MemberLeap CCPA Addendum

California Consumer Privacy Act


This MemberLeap California Consumer Privacy Act Addendum to the Vieth's Online Service Agreement (the Service Agreement) (this Addendum) is entered into by and between Vieth Consulting, LLC (MemberLeap) and you (the Client) (each a Party, and collectively, the Parties). This Addendum will become effective as of the date on which you agree to it (the Effective Date) via the I Accept button in the applicable online form or webpage that makes reference to this Addendum.

RECITALS

WHEREAS, the Parties entered into the Service Agreement and have retained the power to alter, amend, revoke, or terminate the Service Agreement as provided in the Service Agreement;

WHEREAS, the Parties now desire to amend the Service Agreement as provided herein in order to comply with the California Consumer Privacy Act of 2018 (the CCPA).

NOW, THEREFORE, in consideration of the mutual agreements set forth in this Addendum, the Parties agree as follows:

1. Definitions.

1.1 Capitalized definitions not otherwise defined herein shall have the meaning given to them in the Service Agreement. Except as modified or supplemented below, the definitions of the Service Agreement shall remain in full force and effect.

1.2 For the purpose of interpreting this Addendum, the following terms shall have the meanings set out below:

a. Applicable Laws means all laws and regulations applicable to the Processing of Client Personal Data under the Service Agreement, including the CCPA and Sections 1798.29 and 1798.82 of the California Civil Code;

b. Business/Client means the party that has entered into this Addendum with MemberLeap as indicated in the opening paragraph of this Addendum, including all affiliates of that entity that are also bound by the Service Agreement, if any;

c. CCPA means the California Consumer Privacy Act of 2018;

d. Client Personal Data means any Personal Information pertaining to the Client (and the Consumers, respectively) as defined under Applicable Laws;

e. Processing (or any cognate terms) means any operation or set of operations which is performed on data or on sets of data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

f. Subprocessor means any third party appointed by or on behalf of Service Provider to Process Personal Data on behalf of Client (or Clients immediate clients, as the case may be) in connection with the Service Agreement;

g. Services means the services and other activities carried out by or on behalf of MemberLeap for Client pursuant to the Service Agreement;

h. Service Provider means MemberLeap that has entered into this Addendum with the Client as indicated in the opening paragraph of this Addendum, including all Affiliates of that entity that are also bound by the Agreement, if any;

1.3 The definitions of Commercial Purpose, Consumer, Breach of the Security of the System, Business Purpose, and Personal Information whether capitalized or not, shall have the same meaning as in the Applicable Laws, and their cognate terms shall be construed accordingly.

2. Applicability.

2.1 The applicability of this Addendum is subject to the payment of an additional fee beginning at $10 per month. The Client may choose not to pay this fee (or terminate payments, respectively), but, for the avoidance of doubt, the absence of a due payment shall result in the immediate termination of this Addendum. In such cases, the Client shall be prohibited from Processing Client Personal Data regulated by Applicable Laws and is obligated to immediately cease and desist from any such Processing activities, for as long as this Addendum is not in full force and effect.

2.2 This Addendum will not apply to the Processing of Client Personal Data, where such Processing is not regulated by the Applicable Laws. The Parties to this Addendum hereby agree that the terms and conditions set out herein shall be added as an addendum to the Service Agreement. Except where the context requires otherwise, references in this Addendum to the Service Agreement are to the Service Agreement as amended or supplemented by, and including, this Addendum.

3. Processing and Disclosing of Client Personal Data.

3.1 In the context of this Addendum with regard to the Processing of Client Personal Data, Client is a Business and MemberLeap is a Service Provider under the CCPA.

3.2 Client discloses Client Personal Data to MemberLeap solely for: (i) valid business purposes as allowed by the Applicable Laws; and (ii) to enable MemberLeap to perform the Services.

3.3 MemberLeap certifies that it does not:

a. sell Client Personal Data; 

b. process, retain, use, or disclose Client Personal Data for a Commercial Purpose other than providing the Services specified in the Service Agreement or as otherwise permitted by the Applicable Laws; nor 

c. process, retain, use, or disclose Client Personal Data except where permitted under the Service Agreement between Client and MemberLeap.

4. No Selling of Client Personal Data.

MemberLeap acknowledges and confirms that it does not receive any Client Personal Data as consideration for any services or other items that MemberLeap provides to Client. Client retains all rights and interests in Client Personal Data. MemberLeap agrees to refrain from taking any action that would cause any transfers of Client Personal Data to or from MemberLeap to qualify as selling Client Personal Data under the Applicable Laws.

5. Subprocessing.

5.1 MemberLeap may appoint Subprocessors. 

5.2 With respect to each Subprocessor, MemberLeap shall:

a. carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Client Personal Data required by this Addendum, and required by Applicable Laws before the Subprocessor first Processes Client Personal Data; and

b. ensure that the arrangement between: on the one hand, (i) MemberLeap, or (ii) the relevant intermediate Subprocessor; and, on the other hand, the respective prospective Subprocessor, is governed by a written contract, including terms which offer at least the same level of protection for Client Personal Data as those set out in this Addendum, and that such terms meet the requirements of CCPA Section 1798.140(v) as well as any other Applicable Laws.

6. Security.

6.1 MemberLeap shall implement and maintain the reasonable security procedures and practices appropriate to the nature of the Client Personal Data it processes pursuant to subdivision (c) of Section 1798.81.5 of the California Civil Code.

7. Consumer Data Rights.

7.1 The Client is responsible for responding to Consumer requests about their Client Personal Data using its own access to the relevant Client Personal Data. At Clients request, MemberLeap will provide reasonable assistance to Client, to the extent Client is unable to access the relevant Personal Data after diligent reasonable efforts. To the extent legally permitted, Client shall be responsible for any costs arising from MemberLeap's provision of such assistance.

7.2 MemberLeap shall delete Client Personal Data upon instruction of Client when Client receives a verifiable Consumer request from a Consumer to delete it pursuant to subdivision (c) of Section 1798.105 of the California Civil Code.

7.3 If MemberLeap receives a request directly from a Consumer MemberLeap shall inform the Consumer that it should submit the request directly to the Client, and when feasible, provide the Consumer with the Clients contact information, below:

Email for Privacy Matters: info@memberleap.com

Toll-Free Telephone Number for Privacy Matters: 800.336.3008

Physical Address or other Contact Information for Privacy Matters: Vieth Consulting, 209 S. Bridge Street, MI 48837.

8. Personal Data Breach

8.1 MemberLeap will notify Client as soon as is reasonably possible upon MemberLeap becoming aware of a Personal Data Breach affecting Client Personal Data. MemberLeap's notification of or response to a Personal Data Breach under this Section 8 will not be construed as an acknowledgement by MemberLeap of any fault or liability with respect to the Personal Data Breach.

8.2 MemberLeap will make commercially reasonable efforts, in accordance with its security incident management policies and procedures, to identify the cause of such Personal Data Breach, and provide Client with sufficient information to allow Client to meet its obligations under Section 1798.82 of the California Civil Code.

8.3 Client is solely responsible for complying with incident notification laws applicable to the Consumer. Client shall be solely responsible for identifying and notifying individual California residents impacted by any Personal Data Breach, as well as the California Attorney General if necessary.

8.4 At Clients sole expense and to the extent Client cannot itself access the information necessary to comply with its additional obligations under Applicable Laws, MemberLeap shall cooperate with Client and, if necessary, take such reasonable commercial steps as are directed by Client to assist in Clients investigation, mitigation, and remediation of each such Personal Data Breach. 

9. Indemnification.

9.1 The Client agrees to indemnify and hold harmless MemberLeap and its officers, directors, employees, agents, affiliates, successors, and permitted assigns against any and all losses, damages, liabilities, deficiencies, claims, actions, judgments, settlements, interest, awards, penalties, fines, costs, or expenses of whatever kind which MemberLeap may sustain as a consequence of the breach by the Client of its obligations pursuant to the Applicable Laws, where this Addendum is not in full force and effect.

10. General Terms.

10.1 It is intended by the Parties that all provisions of this Addendum be severable. If any term or provision hereof is illegal or invalid for any reason whatsoever, such illegality or invalidity shall not affect the validity or legality of the remainder of this Addendum and any such unenforceable term or provision shall be modified to the minimum extent necessary to make the term or provision enforceable.

10.2 Except for this Addendum, the Agreement and any other Addenda remains unchanged. The validity of all terms and conditions not expressly amended by this Amendment remain unaffected. In case of conflict between this Addendum and any other part of the Agreement or Addenda between the parties, this Addendum shall control only if the Client Personal Data at issue is subject to the Applicable Laws.     

10.3 Should any provision of this Addendum be found invalid or unenforceable pursuant to the Applicable Laws, then the invalid or unenforceable provision will be deemed superseded by a valid, enforceable provision that most closely matches the intent of the original provision and the remainder of the Addendum will continue in effect.

10.4 MemberLeap may amend the terms of this Addendum, insofar as the revised Addendum continues to comply with the relevant requirements of the Applicable Laws, upon notice to the Client by e-mail to the primary contact on the account. Any such amendments will automatically become effective within 10 days as of MemberLeap's transmission of each such notice.

10.5 If you are accepting the terms of this Addendum on behalf of an entity, you represent and warrant to MemberLeap that you have the authority to bind that entity and its affiliates, where applicable, to the terms and conditions of this Addendum.