CCPA Compliance. The terms “personal information,” “consumer,” sell,” ” and “verifiable consumer request” as used in this Section have the meanings as defined under the CCPA (California Consumer Privacy Act). Personal information of a consumer is “BILL Personal Information”. Vendor and BILL shall comply with their respective obligations under the CCPA. Vendor agrees that:
- Vendor is a “service provider” to BILL under the CCPA and shall not sell, collect, access, retain, use, disclose, or otherwise process BILL Personal Information for any purpose other than for the specific business purpose of performing the Services specified in the Agreement.
- Vendor does not receive BILL Personal Information, or access to it, as valuable consideration for providing the Services under the Agreement.
- If Vendor uses subcontractors to provide all or part of the Services and the engagement involves the processing of BILL Personal Information:
- Vendor will not make any disclosures that would be considered a sale under the CCPA
- Vendor will ensure that the arrangement between each subcontractor and Vendor is governed by a written contract that includes terms substantially similar to these, and
- Vendor will remain fully liable to BILL for each subcontractor's performance of these obligations.
- Vendor shall implement and maintain, and shall ensure that any relevant subcontractor implements and maintains reasonable security procedures and practices appropriate to the nature of the BILL Personal Information, to protect BILL Personal Information from any unauthorized access, exfiltration, theft, or disclosure.
- Vendor shall, upon BILL’s written request, reasonably assist BILL in fulfilling BILL’s obligation to respond to a verifiable consumer request under the CCPA.
