Last Updated on May 3, 2023
(Veritone as Service Provider) (US)
THIS DATA PROTECTION ADDENDUM (this “Addendum”) is governed by and incorporated into those certain Terms and Conditions (the “Terms and Conditions”) referencing this Addendum that set forth the rights and obligations of a client (“Client”) accessing and/or using the Platform and/or Services (as such capitalized terms are respectively defined in such Terms and Conditions) from Veritone, Inc. or one of its direct or indirect subsidiaries (collectively, “Veritone”). Pursuant to the terms and conditions of this Addendum, Client hereby authorizes Veritone to Process Personal Information on behalf of Client. The Parties agree to comply with the terms and conditions set forth in this Data Protection Addendum with respect to any Personal Information.
a. “Data Protection Laws” means all applicable national, local, state, federal, provincial, and divisional, statutes, rules or regulations, reporting requirements, ordinances, orders, decrees, judgments, consent decrees, settlement agreements and laws that are applicable to a respective party relating to data protection and privacy and including, state laws requiring notice of breaches involving Personal Information, the Illinois Biometric Information Privacy Act, the California Consumer Privacy Act Of 2018, as amended, and its implementing regulations, the Virginia Consumer Data Protection Act (when effective), the Colorado Privacy Act (when effective) and any equivalent legislation, rule, regulation, and regulatory guidance, as amended, extended, repealed, consolidated, replaced, or re-enacted from time-to-time.
b. “Personal Information” means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Any definition of “personal information”, “personal data”, or equivalent, provided under Data Protection Laws shall apply when relevant.
c. “Process” or “Processing” (or any of its cognates, such as “Processes” or “Processed”) means any operation or set of operations performed on Personal Information, whether or not by automated means, such as collecting, recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing, disseminating or otherwise making available, aligning or combining, restricting, erasing, or destroying.
d. “Sale of Data” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, information, including Personal Information, to another business or a third party for monetary or other valuable consideration.
e. “Security Incident” means any actual or reasonably suspected theft or accidental, unauthorized, or unlawful access to or acquisition, use, loss, destruction, alteration, compromise or disclosure of any information, including Personal Information.
f. “Services” means the services provided or made available by Veritone to Licensee pursuant to the Agreement.Any capitalized terms used herein but not defined in this Addendum, shall have the meanings provided under applicable Data Protection Laws.
a. Veritone shall not permit Processing by, or disclose, or make any data available to, any affiliate, subcontractor, or other third party without consent of and right to objection by Licensee and subject to a requirement that such affiliate, subcontractor, or third party comply with all of the provisions of this Addendum and only use the data in the provision of the Services. Veritone shall ensure that each person Processing the Personal Information of Licensee, including any subcontractors, commits to the duty of confidentiality with respect to the Personal Information.
b. With respect to any permitted subcontractors, in addition to the requirements outlined in the Agreement and this Addendum, Veritone is responsible for the conduct and performance of each approved subcontractor or agent, is responsible to carry out adequate due diligence to make sure the subcontractor or agent is capable of providing the level of protection required by the Agreement, this Addendum, and applicable Data Protection Laws, and is responsible to make sure each permitted subcontractor or agent performs the obligations under the Agreement as if it were a party to the Agreement.
c. Veritone shall execute a written agreement with such approved subcontractor or agent containing terms at least as protective with respect to data as the Agreement and this Addendum (provided that Veritone shall not be entitled to permit the subcontractor or agent to further subcontract or otherwise delegate all or any part of its responsibilities). Veritone shall not disclose any data to a permitted subcontractor or agent unless and until the subcontractor or agent needs to have access to perform the contracted services and the subcontractor or agent receives access only to the least amount of data needed to complete the contracted services. Veritone will remain liable for the acts and omissions of any permitted subcontractor to the same extent it would be liable if performing the services of such subcontractor directly under the terms of this Addendum and the Agreement.