Legal Center
Assurance Services Addendum
ASSURANCE SERVICES ADDENDUM
This Assurances Services Addendum (“Addendum”) is entered into by and between you as an individual or the company or organization indicated in an Order form (“you” or the “Customer”), which you validly represent, and TrustArc Inc, a Delaware corporation, with offices at 2121 N. California Blvd., Suite 290, Walnut Creek California 94596, USA (on its behalf and its Affiliates, “TrustArc”) (each of TrustArc and Customer, a “Party” and together, the “Parties”). It is effective as of the date of your acceptance of this Addendum (“Effective Date”).
This Addendum is part of the TrustArc Subscription and Services Agreement and defines the additional terms of service that govern your purchase of a subscription to a TRUSTe Assurance Program, a TRUSTe Assurance Solution, or dispute resolution services (each a “TrustArc Solution”), as described herein.
BY ACCEPTING THIS ADDENDUM AS PART OF AN ORDER FORM THAT REFERENCES AND INCORPORATES THIS ADDENDUM, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTAND THIS ADDENDUM, THAT YOU HAVE HAD THE OPPORTUNITY TO CONSULT WITH LEGAL COUNSEL PRIOR TO ACCEPTANCE OF THIS ADDENDUM, AND THAT YOU ACCEPT AND AGREE TO ALL THE TERMS AND CONDITIONS OF THIS ADDENDUM.
1. SCOPE.
1.1 Orders. The Solutions ordered by Customer, corresponding fees and additional terms are identified in one or more Orders between TrustArc and Customer. If Customer orders additional or supplemental Solutions a er the Effective Date, TrustArc may require execution of an additional Order, or, where appropriate, may require execution of an amendment to an existing Order.
1.2 SSA. The TrustArc Subscription and Services Agreement (“SSA”) governs the license of all Solutions, including those under this Addendum, and is incorporated here by reference.
1.3 Incorporation. This Addendum incorporates by reference any mutually agreed upon attachments referencing this Addendum, including without limitation, any Order or similar documents, e.g. statements of work or schedules.
1.4 Conflicts. The provisions of this Addendum are supplemental to the SSA, but where there are conflicting provisions, this Addendum supersedes any other agreement, Order, or terms unless specifically stated that a provision supersedes this Addendum.
1.5 The provisions of this Addendum shall apply to and be binding upon TrustArc and its Affiliates, including without limitation TRUSTe LLC, except where the obligations and responsibilities of a specific Affiliate of TrustArc are otherwise specified in this Addendum or an Order.
2. DEFINITIONS.
2.1 “Assurance Standards” means the requirements, conditions, and other terms applicable to Customer under a TRUSTe Assurance Program or Assurance Solution (together “Assurance Services”), available online at https://www.TrustArc.com/privacy-certification-standards.
2.2 “Scope” means any or all of the entities, properties, platforms, data types, or data sources that are the subject of the TRUSTe Assurance Services and as further defined in an applicable Order.
2.3 “TRUSTe Marks” means the trademark, service mark, certification mark, trade name, trade dress and the like corresponding to the applicable TRUSTe Assurance Program offered by TRUSTe LLC, an Affiliate of TrustArc (“TRUSTe”).
2.4 “Assurance Program” means the privacy certification or verification program and/or or dispute resolution services provided by TRUSTe. Certifications or verifications under a Program are generally demonstrated publicly by a website seal.
2.5 “Assurance Solution” means the technology-driven evaluation of a Customerʼs demonstration of compliance with an applicable set of Assurance Standards at a point in time provided by TRUSTe. Compliance under a Solution is generally acknowledged via a private letter from TRUSTe.
2.6 “Assurance Services” comprise both the Assurance Programs and Assurance Solutions, singular or plural.
3. CUSTOMER RESPONSIBILITIES RELATING TO USE OF THE TRUSTARC SOLUTIONS AND RIGHTS OF TRUSTARC.
3.1 TRUSTe Assurance Services.
3.1.1 Compliance. If participating in TRUSTe Assurance Services, Customer shall fully comply with the applicable Assurance Standards, including but not limited to any annual (or other) recertification requirements contained in the applicable Assurance Standards.
3.1.2 Public. A er enrollment in and certification of Customer in an Assurance Program or validation of Customerʼs compliance with an Assurance Solution, it shall be public information that Customer is a participant in the applicable Program(s) or validated under the applicable Solution(s) and has entered into this Addendum to the Agreement with TrustArc. TrustArc and its Affiliates may make references to Customer and Customerʼs Digital Properties in TRUSTeʼs current list.
3.1.3 Inquiries. TrustArc and its Affiliates may also respond to any inquiry regarding whether Customer participates in a Program or has been validated as compliant under a Solution.
3.1.4 For Assurance Programs only. The parties understand and agree that TrustArc may, from time to time, amend the Assurance Standards for an applicable Program and shall, unless otherwise required by a government authority with enforcement oversight, provide no less than twenty (20) business days’ prior notice of the amended requirements. Unless specified by applicable law or a different time-period is reflected in TrustArc’s notice and implementation period to Customer, Customer will be required to comply in full with the amended applicable Assurance Standards by no later than the anniversary of their prior certification. Customer must also be prepared to demonstrate its compliance with those Assurance Standards to TrustArc upon request and at the time of their Annual Review (as defined in the TrustArc Assurance Program Governance Standards posted at https://trustarc.com/consumer-information/privacy-certification-standards/). If Customer believes, acting reasonably and in good faith, that they cannot meet the amended Assurance Standards at the time of their Annual Review, Customer must notify TrustArc immediately, discontinue use of the TRUSTe Mark(s) after any Annual Review period has lapsed and may elect to not to renew the portion of the Order applicable to the objected-to Assurance Program. The sole and exclusive remedy for any non-renewal associated with this section shall be a pro-rated refund of any pre-paid, unused, fees for the remainder of the then-current term for the applicable Assurance Program.
3.3 Required Notifications. Customer shall notify TrustArc in writing, at the same time that such information becomes publicly known, or within ten (10) days of the event, whichever is sooner of a change of name for the Digital Properties listed in an Order, including the name of the company, or other Customer Program Materials submitted in connection with the Assurance Program.
3.4 Material Breach. Any failure of Customer to comply with the obligations set forth in this Section 4 may be deemed a material breach of this Agreement. If Customer fails to comply with the obligations set forth in this Section, TrustArc may inform Customer thereof and reserves the right to suspend or terminate Customerʼs participation and use of the TRUSTe Marks.
4. LICENSE GRANTS, LIMITATIONS, AND USE.
4.1 License Grant. Subject to all the terms and conditions of this Addendum and any applicable Order(s), TrustArc hereby grants to Customer a limited non-exclusive, non-transferable, non-assignable, non-sublicensable license to the TrustArc Solutions during the Term to use solely for its internal business purposes related to the TRUSTe Assurance Services, and TRUSTe hereby grants to Customer a non-exclusive, non-transferable, non-assignable, non-sublicensable worldwide license during the Term to publicly display the TRUSTe Mark(s) or other evidence of compliance as permitted under the Assurance Standards applicable to the Assurance Services ordered by Customer pursuant to this Addendum and an applicable Order. All rights to the TRUSTe Mark(s) not expressly granted under this Addendum are hereby reserved to TRUSTe.
4.2 Retain Rights. TrustArc shall retain all rights, title and interest, including without limitation, all patent rights, copyrights, trademarks and trade secrets, in and to the Assurance Services, including without limitation, any copy or portion thereof, and any derivative work. The Proprietary Rights and Licenses section of the SSA applies to this Addendum unless specifically stated otherwise.
4.3 Rights. Each of the Assurance Services is different and not all have a TRUSTe Mark associated with it. Except as expressly provided herein no right to use the TrustArc or TRUSTe name or any of the TrustArc Mark(s) or TRUSTe Mark(s) is granted hereunder.
4.4 Limitations. Customer agrees that: (i) Customer shall do nothing inconsistent with the ownership by TrustArc and its Affiliates of the applicable TRUSTe Mark(s) during the term of the applicable Order; (ii) all use of the applicable TRUSTe Mark(s) by Customer shall inure to the benefit of TrustArc and its Affiliates; (iii) Customer shall take no action that shall interfere with or diminish the rights of TrustArc and its Affiliates in the TRUSTe Mark(s); and (iv) Customer shall use the applicable TRUSTe Mark(s) so as to create a separate and distinct impression from any other service mark or trademark that might be used by Customer. Customer may not use or reproduce any applicable TrustArc Mark(s) or TRUSTe Mark(s) in any manner other than as described in this Addendum, the applicable Order, the Assurance Standards, the TRUSTe Seal Implementation Guidelines, or applicable findings letter or validation report.
4.5 Use. As part of its display of the applicable TRUSTe Mark(s) as permitted under this Addendum, Customer shall display the applicable TRUSTe Mark(s) in accordance with the then applicable Seal Implementation Guidelines, findings letter, or validation report, as provided to Customer by TrustArc. In no instance shall Customer display any applicable TRUSTe Mark(s) such that the display of the applicable TRUSTe Mark(s) will either inhibit the ability of TrustArc and its Affiliates to exercise their rights or may be deemed deceptive by TrustArc.
4.6 For Assurance Solutions. The Assurance Solutions do not have a TRUSTe Seal, however, reports, findings letters and summaries thereof provided by TRUSTe have an associated Mark. Except as expressly provided below, no right to use the TrustArc or TRUSTe name or any of the TrustArc Mark(s) or TRUSTe Mark(s) is granted hereunder.
4.6.1 Use of Findings Letter. Use of any findings letter, validation report, or Summary thereof, provided by TRUSTe must comply with the terms and conditions of this Section. Any other use or representation by Customer regarding its validation shall be deemed unauthorized and may be a material breach of this Addendum and the Agreement. TrustArc reserves the right to suspend Customerʼs use of any Solutions until such unauthorized use has been remedied to the satisfaction of TrustArc.
4.6.2 Validation Date. The findings letter, accompanying validation report, and any Summary, provided by TRUSTe are intended solely for use by Customer until the expiration date of those documents, which shall be the same date across all such documents corresponding to a specifically scoped validation of a Customerʼs compliance with an Assurance Solution. Validation is a point in time determination as of date of the findings letter and validation report issued by TRUSTe (“Validation Date”). Such determination shall have no applicability under any circumstances to the compliance status of activities of Customer a er the Validation Date.
4.6.3 Official Determination. Only the findings letter and accompanying validation report represent the official validation determination by TRUSTe and may be shared by Customer with its stakeholders until the expiration date. It may also be published on the authorized corporate website(s) of Customer, as listed in the Annex to the findings letter.
4.6.4 Modifications. Any modifications or alterations to the findings letter, accompanying validation report, or any Summary, from the versions of those documents issued by TRUSTe shall render those documents invalid.
5. PRIVACY, DATA GOVERNANCE, AND DATA SECURITY.
Customer recognizes that TrustArc and its Affiliates shall function as a data controller(s) in providing the Assurance Services. TrustArc shall process only the Personal Information necessary to administer, provide, and communicate regarding the applicable services and in accordance with applicable laws and regulations, the Data Processing Addendum (incorporated herein), and as set forth in the publicly available TrustArc Privacy Notice.
6. WARRANTIES and REPRESENTATIONS.
6.1 TrustArc Warranties. TrustArc warrants that the applicable TRUSTe Assurance Services will conform to the applicable published Assurance Standards in effect at the time of Customerʼs participation. Customer is responsible under Section 4.3 for prompt notification to TrustArc of any changes to its business practices, Digital Properties, Customer Program Materials, or other information provided to TrustArc in connection with TRUSTe Assurance Services and TrustArc shall have no responsibility under this warranty for nonconformance resulting from Customerʼs failure to comply with the foregoing notification requirement. Customerʼs sole and exclusive remedy shall be as provided for in Section 7.
6.2 CustomerRepresentations. Customer represents that it understands that its participation in and compliance with any applicable TRUSTe Assurance Services does not constitute specific compliance with any law or regulation, except in the event where an expressly applicable law or regulation explicitly recognizes participation in applicable TRUSTe Assurance Services as deemed compliance, and then only to the extent that Customer fully complies and is able to demonstrate on an ongoing basis its compliance with the applicable Assurance Standards. Customer represents that it understands that it has an independent duty to comply with any and all laws and regulations irrespective of whether the Solutions provided hereunder may be used by Customer to facilitate, support, and/or demonstrate such compliance.
6.3 Customer Warranties. Customer warrants (i) it is not the subject of an allegation of unauthorized or misuse of Personal Information, any form of unfair or deceptive trade practice, or any other form of privacy violation related to the practices or program for which it is seeking to participate in a TRUSTe Assurance Program or Assurance Solution, of which it has been notified by any known governmental, regulatory, or voluntary compliance authority in any country, including without limitation the Attorney General of any state, the U.S. Federal Trade Commission (FTC), or any law enforcement agency or any foreign governmental or privacy authority; (ii) all information provided by Customer to TrustArc (including but not limited to any Customer Program Materials) is true, accurate and complete as of the date of delivery to TrustArc; (iii) Customer is the owner, controller or other party responsible for any Digital Properties listed under an Order or other document submitted under the applicable TRUSTe Assurance Services; and (iv) Customer will not display any of the TRUSTe Mark(s) on any Digital Property that is, or offers any service or product that is, misleading, unlawful, or violative of the rights of third parties.
7. TERM AND TERMINATION.
7.1 Term. This Addendum commences on the Effective Date and continues until all licenses granted and rights to participate in any Assurance Services in accordance with this Addendum and the applicable Orders have expired or have been terminated. The Term applicable to each Order commences upon Customerʼs execution of such Order and unless mutually agreed in writing by the parties, shall expire at the end of the then-current Term. This Addendum shall be automatically extended for Term(s) equal to the previous Term unless either party provides written notice of non-renewal to the other at least thirty (30) days before such expiration.
7.2 Upon Termination. Upon termination of this Addendum or an Order, Customer shall: (i) cease all use of the applicable TrustArc Mark(s) and TRUSTe Mark(s) and remove them from all locations where they have been placed by Customer or its third party providers. Customer shall comply with all post-termination requirements.
7.3 Surviving rights. The partiesʼ rights and obligations under Sections 4, 5, 6, 7, and 8 of this Addendum and any requirements in the applicable Assurance Standards shall survive termination of this Addendum.
7.4 Meeting Assurance Standards. If Customer has enrolled in Assurance Services under an Order, in the event that TRUSTe does not approve the applicable Customer Program Materials for the specified Assurance Services in accordance with the applicable Assurance Standards during the initial approval process (or SPECIFICALLY FOR ASSURANCE PROGRAMS: during the annual re-certification process or in connection with a change to certification requirements) and Customer does not agree to modify the Customer Program Materials and/or other relevant policies and practices in a manner that fully addresses the commercially reasonable objections of TrustArc, Customer shall have the right to terminate the applicable Order (or portion thereof) within twenty (20) business days of receiving the objections of TrustArc. Customer will then receive a prorated refund of the Fees for the applicable Assurance Services paid hereunder for the then current term. A er such twenty (20) business day period has expired, Customer shall not be entitled to a refund. The foregoing right shall be Customerʼs sole and exclusive remedy and the entire liability of TrustArc if TrustArc does not approve the Customer Program Materials.
7.5 Refund. Either party may terminate this Agreement or its participation in any TRUSTe Assurance Program at any time upon twenty (20) business daysʼ prior written notice for any reason. If terminated by TrustArc, Customer will receive a prorated refund of prepaid applicable Fees, unless TrustArc terminates this Agreement for cause, which will not include any refund of Fees. If Customer terminates for convenience, there will be no refund.
8. GENERAL.
8.1 Email. Customer expressly consents to receipt of notification by email of the following: (i) amendments to the Assurance Standards; (ii) notification of suspension status; (iii) notification of material breach. Provided that TrustArc maintains an electronic record of sending such an email notification, Customer waives any right to contest actions taken by TrustArc under the Addendum and/or the applicable Assurance Standards based on the assertion that the email address is not valid or operational, or that the email notification was not received.
8.2 Severance. If any provision of this Addendum is deemed invalid or unenforceable, then the remaining provisions hereof shall remain valid and in force. The invalid provision shall be amended to be enforceable or interpreted independent of this Addendum.
8.3 Governing Terms. This Addendum, and all obligations arising out of or in connection with it, shall be governed by the Agreement, including but not limited to limitation of liability, indemnification, termination, and governing law. The Parties to this Addendum submit to the choice of jurisdiction set forth in the Agreement for resolution of any disputes arising out of this Addendum. Headings are for convenience only.
[End of Asssurance Services Addendum]
DISPUTE RESOLUTION PROCEDURES
1. Pursuant to an Order for Assurance Services, TRUSTe agrees to provide dispute resolution services for Customer as described in the Dispute Resolution Procedures (“Procedures”) set forth below. Customer and TRUSTe each shall comply with the non-negotiable Procedures.
2. Referral of Information A er Termination For Cause. Notwithstanding termination provisions of the Agreement or any Order, if termination is for cause based upon Customerʼs continued failure to abide by Section III. D of the Procedures set forth below, TRUSTe may be required to notify the U.S. Department of Commerce and/or any relevant governmental body with applicable jurisdiction.
Procedures
I. Customer Information. At the time Customer executes an Order for an applicable Assurance Program or as soon as practicable therea er, Customer must provide to TRUSTe a copy of its applicable privacy policy or a statement of Customerʼs privacy practices within the scope of the Assurance Program.
II. Complaints. Customer shall provide individuals with reasonable, appropriate, simple, and effective means to submit complaints and to express concerns regarding Customerʼs privacy practices (e.g., by email or electronic form). Customer shall respond to all reasonable submissions in a timely fashion, not to exceed ten (10) business days. Customer shall also cooperate with the efforts of TRUSTe to resolve complaints and concerns.
III. Complaints filed through TRUSTe. Customer shall cooperate with TRUSTe to resolve disputes regarding complaints received pertaining to the applicable Assurance Program(s) in which it participates (“Eligible Disputes”), excluding Ineligible Complaints, Frivolous Complaints, and Harassing Complaints (all as defined below). Customer agrees to the following procedures for handling these complaints.
A. TRUSTe will accept complaints via its web site and will notify Customer of all complaints via email if response from Customer is required. Customer should, whenever possible, correspond with TRUSTe via email. TRUSTe and Customer, when appropriate, will respond to the individual filing the complaint in the method the individual has indicated is preferred.
B. TRUSTe will determine whether a complaint raises an Eligible Dispute. An Ineligible Complaint is one that seeks only some form of monetary damages, alleges fraud or other violations of statutory or regulatory law that has been resolved under a previous court action, arbitration, or other form of dispute settlement, or does not involve a privacy issue within the scope of the Assurance Program. A Frivolous Complaint is one that has no factual basis. A Harassing Complaint includes successive complaints based on allegations previously rejected by TRUSTe or the filing of multiple complaints with employees of TRUSTe other than those designated by TRUSTe to receive complaints. If requested by TRUSTe, Customer shall provide the necessary information to TRUSTe to show that a complaint is an Ineligible Complaint or a Frivolous Complaint.
C. Customer shall acknowledge the receipt of all inquiries from TRUSTe that request acknowledgment within five (5) business days a er receipt and provide a reasonable estimate of when the inquiry shall be addressed.
D. Customer shall respond within a maximum of ten (10) business days to all inquiries from TRUSTe regarding Customerʼs implementation of the requirements of the applicable Assurance Program(s) in which Customer participates, and/or Customerʼs compliance with its stated privacy policy. Customer may request from TRUSTe an additional twenty (20) business days to respond if circumstances warrant, and consent to such additional time shall not be unreasonably withheld. TRUSTe may, in its sole discretion but within the limits set forth by the law or regulatory framework upon which the applicable Assurance Program is based, approve additional time for Complainant and/or Customer to respond, including but not limited to reasons such as to clarify the scope of a Dispute and/or the response thereto.
E. Customer shall review and update the contact information for Customerʼs representative assigned to provide TRUSTe with the responses required to resolve Disputes. Such contact information shall be used by TRUSTe, or an independent party designated by TRUSTe, solely for the purpose of resolving disputes pursuant to Customerʼs participation in the Program(s).
IV. Reviews. If concerns regarding the proper implementation of the requirements of the applicable Assurance Program(s) in which Customer participates arise, TRUSTe may itself, or through an independent, qualified, neutral third party designated by TRUSTe, review Customerʼs privacy policy and practices to resolve Eligible Disputes regarding compliance with the applicable requirements throughout the term of the Agreement. In selecting an independent, qualified, neutral third party, TRUSTe and shall consider, among other things, cost, experience, and the context of the issue leading to the review. Such reviews may consist of reviews conducted at the offices of TRUSTe, tracking unique identifiers in the database (seeding), and monitoring changes in Customerʼs privacy policy. On-site privacy reviews may also be used as TRUSTe deems necessary. To comply with this Customer agrees to:
A. At no charge to TRUSTe or its representatives, provide full access to Customerʼs records relevant to Customerʼs participation in the Program(s) for the purpose of conducting reviews to ensure that Customerʼs stated privacy policy is consistent with actual practices.
B. Provide, upon request by TRUSTe, information regarding how information collected or transferred under the applicable law or regulatory framework is used.
[End of Dispute Resolution Procedures]