Clearbit Terms of Service

These terms were last updated on April 12, 2024.

Terms of Service

Introduction

In January 2024, Clearbit introduced new Clearbit Services. Clearbit will continue to provide existing customers with Legacy Clearbit Services under the Legacy Terms in an effort to support service continuity.

Therefore, if you are a new Clearbit customer as of January 2, 2024, the Clearbit Terms of Service available at https://clearbit.com/legal (“Terms” or “Customer Terms”) apply to you.

Accordingly, existing Clearbit customers who accessed the Clearbit Services before January 2, 2024, (“Legacy Services”) will continue to renew Legacy Services under the Legacy Terms available at https://clearbit.com/legal/legacy which will apply to you instead.

Customer Terms

APIHub, Inc. dba Clearbit, a HubSpot Affiliate ("Clearbit" or “We”), provides Clearbit Services (defined below) subject to these terms. The effective date of these Terms is the earlier of the date you enter into these Terms and the date you first access the Clearbit Services.

For avoidance of doubt, if you are a Clearbit customer with access to Legacy Services, the Legacy Terms available at https://clearbit.com/legal/legacy will apply to all of the services we provide to you instead.

By clicking or tapping any button or box marked "Accept," Agree," or "OK" (or a similar term) in connection with these Terms, or by accessing our site https://clearbit.com ("Site") or otherwise using the Clearbit Services, you acknowledge that you have read, understood, and agree to be bound by these Terms and affirm that you are over the age of 18. If you are entering into these Terms on behalf of a business or other legal entity, you represent that you have the authority to bind the entity and its affiliates to these Terms, in which case the terms "You", "Your," or "Customer" shall refer to the entity and its affiliates. If you do not have such authority, or if you do not agree with these Terms, you must not accept these Terms and may not use the Clearbit Services. You acknowledge that these Terms form a binding contract between you and Clearbit, even though it is electronic and is not physically signed, and that it governs without limitation your use of and access to the Clearbit Services, unless you have signed a separate Master Services Agreement or other similar with Clearbit.

PAID SUBSCRIPTION PLANS PURCHASED THROUGH SELF-SERVICE ON THE SITE OR THROUGH OUR RESELLERS WILL AUTOMATICALLY RENEW UNTIL YOU CANCEL THEM PURSUANT TO SECTION 5 OF THESE TERMS. CANCELING WILL END THE AUTOMATIC RENEWALS OF YOUR PAID SERVICES, BUT WE WILL KEEP ANY FEES WE HAVE ALREADY COLLECTED FROM YOU (UNLESS WE ARE REQUIRED BY LAW TO REFUND THEM).

1. DEFINITIONS

1.1. "Authorized User" means an employee, contractor, or agent of Customer who is authorized to use the Clearbit Services and who has access to the Clearbit Services via a unique username and password under Your Account.

1.2. "Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with the Customer. "Control," for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

1.3. "Clearbit Services" means any services provided by Clearbit, including the Clearbit online platform, APIs, Product Data, other services accessible via our website (www.clearbit.com), including any successor Clearbit products and services and products and services provided by a Clearbit Affiliate.

1.4. "Clearbit Tags" means Clearbit's JavaScript, pixels, cookies or similar code or technology for implementing the Services.

1.5. "Competitor" means any company that is selling products or services that are the same or substantially similar to the Clearbit Services.

1.6. "Customer Data" means personal contact information regarding Authorized Users, and all personal data or other materials solely provided by you to Clearbit in connection with the Services.

1.7. "Documentation" means Clearbit’s then-current technical or user documentation or specifications located at https://clearbit.com/docs.

1.8. "Order" means any order form signed by the parties that references these Terms and describes the services to be provided by Clearbit and the fees that will be paid by Customer.

1.9. "Product Data" means any data, reports, text, images, sound, video, code, insights, any other content made available by Clearbit through the Services.

1.10. "Services" means the services provided to You by Clearbit as indicated in your self-serve account, if applicable, in the applicable Order, including all or part of the Clearbit Services, Product Data, and Support, and as applicable any professional services set forth in any applicable statement of work, and excludes any free or beta services provided by Clearbit.

1.11. "Service Fees" means the fees Clearbit charges and You pay for the Services as specified in the applicable Order.

1.12. "Subscription" means Services selected through the self-serve option on Clearbit’s website or purchased through an Order.

2. SERVICES

2.1. Provision of Services: We will provide the Services to You and Your Affiliate(s) (so long as neither You nor such Affiliate(s) is a Competitor to Clearbit) in accordance with the applicable Order and these Terms. For any Services an Affiliate receives under these Terms, the Customer (or Customer’s parent company for Affiliates under common control with Customer) and the Affiliate shall be jointly and severally liable for the obligations, including but not limited to payment obligations. At the beginning of the Initial Term or promptly thereafter, You will receive access to a Clearbit Services account ("Your Account"). To use the Services, You must link at least one of your email accounts to Your Account, but may link no more email accounts than the total number of Your Authorized Users. You will keep all information related to Your Account current and promptly notify us of any changes and of any unauthorized use of Your Authorized Users’ identifications and passwords or your account.

2.2. Use of Services: You are solely responsible for the acts and omissions of Your Authorized Users, including their use of the Services, including their processing of any Product Data obtained from the Services. You and Your Authorized Users will maintain the security of their usernames and passwords, and you will not permit anyone who is not an Authorized User to access or use the Services. You will notify Clearbit immediately if You suspect or become aware of any unauthorized use of the Services or if an Authorized User’s username or password is lost or stolen.

2.3. Customer Restrictions: You and Your Authorized Users must not: (a) use the Clearbit Services to provide any Clearbit Services or Product Data to third parties (excluding any Third Party Applications as permitted pursuant to Section 2.9 herein) or otherwise reproduce, license, sell, rent, lease, outsource, act as service bureau, or sublicense the Clearbit Services or Product Data; (b) use the Clearbit Services or Product Data in any manner that is defamatory, obscene, libelous, or otherwise violates the rights of another or does not comply with applicable laws and regulations, including, without limitation, any privacy rights, publicity rights, intellectual property rights or other property rights; (c) except as permitted by applicable law, decompile, disassemble, reverse engineer or otherwise attempt to access or derive the source code or other trade secrets from the Clearbit Services; or (d) submit content to the Clearbit Services, by transmitting viruses or other malicious code or using the Clearbit Services to spam others.

Except as expressly permitted in an Order, You and Your Authorized Users shall not (a) incorporate any portion of the Services or Product Data into Your products or services, (b) use the Services or Product Data for any other commercial purposes other than the Permitted Uses, or (c) access or use the Product Data for the benefit of or on behalf of any entity except Customer and Affiliates contemplated under the scope of an Order.

You and Your Authorized Users shall not use the Services to determine a consumer’s eligibility for (a) credit or insurance for personal, family or household purposes, (b) employment or (c) a government license or benefit or (d) any other purpose governed by the Fair Credit Reporting Act (“FCRA”).

2.4. Customer Compliance: Subject to You and Your Authorized Users’ compliance with all applicable laws, You and Your Authorized Users shall be permitted to access or use the Clearbit Services solely for the business-to-business sales, marketing, or business development activities of Customer (the “Permitted Uses”). As consistent with the Permitted Uses, You and Your Authorized Users may use the Services in a responsible and professional manner relating to Customer’s business-to-business sales, marketing, and business development activities to: (a) view the Product Data; (b) communicate with any individuals contained within Product Data, in a manner that relates directly to such person’s profession, business, or employment; and (c) identify prospective sales opportunities, research Customer’s existing customers and prospects, and otherwise analyze the Product Data for business-to-business sales, marketing, and business development purposes.

2.5. Services Limits: You and Your Authorized Users shall not override or circumvent, or attempt to override or circumvent, any security feature, control, or use limits of the Clearbit Services. Clearbit may use technological means to place reasonable use limits to prohibit excessive use, including excessive requests or exceeding records limits that indicate a violation of these Terms, such as sharing with third parties.

2.6. Clearbit Tags: To the extent the Services include use of the Clearbit Tags on Customer’s websites or digital properties (“Customer Properties”), the following terms shall apply:

(i) Customer acknowledges that it shall implement the current version of Clearbit Tags on the Customer Properties in accordance with the Documentation and acknowledges that failure to do so may cause the Services to cease working properly.

(ii) Each party acknowledges and agrees that any Customer Data collected by the Clearbit Tags (“Website Data”) may be used by Clearbit and its Affiliates for improvement, development (including through the use of techniques such as machine learning), provision, and enhancement of Clearbit Services.

(iii) Customer represents and warrants that it has provided and will continue to provide adequate notices, and that it has obtained and will continue to obtain any necessary permissions and consents, with respect to the use of Clearbit Tags. Without limiting the foregoing, Customer will include on each Customer Property a privacy notice that discloses Customer’s use of third-party tracking technology (including, where applicable, the storage of cookies) to collect Website Data in compliance with applicable data privacy laws.

(iv) Customer will promptly remove all Clearbit Tags from Customer Properties upon termination of the Services and acknowledges that Clearbit Tags may continue to collect Website Data until removed.

2.7. Modifications & Updates: We may modify the Service and Limits from time to time, including changes that may materially reduce the functionality provided. If you are using an older version of the Clearbit Services, Clearbit may choose to move you to our then-current Clearbit Services at any time. Customer agrees that its purchase of the Services is not contingent upon the delivery of any future functionality or features, or dependent on any oral or written public documents made by Clearbit regarding future functionality or features.

2.8. Enrichment: The Clearbit Services include enrichment features, which will transmit Customer Data to Clearbit and its Affiliates for purposes of (i) matching, cleansing, or updating records with information from Clearbit’s commercial database and (ii) improving, developing (including through the use of techniques such as machine learning), providing, and enhancing of Clearbit Services . During such transmission, Clearbit will make commercially reasonable efforts to respond to match and clean and append requests by researching and/or verifying Customer Data so submitted and supplementing Clearbit’s commercial database with information Clearbit is able to verify or otherwise as needed to perform the Clearbit Services.

Clearbit and its Affiliates may also use email deliverability data (such as email “bounce” data) accessible through Customer’s use of Clearbit to improve the Clearbit Services by, for example, eliminating invalid email addresses from it. Customer shall only provide business email addresses (emails tied to a business domain) in Customer Data to Clearbit and its Affiliates; Customer shall have no expectation that Clearbit can or will enrich personal email addresses (e.g. Gmail).

Additional information about enrichment data is available at https://clearbit.com/attributes, which is included for convenience and not incorporated into these terms. You may opt out of adding certain data to Clearbit's commercial database by following the instructions available in the Clearbit Help Center article “How Does the Clearbit Community Data Opt Out Work?”

2.9. Third Party Applications: “Third-Party Applications” means computer software programs and other technology that are provided or made available to Customer or Authorized Users by third parties, including those with which the Service may interoperate, including, for example, Customer’s CRM, marketing automation software, email marketing or sales enablement software, if any. Customer may be able to use the Service through integrations, webhooks or other connections to one or more Third-Party Applications (each, a “Connection”). When You or your Authorized Users implement a Connection to a Third-Party Application, You hereby grant to Clearbit the right, and are expressly instructing Clearbit, to access and interoperate with that Third-Party Application during the Order Term in order to provide and support the Service. Customer is responsible for complying with all applicable third-party terms, policies and licenses governing its access and use of Third-Party Applications and associated data (collectively, “Third-Party Terms”).

2.10. Suspension of Services: In the event Clearbit has a reasonable belief that You or any Authorized User is engaged in or facilitated any unauthorized or unlawful access or use of the Product Data or the Services in violation of these Terms or applicable law, Clearbit, in its sole discretion, may immediately suspend or limit Your access to the Product Data and/or Services until such violation is resolved to Clearbit’s reasonable satisfaction. We will use commercially reasonable efforts to give You prior e-mail notice of suspension under this Section, and we will resume the Services as soon as possible once the issue necessitating suspension is resolved. We will not be liable to You for any loss, damage or inconvenience suffered as a result of any suspension under this provision.

2.11. Free Plans: If You elect to use the Clearbit Services under the limited free-to-use option, and We agree (the “Free Plan”), You acknowledge and accept that we may terminate Your use of the Services under the Free Plan for any reason or no reason at all and without any required prior notice. “Clearbit Free Users,” are defined as users who have registered for a free subscription account or are listed as a user within an account and/or instance. For Clearbit Free Users and Free Plans, support is available to you through the Clearbit knowledge base. DURING THE TRIAL PERIOD AND USE UNDER THE FREE PLAN, WE WILL HAVE NO OBLIGATION WHATSOEVER TO CONTINUE PROVIDING THE SERVICES TO YOU, AND YOU WILL HAVE NO CLAIM OR REMEDY FOR THE FAILURE OF THE SERVICES. THESE LIMITATIONS ARE IN ADDITION TO THE WARRANTY DISCLAIMERS AND LIABILITY LIMITS IN THESE TERMS.

2.12. Beta Services: If Customer chooses to receive Beta Services, Customer agrees to comply with any written requirements provided by Clearbit regarding those Beta Services. “Beta Services” means a Service, or a feature of a Services, that is designated or presented to Customer as alpha, beta, experimental, pilot, limited release, developer preview, early access, non-production, evaluation, provided prior to general commercial release, or similar. Beta Services are offered solely for experimental purposes and without warranty of any kind, and may be modified or discontinued at Clearbit’s sole discretion.

2.13. Accuracy of Product Data: During the term of these Terms, Clearbit agrees to take commercially reasonable steps to correct errors and omissions in Product Data when discovered by Clearbit and/or upon notification by Customer.

2.14. Customer Security: Customer affirms that all locations within Customer’s environment where Product Data is stored have implemented industry-standard physical, technical, and administrative controls to ensure that Product Data is accessible only by Customer and Authorized Users.

3. DATA RIGHTS, PRIVACY, AND SECURITY

3.1. Customer License to Customer Data: As detailed in Section 2.8 (Enrichment), you may opt out of adding certain data to Clearbit's commercial database; if you do not opt out, the remainder of this section continues to apply.

You hereby authorize and grant to Clearbit and its Affiliates a worldwide, limited, non-exclusive, perpetual license to use, store, process, transfer, reproduce, distribute, perform, display, and create derivative works of Customer Data for the purpose of providing the Clearbit Services and as otherwise authorized in these Terms. For the avoidance of doubt, the Customer License to Customer Data and purpose described in this Section includes your authorization to share Customer Data with Clearbit and its Affiliates for other customers’ use in exchange for information that we hope is equally valuable to you through certain Clearbit Services.

As a result, your sharing of data with Clearbit and its Affiliates may amount to a “sale” of Personal Data under certain state statutes. Depending whether you are subject to those statutes (which may depend upon your company size, revenue, industry, etc.), such “sale” of information may require you to make specific disclosures or provide certain consumer “opt out” or other rights. We may provide you with materials or recommendations regarding how the Clearbit Services support your compliance with these requirements; if we do so, you understand that these are purely advisory in nature and are neither legal advice nor a substitute for legal advice. Therefore, you should consult legal counsel regarding requirements you may have under any such applicable law.

3.2. Customer Data Obligations: You are responsible for (a) Customer Data, including the content, accuracy, and integrity of Customer Data and for correcting errors and omissions in Customer Data, and your secure transmission of such data to Clearbit, (b) any communications between You or any Authorized User and any individual contained within Product Data and (c) Your processing of Product Data, including compliance with Data Protection Laws (as defined in the DPA). You further represent and warrant that you have provided and will continue to provide adequate notices, and that you have obtained and will continue to maintain all necessary permissions, consents and opt-out mechanisms, as required by applicable laws, in order to lawfully collect and provide Customer Data to Clearbit for processing as contemplated by these Terms.

3.3. Personal Data Obligations: The Clearbit Data Processing Agreement (“DPA”) is hereby incorporated by reference into these Terms. Each party shall comply with their respective obligations under the DPA with respect to any Personal Data transferred by one party to another as set forth in more detail in the DPA.

3.4. Usage Data: Notwithstanding anything to the contrary herein, Clearbit and its Affiliates may collect, use and analyze general information and data from its customers (including Customer Data) for purposes such as research, marketing, analysis, and benchmarking, and other purposes reasonably required to develop, deliver, and provide ongoing innovation to the Clearbit Services, provided that Clearbit does not specifically identify You or disclose any personally identifiable information in the course of collecting, using, analyzing, marketing or publishing such information or data. As between the parties, Clearbit and its Affiliates exclusively owns and reserves all right, title, and interest in and to the Usage Data.

3.5. Privacy Policy: Customer acknowledges our Privacy Policy (available at: https://clearbit.com/privacy-policy or as Clearbit may otherwise indicate) sets out how we process personal data in connection with the Clearbit Services.

4. PAYMENT, TAXES

4.1. Self-Service Subscriptions: All payment obligations are non-cancelable and all amounts paid are non-refundable, except as specifically provided for in these terms. If you select a Subscription through the self-service process on the Site or through one of our Resellers, you will be required to provide Clearbit or its Affiliates information regarding your credit card or another payment instrument (“Payment Instrument”). You represent and warrant to Clearbit that such information is true and that you are authorized to use the Payment Instrument. You will promptly update your account information with any changes (for example, a change in your billing address or credit card expiration date); we may also receive updates on your Payment Instrument through our payment service providers and automatically resume billing. If your Payment Instrument is declined when Clearbit or its Affiliates attempts to charge it, we may try to charge it again at a later time. If Clearbit or its Affiliates does not receive payment, Clearbit will promptly suspend or terminate the Customer’s Services. We assume no responsibility or liability if your access to the Subscription fails to renew or otherwise expires because of outdated or incorrect payment information.

Your Subscription will automatically renew each billing cycle on a recurring basis at which time your credit card will be charged automatically until you cancel your Subscription. You hereby authorize Clearbit or its Affiliates to bill your Payment Instrument for your monthly usage for the self-service Subscriptions entered into through the Site in accordance with the terms of the applicable payment plan referenced in the self-service Subscription or communicated to you by Clearbit from time to time, and you further agree to pay any charges so incurred.

4.2. Invoicing: If you purchase a Subscription through a separately executed Order, or if Clearbit elects to bill through an invoice, you will pay all fees charged by Clearbit for your use of Service in accordance with the Order. Clearbit or its Affiliates will invoice You for amounts due under these Terms (including for any product usage overages at rates set forth in the Order) and You will pay all undisputed Service Fees not subject to reasonable dispute within 30 days of receipt of invoice, except as otherwise specified in the applicable Order.

If Customer fails to pay any undisputed make payment of any amounts not subject to reasonable dispute when due, without limiting Clearbit’s other rights and remedies, after providing Customer with fifteen (15) days’ written notice of non-payment of any amount due: (a) Clearbit may suspend any and all Authorized User’s access to any or all Services until such amounts are paid in full; (b) Customer shall reimburse Clearbit for all reasonable costs incurred by Clearbit in collecting any late payments or interest, including attorneys’ fees; and (c) if such nonpayment failure continues, Clearbit may terminate suspend Customer’s and its Authorized Users’ access to the Service and this agreement in accordance with the Termination provision; Customer remains liable for all Fees agreed upon under these Terms.

Unless Customer identifies any disputed amounts within fifteen (15) days of receipt of invoice, such invoice shall be deemed undisputed. In the event of a dispute, the parties agree to work together in good faith to resolve such dispute. If the dispute is regarding a portion of an invoice, the undisputed portion shall remain due and payable in accordance with these Terms.

4.3. Credit Card Payments: If Customer provides Clearbit or its Affiliates with credit or debit card (“Payment Card”) details for the payment of fees stated herein ("Fees"), Customer: (a) represents that it is authorized to use such Payment Card; (b) authorizes Clearbit or its Affiliates to charge such Payment Card on a periodic basis for the Fees when due, including upon sign up for paid Services and upon renewal; (c) agrees to keep its Payment Card details valid and current; and (d) agrees to pay any processing fees that are charged by third-party payment processors or Payment Card issuers.

If Customer’s Payment Card is declined when Clearbit or its Affiliates attempts to charge it, we may try to charge it again at a later time (for example, if Customer’s Payment Card has expired or is no longer valid) and we reserve the right, and Customer authorizes Clearbit or its Affiliates, to retry billing Customer’s Payment Card. If Customer updates Payment Card information to remedy a change in validity or expiration date, we will automatically resume billing; we may also receive updates on Customer’s Payment Card through our payment service providers and automatically resume billing. If Clearbit does not receive payment, Clearbit may suspend or terminate Customer’s Services.

4.4. Taxes: All Service Fees are exclusive of taxes. You agree to pay any taxes applicable to your use of the Services. You will have no liability for any taxes based upon our gross revenues or net income.

If you are required to deduct or withhold tax from payment, you may deduct this amount from the applicable Subscription Fee due to the extent it is due and payable as assessed withholding tax required under laws that apply to you (the “Deduction Amount”).

You will not be required to repay the Deduction Amount to us, provided that you present us with a valid tax receipt verifying payment of the Deduction Amount to the relevant tax authority within ninety (90) days from the date of the invoice. If you do not provide this tax receipt within the specified time period, then all fees, inclusive of the Deduction Amount, will be immediately due and payable, and failure to pay these fees may result in your account being suspended or terminated for non-payment.

4.5. Purchase Orders: If Customer issues to Clearbit or its Affiliates a purchase order upon entering into an Order, any such purchase order is for Customer’s internal purposes only, and any terms in such purchase order are rejected by Clearbit, do not amend these Terms, and have no effect. If the Customer requests Clearbit to reference a purchase order number on a Clearbit invoice, such reference is included for administrative convenience only.

4.6. Usage Limits: You are responsible for complying with usage limits reflected on the page Clearbit, which we may update from time to time.

Except expressly permitted in an Order, you shall not (and shall not allow any third party to): present the Product Data so that it appears to be made available by any third party; or access the Product Data in bulk, redistribute, or resell the Product Data. Non-paying users of the Services are expressly forbidden from caching or otherwise storing the Product Data.

4.7. Records Retention: During the Term of these Terms, you will take commercially reasonable efforts to maintain complete and accurate records of your use of the Service and Product Data sufficient to verify compliance with these Terms.

5. TERM AND TERMINATION; SUSPENSION

5.1. Term: These Terms will commence on the date that you are first provided with use or access to the Service and remains in effect for the "Initial Term" which shall be as follows: (a) with respect to the Logo Output APIs Service or browser extension, until you uninstall or remove such Service, (b) with respect to paid Subscriptions executed through self-service on the Site, for the term specified in your self-service Subscription, or if none is so specified, for one (1) calendar month following the date you are first provided with access, (c) with respect to separately executed Orders, for twelve (12) months or as otherwise specified in such Order.

Upon expiration of the applicable Initial Term, (a) with respect to paid plans executed through self-service on the Site, the Initial Term will automatically renew for successive one (1) calendar month periods, (b) with respect to separately executed Orders, unless otherwise specified in the Order, the Initial Term will automatically renew upon expiration for successive twelve (12) months periods. The applicable Initial Term and any renewal terms are collectively referred to as the "Subscription Term." Either party may opt-out of or cancel the Subscription renewal by providing the other party with written notice of non-renewal at least thirty (30) days prior to the expiration of the then-current Subscription Term or as otherwise specified in the applicable Order.

5.2. Termination: Except as otherwise expressly permitted in these Terms, these Terms may only be terminated as follows: (a) either party (“Terminating Party”) may terminate these Terms upon written notice to the other if the other party is in breach of any material term or condition of these Terms and the breaching party fails to cure the breach within thirty (30) days of receipt of notice of that breach; or (b) if the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, cessation of business, liquidation or assignment for the benefit of creditors.

5.3. Effect of Termination: If there is any Order in effect, these Terms will not terminate until such Order has expired or has been terminated in accordance with the terms therein.

Upon termination of these Terms, Clearbit will cease providing the Services and promptly invoice Customer for any unpaid amounts owed and Customer will pay Clearbit for all Services rendered and expenses incurred prior to the effective date of termination. Upon termination, only when due to Clearbit’s material breach, Clearbit will cease providing the Services and promptly refund Customer a pro-rata refund of any fees You have paid in advance for the Services, beginning on the date of the breach.

5.4. Product Data & Termination: Upon expiration or termination of these Terms for any reason, You and Your Authorized Users shall cease accessing the Services in any way. Notwithstanding the foregoing, You shall not be required to delete Product Data upon expiration or termination hereof (unless required pursuant to applicable laws) as long as you have an independent legal basis to use such Product Data, and may continue to use such information in a manner otherwise consistent with these Terms.

6. NONDISCLOSURE OF CONFIDENTIAL INFORMATION

6.1. Obligations: During the Term and for a period of three (3) years after termination of these Terms (except for trade secrets, which shall be held in confidence for so long as they constitute trade secrets, and confidentiality obligations as required by applicable law), each party (the “Receiving Party”) that receives Confidential Information (as defined below) of the other party (the "Disclosing Party") will not use, other than in connection with the provision or receipt of the Clearbit Services, or disclose to anyone, other than officers, employees, contractors, or representatives of the Receiving Party with a need to know for purposes of these Terms and who are subject to confidentiality obligations no less stringent than the terms of these Terms (“Representatives”), any Confidential Information disclosed to the Receiving Party by or on behalf of the Disclosing Party. The Receiving Party will safeguard disclosure of such Confidential Information to the same extent that Receiving Party safeguards its own Confidential Information of a similar nature, but in any case, will at a minimum use reasonable care. Each party shall be responsible for any breach of its confidentiality and non-use obligations by its Representatives. Either party may disclose Confidential Information to its legal and financial advisors in connection with an investment, merger, acquisition, or otherwise, subject to a duty to maintain the confidentiality of such Confidential Information. Upon request of the Disclosing Party, the Receiving Party will promptly return to the Disclosing Party or destroy, certifying in writing to the Disclosing Party the destruction of such Confidential Information, the Disclosing Party’s Confidential Information in its possession or under its control.

6.2. Definition of Confidential Information: “Confidential Information” means all information, material and data of the Disclosing Party and its Affiliates which (a) is labeled or designated in writing as confidential or proprietary, (b) the Receiving Party is advised is proprietary or confidential, or (c) in view of the nature of such information and/or the circumstances of its disclosure, the Receiving Party knows or reasonably should know is confidential or proprietary. Confidential Information includes, without limitation, these Terms, Product Data, and the Clearbit Services.

6.3. Exceptions: These confidentiality obligations will not apply to any information which (a) is or becomes publicly known without any fault of or participation by the Receiving Party or its Representatives; (b) was in Receiving Party's possession prior to the time it was received from Disclosing Party or came into Receiving Party's possession from a third party not under an obligation of confidentiality; or (c) is independently developed by the Receiving Party without reference to the Disclosing Party's Confidential Information.

6.4. Injunctive Relief: Any use or disclosure of the Disclosing Party's Confidential Information in a manner inconsistent with the provisions of these Terms may cause the Disclosing Party irreparable damage for which remedies other than injunctive relief may be inadequate, and both parties agree that the Disclosing Party may request injunctive or other equitable relief seeking to restrain such use or disclosure.

6.5. Required Disclosures: If it becomes necessary for the Receiving Party to disclose any Confidential Information to enforce these Terms or comply with a judicial, arbitral or governmental order or process or operation of law, the Receiving Party will, unless prohibited by law, notify the Disclosing Party of the requirement of disclosure before making such disclosure and will comply with any protective order or other limitation on disclosure obtained by the Disclosing Party.

7. WARRANTIES

7.1. Clearbit Warranties: Clearbit warrants that: (a) it will provide the Services in a professional manner, consistent with recognized industry standards and good commercial practices; and (b) it has the authority and right to enter into these Terms.

7.2. Customer Warranties: Customer warrants that: (a) it has the authority and right to enter into these Terms; and (b) it will comply with all applicable laws in its use of the Services.

7.3. Disclaimer of Warranties: WITH THE EXCEPTION OF THOSE EXPRESS WARRANTIES MADE IN THIS SECTION 7, TO THE MAXIMUM EXTENT PERMITTED BY LAW, EACH PARTY DISCLAIMS ALL WARRANTIES WHETHER EXPRESS, IMPLIED OR STATUTORY.

8. INTELLECTUAL PROPERTY

8.1. Intellectual Property Rights: You acknowledge that, as between the parties, Clearbit and its Affiliates owns and retains all right, title and interest in the Intellectual Property Rights in the Services and Product Data. This includes, without limitation, any Product Data that You (or Your Authorized Users) download, print, save or incorporate into other materials. “Intellectual Property Rights” means: (a) copyrights and other rights associated with works of authorship; (b) trademark and trade name rights and similar rights; (c) trade secret rights; (d) patents, designs, algorithms, utility models, and other industrial property rights, and all improvements thereto; and (e) all registrations, applications, renewals, extensions, continuations, divisions, or reissues now or in the future.

8.2. Feedback, Comments, & Suggestions: Except to the extent it contains Your Confidential Information, You agree that Clearbit and its Affiliates (or others we authorize) may freely use, disclose, reproduce, license, distribute, or otherwise exploit in any manner any feedback, comments, or suggestions You post in our forums or otherwise provide to us about our Services and Product Data without any obligation to You, restriction of any kind (including on account of any Intellectual Property Rights), and without paying any compensation to You or any third party.

8.3. Third Party Websites: You acknowledge that information and content accessible through the Clearbit Services may be protected by Intellectual Property Rights of third parties. The Clearbit Services may contain links to websites or resources of others, however we do not endorse and are not responsible or liable for the accuracy, availability, content, products, or services of any third party. You are solely responsible and liable for Your use of any third-party websites while using the Services.

9. INDEMNIFICATION

9.1. Indemnification by Clearbit: Clearbit will indemnify and have the right but not the duty to defend, Customer and its Affiliates officers, directors, successors, and permitted assigns from and against any claim, action, demand or proceeding by a third party (collectively “Claims”) resulting in liability, damage, cost, loss or expense, including court costs and reasonable attorney’s fees, and fines and penalties imposed by any governmental entity (collectively “Losses”) to the extent they result from infringement or misappropriation of a third party’s registered U.S. Intellectual Property Rights by the Services. IF A LOSS IS FOUND BY A COURT OF COMPETENT JURISDICTION TO HAVE BEEN CAUSED ONLY IN PART BY CLEARBIT, THEN ITS LIABILITY HEREUNDER WILL BE ONLY SUCH AMOUNT AS IS ATTRIBUTABLE TO ITS FAULT.

Clearbit shall have no liability or obligations under this section arising from Product Data or an alleged infringement of Intellectual Property Rights to the extent arising from the following (collectively “Customer-Controlled Matters”): (a) use of the Clearbit Services in combination with other equipment or software not provided or approved by us in writing, if such claim would have been avoided but for such combined use; (b) any modification to made by You or any other third party not approved by us in writing or permitted under these Terms; or (c) use of the Clearbit Services other than in the manner permitted or authorized under these Terms or under applicable law.

For any claim covered by this section, in our sole discretion we may (a) attempt to obtain the right for You to continue to use the Services; or (b) replace or modify the Services so that they no longer infringe but are functionally equivalent; or (c) if neither (a) or (b) is commercially practicable, we shall have the right to terminate these Terms and refund to Customer all unearned fees paid by Customer, if any, for any Services not yet performed. THE PROVISIONS OF THIS SECTION STATE THE SOLE, EXCLUSIVE, AND ENTIRE LIABILITY OF CLEARBIT TO CUSTOMER, AND CUSTOMER'S SOLE REMEDY, WITH RESPECT TO THE INFRINGEMENT OR MISAPPROPRIATION OF THIRD-PARTY INTELLECTUAL PROPERTY RIGHTS.

9.2. Indemnification by Customer: Customer will defend, indemnify and hold harmless Clearbit and its officers, directors, employees, shareholders, agents, legal representatives, subsidiaries, Affiliates, successors and permitted assigns from any Claims resulting in Losses to the extent they result from (a) a claim that Customer Data infringes upon or misappropriates a third party’s Intellectual Property Rights; (b) a violation by Customer of Sections 2.1-2.6 of these Terms; or (c) Customer-Controlled Matters.

9.3. Indemnification Process: The party seeking indemnification under these Terms will: (a) give the indemnifying party prompt written notice of the Claim (provided, that failure to provide such prompt notice will not release the indemnifying party from its indemnity obligations except to the extent the indemnifying party is materially prejudiced thereby); (b) tender to the indemnifying party control of the defense and settlement of the Claim; and (c) cooperate with the indemnifying party in defending or settling the Claim. The indemnified party will have the right to participate at its own expense in any indemnification action or related settlement negotiations using counsel of its own choice. Neither party may consent to the entry of any judgment or enter into any settlement that adversely affects the rights or interests of the other party without that party’s prior written consent, which may not be unreasonably withheld.

10. LIMITATIONS OF LIABILITY

10.1. Limitation on Indirect Liability: IN NO EVENT WILL EITHER PARTY BE LIABLE HEREUNDER FOR ANY INCIDENTAL, INDIRECT, SPECIAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES, LOST PROFITS, LOST SALES OR ANTICIPATED ORDERS, OR DAMAGES FOR LOSS OF GOODWILL, EVEN IF A PARTY WAS INFORMED OR KNEW OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES OR LOSS.

10.2. Liability Cap: EXCEPT FOR A BREACH BY CUSTOMER OF THEIR PAYMENT OBLIGATIONS OR SECTION 2, THE AGGREGATE LIABILITY OF EITHER PARTY FOR ALL CLAIMS RELATING TO THE SERVICES OR CONNECTED WITH THESE TERMS, REGARDLESS OF THE DAMAGES THEORY, WILL NOT EXCEED THE FEES PAID OR OWING TO CLEARBIT UNDER THE APPLICABLE ORDER IN THE TWELVE (12) MONTHS PRECEDING THE DATE THE CLAIM AROSE. CLEARBIT AND ITS AFFILIATES WILL NOT BE LIABLE FOR ANY DAMAGES INCURRED BY CUSTOMER TO THE EXTENT ARISING FROM ANY UNAUTHORIZED ACCESS RESULTING FROM THE ACTIONS OF CUSTOMER OR ANY THIRD PARTY, OTHER THAN CLEARBIT’S REPRESENTATIVES. NOTWITHSTANDING THE FOREGOING, THIS LIMITATION WILL NOT APPLY TO YOU IF YOU ONLY USE THE FREE PLAN, AND IF WE ARE DETERMINED TO HAVE ANY LIABILITY TO YOU OR ANY THIRD PARTY ARISING FROM YOUR USE OF THE FREE PLAN, THEN OUR AGGREGATE LIABILITY WILL BE LIMITED TO ONE HUNDRED U.S. DOLLARS.

11. GENERAL

11.1. Assignment: Customer will not assign these Terms without our prior written consent, except that Customer may assign these Terms to a successor by reason of merger, reorganization, sale of all or substantially all of your assets, change of control or operation of law, provided such successor is not a Competitor of Clearbit. Clearbit may assign these Terms to any Affiliate or in the event of merger, reorganization, sale of all or substantially all of our assets, change of control or operation of law.

11.3. Relationship of parties: Clearbit and Customer are independent contractors, and these Terms will not establish any relationship of partnership, employment, agency, joint venture, or franchise between Clearbit and Customer. Neither party will have authority, and will not represent that it has any authority, to bind the other.

11.4. Notices: Except as otherwise expressly set forth in these Terms, all notices given to the parties under these Terms will be in writing and will be given by nationally recognized overnight courier service, certified mail (return receipt requested), facsimile or e-mail with electronic confirmation, or personal delivery, if to Customer at the address indicated on the applicable Order, and if to Clearbit at:

APIHub, Inc. C/O its Affiliate, HubSpot, Inc. Attn: General Counsel Two Canal Park, Cambridge, MA 02141, U.S.A. With a copy e-mailed of even date to: legal@clearbit.com

11.5. Governing Law: These Terms are governed by the laws of Delaware, with exclusive jurisdiction in Delaware courts and without regard to its conflicts of law rules.

11.6. Customer List: Clearbit may identify Customer as such, in general listings of customers that Clearbit may make available on its website or in promotional or marketing materials.

11.7. Updates: Clearbit may make changes to these Terms from time to time for a variety of reasons, such as to reflect changes in the law or our business. If a revision materially and adversely alters Customer’s rights as reasonably determined by Clearbit in its sole discretion, Clearbit will use reasonable efforts to provide written notice to Customer of the change, such as by emailing the email address associated with an Admin Account or by messaging Customer through the Services. The most current version of these Terms for the Services will be posted on the Clearbit website. Any material adverse changes to these Terms will become effective on the next business day date set forth in such notice. If Customer does not wish to agree to any changes made to these Terms, Customer should stop using the Services and notify Clearbit, because by continuing to use the Services after the date the changes become effective, Customer indicates its agreement to be bound by the updated Terms.

11.8. Waiver & Severability: If any provision of these Terms is held invalid, illegal or unenforceable, the validity, legality or enforceability of the remaining provisions will in no way be affected or impaired. A party does not waive any right under these Terms by failing to insist on compliance with any term or by failing to exercise any right under these Terms. Waiver of any provision of these Terms is effective only if it is written and signed by the party granting the waiver and will not imply a subsequent waiver of that or any other provision of these Terms.

11.9. Headings: The section headings and sub-headings of these Terms are for convenience only and have no interpretive value. Any list of examples following "including" or "e.g.," is illustrative and not exhaustive, unless qualified by terms like "only" or "solely."

11.10. Survival: The rights and obligations of a party which by their nature must survive termination or expiration of these Terms in order to achieve its fundamental purposes will survive any termination of these Terms.

11.11. Export Compliance: The Services are subject to the trade laws and regulations of the United States and other countries, including the Export Administration Regulations (EAR, 15 CFR Part 730 et seq.) and the sanctions programs administered by the Office of Foreign Assets Control (OFAC, 31 CFR Part 500). You will not import, export, re-export, transfer or otherwise use the Services in violation of these laws and regulations. By using the Services, the parties represent that (a) they are not located in any U.S. embargoed country or on any restricted person list, and (b) they will not engage in activity that would cause the other party to be in violation of these laws and regulations.

11.12. Force Majeure: Neither party will be liable for any delay or default in its performance of any obligation (other than a payment obligation) under the Terms caused directly or indirectly by act of God, acts of government, labor problem, failures of suppliers, or by war or civil disturbance, or any cause or causes beyond such party’s reasonable control (collectively, “Force Majeure Events”). This provision will in no way impair either party’s right to terminate these Terms.

11.13. Anti-Corruption: Without limiting the foregoing, each party represents and warrants that (i) in connection with these Terms, it has not and will not make any payments or gifts or any offers or promises of payments or gifts of any kind, directly or indirectly, to any official of any foreign government or any agency or instrumentality thereof and (ii) it will comply in all respects with the U.S. Foreign Corrupt Practices Act and similar domestic or foreign law.

11.14. Entire Agreement: These Terms, together with any written Orders, the DPA and the Exhibit(s), constitute the complete and final agreement of the parties pertaining to the Services, and supersedes the parties’ prior agreements, understandings and discussions relating to the Services. In the event of any conflict or inconsistency between a provision in these Terms and in an Order, the provision in the Order will take precedence and prevail.

12. RESELLER TERMS

12.1. Reseller Terms: If Customer has procured use of any Services through a Reseller, the following terms apply: (a) Customer’s use of such Services will be subject to these Terms and all Fees payable for such use shall be payable pursuant to the terms of the agreement with Reseller; (b) different terms regarding invoicing, payment and taxes will apply as specified under the agreement with the Reseller, and the corresponding terms in these Terms do not apply; and (d) Customer acknowledges that: (i) Reseller and Clearbit may share information with each other related to Customer’s use and consumption of the services for account management and billing purposes; and (ii) Reseller is not authorized to make any changes to these Terms or otherwise authorized to make any warranties, representations, promises or commitments on behalf of Clearbit or concerning the Services.

Addendum A: Clearbit Data Processing Addendum

Need a signed version with the SCCs and UK addendum? Click here.

1. Introduction

This Clearbit Data Processing Addendum ("DPA") amends and is incorporated into the agreement between Clearbit and Customer, and will be applicable to each party's Processing of Personal Data, where such Processing is regulated by Data Protection Laws. Except for the changes made by this DPA, the agreement remains unchanged and in full force and effect. In the event of a conflict between this DPA and any other portion of the agreement, the provision of this DPA shall control. The parties agree that this DPA shall replace any existing data processing terms the parties may have previously entered into in connection with the Clearbit Services and will be applicable when either party Processes Personal Data where such Processing is regulated by Data Protection Laws. Capitalized terms have the meaning given to them in the agreement, unless otherwise defined below.

2. Definitions

For the purpose of this DPA:

  • "Business Contact Data" means all Personal Data or other materials provided or collected by you in connection with the Clearbit Services.
  • "Business Contact Data Business Purposes" means the improvement, development (including through the use of techniques such as machine learning), provision, and enhancement of the Clearbit Services.
  • "California Personal Information" means Processor Data that is subject to the protection of the CCPA.
  • "CCPA" means California Civil Code Sec. 1798.100 et seq. (also known as the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020).
  • "Consumer," "Business," "Sell," "Service Provider," and "Share" will have the meanings given to them in the CCPA.
  • "Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
  • "Controller Data" means any Personal Data that either party provides to the other party as separate, independent Controllers in the course of Clearbit providing the Services to Customer, including Product Data and Business Contact Data.
  • "Data Privacy Framework" means the EU-U.S. Data Privacy Framework, the Swiss-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. Data Privacy Framework self-certification programs (as applicable) operated by the U.S. Department of Commerce; as may be amended, superseded or replaced.
  • "Data Privacy Framework Principles" means the Principles and Supplemental Principles contained in the relevant Data Privacy Framework; as may be amended, superseded or replaced.
  • "Data Protection Laws" means all applicable worldwide legislation relating to data protection and privacy which applies to the respective party in the role of Processing Personal Data in question under the agreement, including without limitation European Data Protection Laws, the CCPA, the Telephone Consumer Protection Act, the CAN-SPAM Act of 2003 and other applicable U.S. federal and state privacy laws, in each case as amended, repealed, consolidated or replaced from time to time.
  • "Data Subject" means the individual to whom Personal Data relates.
  • "Europe" means the European Union, the European Economic Area and/or their member states, Switzerland and the United Kingdom.
  • "European Data" means Personal Data that is subject to the protection of European Data Protection Laws.
  • "European Data Protection Laws" means data protection laws applicable in Europe, including: (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) ("GDPR"); (ii) Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector (“ePrivacy Directive”); and (iii) applicable national implementations of (i) and (ii); (iii) GDPR as it forms parts of the United Kingdom domestic law by virtue of Section 3 of the European Union (Withdrawal) Act 2018 ("UK GDPR"); and (iv) Swiss Federal Data Protection Act and its Ordinance ("Swiss DPA"); in each case, as may be amended, superseded or replaced.
  • "Instructions" means the written, documented instructions issued by a Controller to a Processor, and directing the same to perform a specific or general action with regard to Personal Data (including, but not limited to, depersonalizing, blocking, deletion and making available).
  • "Permitted Affiliates" means any of your Affiliates that (i) are permitted to use the Clearbit Services pursuant to the agreement but have not entered their own separate agreement with us, (ii) qualify as a Controller of Personal Data Processed by us, and (iii) are subject to European Data Protection Laws.
  • "Personal Data" means any information relating to an identified or identifiable individual where such information is protected as personal data, personal information, or personally identifiable information under applicable Data Protection Laws.
  • "Personal Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Processor Data transmitted, stored or otherwise Processed by us and/or our Sub-Processors in connection with the provision of the Clearbit Services. "Personal Data Breach" will not include unsuccessful attempts or activities that do not compromise the security of Processor Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems.
  • "Processing" means any operation or set of operations which is performed on Personal Data, encompassing the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction or erasure of Personal Data. The terms “Process”, “Processes” and “Processed” will be construed accordingly.
  • "Processor" means a natural or legal person, public authority, agency or other body which Processes Personal Data on behalf of the Controller.
  • "Processor Data" means any Personal Data provided or otherwise made available by Customer or on Customer's behalf to Clearbit in its capacity as a Processor in connection providing the Services to Customer.
  • "Standard Contractual Clauses" means the standard contractual clauses annexed to the European Commission’s Decision (EU) 2021/914 of 4 June 2021 currently found at https://eur-lex.europa.eu/eli/dec_impl/2021/914, as may be amended, superseded or replaced.
  • "Sub-Processor" means any Processor engaged by us or our Affiliates to assist in fulfilling our obligations with respect to the Processing of Processor Data under the agreement. Sub-Processors may include third parties or our Affiliates but will exclude any Clearbit employee or consultant.
  • "UK Addendum" means the International Data Transfer Addendum issued by the UK Information Commissioner under section 119A(1) of the Data Protection Act 2018 currently found at https://ico.org.uk/media/for-organisations/documents/4019539/international-data-transfer-addendum.pdf, as may be amended, superseded or replaced.

3. Roles of the parties

3.1. The parties acknowledge and agree that: a. with respect to the Processing of Controller Data, each of the parties are separate, independent Controllers and will comply with their respective obligations under Data Protection Laws when Processing Controller Data; and b. with respect to the Processing of Processor Data, Customer is the Controller and Clearbit is a Processor acting on behalf of Customer.

3.2. For clarity, nothing in the agreement or this DPA shall restrict Clearbit in any way from its ability to access, use, share, or store Personal Data that Clearbit would otherwise Process independently of Customer's use of the Clearbit Services.

4. Data Processing

4.1. The categories of Data Subjects affected by the Processing of Personal Data within scope of this DPA will be business contacts or prospects of Customer and visitors to Customer's websites or digital properties. The types of Personal Data affected by the Processing within the scope of this DPA will include business contact information (which may include name, work email address, title and work phone number) and electronic activity data (which may include IP address, cookie identifiers, other online identifiers and website activity data) of Data Subjects. The Personal Data transferred will be subject to the following basic processing activities: to provide the Clearbit Services and to facilitate the Customer’s Permitted Uses of the Clearbit Services and Clearbit’s Business Contact Data Business Purposes.

5. Customer Responsibilities

5.1. You will be responsible for complying with all requirements that apply to you under applicable Data Protection Laws with respect to your Processing of Personal Data and the Instructions you issue to us. In particular but without prejudice to the generality of the foregoing, you acknowledge and agree that you will be solely responsible for: (i) the accuracy, quality, and legality of Personal Data that you provide to us and the means by which you acquired such Personal Data; (ii) complying with all necessary transparency and lawfulness requirements under applicable Data Protection Laws for the collection and use of such Personal Data, including obtaining any necessary consents and authorizations; (iii) ensuring you have the right to transfer, or provide access to, such Personal Data to us for Processing in accordance with the agreement (including this DPA); and (iv) ensuring that your Instructions to us regarding the Processing of Processor Data comply with applicable laws, including Data Protection Laws. You will inform us without undue delay if you are not able to comply with your responsibilities under this Section or Data Protection Laws.

6. Product Data

6.1. Each party acknowledges and agrees that: (a) Product Data is made available to Customer solely for the limited and specified purpose(s) of enhancing business contact data for Customer's sales and marketing purposes; (b) with regards to its Processing of Product Data, Customer shall comply with and provide the same level of privacy protection as is required by the CCPA; (c) Clearbit shall have the right, upon reasonable notice, to take reasonable and appropriate steps to (1) ensure that Customer uses Product Data in a manner consistent with Clearbit's obligations under Data Protection Laws and (2) stop and remediate unauthorized uses of Product Data; (d) if requested by Clearbit, Customer shall attest that it Processes Product Data in compliance with Data Protection Laws; and (e) Customer shall notify Clearbit promptly if Customer determines it can no longer meet its obligations under Data Protection Laws.

7. Business Contact Data

7.1. Each party further acknowledges and agrees that Business Contact Data may be made available by Customer to Clearbit for the Business Contact Data Business Purposes. Customer makes Business Contact Data available for Clearbit’s Business Contact Data Business Purposes, and Clearbit shall Process Business Contact Data for the Business Contact Data Business Purposes. For clarity, Clearbit may receive the same Business Contact Data from multiple customers or through Clearbit's own data collection methods ("Duplicate Business Contact Data''), and Clearbit is not restricted in any way under the agreement from its access, use, sharing or storage of such Duplicate Business Contact Data.

8. Cooperation

8.1. If either party receives any complaint, notice or communication from a supervisory authority or other governmental authority which relates to the other party's: (a) Processing of the Personal Data; or (b) potential failure to comply with Data Protection Laws with respect to the Processing of Personal Data, that party shall direct the supervisory authority or governmental authority to the other party and, in the case of intertwined obligations, claims, or Personal Data at issue, shall provide reasonable assistance to the other party in responding to the supervisory authority or governmental authority.

9. International Transfers

9.1. Data Transfers: You acknowledge and agree that we may access and Process Personal Data on a global basis as necessary to provide the Clearbit Services in accordance with the agreement, and in particular that Personal Data may be transferred to and Processed by Clearbit in the United States and to other jurisdictions where Clearbit Affiliates and Sub-Processors have operations. Wherever Personal Data is transferred outside its country of origin, each party will ensure such transfers are made in compliance with the requirements of Data Protection Laws.

9.2. Cross-Border Data Transfers: With respect to transfers of European Data from one party to the other party in any country not recognized as providing an adequate level of protection for Personal Data (within the meaning of applicable European Data Protection Laws), the Standard Contractual Clauses will be incorporated by reference and form part of the agreement as follows: 9.2.1. (i) Module 1 applies to the transfer of Controller Data between the parties as Controllers, Module 2 applies to the transfer of Processor Data from Customer to Clearbit and Module 3 applies to the transfer of Processor Data to the extent the Customer is a Processor of European Data; (ii) in Clause 7, the optional docking clause applies; (iii) in Clause 9, Option 2 applies and changes to Sub-Processors will be notified in accordance with the ‘Sub-Processors’ section of this DPA; (iv) in Clause 11, the optional language is deleted; (v) in Clauses 17 and 18, the parties agree that the governing law and forum for disputes for the Standard Contractual Clauses will be the Republic of Ireland; (vi) the Annexes of the Standard Contractual Clauses will be deemed completed with the information set out in the Schedules of this DPA; (vii) the supervisory authority that will act as competent supervisory authority will be determined in accordance with GDPR; and (viii) if and to the extent the Standard Contractual Clauses conflict with any provision of this DPA, the Standard Contractual Clauses will prevail to the extent of such conflict.

9.2.2. In relation to European Data that is subject to the UK GDPR, the Standard Contractual Clauses will apply in accordance with sub-section (a) and the following modifications: (i) the Standard Contractual Clauses will be modified and interpreted in accordance with the UK Addendum, which will be incorporated by reference and form an integral part of the agreement; (ii) Tables 1, 2 and 3 of the UK Addendum will be deemed completed with the information set out in the Schedules of this DPA and Table 4 will be deemed completed by selecting “neither party;” and (iii) any conflict between the terms of the Standard Contractual Clauses and the UK Addendum will be resolved in accordance with Section 10 and Section 11 of the UK Addendum.

9.2.3. In relation to European Data that is subject to the Swiss DPA, the Standard Contractual Clauses will apply in accordance with sub-section (a) and the following modifications: (i) references to "Regulation (EU) 2016/679" will be interpreted as references to the Swiss DPA; (ii) references to "EU," "Union" and "Member State law" will be interpreted as references to Swiss law; and (iii) references to the "competent supervisory authority" and "competent courts" will be replaced with the "the Swiss Federal Data Protection and Information Commissioner" and the "relevant courts in Switzerland."

9.2.4. In the event that Clearbit certifies to the Data Privacy Framework for European Data, Clearbit will rely on the Data Privacy Framework (instead of the Standard Contractual Clauses) to lawfully receive European Data in the United States, and Clearbit will ensure that it provides at least the same level of protection to such European Data as is required by the Data Privacy Framework Principles and notify Customer know if it is unable to comply with this requirement.

10. Processor Data

10.1. Compliance with Instructions: We will only Process Processor Data for the purposes described in this DPA or as otherwise agreed within the scope of your lawful Instructions, except where and to the extent otherwise required by applicable law. We are not responsible for compliance with any Data Protection Laws applicable to you or your industry that are not generally applicable to us. If we believe that your Instruction infringes Data Protection Laws (where applicable), we will inform you without delay. Customer shall have the right, upon notice, to take reasonable and appropriate steps to (i) ensure that Clearbit uses Processor Data in a manner consistent with Customer's obligations under Data Protection Laws, or (ii) stop and remediate unauthorized Processing of Processor Data.

10.2. Conflict of Laws: If we become aware that we cannot Process Processor Data in accordance with your Instructions due to a legal requirement under any applicable law, we will (i) promptly notify you of that legal requirement to the extent permitted by the applicable law; and (ii) where necessary, cease all Processing (other than merely storing and maintaining the security of the affected Processor Data) until such time as you issue new Instructions with which we are able to comply. If this provision is invoked, we will not be liable to you under the agreement for any failure to perform the applicable Clearbit Services until such time as you issue new lawful Instructions with regard to the Processing.

10.3. Controller Instructions: The parties agree that the agreement (including this DPA), together with your use of the Clearbit Services in accordance with the agreement, constitute your complete Instructions to us in relation to the Processing of Processor Data, so long as you may provide additional instructions during the term of the Subscription that are consistent with the agreement and the nature and lawful use of the Clearbit Services.

10.4. Confidentiality: We will ensure that any personnel whom we authorize to Process Processor Data on our behalf is subject to appropriate confidentiality obligations (whether a contractual or statutory duty) with respect to that Processor Data.

10.5. Technical and Organizational Measures: Clearbit shall implement and maintain appropriate technical and organizational measures to provide a level of security appropriate to the risk for the Processing of Processor Data, as described in Schedule 1 to Addendum A of this DPA. Clearbit shall regularly test, assess, and evaluate the effectiveness of such technical and organizational measures for ensuring the security of the Processing.

10.6. Personal Data Breach: We will notify you without undue delay after we become aware of any Personal Data Breach and will provide timely information relating to the Personal Data Breach as it becomes known or reasonably requested by you. At your request, we will promptly provide you with such reasonable assistance as necessary to enable you to notify relevant Personal Data Breaches to competent authorities and/or affected Data Subjects, if you are required to do so under Data Protection Laws.

10.7. Sub-Processors: Where Clearbit engages Sub-Processors, Clearbit agrees to (i) enter into a written agreement with Sub-Processors that imposes on Sub-Processors data protection and security requirements for Processor Data that comply with Data Protection Laws and provide at least the same level of protection for Processor Data as those in this DPA; and (ii) remain responsible to Customer for Sub-Processors’ compliance with the obligations of this DPA and for any acts or omissions of Sub-Processors that cause Clearbit to breach any of its obligations under this DPA.

10.8. Sub-Processors List: Customer authorizes Clearbit to engage Sub-Processors to Process Processor Data on behalf of Customer, as listed at https://clearbit.com/subprocessors. If Clearbit engages any additional or replacement Sub-Processors, Clearbit will give Customer notice at least 30 calendar days in advance of providing that Sub-Processor with access to Processor Data. If Customer does not provide timely objection to a new Sub-Processor, Customer will be deemed to have authorized Clearbit’s use of the new Sub-Processor and waived its right to object. If Customer provides timely objection to a new Sub-processor, the parties will discuss Customer's concerns in good faith with a view to achieving a commercially reasonable resolution. If no such resolution can be reached, Clearbit will, at its sole discretion, either not appoint the new Sub-Processor, or permit Customer to suspend or terminate the affected Service in accordance with the termination provisions of the Agreement without liability to either party (but without prejudice to any fees incurred by Customer prior to suspension or termination).

10.9. Audits: Upon request, Clearbit will make available to Customer all reasonable information necessary, and allow for and contribute to audits, including inspections, conducted by Customer, or another auditor who is not a competitor and agreed to in advance by Clearbit, to demonstrate compliance with this DPA. Such audits or inspections shall be limited to Clearbit’s Processing of Processor Data in its capacity as a Processor only, not any other aspect of Clearbit’s business or information systems. If Customer requires Clearbit to submit to audits or inspections that are necessary to demonstrate compliance with this DPA, Customer will provide Clearbit with written notice at least sixty (60) days in advance of such audit or inspection. Such written notice will specify the people, places, or documents to be made available. Any information produced by Clearbit in response to an audit request will be considered Clearbit’s Confidential Information and, notwithstanding anything to the contrary in the Agreement, will remain Confidential Information. Customer will make every effort to cooperate with Clearbit to schedule audits or inspections at times that are convenient to Clearbit during usual business hours and without disturbance to Clearbit’s operations and personnel. Customer shall be solely responsible for all costs incurred in relation to audits or inspections.

10.10. Data Subject Requests: Clearbit agrees to comply with all reasonable instructions from Customer related to any requests from individuals exercising their rights in Personal Data granted to them under Data Protection Laws (“Privacy Request”). At Customer’s request and without undue delay, Clearbit agrees to reasonably assist Customer in answering or complying with any Privacy Request.

10.11. Cooperation: Clearbit will cooperate to the extent legally required in connection with Customer's obligation to conduct data protection impact assessments and engage in consultations with supervisory authorities regarding its Processing of Processor Data. If a supervisory authority corresponds with Clearbit regarding its Processing of Processor Data under the agreement, Clearbit will promptly notify Customer and cooperate to the extent reasonably necessary for Customer to respond to the supervisory authority’s request. Customer will bear the costs that Clearbit incurs when fulfilling such obligations.

10.12. Return and Deletion of Processor Data: Processor Data (including any copies) shall not be kept longer than is required to provide the Clearbit Services under the agreement, unless (i) a longer retention period is required to comply with applicable laws, including for audit, legal, financial, or regulatory purposes; or (ii) Customer instructs Clearbit in writing to (a) keep certain Processor Data longer, or (b) return certain Processor Data earlier.

10.13. Additional Provisions for California Personal Information: This Section of the DPA will apply only with respect to California Personal Information. 10.13.1. Roles of the Parties: When processing California Personal Information in accordance with your Instructions, the parties acknowledge and agree that you are a Business and we are a Service Provider for the purposes of the CCPA. 10.13.2. Responsibilities: We certify that we will Process California Personal Information as a Service Provider strictly for the purpose of performing the Clearbit Services under the agreement (the "Business Purpose") or as otherwise permitted by the CCPA. Further, we certify we (i) will not Sell or Share California Personal Information; (ii) will not Process California Personal Information outside the direct business relationship between the parties, unless required by applicable law; and (iii) will not combine the California Personal Information included in Customer Data with personal information that we collect or receive from another source (other than information we receive from another source in connection with our obligations as a Service Provider under the agreement).
10.13.3. CCPA Compliance: We will (i) comply with obligations applicable to us as a Service Provider under the CCPA and (ii) provide California Personal Information with the same level of privacy protection as is required by the CCPA. Customer shall have the right, upon notice, to take reasonable and appropriate steps to (i) ensure that Clearbit uses California Personal Information in a manner consistent with Customer's obligations under the CCPA, or (ii) stop and remediate unauthorized Processing of California Personal Information. We will notify you if we make a determination that we can no longer meet our obligations as a Service Provider under the CCPA. 10.13.4. CCPA Audits: You will have the right to take reasonable and appropriate steps to help ensure that we use California Personal Information in a manner consistent with Customer’s obligations under the CCPA. Upon notice, you will have the right to take reasonable and appropriate steps in accordance with the agreement to stop and remediate unauthorized use of California Personal Information. 10.13.5. Not a Sale: The parties acknowledge and agree that the disclosure of California Personal Information by the Customer to Clearbit does not form part of any monetary or other valuable consideration exchanged between the parties.

11. General Provisions

11.1. Amendments: Notwithstanding anything else to the contrary in the Agreement, we reserve the right to make any updates and changes to this DPA.

11.2. Severability: If any individual provisions of this DPA are determined to be invalid or unenforceable, the validity and enforceability of the other provisions of this DPA will not be affected.

11.3. Limitation of Liability: Each party and each of their Affiliates' liability, taken in aggregate, arising out of or related to this DPA (including any other DPAs between the parties) and the Standard Contractual Clauses, where applicable, whether in contract, tort or under any other theory of liability, will be subject to the limitations and exclusions of liability set out in the 'Limitations of Liability' section of the agreement and any reference in such section to the liability of a party means aggregate liability of that party and all of its Affiliates under the agreement (including this DPA).

11.4. Permitted Affiliates: By entering the agreement, you agree to this DPA (including, where applicable, the Standard Contractual Clauses) on behalf of yourself and in the name and on behalf of your Permitted Affiliates. For the purposes of this DPA only, and except where indicated otherwise, the terms “Customer,” “you” and “your” will include you and such Permitted Affiliates.

11.5. Authorization: The legal entity agreeing to this DPA as Customer represents that it is authorized to agree to and enter into this DPA for and on behalf of itself and, as applicable, each of its Permitted Affiliates.

11.6. Remedies: The parties agree that (i) solely the Customer entity that has entered the agreement will exercise any right or seek any remedy any Permitted Affiliate may have under this DPA on behalf of its Affiliates, and (ii) the Customer entity that has entered the agreement will exercise any such rights under this DPA not separately for each Permitted Affiliate individually but in a combined manner for itself and all of its Permitted Affiliates together. The Customer entity that has entered the agreement is responsible for coordinating all Instructions, authorizations and communications with us under the DPA and will be entitled to make and receive any communications related to this DPA on behalf of its Permitted Affiliates.

Schedule 1 to Addendum A

TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES

Clearbit reserves the right to update its security program from time to time; provided, however, any update will not materially reduce the overall protections set forth in this Schedule.

1. Compliance Clearbit will comply with all applicable state and federal data security regulations and shall abide by all required security controls as stated herein, based upon the nature of the Services provided, the data involved and/or the location where such Services are rendered.

2. Security Certification Clearbit holds the following security-related certifications from independent third-party auditors: SOC 2 Type II.

3. Information Security Program Clearbit maintains a formal information security program that is supported by written information security policies, approved by management, published, and communicated to staff. The information security program is based on a recognized security framework designed to protect the confidentiality and integrity of data, and appropriate to the nature, scope, context and purposes of processing and the risks involved in the processing for the data subjects.

4. Organization of Information Security Clearbit will delegate an accountable party for information security intended to provide oversight and approval for security and compliance initiatives and planning through various actions. The delegate(s) will be required to review, recommend edits or changes, and accept internal information security policy and processes.

5. Access Control Clearbit shall have in place formal processes and procedures to support the secure creation, amendment, and deletion of user accounts of personnel, consultants, and subcontractors, as well as systems and software, which contain, or otherwise have access to European Data. Furthermore, Clearbit takes it upon itself to carry out the following measures:

  • Monitor redundant and inactive accounts
  • Ensure that all user accounts privileges are allocated on “a-need-to-use-basis”
  • Ensure that access control mechanisms based on reasonably secure passwords are enforced
  • Ensure, where possible, Clearbit’s internal system access authentication is using two-factor authentication

6. Data Center Architecture and Security Data centers must be designed and managed in compliance with regulations, standards, and best practices, such as SOC 2, PCI DSS Level 1, ISO 27001, CSA and FIPS 140-2. The data center must implement physical and environmental controls designed to secure the facility and protect equipment from damage. Clearbit must exercise regular oversight of the data center supplier’s ability to meet these controls by reviewing current independent third-party reports of compliance and/or industry standard certifications.

7. Network Architecture and Security Clearbit networks must span multiple availability zones that are physically separated and isolated, connected through low-latency, high-throughput, and highly redundant networking. Networks or applications that contain Customer data must be separated from public networks by a firewall to prevent unauthorized access from the public network.

8. Availability and Continuity

a. Service Availability. Clearbit employs service clustering and network redundancies to eliminate single points of failure. Clearbit maintains a publicly available system-status webpage, which includes system availability details, scheduled maintenance, and service incident history, found at: https://clearbit.statuspage.io/.

b. Backups. European Data is backed up daily using policy-based scheduling.

c. Disaster Recovery and Business Continuity. Clearbit has a disaster recovery plan that outlines roles and responsibilities for key personnel involved in business continuity, our plan to activate and respond to a disaster, target timelines and testing requirements.

9. Information Security Incident Management Clearbit will have a documented incident response plan that is approved by management. The key components must include:

  • Classify the severity of the incident using an initial analysis
  • Limit the immediate impact of the incident
  • Take corrective action to contain the impact
  • Investigate and collect evidence
  • Inform the relevant authorities (where applicable)
  • Inform impacted customers

10. Software Development Clearbit shall have appropriate governance processes in place to supervise and monitor software development (e.g., implement an SDLC) and ensure information security requirements are included in the requirements for new information systems or enhancements to existing information systems.

11. Security Testing At least quarterly vulnerability scanning will be performed against all public-facing applications. At least annually, Clearbit will engage a third-party security expert to perform a penetration test. Critical and high-risk vulnerabilities identified during the scanning will be promptly remediated.

12. Personnel Security Clearbit performs pre-employment background checks of all personnel with exposure to Customer data, in accordance with applicable local laws. These personnel must receive security training upon hire and at least annually thereafter. Personnel must be bound by written confidentiality agreements.

13. Encryption Controls Clearbit implements reasonable measures to ensure data cannot be read, copied, modified, or removed without authorization during electronic transmission or transport. Data is encrypted in transit over public networks via industry standard HTTPS/TLS (TLS 1.2 or higher). Data at rest is encrypted in storage in databases, storage buckets and backup files using AES-256-bit encryption.

14. Additional Technical and Organizational Security Measures

a. Measures of encryption of personal data

Clearbit has taken the following measures in the Clearbit Services designed to convert clearly legible European Data into ciphertext by means of a cryptographic process:

  1. European Data transmitted via TLS can be encrypted with TLS 1.2 or stronger protocol.
  2. European Data at rest is encrypted by default using AES256 or a stronger alternative.
b. Measures for ensuring ongoing confidentiality, integrity, availability, and resilience of processing systems and services
  1. Clearbit has taken the following measures designed to ensure that European Data is accessed only by authorized personnel and prevents the intrusion by unauthorized persons into Clearbit’s systems and applications used for the processing of European Data:
  • Two-factor or two-step authentication is required.
  • All European Data is subject to the encryption measures identified above.
  • Development and test environments are logically separated from production environments by design.
  • Clearbit maintains administrative controls which govern access under the principle of least privilege.
  • Privileged access is not granted by default.
  1. Clearbit has taken the following measures designed to ensure that European Data cannot be read, copied, modified, or removed without authorization during electronic transmission or transport, and that it is possible to check and establish whether and by whom European Data has been input into data processing systems, modified, or removed:
  • All European Data is subject to the encryption measures identified above.
  • Clearbit must maintain tools in place for audit trails, event notifications, and logs for application and cloud systems.
  1. Clearbit has taken the following measures designed to ensure that European Data is protected from accidental destruction or loss due to internal or external influences, and ensure the ability to withstand attacks or to quickly restore systems to working order after an attack:
  • Alerting is set up for specified thresholds and a team with experienced personnel monitors system availability and overall health.
  • High availability infrastructure is used as appropriate to increase availability.
  • Clearbit ensures routine backups are taken of European Data.
c. Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident:

Clearbit has taken the following measures designed to ensure the possibility to quickly restore the Clearbit system or European Data in the event of a physical or technical incident:

  • Clearbit maintains an incident response plan that it updates from time to time as needed. The incident response plan includes procedures for handling and reporting incidents including detection and reaction to possible Security Incidents.
  • Capacity management measures are taken to monitor resource consumption of systems as well as plan future resource requirements.
d. Processes for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures to ensure the security of the processing

Clearbit has taken the following measures designed to ensure the regular review and assessment of security measures:

  • Clearbit conducts regular penetration testing and vulnerability scanning of the Services.
  • Clearbit must maintain a channel to allow security researchers to report identified security vulnerabilities in the Services.
e. Measures for user identification and authorization

Clearbit has taken the following measures designed to validate and authenticate users:

  • Clearbit maintains administrative controls which govern access under the principle of least privilege.
  • Access to non-public data or functionality requires authentication prior to access.
  • Two-factor or two-step authentication is required.
f. Measures for the protection of data during transmission

Clearbit has taken the following measures designed to ensure transmission control to ensure that European Data cannot be read, copied, changed, or deleted without authorization during its transfer and that European Data can be monitored and determined to which recipients a transfer of European Data is intended:

  • European Data is encrypted in transit as described above.
g. Measures for the protection of data during storage

Clearbit has taken the following control measures designed to ensure that European Data cannot be read, copied, changed, or deleted without authorization while stored on data media:

  • European Data is encrypted at rest as described above.
  • Two-factor or two-step authentication is required.
h. Measures for ensuring physical security of locations at which personal data are processed

Clearbit has taken the following measures regarding the physical security of European Data:

  • Physical access within data processing facilities is controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means.
i. Measures for ensuring events logging

Clearbit has taken the following measures designed to ensure the verifiability of event log files:

  • Clearbit records application and system logs to collect information, exception errors, information security events, and privileged access events.
  • Clearbit maintains administrative controls which govern access under the principle of least privilege.
j. Measures for ensuring system configuration, including default configuration

Clearbit has taken the following measures designed to ensure that all in-scope systems and devices are compliant with baseline configuration settings:

  • Clearbit ensures that access to information and application system functions is restricted to authorized personnel only.
k. Measures for internal IT and IT security governance and management

Clearbit has a dedicated and identified person to oversee its information security and compliance program. Clearbit is annually audited by an independent third-party against an industry standard (e.g., SOC 2 Type II, ISO 27001, etc.).

l. Measures for certification/assurance of processes and products

Clearbit is annually audited by an independent third-party against an industry standard (e.g., SOC 2 Type II, ISO 27001, etc.).

m. Measures for ensuring data minimization

Clearbit has taken the following measures designed to reduce the amount of data collected by the Service:

  • Clearbit will implement capabilities for the Customer to customize which data is collected by the Service, where practical.
n. Measures for ensuring data quality

Clearbit has taken the following measures designed to ensure that the data flow creates and sustains good data quality:

  • Clearbit has established processes for data subjects to exercise their data protection rights (right to amend and update information).
  • Clearbit’s documentation clearly states the types of data Customer is prohibited from transferring to Clearbit.
o. Measures for ensuring limited data retention

Clearbit has established processes designed to ensure that European Data is deleted in accordance with the terms of the agreement following the termination of the agreement.

p. Measures for ensuring accountability

Clearbit has an appointed Data Protection Officer or another similar role who is responsible for overseeing Clearbit’s compliance with its legal and contractual privacy-related obligations throughout the data lifecycle.

q. Measures for allowing data portability and ensuring erasure

Clearbit has established processes in relation to the exercise by users of their privacy rights (including without limitation, rights of data portability and erasure).

Schedule 2 to Addendum A
STANDARD CONTRACTUAL CLAUSES - INTRODUCTION & SUPPLEMENTAL TERMS

ANNEX I

DETAILS OF PROCESSING

Exhibit 1A (Processor Modules)

A. LIST OF PARTIES

MODULE TWO: Transfer controller to processor

MODULE THREE: Transfer processor to processor

Data exporter: Customer

  • Name: As set forth in the Customer's Clearbit Account (on behalf of itself and Permitted Affiliates)
  • Address: As set forth in the Customer's Clearbit Account
  • Contact person’s name, position and contact details, including email: As set forth in the Customer's Clearbit Account
  • Activities relevant to the data transferred under these Clauses: Processing of Processor Data in connection with Customer's use of the Clearbit Services under the agreement.
  • Signature and date: Customer is deemed to have signed this Annex I by accepting the agreement.
  • Role (controller/processor): Controller (either as the Controller; or acting in the capacity of a Controller, as a Processor, on behalf of another Controller)

Data importer: Clearbit

  • Name: APIHub, Inc. dba Clearbit
  • Address: 548 Market St #95879 San Francisco, CA 94104-5401
  • Contact details: privacy@clearbit.com
  • Activities relevant to the data transferred under these Clauses: Processing of Processor Data in connection with Customer's use of the Clearbit Services under the agreement.
  • Role (controller/processor): Processor

B. DESCRIPTION OF TRANSFER

MODULE TWO: Transfer controller to processor

MODULE THREE: Transfer processor to processor

  • Categories of data subjects whose personal data is transferred: Individuals located in Europe and associated or potentially associated with business organizations.
  • Categories of personal data transferred: Business contact information including, but not limited to, first and/or last name, business address, business email address, business phone number, employer, business role, professional title, and other similar information.
  • Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialized training), keeping a record of access to the data, restrictions for onward transfers or additional security measures: No sensitive data transferred.
  • The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis): Continuous.
  • Nature of the processing: The nature of the processing includes but is not limited to collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data, whether or not by automated means.
  • Purpose(s) of the data transfer and further processing: To provide Clearbit Services pursuant to the agreement, as further specified in the Order and as further instructed by Customer.
  • The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period: For the duration of the Subscription Term of the agreement, unless (i) a longer retention period is required for audit, legal or regulatory purposes.
  • For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing: For the duration of the agreement or as otherwise agreed upon in writing or required by applicable law.

C. COMPETENT SUPERVISORY AUTHORITY

MODULE TWO: Transfer controller to processor

MODULE THREE: Transfer processor to processor

For purposes of Clause 13, Customer agrees the competent supervisory authority will be the Data Protection Commission (DPC) of Ireland.

Exhibit 1B (Controller Module)

A. LIST OF PARTIES

MODULE ONE: Transfer controller to controller

Data importer/exporter: Customer

  • Name: As set forth in the Customer's Clearbit Account (on behalf of itself and Permitted Affiliates)
  • Address: As set forth in the Customer's Clearbit Account
  • Contact person’s name, position and contact details, including email: As set forth in the Customer's Clearbit Account
  • Activities relevant to the data transferred under these Clauses: Processing in connection with the receipt of the Clearbit Services provided by the data importer.
  • Signature and date: Customer is deemed to have signed this Annex I by accepting the agreement.
  • Role (controller/processor): controller

Data importer/exporter: Clearbit

  • Name: APIHub, Inc. dba Clearbit
  • Address: 548 Market St #95879 San Francisco, CA 94104-5401
  • Contact details: privacy@clearbit.com
  • Activities relevant to the data transferred under these Clauses: Processing in connection with the receipt of the Clearbit Services provided by the data importer.
  • Role (controller/processor): controller

B. DESCRIPTION OF TRANSFER

MODULE ONE: Transfer controller to controller

  • Categories of data subjects whose personal data is transferred: Individuals located in Europe and associated or potentially associated with business organizations.
  • Categories of personal data transferred: Business contact information including, but not limited to, first and/or last name, business address, business email address, business phone number, employer, business role, professional title, and other similar information.
  • Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialized training), keeping a record of access to the data, restrictions for onward transfers or additional security measures: No sensitive data transferred. -The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis): Continuous.
  • Nature of the processing: The nature of the processing includes, but is not limited to, collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data, whether or not by automated means.
  • Purpose(s) of the data transfer and further processing: The provision of the Clearbit Services contemplated in the agreement, including the Customer’s Permitted Uses of the Clearbit Services, and for Clearbit’s Business Contact Data Business Purposes.
  • The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period: For the duration of the Subscription Term of the agreement, unless a longer retention period is required for audit, legal or regulatory purposes.
  • For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing: For the duration of the agreement or as otherwise agreed upon in writing or required by applicable law.

C. COMPETENT SUPERVISORY AUTHORITY

MODULE ONE: Controller to Controller

For purposes of Clause 13, Customer agrees the competent supervisory authority will be the Data Protection Commission (DPC) of Ireland.

ANNEX II

TECHNICAL AND ORGANIZATIONAL MEASURES INCLUDING TECHNICAL AND ORGANIZATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA

MODULE ONE: Transfer controller to controller

MODULE TWO: Transfer controller to processor

MODULE THREE: Transfer processor to processor

Description of the technical and organizational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons. The description of technical and organizational measures designed to ensure the security of Processor Data is set out in Schedule 1 to Addendum A.

For transfers to (sub-) processors, also describe the specific technical and organizational measures to be taken by the (sub-) processor to be able to provide assistance to the controller and, for transfers from a processor to a sub-processor, to the data exporter. The description of technical and organizational measures designed to ensure the security of Processor Data is set out in Schedule 1 to Addendum A.