Soluciones

Acerca de

Carreras

Blog

Trabajadores

Programar demo

Iniciar sesión

Español

Soluciones

Más

Acerca de

Programar demo

Iniciar sesión

Español

Soluciones

Más

Español
Español

U.S. PRIVACY LAW DATA PROCESSING ADDENDUM

Última actualización:

28 ene 2025

Capitalized terms used but not defined in this U.S. Privacy Law Data Processing Addendum (“U.S. DPA”) will have the meanings given to them by the Agreement. In the event of a conflict between this U.S. DPA and the Terms and Conditions of Service Agreement (“Agreement”) with respect to the subject matter of this U.S. DPA, this U.S. DPA will prevail to the extent of such conflict. 

  1. Definitions. For the purposes of this U.S. DPA-- 

    1. Consumer” means a natural person. Where applicable, Consumer shall be interpreted consistent with the same or similar term under U.S. Privacy Laws.

    2. Controller” means a person or entity that collects individuals’ Personal Information and alone, or jointly with others, determines the purposes and means of the Processing of such Personal Information. Where applicable, Controller shall be interpreted consistent with the same or similar term under U.S. Privacy Laws.

    3. Customer Personal Information” means Customer Data that constitutes Personal Information subject to U.S. Privacy Laws.

    4. Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with an identified or identifiable natural person. Where applicable, Personal Information shall be interpreted consistent with the same or similar term under U.S. Privacy Laws.

    5. Process,” means any operation or set of operations that are performed on Personal Information or on sets of Personal Information, whether or not by automated means. Where applicable, “Processing,” “Process,” and “Processed” shall be interpreted consistent with the same or similar term under the U.S. Privacy Laws.

    6. Processor” means “Processor,” “Service Provider,” or “Contractor” as those terms are defined in U.S. Privacy Laws.

    7. Sale” and “Selling” have the meaning defined in U.S. Privacy Laws.

    8. Share,” has the meaning defined in the CCPA.

    9. U.S. Privacy Laws” means, collectively, all U.S. federal and state privacy laws and their implementing regulations, as amended or superseded from time to time, that apply generally to the processing of individuals' Personal Information and that do not apply solely to specific industry sectors (e.g., financial institutions), specific demographics (e.g., children), or specific classes of information (e.g., health or biometric information), in each case where applicable to the Processing of Customer Personal Information by Seso pursuant to the Agreement. U.S. Privacy Laws may include, but are not limited to, the following:

      1. California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (“CCPA”);

      2. Colorado Privacy Act;

      3. Connecticut Personal Data Privacy and Online Monitoring Act;

      4. Delaware Personal Data Privacy Act;

      5. Indiana Consumer Data Protection Act;

      6. Iowa Consumer Data Protection Act;

      7. Montana Consumer Data Privacy Act;

      8. Nevada Consumer Health Data Privacy Act (Senate Bill 370, 82nd Session, 2023);

      9. Oregon Consumer Privacy Act;

      10. Tennessee Information Privacy Act;

      11. Texas Data Privacy and Security Act;

      12. Utah Consumer Privacy Act; and

      13. Virginia Consumer Data Protection Act.

    10. In the event of a conflict in the meanings of defined terms in U.S. Privacy Laws, the meaning from the law applicable to the state of residence of the relevant Consumer applies.

  2. Scope, Roles, and Termination.

    1. Applicability - This U.S. DPA applies only to Seso’s Processing of Customer Personal Information for the nature, purposes, and duration set forth in Appendix A.

    2. Roles of the Parties - For the purposes of the Agreement and this U.S. DPA, Customer is the Controller with respect to Customer Personal Information and appoints Seso as a Processor to Process Customer Personal Information on behalf of Customer for the limited and specific purposes set forth in Appendix A.

    3. Obligations at Termination - Upon termination of the Agreement, except as set forth therein or herein, Seso will discontinue Processing and destroy or return Customer Personal Information in its or its subcontractors’ and sub-processors’ possession without undue delay. Seso may retain Customer Personal Information to the extent required by law but only to the extent and for such period as required by such law and always provided that Seso shall take steps to ensure the confidentiality of all such Customer Personal Information. 

  3. Compliance.

    1. Compliance with Obligations – Seso will take steps to ensure that its employees, agents, subcontractors, and sub-processors shall: (a) comply with applicable obligations of U.S. Privacy Laws, (b) provide the level of privacy protection for Customer Personal Information required by applicable U.S. Privacy Laws, and (c) provide Customer with reasonable assistance to enable Customer to fulfill its own obligations under applicable U.S. Privacy Laws. Upon the reasonable request of Customer, Seso shall make available to Customer information in Seso’s possession necessary to demonstrate Seso’s compliance with this subsection.

    2. Compliance Monitoring and Assurance - No more than once per calendar year, Seso will provide to Customer, upon Customer’s written request, information and documentation in Seso’s possession and control necessary to demonstrate Seso’s compliance with its obligations under this U.S. DPA. 

    3. Compliance Remediation – Seso shall notify Customer if it determines that it can no longer meet its obligations under applicable U.S. Privacy Laws. Upon receiving notice from Seso in accordance with this subsection, Customer may direct Seso to take reasonable and appropriate steps to stop and remediate unauthorized use of Customer Personal Information.

    4. Security - The Parties shall implement and maintain no less than commercially reasonable security procedures and practices, appropriate to the nature of the information, designed to protect Customer Personal Information from unauthorized access, destruction, use, modification, or disclosure, which will include, at a minimum, those set forth in the Security Measures.

  4. Restrictions on Processing.

    1. Limitations on Processing – Seso will Process Customer Personal Information as instructed in the Agreement. Except as expressly permitted by U.S. Privacy Laws, Seso is prohibited from (i) Selling or Sharing Customer Personal Information, (ii) retaining, using, or disclosing Customer Personal Information for any purpose other than for the specific purpose of providing the Service specified in Appendix A, (iii) retaining, using, or disclosing Customer Personal Information outside of the direct business relationship between the Parties, and (iv) combining Customer Personal Information with Personal Information obtained from, or on behalf of, sources other than Customer, except as expressly permitted under applicable U.S. Privacy Laws. 

    2. Confidentiality – Seso shall take steps to ensure that its employees, agents, subcontractors, and sub-processors are subject to a duty of confidentiality with respect to Customer Personal Information.

    3. Subcontractors: Sub-processors – Seso shall take steps to notify Customer of any intended changes concerning the addition or replacement of subcontractors or sub-processors. Further, Seso shall take steps to ensure that Seso’s subcontractors or sub-processors who Process Customer Personal Information on Seso’s behalf agree in writing to the same or materially equivalent restrictions and requirements that apply to Seso in this U.S. DPA and the Agreement with respect to Customer Personal Information, as well as to comply with U.S. Privacy Laws. 

    4. Right to Object – Customer may object in writing to Seso’s appointment of a new subcontractor or sub-processor on reasonable grounds by notifying Seso in writing within 30 calendar days of receipt of notice. In the event Customer objects, the Parties shall discuss Customer’s concerns in good faith with a view to achieving a commercially reasonable resolution. 

  5. Consumer Rights.

    1. Seso shall provide commercially reasonable assistance to Customer for the fulfillment of Customer’s obligations to respond to U.S. Privacy Law-related Consumer rights requests regarding Customer Personal Information. 

    2. Where applicable, Customer shall inform Seso of any Consumer request made pursuant to U.S. Privacy Laws with which Seso must comply with. Customer shall provide Seso with the information necessary for Seso to comply with the request.

    3. Seso shall not be required to delete any Customer Personal Information to comply with a Consumer’s request directed by Customer if retaining such information is specifically permitted by applicable U.S. Privacy Laws; provided, however, that in such case, Seso shall not use Customer Personal Information retained for any purpose other than provided for by that exception.

  6. Exemptions.

    1. Notwithstanding any provision to the contrary in the Agreement or this U.S. DPA, the terms of this U.S. DPA shall not apply to Seso’s Processing of Customer Personal Information that is exempt from applicable U.S. Privacy Laws.

  7. Changes to Applicable Privacy Laws.

    1. The Parties agree to cooperate in good faith to enter into additional terms to address any modifications, amendments, or updates to applicable statutes, regulations or other laws pertaining to privacy and information security, including, where applicable, U.S. Privacy Laws.

Appendix A - Processing Details