U.S. Privacy Laws Supplement

(Version 2.0)

This document (the “Supplement”) is part of our Terms of Use and Sale for Businesses and applies only to the extent that we, as a service provider to you, receive data from you about your consumers who are residents of the United States and whose data is protected by the U.S. Privacy Laws.

  1. Definitions: words or expressions defined in “quotation marks” have the same meanings each time they are used in this Supplement. Unless we say otherwise below, any words or expressions that are defined in the Terms of Use and Sale for Businesses (including the Data Processing Agreement) have the same meanings when used in this Supplement.
  • “CCPA” means the California Consumer Privacy Act of 2018.
  • “CPRA” means the California Privacy Rights Act of 2020.
  • “VCDPA” means Virginia’s Consumer Data Privacy Act of 2021.
  • “U.S. Privacy Laws” means the U.S. State data protection and privacy laws that are applicable to our processing of your consumer data, such as CCPA, CPRA and VCDPA.
  • “U.S. Residents’ Data” means the U.S. residents’ data which is protected by the U.S. Privacy Laws.
  1. Compliance with the U.S. Privacy Laws: We are aware of and will comply with the requirements of the U.S. Privacy Laws in connection with our services we provide to you.

  2. Your instructions: Except as necessary to provide our services to you or unless otherwise permitted by the U.S. Privacy Laws:

    • we will not process, retain or use the U.S. Residents’ Data; and
    • we will not sell or disclose the U.S. Residents’ Data to any third party.
  3. Invitation data: If the type of review invitation services we provide to you requires us to receive or process invitation data that is the U.S. Residents’ Data, then we process that invitation data in accordance with the Data Processing Agreement.

  4. Security practices: The security practices that we apply to the U.S. Residents’ Data, will be the same as those that we describe in the Security practices section of our Data Processing Agreement. On your request, we will provide you with sufficient information to enable you to check that we are complying with these security practices.

  5. Training and confidentiality: We will ensure that all persons who have access to the U.S. Residents’ Data in the course of providing services to you are informed of how the U.S. Residents’ Data must be handled under the U.S. Privacy Laws and are subject to a duty of confidentiality.

  6. Consumer requests: You or we may receive requests from your consumers attempting to exercise their rights under the U.S. Privacy Laws in connection with your use of our services (“consumer requests”).

    • If we receive a consumer request, we will inform the requesting consumer that he/she should submit his/her request to you, given that you will be responsible for responding to these requests; and
    • If you receive a consumer request, we will provide you with reasonable assistance to respond to it as required by the U.S. Privacy Laws.
  7. Deleting and retaining the U.S. Residents’ Data: At your request, we will, or will give you access to, delete all or part of the U.S. Residents’ Data, unless we are permitted to retain such information under the U.S. Privacy Laws or required to retain it under applicable law. To the extent we retain U.S. Residents’ Data, it will remain subject to our Terms of Use and Sales for Businesses (including the Data Processing Agreement) and this Supplement.