Re:       California Consumer Privacy Act (“CCPA”) – Service Provider Addendum


The vendor agreeing to these terms (“Service Provider”) has entered into one or more agreements with Platform Inc. (“Company”) under which Service Provider has agreed to provide services to Company (the “Agreement”). This CCPA Service Provider Addendum (the “Addendum”) forms part of the Agreement and will take effect on November 9, 2021.


Service Provider and Company agree as follows: 


1.       DEFINITIONS. For purposes of this Addendum, the terms below shall have the meanings set forth below.


1.1   “CCPA” means the California Consumer Privacy Act of 2018.


1.2   “Company Personal Information” means any “Personal Information” (as defined in the CCPA) contained within the data or set of data that the Service Provider “Processes” (as defined in the CCPA) on behalf of Company in connection with performing the Services (defined below) under the Agreement. 


1.3   “Services” means the services and/or products provided by Service Provider to Company under the Agreement, including activities that are required, usual, or appropriate in performing the Services, including to (a) carry out the Services or the business of which the Services are a part, (b) carry out the benefits, rights and obligations relating to the Services, (c) maintain records relating to the Services, or (d) comply with any legal or self-regulatory obligations relating to the Services. 


1.4   Capitalized terms used but not otherwise defined in this Addendum have the meanings set forth in the CCPA.




            2.1   To the extent that Service Provider processes Company Personal Information for a Business Purpose (as defined in the CCPA) under the Agreement, Service Provider is a “Service Provider” (as defined in the CCPA) and shall process Company Personal Information solely to provide its Services under the Agreement.


            2.2   Service Provider shall not retain, use, disclose or otherwise process Company Personal Information for any purpose other than for performing the Services, or as otherwise permitted by the CCPA and shall return or delete all Company Personal Information at the conclusion of performance of the Services, or sooner if directed by Company. Service Provider shall follow all Company instructions regarding the return or destruction of Company Personal Information. 


            2.3   Service Provider shall not “sell” (as defined in the CCPA) any of the Company Personal Information. 


            2.4   Service Provider shall comply with all applicable laws, including but not limited to, the CCPA, and assist Company in fulfilling its obligations under the CCPA to respond to individual requests related to the Company Personal Information, including by promptly fulfilling requests to access or delete relevant Personal Information in Service Provider’s possession. Service Provider shall notify Company if it receives a request from a Consumer attempting to exercise their rights under applicable law within 48 hours of the request. If Service Provider receives a request to know or a request to delete from a Consumer regarding Personal Information that the Service Provider collects, maintains, or sells on behalf of Company, and does not comply with the request, it shall explain the basis for the denial. The Service Provider shall also inform the Consumer that it should submit the request directly to Company and, when feasible, provide the Consumer with contact information for Company.


            2.5   Service Provider shall ensure that all of its employees, contractors, etc. processing Company Personal Information on Company’s behalf are subject to a duty of confidentiality.


            2.6   Service Provider shall enter into written agreements with each third party subcontractor that processes Company Personal Information that obligate the subcontractor to comply with terms that are at least as restrictive as those imposed on Service Provider under this Addendum and the Agreement, including the prohibition on the sale of Company Personal Information. 


            2.7   At the request of Company, Service Provider shall provide all information necessary to demonstrate evidence of Service Provider’s compliance with this Addendum and applicable laws, and allow for and contribute to audits, including without limitation inspections, conducted by Company or another auditor nominated by Company to verify Service Provider’s compliance. Upon request, Service Provider shall submit to Company, Service Provider’s record of processing activities carried out on behalf of Company.


            2.8   Service Provider hereby certifies that it understands its obligations under this Addendum, and shall comply with them. 


3.       DURATION OF ADDENDUM. Notwithstanding the expiration of the Term of the Agreement, this Addendum will remain in effect until, and automatically expire upon, Service Provider’s deletion or return of the Company Personal Information.


4.       CONFLICTS. In the event of any conflict or inconsistency between this Addendum and the terms of the Agreement regarding the subject matter herein, this Addendum will control, notwithstanding any statement to the contrary in the Agreement.






Name: ______________________________


Title: _______________________________


Date: _______________________________






Name: ______________________________


Title: _______________________________


Date: _______________________________