This Data Processing Agreement is incorporated into and forms part of the Sona Master Services Agreement (the “Agreement”) between Sona Labs LLC (“Sona”) and you (“Customer”), under which Agreement Sona provides certain products or services (the "Services").
In instances where Sona processes any personal information on behalf of Customer that falls under the Colorado Privacy Act, Connecticut Data Privacy Act, Utah Consumer Privacy Act, or the Virginia Consumer Data Protection Act, and to the extent that Sona is subject to those laws, the following shall apply:
Sona will engage subcontractors, if any, through a legally binding contract in accordance with the aforementioned statutes, ensuring the subcontractor adheres to Sona’s obligations concerning personal information.
Sona will guarantee that any individual involved in processing personal information will maintain confidentiality concerning the data.
Sona will permit and collaborate with reasonable audits by Customer or an auditor appointed by Customer. Alternatively, Sona may engage an independent, qualified assessor to review Sona’s compliance with the relevant laws through a recognized control standard or framework, providing Customer with the assessment report upon request.
Upon Customer's directive, Sona will either delete or return all personal information at the termination of the Services, unless legally obligated to retain the data.
At Customer’s reasonable request, Sona will furnish any information required to demonstrate compliance with the applicable laws.
In instances where Sona processes personal information subject to the California Consumer Privacy Act of 2018, as revised by the California Privacy Rights Act of 2020 and its implementing rules (collectively, “CCPA”), and to the extent Sona is subject to the CCPA:
Sona must inform Customer if it concludes that it cannot fulfill its CCPA obligations.
Sona is obliged to adhere to the CCPA’s provisions, ensuring the same level of privacy protection as businesses are mandated under the CCPA.
Sona must facilitate Customer compliance with consumer inquiries under the CCPA, or notify Customer of any such consumer requests to ensure compliance.
Sona will provide Customer the authority to take necessary measures to confirm that personal information gathered under the Agreement is used in compliance with Customer’s CCPA obligations.
Sona will ensure Customer has the right to intervene and rectify any unauthorized use of personal information by Sona.
The specific business purpose (as that term is defined in the CCPA) for which Sona is processing personal information pursuant to the Agreement is to provide, manage, operate and secure the Services, and Customer is disclosing the personal information to Sona only for the limited and specified business purpose set forth in the Agreement;
Unless otherwise stated in the Agreement, Sona is prohibited from selling or sharing personal information collected under the Agreement, as well as from retaining, using, or disclosing it outside the specified business purposes of the Agreement or as otherwise allowed under the CCPA.
Sona is prohibited from retaining, utilizing, or disclosing the personal information acquired under the Agreement except for the business purposes detailed in the Agreement, or as otherwise permitted by the CCPA.
Sona is prohibited from retaining, utilizing, or disclosing the personal information acquired under the Agreement for any commercial activities, as defined by the CCPA, other than those explicitly outlined in the Agreement, unless explicitly allowed by the CCPA.
Sona is prohibited from retaining, using, or disclosing the personal information that it collected pursuant to the Agreement outside the direct business relationship between Sona and Customer, unless expressly permitted by the CCPA.
In instances wherein either party shares with or sells to the other any personal information that falls within the scope of the CCPA, and to the extent that Sona is subject to the CCPA:
The disclosing party has the right to ensure the receiving party utilizes the personal information in alignment with the CCPA obligations.
The disclosing party has the right to intervene and rectify any unauthorized use of personal information by the receiving party.
The receiving party must adhere to relevant CCPA provisions, ensuring privacy protection and practices as required under the CCPA.
The receiving party must notify the disclosing party if it is no longer able to meet the CCPA requirements.
Personal information exchanged is confined to the specific purposes outlined in the Agreement and must be used solely for those purposes.
The purpose of making personal information available to and by Sona is solely to facilitate the provision, management, operation, and security of the Services under the Agreement.