach by Customer hereunder. Customer shall supervise the activities and performance of each Customer Affiliate and shall be jointly and severally liable with each such Customer Affiliate for any act or failure to act by such Customer Affiliate. If LinkTrust determines that the performance or conduct of any Customer Affiliate is in violation of the terms herein, LinkTrust may immediately suspend or terminate (as determined by LinkTrust in its sole discretion) such Customer Affiliate’s right to access and use the Branded Platform and any related services without any refund to Customer or such Customer Affiliate, and without any penalty or liability whatsoever to LinkTrust.  Customer shall indemnify LinkTrust and its shareholders, officers, members, managers, employees and agents for the acts and omissions of all Customer Affiliates to the extent such acts or omissions would create indemnification obligations for Customer hereunder if Customer would have performed (or failed to perform) such acts or omissions.

Service Level Agreement, Warranties and Liability

General Warranties. LinkTrust warrants that it owns all rights, title, and interest in and to the Software, or that in the case of any third party software that it has the right to grant a sublicense to use such third party software, that all Software shall substantially conform to the Functional Specifications. LinkTrust further warrants that any Services provided by LinkTrust under this Agreement shall be performed in a workmanlike manner and in accordance with the prevailing professional standards of the software industry. This warranty coverage shall include any modifications made to the Software by LinkTrust. Such warranty shall extend for sixty (60) days from acceptance and shall survive inspection, test, acceptance, use, and payment.

Operation of Software. LinkTrust does not warrant that the operation of the Software or the operation of the Software Products will be uninterrupted or error free. Remedy. In the event of any breach of the warranties set forth in this Agreement, LinkTrust’s sole and exclusive responsibility, and Customer’s sole and exclusive remedy, shall be for LinkTrust to correct or replace, at no additional charge to Customer, any portion of the Software or Services found to be defective.

Warranty Disclaimer

EXCEPT AS SET FORTH HERE, LINKTRUST MAKES NO EXPRESS OR IMPLIED REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE SOFTWARE, OR SERVICES OR THEIR CONDITION, MERCHANTABILITY, FITNESS FOR ANY PARTICULAR PURPOSE OR USE BY PARTNER. LINKTRUST FURNISHES THE ABOVE WARRANTIES IN LIEU OF ALL OTHER WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

Voiding of Warranties. Any and all warranties and indemnifications shall be void as to Services or Software where the non-compliance is caused by or related to (1) the acts or omissions of non-LinkTrust personnel, its agents, or third parties; (2) misuse, theft, vandalism, fire, water, or other peril; (3) any alterations or modifications made to any Software by the Customer, it representatives, or agents; (4) use of the Software other than in the operating environment specified in the technical specifications; or (5) coding, information, or specifications created or provided by Customer.

Customer Warranties Authority. Customer represents and warrants to the LinkTrust that Customer has all requisite power and authority to execute and deliver this Agreement and to perform the Customer’s obligations hereunder. This Agreement has been duly and validly executed and delivered by the Customer, and constitutes a valid and binding obligation of the Customer, enforceable against the Customer in accordance with its terms.

Conflict with Other Agreements. Customer represents and warrants to the LinkTrust that neither the execution and delivery of this Agreement by the Customer nor the consummation by the Customer of the transactions contemplated by this Agreement will (i) conflict with or violate any provision of the Certificate of Incorporation or bylaws of the Customer; (ii) require on the part of the Customer any filing with, or any permit, authorization, consent, or approval of, any court, arbitration tribunal, administrative agency or commission, or other governmental or regulatory authority or agency (a “Governmental Entity”); (iii) conflict with, result in a breach of, constitute (with or without due notice or lapse of time or both) a default under, result in the acceleration of, create in any party the right to accelerate, terminate, modify, or cancel, or require any notice, consent, or waiver under, any agreement, instrument, contract, or arrangement to which the Customer is a party or by which the Customer or any of its properties is bound; or (iv) violate any order, writ, injunction, decree, law, statute, rule, or regulation applicable to the Customer.

Financial Ability. Customer represents and warrants to the LinkTrust that it presently has sufficient funds and will have sufficient funds available to timely pay LinkTrust all amounts due or that will come due under this Agreement.

European Data. If Customer’s use of the Services involves the processing of data of individuals based in the European Economic Area, Customer agrees to comply with the terms set forth in the Data Processing Addendum attached as Schedule 1 hereto. The Data Processing Addendum is hereby incorporated into this Agreement by reference. Customer warrants and represents that it is solely responsible when using the Services for complying with applicable data protection, security, and privacy laws and regulations (including, where applicable, the EU General Data Protection Regulation and the EU e-Privacy Directive/Regulation), including without limitation, complying with any applicable notice and consent requirements.

DISCLAIMER OF LIABILITY

BOTH PARTIES SHALL NOT BE LIABLE FOR ANY (A) SPECIAL, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, INCLUDING LOSS OF PROFITS, ARISING FROM OR RELATED TO A BREACH OF THIS AGREEMENT OR ANY ORDER OR THE OPERATION OR USE OF THE SOFTWARE AND SERVICES INCLUDING SUCH DAMAGES, WITHOUT LIMITATION, AS DAMAGES ARISING FROM LOSS OF DATA OR PROGRAMMING, LOSS OF REVENUE OR PROFITS, FAILURE TO REALIZE SAVINGS OR OTHER BENEFITS, DAMAGE TO EQUIPMENT, AND CLAIMS AGAINST PARTNER BY ANY THIRD PERSON, EVEN IF BOTH PARTIES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES; (B) DAMAGES (REGARDLESS OF THEIR NATURE) FOR ANY DELAY OR FAILURE BY BOTH PARTIES TO PERFORM THEIR OBLIGATIONS UNDER THIS AGREEMENT DUE TO ANY CAUSE BEYOND LINKTRUST’S REASONABLE CONTROL; OR (C) CLAIMS MADE A SUBJECT OF A LEGAL PROCEEDING AGAINST LINKTRUST MORE THAN TWO YEARS AFTER ANY SUCH CAUSE OF ACTION FIRST AROSE.

LIMITATION OF LIABILITY. NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT, BUT EXCLUDING ANY CLAIMS FOR INDEMNIFICATION UNDER THIS AGREEMENT BOTH PARTIES LIABILITIES

UNDER THIS AGREEMENT, WHETHER UNDER CONTRACT LAW, TORT LAW, WARRANTY, OR OTHERWISE SHALL BE LIMITED TO DIRECT DAMAGES NOT TO EXCEED THE AMOUNTS ACTUALLY RECEIVED BY LINKTRUST UNDER THIS AGREEMENT.

Entire Agreement. If any of the provisions of this Agreement shall be invalid or unenforceable under the laws of the jurisdiction where enforcement is sought whether on the basis of a court decision or of arbitral award applicable to the entire Agreement, such invalidity or unenforceability shall not invalidate or render unenforceable the entire Agreement but rather the entire Agreement shall be construed as if not containing the particular invalid or unenforceable provision or provisions and the rights and obligations of LinkTrust and Customer shall be construed and enforced accordingly.

Events of Default and Remedies. LinkTrust and Customer acknowledge and agree that the following shall constitute events of default (“Events of Default”) and that the occurrence of one (1) or more of such Events of Default shall constitute a material breach of this Agreement, which shall allow a party, as applicable, to seek the rights and remedies set forth in this Section:

Customer’s failure to timely pay any undisputed amount owed to LinkTrust, provided that such failure is not cured within fifteen (15) calendar days following receipt of written notice of such failure; Customer’s breach of this agreement or if Customer otherwise misuses the Software in contravention of this Agreement; Rights and Remedies of LinkTrust upon Default of Customer.

Upon the occurrence of an Event of Default by or with respect to Customer, LinkTrust shall be entitled to any of the following remedies: terminate, in whole or in part, this Agreement; and/or subject to the terms of Section 17, seek to recover damages from Customer; and/or exercise the right of self-help. Transition Rights Termination by Customer. In the event Customer terminates this Agreement pursuant to the terms of this Agreement in whole or in part, Customer shall provide to LinkTrust a written notice of transition (“Transition Notice”), setting forth the target date on which Customer plans to cut-over from LinkTrust’s system to a new system or otherwise not require the future services of LinkTrust (the “Target Cut-Over Date”). At least thirty (30) days prior to the actual cut-over date (“Actual Cut-Over Date”), Customer shall provide LinkTrust with written notice of the Actual Cut-Over Date. LinkTrust shall continue to provide to Customer all Services required by Customer (“Transition Period”). Services provided by LinkTrust during the Transition Period shall continue as necessary for an orderly transition to another system.

Patent and Other Proprietary Rights Indemnification

All information exchanged between the parties is confidential, as more fully set forth below.

Confidential Information. “Confidential Information” means any material, data, or information in whatever form or media of a party to this Agreement that is provided or disclosed to the other, except for any information that is: (a) publicly available or later becomes available other than through a breach of this Agreement; (b) known to the Receiving Party or its employees, agents, or representatives prior to such disclosure or is independently developed by the Receiving Party or its employees, agents, or representatives subsequent to such disclosure; or (c) subsequently lawfully obtained by the Receiving Party or its employees, agents, or representatives from a Third Party without obligations of confidentiality.

Confidential Information shall include the following categories of information whether disclosed orally or not marked as confidential:

Written Deliverables, network configurations, network architecture, Services rendered by LinkTrust to Customer, financial and operational information, and other matters relating to the operation of the parties’ business, including information relating to actual or potential Customers and Customer lists, Customer usage or requirements, business and Customer usage forecasts and projections, accounting, finance or tax information, pricing information, and any information relating to the corporate and/or operational structure of Customer and its Affiliates, Software, Equipment, Deliverables, or Services rendered under the Letter Agreement and any amendments thereto, any information exchanged between the parties pursuant to the Nondisclosure Agreement, and all information and materials relating to Third Party vendors, systems integrators, or consultants of Customer that have provided or that may provide in the future any part of Customer’s information or communications infrastructure to Customer. The party that has received Confidential Information (the “Receiving Party”) shall exercise the same degree of care and protection with respect to the Confidential Information of the party that has disclosed Confidential Information to the Receiving Party (the “Disclosing Party”) that it exercises with respect to its own Confidential Information and shall not directly or indirectly disclose, copy, distribute, republish, or allow any Third Party to have access to any Confidential Information of the Disclosing Party. Notwithstanding the above, LinkTrust may disclose Customer’s Confidential Information to its employees and agents who have a need to know.

Ownership of Intellectual Property: Pre-existing intellectual property and all improvements thereto that LinkTrust uses in connection with performing the Services, providing any Deliverables and performing any other Services hereunder shall remain the sole and exclusive property of LinkTrust.

Any Custom Programming, including all source code and materials developed by LinkTrust, all intermediate and partial versions thereof, as well as all specifications, program materials, flow charts, notes, outlines, and the like created in connection therewith (collectively, “Custom Programming Materials”) shall be the sole and exclusive property of LinkTrust. All written reports, requirements documents (including newly created technical and non-technical data embodied therein), specifications, program materials, flow charts, notes, outlines, and the like that are developed, conceived, originated, prepared, or generated by LinkTrust in connection with LinkTrust’s performance under this Agreement including, without limitation, all copyright, trademark, trade secret, and all other proprietary rights therein and derivative works created therefrom (collectively, “Written Deliverables”), shall be the sole and exclusive property of LinkTrust.

Such ownership of Custom Programming Materials and Written Deliverables shall inure to the benefit of LinkTrust from the date of the conception, creation, or fixation of the Custom Programming Materials and Written Deliverables in a tangible medium of expression, as applicable. Customer agrees to assist LinkTrust in obtaining and enforcing all rights and other legal protections for the Custom Programming Materials and Written Deliverables and to execute any and all documents that LinkTrust may reasonably request in connection therewith, including any copyright assignment document(s). LinkTrust shall ensure that all Custom Programming Materials and Written Deliverables created hereunder (including each page of any document produced) will be marked as follows:

Confidential and Proprietary © Copyright [20__/Year Developed] LinkTrust Technologies, LLC. All Rights Reserved

Privileged Information. LinkTrust shall keep and maintain all Privileged Information in strict confidence and shall protect all such Privileged Information from disclosure to third parties without the prior written consent of Customer, and Customer shall keep and maintain all Privileged Information in strict confidence and shall protect all such Privileged Information from disclosure to third parties without the prior written consent of LinkTrust.

Residuals. LinkTrust will not be precluded by this Agreement from rendering services or developing work product that is competitive with, or functionally comparable to, the services rendered and Deliverables provided hereunder. LinkTrust shall not be restricted in its use of ideas, concepts, know-how, methodologies, and techniques acquired or learned in the course of activities hereunder.

The provisions of this Section shall not be construed to alter LinkTrust’s obligations under any nondisclosure agreements between the parties.

Employee/Agent Acknowledgment. LinkTrust and Customer shall not disclose Confidential Information or Privileged Information to any of their employees, agents, or representatives unless and until such employee, agent, or representative has been made aware that his or her obligations under this Agreement are subject to confidentiality.

Survival. The terms of this Article shall survive the expiration or termination of this Agreement.

International Privacy Laws. In addition to the above, if any country where Services are to be rendered under the Agreement has or enacts a data protection-related law that requires the execution of a data export agreement, then LinkTrust shall, upon Customer’s request, execute and cause any subcontractors to execute such supplemental agreement promptly on such terms and conditions as shall be mutually agreed.

Non-Competition. Except as otherwise expressly provided in this Agreement, Customer shall indemnify and defend LinkTrust, its directors, and its officers, and shall hold such parties harmless from and against any and all claims, liabilities, damages and expenses, including reasonable attorneys’ fees, arising from any third party claim in connection with (a) any Customer supplied intellectual property, (b) any Functional Specifications supplied by Customer, or (c) Customer’s transaction of business through the use of any web page, website or service. The provisions of this section shall not apply to any third party loss or damage caused by LinkTrust’s gross negligence or willful misconduct.

Compliance with Laws/ Changes in Laws. LinkTrust and Partner each shall comply with the provision of all applicable federal, state, county and local laws, ordinances, regulations, and codes [as of the date of this Agreement] including, but not limited to, LinkTrust’s and Partner’s obligations as employers with regard to the health, safety, and payment of its employees, and identification and procurement of required permits, certificates, approvals, and inspections in LinkTrust’s and Partner’s performance of this Agreement.

General Indemnity

Indemnity. Subject to the limitations contained in this Agreement, both parties agree to indemnify and hold each other harmless, from any liabilities, penalties, demands, or claims finally awarded (including the costs, expenses, and reasonable attorney’s fees on account thereof) that may be made by any third party, resulting from the indemnifying party’s gross negligence or willful acts or omissions or those of persons furnished by the indemnifying party, its agents, or subcontractors or resulting from use of the Software, Software Products, and/or Services furnished hereunder.

Customer agrees to defend LinkTrust, at LinkTrust’s request, against any such liability, claim, or demand. Customer agrees to notify LinkTrust promptly of any written claims or demands against the indemnified party for which the indemnifying party is responsible hereunder. The foregoing indemnity shall be in addition to any other indemnity obligations of LinkTrust or Customer set forth in this Agreement.

Assumption of Defense. If the indemnifying party fails to assume the defense of any actual or threatened action covered within the earlier of (a) any deadline established by a third party in a written demand or by a court, and (b) thirty (30) days of notice of the claim, the indemnified party may follow such course of action as it reasonably deems necessary to protect its interest and shall be indemnified for all costs reasonably incurred in such course of action.

Obligations that survive termination

The parties recognize and agree that their obligations under this Agreement survive the cancellation, termination, or expiration of this Agreement or the License granted.

Amendments, Modifications, or Supplements

Amendments, modifications, or supplements to this Agreement shall be permitted, provided all such changes shall be in writing signed by the authorized representatives of both parties, and all such changes shall reference this Agreement and identify the specific articles or sections of this Agreement or the particular order that is amended, modified, or supplemented.

Governing law and venue

The validity, construction, interpretation, and performance of this Agreement shall be governed by and construed in accordance with the domestic laws of the State of Utah except as to its principals of conflicts of laws and the parties hereto irrevocably submit to the exclusive jurisdiction and venue of the State and Federal Courts of Utah to resolve any disputes arising hereunder or related hereto. Jurisdiction.

The parties hereto hereby (a) submit to the exclusive jurisdiction of any state or federal court sitting in Utah for the purpose of any Action arising out of or relating to this Agreement brought by any party hereto, and (b) irrevocably waive, and agree not to assert by way of motion, defense, or otherwise, in any such Action, any claim that it is not subject personally to the jurisdiction of the above-named courts, that its property is exempt or immune from attachment or execution, that the Action is brought in an inconvenient forum, that the venue of the Action is improper, or that this Agreement may not be enforced in or by any of the above-named courts.

Waiver of breach

No waiver of breach or failure to exercise any option, right, or privilege under the terms of this Agreement or any order on any occasion or occasions shall be construed to be a waiver of the same or any other option, right, or privilege on any other occasion.

Waiver of right to jury trial

THE Customer HEREBY UNCONDITIONALLY WAIVES THEIR RESPECTIVE RIGHTS TO A JURY TRIAL OF ANY CLAIM OR CAUSE OF ACTION ARISING DIRECTLY OR INDIRECTLY OUT OF, RELATED TO, OR IN ANY WAY CONNECTED WITH THE PERFORMANCE OR BREACH OF THIS AGREEMENT, AND/OR THE RELATIONSHIP THAT IS BEING ESTABLISHED AMONG THEM. The scope of this waiver is intended to be all encompassing of any and all disputes that may be filed in any court or other tribunal (including, without limitation, contract claims, tort claims, breach of duty claims, and all other common law and statutory claims).

THIS WAIVER IS IRREVOCABLE, MEANING THAT IT MAY NOT BE MODIFIED EITHER ORALLY OR IN WRITING, AND THE WAIVER SHALL APPLY TO ANY SUBSEQUENT AMENDMENTS, RENEWALS, SUPPLEMENTS, OR MODIFICATIONS TO THIS AGREEMENT, AND RELATED DOCUMENTS, OR TO ANY OTHER DOCUMENTS OR AGREEMENTS RELATING TO THIS TRANSACTION OR ANY RELATED TRANSACTION. In the event of litigation, this Agreement may be filed as a written consent to a trial by the court. Each of the parties hereto (a) certifies that no representative, agent, or attorney of any other party has represented, expressly or otherwise, that such other party would not, in the event of litigation, seek to enforce that foregoing waiver, and (b) acknowledges that it and the other parties hereto have been induced to enter into this Agreement, as applicable, by, among other things, the mutual waivers and certifications. 

Force Majeure

LinkTrust shall not be responsible for any delay or failure in performance of any part of this Agreement to the extent that such delay or failure is caused by fire, flood, earthquake, explosion, war, embargo, government requirement, civil, or military authority, act of God, terrorism, cyber-terrorism, act or omission of carriers, or other similar causes beyond its control.

If any such an event of force majeure occurs and such event continues for ninety (90) days or more, the party delayed or unable to perform shall give immediate notice to the other party, and the party affected by the other’s delay or inability to perform may elect at its sole discretion to (a) terminate this Agreement upon mutual agreement of the parties; (b) suspend such order for the duration of the condition and obtain or sell elsewhere Software or Services comparable to the Software or Services to have been obtained under this Agreement; or (c) resume performance of such order once the condition ceases with the option of the affected party to extend the period of this Agreement up to the length of time the condition endured. Unless written notice is given within thirty (30) days after the affected party is notified of the condition, option (c) shall be deemed selected.

Covenant of Good Faith

Each Party agrees that, in its respective dealings with the other Party under or in connection with this Agreement, it shall act in good faith.

Notices

All notices, demands, or other communications herein provided to be given or that may be given by any party to the other shall be deemed to have been duly given when made in writing and delivered in person, or upon receipt, if deposited in the United States mail, postage prepaid, certified mail, return receipt requested, as follows:

Notices to Customer will be sent to address included in signature document.

Notices to LinkTrust: LinkTrust Technologies, LLC. 12884 S. Frontrunner Blvd. STE 140 Draper, UT 84020 Attn: Office Manager

With a required copy to: Daniel F. Van Woerkom, Van Woerkom Law, PLLC 11038 N Highland Blvd. #200 Highland, UT 84003, or to such address as the parties may provide to each other in writing from time to time.

Background, enumerations, and headings

The “Background,” enumerations, and headings contained in this Agreement are for convenience of reference only and are not intended to have any substantive significance in interpreting this Agreement.

Incorporation of Appendices and Exhibits

Any appendices referred to in this Agreement and attached hereto are integral parts of this Agreement and are incorporated herein by this reference.

Severability

If any of the provisions of this Agreement shall be invalid or unenforceable under the laws of the jurisdiction where enforcement is sought whether on the basis of a court decision or of arbitral award applicable to the entire Agreement, such invalidity or unenforceability shall not invalidate or render unenforceable the entire Agreement but rather the entire Agreement shall be construed as if not containing the particular invalid or unenforceable provision or provisions and the rights and obligations of LinkTrust and Customer shall be construed and enforced accordingly.

Counterparts

This Agreement and any Appendix hereto, may be executed simultaneously in two (2) or more counterparts, each of which will be considered an original, but all of which together will constitute one and the same instrument.

Facsimile or Electronic Execution

The parties agree that transmission to the other party of this Agreement with its facsimile signatures or e-signed signatures shall suffice to bind the party transmitting same to this Agreement in the same manner as if an original signature had been delivered. Without limitation of the foregoing, each party who transmits this Agreement with its facsimile signature or e-signed signature covenants to deliver the original thereof to the other party as soon as possible thereafter if requested.

DOS Protection

Upon determination of an incident, LinkTrust will immediately reroute traffic through its mitigation provider.

Patent and Other Proprietary Rights Indemnification

Except as otherwise expressly provided in this Agreement, Partner shall indemnify and defend LinkTrust, its directors, and its officers, and shall hold such parties harmless from and against any and all claims, liabilities, damages and expenses, including reasonable attorneys’ fees, arising from any third party claim in connection with (a) any Partner supplied intellectual property, (b) any Functional Specifications supplied by Partner, or (c) Partner’s transaction of business through the use of any web page, website or service. The provisions of this Section 16 shall not apply to any third party loss or damage caused by LinkTrust’s gross negligence or willful misconduct.

Definitions

Whenever used in this Agreement, or additions to this Agreement, the following terms shall have the meaning ascribed to them below. Other capitalized terms used in this Agreement are defined in the context in which they are used and shall have the meanings ascribed therein. The terms defined in this Schedule include the plural as well as the singular.

Customer Data shall mean

information input into the Software interface by Customer, and

user behavior on Customer’s web site captured by the Software on the Customer’s behalf, all of which shall be stored on LinkTrust servers.

Affiliate(s) or Affiliate Company shall mean those persons, entities, or companies that sign up with Customer and use LinkTrust Services and/or newsletters in connection with Customer’s business.

Documentation means collectively:

all of the written, printed, electronic, or other format materials published or otherwise made available by LinkTrust that relate to the functional, operational, and/or performance capabilities of the LinkTrust and/or any Software;

all user, operator, system administration, technical, support, and other manuals and all other written, printed, electronic, or other format materials published or otherwise made available by LinkTrust that describe the functional, operational, and/or performance capabilities of the LinkTrust and/or any Software including but not limited to the Functional Specifications and Software Acceptance Plan;

any other Deliverable that is not Hardware or Software. Documentation shall not include Source Code.

License(s) shall mean any personal, nonexclusive, nontransferable, non-assignable license or licenses for Customer’s internal use only granted by LinkTrust to Customer to use the Software under this Agreement.

Privileged Information shall mean information identified by Customer, Customer, or LinkTrust as privileged.

Services shall mean the work done by LinkTrust in support of the Software, including but not limited to development services, installation services, training, consulting, support, telephone support, and such other services.

Site shall mean a Customer’s computer facility located in one specific geographic location.

Software means the aggregate of the Standard Software and the Custom Software including all physical components that are provided by LinkTrust, including but not limited to, magnetic media, job aids, templates, and other similar devices.

“Source Code” means computer software in the form of source statements for the Software (excluding all Third Party Software) including, without limitation, all software in the form of electronic and printed human-readable, mnemonic or English-like program listings, including printed and on-line descriptions of the design of such software including, without limitation, data definition models, indices, structure tables, system flow charts, program flow charts, defined terms, file layouts, program narratives, global documentation (including global variables) and program listings.

A denial-of-service (DoS) attack is an attempt to make a computer resource unavailable to its intended users. Although the means to, motives for, and targets of a DoS attack may vary, it generally comprises the concerted, malevolent efforts of a person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely.

 


 

 

Schedule 1

Data Processing Addendum

 

This Data Processing Addendum (“DPA” or “Addendum”) forms part of the Service Terms and Conditions between you (“Customer”) and LinkTrust LLC (“Processor”) (the “Agreement”) pursuant to which Processor will provide the services set forth in the Agreement (the “Services”) to Customer. Processor agrees to comply with the following provisions with respect to any Personal Data Processed for Customer in connection with the provision of the Services. References to the Agreement will be construed as including this DPA. Any capitalized terms not defined herein shall have the respective meanings given to them in the Agreement. Except as modified below, the terms of the Agreement shall remain in full force and effect.

 

In consideration of the mutual obligations set out herein, the parties hereby agree that the terms and conditions set out below shall be added as an addendum to the Agreement.

 

1. DEFINITIONS

 

In this DPA, the following terms shall have the meanings set out below:

 

Affiliates” means any entity which is controlled by, controls or is in common control with Processor.

“Customer” means the Customer that has executed the Agreement.

 

Customer Personal Data” means Personal Data provided by Customer to Processor.

 

Data Controller” means the entity which determines the purposes and means of the Processing of Personal Data.

 

Data Processor” means the entity which Processes Personal Data on behalf of the Data Controller.

 

Data Protection Laws” means the laws and regulations of the European Union which are applicable to the Processing of Personal Data under the Agreement, including without limitation the GDPR.

 

Data Subject” means the individual to whom Personal Data relates as defined by the GDPR.

 

GDPR” means the General Data Protection Regulation (GDPR), EU 2016/679.

 

Personal Data” means any information relating to an identified or identifiable person.

 

Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction (“Process”, “Processes” and “Processed” shall have the same meaning).

 

Security Breach” has the meaning set forth in Section 7 of this DPA.

 

Sub-processor” means any Data Processor engaged by Processor.

 

2. PROCESSING OF CUSTOMER PERSONAL DATA

 

2.1 The parties agree that with regard to the Processing of Customer Personal Data, Customer is the Data Controller and Processor is the Data Processor.

 

2.2 Customer shall, in its use or receipt of the Services, process Customer Personal Data in accordance with the requirements of the Data Protection Laws and Customer will ensure that its instructions for the Processing of Customer Personal Data comply with the Data Protection Laws. Customer shall have sole responsibility for the accuracy, quality, and legality of Customer Personal Data and the means by which Customer obtained the Customer Personal Data.

 

2.3 During the Term of the Agreement, Processor shall only Process Customer Personal Data on behalf of and in accordance with the Agreement and Customer’s instructions. Customer instructs Processor to Process Customer Personal Data for the following purposes: (i) Processing in accordance with the Agreement and any applicable orders; and (ii) Processing to comply with other reasonable instructions provided by Customer where such instructions are consistent with the terms of the Agreement.

 

2.4 The objective of Processing of Customer Personal Data by Processor is the performance of the Services pursuant to the Agreement. The types of Customer Personal Data to be Processed by Processor include IP address, deviceID, userID, first name, last name, email address, mailing address, and banking information (including account number and routing information). The categories of Data Subjects Processed under this DPA are Customer’s affiliates and advertisers.

 

3. RIGHTS OF DATA SUBJECTS

 

3.1 To the extent Customer, in its use or receipt of the Services, does not have the ability to correct, amend, restrict, block or delete Customer Personal Data, and/or as required by the Data Protection Laws, Processor will use commercially reasonable efforts to comply with reasonable requests by Customer to facilitate such actions to the extent Processor is legally permitted to do so.

 

3.2 Processor shall, to the extent legally permitted, promptly notify Customer if it receives a request from a Data Subject for access to, correction, amendment, deletion of or objection to the processing of that person’s Personal Data. Processor shall not respond to any such Data Subject request without Customer’s prior written consent except to confirm that the request relates to Customer. Processor shall provide Customer with commercially reasonable cooperation and assistance in relation to the handling of a Data Subject’s request, to the extent legally permitted and to the extent Customer does not have access to such Customer Personal Data through its use or receipt of the Services.

 

4. PROCESSOR PERSONNEL

 

4.1 Processor shall ensure that its personnel engaged in the Processing of Customer Personal Data are subject to obligations of confidentiality.

 

4.2 Processor shall ensure that access to Customer Personal Data is limited to those personnel who require such access to perform the Services.

 

5. SUB-PROCESSORS

 

5.1 Customer acknowledges and agrees that (i) Processor Affiliates may be retained as Sub-processors; and (ii) Processor may engage third-party Sub-processors in connection with the provision of the Services. Any such Sub-processors will be permitted to obtain Customer Personal Data only to deliver the Services Processor has retained them to provide, and are prohibited from using Customer Personal Data for any other purpose. Processor agrees that any agreement with a Sub-processor will include substantially the same data protection obligations as set out in this DPA.

 

5.2 Processor may continue to use those Sub-processors already engaged by Processor or any Processor affiliate as at the date of this DPA.

 

5.3 Processor shall give Customer prior written notice of the appointment of any new Sub-processor, including full details of the Processing to be undertaken by the Sub-processor. If, within 10 days of receipt of that notice, Customer notifies Processor in writing of any objections (on reasonable grounds) to the proposed appointment, Processor shall not appoint that proposed Sub-processor until reasonable steps have been taken to address the objections raised by Customer and Customer has been provided with a reasonable written explanation of the steps taken.

 

6. SECURITY; AUDIT RIGHTS; DATA PROTECTION IMPACT ASSESSMENTS

 

6.1 Processor shall maintain administrative, physical and technical safeguards for protection of the security, confidentiality and integrity of Customer Personal Data.

 

6.2 No more than once per year, Customer may engage a mutually agreed upon third party to audit Processor solely for the purposes of meeting its audit requirements pursuant to the Data Protection Laws. To request an audit, Customer must submit a detailed audit plan at least four (4) weeks in advance of the proposed audit date describing the proposed scope, duration, and start date of the audit. Audit requests must be sent to support@linktrust.com. The audit must be conducted during regular business hours, subject to Processor’s policies, and may not unreasonably interfere with Processor’s business activities. Any audits are at Customer's expense.

 

6.3 Any request for Processor to provide assistance with an audit is considered a separate service if such audit assistance requires the use of resources different from or in addition to those required by law. Customer shall reimburse Processor for any time spent for any such audit at the rates agreed to by the parties. All reimbursement rates shall be reasonable, taking into account the resources expended by Processor. Customer shall promptly notify Processor with information regarding any non-compliance discovered during the course of an audit.

 

6.4 Processor will reasonably cooperate with Customer, at Customer’s expense, where Customer is conducting a data protection impact assessment.

 

7. SECURITY BREACH MANAGEMENT AND NOTIFICATION

 

7.1 If Processor becomes aware of any unlawful access to any Customer Personal Data stored on Processor’s equipment or in Processor’s facilities, or unauthorized access to such equipment or facilities resulting in material loss, disclosure, or alteration of Customer Personal Data (“Security Breach”), Processor will promptly: (i) notify Customer of the Security Breach; (ii) investigate the Security Breach and provide Customer with information about the Security Breach; and (iii) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Security Breach.

 

7.2. Customer agrees that an unsuccessful Security Breach attempt will not be subject to this Section. An unsuccessful Security Breach attempt is one that results in no unauthorized access to Customer Personal Data or to any of Processor’s equipment or facilities storing Customer Personal Data, and may include, without limitation, pings and other broadcast attacks on firewalls or edge servers, port scans, unsuccessful log-on attempts, denial of service attacks, or similar incidents.

 

7.3. Notification(s) of Security Breaches, if any, will be delivered to one or more of Customer’s business, technical or administrative contacts by any means Processor selects, including via email. It is Customer’s sole responsibility to ensure it maintains accurate contact information on Processor’s support systems at all times.

 

8. RETURN AND DELETION OF CUSTOMER DATA

 

Processor shall return Customer Personal Data to Customer, to the extent possible, and/or delete Customer Personal Data in accordance with Processor’s data retention policies which adhere to requirements of the Data Protection Laws, and in a manner consistent with the terms of the Agreement. Data Retention Policy

 

9. STANDARD CONTRACTUAL CLAUSES

 

Customer (as "data exporter") and Processor (as "data importer") hereby enter into the Standard Contractual Clauses attached as Exhibit 1 in respect of any transfer of Customer Personal Data from the Customer to Processor.

 

10. PARTIES TO THIS DPA

 

Nothing in this DPA shall confer any benefits or rights on any person or entity other than the parties to this DPA.

 

11. SEVERANCE

 

Should any provision of this DPA be invalid or unenforceable, then the remainder of this DPA shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.

 

 


Exhibit 1


Standard Contractual Clauses (processors)

Clause 1

Definitions

For the purposes of the Clauses:

(a) 'personal data', 'special categories of data', 'process/processing', 'controller', 'processor', 'data subject' and 'supervisory authority' shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;

(b) ' the data exporter' means the controller who transfers the personal data;

(c) 'the data importer' means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country's system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;

(d) 'the subprocessor' means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;

(e) 'the applicable data protection law' means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;

(f) 'technical and organisational security measures' means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

Clause 2

Details of the transfer

The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.

Clause 3

Third-party beneficiary clause

1. The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.

2. The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.

3. The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity . Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.

4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

Clause 4

Obligations of the data exporter

The data exporter agrees and warrants:

(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;

(b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses;

(c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;

(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;

(e) that it will ensure compliance with the security measures;

(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;

(g) to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;

(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures , as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;

(i) that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and

(j) that it will ensure compliance with Clause 4(a) to (i).

Clause 5

Obligations of the data importer

The data importer agrees and warrants:

(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;

(d) that it will promptly notify the data exporter about:

(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,

(ii) any accidental or unauthorised access, and

(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;

(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;

(f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;

(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;

(h) that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;

(i) that the processing services by the subprocessor will be carried out in accordance with Clause 11 ;

(j) to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.

Clause 6

Liability

1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referredto inClause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.

2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.

The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.

3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.

Clause 7

Mediation and jurisdiction

1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:

(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;

(b) to refer the dispute to the courts in the Member State in which the data exporter is established.

2. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

Clause 8

Cooperation with supervisory authorities

1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.

2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.

3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b).

Clause 9

Governing Law

 

The Clauses shall be governed by the law of the Member State in which the data exporter is established.

Clause 10

Variation of the contract

The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.

Clause 11

Subprocessing

1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor's obligations under such agreement.

2. The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.

3. The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.

4. The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority.

Clause 12

Obligation after the termination of personal data processing services

1. The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.

2. The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.

 

 

 

 

 


 

 

 

Appendix 1 to the Standard Contractual Clauses

This Appendix forms part of the Clauses and must be completed and signed by the parties.

The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix.

Data exporter

The data exporter is (please specify briefly your activities relevant to the transfer):

Customer who is making use of LinkTrust’s affiliate and performance marketing software.

Data importer

The data importer is (please specify briefly activities relevant to the transfer):

LinkTrust LLC, a provider of affiliate and performance marketing software.

Data subjects

The personal data transferred concern the following categories of data subjects (please specify):

Customer’s affiliates and advertisers.

Categories of data

The personal data transferred concern the following categories of data (please specify):

IP address, deviceID, userID, first name, last name, email address, mailing address, and banking information (including account number and routing information).

Special categories of data (if appropriate)

The personal data transferred concern the following special categories of data (please specify):

None.

Processing operations

The personal data transferred will be subject to the following basic processing activities (please specify):

The provision of the services by LinkTrust to Customer under the Agreement.

 


Appendix 2 to the Standard Contractual Clauses

Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):

Description of Technical and Organizational Security Measures

LinkTrust implements the technical and organizational security measures described below in respect of personal data that it processes:

·          Information security policy: LinkTrust maintains a written information security policy that specifies the security standards it applies to protect the personal data it processes in accordance with these Clauses. The information security policy mandates the use of appropriate technical and organizational security measures throughout LinkTrust's organization to protect personal data against unauthorized and unlawful processing and against accidental loss, damage or destruction.

·          Data Protection: LinkTrust has appointed an employee with responsibility for ensuring the security of personal data processed by LinkTrust throughout its organization and for reviewing, maintaining and updating LinkTrust's information security policy in accordance with best industry practice.

·          Physical security: Access to data processing facilities, including server rooms, offices, rooms and facilities is restricted to duly authorized employees and contractors who have been issued with security badges.

·          Firewall and anti-virus: LinkTrust has implemented appropriate firewall, anti-virus, anti-spyware and other anti-malware software and technologies on applicable networks and systems it uses to process personal data.

·          Encryption: LinkTrust has implemented appropriate cryptographic controls according to the risk associated with the information and systems being protected.

·          Asset management: LinkTrust has implemented processes for asset management, including how IT identifies, tracks, tags, and maintains IT assets, including recordkeeping procedures for user requests.

·          Access controls: LinkTrust has implemented technical access controls that restrict access to personal data it processes to duly authorized employees and contractors only.

·          Usernames / passwords: Access to personal data will be controlled through access privileges (described above), usernames and confidential passwords.

·          Back-up: LinkTrust will make regular back-ups of the personal data that it processes. Data back-ups will be stored securely at an offsite location and will be available for data restoration.

 

 

LinkTrust

Copyright ©2019 LinkTrust Technologies. All Rights Reserved

For more information, click here.