Orbiit Terms & Conditions

“Community Managers” means Customer’s individual officers, directors or employees to whom Orbiit or Customer issue or authorize access to user accounts for the Platform hereunder.

“Customer-Specific Configuration” means any non-standard configuration for the Platform desired by the Customer that is described in the Services Agreement.

“End Users” means individuals who agree to receive the Platform Services in response to an invitation sent by a Community Manager through the Platform.  A Community Manager may also constitute an End User.  

“Fees” means the fees set forth in the Services Agreement. 

“Intellectual Property Rights” means all forms of proprietary rights, titles, interests, and ownership relating to patents, copyrights, trademarks, trade dresses, trade secrets, know-how, mask works, droit moral (moral rights), and all similar rights of every type that may exist now or in the future in any jurisdiction, including without limitation all applications and registrations therefore and rights to apply for any of the foregoing.

“Platform” means the version of Company’s proprietary web-based virtual networking matching platform that is identified in the Services Agreement, inclusive of any applicable Customer-Specific Configuration.

“Platform Services” means the virtual networking matching service performed by the Platform for End Users who accept an invitation to a virtual chat sent by a Community Manager.

“Services Agreement” means the document executed by the parties referencing these Standard Terms and Conditions and which specifies certain parameters relating to Customer’s use of the Platform and any Customer-Specific Configuration to be implemented by Company.

“Terms of Service” means Company terms of service which End Users are required to agree to when registering to receive the Platform Services.

Right to Access, Use and Receive. 

Subject to all terms and conditions of this Agreement and timely payment by Company of all Fees, Customer shall have the right to allow Community Managers to access and use the Platform and End Users shall have the right to receive the Platform Services during the Term.  Customer acknowledges that each End User’s ability to receive the Platform Services is contingent upon such End User agreeing to be bound by, and complying with, the Terms of Service.  Company reserves the right to modify and update the Platform and Platform Services from time to time. 

Restrictions. 

Customer acknowledges that use of the Platform is provided only for the benefit of Customer, and agrees not to use the Platform for the benefit of any third party.  Customer agrees not to, not to attempt to, nor allow any Community Manager or third party to: (i) rent, lease, lend, or transfer the Platform or Platform Services, make the Platform or Platform Services available to any third party or use the Platform or Platform Services on a service bureau or time sharing basis, (ii) attempt to reconstruct or discover any source code, underlying ideas, algorithms, file formats or programming interfaces of the Platform, (iii) publicly disseminate any information or analysis relating to the Platform or performance of the Platform Services; or (iv) use the Platform or Platform Services to develop a competitive offering.  Customer shall not make the Platform Services available to End Users who are under eighteen (18) years of age.  Customer shall not use the Platform in connection with any violation of any applicable law, rule or regulation or in a manner that results in discrimination against End Users on the basis of race, color, religion, creed, gender, sex (including pregnancy), sexual orientation, gender identity or expression, national origin, ancestry, age, marital status, citizenship status, genetic predisposition or carrier status, disability, military status, status as a disabled or other protected veteran or any other protected status under applicable law.

Suspension/Termination.  Company may suspend or terminate provision of the Platform Services to any End User as set forth in the Terms of Service without any liability therefor.

Community Manager Accounts. 

Customer is responsible for the activities of any and all persons accessing and using the Platform using any Community Manager’s account credentials.  Customer shall, and shall instruct its Community Managers to, use all reasonable means to secure account credentials, and shall promptly notify Company if it suspects that any account credentials been compromised. 

Third Party Services. 

The Platform Services may enable, integrate with or require End Users to use, or End Users may otherwise choose to use, third party services, such as Google Meet, Zoom or other video chat platforms.  Company shall not be liable for any error or failure relating to such third party services or any act or omission of any third party in relation thereto.  Use of such third party services may require End Users to agree to applicable terms and conditions.

Support. 

Provided that Customer timely makes all payments due under this Agreement, Company shall provide technical support to Customer.  Such technical support shall consist of answering questions from Community Managers regarding use of the Platform and any errors within the Platform during Company’s normal business hours.  Customer may submit requests for technical support in such manner as Company may notify Customer from time to time, which manner may include e-mail, phone or live chat.

Customer-Specific Configuration. 

If the Services Agreement describes any Customer-Specific Configuration, then, subject to Customer’s timely payment of all associated Fees, Company shall use commercially reasonable efforts to implement such Customer-Specific Configuration as set forth in the Services Agreement.

Fees. 

Customer shall pay Company the Fees during the Term.  Except to the extent otherwise specified in the Services Agreement, all Fees shall be invoiced by Company on a monthly basis in arrears.  All Fees are non-refundable. 

Payment Terms.

Customer agrees to pay each invoice within thirty (30) days of the invoice date.  All payments will be made in U.S. dollars.  Any amounts due Company under this Agreement not received by the date due will be subject to a late fee of 1.5% per month, or the maximum charge permitted by law, whichever is less.  Customer shall pay the amounts due under each invoice without deducting any taxes that may be applicable to such payments.  Customer is responsible for paying any and all withholding, sales, value added or other taxes, duties or charges applicable to this Agreement, other than taxes based on Company’s income.

As between the parties, Company owns all right, title and interest (including all Intellectual Property Rights) relating to the Platform and Platform Services (including without limitation all underlying source code, algorithms and models) and any software, technology, materials and information owned by Company prior to the Effective Date or created, authored, developed, made, conceived or reduced to practice by Company after the Effective Date (including in connection with any Customer-Specific Configuration).  Nothing herein shall be construed to transfer any rights, title or ownership of the Platform or Platform Services or any Company software, technology, materials, information or Intellectual Property Rights to Customer.  Customer is not required to provide any ideas, feedback or suggestions regarding any of Company’s products or services (“Feedback”) to Company.  To the extent Customer does provide any Feedback to Company, Customer hereby grants to Company, at no charge, a non-exclusive, royalty-free, worldwide, transferable, sublicensable (through one or more tiers), perpetual, irrevocable license under Customer’s Intellectual Property Rights in and to such Feedback to use, reproduce, modify, distribute, make, have made, sell, offer for sale, import and otherwise exploit in any manner such Feedback.

Term.

This Agreement shall be effective as of the Effective Date, and shall continue in full force and effect until the end of the term specified in the Services Agreement (“Term”) unless earlier terminated as set forth herein.

Termination.  

Either party may terminate this Agreement effective immediately if the other party is in material breach of any obligation, representation or warranty hereunder and fails to cure such material breach (if capable of cure) within thirty (30) days (or ten (10) days in the event of breach of payment obligations) after receiving written notice of the breach from the non-breaching party.

Either party may terminate this Agreement immediately upon written notice at any time if: (i) the other party files a petition for bankruptcy or is adjudicated as bankrupt; (ii) a petition in bankruptcy is filed against the other party and such petition is not removed or resolved within sixty (60) calendar days; (iii) the other party makes an assignment for the benefit of its creditors or an arrangement for its creditors pursuant to bankruptcy law; (iv) the other party discontinues its business; (v) a receiver is appointed over all or substantially all of the other party’s assets or business; or (vi) the other party is dissolved or liquidated.

Effect of Termination. 

All rights and obligations of the parties hereunder shall terminate upon expiration or termination of this Agreement, provided that Sections 1, 2.2, 2.5, 3 (with respect to accrued but unpaid Fees), 4, 5.3, 7, 8, 9, 11 and 12 shall survive expiration or termination of this Agreement.

Each party represents and warrants to the other party that: (i) it has the full power and authority to enter into this Agreement; (ii) the execution of this Agreement and performance of its obligations under this Agreement does not violate any other agreement to which it is a party; and (iii) this Agreement constitutes a legal, valid and binding obligation when executed and delivered.

Company Indemnity. 

Company agrees to, at its own expense, defend and/or settle any claim, action or suit (“Claim”) brought by a third party against Customer or its affiliates, or their directors, officers and employees (“Customer Indemnitees”), alleging that the Company technology underlying the Platform infringes such third party’s copyrights or constitutes a misappropriation of such third party’s trade secrets.  Company will pay those amounts finally awarded by a court of competent jurisdiction against the Customer Indemnitees or payable pursuant to a settlement agreement agreed to by Company with respect to such Claim.  If Company, in its sole discretion, believes such Claim or an adverse judgment in connection with such Claim is likely, then Company may, at its option, (a) obtain a license from such third party claimant that allows Customer to continue the use of the Platform, (b) modify the Platform so as to be non-infringing, or (c) if neither (a) nor (b) is available to Company on commercially reasonable terms, terminate this Agreement upon written notice to Customer.  Notwithstanding the foregoing, Company will have no obligation or liability relating to any Claim that: (x) is based on modification or customization of the Platform at the direction of Customer; (y) is based on the combination or use of the Platform (or any component of either) with any software, hardware, system, method, device or materials not provided by Company; or (z) results from Customer’s use of the Platform in a manner that is inconsistent with its intended use or is in breach of this Agreement. 

THE FOREGOING IN THIS SECTION 7.1 STATES THE SOLE AND EXCLUSIVE REMEDY AND OBLIGATION OF COMPANY FOR MISAPPROPRIATION OR OTHER INFRINGEMENT OF ANY INTELLECTUAL PROPERTY RIGHTS ARISING OUT OF THIS AGREEMENT AND IS IN LIEU OF ALL WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, IN REGARD THERETO.

Customer Indemnity. 

Customer agrees to, at its own expense, defend and/or settle any Claim brought by a third party against Company or its affiliates, or their directors, officers and employees (“Company Indemnitees”), that arises out of or relates to the use or alleged use of the Platform or the Platform Services by Customer, Community Managers or End Users.  Customer will pay those amounts finally awarded by a court of competent jurisdiction against the Company Indemnitees or payable pursuant to a settlement agreement agreed to by Customer with respect to such Claim.  Notwithstanding the foregoing, Customer will have no obligation or liability relating to any Claim for which Company has an obligation to indemnify the Customer Indemnitees pursuant to Section 7.1.

DISCLAIMER.  EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER PARTY MAKES ANY WARRANTIES, EXPRESS OR IMPLIED, WITH RESPECT TO THE SUBJECT MATTER OF THIS AGREEMENT, AND EACH PARTY EXPRESSLY DISCLAIMS THE IMPLIED WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT, FITNESS FOR A PARTICULAR PURPOSE AND IMPLIED WARRANTIES ARISING FROM COURSE OF DEALING OR PERFORMANCE.  COMPANY AND ITS SUPPLIERS, LICENSORS, PARTNERS AND SERVICE PROVIDERS DO NOT MAKE ANY WARRANTY REGARDING THE RESULTS OF THE USE OF THE PLATFORM OR PLATFORM SERVICES, THAT THE PLATFORM OR PLATFORM SERVICES WILL MEET THE REQUIREMENTS OF CUSTOMER OR ANY END USER, THAT THE PLATFORM SERVICES OR FUNCTIONALITY PROVIDED BY THE PLATFORM WILL BE CORRECT, UNINTERRUPTED OR ERROR-FREE OR THAT DEFECTS WILL BE CORRECTED.

Process. 

As a condition to the indemnity obligations in Sections 7.1 and 7.2, the indemnified party shall provide the indemnifying party with: (a) prompt notice of any Claim, no later than thirty (30) days after receipt of such Claim by the indemnified party, except that any failure to provide this notice promptly only relieves the indemnifying party of its responsibility pursuant to Sections 7.1 and 7.2 to the extent its defense is materially prejudiced by the delay; (b) sole control over the defense and settlement of the Claim, provided that the indemnifying party shall not admit fault by the indemnified party or agree to any settlement that imposes any obligations or restrictions on the indemnified party, without the indemnified party’s prior written consent (such consent not to be unreasonably withheld) and (c) all assistance, information and authority reasonably required for the defense and/or settlement of the Claim. 

DISCLAIMER.  EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER PARTY MAKES ANY WARRANTIES, EXPRESS OR IMPLIED, WITH RESPECT TO THE SUBJECT MATTER OF THIS AGREEMENT, AND EACH PARTY EXPRESSLY DISCLAIMS THE IMPLIED WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT, FITNESS FOR A PARTICULAR PURPOSE AND IMPLIED WARRANTIES ARISING FROM COURSE OF DEALING OR PERFORMANCE.  COMPANY AND ITS SUPPLIERS, LICENSORS, PARTNERS AND SERVICE PROVIDERS DO NOT MAKE ANY WARRANTY REGARDING THE RESULTS OF THE USE OF THE PLATFORM OR PLATFORM SERVICES, THAT THE PLATFORM OR PLATFORM SERVICES WILL MEET THE REQUIREMENTS OF CUSTOMER OR ANY END USER, THAT THE PLATFORM SERVICES OR FUNCTIONALITY PROVIDED BY THE PLATFORM WILL BE CORRECT, UNINTERRUPTED OR ERROR-FREE OR THAT DEFECTS WILL BE CORRECTED.

Each party shall keep confidential all information and materials provided or made available by the other party that is marked as confidential or proprietary or (for orally disclosed information) is identified as confidential or proprietary at the time of disclosure and confirmed in writing (including e-mail) as such within fifteen (15) days of the disclosure (“Confidential Information”).  The features and functionality of the Platform, Platform Services, any Platform Services documentation, the Fees charged hereunder and any information regarding planned modifications or updates to the Platform or Platform Services or other Company products and services constitutes Confidential Information of Company.  Each party shall keep and instruct its employees and agents to keep Confidential Information confidential by using at least the same care and discretion as used with that party’s own confidential information, but in no case less than a prudent and reasonable standard of care.  Neither party shall use Confidential Information other than for purposes of performing its obligations hereunder or as authorized by the disclosing party.  Information or materials shall not constitute Confidential Information if it is: (i) in the public domain through no fault of the receiving party, (ii) known to the receiving party prior to the time of disclosure by the disclosing party, (iii) lawfully and rightfully disclosed to the receiving party by a third party on a non-confidential basis, (iv) developed by the receiving party without reference to Confidential Information or (v) required to be disclosed by law or legal process, provided that the receiving party promptly provide notice to the disclosing party of such request or requirement so the disclosing party may seek appropriate protective orders.  If any party, its employees or agents breaches or threatens to breach the obligations of this Section 9, the affected party may seek injunctive relief from a court of competent jurisdiction, in addition to its other remedies, as the inadequacy of monetary damages and irreparable harm are acknowledged.

Orbiit agrees to collect, use, and disclose any Community Manager or End User information in accordance with its privacy policy. Orbiit further agrees to implement reasonable administrative, technical, and physical safeguards to protect against unauthorized access or use of Community Manager or End User information. To the extent applicable, the Parties’ relationship with regards to Community Managers’ and End Users’ Personal Data or Personal Information (as defined under the applicable data privacy laws) shall also be governed by the data processing agreement (“DPA”) located in Exhibit B.

EXCEPT WITH RESPECT TO SECTION 7 OR EITHER PARTY’S BREACH OF SECTION 9, NEITHER PARTY SHALL BE LIABLE IN CONNECTION WITH THIS AGREEMENT FOR ANY PUNITIVE, INCIDENTAL, INDIRECT, SPECIAL, RELIANCE OR CONSEQUENTIAL DAMAGES, INCLUDING LOST BUSINESS, REVENUE, OR PROFITS, WHETHER BASED ON BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, AND WHETHER OR NOT THE PARTY WAS ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGES.  EXCEPT WITH RESPECT TO SECTION 7 OR EITHER PARTY’S BREACH OF SECTION 9, IN NO EVENT WILL EITHER PARTY’S LIABILITY AND DAMAGES UNDER THIS AGREEMENT EXCEED THE SUM OF THE TOTAL FEES PAYABLE AND PAID TO COMPANY UNDER THIS AGREEMENT DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE DATE OF THE CLAIM.  THE PARTIES AGREE THAT THE LIMITATIONS AND DISCLAIMERS OF LIABILITY SET FORTH IN THIS SECTION 11 WILL APPLY EVEN IF ANY LIMITED REMEDY SPECIFIED IN THIS AGREEMENT IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE AND REGARDLESS OF THE THEORY OF LIABILITY.

Use of Name and Logo. 

Company may disclose on its website or other written or electronic marketing materials that it has been engaged by Customer and may use Customer’s name and logo in connection with such disclosure.

Relationship of the Parties; Third Parties. 

The parties are independent contractors with respect to each other.  This Agreement does not constitute and shall not be construed as constituting a partnership or joint venture among the parties hereto, or an employee-employer relationship.  No party shall have any right to obligate or bind any other party in any manner whatsoever.  Nothing herein shall give, or is intended to give, any rights of any kind to any third parties.

Assignment. 

Neither party may assign any of its rights or obligations under this Agreement without the prior written consent of the other party, except that either party may assign its rights and obligations under this Agreement without the consent of the other party in connection with any merger (by operation of law or otherwise), consolidation, reorganization, change in control or sale of all or substantially all of its assets related to this Agreement or similar transaction.  This Agreement inures to the benefit of and shall be binding on the parties’ permitted assignees, transferees and successors.

Force Majeure. 

Except for payment obligations, neither party will be responsible for any failure or delay in its performance under this Agreement due to causes beyond its reasonable control, including, but not limited to, labor disputes, strikes, lockouts, internet or telecommunications failures, shortages of or inability to obtain labor, energy, or supplies, war, terrorism, riot, acts of God or governmental action, acts by hackers or other malicious third parties and problems with the Internet generally, and such performance shall be excused to the extent that it is prevented or delayed by reason of any of the foregoing.

Notices.

 All notices under the terms of this Agreement shall be given in writing and sent by registered or certified mail, with postage prepaid and return receipt requested, to the addresses noted in the Services Agreement.  Notices shall be sent to the attention of the “Legal Department” of each party.  All notices shall be presumed to have been given three business days following deposit in the mail as set forth in the foregoing.

Amendments. 

An amendment of this Agreement shall be binding upon the parties so long as it is in writing and executed by both parties.  No regular practice or method of dealing between the parties shall modify, interpret, supplement or alter in any manner the express terms of this Agreement.

Construction. 

This Agreement shall be fairly interpreted and construed in accordance with its terms and without strict interpretation or construction in favor of or against either party.  Each party has had the opportunity to consult with counsel in the negotiation of this Agreement.  Section headings are for reference purposes only, and should not be used in the interpretation hereof.

Severability; Waiver; Counterparts. 

If any provision, or portion thereof, of this Agreement is determined by a court of competent jurisdiction to be invalid, illegal or unenforceable, such determination will not impair or affect the validity, legality, or enforceability of the remaining provisions of this Agreement, and each provision, or portion thereof, is hereby declared to be separate, severable, and distinct.  A waiver of any provision of this Agreement will only be valid if provided in writing and will only be applicable to the specific incident and occurrence so waived.  The failure by either party to insist upon the strict performance of this Agreement, or to exercise any term hereof, will not act as a waiver of any right, promise or term, which will continue in full force and effect.  This Agreement may be signed in counterparts.  Each of them is an original, and all of them constitute one agreement.

Governing Law; Jurisdiction.

This Agreement shall be governed by, and construed in accordance with, the laws of the State of New York, without reference to conflicts of laws principles.  The parties agree that the state and federal courts in New York City, New York will have exclusive jurisdiction and venue under this Agreement, and the parties hereby agree to submit to such jurisdiction exclusively.

Entire Agreement. 

This Agreement constitutes the complete, final and exclusive agreement between the parties with respect to the subject matter hereof, and supersedes any and all prior or contemporaneous oral or written representations, understandings, agreements or communications between them concerning the subject matter hereof.  Neither party is relying upon any warranties, representations, assurances or inducements not expressly set forth herein.

This Data Processing Agreement (“DPA”) supplements the Services Agreement between Orbiit Inc. (“Orbiit”) and the Customer. This DPA applies to the extent that the European Union General Data Protection Regulation (“GDPR”), the United Kingdom Data Protection Act 2018, or a similar European data protection law applies to the Processing of Personal Data in connection with the Services Agreement.  If the relationship between Orbiit and Customer is governed by the California Consumer Privacy Act (“CCPA”), then the CCPA addendum to this DPA (“CCPA Addendum”) shall apply.

Unless specifically defined herein, all capitalized terms shall have the same meanings given to them in the Services Agreement.  Terms used in this DPA but not defined herein or in the Services Agreement shall have the meanings given to them in the GDPR.

1. Definitions  

1.1     “Controller” shall mean the natural or legal person that determines the purposes and means of the Processing of Personal Data;

1.2     “Customer Personal Data” shall mean Personal Data belonging or relating to Community Managers and End Users that Orbiit Processes on Behalf of the Customer pursuant to the Services Agreement. 

1.3     “Data Subject” shall mean an identified or identifiable (either directly or indirectly) natural person to whom Personal Data relates;

1.4     “EU General Data Protection Regulation” or “GDPR” shall mean the Regulation (EU) 2016/679 adopted by the European Parliament and the Council of the European Union on 27 April 2016;  

1.5     “European Law” shall mean the GDPR, the United Kingdom Data Protection Act 2018, and similar Member State laws concerning data protection, privacy, or information security; 

1.6     “Member State” shall mean the member states of the European Union as of January 1, 2017 (including the United Kingdom) and any member state added to the European Union thereafter;

1.7     “Personal Data,” shall mean any information relating to an identified or identifiable natural person, including a name, an identification number, location data, an online identifier or one or more factors specific to the person’s physical, physiological, genetic, mental, economic, cultural or social identity;

1.8     “Personal Data Breach” shall mean a breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data transmitted, stored, or otherwise Processed; 

1.9    “Processor” shall mean a natural or legal person that Processes Personal Data on behalf of the Controller; and

1.10    “Subprocessor” shall mean any entity that provides Processing services to Orbiit in connection with the Platform Services.

2. Processing

2.1     This DPA only governs Customer Personal Data. Personal Data that Orbiit processes as a Controller in its own right does not fall within the scope of the Services Agreement or this DPA. 

2.2     The Personal Data Processed pursuant to this DPA may include data such as demographic data (e.g., date of birth, gender); employment information, social media information,  persistent identifiers (e.g., cookies and mobile advertising IDs), and Internet activity information (e.g., web logs and IP addresses). 

2.3     For purposes of this DPA, Customer and Orbiit agree that Customer is the Controller of Personal Data that Customer discloses to Orbiit in connection with the Platform Services, and Orbiit is the Processor of such Customer Personal Data.  

2.4     The nature, purpose, and subject matter of the Processing is the provision of the Platform Services as described in the Services Agreement.  The duration of the Processing shall be the duration of the Platform Services, unless otherwise set out in the related Services Agreement.  

2.5    Customer agrees to the Processing of Customer Personal Data by Orbiit as expressly set forth in the Services Agreement, including this DPA.  Orbiit will Process Customer Personal Data only to provide the Platform Services and will abide by all limitations on Processing in the Services Agreement.  Orbiit shall Process Customer Personal Data only on documented instructions from Customer, unless other Processing is required by European Law to which Orbiit is subject.  

3. Obligations of Customer

3.1    Customer agrees and represents that, with respect to the Customer Personal Data provided to Orbiit:  

(a)  Customer determines, as expressed through the Agreement, the purposes for which Customer Personal Data is or will be Processed, and the manner in which it is or will be Processed; and 

(b)  any Processing by Customer, including the transfer of the Personal Data to Orbiit for purposes specified in the Agreement, has been and will continue to be carried out in accordance with applicable European Law. 

4. Orbiit Personnel

4.1     Orbiit shall take reasonable steps to ensure the reliability of any employee or other Person who may have access to the Personal Data, ensuring that access is strictly limited to those individuals who need to access the relevant Personal Data for the purposes set out in Section 2 above.  Orbiit shall ensure that all such individuals: 

(a)  are informed of the confidential nature of the Customer Personal Data and are aware of Orbiit’s obligations under this DPA and the Services Agreement in relation to the Customer Personal Data; 

(b)  have undertaken appropriate training in relation to European Law; and 

(c)  are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.

5. Security

5.1     Taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of Processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Orbiit shall in relation to the Customer Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR. 

6. Data Subject Rights

6.1     Orbiit shall take reasonable commercial measures to assist the Customer comply with its obligations to respond to requests by Data Subjects to exercise their rights under European Law. 

6.2     Orbiit shall promptly notify Customer promptly if it receives a request from a Data Subject relating to the access, correction, amendment, or deletion of Personal Data. 

6.3     Orbiit shall not respond to a Data Subject rights request that it receives from a Data Subject except on the documented instructions of the Customer or as required by European Law, in which case Orbiit, to the extent permitted by European Law, inform Customer of that legal requirement before responding to that Data Subject rights request.  

7. Personal Data Breach

7.1     Orbiit shall notify Customer without undue delay upon becoming aware of a Personal Data Breach affecting Customer Personal Data, providing Customer with sufficient information to allow the Customer to meet any obligations to report or inform Data Subjects of the Personal Data Breach under European Law. 

7.2     Orbiit shall cooperate with the Customer and take reasonable commercial steps directed by the Customer to assist in the investigation, mitigation, and remediation of each such Personal Data Breach. 

8. Data Protection Impact Assessment and Prior Consultation

8.1     Orbiit shall provide reasonable assistance to Customer with any data protection impact assessment concerning Customer Personal Data that is required under Article 35 of the GDPR.  

8.2     Orbiit shall provide reasonable assistance to Customer with any prior consultation to any supervisory authority that is required under Article 36 of the GDPR.

9. Audit  

9.1     On request, Orbiit shall make available to Customer all information necessary to demonstrate compliance with the obligations in Article 28 of the GDPR and this DPA, and shall allow for and contribute to audits, including inspections by Customer or another auditor identified by Customer, of any systems or premises where Personal Data is Processed.  

10. Subprocessor  

10.1     Orbiit shall not engage any Subprocessor to Process Personal Data in connection with the Services Agreement without authorization of the Customer.

10.2    If Orbiit engages a Subprocessor for carrying out specific Processing activities on behalf of the Customer, Orbiit shall ensure that the same data protection obligations set forth in this DPA are imposed onto the Subprocessor by way of contract. 

11. Data Transfer

11.1     Orbiit may not transfer or authorize the transfer of Customer Personal Data to countries outside of the European Union or the European Economic Area without prior written consent of the Customer. If Customer Personal Data is transferred from a country within the European Economic Area to a country outside the European Economic Area, the Parties shall, unless agreed to otherwise, rely on EU-approved Standard Contractual Clauses for the transfer of Customer Personal Data.  

12. Confidentiality

12.1    Both Parties shall treat this DPA as Confidential Information as defined in the Services Agreement.

This CCPA Addendum (this “Addendum”) is attached to and made a part of the DPA and the Services Agreement between Orbiit Inc (“Orbiit”) and Customer. Capitalized terms used in this Addendum but not defined herein will have the same meaning as in the Services Agreement or DPA.  If there is any inconsistency between the terms of this Addendum and the Services Agreement or DPA relating to data protection or Personal Information of California residents subject to the CCPA, the terms of this Addendum shall prevail.  This Addendum shall continue in force until the termination of the Agreement.

This Addendum may apply in addition to or in lieu of the DPA depending on the applicability of the data privacy laws. 

1. Definitions

1.1.    “California Consumer Privacy Act” means Sections 1798.100 et seq. of the California Civil Code.

1.2.    “Commercial Purpose” has the meaning provided in Section 1798.140(f) of the California Civil Code.

1.3.    “Consumer” has the meaning provided in Section 1798.140(g) of the California Civil Code.

1.4.     “Customer Personal Information” means Personal Information belonging or relating to Community Managers and End Users that Orbiit Processes on behalf of Customer pursuant to the Services Agreement.  

1.5.    “Deidentified” has the meaning provided in Section 1798.140(h) of the California Civil Code.

1.6.    “Personal Information” has the meaning provided in Section 1798.140(o) of the California Civil Code.

1.7.    “Sale” or “Sell” has the meaning provided in Section 1798.140(t) of the California Civil Code.

2. Representations and Warranties

2.1.     Orbiit represents and warrants that it is a “service provider,” for the purposes of the services it provides to Customer pursuant to the Agreement, according to the meaning given to that term in Section 1798.140(v) of the California Civil Code.

2.2.     Orbiit represents and warrants that, to the extent that Customer discloses Customer Personal Information to Orbiit, Orbiit will process that Customer Personal Information only on behalf of Customer pursuant to the Agreement and this Addendum.

3. Orbiit’s Processing of Personal Information of Consumers as a Service Provider

3.1.     Orbiit shall not Sell Consumer Personal Information for any reason, except as otherwise permitted by the California Consumer Privacy Act.

3.2.     Orbiit shall not process, retain, use, or disclose Customer Personal Information for any purpose other than for the specific purpose of performing the services specified in the Agreement, except as otherwise permitted by the California Consumer Privacy Act. 

3.3.     Orbiit shall not process, retain, use, or disclose Customer Personal Information for an impermissible Commercial Purpose, except as otherwise permitted by the California Consumer Privacy Act. 

3.4.     Orbiit shall not retain, use, or disclose Customer Personal Information outside of the direct business relationship between Customer and Orbiit, except as otherwise permitted by the California Consumer Privacy Act. 

3.5.    Orbiit certifies that it understands the restrictions listed in Sections 3.1, 3.2, 3.3, and 3.4 of this Addendum and will comply with them.

4. Consumer Requests 

4.1.     Upon written request from Customer, Orbiit shall delete a Consumer’s Personal Information from its systems within 30 business days. 

4.2. Orbiit shall provide to Customer any Consumer requests to exercise rights under the California Consumer Privacy Act, received directly by Orbiit relating to a Customer Consumer within 5 business days of the receipt of any such request.