SoundCommerce Security Policy

SoundCommerce is committed to safeguarding all data and information provided by Company in connection with this Data Security Program (“DSP”), including but not limited to Personal Data (defined in Section 5 below). To this end, during the Term, SoundCommerce shall, in accordance with all applicable laws:

1. Safeguards. Provide commercially reasonable technical and organizational safeguards against accidental, unlawful, or unauthorized access to or use, destruction, loss, alteration, disclosure or transfer of Company Data;

2. System Security. (i) Take reasonable measures to secure all SoundCommerce information technology infrastructure, including but not limited to all computers, software, databases, and systems, storage and networks employed in connection with the Service (“Systems”) against any third party who may seek, without authorization, to disrupt, damage, modify, access, or otherwise use the Company Data. For the sake of clarity, Systems shall not include Company Materials or any portion thereof; and (ii) Periodically test its Systems for potential areas where security could be breached.;

3. Security Breach. With respect to any unauthorized access to Company Data of which SoundCommerce becomes aware (“Security Breach”), (i) promptly report the Security Breach to Company, and (ii) if a Security Breach results from SoundCommerce’s gross negligence or intentional misconduct, upon Company’s written request and provision to SoundCommerce of backup expense documentation, promptly reimburse Company for all reasonable costs and expenses Company actually incurs in providing notice to any person of such Security breach required by applicable laws;

4. Compliance with the GDPR. In the event that any Personal Data (defined below) is transferred by Company to SoundCommerce from residents of the European Economic Area (the “EEA”) in connection with this Agreement, without limitation of the other requirements set forth in this DPP, the parties agree that (i) the EEA’s applicable standard contractual clauses for controller to processor data transfers, as defined by the European Commission, including any updates thereto which may arise during the Term, are hereby incorporated by reference, and (ii) SoundCommerce shall be the data Processor and Company shall be the data Controller in connection with such transfer.

5. Security Breach. In the event of a Security Breach that results in actual or suspected unauthorized access to, loss or theft of any Personal Data (“Data Breach”) in the control of SoundCommerce, SoundCommerce agrees that it shall: (a) take all commercially reasonable steps to contain the Data Breach; (b) conduct an investigation into the cause of the Data Breach and the types of Personal Data that may have been compromised; (c) promptly inform Company of all information gathered in accordance with this section, continue to keep Company informed of any new information revealed in the investigation, and keep all records relating to the investigation and Data Breach; and (d) otherwise provide any reasonable assistance to Company to allow Company to comply with any legal or regulatory obligations in respect of the Data Breach. “Personal Data” shall mean all information about an identifiable individual or information that relates to a natural person that allows the person to be identified and that is transferred to or otherwise accessed by SoundCommerce in the course of the SoundCommerce’s provision of the Service. Without limiting the generality of the foregoing, Personal Data includes customer and employee information of Company and any other types of information that is or may be considered personal information under applicable law. SoundCommerce acknowledges that it will not use Personal Data for any purposes other than specifically contemplated under the Agreement. Notwithstanding anything set forth herein, SoundCommerce shall not be responsible for any failure by Company to cease use of and/or delete Personal Data or other data to the extent required by applicable law, whether or not SoundCommerce is or becomes aware of such requirement;

6. Remedy of Security Breach. (i) Use commercially reasonable efforts to remedy a Security Breach in a timely manner and promptly deliver to Company a root cause assessment, including written details regarding SoundCommerce’s investigation of such incident; and (ii) Refrain from notifying any regulatory authority, consumer, or other person of any Security Breach unless Company requests in writing that SoundCommerce do so, except as otherwise required by applicable laws;

7. Records. If SoundCommerce is storing Company Data, SoundCommerce shall (i) maintain complete and accurate records relating to its data protection practices; and (ii) upon Company’s request and at Company’s expense, make all such records, appropriate Personnel, and relevant materials available during normal business hours, provided that Company shall: (a) give SoundCommerce reasonable prior notice of at least ten business days of any such request; (b) conduct or cause to be conducted such request in a manner that minimizes disruption of SoundCommerce’s business operations and that complies with the terms and conditions of all confidentiality, ownership, privacy, security, and restricted use provisions of this Agreement, and (c) not undertake any such request more than once per calendar year during the Term unless a request reveals SoundCommerce’s breach of this Section 8 in which case Company shall have the right to perform additional requests during such year; and

8. Security Contact. Appoint a SoundCommerce employee to respond to Company’s inquiries in connection with the subject matter of this DPP who has sufficient knowledge of the security of the SoundCommerce Systems (“Security Contact”).

Questions? Contact us:

legal@soundcommerce.com
privacy@soundcommerce.com
security@soundcommerce.com