CCPA Amendment to Data Processing Addendum/Agreement

This CCPA Amendment to Data Processing Addendum (“Addendum“), forms part of the Master Subscription Agreement (“Agreement”) between Insider and Customer. This Addendum reflects the parties’ desire and intent to modify and amend the Agreement, in accordance with the terms and conditions hereinafter set forth, with regard to the processing of Customer Personal Information (as defined below) by Insider on behalf of the Customer. Capitalized terms not defined herein shall have the meanings assigned to such terms in the Agreement.

1. DEFINITIONS
1.1. “CCPA” means the California Consumer Privacy Act of 2018, Cal. Civ. Code §1798.100 et. seq., and its implementing regulations.
1.2. “Customer Personal Information” or “Personal Information” means any Customer Data maintained by Customer and processed by Insider solely on Customer’s behalf, that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, to the extent that such information is protected as “personal information” (or an analogous variation of such term) under applicable U.S. Data Protection Laws.
1.3. “U.S. Data Protection Laws” means all laws and regulations of the United States of America, including the CCPA, applicable to the processing of personal information (or an analogous variation of such term).
1.4. “Service Provider” has the meaning set forth in Section 1798.140(v) of the CCPA.

2. SCOPE AND APPLICABILITY OF THIS ADDENDUM
2.1. This Addendum applies to the collection, retention, use, and disclosure of the Personal Information to provide services of Insider to Customer pursuant to the Agreement or to perform a business purpose.
2.2. Customer is a appoints Insider as a Service Provider to process the Personal Information on behalf of Customer. Customer is responsible for compliance with the requirements of the CCPA applicable to its business.
2.3. Insider’s collection, retention, use, or disclosure of Personal Information for its own purposes independent of providing the Services specified in the Agreement are outside the scope of this Addendum.

3. AMENDMENTS
3.1 Roles. The parties acknowledge and agree that with regard to the processing of Customer Personal Information performed solely on behalf of Customer, Insider is a Service Provider as stated under Article 2.2 and receives Customer Personal Information pursuant to the business purpose of providing the Services to Customer in accordance with the Agreement.
3.2 No Sale of Customer Personal Information to Insider. Customer and Insider hereby acknowledge and agree that in no event shall the transfer of Customer Personal Information from Customer to Insider pursuant to the Agreement constitute a sale of information to Insider, and that nothing in the Agreement shall be construed as providing for the sale of Customer Personal Information to Insider.
3.3 Limitations on Use and Disclosure. Insider is prohibited from using or disclosing Customer Personal Information for any purpose other than the specific purpose of performing the Services specified in the Agreement, the permitted business purposes set under applicable law, and as required under applicable law or as otherwise permitted by the CCPA. Insider hereby certifies that it understands the foregoing restriction and will comply with it in accordance with the requirements of applicable U.S. Data Protection Laws. Thus, Insider shall not further collect, sell, or use the Personal Information except as necessary to perform the business purpose. For the avoidance of doubt, Insider shall not use the Personal Information for the purpose of providing services to another person or entity, except that Insider may combine Personal Information received from one or more entities to which it provides similar services to the extent necessary to detect data security incidents or protect against fraudulent or illegal activity.
3.4 Data Subject Access Requests. Insider will reasonably assist Customer with any data subject access, erasure or opt-out requests and objections. If Insider receives any request from data subjects, authorities, or others relating to its data processing, Insider will without undue delay inform Customer and reasonably assist Customer with developing a response (but Insider will not itself respond other than to confirm receipt of the request, to inform the data subject, authority or other third party that their request has been forwarded to Customer, and/or to refer them to Customer, except per reasonable instructions from Customer). Insider will also reasonably assist Customer with the resolution of any request or inquiries that Customer receives from data protection authorities relating to Insider unless Insider elects to object such requests directly with such authorities.
3.5 Effect of this Addendum. In the event of any conflict or inconsistency between the terms of this Addendum and the terms of the Agreement with respect to the subject matter hereof and solely where U.S. Data Protection Laws apply, the terms of this Addendum shall control.

4. NOTICE
4.1. Customer represents and warrants that it has provided notice that the Personal Information is being used or shared consistent with Cal. Civ. Code 1798.140(t)(2)(C)(i).

5. MERGERS, SALE, OR OTHER ASSET TRANSFER
In the event that either Party transfers to a third party the Personal Information of a Consumer as an asset that is part of a merger, acquisition, bankruptcy, or other transaction in which the third party assumes control of all or part of such Party to the Agreement, that information shall be used or shared consistently with applicable law. If a third party materially alters how it uses or shares the Personal Information of a Consumer in a manner that is materially inconsistent with the promises made at the time of collection, it shall provide prior notice of the new or changed practice to the Consumer in accordance with applicable law.

6. AS REQUIRED BY LAW
Notwithstanding any provision to the contrary of the Agreement, the Addendum, Insider may cooperate with law enforcement agencies concerning conduct or activity that it reasonably and in good faith believes may violate international, federal, state, or local law.

Cookie	Duration	Description
__hssrc	session	This cookie is set by Hubspot. According to their documentation, whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	1 year	This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Analytics".
cookielawinfo-checkbox-necessary	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".

Cookie	Duration	Description
__hssc	30 minutes	This cookie is set by HubSpot. The purpose of the cookie is to keep track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.
bcookie	11 months	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	This cookie is set by LinkedIn and used for routing.

Cookie	Duration	Description
__hstc	11 months	This cookie is set by Hubspot and is used for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	1 year	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_UA-81205217-1	1 minute	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
_gcl_au	3 months	This cookie is used by Google Analytics to understand user interaction with the website.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
hubspotutk	11 months	This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.
bscookie	11 months	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
fr	3 months	The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin.
IDE	11 months	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.

Cookie	Duration	Description
AnalyticsSyncHistory	1 month	No description
cookielawinfo-checkbox-functional	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-others	1 year	No description
ins-c	1 day	No description
ins-storage-version	1 year	No description
insdrPushCookieStatus	1 day	This cookie is set by the provider Insider. This cookie is used for web push recieving.
RUL	1 year	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.