Limited Data Clause for Incidental Access
The Parties recognize and agree that: (1) Provider does not provide data storage or processing; (2) Provider is not expected to collect, store, otherwise process, or have directly disclosed to it Customer Data; (3) any Customer Data access Provider may have through the Services would be incidental and meant to be temporary and would not be intended for data processing; and (4) as to Customer Data, Provider is not and will not be a “data processor” pursuant to the European Union’s General Data Protection Regulation (“GDPR”) or a “third party” or “service provider” to Customer pursuant to the California Consumer Privacy Act (“CCPA”), and Provider has and will have no comparable role or status pursuant to other laws governing personal information (collectively with GDPR and CCPA, “Privacy/Security Laws”).
(a) Consumer Requests and Additional Fees. If Provider receives a “right to know,” deletion, “right to be forgotten,” or similar request related to Customer Data, Provider is not required to respond on Customer’s behalf or on Provider’s own behalf, but Provider may do so. Nothing in this Agreement precludes Provider from asserting rights or defenses it may have under applicable law related to such requests. Customer recognizes and agrees that Provider may charge additional fees (without limitation) (i) for activities (if any) required of Provider by Privacy/Security Laws related to Customer Data and (ii) for activities Customer requests and Provider agrees to perform to help Customer comply with Privacy/Security Laws.