CUSTOMER DATA & PRIVACY.
1.1. Use of Customer Data. Provider shall not: (a) access, process, or otherwise use Customer Data other than as necessary to facilitate the SaaS; or (b) give Customer Data access to any third party, except Provider’s subcontractors that have a need for such access to facilitate the SaaS and are subject to a reasonable written agreement governing the use and security of Customer Data. Further, Provider: (c) shall exercise reasonable efforts to prevent unauthorized disclosure or exposure of Customer Data; and (d) shall comply with all Privacy/Security Laws that are applicable both specifically to Provider and generally to data processors in the jurisdictions in which Provider does business and operates physical facilities.
1.2. Statutory Special Terms. The parties recognize and agree that Attachment __ (_n/a___): (a) governs the following Customer Data: _______n/a___; and (b) applies only to such Customer Data and not to any of the parties’ other rights or duties pursuant to this Agreement. If Provider receives a “right to know,” deletion, “right to be forgotten,” or similar request related to Customer Data, Provider may respond in accordance with applicable law. Nothing in this Agreement precludes Provider from asserting rights or defenses it may have under applicable law related to such requests.
1.3. Additional Fees. Customer recognizes and agrees that Provider may charge additional fees (without limitation) (a) for activities (if any) required by Privacy/Security Laws and (b) for activities Customer requests to help it comply with Privacy/Security Laws.
1.4. Privacy Policy. Customer acknowledges Provider’s privacy policy at __________, and Customer recognizes and agrees that nothing in this Agreement restricts Provider’s right to alter such privacy policy.
1.5. De-Identified Data. Notwithstanding the provisions above of this Article 4, Provider may use, reproduce, sell, publicize, or otherwise exploit De-Identified Data (as defined below) in any way, in its sole discretion, including without limitation aggregated with data from other customers. (“De-Identified Data” refers to Customer Data with the following removed: information that identifies or could reasonably be used to identify an individual person, a household, or Customer.)
1.6. Erasure. Provider may permanently erase Customer Data if Customer’s account is delinquent, suspended, or terminated for 30 days or more, without limiting Provider’s other rights or remedies.
1.7. Required Disclosure. Notwithstanding the provisions above of this Article 4, Provider may disclose Customer Data as required by applicable law or by proper legal or governmental authority. Provider shall give Customer prompt notice of any such legal or governmental demand and reasonably cooperate with Customer in any effort to seek a protective order or otherwise to contest such required disclosure, at Customer’s expense.
1.8. Risk of Exposure. Customer recognizes and agrees that hosting data online involves risks of unauthorized disclosure or exposure and that, in accessing and using the SaaS, Customer assumes such risks. Provider offers no representation, warranty, or guarantee that Customer Data will not be exposed or disclosed through errors or the actions of third parties.
1.9. Data Accuracy. Provider shall have no responsibility or liability for the accuracy of data uploaded to the SaaS by Customer, including without limitation Customer Data and any other data uploaded by Users.
1.10. Excluded Data. Customer warrants that (a) it has not and will not transmit Excluded Data (as defined below), or permit transmission of Excluded Data, to Provider or its computers or other media and, (b) to the best of its knowledge, Customer Data does not and will not include Excluded Data. Customer shall inform Provider of any Excluded Data within Customer Data promptly after discovery (without limiting Provider’s rights or remedies). Customer recognizes and agrees that: (i) the provisions of this Agreement related to Customer Data do not apply to Excluded Data; (ii) Provider has no liability for any failure to provide protections in the Excluded Data Laws (as defined below) or otherwise to protect Excluded Data; and (iii) Provider’s systems are not intended for management or protection of Excluded Data and may not provide adequate or legally required security for Excluded Data. Provider is not responsible or liable for any data exposure or disclosure or related loss to the extent that it involves Excluded Data. (“Excluded Data” means _______n/a_____________. “Excluded Data Laws” means any law or regulation governing Excluded Data, including without limitation any law or regulation protecting privacy or security rights of Excluded Data subjects, as well as the following statutes and regulations: ___n/a_________.)