CrossLead Data Protection Addendum
The undersigned party agreeing to these terms (“Company”) has entered into a Master Services Agreement (as amended from time to time, the “Agreement”) with CrossLead, Inc. (“CrossLead”), under which CrossLead has agreed to provide the certain services described therein (“Services”) to Company.
This Data Protection Addendum, including its appendices (the “Addendum”), supplements and forms part of the Agreement and shall apply to the Processing of Personal Data (as defined below) to the extent that European Data Protection Legislation applies to such Processing.
For purposes of this Addendum, the terms below shall have the meanings set forth below. Capitalized terms that are used but not otherwise defined in this Addendum shall have the meanings given in the Agreement.
1.1 “Addendum Effective Date” means the date on which the parties agreed to this Addendum.
1.2 “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity, where “control” refers to the power to direct or cause the direction of the subject entity, whether through ownership of voting securities, by contract or otherwise.
1.3 “EEA” means the European Economic Area.
1.4 “EU” means the European Union.
1.5 “European Data Protection Legislation” means the GDPR and other data protection laws of the EU, its Member States, Switzerland, Iceland, Liechtenstein, Norway and the United Kingdom, in each case, applicable to the Processing of Personal Data under the Agreement.
1.6 “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
1.7 “Information Security Incident” means a breach of CrossLead’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data in CrossLead’s possession, custody or control. “Information Security Incidents” do not include unsuccessful attempts or activities that do not compromise the security of Personal Data, including unsuccessful log-in attempts, pings, port scans, , or other network attacks on firewalls or networked systems.
1.8 “Model Contract Clauses” means the standard data protection clauses for the transfer of personal data to Processors established in third countries which do not ensure an adequate level of data protection, as described in Article 46 of the GDPR and set forth in Annex 3.
1.9 “Personal Data” means Client Data that constitutes personal data as defined in GDPR and is described in Annex 1-A. For purposes of this Addendum, Personal Data does not include data about Customer personnel or representatives who are CrossLead’s business contacts where CrossLead is a controller of such information.
1.10 “Security Documentation” means Annex 2 describing the Security Measures and any other documents and information made available by CrossLead under Section 5.4 (Reviews and Audits of Compliance).
1.11 “Security Measures” has the meaning given in Section 5.1.1 (CrossLead’s Security Measures).
1.12 “Subprocessors” means third parties authorized under this Addendum to Process Personal Data in relation to the Services.
1.13 “Term” means the period from the Addendum Effective Date until the end of CrossLead’s provision of the Services.
1.14 “Third Party Subprocessors” has the meaning given in Section 9 (Subprocessors).
1.15 “Transfer Solution” means the Model Contract Clauses or another solution that enables the lawful transfer of personal data to a third country in accordance with Chapter V of the GDPR.
1.16 The terms “Data Subject”, “Processing”, “Controller”, “Processor” and “Supervisory Authority” as used in this Addendum have the meanings given in the GDPR, and the terms “Data Importer” and “Data Exporter” have the meanings given in the Model Contract Clauses.
2. Duration of Addendum
This Addendum will take effect on the Addendum Effective Date and, notwithstanding the expiration of the Term, will remain in effect until, and automatically expire upon, CrossLead’s deletion of all Personal Data.
3. Processing of Personal Data
3.1 Roles and regulatory compliance; Authorization.
3.1.1 Processor and Controller responsibilities. The parties acknowledge and agree that:
(a) the subject matter and details of the Processing are described in Annex 1;
(b) CrossLead is a Processor of that Personal Data under European Data Protection Legislation;
(c) Company is a Controller of that Personal Data under European Data Protection Legislation; and
(d) each party will comply with the obligations applicable to it in such role under the European Data Protection Legislation with respect to the Processing of that Personal Data.
Company responsibilities. Company represents and warrants that (a) Company has established or ensured that another party has established a legal basis for CrossLead’s Processing of Personal Data contemplated by this Addendum; (b) all notices have been given to, and obtained consents and rights have been obtained from, the relevant Data Subjects and any other party as may be required under applicable law (including European Data Protection Legislation) for such Processing; and (c) Personal Data does not and will not contain special categories of data as described in Article 9(1) of GDPR.
3.2 Scope of Processing.
3.2.1 Company’s instructions. By entering into this Addendum, Company instructs CrossLead to Process Personal Data (a) to provide the Services; (b) as authorized by the Agreement, including this Addendum; and (c) as further documented in any other written instructions given by Company and acknowledged in writing by CrossLead as constituting instructions for purposes of this Addendum.
3.2.2 CrossLead’s compliance with instructions. CrossLead will only Process Personal Data in accordance with Company’s instructions described in Section 3.2.1 unless European Data Protection Legislation requires otherwise, in which case CrossLead will notify Company (unless that law prohibits CrossLead from doing so on important grounds of public interest).
4. Data deletion
4.1 Deletion on Termination. On expiry of the Term, Company instructs CrossLead to delete all Personal Data from CrossLead’s systems as soon as reasonably practicable, unless applicable law requires otherwise and further retention of such Personal Data is permitted under applicable European Data Protection Legislation.
5. Data security
5.1 CrossLead Security Measures, controls and assistance.
5.1.1 CrossLead Security Measures. CrossLead will implement and maintain technical and organizational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Personal Data as described in Annex 2 (the “Security Measures”).
5.1.2 Security compliance by CrossLead staff. CrossLead will grant access to Personal Data only to employees, contractors and Subprocessors who need such access for the scope of their performance, and are subject to appropriate confidentiality arrangements.
5.1.3 CrossLead security assistance. CrossLead will (taking into account the nature of the Processing of Personal Data and the information available to CrossLead) provide Company with reasonable assistance necessary for Company to comply with its obligations in respect of Personal Data under European Data Protection Legislation, including Articles 32 to 34 (inclusive) of the GDPR, by:
(a) implementing and maintaining the Security Measures in accordance with Section 5.1.1 (CrossLead’s Security Measures);
(b) complying with the terms of Section 5.2 (Information Security Incidents); and
(c) providing Company with the Security Documentation.
5.2 Information Security Incidents
5.2.1 Information Security Incident notification. If CrossLead becomes aware of an Information Security Incident, CrossLead will: (a) notify Company of the Information Security Incident without undue delay after becoming aware of the Information Security Incident; and (b) take reasonable steps to identify the cause of such Information Security Incident, minimize harm and prevent a recurrence.
5.2.2 Details of Information Security Incident. Notifications made pursuant to this Section 5.2 (Information Security Incidents) will describe, to the extent possible, details of the Information Security Incident, including steps taken to mitigate the potential risks and steps CrossLead recommends Company take to address the Information Security Incident.
5.2.3 No acknowledgement of fault by CrossLead. CrossLead’s notification of or response to an Information Security Incident under this Section 5.2 (Information Security Incidents) will not be construed as an acknowledgement by CrossLead of any fault or liability with respect to the Information Security Incident.
5.3 Company’s security responsibilities and assessment.
5.3.1 Company’s security responsibilities. Company agrees that, without limitation of CrossLead’s obligations under Section 5.1 (CrossLead’s Security Measures, Controls and Assistance) and Section 5.2 (Information Security Incidents):
(a) Company is solely responsible for its use of the Services, including:
(i) making appropriate use of the Services to ensure a level of security appropriate to the risk in respect of the Personal Data;
(ii) securing the account authentication credentials, systems and devices Company uses to access the Services;
(iii) securing Company’s systems and devices that CrossLead uses to provide the Services; and
(iv) backing up its Personal Data; and
(b) CrossLead has no obligation to protect Personal Data that Company elects to store or transfer outside of CrossLead’s and its Subprocessors’ systems.
5.3.2 Company’s security assessment.
(a) Company is solely responsible for reviewing the Security Documentation and evaluating for itself whether the Services, the Security Measures and CrossLead’s commitments under this Section 5 (Data Security) will meet Company’s needs, including with respect to any security obligations of Company under the European Data Protection Legislation.
(b) Company acknowledges and agrees that (taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the Processing of Personal Data as well as the risks to individuals) the Security Measures implemented and maintained by CrossLead as set out in Section 5.1.1 (CrossLead’s Security Measures) provide a level of security appropriate to the risk in respect of the Personal Data.
5.4 Reviews and audits of compliance
5.4.1 Company may audit CrossLead’s compliance with its obligations under this Addendum up to once per year and on such other occasions as may be required by European Data Protection Legislation, including where mandated by Company’s Supervisory Authority. CrossLead will contribute to such audits by providing Company or Company’s Supervisory Authority with the information and assistance reasonably necessary to conduct the audit.
5.4.2 If a third party is to conduct the audit, CrossLead may object to the auditor if the auditor is, in CrossLead’s reasonable opinion, not independent, a competitor of CrossLead, or otherwise manifestly unsuitable. Such objection by CrossLead will require Company to appoint another auditor or conduct the audit itself.
5.4.3 To request an audit, Company must submit a detailed proposed audit plan to CrossLead at least two weeks in advance of the proposed audit date and any third party auditor must sign a customary non-disclosure agreement mutually acceptable to the parties (such acceptance not to be unreasonably withheld) providing for the confidential treatment of all information exchanged in connection with the audit and any reports regarding the results or findings thereof. The proposed audit plan must describe the proposed scope, duration, and start date of the audit. CrossLead will review the proposed audit plan and provide Company with any concerns or questions (for example, any request for information that could compromise CrossLead security, privacy, employment or other relevant policies). CrossLead will work cooperatively with Company to agree on a final audit plan. Nothing in this Section 5.4 shall require CrossLead to breach any duties of confidentiality.
5.4.4 If the controls or measures to be assessed in the requested audit are addressed in an SSAE 16/ISAE 3402 Type 2, ISO, NIST or similar audit report performed by a qualified third party auditor within twelve (12) months of Company’s audit request and CrossLead has confirmed there are no known material changes in the controls audited. Company agrees to accept such report in lieu of requesting an audit of such controls or measures.
5.4.5 The audit must be conducted during regular business hours, subject to the agreed final audit plan and CrossLead’s safety, security or other relevant policies, and may not unreasonably interfere with CrossLead business activities.
5.4.6 Company will promptly notify CrossLead of any non-compliance discovered during the course of an audit and provide CrossLead any audit reports generated in connection with any audit under this Section 5.4, unless prohibited by European Data Protection Legislation or otherwise instructed by a Supervisory Authority. Company may use the audit reports only for the purposes of meeting Company’s regulatory audit requirements and/or confirming compliance with the requirements of this Addendum.
5.4.7 Any audits are at Company’s expense. Company shall reimburse CrossLead for any time expended by CrossLead or its Third Party Subprocessors in connection with any audits or inspections under this Section 5.4 at CrossLead’s then-current professional services rates, which shall be made available to Company upon request. Company will be responsible for any fees charged by any auditor appointed by Company to execute any such audit. Nothing in this Addendum shall be construed to require CrossLead to furnish more information about its Third Party Subprocessors in a connection with such audits than such Third Party Subprocessors make generally available to their customers.
6. Impact assessments and consultations
CrossLead will (taking into account the nature of the Processing and the information available to CrossLead) reasonably assist Company in complying with its obligations under European Data Protection Legislation in respect of data protection impact assessments and prior consultation, including, if applicable, Company’s obligations pursuant to Articles 35 and 36 of the GDPR, by (a) making available for review copies of the Security Documentation or other documentation describing relevant aspects of CrossLead’s information security program and the security measures applied in connection therewith; and (b) providing the other information contained in the Agreement including this Addendum.
7. Data Subject rights
7.1 Company’s responsibility for requests. During the Term, if CrossLead receives any request from a Data Subject in relation to the Data Subject’s Personal Data, CrossLead will advise the Data Subject to submit their request to Company and Company will be responsible for responding to any such request.
7.2 CrossLead’s Data Subject request assistance. CrossLead will (taking into account the nature of the Processing of Personal Data) provide Company with self-service functionality through the Services or other reasonable assistance as necessary for Company to perform its obligation under European Data Protection Legislation to respond to requests by Data Subjects, including if applicable, Company’s obligation to respond to requests for exercising the Data Subject’s rights set out in Chapter III of the GDPR. Company shall reimburse CrossLead for any such assistance beyond providing self-service features included as part of the Services at CrossLead’s then-current professional services rates, which shall be made available to Company upon request.
8. Data transfers
8.1 Data storage and Processing facilities. CrossLead may, subject to Section 8.2 (Transfers of Personal Data out of the EEA), store and Process Personal Data in the United States or anywhere CrossLead or its Subprocessors maintains facilities.
8.2 Transfers of Personal Data out of the EEA.
8.2.1 CrossLead’s transfer obligations. If Company is established in the EEA and CrossLead’s Processing of Personal Data involves transfers of Personal Data out of the EEA to CrossLead in a country not deemed by the European Commission to have adequate data protection, and the European Data Protection Legislation applies to such transfer, such transfer will be governed by the Model Contract Clauses. For the purposes of the Model Contract Clauses, Company and CrossLead agree that (a) Company will act as the Data Exporter on its own behalf and on behalf of any of its Affiliates established in the EEA which are parties to the Agreement and (b) CrossLead will act as the Data Importer.
8.2.2 Model Contract Clauses administration. The parties agree that (a) upon Data Exporter’s request under the Model Contract Clauses, Data Importer will provide the copies of the Subprocessor agreements that must be sent by the Data Importer to the Data Exporter pursuant to Clause 5(j) of the Model Contract Clauses, and that Data Importer may remove or redact all commercial information or clauses unrelated the Model Contract Clauses or their equivalent beforehand; (b) the audits described in Clause 5(f) and Clause 12(2) of the Model Contract Clauses shall be performed in accordance with Section 5.4 of this Addendum; (c) Company’s authorizations in Section 9.1 will constitute Company’s prior written consent to the subcontracting by CrossLead of the Processing of Personal Data if such consent is required under Clause 5(h) of the Model Contract Clauses; and (d) certification of deletion of Personal Data as described in Clause 12(1) of the Model Contract Clauses shall be provided only upon Company’s request.
8.2.3 Company’s transfer obligations. Company agrees that CrossLead may elect in its own discretion to use a Transfer Solution other than the Model Contract Clauses and that upon receipt of written notice of such election and the effectiveness of such other Transfer Solution, the Model Contract Clauses entered pursuant to Section 8.2.1 shall automatically terminate and become void. Company will take such action (which may include execution of documents) reasonably required by CrossLead to give full effect to such other Transfer Solution.
9.1 Consent to Subprocessor engagement. Company specifically authorizes the engagement of CrossLead’s Affiliates as Subprocessors. In addition, Company generally authorizes the engagement of any other third parties as Subprocessors (“Third Party Subprocessors”).
9.2 Information about Subprocessors. CrossLead will provide Company with information about Subprocessors, including their functions and locations, upon Company’s request
9.3 Requirements for Subprocessor engagement. When engaging any Subprocessor, CrossLead will enter into a written contract with such Subprocessor containing data protection obligations not less protective than those in this Addendum with respect to Personal Data to the extent applicable to the nature of the services provided by such Subprocessor. CrossLead shall be liable for all obligations subcontracted to, and all acts and omissions of, the Subprocessor.
9.4 Opportunity to object to Subprocessor changes.
When any new Third Party Subprocessor is engaged during the Term, CrossLead will notify Company of the engagement (including the name and location of the relevant Subprocessor and the activities it will perform) by providing an updated list of Subprocessors at www.crosslead.com. If Company objects to such engagement in a written notice to CrossLead within 15 days of being informed thereof on reasonable grounds relating to the protection of Personal Data, Company and CrossLead will work together in good faith to find a mutually acceptable resolution to address such objection. If the parties are unable to reach a mutually acceptable resolution within a reasonable timeframe, Company may, as its sole and exclusive remedy, terminate the Agreement by providing written notice to CrossLead.
Notwithstanding anything to the contrary in the Agreement, any notices required or permitted to be given by CrossLead to Company may be given (a) in accordance with the notice clause of the Agreement; (b) to CrossLead’s primary points of contact with Company; and/or (c) to any email provided by Company for the purpose of providing it with Service-related communications or alerts. Company is solely responsible for ensuring that such email addresses are valid.
11. Effect of these terms
Except as expressly modified by the Addendum, the terms of the Agreement remain in full force and effect. To the extent of any conflict between this Addendum and the remaining terms of the Agreement, this Addendum will govern.
Accepted and agreed to by the authorized representative of each party:
Company full corporate name:
Subject matter and details of the Personal Data Processing
CrossLead’s provision of the Services to Company.
Duration of the Processing
From commencement of the Term until deletion of all Personal Data by CrossLead in accordance with the Agreement.
Nature and Purpose of the Processing
CrossLead will Process Personal Data for the purposes of providing the Services to Company in accordance with the Agreement.
Categories of Personal Data
Personal Data relating to the Data Subjects provided to CrossLead in connection with the Services, by Company as described in more detail in the Agreement.
Data Subjects include the users about whom CrossLead Processes data in connection with the Services as described in more detail in the Agreement.
As from the Addendum Effective Date, CrossLead will implement and maintain the Security Measures set out in this Annex 2.
1. Organizational management and dedicated staff responsible for the development, implementation and maintenance of CrossLead’s information security program.
2. Audit and risk assessment procedures for the purposes of periodic review and assessment of risks to CrossLead’s organization, monitoring and maintaining compliance with CrossLead’s policies and procedures, and reporting the condition of its information security and compliance to internal senior management.
3. Data security controls which include at a minimum, but may not be limited to, logical segregation of data, restricted access and monitoring, and utilization of commercially available and industry standard encryption technologies for Personal Data that is:
a. transmitted over public networks (i.e. the Internet) or when transmitted wirelessly; or
b. at rest or stored on portable or removable media (i.e. laptop computers, CD/DVD, USB drives, back-up tapes).
4. Logical access controls designed to manage electronic access to data and system functionality based on authority levels and job functions, (e.g. granting access on a need-to-know basis, use of unique IDs and passwords for all users, periodic review and revoking/changing access when employment terminates or changes in job functions occur).
5. Password controls designed to manage and control password strength, expiration and usage including prohibiting users from sharing passwords and requiring that CrossLead passwords that are assigned to its employees: (i) be at least eight (8) characters in length, (ii) not be stored in readable format on CrossLead’s computer systems; (iii) must be changed every four (4) months; and must have defined complexity.
6. Physical and environmental security of data center, server room facilities and other areas containing Personal Data designed to: (i) protect information assets from unauthorized physical access, (ii) manage, monitor and log movement of persons into and out of CrossLead facilities, and (iii) guard against environmental hazards such as heat, fire and water damage.
7. Change management procedures and tracking mechanisms designed to test, approve and monitor all changes to CrossLead’s technology and information assets.
8. Incident / problem management procedures design to allow CrossLead to investigate, respond to, mitigate and notify of events related to CrossLead’s technology and information assets.
9. Network security controls that provide for the use of enterprise firewalls, and event correlation procedures designed to protect systems from intrusion and limit the scope of any successful attack.
10. Vulnerability assessment and threat protection technologies and scheduled monitoring procedures designed to identify, assess, mitigate and protect against identified security threats, viruses and other malicious code.
11. Business resiliency/continuity and disaster recovery procedures designed to maintain service and/or recovery from foreseeable emergency situations or disasters.
CrossLead may update or modify such Security Measures from time to time provided that such updates and modifications do not materially decrease the overall security of the Services.
Model Contract Clauses
STANDARD CONTRACTUAL CLAUSES (PROCESSORS)
For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection
Name of the data exporting organization: The legal entity defined as data exporter in the Data Protection Addendum entered into between the parties.
(the data exporter)
Name of the data importing organization: CrossLead, Inc.
Address: 301 South Carolina Ave SE, Washington, DC 20003
(the data importer)
each a “party”; together “the parties”.
HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
For the purposes of the Clauses:
‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject‘ and ‘supervisory authority‘ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
‘the data exporter’ means the controller who transfers the personal data;
‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
‘the subprocessor’ means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
‘technical and organizational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
2. Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.
3. Third-party beneficiary clause
3.1 The data subject can enforce against the data exporter this Clause, Clauses 4(b) to (i), Clauses 5(a) to (e), and (g) to (j), Clauses 6.1 and 6.2, Clause 7, Clause 8.2, and Clauses 9 to 12 as third-party beneficiary.
3.2 The data subject can enforce against the data importer this Clause, Clauses 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8.2, and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
3.3 The data subject can enforce against the subprocessor this Clause, Clauses 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8.2, and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
3.4 The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.
4. Obligations of the data exporter
The data exporter agrees and warrants:
(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
(b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;
(c) that the data importer will provide sufficient guarantees in respect of the technical and organizational security measures specified in Appendix 2;
(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
(e) that it will ensure compliance with the security measures;
(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
(g) to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8.3 to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
(i) that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
(j) that it will ensure compliance with Clauses 4(a) to (i).
5. Obligations of the data importer
The data importer agrees and warrants:
(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(c) that it has implemented the technical and organizational security measures specified in Appendix 2 before processing the personal data transferred;
(d) that it will promptly notify the data exporter about:
(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
(ii) any accidental or unauthorized access, and
(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorized to do so;
(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
(f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
(h) that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;
(i) that the processing services by the subprocessor will be carried out in accordance with Clause 11;
(j) to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.
6.1 The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.
6.2 If a data subject is not able to bring a claim for compensation in accordance with Clause 6.1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.
6.3 The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.
6.4 If a data subject is not able to bring a claim against the data exporter or the data importer referred to in Clauses 6.1 and 6.2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.
7. Mediation and jurisdiction
7.1 The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
(e) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
(f) to refer the dispute to the courts in the Member State in which the data exporter is established.
7.2 The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
8. Cooperation with supervisory authorities
8.1 The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
8.2 The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
8.3 The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer or any subprocessor, pursuant to Clause 8.2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5(b).
9. Governing Law
The Clauses shall be governed by the law of the Member State in which the data exporter is established.
10. Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
11.1 The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfill its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor’s obligations under such agreement.
11.2 The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in Clause 6.1 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
11.3 The provisions relating to data protection aspects for subprocessing of the contract referred to in Clause 11.1 shall be governed by the law of the Member State in which the data exporter is established.
11.4 The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.
12. Obligation after the termination of personal data processing services
12.1 The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
12.2 The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in Clause 12.1.
On behalf of the data exporter:
Name (written out in full):
Other information necessary in order for the contract to be binding (if any):
On behalf of the data importer:
Name (written out in full):
Other information necessary in order for the contract to be binding (if any):
Appendix 1 to the Standard Contractual Clauses
Annex 1 of the Data Protection Addendum to which these Standard Contractual Clauses are attached is hereby incorporated by reference.
Appendix 2 to the Standard Contractual Clauses
Annex 2 of the Data Protection Addendum to which these Standard Contractual Clauses are attached is hereby incorporated by reference.
Last updated: April 27, 2021
You may only use the Services if you or the Company has purchased a subscription to the Services (the “Subscription”) or otherwise enrolled in or ordered the Services and made the necessary payments. If you or the Company purchase a Subscription for a term (the “Initial Term”), then the Terms will be automatically renewed for additional periods of the same duration as the Initial Term at CrossLead’s then-current fee for such services unless you decline to renew the Subscription in accordance with Section 4.5 below. You acknowledge and agree that if the Subscription expires or is terminated, you will be unable to access or use the Services.
Please be aware that Section 11 of the Terms contains provisions governing how claims that you and we have against each other are resolved, including, without limitation, any claims that arose or were asserted prior to the Effective Date of the Terms. In particular, it contains an Arbitration Agreement which will, with limited exceptions, require disputes between us to be submitted to binding and final arbitration. Unless you opt out of the Arbitration Agreement: (1) you will only be permitted to pursue claims and seek relief against us on an individual basis, not as a plaintiff or class member in any class or representative action or proceeding; and (2) you are waiving your right to seek relief in a court of law and to have a jury trial on your claims.
Your use of the Services is also subject to any additional terms, conditions and policies that we separately post on the Services (“Supplemental Terms”) which are incorporated by reference into the Terms. If you are an Enterprise Services user, your access to and use of the Services is subject to the Master Services Agreement and corresponding Statement of Work (collectively, the “Enterprise Agreement”) entered into between CrossLead and Company, and to the extent applicable and identified in the Enterprise Agreement, the terms of the Data Protection Addendum at www.crosslead.com (“DPA”) are hereby incorporated by reference and shall apply to the extent User Content includes Personal Data, as defined in the DPA. To the extent there is any conflict between the Terms, the Supplemental Terms, the Enterprise Agreement, and the DPA, the order of precedence shall be: (1) the DPA (to the extent applicable), (2) the Supplemental Terms, (3) the Enterprise Agreement, and (4) the Terms.
CrossLead reserves the right to make changes to these Terms at any time by making a revised version of the Terms available on the CrossLead Platform. We maynotify you by sending you an e-mail to the last e-mail address you provided to us (if any), and/or by prominently posting notice of the changes on our Services. You are responsible for providing us with your most current e-mail address. In the event that the last e-mail address that you have provided us is not valid, or for any reason is not capable of delivering to you the notice described above, our dispatch of the e-mail containing such notice will nonetheless constitute effective notice of the changes described in the notice. Any changes to these Terms will be effective upon the earlier of thirty (30) calendar days following our dispatch of an e-mail notice to you (if applicable) or thirty (30) calendar days following our posting of notice of the changes on our Services. These changes will be effective immediately for new users of our Services. Continued use of our Services following notice of such changes shall indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.
1.1 Account Creation. In order to use the Services, you must register for an account (“Account”) and provide certain information about yourself as prompted by the account registration form, such as your name, company name, and e-mail address. If you are an employee or other authorized user of Company, then the Company’s Authorized Administrator, or another individual designated as the account administrator (“Account Administrator”) of the Company, may have to send you an invitation to register an Account. If you are the Authorized Administrator or the Account Administrator, then you may be assigned different permissions than other users. Regardless of whether you are registering an Account under a Company Account or under an individual Account on behalf of a Company, you represent and warrant that: (a) all required registration information you submit is truthful and accurate; (b) you will maintain the accuracy of such information; and (c) you have all right, title, and authority to submit or otherwise transmit any Company Content, including any confidential or proprietary information or data, whether oral or in writing, that is designated as confidential or would reasonably be understood to be confidential and proprietary(“Confidential Information”) of the Company, to us and/or the Services. You may delete your Account at any time, for any reason, by following the instructions on the Services. We may suspend or terminate your Account in accordance with these Terms.
1.2 Account Responsibilities. You are responsible for maintaining the confidentiality of your Account login information and are fully responsible for all activities that occur under your Account. You agree to immediately notify us of any unauthorized use, or suspected unauthorized use of your Account, or any other breach of security. We cannot and will not be liable for any loss or damage arising from your failure to comply with the above requirements.
1.3 Account Limitations. While each Account Administrator can invite other authorized individuals of Company to register an Account, CrossLead may charge the Company for each additional authorized user who registers an Account. Accounts may not be shared, transferred, or used by more than one of user at a time. CrossLead reserves the right to impose restrictions on the number of authorized users under a Company Account.
2. ACCESS AND USE OF SERVICES.
2.1 Access Rights. Subject to your acceptance of the Terms, and to any other restrictions that may be set forth on a Statement of Workas applicable, you will be permitted to access the features and functions of the Services, which may include CrossLead’s Multi-Team Leader Program, and any other features and functionalities provided through the Services. You may access and make use the Services solely during the term of these Terms and in accordance with the provisions of these Terms.
2.2 Usage Restrictions. The rights granted to you in these Terms are subject to the following restrictions: (a) you will not license, sell, rent, lease, transfer, assign, distribute, host, or otherwise commercially exploit the Services, whether in whole or in part, or any content displayed on the Services; (b) except to the extent permitted by applicable law, you shall not modify, make derivative works of, disassemble, reverse compile or reverse engineer any part of the Services; (c) you shall not access the Services in order to build a similar or competitive web product, or service; and (d) except as expressly stated herein, no part of the Services may be copied, reproduced, distributed, republished, downloaded, displayed, posted or transmitted in any form or by any means. Unless otherwise indicated, any future release, update, or other addition to functionality of the Services shall be subject to these Terms.
2.3 Ownership. Subject to the rights granted in the Terms, CrossLead retains all right, title and interest in and to the Services and any Insights, including usage statistics collected or generated by us in connection with your use of the Services, and you acknowledge that you neither own nor acquire any additional rights in and to the foregoing not expressly granted by the Terms or any licenses to the software used to provide the Services. Additionally, CrossLead retains all right in the methodologies, processes, formulae, algorithms, know-how, and discoveries used in the provision of the Services. You further acknowledge that CrossLead retains the right to use the foregoing for any purpose in CrossLead’s sole discretion.
3.1 CrossLead Content. As part of the Services, CrossLead may make available course materials, training modules, and other content, data, and information (“CrossLead Content”), including such CrossLead Content provided as part of the Multi-Team Leader Program, a five-week virtual executive development training program designed for senior management and their teams. Subject to payment of the applicable fees (which may be paid by your employer), CrossLead hereby grants to you a non-exclusive, non-transferable, perpetual license, without the right to sublicense, to use the CrossLead Content for your personal professional or internal business purposes only. CrossLead Content shall be considered the confidential and proprietary information of CrossLead, and you shall keep all such CrossLead Content strictly confidential. You will have no right to copy, modify, distribute, publicly display, publicly perform, or create derivative works of such CrossLead Content without CrossLead’s prior written permission. You will retain all watermarks, logos, legends, and labels, including any copyright notices, included on any such CrossLead Content. CrossLead reserves all rights in and to the CrossLead Content that is not expressly granted in this Section 3.1.
3.2 User Content. “User Content” means any and all information and content that a user submits to, or uses with, the Services, including as set forth in any recordings or other visual, audio, or audiovisual content derived from your use of the Services (“Recordings”). You are solely responsible for your User Content. You assume all risks associated with use of your User Content, including any reliance on its accuracy, completeness or usefulness by others, or any disclosure of your User Content that personally identifies you or any third party. You hereby represent and warrant that your User Content does not violate our Acceptable Use Policy (defined in Section 3.3). You may not represent or imply to others that your User Content is in any way provided, sponsored or endorsed by us. Because you alone are responsible for your User Content, you may expose yourself to liability if, for example, your User Content violates the Acceptable Use Policy. We are not obligated to backup any User Content, and your User Content may be deleted at any time without prior notice.
3.3 License. CrossLead does not claim ownership of User Content. However, when you post or publish User Content on the Services, you hereby grant (and you represent and warrant that you have the right to grant) to us a royalty-free, fully paid, perpetual, irrevocable worldwide, non-exclusive and fully sublicensable right (including any moral rights) and license to use, distribute, reproduce, modify, adapt, publicly perform, and publicly display your User Content, including Recordings, for the purposes of operating and providing the Services to you and other users. You, on behalf of yourself and your associated Company (as applicable), further grant CrossLead the right to use the User Data and any Recordings to create an anonymous profile and derivative insights based on the User Data and Recordings, aggregated with other anonymous profiles (the “Insights”) that it may use as part of the Services for you and other customers of CrossLead in anonymous and aggregated form; provided, however, that such Insights do not disclose any of your or the Company’s Confidential Information or disclose your or the Company’s identity.
3.4 Acceptable Use Policy. As a condition of use, you agree not to use the Services for any purpose that is prohibited by the Terms or by applicable law. You shall not (and shall not permit any third party) either (a) take any action or (b) make available any content on or through the Services that: (i) infringes any patent, trademark, trade secret, copyright, right of publicity or other right of any person or entity; (ii) is unlawful, threatening, abusive, harassing, defamatory, libelous, deceptive, fraudulent, invasive of another’s privacy, tortious, obscene, offensive, or profane; (iii) constitutes unauthorized or unsolicited advertising, junk or bulk e-mail; (iv) involves commercial activities and/or sales without CrossLead’s prior written consent, such as contests, sweepstakes, barter, advertising, or pyramid schemes; (v) impersonates any person or entity, including any employee or representative of CrossLead; (vi) interferes with or attempt to interfere with the proper functioning of the Services or uses the Services in any way not expressly permitted by the Terms; (vii) attempts to engage in or engage in, any potentially harmful acts that are directed against the Services, including but not limited to violating or attempting to violate any security features of the Services, using manual or automated software or other means to access, “scrape,” “crawl” or “spider” any pages contained in Services, introducing viruses, worms, or similar harmful code into Services, or interfering or attempting to interfere with use of Services by any other user, host or network, including by means of overloading, “flooding,” “spamming,” “mail bombing,” or “crashing” the Services; or (viii) constitutes any of the following (collectively, “Sensitive Personal Information”): (a) credit, debit or other payment card data subject to the Payment Card Industry Data Security Standards (“PCI DSS”); (b) patient, medical or other protected health information regulated by the Health Insurance Portability and Accountability Act (“HIPAA”); (c) any information deemed to be “special categories of data” as such term is defined in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation); or (d) any other personal information subject to regulation under the Children’s Online Privacy Protection Act. You acknowledge that CrossLead is not a Business Associate or subcontractor (as those terms are defined in HIPAA) or a payment card processor and that that Services are neither HIPAA nor PCI DSS compliant. CrossLead shall have no liability for Sensitive Personal Information, notwithstanding anything to the contrary herein.
3.5 Feedback. You agree that submission of any ideas, suggestions, documents, and/or proposals to CrossLead through its suggestion, feedback, wiki, forum or similar pages (“Feedback”) is at your own risk and that CrossLead has no obligations (including without limitation obligations of confidentiality) with respect to such Feedback. You represent and warrant that you have all rights necessary to submit the Feedback. You hereby grant to CrossLead a fully paid, royalty-free, perpetual, irrevocable, worldwide, non-exclusive, and fully sublicensable right and license to use, reproduce, perform, display, distribute, adapt, modify, re-format, create derivative works of, and otherwise commercially or non-commercially exploit in any manner, any and all Feedback, and to sublicense the foregoing rights, in connection with the operation and maintenance of the Services and/or CrossLead’s business.
3.6 Use of Name. You agree that CrossLead may use Company’s name and logo in CrossLead’s marketing materials or communications for the sole purpose of indicating Company as a user of the Services. Neither party will issue a press release announcing its relationship with the other party without the other party’s approval, not to be unreasonably withheld or delayed. Subject to the terms and conditions of this Agreement, Company hereby grants to CrossLead a non-exclusive and limited license to use and publicly display Company’s name and logo as set forth in this subsection.
3.7 Satisfaction Surveys. From time to time, CrossLead may ask Company’s end-users to provide feedback regarding their level of satisfaction with the Services via emails and/or electronic surveys. Company hereby grants CrossLead the right to send such emails and surveys provided that CrossLead does not disclose Company’s end-users as participants in the surveys without Company’s written consent.
4. FEES AND PURCHASE TERMS.
4.1 Free Trial. CrossLead may provide a free trial when you (or the Company, as applicable) (“Subscriber”) first sign up to access certain of the Services. This free trial will not have any limit on the number of authorized users, nor will it require the submission of Payment Provider information. At the end of the trial period, the Subscriber’s access to the Services will terminate unless Subscriber purchases a Subscription or otherwise enrolls in such Services. Upon purchase of a Subscription or enrollment in any Services, CrossLead will begin billing Subscriber the applicable Subscription Fees or Fees in accordance with the payment terms set forth in this Section 4.
4.2 Payment. Subscriber agrees to pay all fees or charges for the Services in accordance with the fees, charges and billing terms in effect at the time a fee or charge is due and payable. Payments for “Enterprise Services” are due and payable in accordance with terms set forth in the Enterprise Agreement. With respect to certain Services, Subscriber may be required to provide CrossLead with a valid credit card (Visa, MasterCard, or any other issuer accepted by us) (“Payment Provider”) as a condition to enrolling in the Services and/or signing up for a Subscription. Subscriber’s Payment Provider agreement governs Subscriber’suse of the designated credit card, and Subscriber must refer to that agreement and not the Terms to determine its rights and liabilities. By providing CrossLead with a credit card number and associated payment information, Subscriber agrees that CrossLead is authorized to immediately invoice Subscriber for all fees and charges due and payable to CrossLead hereunder and that no additional notice or consent is required. Subscriber agrees to immediately notify CrossLead of any change in Subscriber’s billing address or the credit card used for payment hereunder. CrossLead reserves the right at any time to change its prices and billing methods, either immediately upon posting on CrossLead Properties or by e-mail notification.
4.3 Fees. Subscriber will be responsible for payment of the applicable fees for the applicable Subscriptions (each, a “Subscription Fee”) or other Services (“Fees”). If Subscriber has not paid its Subscription Fees or Fees, then Subscriber may not have access to certain features or functions of the Services and/or Subscriber’s Account may be terminated or suspended. Except as set forth in the Terms, all fees for the Services are non-refundable. No contract will exist between Subscriber and CrossLead for the Services until CrossLead accepts Subscriber’s order by a confirmatory e-mail, execution of an Enterprise Agreement, or other appropriate means of confirmation.
4.4 Taxes. The payments required under Section 4.2 of these Terms do not include any taxes or any credit card processing fees that may be due in connection with the Subscription provided under these Terms. Subscriber will be responsible for the payment of such taxes or credit card processing fees that may be incurred in connection with the Subscription.
4.5 Automatic Renewal. Your access to the Services will continue so long as you are enrolled in such Services and/or Subscriber’s Subscription remains active, as applicable. After the initial subscription period, and again after any subsequent subscription period, Subscriber’s Subscription will automatically commence on the first day following the end of such period (each, a “Renewal Commencement Date”) and continue for an additional equivalent period, at CrossLead’s then-current price for such Subscription. Subscriber agrees that its Account will be subject to this automatic renewal feature unless Subscriber cancels its subscription at least thirty (30) days prior to the Renewal Commencement Date (or in the event that you receive a notice from CrossLead that Subscriber’s subscription will be automatically renewed, you will have thirty days from the date of the CrossLead notice), by contacting CrossLead at firstname.lastname@example.org. If Subscriber wants to change or terminate its Subscription, please contact CrossLead at email@example.com. If Subscriber cancels such Subscription, you may use the Subscription until the end of Subscriber’s then-current subscription term; the Subscription will not be renewed after Subscriber’s then-current term expires. However, Subscriber will not be eligible for a prorated refund of any portion of the Subscription Fee paid for the then-current Subscription period. By subscribing, Subscriber authorizes CrossLead to charge its Payment Provider now, and again at the beginning of any subsequent subscription period. Upon renewal of the Subscription, if CrossLead does not receive payment from Subscriber’s Payment Provider, (a) Subscriber agrees to pay all amounts due on its Account upon demand and/or (b) Subscriber agrees that CrossLead may either terminate or suspend its subscription and continue to attempt to charge its Payment Provider until payment is received (upon receipt of payment, Subscriber’s Account will be activated and for purposes of automatic renewal, the new subscription commitment period will begin as of the day payment was received).
5. CONFIDENTIAL INFORMATION.
5.1 General. “Confidential Information” means any information provided in connection with or arising out of this Agreement that includes the business or matters of a party or its affiliates, suppliers, licensors or clients; and with respect to CrossLead, other applications, techniques, business methods, contractors, affiliates, products, services, technology, trade secrets, technical procedures, methodologies or proprietary rights. In addition, “Confidential Information” includes any other information, data or materials which have been or will be furnished by or through a party (or its affiliates, clients, agents or suppliers) and identified as “Confidential”, “Proprietary”, or other similar marking, or which, under all of the circumstances, ought reasonably to be treated as confidential and/or proprietary.
5.2 Use of Confidential Information. Each party (i) shall use Confidential Information of the other party only in connection with performance of this Agreement; provided, however, CrossLead may use your Confidential Information internally to provide and improve the Services; and (ii) shall not disclose Confidential Information except to its employees and contractors who have first agreed to be bound obligations of confidentiality at least as protective as those set forth in this Section 5 and who have a need to know such Confidential Information. The confidentiality obligations set forth herein shall continue and shall survive any termination or expiration of this Agreement. Each party shall promptly deliver to the other party or certify the destruction, upon any expiration or termination of this Agreement and at any other earlier time requested, all Confidential Information of such party. The confidentiality obligations in this section do not apply to any information to the extent that the party can demonstrate: (i) it was obtained from a source other than the other party without obligation of confidentiality; (ii) it is or becomes publicly available without breach of this Agreement or act or fault of the party; or (iii) the other party consented to such use. If, in the reasonable opinion of its legal counsel, a party is required by law to disclose any Confidential Information in connection with any legal or regulatory proceeding, then that party may disclose such Confidential Information, provided that it notifies the other party prior to disclosure, allows that party a reasonable opportunity to seek appropriate protective measures prior to disclosure, and discloses only the minimum amount of Confidential Information required by law.
6. THIRD-PARTY PRODUCTS AND SERVICES. The Services may contain links or otherwise provide access to third-party websites, products, services, or other offerings (collectively, “Third-Party Services”), such as RegFox for event registration. When you access a Third-Party Service, you are subject to the terms and conditions (including privacy policies) of such other Third-Party Services provider. Such Third-Party Services are not under the control of CrossLead. CrossLead is not responsible for any Third-Party Services. CrossLead provides these Third-Party Services only as a convenience and does not review, approve, monitor, endorse, warrant, or make any representations with respect to Third-Party Services. You access and use all Third-Party Services at your own risk. When you leave our Services or commence using Third-Party Services, our Terms and policies no longer govern. You should review applicable terms and policies, including privacy and data gathering practices, of any Third-Party Services, and should make whatever investigation you feel necessary or appropriate before proceeding with accessing any Third-Party Service.
7. INDEMNIFICATION. You agree to indemnify and hold CrossLead, its parents, subsidiaries, affiliates, officers, employees, agents, partners, suppliers, and licensors (each, a “CrossLead Party” and collectively, the “CrossLead Parties”) harmless from any losses, costs, liabilities and expenses (including reasonable attorneys’ fees) relating to or arising out of any and all of the following: (a) User Content; (b) your use of, or inability to use, the Services, or any part thereof (including any CrossLead Content); (c) your violation of the Terms; (d) your violation of any rights of another party; or (e) your violation of any applicable laws, rules or regulations. CrossLead reserves the right, at its own cost, to assume the exclusive defense and control of any matter otherwise subject to indemnification by you, in which event you will fully cooperate with CrossLead in asserting any available defenses. This provision does not require you to indemnify any of the CrossLead Parties for any unconscionable commercial practice by such party or for such party’s fraud, deception, false promise, misrepresentation or concealment, suppression or omission of any material fact in connection with the Services provided hereunder. You agree that the provisions in this section will survive any termination of your Account, the Terms and/or your access to the Services.
8. DISCLAIMER OF WARRANTIES AND CONDITIONS.
8.1 As Is. YOU EXPRESSLY UNDERSTAND AND AGREE THAT TO THE EXTENT PERMITTED BY APPLICABLE LAW, YOUR USE OF THE SERVICES, INCLUDING ANY CROSSLEAD CONTENT, IS AT YOUR SOLE RISK, AND THE SERVICES AND CROSSLEAD CONTENT ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS, WITH ALL FAULTS. CROSSLEAD PARTIES EXPRESSLY DISCLAIM ALL WARRANTIES, REPRESENTATIONS, AND CONDITIONS OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT ARISING FROM USE OF THE SERVICES. CROSSLEAD MAKES NO GUARANTEES WITH RESPECT TO THE CROSSLEAD CONTENT AND DOES NOT REPRESENT OR WARRANTY ANY OUTCOME BASED ON THE CROSSLEAD CONTENT.
(a) CROSSLEAD PARTIES MAKE NO WARRANTY, REPRESENTATION OR CONDITION THAT: (1) THE SERVICES, INCLUDING ANY CROSSLEAD CONTENT, WILL MEET YOUR REQUIREMENTS; (2) YOUR USE OF THE SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE OR ERROR-FREE; OR (3) THE RESULTS THAT MAY BE OBTAINED FROM USE OF THE SERVICES OR CROSSLEAD CONTENT WILL BE ACCURATE OR RELIABLE.
(b) ANY CONTENT DOWNLOADED FROM OR OTHERWISE ACCESSED THROUGH THE SERVICES (INCLUDING CROSSLEAD CONTENT) IS ACCESSED AT YOUR OWN RISK. YOU SHALL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR PROPERTY, INCLUDING, BUT NOT LIMITED TO, YOUR COMPUTER SYSTEM AND ANY DEVICE YOU USE TO ACCESS THE SERVICES, OR ANY OTHER LOSS THAT RESULTS FROM ACCESSING SUCH CONTENT.
(c) THE SERVICES MAY BE SUBJECT TO DELAYS, CANCELLATIONS AND OTHER DISRUPTIONS. CROSSLEAD MAKES NO WARRANTY, REPRESENTATION OR CONDITION WITH RESPECT TO THE SERVICES, INCLUDING BUT NOT LIMITED TO, THE QUALITY, EFFECTIVENESS, REPUTATION AND OTHER CHARACTERISTICS OF THE SERVICES.
(d) NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED FROM CROSSLEAD OR THROUGH THE SERVICES (INCLUDING AS PART OF ANY CROSSLEAD CONTENT) WILL CREATE ANY WARRANTY NOT EXPRESSLY MADE HEREIN.
(e) FROM TIME TO TIME, CROSSLEAD MAY OFFER NEW “BETA” FEATURES OR TOOLS WITH WHICH ITS USERS MAY EXPERIMENT. SUCH FEATURES OR TOOLS ARE OFFERED SOLELY FOR EXPERIMENTAL PURPOSES AND WITHOUT ANY WARRANTY OF ANY KIND, AND MAY BE MODIFIED OR DISCONTINUED AT CROSSLEAD’S SOLE DISCRETION. THE PROVISIONS OF THIS SECTION APPLY WITH FULL FORCE TO SUCH FEATURES OR TOOLS.
8.2 No Liability for Conduct of Third Parties. YOU ACKNOWLEDGE AND AGREE THAT CROSSLEAD PARTIES ARE NOT LIABLE, AND YOU AGREE NOT TO SEEK TO HOLD CROSSLEAD PARTIES LIABLE, FOR THE CONDUCT OF THIRD PARTIES, INCLUDING OPERATORS OF EXTERNAL SITES, AND THAT THE RISK OF INJURY FROM SUCH THIRD PARTIES RESTS ENTIRELY WITH YOU.
9. LIMITATION OF LIABILITY.
9.1 Disclaimer of Certain Damages. YOU UNDERSTAND AND AGREE THAT IN NO EVENT SHALL CROSSLEAD PARTIES BE LIABLE FOR ANY LOSS OF PROFITS, REVENUE OR DATA, INDIRECT, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES, OR DAMAGES OR COSTS DUE TO LOSS OF PRODUCTION OR USE, BUSINESS INTERRUPTION, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, IN EACH CASE WHETHER OR NOT CROSSLEAD HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, ARISING OUT OF OR IN CONNECTION WITH THE TERMS, ON ANY THEORY OF LIABILITY, INCLUDING LIABILITY RESULTING FROM: (1) THE USE OR INABILITY TO USE THE SERVICES; (2) THE COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES RESULTING FROM ANY GOODS, DATA, INFORMATION OR SERVICES PURCHASED OR OBTAINED OR MESSAGES RECEIVED FOR TRANSACTIONS ENTERED INTO THROUGH THE SERVICES; (3) UNAUTHORIZED ACCESS TO OR ALTERATION OF YOUR TRANSMISSIONS OR DATA; (4) STATEMENTS OR CONDUCT OF ANY THIRD PARTY ON THE SERVICES; OR (5) ANY OTHER MATTER RELATED TO THE SERVICES, WHETHER BASED ON WARRANTY, COPYRIGHT, CONTRACT, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR ANY OTHER LEGAL THEORY. THE FOREGOING CAP ON LIABILITY SHALL NOT APPLY TO LIABILITY OF A CROSSLEAD PARTY FOR (A) DEATH OR PERSONAL INJURY CAUSED BY A CROSSLEAD PARTY’S NEGLIGENCE; OR FOR (B) ANY INJURY CAUSED BY A CROSSLEAD PARTY’S FRAUD OR FRAUDULENT MISREPRESENTATION.
9.2 Cap on Liability. UNDER NO CIRCUMSTANCES WILL CROSSLEAD PARTIES BE LIABLE TO YOU FOR MORE THAN THE GREATER OF (A) THE TOTAL AMOUNT PAID TO CROSSLEAD BY YOU DURING THE ONE-MONTH PERIOD PRIOR TO THE ACT, OMISSION OR OCCURRENCE GIVING RISE TO SUCH LIABILITY AND (B) THE REMEDY OR PENALTY IMPOSED BY THE STATUTE UNDER WHICH SUCH CLAIM ARISES. THE FOREGOING CAP ON LIABILITY SHALL NOT APPLY TO LIABILITY OF A CROSSLEAD PARTY FOR (A) DEATH OR PERSONAL INJURY CAUSED BY A CROSSLEAD PARTY’S NEGLIGENCE; OR FOR (B) ANY INJURY CAUSED BY A CROSSLEAD PARTY’S FRAUD OR FRAUDULENT MISREPRESENTATION.
9.3 User Content. CROSSLEAD ASSUMES NO RESPONSIBILITY FOR THE TIMELINESS, DELETION, MIS-DELIVERY OR FAILURE TO STORE ANY CONTENT (INCLUDING, BUT NOT LIMITED TO, USER CONTENT), RECORDINGS, USER COMMUNICATIONS OR PERSONALIZATION SETTINGS UNLESS WE ARE REQUIRED TO BY LAW.
9.4 Basis of the Bargain. THE LIMITATIONS OF DAMAGES SET FORTH ABOVE ARE FUNDAMENTAL ELEMENTS OF THE BASIS OF THE BARGAIN BETWEEN CROSSLEAD AND YOU.
10. TERM AND TERMINATION.
10.1 Term. The Terms commences on the date when you accept them (as described in the preamble above) and remain in full force and effect while you use the Services, unless terminated earlier in accordance with Terms.
10.2 Prior Use. Notwithstanding the foregoing, you hereby acknowledge and agree that the Terms commenced on the earlier to occur of (a) the date you first used the Services or (b) the date you accepted the Terms and will remain in full force and effect while you use the Services, unless earlier terminated in accordance with the Terms.
10.3 Termination. We may suspend or terminate your rights to use the Services (including your Account) at any time for any reason at our sole discretion, including for any use of the Services in violation of these Terms. Upon termination of your rights under these Terms, your Account and right to access and use the Services will terminate immediately. You understand that any termination of your Account may involve deletion of your User Content associated with your Account from our live databases. We will not have any liability whatsoever to you for any termination of your rights under these Terms, including for termination of your Account or deletion of your User Content. ACCESS TO THE SERVICES WILL CONTINUE AT THE END OF EACH SUBSCRIPTION PERIOD UNLESS YOU CANCEL YOUR SUBSCRIPTION IN ACCORDANCE WITH THE PROCEDURE SET FORTH IN SECTION 4.5. All provisions of the Terms which by their nature should survive, shall survive termination of your Account and Subscription, including without limitation, ownership provisions, warranty disclaimers, and limitation of liability.
11. DISPUTE RESOLUTION. Please read the following arbitration agreement in this Section (“Arbitration Agreement”) carefully. It requires you to arbitrate disputes with CrossLead and limits the manner in which you can seek relief from us.
11.1 Applicability of Arbitration Agreement. You agree that any dispute or claim relating in any way to your access or use of the Website, to any products sold or distributed through the Website, or to any aspect of your relationship with CrossLead, will be resolved by binding arbitration, rather than in court, except that (1) you may assert claims in small claims court if your claims qualify; and (2) you or CrossLead may seek equitable relief in court for infringement or other misuse of intellectual property rights (such as trademarks, trade dress, domain names, trade secrets, copyrights, and patents). This Arbitration Agreement shall apply, without limitation, to all claims that arose or were asserted before the effective date of the Terms or any prior version of the Terms.
11.2 Arbitration Rules and Forum. The Federal Arbitration Act governs the interpretation and enforcement of this Arbitration Agreement. To begin an arbitration proceeding, you must send a letter requesting arbitration and describing your claim to our registered agent, CSC, 251 Little Falls Drive Wilmington, DE 19808-1674. The arbitration will be conducted by JAMS, an established alternative dispute resolution provider. Disputes involving claims and counterclaims under $250,000, not inclusive of attorneys’ fees and interest, shall be subject to JAMS’s most current version of the Streamlined Arbitration Rules and procedures available at http://www.jamsadr.com/rules-streamlined-arbitration/; all other claims shall be subject to JAMS’s most current version of the Comprehensive Arbitration Rules and Procedures, available at http://www.jamsadr.com/rules-comprehensive-arbitration/. JAMS’s rules are also available at www.jamsadr.com or by calling JAMS at 800-352-5267. If JAMS is not available to arbitrate, the parties will select an alternative arbitral forum. If the arbitrator finds that you cannot afford to pay JAMS’s filing, administrative, hearing and/or other fees and cannot obtain a waiver from JAMS, CrossLead will pay them for you. In addition, CrossLead will reimburse all such JAMS’s filing, administrative, hearing and/or other fees for claims totaling less than $10,000 unless the arbitrator determines the claims are frivolous.
You may choose to have the arbitration conducted by telephone, based on written submissions, or in person in the country where you live or at another mutually agreed location. Any judgment on the award rendered by the arbitrator may be entered in any court of competent jurisdiction.
11.3 Authority of Arbitrator. The arbitrator shall have exclusive authority to (a) determine the scope and enforceability of this Arbitration Agreement and (b) resolve any dispute related to the interpretation, applicability, enforceability or formation of this Arbitration Agreement including, but not limited to, any claim that all or any part of this Arbitration Agreement is void or voidable. The arbitration will decide the rights and liabilities, if any, of you and CrossLead. The arbitration proceeding will not be consolidated with any other matters or joined with any other cases or parties. The arbitrator shall have the authority to grant motions dispositive of all or part of any claim. The arbitrator shall have the authority to award monetary damages and to grant any non-monetary remedy or relief available to an individual under applicable law, the arbitral forum’s rules, and the Terms (including the Arbitration Agreement). The arbitrator shall issue a written award and statement of decision describing the essential findings and conclusions on which the award is based, including the calculation of any damages awarded. The arbitrator has the same authority to award relief on an individual basis that a judge in a court of law would have. The award of the arbitrator is final and binding upon you and us.
11.4 Waiver of Jury Trial. YOU AND CROSSLEAD HEREBY WAIVE ANY CONSTITUTIONAL AND STATUTORY RIGHTS TO SUE IN COURT AND HAVE A TRIAL IN FRONT OF A JUDGE OR A JURY. You and CrossLead are instead electing that all claims and disputes shall be resolved by arbitration under this Arbitration Agreement, except as specified in Section 11.1 above. An arbitrator can award on an individual basis the same damages and relief as a court and must follow the Terms as a court would. However, there is no judge or jury in arbitration, and court review of an arbitration award is subject to very limited review.
11.5 Waiver of Class or Other Non-Individualized Relief. ALL CLAIMS AND DISPUTES WITHIN THE SCOPE OF THIS ARBITRATION AGREEMENT MUST BE ARBITRATED ON AN INDIVIDUAL BASIS AND NOT ON A CLASS OR COLLECTIVE BASIS, ONLY INDIVIDUAL RELIEF IS AVAILABLE, AND CLAIMS OF MORE THAN ONE CUSTOMER OR USER CANNOT BE ARBITRATED OR CONSOLIDATED WITH THOSE OF ANY OTHER CUSTOMER OR USER. If a decision is issued stating that applicable law precludes enforcement of any of this subsection’s limitations as to a given claim for relief, then the claim must be severed from the arbitration and brought into the State or Federal Courts located in the State of Delaware. All other claims shall be arbitrated.
11.6 30-Day Right to Opt Out. You have the right to opt out of the provisions of this Arbitration Agreement by sending written notice of your decision to opt out to: firstname.lastname@example.org, within 30 days after first becoming subject to this Arbitration Agreement. Your notice must include your name and address, your username (if any), the email address you used to set up your account (if you have one), and an unequivocal statement that you want to opt out of this Arbitration Agreement. If you opt out of this Arbitration Agreement, all other parts of this Agreement will continue to apply to you. Opting out of this Arbitration Agreement has no effect on any other arbitration agreements that you may currently have, or may enter in the future, with us.
11.7 Severability. Except as provided in subsection 11.5, if any part or parts of this Arbitration Agreement are found under the law to be invalid or unenforceable, then such specific part or parts shall be of no force and effect and shall be severed and the remainder of the Arbitration Agreement shall continue in full force and effect.
11.8 Survival of Agreement. This Arbitration Agreement will survive the termination of your relationship with CrossLead.
11.9 Modification. Notwithstanding any provision in the Terms to the contrary, we agree that if CrossLead makes any future material change to this Arbitration Agreement, you may reject that change within thirty (30) days of such change becoming effective by writing CrossLead at the following address: CrossLead, Inc., PO Box 34644, Washington, DC 20043.
12. GENERAL PROVISIONS.
12.1 Electronic Communications. The communications between you and CrossLead may take place via electronic means, whether you visit the Services or send CrossLead e-mails, or whether CrossLead posts notices on the Services or communicates with you via e-mail. For contractual purposes, you (a) consent to receive communications from CrossLead in an electronic form; and (b) agree that all terms and conditions, agreements, notices, disclosures, and other communications that CrossLead provides to you electronically satisfy any legal requirement that such communications would satisfy if it were to be in writing. The foregoing does not affect your statutory rights.
12.2 Release. You hereby release CrossLead Parties and their successors from claims, demands, any and all losses, damages, rights, and actions of any kind, including personal injuries, death, and property damage, that is either directly or indirectly related to or arises from your use of the Services, including but not limited to, any interactions with or conduct of other Users or third-party websites of any kind arising in connection with or as a result of the Terms or your use of the Services. If you are a California resident, you hereby waive California Civil Code Section 1542, which states, “A general release does not extend to claims that the creditor or releasing party does not know or suspect to exist in his or her favor at the time of executing the release and that, if known by him or her, would have materially affected his or her settlement with the debtor or released party.” The foregoing release does not apply to any claims, demands, or any losses, damages, rights and actions of any kind, including personal injuries, death or property damage for any unconscionable commercial practice by a CrossLead Party or for such party’s fraud, deception, false, promise, misrepresentation or concealment, suppression or omission of any material fact in connection with the Services.
12.3 Assignment. The Terms, and your rights and obligations hereunder, may not be assigned, subcontracted, delegated or otherwise transferred by you without CrossLead’s prior written consent, and any attempted assignment, subcontract, delegation, or transfer in violation of the foregoing will be null and void.
12.4 Force Majeure. CrossLead shall not be liable for any delay or failure to perform resulting from causes outside its reasonable control, including, but not limited to, acts of God, war, terrorism, riots, embargos, acts of civil or military authorities, fire, floods, accidents, strikes or shortages of transportation facilities, fuel, energy, labor or materials.
12.5 Questions, Complaints, Claims. If you have any questions, complaints or claims with respect to the Services, please contact us at: email@example.com. We will do our best to address your concerns. If you feel that your concerns have been addressed incompletely, we invite you to let us know for further investigation.
12.6 Governing Law. THE TERMS AND ANY ACTION RELATED THERETO WILL BE GOVERNED AND INTERPRETED BY AND UNDER THE LAWS OF THE STATE OF DELAWARE, CONSISTENT WITH THE FEDERAL ARBITRATION ACT, WITHOUT GIVING EFFECT TO ANY PRINCIPLES THAT PROVIDE FOR THE APPLICATION OF THE LAW OF ANOTHER JURISDICTION. THE UNITED NATIONS CONVENTION ON CONTRACTS FOR THE INTERNATIONAL SALE OF GOODS DOES NOT APPLY TO THE TERMS.
12.7 Notice. Where CrossLead requires that you provide an e-mail address, you are responsible for providing CrossLead with your most current e-mail address. In the event that the last e-mail address you provided to CrossLead is not valid, or for any reason is not capable of delivering to you any notices required/ permitted by the Terms, CrossLead’s dispatch of the e-mail containing such notice will nonetheless constitute effective notice. You may give notice to CrossLead at the following address: CrossLead, Inc., P.O. Box 34644, Washington, DC 20043. Such notice shall be deemed given when received by CrossLead by letter delivered by nationally recognized overnight delivery service or first class postage prepaid mail at the above address.
12.8 Waiver. Any waiver or failure to enforce any provision of the Terms on one occasion will not be deemed a waiver of any other provision or of such provision on any other occasion.
12.9 Severability. If any portion of the Terms is held invalid or unenforceable, that portion shall be construed in a manner to reflect, as nearly as possible, the original intention of the parties, and the remaining portions shall remain in full force and effect.
12.10 Export Control. You may not use, export, import, or transfer the Services except as authorized by U.S. law, the laws of the jurisdiction in which you obtained the Services, and any other applicable laws. In particular, but without limitation, CrossLead Properties may not be exported or re-exported (a) into any United States embargoed countries, or (b) to anyone on the U.S. Treasury Department’s list of Specially Designated Nationals or the U.S. Department of Commerce’s Denied Person’s List or Entity List. By using the Services, you represent and warrant that (y) you are not located in a country that is subject to a U.S. Government embargo, or that has been designated by the U.S. Government as a “terrorist supporting” country and (z) you are not listed on any U.S. Government list of prohibited or restricted parties. You also will not use the Services for any purpose prohibited by U.S. law, including the development, design, manufacture or production of missiles, nuclear, chemical or biological weapons. You acknowledge and agree that products, services or technology provided by CrossLead are subject to the export control laws and regulations of the United States. You shall comply with these laws and regulations and shall not, without prior U.S. government authorization, export, re-export, or transfer CrossLead products, services or technology, either directly or indirectly, to any country in violation of such laws and regulations.
12.11 Consumer Complaints. In accordance with California Civil Code §1789.3, you may report complaints to the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs by contacting them in writing at 400 R Street, Sacramento, CA 95814, or by telephone at (800) 952-5210.
12.12 Entire Terms. The Terms is the final, complete and exclusive agreement of the parties with respect to the subject matter hereof and supersedes and merges all prior discussions between the parties with respect to such subject matter.
Effective as of April 27, 2021.
If you are located in the European Economic Area or the United Kingdom, our Notice to European Users, found below, also applies to you.
Table of Contents
Personal Information We Collect
How We Use Your Personal Information
How We Share Your Personal Information
Cookies and Similar Technologies
Other Important Privacy Information
How to Contact Us
Notice to European Users
Personal Information We Collect
Information you give us. Personal information you may provide through the Sites or otherwise communicate to us includes:
- Registration and contact information. We collect information about you when you use the Sites or register or attend conferences at which we are present. This information may include your first and last name, email and mailing addresses, phone number and company name.
- Correspondence. We may collect information about you when you request information from us or otherwise correspond with us, such as your name, title, email address or other contact details.
How We Use Your Personal Information
To provide the Sites. We use your personal information:
- to provide, operate and improve the Sites;
- to communicate with you, including by sending you announcements, updates, security alerts, and support and administrative messages through, for example, email, Intercom, and Pendo;
- to better understand your needs and interests, and personalize your experience with the Sites; and
- to respond to your requests, questions and feedback.
For research and development. We use information automatically collected and other information to analyze trends, administer the Sites, analyze users’ movements around our Sites, gather demographic information about our user base as a whole, improve the Sites and develop new products and services.
To send you marketing communications. With your consent where required by applicable laws, we may send you newsletters or other marketing communications. You may opt out of receiving them as described in the ‘Opt out of marketing’ section below.
To create anonymous data. We may create aggregated and other anonymous data from our users’ information. We make personal information into anonymous data by removing information that makes the data personally identifiable. We may use this anonymous data and share it with third parties to understand and improve our Sites and for other lawful business purposes.
For compliance with law. We may use your personal information as we believe appropriate to (a) comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities; and (b) where permitted by law in connection with a legal investigation.
With your consent. In some cases we may ask for your consent to collect, use or share your personal information, such as when required by law or our agreements with third parties.
How We Share your Personal Information
Service providers. We may share your personal information with third party companies and individuals as needed for them to provide us with services that help us with our business activities and operate the Sites (such as customer support, hosting and storage, website analytics, email delivery, marketing/advertising, database management services and legal and other professional advice). These third parties will be given limited access to your personal information that is reasonably necessary for them to provide their services.
Authorities and others: We may disclose your personal information as we believe appropriate to government or law enforcement officials or private parties for the compliance, fraud prevention and safety purposes described above and for compliance with law.
Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business deal (or potential business deal) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.
Opt out of marketing. You may opt out of marketing-related emails at any time by following the unsubscribe instructions in the email or by contacting us at firstname.lastname@example.org. You may continue to receive service-related and other non-marketing emails.
Cookies and Similar Technologies
Other Important Privacy Information
Third party sites and services. The Sites may contain links to other websites and services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. We do not control third party websites, applications or services, and are not responsible for their actions. Other websites and services follow different rules regarding their collection, use and sharing of your personal information. We encourage you to read their privacy policies to learn more.
Security. The security of your personal information is important to us. We employ a number of organizational, technical and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the absolute security of your personal information.
International data transfer. We are headquartered in the United States and have service providers in other countries, and your personal information may be collected, used and stored in the United States or other locations outside of your home country. Privacy laws in the locations where we handle your personal information may not be as protective as the privacy laws in your home country.
Children. The Sites are not directed at, and we do not knowingly collect personal information from, anyone under the age of 16. If we learn that we have collected personal information from a child under age 16, we will attempt to delete that information as soon as possible.
How to Contact Us
If you have any questions or comments about this Policy or our privacy practices, please contact us at:
PO Box 34644
Washington, DC 20043
Notice to European Users
The following applies to individuals in the European Economic Area or in the United Kingdom.
Legal bases for processing. The legal bases of our processing of your personal information are described in the table below. Please reference the How We Use Your Personal Information section above for more detail on the processing purposes listed below. If you have questions about the legal basis of how we process your personal information, contact us at email@example.com.
To provide the Sites
For research and development
To create anonymous data
For compliance, fraud prevention and safety
To provide the Services you have requested or take steps to enter into a contract with you
For compliance with law
Our processing activities may be necessary to comply with our legal obligations. For example, to maintain appropriate business records, to comply with lawful requests by public authorities and to comply with applicable laws and regulations or as otherwise required by law.
With your consent
For example, we process your personal information to send you marketing communications when you have consented to receiving such marketing communication where required by law. Where we rely on your consent you have the right to withdraw it anytime in the manner by clicking on the unsubscribe link inserted in our marketing communication or by contacting us at firstname.lastname@example.org.
We retain personal information where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested; to comply with applicable legal, tax or accounting requirements; to establish or defend legal claims; or for fraud prevention). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. We may keep your personal information for a longer period to comply with our legal obligations or in the event of a complaint or litigation.
European data protection laws give you certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:
- Access. Provide you with information about our processing of your personal information and give you access to the personal information that we hold about you.
- Correct. Update or correct inaccuracies in your personal information.
- Delete. Delete your personal information.
- Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
- Restrict. Restrict the processing of your personal information.
- Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.
- Withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
You may submit these requests by email to email@example.com or our postal address provided above. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.
Cross-Border Data Transfer
If we transfer your personal information from the European Economic Area to a country outside of it and are required to apply additional safeguards to your personal information under European data protection legislation, we will do so. Please contact us for further information about any such transfers or the specific safeguards applied.
What are cookies?
Cookies are small data files that are placed on your computer when you visit a site. Cookies serve different purposes, like helping us understand how a site is being used, letting you navigate between pages efficiently, remembering your preferences and generally improving your browsing experience. Cookies can also help ensure advertising you see online is more relevant to you and your interests.
Who places cookies on my device?
Cookies set by the site you visit are called “first party cookies”. Cookies set by parties other than us are called “third party cookies”. Third party cookies enable third party features or functionality within the site, such as site analytics, advertising and social media features. The parties that set these third party cookies can recognize your computer or device both when it visits the site in question and also when it visits certain other sites and/or mobile apps. We do not control how these third parties use your information, which is subject to their own privacy policies. See below for details on use of third party cookies and similar technologies with our Sites.
How long will cookies stay on my device?
The length of time a cookie will stay on your device depends on whether it is a “persistent” or “session” cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies stay on your browsing device after you have finished browsing until they expire or are deleted.
What other tracking technologies should I know about?
Cookies are not the only way to track visitors to a site or app. Companies use tiny graphics files with unique identifiers called beacons (and also “pixels” or “clear gifs”) to recognize when someone visits its sites. These technologies often depend on cookies to function properly, and so disabling cookies may impair their functioning.What types of cookies and similar tracking technologies does CrossLead use?
|Type||Description||Who serves the cookies||Lifespan||How to control them|
|Analytics||These cookies help us understand how our Sites are performing and being used. These cookies may work with clear gifs included in emails we send to track which emails are opened and which links are clicked by recipients.||Google Analytics||Google-analytics default of 2 years of inactivity|
See ‘your choices’ below.
Google Analytics uses its own cookies. You can find out more information about Google Analytics and how to prevent the use of Google Analytics relating to your use of our Sites here
|Essential||These cookies are essential to provide you with our Sites and to enable you to use some of their features. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.||CrossLead||See ‘your choices’ below.|
|Functionality/performance||Allows our Sites to remember the choices you make when you use our Sites and enhance the performance and functionality of our Sites.|
See ‘your choices’ below.
Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, parts of the Sites may not work properly.
For more information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org.
Information about the cookies we use may be updated from time to time, so please check back on a regular basis for any changes.
Last modified April 27, 2021
Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, parts of the Sites may not work properly.
For more information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org.
Information about the cookies we use may be updated from time to time, so please check back on a regular basis for any changes.
Last modified April 22, 2021
List of Subprocessors
Last updated April 26, 2021
|Entity Name||Purpose||Entity Country|
|Amazon Web Services, Inc.||Hosting and Storage||United States|
|Automattic||Website Functionality||United States|
|Dropbox, Inc.||Data Processing||United States|
|Google, Inc.||Analytics||United States|
|Stripe, Inc.||Cloud-Based Payment Provider||United States|
|Zoom Video Communications, Inc.||Video Conferencing provider||United States|
|Qualtrics||Survey collection||United States|
|Ontraport||Business Automation||United States|
|Let’s Encrypt||SSL Certificate Provider||United States|
|Wordfence||Firewall / IP monitoring||United States|
|Sucuri||Website forensics and audit logs||United States|
- MODIFICATIONS TO THIS AGREEMENT.
- ACCESS AND USE
- COMPANY RESPONSIBILITIES.
- FEES AND EXPENSES; PAYMENTS.
- REPRESENTATIONS AND WARRANTIES.
- DISCLAIMERS, EXCLUSIONS AND LIMITATIONS OF LIABILITY.
- TERM AND TERMINATION.
- DEFINITIONS.Certain capitalized terms, not defined above, have the meanings set forth below.
- Organizational management and dedicated staff responsible for the development, implementation and maintenance of CrossLead’s information security program.
- Audit and risk assessment procedures for the purposes of periodic review and assessment of risks to CrossLead’s organisation, monitoring and maintaining compliance with CrossLead’s policies and procedures, and reporting the condition of its information security and compliance to internal senior management.
- Data security controls which include at a minimum, but may not be limited to, logical segregation of data, restricted access and monitoring, and utilization of commercially available and industry standard encryption technologies for Personal Data that is:
- transmitted over public networks (i.e. the Internet) or when transmitted wirelessly; or
- at rest or stored on portable or removable media (i.e. laptop computers, CD/DVD, USB drives, back-up tapes).
- Logical access controls designed to manage electronic access to data and system functionality based on authority levels and job functions, (e.g. granting access on a need-to-know basis, use of unique IDs and passwords for all users, periodic review and revoking/changing access when employment terminates or changes in job functions occur).
- Password controls designed to manage and control password strength, expiration and usage including prohibiting users from sharing passwords and requiring that CrossLead passwords that are assigned to its employees: (i) be at least eight (8) characters in length, (ii) not be stored in readable format on CrossLead’s computer systems; (iii) must be changed every four (4) months; and must have defined complexity.
- Physical and environmental security of data center, server room facilities and other areas containing Personal Data designed to: (i) protect information assets from unauthorized physical access, (ii) manage, monitor and log movement of persons into and out of CrossLead facilities, and (iii) guard against environmental hazards such as heat, fire and water damage.
- Change management procedures and tracking mechanisms designed to test, approve and monitor all changes to CrossLead’s technology and information assets.
- Incident / problem management procedures design to allow CrossLead to investigate, respond to, mitigate and notify of events related to CrossLead’s technology and information assets.
- Network security controls that provide for the use of enterprise firewalls, and event correlation procedures designed to protect systems from intrusion and limit the scope of any successful attack.
- Vulnerability assessment and threat protection technologies and scheduled monitoring procedures designed to identify, assess, mitigate and protect against identified security threats, viruses and other malicious code.
- Business resiliency/continuity and disaster recovery procedures designed to maintain service and/or recovery from foreseeable emergency situations or disasters.
- Details of the transfer
- Third-party beneficiary clause
- Obligations of the data exporter
- Obligations of the data importer
- Mediation and jurisdiction
- Cooperation with supervisory authorities
- Governing Law
- Variation of the contract
- Obligation after the termination of personal data processing services