Integral Ad Science, Inc. California Consumer Privacy Act (CCPA) Addendum
The following CCPA data protection addendum (the “CCPA Addendum”) forms an integral part of the master services agreement (the “MSA”) or a publisher statement of work (the “SOW”) as between Customer and Integral Ad Science, Inc. (“IAS”) for Customer’s use of IAS products and services (the “Services”) described in the MSA or SOW. This CCPA Addendum governs the responsibilities of the parties with respect to the processing of personal information (defined below) which is subject to the CCPA (defined below) and is processed in the course of Customer’s use of the Services. All undefined capitalized Terms herein shall have the same meaning as the MSA or SOW, as applicable.
In the event of any conflict or
inconsistency between the MSA, SOW and this CCPA Addendum, this CCPA Addendum
“CCPA” means the California Consumer Privacy Act of 2018, as amended, and any regulations promulgated thereunder. The terms “aggregate consumer information”, “business”, “business purpose”, “deidentified information”, “personal information”, “processing”, “sell”, and “service provider” shall have the same meaning as in the CCPA.
IAS and Customer agree that, as to processing of personal information as part of provision of the Services, IAS is a service provider and Customer is the business. Accordingly, except as otherwise permitted by the CCPA, IAS shall not: a. Sell the personal information, or b. Retain, use, or disclose the personal information for any purpose other than for the business purpose, including retaining, using, or disclosing the personal information for a commercial purpose other than providing the Services.
IAS shall not process the personal information other than on Customer’s documented instructions in the MSA or SOW, which include processing to detect data security incidents, protecting against fraudulent or illegal activity, creation of datasets of aggregate consumer information and deidentified information that IAS can compile and use for its other clients, appointing sub-processors, and any other business purpose or operational purpose permissible under the CCPA of a service provider that does not cause IAS to lose its service provider status (the “Documented Instructions”).
IAS will work in good faith to cooperate and assist Customer with any reasonable written request from Customer to comply with its obligation under the CCPA to respond to verifiable consumer request to access or delete personal information that IAS may be processing on Customer’s behalf.
Unless otherwise limited by the MSA or SOW, this CCPA Addendum and the CCPA, Customer acknowledges and agrees that IAS may use IAS affiliates and other sub-processors to process personal information to provide the Services on its behalf.
If Customer is a publisher or platform, then Customer represents and warrants that the personal information being processed by IAS as part of the Services was collected by Customer under privacy notices that allow for IAS to process the personal information pursuant to the Documented Instructions.
The CCPA remains subject to amendment and regulations that have not yet been promulgated, and other states and the United States Congress are considering similar laws (all of the foregoing, “New Privacy Laws“). Each party agrees and warrants it will work together in good faith with the other party on any amendments to this CCPA Addendum to address compliance with New Privacy Laws.