Terms of Service

THESE TERMS OF SERVICE (“TOS”), together with the General Services Agreement, purchase order, order form or other document that incorporates these TOS (in any event, the “General Terms”) and any documents and materials that these TOS expressly reference (collectively, all of the foregoing, constitute this “Agreement”) are agreed to by and between Creative Management Services, LLC d/b/a MC2, a Delaware limited liability company, having an address at 15 E. Midland Avenue, Paramus, NJ 07652, United States (“MC2,” “we,” “us,” and “our”) and you, or the entity on whose behalf you are agreeing to this Agreement ( “you,” and “your”).

 

This Agreement governs your provision to us of services (“Services”) and deliverables (“Deliverables”), as described and/or defined in the General Terms.

 

You can access specific topics in this Privacy Policy by clicking on the relevant links below:

Except as expressly set forth herein, words and phrases used in this Agreement have the definitions given in this Agreement or, if not defined herein, have their plain English meaning as commonly interpreted in the United States

(a) The term “Confidential Information” is defined as follows: all information (whether written, including on electronic media, or oral) furnished (whether before or after the date hereof) by MC2 or by its directors, officers, employees, affiliates, non-employee representatives (including financial advisors, attorneys and accountants), or agents to you or your representatives for, relating to, or in conjunction with the Services or MC2’s business operations in general, including: (i) computer programs; (ii) employee, customer, supplier, and competitor information; (iii) blueprints, drawings, and other product designs and concepts; (iv) know-how and other manufacturing methods; (v) purchasing, cost, pricing, profitability, and other financial information; (vi) research and development, marketing, sales, contractual and other business plans and techniques; (vii) policies and training materials; (viii) inventions (whether patentable or not); (ix) works of authorship (whether copyrightable or not); (x) trade secrets, including but not limited to designs, sketches and renderings; (xi) any other confidential or proprietary information, and; (xii) all notes, reports, analyses, compilations, forecasts, studies or other documents prepared by either party or its representatives in connection with the Services or relating to MC2’s business operations in general which contain or reflect, or are based in whole or in part on, any such information.

(b) Notwithstanding anything herein to the contrary, it is understood that Confidential Information does not include information that:

(i)  is or subsequently becomes publicly available without the breach of any obligation owed to MC2; or

(ii) was received by you on a non-confidential basis and not in contravention of applicable law prior to the date of this Agreement and you can document such prior knowledge.

(c) You agree (i) to hold Confidential Information in confidence and to take all necessary precautions to protect Confidential Information, including all precautions you employ with respect to your own confidential materials; (ii) not to divulge any Confidential Information or any information derived therefrom to any person other than your employees or contractors who are required to use the Confidential Information for purposes of this Agreement and who are bound by agreement to keep such information confidential (and you will be responsible for any acts or omissions of such persons, as if they were parties hereto); and (iii) not to make any use whatsoever at any time of such Confidential Information except as reasonably necessary to further or facilitate the Services. You understand that this Agreement does not constitute a license or right to use the Confidential Information other than as specified herein. You agree and acknowledge that the Confidential Information is our personal property. We do not make any representations or warranties as to the accuracy, sufficiency or completeness of Confidential Information.

(d) If requested by us, you shall immediately return to us or destroy, at our option, all Confidential Information, including all copies, extracts, or other reproductions in whole or in part, and to certify the same by a writing executed by an authorized officer.

All Deliverables will, upon delivery to us, become our property. If any Service or Deliverable does not meet its specifications or is defective, you will (at your sole expense) re-perform such Service or repair or replace such Deliverable. In the event that you are unable to re-perform such Service or repair or replace such Deliverable to our satisfaction, you shall return to us all amounts paid by us to you for such Service or Deliverable and we may terminate this Agreement. This Agreement is not intended to govern the development of custom work product by you for us; in such cases, the parties would enter into a separate written agreement that contains terms appropriate therefor. To the extent that we do not acquire unrestricted rights to the Deliverables through purchase thereof, you hereby grant to us a perpetual, non-exclusive, royalty-free worldwide, license under your intellectual property rights for us to make use of the Deliverables as we desire in our sole discretion.

You represent, warrant and covenant to us that:

 

(a)     You are fully authorized to enter into and perform your obligations under this Agreement and are not bound by any agreement or obligation that may infringe on your ability to perform any of the duties that may be required of you under this Agreement;

(b)    All Services and Deliverables will be original and will not infringe upon the rights of any third party, and will not have been previously assigned, licensed or otherwise encumbered;

(c)     Exploitation of any Deliverable by us in any manner throughout the world, in perpetuity will not infringe on any rights of any third party including copyright, trademark, unfair competition, contract, defamation, and privacy or publicity rights;

(d)    You shall have sole and exclusive responsibility for the withholding and payment of any and all federal, state and local income, social security and other taxes due arising out of any monies paid to you for Services ;

(e)     You will comply with all of our written instructions and policies, and all applicable federal, state and local laws, rules and regulations relating to the provision of the Services and the delivery of the Deliverables under this Agreement;

(f)     You will maintain in effect, at your expense, all workers’ compensation, employee liability, comprehensive general liability and any other insurance as may be required by law or which is necessary to fully protect both you and us from any and all claims and damages that may arise from your performance under this Agreement;

(g)    The Services and Deliverables will be in conformity with all requirements set forth in the General Terms;

(h)     You will provide immediate notice to us in in the event that any of the representations and warranties set forth in this Agreement becomes untrue

Services in a professional and timely manner in accordance with the best industry standards and to our reasonable satisfaction;

(i)    You will perform the Services and provide the Deliverables using personnel of required skill, experience, and qualifications and in a professional and workmanlike manner in accordance with generally recognized industry standards for similar services and shall devote adequate resources to meet your obligations.

You hereby agree to indemnify, defend, and hold harmless us and our affiliates and our and their officers, directors, members, managers, shareholders, employees, agents, contractors, providers, licensees, successors-in-interest, and assigns (“Indemnified Parties”) from and against any and all claims, suits, demands, actions, losses, liabilities, damages, judgments, settlements, fines, penalties, fees, expenses and costs (including attorneys’ fees) (collectively, “Claims”) arising in any manner from: (a) our access to, or use of, the Services or Deliverables, (b) your gross negligence or more culpable act or omission, (c) the payment or non-payment of any taxes relating to any monies paid to you for Services; or (d) your breach of any representation, warranty, or other provision of this Agreement. We will provide you with notice of any Claim, and we will have the right to participate in the defense of any Claim and hire counsel of our choosing. You shall be required to pay to the Indemnified Parties, in advance of the final disposition of any Claim, all reasonable costs, fees, and expenses incurred by the Indemnified Parties in respect of such Claim (including, for purposes of clarity, all attorney’s fees and court costs). You may not settle any Claim without our consent. If you fail to diligently prosecute the defense of a Claim, then we may upon notice to you undertake to manage and control the defense of such Claim and its settlement at your expense. The indemnified parties are third-party beneficiaries of this Agreement and may enforce it. We will have the right to set off against all sums payable to you under this Agreement, any and all sums payable to us under this section.

(a) Venue And Governing Law. This Agreement and all matters arising out of or relating to this Agreement, are governed by, and construed in accordance with, the laws of the State of New York, without regard to the conflict of laws provisions thereof. Each party irrevocably and unconditionally agrees that it will not commence any action, litigation or proceeding of any kind whatsoever against any other party in any way arising from or relating to this Agreement and all contemplated transactions, in any forum other than the United States District Court for the Southern District of New York or, if such court does not have subject matter jurisdiction, the courts of the State of New York located in the Borough of Manhattan (the “Specified Courts”). If any matter is to be heard in court, each party irrevocably and unconditionally submits to the exclusive jurisdiction of, and agrees to bring any such action, litigation or proceeding only in, the Specified Courts. Each party agrees that a final judgment in any such action, litigation or proceeding is conclusive and may be enforced in other jurisdictions by suit on the judgment or in any other manner provided by law.

 

(b) Waiver of Jury Trial. EACH PARTY HERETO HEREBY WAIVES, TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, ANY RIGHT IT MAY HAVE TO A TRIAL BY JURY IN ANY LEGAL PROCEEDING DIRECTLY OR INDIRECTLY ARISING OUT OF OR RELATING TO THIS AGREEMENT (WHETHER BASED ON CONTRACT, TORT OR ANY OTHER THEORY). EACH PARTY HERETO (I) CERTIFIES THAT NO REPRESENTATIVE, AGENT OR ATTORNEY OF ANY OTHER PARTY HAS REPRESENTED, EXPRESSLY OR OTHERWISE, THAT SUCH OTHER PARTY WOULD NOT, IN THE EVENT OF LITIGATION, SEEK TO ENFORCE THE FOREGOING WAIVER, AND (II) ACKNOWLEDGES THAT IT AND THE OTHER PARTIES HERETO HAVE BEEN INDUCED TO ENTER INTO THIS AGREEMENT BY, AMONG OTHER THINGS, THE MUTUAL WAIVERS AND CERTIFICATIONS IN THIS SECTION.

 

(c) Attorney Fees. In the event of any legal action relating to this Agreement, the substantially prevailing party (in addition to any other relief to which it may be entitled) shall be entitled to reimbursement of its reasonable attorney fees, costs, and expenses from the non-prevailing party (to the extent such fees, costs, and expenses were not previously paid in accordance with Section 6).

(a) Notices. Any notice required or permitted to be given under this Agreement shall be sufficient if in writing and if delivered personally or if sent by registered mail, courier service or email requiring acknowledgment of receipt to our office or your place of business as set forth on the signature page to the General Terms (or, if not set forth there, to the place of business address or email address used in connection with entering into the General Terms). Notices sent by registered mail shall be deemed received three (3) days from the date of mailing. Notices sent by email shall be deemed received upon acknowledgement by return email. Either Party may change its address for notices under this Agreement by giving the other Party written notice of such change in accordance with this Section.

(b) Independent Contractor. Your relationship with us shall be that of an independent contractor and nothing in this Agreement shall constitute you as our employee, joint venturer, or partner. You shall have no authority to bind us in any respect. You agree to abide by the terms and conditions of any and all contracts and other agreements of us that you have been delegated obligations under pursuant to this Agreement. Without limiting your obligations hereunder, at all times, you are free to perform services for any other company or person as long as it does not violate your obligations under the this Agreement. You shall control the detail, manner and method of providing the Services.

(c) Equal Opportunity Employer. MC² is an equal opportunity employer and federal contractor or subcontractor. Consequently, the parties agree that, as applicable, they will abide by the requirements of 41 CFR 60-1.4(a), 41 CFR 60-300.5(a) and 41 CFR 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity or national origin. These regulations require that covered prime contractors and subcontractors take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status or disability. The parties also agree that, as applicable, they will abide by the requirements of Executive Order 13496 (29 CFR Part 471, Appendix A to Subpart A), relating to the notice of employee rights under federal labor laws.

(d) Assignment. The rights conferred by this Agreement shall not be assignable by you, by assignment, operation of law, change of control or otherwise, without our prior written consent. Any attempted assignment without such consent will be null and void. We may freely assign this Agreement.

(e) Entire Agreement; Survival; Interpretation. This Agreement constitutes the entire agreement between us and you as to the subject matter hereof, and supersedes all prior discussions and writings. All provisions of this Agreement, which by their nature should apply beyond their terms will remain in force after any termination or expiration of this Agreement. For purposes of this Agreement, the words “include,” “includes” and “including” are deemed to be followed by the words “without limitation”. The headings in this Agreement are for reference only and do not affect the interpretation of this Agreement. The parties intend this Agreement to be construed without regard to any presumption or rule requiring construction or interpretation against the party drafting an instrument or causing any instrument to be drafted.

(f) Amendment; Waiver. We may make any amendment, modification, or supplement to these TOS and any documents that these TOS expressly incorporate by reference. If we make such amendment, modification, or supplement to this Agreement, we shall notify you in writing of such. Any waiver or exemptions to any term, condition, or provision of this Agreement may only occur if such waiver or exemption is made in writing and signed by us. No waivers of or exceptions to any term, condition, or provision of this Agreement, in any one or more instances, shall be deemed to be, or construed as, a further or continuing waiver of such term, condition, or provision.

(g) Invalidity. If any term, provision, covenant or condition of this Agreement is held by a court of competent jurisdiction to be invalid, void or unenforceable, such term, provision, covenant or condition will be changed and interpreted to accomplish the objectives thereof to the greatest extent possible under applicable law, and the validity and enforceability of the remaining terms, provisions, covenants and conditions of this Agreement shall not in any way be affected, impaired or invalidated.

(h) Counterparts. The General Terms may be accepted by the parties using any method under applicable law, including electronic signature and email with scan attachment. Executed General Terms may be in any number of counterparts, each of which shall be deemed an original, but all of which shall constitute one and the same instrument.

This Data Processing Addendum (“Addendum”) reflects the agreement between Creative Management Services, LLC d/b/a MC², a Delaware limited liability company (“Company”) and the party that has entered into a General Services Agreement, Independent Contractor Agreement, purchase order, order form or other agreement (in any event, the “General Terms”) with Company (“Contractor”) with regard to the Processing of Personal Data and data protection obligations arising under all applicable Data Protection Laws.  This Addendum supplements and forms part of the General Terms and any documents and materials that the General Terms expressly reference (collectively, such documents and materials and the General Terms, the “Agreement“). To the extent any term, requirement, or provision in this Addendum is deemed to be inconsistent or in direct conflict with any other term, requirement, or provision contained in the Agreement, the terms of this Addendum shall control and govern. Contractor and Company will be referred to individually as a “party” or collectively as the “parties.”

 

1. Processing of Personal Data

a. “Personal Data” means information that identifies or can be used to directly or indirectly identify, describe, contact, locate, or otherwise be related to or associated with an individual or household. “Company Personal Data” means Personal Data provided or made accessible to Contractor in connection with the Agreement. Company is and shall remain the controller of all Company Personal Data for the purposes of applicable data privacy, data protection, and data security laws and regulations governing the Processing of Personal Data (collectively, “Data Protection Law(s)“). Company retains the right to determine the purposes for which Company Personal Data is processed (which includes but is not limited to, collection, recording, storage, use, access, transmission, and the means by which Personal Data may be transferred to a third country or international organization) (“Process“, “Processed” or “Processing“). Nothing in this Addendum shall restrict or limit in any way Company’s rights as controller of Personal Data.

b. Contractor shall act as a processor or similar term under applicable Data Protection Laws. As such, Contractor shall only Process Company Personal Data in accordance with (x) the instructions of Company, (y) as necessary to carry out the purposes of the Agreement, (z) or as otherwise authorized by Company in writing (“Processing Services“) and for no other purpose. For the avoidance of doubt, Contractor will not (and will ensure that its employees, officers, contractors and agents do not):  (a) retain, use, or disclose Company Personal Data for any purpose other than for the business purpose(s) set forth in the Agreement and in accordance with written instructions from Company or otherwise permitted by the applicable Data Protection Laws; (b) retain, use, or disclose Company Personal Data for a commercial purpose other than providing the Services to Company; (c) “sell” or “share” Company Personal Data, as defined under Data Protection Laws; (d) retain, use, or disclose Company Personal Data outside of the direct business relationship between Company and Contractor; or (e) combine Company Personal Data received from or on behalf of Company with Personal Data received from or on behalf of any other person or collected from Contractor’s own interaction with a consumer, except as specifically allowed under Data Protection Laws.  The foregoing does not apply to any information that is no longer Personal Data (including Company Personal Data), including by application of anonymization, deidentification, or aggregation techniques that meet the requirements of Data Protection Laws.

c. Where an applicable Data Protection Law requires Contractor to Process Personal Data under terms other than those of this Addendum, or other written instructions of Company, Contractor shall immediately notify Company of such legal requirement before Processing in accordance with the legal requirement, unless the applicable law prohibits disclosure. In addition, Contractor shall notify Company immediately if, in Contractor's assessment, any of Company's instructions infringe applicable law, including but not limited to applicable Data Protection Laws, or if Contractor determines that it can no longer meet its obligations under this Addendum.

d. Contractor shall immediately notify Company in writing of any request, complaint, claim, or other communication regarding Personal Data received by Contractor, as well as by any Subprocessors (defined below): (i) from an individual who is or claims to be the individual to whom the Personal Data relates (“Data Subject“); (ii) from any data protection/supervisory authority, law enforcement agency, or other government authority; and/or (iii) from Company's employees or any third parties, other than those set forth in this Addendum. Unless otherwise required by applicable law, Contractor shall not disclose or share any Personal Data in response to such requests without first obtaining Company’s written consent. Subject to applicable law, in the event Contractor receives any request from a governmental authority in any jurisdiction that requires the disclosure of Personal Data to such governmental authority, Contractor shall ask the governmental authority to request such Personal Data directly from Company. Contractor shall also cooperate with and provide reasonable assistance to Company and its affiliates, agents, Subprocessors, and representatives in responding to requests, inquiries, claims, and complaints regarding the Processing of Personal Data.

e. In addition to the obligations set out in Section 1(d) above, Contractor shall assist Company by implementing appropriate administrative, technical, and organizational security measures for responding to applicable Data Subjects' requests relating to their rights, including but not limited to requests regarding: (i) access; (ii) rectification/modification; (iii) erasure/deletion; (iv) restriction of Processing; (v) data portability; (vi) objection to Processing; and (vii) opting out of automated individual decision-making, including profiling. Company reserves the right to determine, in its sole judgment, whether or not a Data Subject has a right to exercise any Data Subject rights referenced above or under applicable Data Protection Laws, and to give instructions to Contractor to the extent any such assistance is required. Further, upon notice of a request for deletion or correction of Company Personal Data, Contractor will delete or correct (as applicable) the Data Subject’s Personal Data from its systems and records, and notify Contractor’s Contractors, contractors, and subcontractors to delete or correct the Personal Data (as applicable). If processing a request requires disproportionate effort, Contractor will provide Company with a detailed explanation of the disproportionate effort required within 15 days of the date on which Company notified Contractor of the request.

f. Contractor warrants that any persons authorized to Process Personal Data on its behalf have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; are bound to Process Personal Data in accordance with Company's instructions; and have certified that they will comply with the terms of this Addendum.

g. Upon request, Contractor shall provide reasonable cooperation and assistance to Company in ensuring compliance with data security obligations, as well as in carrying out any data protection impact assessment or similar activity, through means, including but not limited to, providing a systemic description of the envisaged Processing, assistance with an assessment of the risks to the rights and freedoms of the relevant Data Subjects, and/or an assessment of the necessity and proportionality of the Processing in relation to the underlying purpose.

 

2. Technical and Organizational Security Measures

a. Contractor shall implement and maintain a written information security program (“Information Security Program“) that includes appropriate administrative, technical, organizational, and physical safeguards to protect Personal Data, including, as appropriate: (i) the pseudonymization and encryption of Personal Data; (ii) the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of Processing systems and services, including against unauthorized access, use, disclosure, alteration, or destruction of Personal Data; (iii) the ability to timely restore the availability and access to the Personal Data in the event of a physical or technical incident or issue; and (iv) a process for regularly testing, assessing, and evaluating the effectiveness of the administrative, technical, organizational, and physical measures for ensuring the security of the Processing.

b. In addition to any specific and/or supplemental security safeguards established in the Agreement between the parties, Contractor's Information Security Program shall include, but not be limited to, the safeguards set forth in Annex A to this Addendum, which is incorporated herein by this reference. To the extent that any specific or supplemental security safeguards in the Agreement are less stringent than the safeguards set forth in Annex A to this Addendum, the terms of Annex A shall control. Upon Company's reasonable request, Contractor shall provide a copy of its written Information Security Program to Company as well as any third party audits or certifications establishing that it has implemented the safeguards set out in the Information Security Program.

 

3. Security Incident

a. Notwithstanding anything in this Addendum or the Agreement to the contrary, Contractor shall notify Company in writing immediately (but no later than forty eight (48) hours) after discovering or reasonably suspecting that: (i) any Personal Data has been Processed by Contractor (including its Subprocessors) in violation of this Addendum or applicable Data Protection Laws or other applicable law; or (ii) there has been a breach of security leading to, or that may potentially lead to, the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data has occurred or may be occurring (collectively, “Security Incident“). Contractor shall cooperate fully in the investigation and remediation of the Security Incident, and take all steps reasonably necessary to limit further unauthorized disclosure or Processing of Personal Data in connection with the Security Incident. Contractor shall also indemnify, defend, and hold Company, including its affiliates and subsidiaries, harmless from and against any and all claims, suits, proceedings, damages, costs, and expenses (including, without limitation, reasonable attorneys' fees, court costs, and expert witness costs) brought against or suffered by Company, including its affiliates and subsidiaries, arising out of, resulting from, or relating to, any breach by Contractor of this Addendum, including any liabilities resulting from a Security Incident.

b. To the extent that a Security Incident gives rise to a need, in Company's sole judgment to: (i) provide notification to government authorities, individuals, or other persons or third parties; and/or (ii) undertake other remedial measures, including, without limitation, notice, credit monitoring, fraud insurance, a website and/or call center services, forensic investigation and crisis and PR management measures, responding to governmental investigations and paying any assessed fines, penalties and interest (collectively, “Remedial Action“), Contractor shall at Company’s option either undertake any such Remedial Action at Contractor's cost, or reimburse Company for any such Remedial Action undertaken by Company or any of its affiliates. The timing, content, and manner of effectuating any notices shall be determined by Company in its sole discretion.

 

4. Subprocessors

The parties agree that Contractor has general authorization to utilize affiliates and subsidiaries, agents, subcontractors, or other third parties to assist Contractor in providing the Services (“Subprocessor(s)“).  Upon written request from Company, Contractor shall promptly provide Company with a list of its then current Subprocessors. Throughout the term of the Agreement, Contractor shall inform Company in writing of any intended changes concerning the addition or replacement of Subprocessors, to which changes Company has the right to object at its sole discretion. If Company does not object to such changes in Subprocessors within 20 days after receipt of notice, the same shall be deemed accepted. Contractor shall remain at all times responsible for and fully liable to Company for the Subprocessors’ performance of its obligations. Contractor shall also enter into a binding written agreement with each authorized Subprocessor that imposes the same or greater obligations as Contractor's obligations as set forth under this Addendum.

 

5. Audit Rights

Contractor shall, at no additional cost, keep or cause to be kept full and accurate records relating to all Processing of Personal Data on behalf of Company as part of the Processing Services, and Company may request, upon ten (10) days written notice to Contractor (unless a shorter period is required by applicable Data Protection Laws or request by a government authority), access to Contractor's facilities, systems, records, and supporting documentation in order to audit, itself or through an independent third-party auditor, Contractor's compliance with its obligations under or related to this Addendum. This Auditing may be conducted through measures including, but not limited to, manual reviews and automated scans, as well as technical and operational testing, and may be carried out once in any calendar year, unless otherwise required by applicable Data Protection Laws or government authority. Audits shall be subject to all applicable confidentiality obligations agreed to by Company and Contractor, and shall be conducted making all reasonable efforts to minimize any disruption of Contractor's performance of services and other normal operations. In the event that any such audit reveals material gaps or weaknesses in Contractor's Information Security Program and/or a violation of Contractor’s obligations under this Addendum, Company shall be entitled to suspend transmission of Personal Data to Contractor and/or suspend Contractor's Processing of Personal Data until such issues are resolved. Company may also require Contractor to, upon request, make available to Company any information or certifications necessary to demonstrate compliance with the obligations set forth in this Addendum.

 

6. Cross-Border Transfers from EEA

To the extent that Company’s receipt of services under the Agreement requires an onward transfer mechanism to lawfully transfer Company Personal Data from a jurisdiction (i.e., the European Economic Areathe United Kingdom, Switzerland, Guernsey, or Jersey) to Contractor located outside of that jurisdiction, the parties agree to enter into the EU Standard Contractual Clauses, with the required adaptations for the UK and Switzerland, in respect of such transfer. Contractor shall ensure that any onwards transfers of Personal Data from Contractor to any subprocessor or any other third party are subject to a transfer agreement that includes the requirements of the EU Standard Contractual Clauses.

 

7. Post-Termination

Notwithstanding any other provision of the Agreement or this Addendum to the contrary, when Contractor (including any of its Subprocessors) ceases to perform Processing Services for Company upon termination of the Agreement or otherwise (e.g. per the request or explicit instruction of Company), Contractor shall, at the choice of Company: (i) return Personal Data (and all media containing copies of Personal Data) to Company; and/or (ii) securely purge, delete, and destroy Personal Data, unless applicable law to which Contractor is subject prevents it from returning or destroying all or part of Personal Data transferred or received under the Agreement; in such case, Contractor shall communicate in writing the legal basis preventing it from returning or destroying Company's Personal Data, and warrant that it shall guarantee the confidentiality of Company's Personal Data and shall not actively Process Company’s Personal Data. Electronic media containing Personal Data shall be disposed of in a manner that renders Personal Data unrecoverable. Upon request, Contractor shall provide Company with an Officer's Certificate or other proof acceptable to Company to certify its compliance with this provision.

 

8. Entry into Processing Addendum and Additional Privacy Terms

a) Company’s entry into the Agreement and corresponding acceptance of this Addendum constitutes agreement for itself as well as for affiliates and subsidiaries receiving Processing Services under the Agreement. Notwithstanding anything to the contrary, however, each Company entity shall exercise its rights under this Addendum through the Company, unless otherwise required by Applicable Data Protection Law.

b) Company may make any amendment, modification, or supplement to this Addendum If Company makes such amendment, modification, or supplement to this Addendum, Company shall notify Contractor in writing thereof.

 

9. Certificate of Compliance

Contractor certifies that it understands the restrictions set forth herein and under Data Protection Laws, and will comply with them.  Contractor shall immediately (and in any event within five business days) notify Company if it determines that it can no longer meet its obligations under this Addendum or Data Protection Laws.  Upon such notice, Company shall have the right to take reasonable and appropriate steps to stop and remediate any unauthorized use of Personal Data by Contractor.