Licensing Agreement

​

This agreement (the “Agreement”) constitutes a binding contract between RedHot Consulting, Inc. ("we", "us", "our" “OneGTM” or "RedHot"), and the customer (“Customer”) identified in the Proposal (as defined below).

WHEREAS, OneGTM develops and operates software as a service to help go-to-market teams work better together, plan and execute as one, using AI, automation, and rich date (the “Service”); and

WHEREAS Customer is interested in purchasing a license to use the Service internally within Customer’s organization (the “Purpose”); 

NOW THEREFORE, in consideration of the mutual covenants hereinafter, by Customer signing the Proposal or by Customer issuing a purchase order pursuant to the Proposal, the Parties agree as follows: 

1. Definitions 

   1. Customer’s Personal Data means any personal data or personal information that the Customer feeds into the Service or which is otherwise processed by the Service for and on behalf of the Customer, excluding any personal data processed by the Service for the proper administration of the Service.

   2. “Output Data” means the various reports, alerts, analytics, recommendations, notices, and other types of information and data that the Service may generate, provide or make available to Customer.

   3. "Service Data” means: (a) the data collected and processed in the course of providing the Service, about the use of the Service, including de-identified data, bandwidth utilization, (b) statistical or aggregated information about Customer’s use of the Service and all pertinent information at Customer’s disposal concerning bugs, errors and malfunctions in the Software, performance of the Software, its compatibility and interoperability, and (c) any personal data processed for the proper administration of the Service.

   4. Customer’s Data means Customer’s Personal Data and Output Data collectively. 

   5. “Proposal” means the proposal or price quote issued by OneGTM, specifying, among others, the Customer’s details and the Fees applicable to this Agreement. Such Proposal is incorporated by reference to this Agreement, and constitutes an integral part of it.

   6. “Term” means the period of this Agreement as specified in section 11 below.

2. License to Use the Service 

   1. Subject to the provisions of Sections 4 below and, OneGTM grants Customer a limited, non-transferable, non-assignable, non-exclusive, and non-sublicense-able right to use the Service and Output Data during the Term solely for the Purpose and for internal use only, pursuant to the usage parameters, limits and metrics specified in the Proposal (the “License”).

   2. Customer must ensure that its employees, consultants and agents that it designates to use and deal with the Service fully comply with this Agreement. Customer shall be liable to OneGTM for all acts or omissions of those that use and deal with the Service on its behalf, as though Customer had performed those acts or omissions.

3. Use Restriction 

Customer and its employees, agents, independent contractors or consultants shall not: 

1. sublicense, transfer and/or assign the Service or any part thereof to any third party, with or without consideration; 

2. render any services to third parties using the Service; 

3. remove, or in any manner alter, any product identification, proprietary, trademark, copyright or other notices contained in the Service; 

4. allow any third parties to use the Service; 

5. interfere with, burden or disrupt the Service’s functionality; 

6. make any copies of the Service, its content or any portions thereof. 

7. display content from the Service in any way; including by any software, feature, gadget or communication protocol which may alter the content or its design; 

8. download content from the Service for any purpose, unless explicitly stated by OneGTM that such action is permitted; 

9. work around any technical limitations of the Service;

10. breach the security of the Service, identify, probe or scan any security vulnerabilities in the Service; 

11. use any tool to enable features or functionalities that are otherwise disabled, inaccessible or undocumented in the Service; 

12. send any virus, worm, Trojan horse or other malicious or harmful code or attachment;

13. use robots, crawlers and similar applications to scrape, harvest, collect or compile content from or through the Service.

14. enhance, supplement, modify, adapt, decompile, disseminate, disassemble, recreate, generate, reverse assemble, reverse compile, reverse engineer, or otherwise attempt to identify the underlying source code of the Service; or 

15. use the Service in order to develop, or create, or permit others to develop or create, a product or service similar or competitive to the Service.

Any such improper use of the Service will result in irreparable harm to OneGTM for which monetary damages would be inadequate. 

1. Intellectual Property 

   1. The Service is a proprietary offering of OneGTM, protected under copyright laws and international copyright treaties, patent law, trade secret law and other intellectual property rights of general applicability. The Service is licensed to Customer for use and access only in accordance with the terms of this Agreement and is not sold or licensed in any other way.

   2. Except for Customer’s limited access to use the Service according to this Agreement, this Agreement does not grant or assigns to Customer, any other license, right, title, or interest in or to the Service, Service Data and Output Data or the intellectual property rights associated with them. All rights, title and interest, including copyrights, patents, trademarks, trade names, trade secrets and other intellectual property rights, and any goodwill associated therewith, in and to the Service or any part thereof, including computer code, graphic design, layout and the user interfaces of the Service, whether or not based on or resulting from Feedback, are and will remain at all times, owned by, or licensed, to OneGTM. 

   3. Customer may provide OneGTM with Service Data about the Service’s experience of use, including information pertaining to bugs, errors and malfunctions of the Service, performance of the Service, the Service’s compatibility and interoperability, and  information or content concerning enhancements, changes or additions to the Service that Customer requests, desires or suggests. Customer hereby assigns all right, title and interest in and to the Service Data to OneGTM, including the right to make commercial use thereof, for any purpose OneGTM deems appropriate.

   4. The Service uses or includes open source software components listed within the Service’s documentation (“OSS”). To the extent so stipulated by the license that governs each OSS ("OSS License"), each such OSS is subject to its respective OSS License, not these Terms, and is licensed to you directly by its respective licensor, not sublicensed by us. If, and to the extent, an OSS License requires that these Terms effectively impose, or incorporate by reference, certain disclaimers, provisions, prohibitions or restrictions, then such disclaimers, provisions, prohibitions or restrictions shall be deemed to be imposed, or incorporated by reference into this Agreement, as required, and shall supersede any conflicting provision of this Agreement, solely with respect to the corresponding OSS which is governed by such OSS License

   5. Subject to your written consent, and notwithstanding anything to the contrary herein, OneGTM may identify Customer as a customer and indicate Customer as a user of the Service on its website and in other online or offline marketing materials and press releases. Customer hereby grants OneGTM a worldwide, non-exclusive, non-transferable, royalty-free and free of charge, license, to use Customer’s name, logo, and website URL on its website and in other online or offline marketing materials relating to the Service. OneGTM will use this content strictly in accordance with any usage guidelines sent by Customer in advance. 

2. Confidentiality 

   1. ”Confidential Information” shall mean any and all information disclosed by one party (”Disclosing Party”) to the other (”Receiving Party”) regarding past, present, or future marketing and business plans, customer lists, lists of prospective customers, technical, financial or other proprietary or confidential information of the Disclosing Party, formulae, concepts, discoveries, data, designs, ideas, inventions, methods, models, research plans, procedures, designs, formulations, processes, specifications and techniques, prototypes, samples, analyses, computer programs, trade secrets, data, methodologies, techniques, non-published patent applications and any other data or information, as well as improvements and know-how related thereto. 

   2. Each Party herein must hold any Confidential Information in confidence using the same degree of care, but in no case less than a reasonable degree of care, that it uses to prevent the unauthorized dissemination or publication of its own confidential information. Receiving Party may use this Confidential Information only for the purpose of performing its obligations under this Agreement. 

   3. The obligations set forth in this section shall not apply to information that: (i) is now or subsequently becomes generally available in the public domain through no fault or breach on Receiving Party's part; (ii) Receiving Party can demonstrate in its prior established records to have had rightfully in Receiving Party's possession prior to disclosure of the same by the Disclosing Party; (iii) Receiving Party can demonstrate by written records that it had rightfully obtained the same from a third party who has the right to transfer or disclose it, without default or breach of confidentiality obligations; (iv) Disclosing Party has provided its prior written approval for disclosure; or (v) Receiving Party are required to disclose pursuant to a binding order or request by court or other governmental authority, or a binding provision of applicable law, provided that, to the extent permissible, Receiving Party provide the Disclosing Party notice of the requested disclosure as soon as practicable, to allow the Disclosing Party, if it so chooses, to seek an appropriate protective or preventive order.

3. Data and Privacy 

   1. The parties agree that the Data Processing Addendum attached to this Agreement governs the processing of Customer’s Personal Data.

   2. Customer acknowledges and agrees that OneGTM will handle and use (by itself or by using trusted third-party service providers) the Service Data as follows: 

      1. To provide the Service to Customer, conduct administrative and technical activities necessary to maintain and provide the Service and to improve and customize the Service; 

      2. To conduct analysis or generate metrics related to the Service;

      3. For commercial and marketing purposes, publication of case studies and white papers (only in a form not identifying the Customer or its users);

      4. To bill and collect fees, enforce this Agreement and take any action in any case of dispute, or legal proceeding of any kind involving Customer with respect to the Service; 

      5. To prevent fraud, misappropriation, infringements, and other illegal activities and misuse of the Service; 

      6. To develop new products and services, for research and testing and for any other purpose. 

Customer will not be entitled to any remuneration from OneGTM for such uses. 

1. OneGTM may disclose or share Customer’s Service Data, if required, or if it reasonably believes that it is required, by law, pursuant to a subpoena, order, or decree, issued by a competent judicial or administrative authority, provided that, to the extent legally permitted, OneGTM will endeavor to give Customer prompt notice of the requirement prior to such disclosure, to allow Customer, at Customer’s cost and expense, to intervene and protect its interests in the data. 

2. Subject to the foregoing, OneGTM will take precautions to maintain the confidentiality of Customer’s Service Data, in a manner no less protective than it uses to protect its own similar assets, but in no event less than reasonable care. OneGTM will not use or disclose Customer’s Service Data except as described above or otherwise subject to Customer’s express, prior, written permission. OneGTM’s personnel, staff, advisors and consultants will access Customer’s Service Data on a strict 'need to know' basis, subject to this Agreement.

3. The Service does not provide, and is not intended as, data back-up service. OneGTM may delete Customer’s Data from the Service upon termination of this Agreement. Customer is responsible for maintaining back-up copies of its Data. 

1. Technical Support 

During the Term, OneGTM, either directly or with the assistance of third parties, will endeavor to provide Customer technical support for technical questions, problems and inquiries regarding the Service, during OneGTM’s business days and hours, and pursuant to its then-applicable support scheme, hours and channels. OneGTM will attempt to respond to Customer’s technical questions, problems and inquiries as soon as practicably possible. However, OneGTM makes no warranties to the successful or satisfactory resolution of the question, problem or inquiry; and may decline to provide such support for matters that it deems, in its sole discretion, to require unreasonable time, effort, costs or expenses. For the purpose of the provision of technical support for Customer’s technical questions, problems and inquiries, Customer will cooperate, and work closely with OneGTM, to reproduce malfunctions, including conducting diagnostic or troubleshooting activities, as OneGTM reasonably requests. 

1. Consideration

In consideration for the License, Customer will pay OneGTM the fees specified in the Proposal (the “Consideration”) according to the payment schemes, payment terms and payment cycles specified therein. The Consideration is non-refundable.

The Consideration is exclusive of any excise, sales tax, VAT, withholding tax or other governmental charges or transaction charges. Customer shall bear all such taxes and charges, excluding taxes based solely on OneGTM’s net income, by grossing-up the Consideration accordingly. 

1. Term and Termination 

   1. This agreement will be in effect for the period specified in the Proposal, and renewed in accordance with the renewal terms and cycles specified in the Proposal (the “Term”). 

   2. Notwithstanding the above, either party may terminate this agreement: 

      1. In the event of a breach of this Agreement by the other party, where the breach remains uncured for thirty (30) days following written notice thereof from the non-breaching party to the breaching party, but if a breach is of a nature that cannot be cured, then the non-breaching party may terminate the Agreement immediately upon notice to the other party; 

      2. If the terminating party is required to do so by law; 

      3. If the other party becomes or is declared insolvent or bankrupt, is the subject of any proceeding related to its liquidation or insolvency (whether voluntary or involuntary) which proceedings are not dismissed within sixty (60) days of their commencement, makes an assignment for the benefit of creditors, or takes or is subject to any such other comparable action in any relevant jurisdiction. 

   3. Immediately upon termination of this Agreement: 

      1. OneGTM may terminate Customers’ account on the Service and delete the Customer’s Data (if stored) in its systems; 

      2. Customer shall cease any and all use of the Service;

      3. OneGTM will charge Customer for all then-outstanding Fees (if any); 

   4. Sections in this Agreement that by their purpose of nature should survive termination of this Agreement, will so survive.

 

1. No Warranty and Limitation on Liability 

   1. OneGTM will endeavor to have the Service operate properly. However, as a service that relies on back-end software, infrastructure, servers, third-party networks and continuous internet connectivity, it cannot guarantee that the Service will operate in an uninterrupted or error-free manner, or that it will always be available, free from errors, omissions or malfunctions. 

   2. If OneGTM becomes aware of any failure or malfunction, it shall attempt to regain the Service’s availability as soon as practicable. However, such incidents will not be considered a breach of this Agreement.

   3. THE SERVICE IS PROVIDED “AS IS”. OneGTM HEREBY DISCLAIMS ALL WARRANTIES AND REPRESENTATIONS, EITHER EXPRESS OR IMPLIED, WITH RESPECT TO THE SERVICE, THE CUSTOMER’S DATA AND THE OUTPUT DATA, INCLUDING ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, QUALITY, ACCURACY, NON-INFRINGEMENT, TITLE, SECURITY, COMPATIBILITY OR PERFORMANCE.

   4. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW AND EXCEPT IN THE EVENT OF INTENTIONAL MISCONDUCT OR BREACH OF OneGTM’S CONFIDENTIALITY OBLIGATIONS, OneGTM, INCLUDING ITS EMPLOYEES, DIRECTORS, OFFICERS, SHAREHOLDERS, ADVISORS, AND ANYONE ACTING ON ITS BEHALF, WILL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, STATUTORY OR PUNITIVE DAMAGES, LOSSES (INCLUDING LOSS OF PROFIT, LOSS OF BUSINESS OR BUSINESS OPPORTUNITIES AND LOSS OF DATA), COSTS, EXPENSES AND PAYMENTS, EITHER IN TORT, CONTRACT, OR IN ANY OTHER FORM OR THEORY OF LIABILITY (INCLUDING NEGLIGENCE), ARISING FROM, OR IN CONNECTION, WITH THIS AGREEMENT, ANY USE OF, OR THE INABILITY TO USE THE SERVICE, THE CUSTOMER’S DATA OR THE OUTPUT DATA, ANY RELIANCE UPON THE OUTPUT DATA OR ANY ERROR, INCOMPLETENESS, INCORRECTNESS OR INACCURACY OF THE SERVICE OR THE OUTPUT DATA. 

   5. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW AND EXCEPT IN THE EVENT OF INTENTIONAL MISCONDUCT, OR BREACH OF CONFIDENTIALITY OBLIGATIONS, THE TOTAL AND AGGREGATE LIABILITY OF OneGTM (INCLUDING ITS RESPECTIVE EMPLOYEES, DIRECTORS, OFFICERS, SHAREHOLDERS, ADVISORS, AND ANYONE ACTING ON ITS BEHALF), FOR DIRECT DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, THE SERVICE OR THE OUTPUT DATA, SHALL BE LIMITED TO THE FEES PAYABLE TO OneGTM FOR THE SERVICE IN THE PRECEDING 12 MONTHS PRIOR TO THE EVENT PURPORTEDLY GIVING RISE TO THE CLAIM OCCURRED.

2. Indemnification 

   1. Customer agrees to indemnify and hold harmless OneGTM and its directors, officers, employees, and subcontractors, upon OneGTM’s request and at Customer’s expense, from, and against, any damages, loss, costs, expenses and payments, including reasonable attorney’s fees and legal expenses, arising from any third-party complaint, claim, plea, or demand in connection with Customer’s breach of any provision or representation in this Agreement.

   2. If OneGTM seeks indemnification from Customer, it shall provide Customer with (i) prompt written notice of any indemnifiable claim; (ii) all reasonable assistance and cooperation in the defense of such indemnifiable claim and any related settlement negotiations, at Customer’s expense; and (iii) exclusive control over the defense or settlement of such indemnifiable claim, provided, however, that OneGTM may settle or reach compromise on any such claim without Customer’s consent, if and to the extent such settlement or compromise does not impose any liability (monetary, criminal or otherwise) on Customer. OneGTM shall have the right to participate, at its own expense, in the defense (and related settlement negotiations) of any indemnifiable claim with counsel of its selection.

3. Governing Law and Jurisdiction 

   1. Regardless of Customer’s jurisdiction of incorporation, the jurisdiction where it engages in business, or access the Service from, this Agreement and Customer’s use of the Service will be exclusively governed by and construed in accordance with the laws of the State of New York, excluding any otherwise applicable rules of conflict of laws, which would result in the application of the laws of a jurisdiction other than New York. Any dispute, controversy or claim which may arise out of or in connection with this Agreement or the Service, shall be submitted to the sole and exclusive jurisdiction and venue of the state courts located in New York County and the Federal District Court for the Southern District of New York. Subject to Section 14.2 below, the Parties hereby expressly consent to the exclusive personal jurisdiction and venue of such courts, and waive any objections related thereto including objections on the grounds of improper venue, lack of personal jurisdiction or forum non conveniens. 

   2. Notwithstanding the foregoing, OneGTM may also lodge a claim against Customer: (a) pursuant to the indemnity clause above, in any court adjudicating a third party claim against OneGTM; and (b) for interim, emergency or injunctive relief in any other court having general jurisdiction over Customer. 

4. Miscellaneous 

   1. Assignment. Customer may not assign this Agreement without obtaining OneGTM’s prior written consent. Any purported assignment without OneGTM’s prior written consent is void. To the greatest extent permissible by law, OneGTM may assign these Terms in their entirety, including all right, duties, liabilities, performances and obligations herein, upon notice to Customer and without obtaining Customer’s further specific consent, to a third-party, upon a merger, acquisition, change of control or the sale of all or substantially all of OneGTM’s equity or assets. By virtue of such assignment, the assignee assumes OneGTM’s stead, including all right, duties, liabilities, performances and obligations hereunder, and OneGTM shall be released therefrom.

   2. Relationship of the Parties. The relationship between the Parties hereto is strictly that of independent contractors, and neither Party is an agent, partner, joint venturer or employee of the other.

   3. Subcontracting. OneGTM may subcontract or delegate the performance of its obligations under this Agreement, or the provision of the Service (or any part thereof), to any third party of its choosing, provided however, that it remains liable to Customer for the performance of its obligations under this Agreement. 

   4. Complete Terms and Severability. This Agreement constitutes the entire and complete agreement between the Parties concerning the subject matter herein and supersede all prior oral or written statements, understandings, negotiations and representations with respect to the subject matter herein. If any provision of this Agreement is held invalid or unenforceable, that provision shall be construed in a manner consistent with the applicable law to reflect, as nearly as possible, the original intentions of the Parties, and the remaining provisions will remain in full force and effect. This Agreement may be modified or amended only in writing, signed by the duly authorized representatives of both Parties.

   5. No Waiver. Neither Party will, by mere lapse of time, without giving express notice thereof, be deemed to have waived any breach, by the other Party, of any terms or provisions of these Terms. The waiver, by either Party, of any such breach, will not be construed as a waiver of subsequent breaches or as a continuing waiver of such breach.

  

 

Data Processing Addendum

This Addendum consists of two parts:

• Part One applies with respect to the GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and supplementary GDPR legislations in EU member states).

• Part Two applies with respect to the California Consumer Privacy Act of 2018 (CCPA).

Both Part One and Part Two apply only to OneGTM’s processing Customer’s Personal Data, for which OneGTM is a Data Processor (as defined in the GDPR), or a service provider (as defined in the CCPA) on behalf of the Customer and under the Customer’s instructions. Part One and Part Two do not apply to OneGTM’s processing personal data or personal information on the OneGTM website at https://www.OneGTM.io/ or OneGTM’s processing personal data or personal information as Service Data.

 

In the event of any conflicting stipulations between this Addendum and the terms or any other agreement in place between the parties, the provisions of this Addendum shall prevail, except where explicitly agreed otherwise in writing.

 

PART ONE

1. This Part One only applies within the scope identified in the preamble of this Addendum.

2. Customer commissions, authorizes and requests that OneGTM provide Customer the Service, which involves Processing Personal Data (as these capitalized terms are defined and used in the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), and in applicable national law implementing the GDPR, or in any subsequent superseding legislation; these shall collectively be referred to as “Data Protection Law”).  

3. OneGTM will Process the Personal Data only on Customer’s behalf and for as long as Customer instructs OneGTM to do so. OneGTM shall not Process the Personal Data for any purpose other than the purpose set forth in this Addendum.

4. The nature and purposes of the Processing activities are the provision of the Service. These activities include uploading data to the Service, storage on the Service, retrieval, analytics reporting and derived insights The Personal Data Processed may include, without limitation:

   1. Personal Data that the Customer may feed into the Service.

5. The Data Subjects, as defined in the Data Protection Law, about whom Personal Data is Processed are Data Subjects of Customer:

6. Customer is and will remain at all times the ‘Data Controller’, and OneGTM is and will remain at all times the ‘Data Processor’ (as these capitalized terms are defined and used in Data Protection Law). As a Data Processor, OneGTM will Process the Personal Data only as set forth in this Addendum. OneGTM and Customer are each responsible for complying with the Data Protection Law applicable to them in their roles as Data Controller and Data Processor. 

7. OneGTM will Process the Personal Data only on instructions from Customer documented in this Addendum or otherwise provided, including with regard to cross-border transfers of Personal Data. The foregoing applies unless OneGTM is otherwise required to do so by law to which it is subject (and in such a case, OneGTM shall inform Customer of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest). OneGTM shall immediately inform Customer if, in OneGTM's opinion, an instruction is in violation of Data Protection Law.

8. Additional instructions of the Customer outside the scope of the Service’s control and configuration options require prior and separate agreement between Customer and OneGTM, including agreement on additional fees (if any) payable to OneGTM for executing such instructions. If OneGTM declines to follow Customer’s reasonable instructions outside the scope of the Service’s control and configuration options, then Customer may terminate this Addendum and the Agreement, without liability for such premature termination.

9. OneGTM, through the Service’s various control and configuration options available to Customer, will follow Customer’s instructions to accommodate Data Subjects’ requests to exercise their rights in relation to their Personal Data, including accessing their data, correcting it, restricting its processing or deleting it. OneGTM will pass on to Customer requests that it receives from Data Subjects regarding their Personal Data Processed by OneGTM. 

10. Customer acknowledges and agrees that OneGTM uses the following sub-processors to Process Personal Data: 

Sub-processor’ Name

Nature of Processing

ChatGPT

AI engine

Bubble

Hosting and data storage

Hubspot 

CRM

Google Analytics

Data analytics

 

1. Customer authorizes OneGTM to engage sub-processors for carrying out specific processing activities of the Service, provided that OneGTM informs the Customer at least 10 business days in advance of any new or substitute sub-processor (including in respect of any material changes in the other sub-processor’s ownership or control), in which case Customer shall have the right to object, on reasoned grounds, to that new or replaced sub-processor. If Customer so objects, OneGTM may not engage that new or substitute sub-processor for the purpose of Processing Personal Data, and OneGTM may either select another sub-processor in which case the above procedure shall repeat, or if it so chooses, terminate the Agreement with no liability to Customer for such premature termination.

2. Without limiting the foregoing, in any event that OneGTM engages another sub-processor, OneGTM will ensure that the that sub-processor is contractually bound by obligations consistent with OneGTM’s obligations under this Addendum, in particular providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of the GDPR. 

3. OneGTM and its sub-processors will only Process the Personal Data in member states of the European Economic Area, in territories or territorial sectors (e.g., Privacy Shield) recognized by an adequacy decision of the European Commission, as providing an adequate level of protection for Personal Data pursuant to Article 45 of the GDPR), or using adequate safeguards as required under Data Protection Law governing cross-border data transfers (e.g., Model Clauses). To this end, Customer authorizes OneGTM to enter on Customer’s behalf into Model Clauses agreements with sub-processors.

4. In Processing Personal Data, OneGTM will implement appropriate technical and organizational measures to protect the Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access.

5.  OneGTM will ensure that its staff authorized to Process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

6. OneGTM shall allow for and contribute to audits, including carrying out inspections on OneGTM's business premises conducted by Customer or another auditor mandated by Customer during normal business hours and subject to a prior notice to OneGTM of at least 30 days as well as appropriate confidentiality undertakings by Customer covering such inspections in order to establish OneGTM's compliance with this Addendum and the provisions of the applicable Data Protection Law as regards the Personal Data that OneGTM processes on behalf of Customer. If such audits entail material costs or expenses to OneGTM, the parties shall first come to agreement on Customer reimbursing OneGTM for such costs and expenses. 

7. OneGTM shall without undue delay notify Customer of any ‘Personal Data Breach’ (as this term is defined and used in Data Protection Law) that it becomes aware of regarding Personal Data of Data Subjects that OneGTM Processes. OneGTM will use commercial efforts to mitigate the breach and prevent its recurrence. Customer and OneGTM will cooperate in good-faith on issuing any statements or notices regarding such breaches, to authorities and Data Subjects.

8. OneGTM will assist Customer with the eventual preparation of data privacy impact assessments and prior consultation as appropriate, provided, however, that if such assistance entails material costs or expenses to OneGTM, the parties shall first come to agreement on Customer reimbursing OneGTM for such costs and expenses.

9. OneGTM will provide Customer prompt notice of any request it receives from authorities to produce or disclose Personal Data it has Processed on Customer’s behalf, so that Customer may contest or attempt to limit the scope of production or disclosure request.

10. Upon Customer’s request, OneGTM will delete the Personal Data it has Processed on Customer’s behalf under this Addendum from its own and its sub-processor’s systems, or, at Customer’s choice, return such Personal Data and delete existing copies, and upon Customer’s request, will furnish written confirmation that the Personal Data has been deleted pursuant to this Section. 

11. The duration of Processing that OneGTM performs on the Personal Data is for the period set out in the Proposal. 

12. The parties’ liability under this Addendum shall be pursuant to the liability clauses in the various parts of the Agreement.

 

PART TWO

1. Scope. This Part Two applies to the processing of ‘personal information’ (as defined in Cal. Civ. Code §1798.140(o)) by OneGTM within the scope identified in the preamble of this Addendum.

2. OneGTM’s Obligations. The Parties acknowledge and agree that OneGTM is a ‘service provider’ as defined in Cal. Civ. Code §1798.140(v). To that end, and unless otherwise requires by law:

   1. OneGTM is prohibited from retaining, using or disclosing Customer’s ‘personal information’ (as defined in Cal. Civ. Code §1798.140(o)) for: (a) any purpose other than the purpose of properly performing, or for any commercial purpose other than as reasonably necessary to provide, the Service or as otherwise permitted under 11 CCR §999.314(c); (b) ‘selling’ (as defined in Cal. Civ. Code §1798.140(t)) the Customer’s personal information; and (c) retaining, using or disclosing the Customer’s personal information outside of the direct business relationship between the Parties. OneGTM certifies that it understands the restriction specified in this subsection  and will comply with it. 

   2. If OneGTM received a request from a California consumer about his or her is ‘personal information’ (as defined in Cal. Civ. Code §1798.140(o)), OneGTM shall not comply with the request itself, inform the consumer that OneGTM’s basis for denying the request is that the OneGTM is merely a service provider that follows Customer’s instruction, and inform the consumer that they should submit the request directly to the Customer and provide the consumer with the Customer’s contact information.

3. Customer’s obligations. The Customer shall not feed into the Service any Protected Health Information (as defined under the United States Health Insurance Portability and Accountability Act of 1996 (as amended) or any information which are considered sensitive as per the enumerated categories at Cal. Civ. Code §1798.81.5(d).

4. Subcontracting to suppliers. Customer authorizes OneGTM to subcontract any of its Service-related activities which involve the processing of the personal information or requiring personal information to be processed by any third party supplier, provided that OneGTM shall ensure that the third party is bound by obligations consistent with this Part Two.

5. Return or deletion of information. Upon Customer’s written request where no subsequent further processing is required, OneGTM shall, at the instruction of Customer, either delete, destroy or return to Customer, some or all (however instructed) of the of the personal information that it and its third party suppliers process for Customer.

6. Assistance in responding to consumer requests. OneGTM shall assist Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Customer’s obligation to respond to requests for exercising the consumer rights under the California Consumer Privacy Act of 2018. 

7. Data security. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of OneGTM’s processing of personal information for Customer, as well as the nature of personal information processed for Customer, OneGTM shall implement and maintain reasonable security procedures and practices appropriate to the nature of the information, to protect the personal information from unauthorized access, destruction, use, modification, or disclosure (including data breaches).