This clause has not yet been updated to address the California Consumer Privacy Act (CCPA). But we will soon!
(a) Access, Use, & Legal Compulsion. Unless it receives Customer’s prior written consent, Vendor: (i) shall not access, process, or otherwise use Customer Data other than as necessary to facilitate the Services; (ii) shall not give any of its employees access to Customer Data except to the extent that such individual needs access to facilitate performance under this Agreement and is subject to a reasonable written nondisclosure agreement with Vendor protecting such data, with terms reasonably consistent with those of this Section __ (Data Management) and of Section __ (Data Security); and (iii) shall not give any third party access to Customer Data, including without limitation Vendor’s other customers, except subcontractors subject to Subsection __(d) below. Notwithstanding the foregoing, Vendor may disclose Customer Data as required by applicable law or by proper legal or governmental authority. Vendor shall give Customer prompt notice of any such legal or governmental demand and reasonably cooperate with Customer in any effort to seek a protective order or otherwise to contest such required disclosure, at Customer’s expense.
(b) Customer’s Rights. Customer possesses and retains all right, title, and interest in and to Customer Data, and Vendor’s use and possession thereof is solely on Customer’s behalf. Customer may access and copy any Customer Data in Vendor’s possession at any time, and Vendor shall reasonably facilitate such access and copying promptly after Customer’s request.
(d) Subcontractors. Vendor shall not permit any subcontractor to access Customer Data unless such subcontractor is subject to a written contract with Vendor protecting the data, with terms reasonably consistent with those of this Section __ (Data Management) and of Section __ (Data Security), specifically including without limitation terms consistent with those of Subsection __(a)(ii) above as applied to subcontractor employees. Vendor shall exercise reasonable efforts to ensure that each subcontractor complies with all of the terms of this Agreement related to Customer Data. As between Vendor and Customer, Vendor shall pay any fees or costs related to each subcontractor’s compliance with such terms, including without limitation terms in Section __ below (Data Security) governing audits and inspections.
(e) Applicable Law. Vendor shall comply with all applicable laws and regulations governing the handling of Customer Data and shall not engage in any activity related to Customer Data that would place Customer in violation of any applicable law, regulation, government request, or judicial process; provided the foregoing does not require that Vendor comply with or be aware of any of the following laws or regulations: ________________________.
(f) Injunction. Vendor agrees that violation of the provisions of this Section __ (Data Management) or of Section __ (Data Security) below would cause Customer irreparable injury, for which monetary damages would not provide adequate compensation, and that in addition to any other remedy, Customer shall be entitled to injunctive relief against such breach or threatened breach, without proving actual damage and without posting a bond or other security.