Channel Sales Agreement
Effective October 15, 2022
This Jobcase Channel Sales Agreement (the “Agreement”) is made and entered into by and between Jobcase, Inc., with offices at 201 Broadway, 7th Floor, Cambridge, MA 02139 (“Jobcase”), and the entity that agreed to the Jobcase Channel Sales Rate Card that refers to and incorporates this Agreement (“Reseller”). Jobcase and Reseller are sometimes referred to herein individually as a “Party” and collectively as the “Parties.”
WHEREAS Jobcase provides recruitment advertising technology and solutions and owns and/or operates an online community for job seekers and workers at www.jobcase.com (the “Jobcase Website”) as well as Job Boards (as defined below);
WHEREAS Reseller engages in the sale of recruitment advertising solutions to Employers (as defined below);
WHEREAS the Parties desire for the Reseller and/or Participating Properties (as defined below), as applicable, to sell Employer Services (as defined below) to Employers in accordance with the terms specified in the Rate Card (as defined below), and for Jobcase to provide Jobcase Services (as defined below) and Employer Services (as defined below), all in accordance with the terms and conditions of this Agreement.
NOW, THEREFORE, in consideration of the mutual promises contained herein, and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the Parties hereby agree as follows:
1. Definitions
DPA means the Data Processing Addendum attached to and made part of this Agreement.
Ecommerce Services are Job Listings and other Employer Services purchased directly by an Employer via the Posting Portal accessed from a Participating Property Job Board.
Effective Date means effective date of the Rate Card.
Employer is a person, agency or company that purchases Employer Services from Reseller or a Participating Property or from the Posting Portal.
Employer Services (Self Service) are products or services identified in the Rate Card and made available by Jobcase from time to time, such as Job Listings, and sold to Employers by Reseller or a Participating Property with pricing in accordance with the Rate Card. Employer Services may include Ecommerce Services and Non-Ecommerce Services.
Fee Structure is the net pricing to be received by Jobcase for Employer Services set forth on the Rate Card.
Job Board is a website made available to Job Seekers including the Jobcase Job Board.
Job Feed is a file, in a format and delivery method that has been approved by Jobcase, provided to Jobcase by or on behalf of Reseller or any Participating Property from time to time containing one or more Job Listings including a designation of the purchased Employer Services.
Job Listing is a description of a job opening for distribution on one or more Job Boards purchased by an Employer as Employer Services. For each Job Listing contained in the Job Feed, Reseller or the Participating Property will include the following required elements: ad number, job title, job location, job description, employer name and contact information, sales rep information (email address or rep id), confidential indicator, product identifier, and jobseeker apply method.
Job Seeker is an individual who visits a Job Board.
Job Seeker Data is any data collected by or on behalf of Jobcase from Job Seekers in connection with this Agreement.
Jobcase Job Board is the portion of the online community of www.jobcase.com that displays Job Listings.
Jobcase Privacy Policy is the then-current version of the Jobcase Privacy Policy available at https://www.jobcase.com/privacy-policy, as may be updated from time to time.
Jobcase Services Agreement is the Jobcase Services Agreement available at https://www.jobcase.com/services-agreement, as may be updated from time to time.
Jobcase Terms of Use is the Jobcase Terms of Use available at https://www.jobcase.com/terms-of-use, as may be updated from time to time.
Merchant Account is the online payment account linked to the Posting Portal through which Employers pay for Ecommerce Services, as applicable.
Non-Ecommerce Services (Sales Purchase) are Job Listings and other Employer Services purchased by an Employer via an interaction with Reseller or a Participating Property.
Participating Property means a newspaper, media company or other entity that engages in reseller sales that is owned and/or operated by Reseller, as applicable.
Participating Property Job Board is a Job Board hosted by a Participating Property on the Participating Property’s website that includes promotion of Employer Services to Employers, as applicable.
Posting Portal is a password protected website that, if applicable, is accessed from a Participating Property Job Board where the Reseller, Participating Property or an Employer can order Employer Services and post Job Listings.
Rate Card is the Jobcase Channel Sales Rate Card in effect between the Parties that includes the pricing for the Employer Services and the Fee Structure and may include additional terms and conditions agreed to between the parties.
Service Term means the period from the Effective Date until the expiration or termination of the Agreement.
2. Services and Payment
2.1 Reseller Services and Jobcase Services. At all times during the Service Term, (a) Reseller will (i) if applicable, provide or procure and ensure that each Participating Property provides to Jobcase the Job Feed comprised of Job Listings that conform with the Jobcase Job Listing Guidelines available at https:/www.jobcase.com/job-promotion-guidelines; (ii) unless otherwise specified in the Rate Card, not sell any services that compete with the Employer Services; and (iii) if applicable, configure, setup, and provide the back-end transaction processing (and from time to time during the Service Term as agreed by the Parties the merchant account interaction) in order to facilitate receiving, processing, and fulfilling Jobcase Services through the Posting Portal and the Job Feed; and (b) Reseller will procure and ensure that each Participating Property, if applicable, (i) will host a Participating Property Job Board on its website(s) that if agreed with Jobcase to be a co-branded site, includes Jobcase branding as approved by Jobcase that is accessible from a link on the top navigation bar of the Participating Property’s main page with a back link for SEO purposes and enable Jobcase to operate the Participating Property Job Board through such website(s) (the “Hosting Services”), and (ii) will use commercially reasonable efforts to offer and sell Employer Services to Employers in accordance with the Rate Card through its agents and employees and through the Posting Portal, if applicable, and (c) Jobcase (i) will operate the Posting Portal, if applicable, (ii) will operate each Participating Property Job Board with Participating Property branding as approved by Reseller, if applicable, (iii) will provide access to Reseller to on-demand performance metrics regarding the Employer Services, and (iv) will syndicate the Job Listings to Job Boards as required to fulfill Employer Services purchased by Employers (the “Jobcase Services”).
2.2 Employer Services. During the Service Term, Employers will purchase Ecommerce Services directly from Jobcase via the Posting Portal, if applicable, and Non-Ecommerce Services from Jobcase through an interaction with Reseller or a Participating Property. If applicable, Employers will pay for Ecommerce Services via the Merchant Account. Unless otherwise stated in the Rate Card, Reseller will provide the Merchant Account. From time to time during the Service Term, and upon mutual agreement of the Parties, the Parties may switch which Party is providing the Merchant Account. The Party that is providing the Merchant Account will charge the Employer for the Ecommerce Services at the time of purchase in accordance with the Fee Structure and Rate Card. Reseller and/or the Participating Property, as the case may be, (a) will ensure that the Employer accepts the Jobcase Privacy Policy and the Jobcase Service Agreement at the time of the purchase of Non-Ecommerce Services; (b) will inform Jobcase of any purchased Non-Ecommerce Services either by specifying the purchased Non-Ecommerce Services in the Job Feed or by adding such Non-Ecommerce Services to the Posting Portal, and (c) will invoice the Employer for the purchased Non-Ecommerce Services in accordance with the Fee Structure and Rate Card.
2.3 Licenses. Reseller will procure and ensure that (i) each Employer grants to Jobcase a non-exclusive, non-transferable license to use the information in Job Listing, including names and logos, in order to display and syndicate the Job Listings and (ii) if applicable, each Participating Property grants to Jobcase a, non-exclusive non-transferable license at all times during the Service Term to use the Hosting Services to provide the Jobcase Services. Jobcase hereby grants to Reseller and each Participating Property a non-exclusive, non-transferable license during the term of this Agreement to use the Jobcase Services and names and logos solely for the purposes contemplated by this Agreement.
2.4 Invoicing, Payment and Reconciliation.
2.4.1 Payment. All payments under this Agreement shall be made in United States Dollars without offset or deduction except as set forth herein and shall be subject to all applicable governmental regulations and rulings, including the withholding of any taxes as may be required by law.
2.4.2 Invoicing. Jobcase will invoice Reseller monthly for any amounts owing to Jobcase for (a) Non-Ecommerce Services, (b) Ecommerce Services for which Reseller made available the Merchant Account, and (c) merchant fees paid or payable by Jobcase for the use of the Merchant Account for the sale of Ecommerce Services, if applicable. Reseller shall pay the amount due to Jobcase within thirty (30) days after receiving the invoice. Reseller will invoice Jobcase monthly for any amounts owing to Jobcase for any Ecommerce Services for which Jobcase has provided the Merchant Account; Jobcase shall pay the amount due to Reseller within thirty (30) days after receiving the invoice.
2.5 Distribution Channels. Jobcase will determine in its discretion how to promote the Jobcase Services on the Jobcase Website, the Jobcase Network and third-party services, publishers, job boards and other entities in its distribution network (such third parties, collectively, the “Distribution Channels”). Jobcase will make reasonable efforts to distribute Job Listings to the Distribution Channels as included in Jobcase Services with the acknowledgement that (A) Jobcase has no control over the Distribution Channels, (B) Jobcase cannot ensure that Employer’s Job Listings will be accepted or promoted by any Distribution Channel, (C) Jobcase shall not be liable to Reseller, any Participating Property or any Employer if Job Listing is rejected or not posted by any Distribution Channel, (D) Reseller and/or Employer may be required to accept terms and conditions imposed by any Distribution Channel, and (E) neither Reseller nor Employer will be entitled to any refund for Job Listing not posted or distributed by any Distribution Channel. Further, except as set forth in the Rate Card, Jobcase makes no guarantee as to the number or quality of candidates or applications that Employer will receive as a result of its Job Listings.
3. Confidentiality
“Confidential Information” means any and all information, in whatever form, received by or on behalf of a Party (“Recipient”) from or on behalf of the other Party or its affiliates (“Discloser”) during the Term or otherwise in connection with this Agreement that is identified as being proprietary or confidential by the Discloser, or that a reasonable business person would regard as proprietary or confidential, provided, however that Confidential Information shall not include information which the Recipient can demonstrate (a) is or becomes generally known to the public through no act or omission of the Recipient or was made available to the Recipient for public dissemination, (b) was in the Recipient’s lawful possession prior to the disclosure by the Discloser and had not been obtained by the Recipient either directly or indirectly from the Discloser or unlawfully from any third party, (c) is lawfully disclosed to the Recipient without restriction on disclosure or in order to be shared publicly, or (d) is independently developed by the Recipient without reference to the Confidential Information. Information that relates solely to the performance of the Participating Property Job Boards shall be the Confidential Information of the Reseller; provided, however that Jobcase may aggregate any information with relating to this Agreement with other information such that no Participating Property may be publicly identified by such information and such aggregated information shall be the Confidential Information of Jobcase. Information that relates to the Jobcase Services or the Employer Services shall be the Confidential Information of Jobcase.
During the term of the Agreement and for a period of three years thereafter, (i) the Recipient shall use Confidential Information only accordance with the terms of and for the purposes of this Agreement, (ii) the Recipient shall limit the use of, and access to, the Confidential Information to its employees, affiliates or agents whose use of or access to the Confidential Information is reasonably necessary to carry out the obligations or to exercise Recipient’s rights under this Agreement, and (iii) the Recipient shall prevent the unauthorized disclosure, publication, display or use of Confidential information.
4. Representations and Warranties
Each Party represents and warrants that (a) it shall comply with all laws and regulations applicable to it in connection with this performance under this Agreement, and (b) it will comply with its obligations in the DPA. Reseller is liable for compliance with this Agreement by each Participating Property as applicable.
5. Disclaimer
EXCEPT AS MAY BE EXPRESSLY SET FORTH HEREIN, EACH PARTY’S SERVICES ARE PROVIDED “AS IS” AND EACH PARTY MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHATSOEVER, EXPRESSED, IMPLIED, ORAL, WRITTEN OR OTHERWISE, WITH RESPECT TO ITS SERVICES, PRODUCTS OR TECHNOLOGIES, INCLUDING, WITHOUT LIMITATION, WARRANTIES AS TO NON-INFRINGEMENT, TITLE, PATENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
6. Indemnification
Each Party to this Agreement, shall, upon prompt written request, indemnify and hold the other Party, its affiliates, subsidiaries, directors, officers, employees and agents harmless from and against all claims, demands and actions of or by any third party, including all liabilities, damages, obligations, costs and expenses relating thereto (such as reasonable attorneys’ and experts’ fees) (“Claims”) that arise from or relate to: (a) breach by such Party of any obligation under a law or regulation applicable to it in connection with this Agreement, (b) breach by such Party of its obligations under Section 3 of this Agreement, (c) breach by such Party of any obligation with respect to Company Personal Data (as defined in the DPA) applicable to it under the DPA; (d) if the case of Reseller as the indemnifying party, an allegation that any Job Listing fails to comply with law, that Jobcase did not have the right to use, display or share for distribution to Job Boards any Job Listing or information or logos associated with such Job Listing or for any Claims relating to its use, display or sharing of such Job Listing including any Claims that all or any portion of such Job Listing violates the intellectual property, including but not limited to copyright, trademark, trade secret, patent, or right of personality, publicity, or privacy of any third party; and (e) in the case of Jobcase as the indemnifying party, an allegation that Reseller’s or its customer’s use of the Jobcase Job Boards or any other products, services, content, or materials provided by Jobcase under this Agreement, in accordance with the terms of this Agreement, violates the intellectual property, including but not limited to copyright, trademark, trade secret, patent, or right of personality, publicity, or privacy of any third party.
The Party receiving indemnification (the “Indemnified Party”) agrees that the Party providing indemnification (the “Indemnifying Party”) may assume sole and exclusive control over the defense and settlement of any Claim with respect to which the foregoing indemnity obligations apply. The Indemnified Party shall promptly notify the Indemnifying Party of any Claim against it of which it becomes aware (provided however that any failure to so notify the Indemnifying Party shall not affect the Indemnifying Party’s obligations hereunder except to the extent the Indemnifying Party is prejudiced thereby). At the Indemnifying Party’s expense, the Indemnified Party will provide reasonable cooperation to the Indemnifying Party in connection with the defense or settlement of any such Claim. At the Indemnified Party’s expense, the Indemnified Party will be entitled to participate in the defense of any such Claim.
7. Limitation of Liability
Each Party’s aggregate liability for all damages of any kind arising out of or related to this Agreement, regardless of the nature of the legal or equitable right claimed, is limited to direct damages and shall not exceed the aggregate total of fees received by Jobcase under this Agreement during the six (6) months preceding the date giving rise to such liability for the particular services that are the subject of the alleged losses or injuries. Notwithstanding any other provision of the Agreement, under no circumstance shall either Party be liable to the other Party for any indirect, special, incidental, increased, consequential, exemplary or punitive damages, damages arising from loss of business, or lost profits, whether any of the foregoing are foreseeable or not, and however caused, even if such party is advised of the possibility that such damages or lost profits might arise.
8. Intellectual Property Rights, Licensing, Data Ownership and Data Security
8.1 Jobcase Licenses. Jobcase hereby grants to Reseller and each Participating Property a non-exclusive, royalty-free license to use, reproduce, distribute and publicly display Jobcase’s name and logo in connection with the Participating Property Services. Reseller acknowledges and agrees, on behalf of itself and each Participating Property, that, as between the Parties, Jobcase or its licensors own all right, title and interest in and to all patents, copyrights, trademarks, trade secrets and other intellectual property rights in and for the Jobcase Services and Employer Services, including any Jobcase Job Boards, any content therein (except as otherwise set forth herein) and any materials, information, logos or data provided to Reseller or any Participating Property by or on behalf of Jobcase in connection with this Agreement.
8.2 Reseller Licenses. Reseller hereby grants, and will procure and ensure that each Participating Property grants, to Jobcase a non-exclusive, royalty-free license to use, reproduce, distribute, market and publicly display the name and logo of Reseller and each Participating Property in connection with the Jobcase Services and Employer Services. Jobcase acknowledges and agrees that, as between the Parties, Reseller or its licensors own all right, title, and interest in and to all patents, copyrights, trademarks, trade secrets and other intellectual property rights in and for the Reseller and Participating Property websites, any content therein and any materials, information, logos or data provided to Jobcase by or on behalf Reseller or a Participating Property in connection with this Agreement.
8.3 Job Seeker Data. Reseller acknowledges and agrees, on behalf of itself and each Participating Property, that, as between the Parties, Jobcase owns all right, title and interest in and to any Job Seeker Data and that Jobcase will share Job Seeker Data with Employers in connection with the Employer Services. Any personally identifiable information (“PII”) included in Job Seeker Data collected on a Reseller or Participating Property website will be collected, used and stored in accordance with the Jobcase Privacy Policy and the Jobcase Terms of Use. Reseller and each Participating Property shall ensure that it shall maintain links to such policy and terms on any webpage that collects Job Seeker Data that includes PII.
8.4 Employer Data. The parties acknowledge and agree that Employers who purchase Employer Services are customers of Jobcase and of Reseller and/or a Participating Property. Each Party will obtain ownership rights in any PII relating to Employers and such PII will be collected, used and stored in accordance with the respective Party’s privacy policy and terms of use in effect from time to time. Each Party will own, process and store personal and business data relating to Employers for the purposes of fulfilling their obligations under this Agreement, marketing to Employers and enforcing any rights relating to this Agreement.
9. Insurance
Jobcase agrees to maintain during the Term and for not less than two (2) years thereafter at least the following insurance coverage: (a) workers’ compensation insurance at statutory limits; (b) commercial general liability insurance covering bodily injury and property damage, advertising and personal injury liability at $2,000,000; (c) professional liability (errors and omissions) insurance covering the Jobcase Services for acts, errors, or omissions and which policy will include coverage for negligent acts and errors and omissions arising out of or related to the Jobcase Services at $2,000,000.
10. Term and Termination
This term of this Agreement (the “Term”) commences on the Effective Date. The initial Service Term is one (1) year from the Effective Date and will automatically renew for consecutive periods of one year unless either Party submits written notice of its intention not to renew at least 90 days prior to the renewal date. Either Party may terminate this Agreement in its entirety with 90 days prior written notice to the other Party in the event of a breach of any material provision of this Agreement by the other Party, provided such breach has not been cured by the breaching Party during such 90-day period. Any provision of this Agreement that is intended to survive the termination of this Agreement shall so survive.
11. Assignment
Neither Party shall assign any of its rights, obligations or licenses hereunder without the prior written consent of the other Party, which shall not be unreasonably withheld or delayed; provided, however, that either Party may assign this Agreement and its rights and obligations hereunder to a successor of such Party by way of merger, consolidation or acquisition of all or substantially all of the assets or business of such assigning Party so long as such successor is not a competitor to the other Party and agrees in writing to be bound by all of the terms and conditions of this Agreement, including any outstanding liabilities.
12. Independent Contractors and SPIFs
The parties shall be independent contractors and not employees. Each Party (including in the case of Reseller, each Participating Property) shall be liable for the management and supervision of its employees and agents and any payment or tax obligations owing to its employees and contractors and the acts and omissions of its employees and agents. From time to time, Jobcase may offer a financial incentive that encourages a sales representative or sales managers of Reseller or a Participating Property to sell certain Employer Services. In the event that Jobcase offers such an incentive, Jobcase shall pay the aggregate SPIF amounts to Reseller and/or the Participating Properties which shall pay the applicable SPIF amounts directly to the sales rep or manager earning the incentive and any incentive not paid directly to the sales rep or manager will be returned to Jobcase.
13. Notices
Except as otherwise specified, notices under to this Agreement must be delivered by (a) certified mail, return receipt requested, (b) personal delivery, or (c) nationally recognized overnight delivery service (including Federal Express, UPS and DHL) and sent, in the case of Jobcase, to Jobcase at the address above with a copy to [email protected], and in the case of Reseller, to Reseller at its address set forth on the Rate Card
14. Support
14.1 Support Hours. The Jobcase support team can be reached Monday – Friday on non-holidays from 8:00 a.m. to 5:00 p.m. Central Standard Time, during which Reseller or any Participating Property can request support via email or telephone from an Account Manager (“AM”). Email contact within that time frame will be responded to by telephone or email within one hour of receipt.
14.2 After-Hours Support. Outside of Jobcase’s standard business hours, Reseller or Participating Property will contact the AM via telephone or email for Non-Emergency Issues as defined below. If the Reseller or Participating Property considers the issue an Emergency Issue as defined below, the Reseller or Participating Property will contact the AM using the cell phone number provided to Reseller or Participating Property.
Level | Description | Example | Resolution |
---|---|---|---|
Emergency | An emergency issue is defined as an issue that interrupts or significantly impairs the operation of the Jobcase product provided to Reseller or Participating Property. | Inability to view multiple job postings, unable to submit an application, or the Jobcase product become unavailable for use by either Reseller, Participating Property, Employer or Job Seeker. | AM will alert on-call technical staff for immediate response. AM will communicate back to Reseller or Participating Property an ETA for resolution. |
Non-emergency | A non-emergency issue is defined as an issue that affects a limited area of the Jobcase product or a limited number of users. | A single job posting is unavailable or not found. Broken images or text, or some users encounter difficulty in using the product. Any issue that cannot be reproduced. | AM will document the issue and communicate the course of action and ETA to the Reseller or Participating Property the next business day. |
15. Force Majeure
Except with respect to delays or failures caused by the negligent or willful act or omission of a Party, any delay in or failure of performance by a Party under this Agreement, except for payment of money, will not be considered a breach of this Agreement and will be excused to the extent caused by any occurrence beyond the reasonable control of such Party including, but not limited to, acts of God, internet outages, DNS attacks, power outages (a “Force Majeure Event”), provided that the Party affected by such event will use its reasonable efforts to mitigate or avoid such failure or delay, and shall immediately begin or resume performance as soon as practicable after the event has abated. Excusable delays do not include lockout, shortage of labor, lack of or inability to obtain raw materials, fuel or supplies or any other industrial disturbance, public health emergencies, or cybersecurity events. If the act or condition beyond a Party’s reasonable control that prevents that Party from performing any of its obligations under this Agreement continues for thirty (30) days or more, then the other Party may terminate this Agreement immediately upon written notice to the non-performing Party.
16. Governing Provisions
This Agreement shall be governed in all respects by the substantive laws of the State of Delaware. This Agreement will supersede any prior agreement between the Parties or between Jobcase or any Participating Property with regards to the subject matter of this Agreement and constitutes the entire agreement relating thereto. Jobcase reserves the right to amend or modify the Rate Card by providing notice to Reseller at least 30 days prior to any such modification or amendment becomes effective; an email or a notice on the Jobcase Website or notice in Jobcase’s customer portal constitutes effective notice for such purpose. Furthermore, Jobcase reserves the right to modify or amend this Agreement at any time by posting a revised version of the Agreement on the Jobcase Website or by notifying Reseller; an email or a notice on the Jobcase Website or notice in Jobcase’s customer portal constitutes effective notice for such purpose. Reseller’s continued use of the Jobcase Services or sale of Employer Services after any the effective date of such modification or amendment constitutes Reseller’s acceptance of the amended Agreement. If Reseller does not agree to any of the terms of this Agreement or the Rate Card, Reseller must not use or access (or continue to access) the Jobcase Services and must discontinue the sale of Employer Services. The obligations under this Agreement extend to all persons and entities who use or access the Jobcase Services or sell the Employer Services on behalf of Reseller, including any Participating Property. The failure of either Party at any time to enforce any right or remedy available to it under this Agreement or otherwise with respect to any breach or failure by the other Party does not constitute a waiver of such right or remedy with respect to any other breach or failure by the other Party. In the event of any conflict between the terms of this Agreement and the Rate Card, the terms of the Rate Card shall prevail.
Data Processing Addendum
This Data Processing Addendum (the “DPA”) is made part of and incorporated into the Jobcase Reseller Services Agreement between Jobcase and Reseller (the “Agreement”) and applies to the processing of Business Personal Data (as defined below) pursuant to the Agreement. In the event of a conflict between this DPA and the Agreement, this DPA shall prevail. Capitalized terms not defined in this DPA have the meanings set forth in the Agreement.
Two schedules are incorporated into, and form part of, this DPA:
Schedule 1, Description of Personal Data and Controlling Activities: Contains details about the processing of Personal Data, including the purpose and nature of the processing, types of Personal Data, categories of data subject and duration of the processing.
Schedule 2, Technical and Organizational Safeguards: Contains the requirements for technical and organizational measures.
1. Definitions.
a. “Applicable Law” means any and law, statute, rule, regulation or ordinance applicable to a Party’s obligations under the Agreement including all applicable Data Privacy Laws.
b. “Business” means the entity that determines the purposes and means of the Processing of Personal Data and includes the term “Business.”
c. “Business Personal Data” means any Personal Data that is provided or made available by a Party to the other Party under the Agreement in connection with the providing Party’s provision or use (as applicable) of the Business Services.
d. “Business Services” means the services as described in the Agreement.
e. “CPRA” means the California Privacy Rights Act, as amended or superseded, and any regulations promulgated thereunder.
f. The term “Consumer” shall have the same meaning as in the CPRA.
g. “Data Privacy Laws” means all data protection laws and regulations applicable to a Party’s Processing of Business Personal Data under the Agreement, including the CPRA and any successor laws.
h. “Data Subject” means the identified or identifiable natural person to whom Personal Data relates, including but not limited to a Consumer.
i. “Personal Data” or “Personal Information” means any data or information Processed by a Party in connection with the Agreement to the extent it is (i) data or information that identifies, relates to, describes, references, or is reasonably capable of being associated with an identified or identifiable natural person (or identified or identifiable household in the case of CPRA) and/ or (ii) any other data or information which may be considered to be of a personally identifying nature as determined by Applicable Law from time to time.
j. “Personal Data Breach” or “Personal Data Incident” means a breach of security that leads to or is reasonably expected to lead to the accidental, unlawful, or unauthorized destruction, loss, alteration, unauthorized disclosure of, or access to, Business Personal Data.
k. “Personnel” means all officers, directors and employees, independent contractors or service providers of a Party.
l. “Process,” “Processing” and “Processed” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available.
m. “Sale” and “Sharing” shall have the meaning assigned to it in the CPRA.
n. “Service Provider” means the entity which Processes Personal Data on behalf of the Business.
2. Role of the Parties. For purposes of the CPRA, each Party is an independent Business of the Business Personal Data that it collects, transfers or Processes pursuant to the Agreement. Each Party shall be individually and separately responsible for complying with the obligations that apply to it as a Business under the CPRA. Each Party will individually determine the purposes and means of its Processing of Business Personal Data. For purposes of the CPRA, each Party is considered to be a “third party” or as otherwise considered under the US IAB Framework.
3. Obligations of the Parties.
a. Each Party represents and warrants at all times during the term of this DPA that: (i) it will comply with all applicable requirements of Data Privacy Laws; (ii) it has the necessary right and authority to enter into this DPA and to perform its obligations herein; (iii) its execution and performance under this DPA and the Agreement will not violate any agreement to which it is a party; and (iv) it maintains a privacy notice and/or legally required statement disclosing data collection and use practices. Each Party represents and warrants that its privacy notice provides all information to Data Subjects as required by Applicable Law including, when required, that Personal Data of Data Subjects may be passed to third parties.
b. Reseller shall be responsible for the acts and omissions of Participating Properties to the same extent as if they were parties hereto.
c. Without limiting the foregoing, each Party will maintain a publicly accessible privacy policy on its website that is in compliance with Data Privacy Laws.
d. Each Party will notify the other Party in writing of any action or instruction of the other Party under this DPA or the Agreement which, in its opinion, infringes applicable Data Privacy Laws.
e. Subject to this DPA, each Party, acting as a Business, may Process the Business Personal Data in accordance with, and for the purposes permitted in, the Agreement and in its respective privacy policy (the “Permitted Purposes”).
4. Security and Confidentiality. Each Party shall implement appropriate technical and organizational measures to protect the Business Personal Data from unauthorized, accidental or unlawful access, loss, disclosure or destruction. In the event that a Party suffers a Personal Data Breach and it is required by Applicable Law to notify the other Party (a “Notice Breach”) or if a Party suffers a Personal Data Breach that relates primarily to common Employer customers of the Parties or Job Seeker Data collected from Participating Property Job Boards, it shall notify the other Party without undue delay, but in any event within five (5) business days, and both Parties shall cooperate in good faith to agree and take such measures as may be necessary to mitigate or remedy the effects of the Personal Data Breach. Nothing herein prohibits either Party from providing notification of the Personal Data Breach to regulatory authorities as may be required by Data Privacy Laws prior to notification of the other Party so long as the notifying Party provides notification to the other Party without undue delay. Each Party shall ensure that all of its Personnel who have access to and/or Process Business Personal Data are obliged to keep the Business Personal Data confidential. In the event that a Party suffers a Notice Breach, that Party will provide to the other Party (i) information including the type and approximate amount of personal data records affected, the categories and approximate number of Data Subjects affected and their state of residence (to the extent available), the likely consequences of the breach and the measures taken or proposed to be taken by the Party to address the Personal Data Breach and mitigate its adverse effects, and (ii) provide timely updates to this information and any other information as the Party may reasonably request relating to the Notice Breach. The Party suffering a Personal Data Breach will take prompt action to mitigate any harm to the other Party or the Business Personal Data.
5. Data Subject Requests. Each Party will process its own requests for Data Subjects to exercise their rights. With respect to objections from, or on behalf of Data Subjects to the Processing of Personal Data that is shared between the Parties, including requests to opt-out from the Sale or Sharing of Personal Information pursuant to CPRA, the Parties will collaborate to honor such objections and requests.
6. Compliance Cooperation. Both Parties agree to use commercially reasonable efforts to cooperate and assist each other in relation to any regulatory inquiry, complaint or investigation concerning the Business Personal Data shared between the Parties and will notify the other party of any material changes to its previously disclosed data collection and compliance policies with respect to Business Personal Data.
7. Data Retention. Both Parties shall fulfill their obligations with regards to their respective data retention periods as stated in their respective privacy policies and in accordance with Data Privacy Laws.
8. Allocation of Costs. Each Party shall perform its obligations under this DPA at its own cost, except as otherwise specified herein.
9. Liability. The liability of the Parties under or in connection with this DPA will be subject to the exclusions and limitations of liability in the Agreement.
10. Miscellaneous. If any provision or condition of this DPA is held or declared invalid, unlawful or unenforceable by a competent authority or court, then the remainder of this DPA shall remain valid. The provision or condition affected shall be construed to be amended in such a way that ensures its validity, lawfulness and enforceability while preserving the parties’ intentions, or if that is not possible, as if the invalid, unlawful or unenforceable part had never been contained in this DPA. This DPA shall be governed by and construed in accordance with the laws governing the Agreement, and any disputes shall be resolved by the courts, if any, agreed for resolution of disputes under the Agreement.
Schedule 1 to DPA
Description of Personal Data and Controlling Activities
Each Party (and any Service Provider of a Party) Processes the Business Personal Data as described below.
Subject Matter, Nature and Purpose
Processing of Business Personal Data in connection with a Party’s rights and obligations under the Agreement
Duration
During the term of the Agreement and for such period thereafter in connection with a Party’s rights and obligations under the Agreement
Categories of Individuals/ Data Subjects
Employees of Employers and the Parties
Type of Personal Data
Business Personal Data, including names, email address, phone numbers and addresses
Sensitive Data
None
Schedule 2 to DPA
Technical and Organizational Safeguards and Information Security Program
Each Party shall exercise appropriate security controls and measures to manage and protect Personal Data in its possession from unauthorized or unlawful access, use, alteration, disclosure, distribution, loss, destruction or damage.
Each Party has implemented technical and security measures that include, but are not limited to:
(a) | treating and safeguarding Personal Data as strictly private and confidential and taking all steps necessary to preserve such confidentiality both during and after the termination of the Agreement. | |
(b) | making Personal Data available to the Party’s employees and/or agents who have been trained and informed that they shall not collect, process or use Personal Data without authorization and that they shall keep Personal Data confidential, during and after termination of their activity. | |
(c) | using, copying, reproducing or distributing Personal Data only for the purpose(s) set out in the Agreement or otherwise as permitted by applicable laws and not for any other purposes, unless authorized for another purpose in another agreement. | |
(d) | minimizing, to the fullest extent possible, the disclosure of Personal Data to third parties except as necessary to enable each Party to discharge the Party’s obligations to third parties. | |
(e) | using reasonable encryption methods for securely storing Personal Data according to its sensitivity and proportional to the risk that the inappropriate use or disclosure of that information could cause financial, physical, or reputational harm to an individual or household. |
In addition, each Party has implemented the following technical and organizational measures:
Physical access control
These measures are designed to prevent unauthorized persons from gaining access to the data processing systems available in premises and facilities (including databases, application servers and related hardware), where Personal Data are processed, and include:
- Establishing access authorizations for employees and third parties
- Access control system (ID reader, magnetic card, chip card)
- Key management, card-keys procedures
- Door locking (electric door openers etc.)
- Securing decentralized data processing equipment and personal computers
Virtual access control
These measures are designed to prevent data processing systems from being used by unauthorized persons and include:
- User identification and authentication procedures
- ID/password security procedures (special characters, minimum length, change of password)
- Automatic blocking (e.g., password or timeout)
- Monitoring of break-in-attempts and automatic turn-off of the user ID upon several erroneous passwords attempts
- Creation of one master record per user, user master data procedures, per data processing environment
- Encryption of archived data media
Data access control
These measures are designed to ensure that persons entitled to use a data processing system gain access only to such Personal Data in accordance with their access rights, and that Personal Data cannot be read, copied, modified or deleted without authorization, and include:
- Internal policies and procedures
- Control authorization schemes
- Differentiated access rights (profiles, roles, transactions and objects)
- Monitoring and logging of accesses
- Disciplinary action against employees who access Personal Data without authorization
- Reports of access
- Access procedure
- Change procedure
- Deletion procedure
- Encryption
Disclosure control
These measures are designed to ensure that Personal Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage on storage media (manual or electronic) and that it can be verified to which companies or other legal entities Personal Data are disclosed, and include:
- Encryption/tunnelling
- Logging
- Transport security
- Due diligence process to ensure that any companies or other legal entities that receive Personal Data can comply with data protection obligations
Entry control
These measures are designed to monitor whether data have been entered, changed or removed (deleted), and by whom, from data processing systems, and include:
- Logging and reporting systems
- Audit trails and documentation
Control of instructions
These measures are designed to ensure that Personal Data are processed solely in accordance with the instructions of the controller and include:
- Unambiguous wording of the contract
- Formal commissioning (request form/statement of work)
- Subprocessor responsibility
- Due diligence process to require that any subprocessors comply with their obligations
Availability control
These measures are designed to ensure that Personal Data are protected against accidental destruction or loss (physical/logical) and include:
- Backup procedures
- Mirroring of hard disks (e.g., RAID technology)
- Uninterruptible power supply (UPS)
- Remote storage
- Anti-virus/firewall systems
- Disaster recovery plan
Separation control
These measures are designed to ensure that Personal Data collected for different purposes can be processed separately and include:
- Separation of databases
- Internal client” concept / limitation of use
- Segregation of functions (production/testing)
- Procedures for storage, amendment, deletion, transmission of data for different purposes
Security Incident Management
These measures are intended to address actual or suspected Personal Data Incidents
- Notifying Consumers of any confirmed Personal Data Incident as required by Applicable Law
- Personal Data Incident management plan in place