CCPA Data Processing Addendum
- Except as described otherwise, the definitions of: “controller” includes “Business”; “processor” includes “Service Provider”; “data subject” includes “Consumer”; “personal data” includes “Personal Information”; in each case as defined under the CCPA.
- For this “California” section of Annex 3 only, “Permitted Purposes” shall include processing Customer Data only for the purposes described in this DPA and in accordance with Customer’s documented lawful instructions as set forth in this DPA, as necessary to comply with applicable law, as otherwise agreed in writing, including, without limitation, in the Agreement, or as otherwise may be permitted for “service providers” under the CCPA.
- Sketch B.V.’s obligations regarding data subject requests, as described in Section 6 (Data Subject Rights) of this DPA, extend to rights requests under the CCPA.
- Notwithstanding any use restriction contained elsewhere in this DPA, Sketch B.V. shall process Customer Data to perform the Service, for the Permitted Purposes and/or in accordance with Customer’s documented lawful instructions, or as otherwise permitted or required by applicable law.
- Notwithstanding any use restriction contained elsewhere in this Annex 3, Sketch B.V. may de-identify or aggregate Customer Data as part of performing the Service specified in this DPA and the Agreement.
- Where Sub-processors process the Personal Information of Customer contacts, Sketch B.V. takes steps to ensure that such Sub-processors are Service Providers under the CCPA with whom Sketch B.V. has entered into a written contract that includes terms substantially similar to this Annex 3 or are otherwise exempt from the CCPA’s definition of “sale”. Sketch B.V. conducts appropriate due diligence on its Sub-processors.