CCPA Contract Clauses

1. Definitions. The following definitions and rules of interpretation apply in this Agreement:

‌(a) CCPA means the California Consumer Privacy Act of 2018, as amended (Cal. Civ. Code §§ 1798.100 to 1798.199), and any related regulations or guidance provided by the California Attorney General. Terms defined in the CCPA, including personal information and business purposes, carry the same meaning in this Agreement.

(b) Contracted Business Purposes means the services described in you Marketing 360 Service Agreement, Websites 360 Service Agreement, Top Rated Local Service Agreement, or for any other purpose specifically identified in Appendix A for which the service provider receives or accesses personal information.

(c) Customer means a customer that has signed a service agreement with Madwire, LLC or any of its

(d) Service Provider means Madwire, LLC d/b/a Marketing 360, Websites 360, and/or Top Rated Local.

2. Service Provider’s CCPA Obligations

(a) Service Provider will only collect, use, retain, or disclose personal information for the Contracted Business Purposes for which Customer provides or permits personal information access in accordance with the Terms of Service and Customer’s instructions.

(b) Service Provider will not collect, use, retain, disclose, sell, or otherwise make personal information available for Service Provider’s own commercial purposes or in a way that does not comply with the CCPA. If a law requires the Service Provider to disclose personal information for a purpose unrelated to the Contracted Business Purpose, the Service Provider must first inform the Customer of the legal requirement and give the Customer an opportunity to object or challenge the requirement, unless the law prohibits such notice.

(c) Service Provider will limit personal information collection, use, retention, and disclosure to activities reasonably necessary and proportionate to achieve the Contracted Business Purposes or another compatible operational purpose.

(d) Service Provider must promptly comply with any Customer request or instruction [from Authorized Persons] requiring the Service Provider to provide, amend, transfer, or delete the personal information, or to stop, mitigate, or remedy any unauthorized processing.

(e) If the Contracted Business Purposes require the collection of personal information from individuals on the Customer’s behalf, Service Provider will always provide a CCPA-compliant notice addressing use and collection methods that the Customer specifically pre-approves in writing. Service Provider will not modify or alter the notice in any way without the Customer’s prior written consent.

(f) If the CCPA permits, Service Provider may aggregate, deidentify, or anonymize personal information by acceptable methods under the CCPA, so it no longer meets the personal information definition, and may use such aggregated, deidentified, or anonymized data for its own research and development purposes. Service Provider will not attempt to or actually re-identify any previously aggregated, deidentified, or anonymized data and will contractually prohibit downstream data recipients from attempting to or actually re-identifying such data.

3. Assistance with Customer’s CCPA Obligations

(a) Service Provider will reasonably cooperate and assist Customer with meeting the Customer’s CCPA compliance obligations and responding to CCPA-related inquiries, including responding to verifiable consumer requests, taking into account the nature of the Service Provider’s processing and the information available to the Service Provider.

(b) Service Provider must notify Customer immediately if it receives any complaint, notice, or communication that directly or indirectly relates either party’s compliance with the CCPA. Specifically, the Service Provider must notify the Customer within 10 working days if it receives a verifiable consumer request under the CCPA.

4. Subcontracting

(a) Service Provider may use subcontractor to provide the Contracted Business Services.

(b) For each subcontractor used, Service Provider will give Customer, upon written request an up-to-date list disclosing:

(i) The subcontractor’s name, address, and contact information.

(ii) The type of services provided by the subcontractor.

(iii) The personal information categories disclosed to the subcontractor in the preceding 12 months.

5. CCPA Warranties

(a) Both parties will comply with all applicable requirements of the CCPA when collecting, using, retaining, or disclosing personal information.

(b) Service Provider certifies that it understands this Agreement’s and the CCPA’s restrictions and prohibitions on selling personal information and retaining, using, or disclosing personal information outside of the parties’ direct business relationship, and it will comply with them.

(c) Service Provider warrants that it has no reason to believe any CCPA requirements or restrictions prevent it from providing any of the Contracted Business Purposes or otherwise performing under this Agreement. Service Provider must promptly notify the Customer of any changes to the CCPA’s requirements that may adversely affect its performance under the Agreement.

APPENDIX A

PERSONAL INFORMATION PROCESSING PURPOSES AND DETAILS

Contracted Business Purposes: Advertising, marketing, CRM, payment processing and other business managements services

Personal Information Categories: This Agreement involves the following types of Personal Information, as defined and classified in CCPA Cal. Civ. Code § 1798.140(o).

Category

Examples

Processed under this Agreement

A. Identifiers.

A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.

YES

B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

Some personal information included in this category may overlap with other categories.

YES

C. Protected classification characteristics under California or federal law.

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

YES

D. Commercial information.

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

YES

E. Biometric information.

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

NO

F. Internet or other similar network activity.

Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.

YES

G. Geolocation data.

Physical location or movements.

YES

H. Sensory data.

Audio, electronic, visual, thermal, olfactory, or similar information.

NO

I. Professional or employment-related information.

Current or past job history or performance evaluations.

NO

J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

NO

K. Inferences drawn from other personal information.

Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

YES