Last Updated: May 25th, 2021

These Routine Legal Terms shall be referred to herein as “RLTs”, and are between Beachfront Media, LLC (“Beachfront”) and the Company set forth in the applicable Beachfront Publisher Direct Agreement (the “Publisher Agreement”). These RLTs form a part of, and are incorporated into, the Publisher Agreement by reference. The Publisher Agreement and these RLTs shall collectively be referred to herein as this “Agreement”. Beachfront and Company may be referred to herein individually as a “Party” or collectively as the “Parties”.

Capitalized terms, not otherwise defined herein, shall have the meaning attributed thereto in the Publisher Agreement.

For good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the Parties herby agree as follows:

1. Definitions.

1. “Ads”or “Advertising” means any type of advertising material or content, in any format and however delivered, together with related code and other material used for the placement and display of such material or content on Company Sites.

2. “Ad Inventory”means any space made available on the Company Sites for purchase through the Service for the display of Advertising.

3. “Applicable Data Protection Law” means any and all applicable privacy and data protection laws including EU General Data Protection Regulation (Regulation 2016/679) and California Consumer Privacy Act of 2018 (Cal. Civ. Code §§ 1798.100 – 1798.199), each as amended, replaced or superseded from time to time.

4. “Beachfront Materials”means the Service and the underlying technology, as such may be modified, upgraded, and/or enhanced from time to time, together with all intellectual property rights therein.

5. “Beachfront Privacy Policy” means the privacy policy available on Beachfront’s website at https://www.beachfront.com/privacy-policy as may be updated from time to time.

6. “Beachfront Supply Policy” means the Beachfront Supply Policy located at https://www.beachfront.com/legal/policies.

7. “Buyer” means any party engaged in purchasing, or facilitating the purchase of, Ad Inventory through the Service, including any ad network, ad exchange, demand-side platform, agency trading desk, ad agency, or provider of goods or services advertised and any representative thereof.

8. “Company Site(s)”means digital properties, including websites, mobile websites, mobile applications, connected/over-the-top television, set-top box, linear television, video players, games, portals, or other devices, that are owned and operated by Company or otherwise represented by Company.

9. “Platform Polices” means, collectively: (a) any specifications, technical documentation, or integration requirements made accessible to Company by Beachfront in connection with Company’s use of the Service; and (b) requirements, prohibitions, and guidelines applicable to Company’s integration with or use of the Service as instructed by Beachfront or a third party, as updated from time to time, which are made available to Company via the user interface of the platform, including without limitation, the Beachfront Supply Policy.

10. “Service” means each Beachfront product, platform, or service provided or made accessible to Company in accordance with this Agreement.

11. “User Volunteered Data” means personal data or information (as defined under Applicable Data Protection Law) collected from individual users by Company during delivery of an ad pursuant to this Agreement where it is expressly disclosed to such individual users that such collection is solely on behalf of Beachfront or a Buyer.

2. Company Obligations.

Company shall register for the Service with accurate information when establishing an account (“Account”) and keep its account and password secure.  Company is responsible for all activities that occur under its Account. Company shall at all times ensure full compliance with the Platform Policies.

In connection with Company’s use of the Service, Company will comply with all applicable laws including but not limited to Applicable Data Protection Law, consumer protection laws and laws protecting children.

Company may access and use the Beachfront Materials solely for the purposes of using the Service and performing its obligations under this Agreement, and solely in accordance with the Platform Policies, and may not: resell, reverse engineer, decompile, disassemble, create derivative works or otherwise use the Beachfront Materials to build a competitive product or service.

3. Marks and Intellectual Properties.

Each Party shall own and retain all right, title, and interest in its trade names, logos, trademarks, service marks, trade dress, internet domain names, copyrights, patents, and trade secrets and content currently used or which may be developed and/or used in the future. All ownership rights, title, and interest in and to any Beachfront Materials will remain with and belong exclusively to Beachfront. Beachfront reserves all rights not expressly granted to Company herein.

Company may, in its sole discretion, provide Beachfront with suggestions or other feedback regarding any Beachfront Materials, which Beachfront may freely incorporate into the Beachfront Materials or otherwise use in its discretion, without payment of any royalty or any duty to account to Company

Company hereby gives Beachfront permission to make reference to the Company’s corporate name and logo on its web site and in its marketing materials.

4. Confidentiality.

For the purposes of this Agreement, “Confidential Information” means non-public information, know-how and trade secrets in any form that is designated as being confidential, or that a reasonable person knows or reasonably should understand to be confidential. The foregoing notwithstanding, the following types of information, however marked, are not confidential information: information that the receiving Party can demonstrate with clear evidence (a) was previously known to the receiving Party at the time of disclosure, free of any obligation to keep it confidential; (b) became publicly known through no wrongful act of the receiving Party; (c) was rightfully received by the receiving Party from a third party who was not bound under any confidentiality provisions; or (d) was independently developed by the receiving Party without use of or reference to the disclosing Party’s Confidential Information. Each Party agrees to use the other Party’s Confidential Information solely for the purposes of performing its obligations under this Agreement and further agrees to use the same degree of care to prevent disclosure of the disclosing Party’s Confidential Information that it would use with respect to its own information of like character, but in any case no less than a reasonable degree care. Each Party will refrain from disclosing the other Party’s Confidential Information to any third-party, except to the extent that (a) disclosure to its employees, consultants or authorized agents is reasonably necessary to perform its obligations or exercise its rights under this Agreement, and even then only so long as such employees, consultants or authorized agents are explicitly bound by confidentiality obligations no less restrictive than those which are set forth herein, (b) disclosure is required by applicable law, provided that the Party required to make such disclosure must use reasonable efforts to give the other Party advance notice thereof (so as to afford that Party an opportunity to intervene and seek an order or other relief for protecting its Confidential Information from any unauthorized use or disclosure) and the Confidential Information is only disclosed to the extent required by law, or (c) disclosure is made with the consent of the disclosing Party. If there is any breach or potential breach by either Party of its obligations under this Section, the injured Party may seek injunctive and other equitable relief to enforce such obligations.

5. Privacy, Data Use and Data Protection.

1. Privacy Policies: Company agrees to post on the Company Sites a privacy policy, and if Company is selling Ad Inventory in an application(s), Company agrees to include within the application a link to a privacy policy, that complies with Applicable Data Protection Law, including the disclosure of all applicable user data collection, use and disclosure practices.
2. COPPA: Company hereby agrees that the Company Sites shall not be directed to children (as defined by the U.S. Children’s Online Privacy Protection Act and associated regulations (“COPPA”) unless agreed to in writing between the Parties. Company acknowledges that Beachfront may elect not to sell Advertising on child-directed Company Sites.
3. Data Use: Beachfront has the right to collect, use and disclose data transmitted through or otherwise derived from Company’s use of the Service as follows: (i) to operate the Beachfront platform and the Service, (ii) to perform its obligations under this Agreement, including fulfilling its reporting obligations to applicable Buyers and utilizing third-party vendors for validating traffic, fraud prevention and other similar type services, (iii) to analyze and use data generated and derived from or about the operation and use of the Service for Beachfront’s legitimate and lawful operational, technological development, improvement and related business purposes; (iv) if and as required by court order, law or governmental or regulatory agency (after, if permitted, giving reasonable notice to Company and using commercially reasonable efforts to provide Company with the opportunity to seek a protective order or the equivalent (at Company’s expense)), (v) for the purposes described in the Beachfront Privacy Policy; and (vi) as otherwise permitted with Company’s prior written consent. In addition, Beachfront may use and share without restriction any data that is either anonymized, so as not to be identifiable to a specific source, or aggregated, so as not to be identifiable to any individual transaction.Similarly, Company has the right to collect, use and disclose any data transmitted through or otherwise derived from Company’s use of the Service provided that: (i) such use and disclosure complies with all Applicable Data Protection Law and Publisher’s own privacy policy, and (ii) Publisher shall not (A) use or disclose any information, on a non-anonymized or non-aggregated basis, that is gathered during the delivery of an Ad in connection with the Service, or that otherwise pertains to such Ad, including pricing information, the total number of impressions served, the total number of clicks on such impressions, whether an end user viewed or clicked on an ad (i.e. user-level data), for any purpose other than performing its obligations under this Agreement or for internal reporting or internal analysis; nor shall Publisher (B) use or disclose any User Volunteered Data in any manner other than in performing its obligations under this Agreement.
4. Data Protection: The Data Protection Addendum attached hereto as Schedule 1 shall form a part of this Agreement and its terms are hereby incorporated into this Agreement by reference.

Each Party represents and warrants to the other Party that (a) such Party has the required power and authority to enter into this Agreement and to perform its obligations hereunder, (b) the execution of this Agreement and performance of its obligations hereunder do not and will not violate any other agreement to which it is a party; and (c) this Agreement constitutes a legal, valid and binding obligation when signed by both Parties. Each Party shall comply with all applicable laws, rules, and regulations in performing its respective obligations and exercising its rights under this Agreement, including, without limitation, Applicable Data Protection Law and any and all applicable laws with respect consumer protection and the protection of children (i.e., COPPA).

EXCEPT AS EXPLICITLY SET OUT IN THIS AGREEMENT, BOTH PARTIES DISCLAIM ALL WARRANTIES (EXPRESS OR IMPLIED) with respect to the subject matter of this Agreement, including without limitation any implied representation, term or warranties of merchantability or fitness for a particular purpose. Without limiting the generality of the above and to the maximum extent permitted by applicable law, Beachfront makes no representation or warranty as to any Ad or content or level of response or any benefit or revenues that Company (or Company’s users) will obtain from its use of the Service, and Beachfront does not represent or warrant that the Service will be always available or error-free.

7. Indemnification.

1. Indemnification by Beachfront: Beachfront shall indemnify Company, its affiliates and each of its and their officers, directors, employees, and agents (each, a “Company Indemnified Party”) against any and all damages, losses, and liabilities resulting from any third party claim, allegation, or legal action (a “Claim”) arising from or in connection with any breach, or alleged breach, by Beachfront of its obligations, representations and warranties under this Agreement (including any attached schedule/s or agreements).urther, Beachfront shall indemnify ƒ Company Indemnified Parties for any Claim that the Beachfront Materials infringe or misappropriate such third party’s intellectual property or other rights by reason of the use of the Beachfront Materials by Company as permitted hereunder (an “Company IP Claim”). In the event a Company IP Claim under this Section is made or, in Beachfront’s reasonable opinion, is likely to be made, Beachfront may, at its sole option and expense: (1) procure for Company the right to continue using the Beachfront Materials that are the subject of such Company IP Claim, or (2) replace or modify the Beachfront Materials that are the subject of such Company IP Claim to be non-infringing without material decrease in functionality.  If the foregoing options are not reasonably practicable, Beachfront may terminate this Agreement.
2. Indemnification by Company: Company shall indemnify Beachfront, its affiliates and each of its and their officers, directors, employees, and agents (each, an “Beachfront Indemnified Party”) from and against any and all damages, losses, and liabilities from any Claim arising from or in connection with any breach, or alleged breach, by Company of its obligations, representations and warranties under this Agreement (including any attached schedule/s or agreements).
3. Procedure: The indemnified Party must (a) promptly notify the indemnifying Party of any Claim (for purposes of procedure, Claim includes any Company IP Claim), provided that failure or delay in providing notice shall not relieve a Party of its indemnification obligations except to the extent actually prejudiced thereby; (b) reasonably cooperate with the other Party in connection with such Claim at the expense of the indemnifying Party, and (c) tender to the indemnifying Party the sole and exclusive authority to defend and/or settle any such Claim; provided that indemnifying Party will not, without the indemnified Party’s prior written consent, which shall not be unreasonably withheld or delayed, enter into any settlement of a Claim that:  (i) imposes a monetary obligation on indemnified Party that is not covered by the indemnification, (ii) imposes a material, non-monetary obligation on indemnified Party or materially increases the indemnified Party’s costs or risk, (iii) does not include an unconditional release of indemnified Party, or (iv) admits liability on the part of the indemnified Party.

8. Exclusion and Limitation of Liability.

Except for liability arising from (A) a Party’s obligations set forth in the paragraphs herein entitled “Marks and Intellectual Property”, “Confidentiality”, “Privacy, Data Ownership and Data Protection”, (B) a Party’s violation of any applicable laws, rules, and regulations (including without limitation Applicable Data Protection Law), (C) a Party’s indemnification obligations set forth herein under the heading “Indemnification”, and (D) a Party’s gross negligence or willful misconduct (collectively, the “Exclusions”), neither Party shall be liable to the other Party for any indirect, special, incidental, consequential, or punitive damages of any character, including, without limitation, damages for loss of goodwill, lost profits, lost sales or business, work stoppage, computer failure or malfunction, lost data, or for any and all other damages or losses, even if a representative of a Party has been advised of the possibility of such damages. Except for liability arising from the Exclusions, neither Party shall be liable to the other Party under any cause of action or theory for an amount that exceeds the greater of US $250,000 or the aggregate amount payable under this Agreement for the most recent twelve (12) month period immediately preceding the date the liability arose. Beachfront shall not have any liability arising from any Agreements between Company and any Buyer or from any Advertisements. The provisions of this section fairly allocate the risks under this Agreement between the Parties, and the parties have relied on the limitations set forth herein in determining whether to enter into this Agreement and shall apply notwithstanding any provision of this Agreement to the contrary and regardless of the form of action.

1. Suspension; Termination:Beachfront may limit and/or suspend Company’s access to and use of the Service (including ceasing purchase, sale, delivery, or serving of Ads or Ad Inventory) if Beachfront has a reasonable basis to suspect that: (a) Company is violating the terms of this Agreement or the Platform Policies; (b) Company is violating any applicable law or regulation; (c) Company’s use of the Service is likely to cause harm to Beachfront’s other customers, or end users of Company Sites or their data, devices, or systems.  Beachfront will use commercially reasonable efforts to provide Company with notice prior to any limitation or suspension, but in any event will notify Company promptly thereafter. If the event giving rise to the limitation or suspension is curable and has not been cured within seven (7) days, Beachfront may immediately terminate this Agreement in whole or in part via written notice (email acceptable).
2. Obligations on Termination:Upon termination of this Agreement for any reason, all rights granted hereunder and all obligations of Beachfront to provide the Service shall immediately terminate. Notwithstanding the foregoing, the definitions and obligations of the Parties contained in this Agreement regarding proprietary rights ownership, confidentiality, legal and regulatory compliance (including privacy and data), indemnities, any accrued unpaid payment obligations set forth in this Agreement, and any other provisions that are, by their nature, intended to continue beyond the termination of this Agreement, shall survive termination of this Agreement.

Neither Party shall be deemed in breach hereunder for any cessation, interruption or delay in the performance of its obligations due to causes beyond its reasonable control, including, without limitation, earthquake, flood, or other natural disaster, act of God, labor controversy, civil disturbance, terrorism, war (whether or not officially declared) or the inability to obtain sufficient supplies, transportation, or other essential commodity or service required in the conduct of its business, or any change in or the adoption of any law, regulation, judgment or decree.

This Agreement may be executed in any number of counterparts, each of which shall be deemed an original instrument, but all of which together shall constitute only one and the same instrument. Execution and delivery of this Agreement by exchange through a service such as EchoSign or DocuSign bearing the electronic signature of a Party, or .pdf bearing electronic or handwritten signatures hereto, shall constitute a valid and binding execution and delivery of this Agreement by such Party. Such copies shall constitute enforceable original documents.

This Agreement may not be amended or modified, in whole or part, except by a writing signed by duly authorized representative of each Party. No provision or part of this Agreement or remedy hereunder may be waived except by a writing signed by a duly authorized representative of the Party making the waiver. Failure or delay by either Party to enforce any provision of this Agreement will not be deemed a waiver of future enforcement of that or any other provision.

Nothing in this Agreement shall be construed to place the Parties hereto in an agency, employment, franchise, joint venture, or partnership relationship. Except as provided herein, neither Party will have the authority to obligate or bind the other in any manner, and nothing herein contained shall give rise or is intended to give rise to any rights of any kind to any third parties.

In the event that any provision of this Agreement is found to be unenforceable, such provision will be reformed only to the extent necessary to make it enforceable, and such provision as so reformed will continue in effect, consistent with the intent of the Parties as of the Effective Date.

This Agreement shall be governed by and construed in accordance with the laws of the State of Florida without regard to its rules of conflict of laws. Each of the Parties hereto hereby irrevocably and unconditionally consents to submit to the exclusive jurisdiction of the courts of the State of Florida located in Volusia County, Florida for any litigation among the Parties hereto arising out of or relating to this Agreement.

All notices under or related to this Agreement will be in writing, will reference this Agreement and shall be given by certified mail, by facsimile or other means of electronic communication (including email) or delivered in person. Notice to Beachfront by email will only be deemed given if sent to: legal@beachfront.com. Otherwise the address for notice for each Party shall be the address set forth on the front page of the Publisher Agreement to which these RLTs are attached. Any notice shall be deemed to be received, if mailed on the day such mail is delivered by the post office or other applicable delivery service, if sent by facsimile or other means of electronic communication, on the business day following the sending, or if delivered in person at the time it is delivered.

In the event of any conflict or inconsistency between provisions or components of this Agreement, as may be amended from time to time, the order of precedence shall be: (a) the Publisher Agreement, and (c) these RLTs.

Neither Party may assign this Agreement, or sublicense any of the rights granted herein, in whole or in part, without the prior written consent of the non-assigning Party, which consent will not be unreasonably withheld by the non-assigning Party. Notwithstanding the foregoing, either Party may assign this Agreement without such consent (i) to a person or entity that directly or indirectly controls, is controlled by or is under common control with such Party, and (ii) in connection with a merger, reorganization or sale of a substantial part of the assets or business to which this Agreement relates. Subject to the foregoing limitation, this Agreement will be binding upon, inure to the benefit of and be enforceable by the Parties and their respective successors and assigns. Any attempt by either Party to assign or transfer any of the rights, duties or obligations of this Agreement in violation of the foregoing shall be void.

The Publisher Agreement, these RLTs and any other agreement, order form or schedule attached to the Publisher Agreement in respect of the Service, constitutes the entire agreement between the Parties regarding the subject matter contained herein and therein and supersedes and replaces all prior or contemporaneous understandings or agreements between the Parties, written or oral, regarding such subject matter.

SCHEDULE A

DATA PROTECTION ADDENDUM

This Data Protection Addendum (“Addendum”) forms part of Direct Publisher Agreement (including the Routine Legal Terms incorporated therein) (“Agreement”) by and between Company and Beachfront Media, LLC (“Beachfront”).

 1. DEFINED TERMS

In this Addendum, the following terms have the following meanings:

1. “Applicable Data Protection Law” means applicable laws relating to privacy protection in all jurisdictions where the Agreement is performed (including without implied limitation GDPR and CCPA), each as amended from time to time.
   
2. “CCPA” means the California Consumer Privacy Act of 2018 (Cal. Civ. Code §§ 1798.100 – 1798.199) and its implementing regulations (as and when finalized).
   
3. “Company Personal Information” means any Personal Information about users of Company’s Sites that is Processed by Beachfront pursuant to, or in connection with, the Agreement.
   
4. “Controller” means the person or entity who or that determines the purpose and means of Processing of Personal Information, including a “business” as defined in CCPA.
   
5. “Data Subject” means a natural person to whom Personal Information relates, including a “consumer” as defined in CCPA.
   
6. “GDPR” means the General Data Protection Regulation (EU 2016/679) and its implementing laws.
   
7. “LSPA” means IAB Limited Service Provider Agreement.
   
8. “Personal Information” has the meaning given under Applicable Data Protection Law (including corollary terms, such as personal data).
   
9. “Personal Information Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration or unauthorized disclosure of or access to Personal Information that requires notification to third parties pursuant to Applicable Data Protection Law.
   
10. “Process” and “Processing” (and their variants) means any operation or set of operations performed on Personal Information.
    
11. “Processor” means the person or entity who or that Processes Personal Information on behalf of the Controller, including a “service provider” as defined in CCPA.
12. "Purpose" means the Processing of Company Personal Information in connection with the exercise of Beachfront’s rights and the fulfillment of its obligations as contemplated under the Agreement, including without limitation, for the purpose of (i) selling, and improving Ad targeting on, Company’s Ad Inventory; (ii) fulfilling reporting obligations to Buyers of the Ad Inventory; (iii) validating and measuring traffic quality, including detecting and preventing Invalid Traffic and other similar type services.

Any other capitalized term used but not defined in this Addendum has the meaning given in the Agreement.

 2.  COMPANY OBLIGATIONS

1. Company will not share with Beachfront any Company Personal Information (i) that allows Data Subjects to be directly identified (for example by reference to their name and e-mail address); (ii) that contains any Special Categories (as such term is defined in GDPR) of Personal Information, unless expressly agreed in writing or as permitted under Applicable Data Protection Law and/ or; (iii) that contains Personal Information relating to children under the age of 16 years unless otherwise agreed to by Beachfront
2. Company as Controller appoints Beachfront as Processor to Process Company Personal Information on behalf of Company for the Purpose or as required to comply with applicable law. Beachfront shall have no liability for any claim arising from or related to Beachfront’s Processing of Company Personal Information in connection with the Purpose.
3. Company and Beachfront will in no event Process Company Personal Information as Joint Controllers (as such term is defined in GDPR). Each party is individually and separately responsible for complying with the obligations that apply to it as a Controller and Processor, as the case may be, under Applicable Data Protection Law.
4. Company hereby represents to Beachfront that all Company Personal Information provided or made available by or on behalf of Company to Beachfront for Processing in connection with the Agreement has been collected and transmitted to Beachfront in accordance with Applicable Data Protection Law and not in violation of any third party’s privacy or data protection rights.
5. Without limiting the foregoing, Company hereby represents to Beachfront that (i) proper notice, disclosure of information and opt-out opportunities have been provided to Data Subjects in accordance with industry practices and Applicable Data Protection Law and any opt-out records provided to Beachfront, and (ii) all consents required under Applicable Data Protection Law have been obtained from Data Subjects, including as required by EU General Data Protection Regulation (Regulation 2016/679) (“Required Consents”), in each case to enable Beachfront to lawfully Process the Company Personal Information for the Purpose. For avoidance of doubt, Required Consents include, but are not limited to, those necessary to collect information about end users through the use of technologies, such as cookies and pixels, located on the end user’s device, and to pass such information to Beachfront for processing in accordance with the Agreement. All Required Consents shall be obtained before any such technologies are set on the applicable end user’s device, regardless of whether such technologies are set directly by Company (or its applicable partner(s)) or by or through Beachfront.
6. Where CCPA applies, Company is and shall remain a Participant under the LSPA during the term of the Agreement and shall comply with all obligations as such under the LSPA. Specifically, Company shall ensure that, where required, Data Subjects are provided with adequate notice regarding their rights with regard to their Personal Information and are clearly provided with a mechanism to opt-out of the sale of their Personal Information pursuant to the CCPA (e.g. a “Do Not Sell My Personal Information” or “Do Not Sell My Info” link or an icon that may, in the future, be designated by the California Attorney General). In the case of any such opt-out, Company shall clearly designate the applicable user’s personal information as such to Beachfront.

3. BEACHFRONT OBLIGATIONS

1. Unless restricted by applicable law, Beachfront shall inform Company if, in Beachfront’s reasonable judgment, its Processing of Company Personal Information pursuant to the Agreement or Company’s instruction conflicts or is inconsistent with Beachfront’s legal obligations or Applicable Data Protection Law.
2. Beachfront shall ensure that all employees and agents (including sub-Processors) who are authorized by Beachfront to Process Company Personal Information are subject to contractual, statutory or common law obligations of confidentiality.
3. Beachfront shall provide Company with reasonable assistance, at Company’s expense, with data protection impact assessments or prior consultations with a supervisory authority (as such term is defined in GDPR) that Company is required to carry out under Applicable Data Protection Law.
4. Beachfront shall implement reasonable and appropriate administrative, physical and technical safeguards designed to ensure a level of security appropriate to the risk of its Processing of the Company Personal Information as contemplated herein. Company acknowledges that Beachfront employs fewer than 250 persons and that the Processing of Company Personal Information as contemplated for the Purpose is not likely to result in a risk to the rights and freedoms of Data Subjects.
5. Without undue delay after Beachfront has a reasonable degree of certainty about the occurrence of a Personal Information Breach affecting the Company Personal Information Processed by Beachfront pursuant to this Addendum, Beachfront shall: notify Company of the Personal Information Breach via email to the email address provided to Beachfront in Company’s Account (“Company Notification Email”); provide such information as Company may reasonably require to meet its obligations under applicable law with respect to the Personal Information Breach; and take commercially reasonable steps to remediate the Personal Information Breach. Company understands and agrees that Beachfront is not liable for Company’s failure to timely receive any duly-transmitted email sent to the Company Notification Email that was not received by Company due to Company’s failure to monitor or maintain as active the Company Notification Email or technical issues outside of Beachfront’s reasonable control.
6. Beachfront shall timely notify Company via the Company Notification Email if Beachfront receives a valid and verifiable request from a Data Subject relating to the Processing of his or her Personal Information pursuant to this Addendum. Beachfront shall provide Company with reasonable assistance, at Company’s expenses, in responding to the request in a manner consistent with the functionality of the Service.
7. If Company is subject to a lawful information request or investigation from a competent regulator relating to Processing of Company Personal Information pursuant to this Addendum, Beachfront shall, when required by Applicable Data Protection Law, provide reasonable assistance to Company in responding to information requests (if and to the extent Beachfront has the requested information and Company does not); provided that:
   1. Company shall ensure that all information obtained or generated in connection with any information request, audit or inspection is kept strictly confidential other than legally-mandated disclosure to a competent regulator or as otherwise required by applicable law;
   2. Company shall ensure that any information request, audit or inspection shall be permitted only for the purpose of verifying Beachfront’s compliance with this Addendum and Applicable Data Protection Law. In no event may Company require Beachfront to provide or permit access to information concerning confidential information relating to other recipients of the Service or other third parties or trade secrets;
   3.  If any information request or investigation relates to systems provided by or on the premises of Beachfront’s sub-Processors, the scope of such information request or investigation shall be as permitted under the relevant agreement in place between Beachfront and the sub-Processor;
   4. Company shall pay Beachfront’s reasonable costs for Beachfront’s assistance with an audit or inspection or other work undertaken pursuant to Beachfront’s obligations as a Processor under this Addendum unless such costs are incurred due to Beachfront’s breach of its obligations under this Addendum; and
   5. Company shall give Beachfront reasonable advance notice of any audit or investigation to be conducted, shall conduct such audit or investigation during Beachfront’s regular business hours and shall use reasonable effort to minimize disruption to Beachfront’s business during such an audit or investigation.
   6. Subsections (i) through (v) above shall collectively be referred to herein as the “Audit Conditions”.
8. Company may appoint a third-party auditor, who is in possession of required professional qualifications and bound by a duty of confidentiality, to conduct one audit per twelve (12) month period during the term of the Agreement unless Company has a good-faith belief that Beachfront is not in compliance with Applicable Data Protection Law and Company identifies in writing the basis for its good-faith belief, in any case any such audit shall be subject to the Audit Conditions set forth in section 3g above.
9. Beachfront shall, upon Company’s written request, delete or return to Company all Company Personal Information in Beachfront’s possession; provided, however, that Beachfront may retain Company Personal Information as permitted or required to meet its obligations under applicable law. Deletion for the purposes of this sub-section (i) shall include anonymizing Company Personal Information.
10. Company hereby provides its general authorization to Beachfront to appoint sub-Processors to perform the Purpose as contemplated herein, provided that Beachfront shall ensure that its sub-Processors are contractually obligated to protect Company Personal Information in compliance with Applicable Data Protection Law and consistent with the obligations imposed on Beachfront in this Addendum. Upon Company’s request, Beachfront shall provide a list of Beachfront’s then-current sub-Processors.

4. INTERNATIONAL TRANSFERS

 In the case where Company Personal Information includes Personal Information of Data Subjects located in the European Economic Area (“EEA”), United Kingdom (if and when the United Kingdom withdraws from the European Union) or Switzerland (collectively, the “Restricted Jurisdictions”):

1. Beachfront agrees, in respect of such Company Personal Information, to be bound by the Standard Contractual Clauses for the transfer of Personal Information to Processors established in third countries as adopted by the European Commission (or the United Kingdom government if and when the United Kingdom withdraws from the European Union) (“Model Clauses”), and in the event of any conflict between the Model Clauses and this Addendum, the Model Clauses will prevail. Notwithstanding the foregoing, the Model Clauses shall not apply where Beachfront Processes Personal Information in a country that the European Commission has decided provides adequate protection for Personal Information (“Approved Country”).
2. Beachfront shall not transfer such Company Personal Information (nor permit the transfer of such Company Personal Information) outside of the Restricted Jurisdictions, unless Beachfront deploys appropriate safeguards, as required by Applicable Data Protection Law, such as transferring such Company Personal Information to (1) a recipient in an Approved Country or (2) a recipient with whom Beachfront has entered into the Model Clauses.

5. CHANGE IN LAWS

The parties agree:

1. to make, from time to time, any variations to the Model Clauses that apply to transfers of Company Personal Information subject to a particular Applicable Data Protection Law, which are required, as a result of any change in, or decision of a competent authority under, that Applicable Data Protection Law, to allow those transfers to be made (or continue to be made) without breach of that Applicable Data Protection Law;
2. to make any other variations to this Addendum or the Agreement which are reasonably necessary to address the requirements of any Applicable Data Protection Law, and specifically, without limiting the foregoing, the parties acknowledge the CCPA remains subject to amendment and regulations that have not yet been promulgated, and other states and the United States Congress are considering similar laws (all of the foregoing, “New Privacy Laws”); accordingly, each party agrees and warrants that it will implement such policies and commitments as the other party may reasonably request in connection with compliance with such New Privacy Laws, with regard to which each party agrees and warrants to work together in good faith to amend this Addendum. If the parties cannot reach agreement on how to address CCPA and/or New Privacy Laws, either party may terminate this Agreement.

6. MISCELLANEOUS