Matchbook Services, Inc.
Effective Date: December 28, 2022
“You” and “your” refer to you as a user of the Service. If you are entering into these Terms on behalf of a company or other legal entity, you represent and warrant that you have the authority to bind that party to these Terms, and in such event and unless otherwise noted, “you” and “your” will refer and apply to that party. If you or the entity you represent has entered into a separate agreement with us in connection with the Service, then that agreement will control where it conflicts with the terms and conditions of these Terms.
PLEASE READ THESE TERMS CAREFULLY BEFORE USING THE SERVICE. IF YOU DO NOT AGREE TO THESE TERMS, YOU ARE NOT AUTHORIZED TO USE THE SERVICE AND YOU MUST PROMPTLY CEASE USING IT.
By agreeing to these Terms, you expressly agree to the arbitration of all Disputes (as defined below) as further described in this paragraph and in Section 16.2 below. Any controversy, allegation, or claim that arises out of or relates to the Service, these Terms, or any additional terms, whether heretofore or hereafter arising (collectively, a “Dispute”), except for any controversy, allegation, or claim that arises out of or relates to our actual or alleged intellectual property rights (an “Excluded Dispute”), shall be finally resolved by arbitration. The parties agree to arbitrate solely on an individual basis, and that these Terms do not permit class arbitration or any claims brought as a plaintiff or class member in any class or representative arbitration proceeding. The arbitrator or arbitral panel may not consolidate more than one person’s claims, and may not otherwise preside over any form of a representative or class proceeding. In the event the prohibition on class arbitration is deemed invalid or unenforceable, then the remaining portions of the foregoing arbitration provisions will remain in force.
When using the Service on your mobile, laptop, desktop or other device (your “Device”), you acknowledge and agree that you are responsible for (i) maintaining Internet access for your Device and (ii) any Internet connection and telecommunications fees and charges that you incur.
Matchbook is not responsible for the operation of your Device. You are responsible for ensuring the system functions of your Device are in working order when accessing the Service, including, but not limited to screen display operation features of your Device.
Access to the Service may be suspended temporarily and without notice (a) in the event of system failure, (b) for maintenance or repair, (c) where we reasonably suspect there has been a breach of these Terms, (d) for reasons reasonably beyond our control, or (e) as otherwise explained in these Terms.
Subject to the terms and conditions of these Terms, Matchbook hereby grants you a limited, non-exclusive, personal, non-transferrable, non-sublicensable, non-assignable license to access and use the Service (including updates and upgrades that replace or supplement it in any respect and which are not distributed with a separate license, and any documentation) solely for your personal use on a Device that you own or control. We reserve all other rights, which are not granted in these Terms.
You may not access or use the Service in any way that is not expressly permitted by these Terms. You may not: (a) cause, permit or authorize the modification, copy, creation of derivative works, translation, reverse engineering, decompiling, disassembling or hacking of the Service; (b) sell, assign, rent, lease, or grant rights in the Service, including, without limitation, through sublicense, to any other person or entity; or (c) use the Service for any unlawful, prohibited, abnormal or unusual activity as determined by Matchbook in its sole discretion.
We may, but are not obligated to, monitor or review our Service at any time. If we become aware of any possible violations by you of these Terms we reserve the right to investigate such violations, and we may, at our sole discretion, immediately terminate your license to use the Service pursuant to Section 14 below.
You must not use (or permit a third-party to use) the Service: (a) in any unlawful manner, for any unlawful purpose, or to act fraudulently or maliciously, for example, by hacking into or inserting malicious code, including viruses, or harmful data, into the Service or any operating system used by the Service, (b) in a way that could damage, disable, overburden, impair or compromise our systems or security, or interfere with other users, (c) to collect or harvest any information or data from the Service or our systems or attempt to decipher any transmissions to or from the servers running the Service, (d) via use of a robot, spider, or other automated device to monitor or copy the Service or any information provided by the Service, (e) to send, knowingly receive, upload, download, use or re-use any material which does not comply with these Terms, (f) to transmit, or procure the sending of, any unsolicited or unauthorized advertising or promotional material or any other form of similar solicitation (spam), or (g) for any other purpose that is to Matchbook’s detriment or commercial disadvantage. You acknowledge and agree that you are solely responsible, and Matchbook has no responsibility or liability to you or any other person or entity for, any breach by you of these Terms or for the consequences of any such breach.
The Service is intended solely for users who are 18 or older. Any use of the Service by anyone under the age of 18 is unauthorized, unlicensed, and in violation of these Terms.
In order to use aspects of the Service, you must be provisioned with and maintain an active personal user account (“Account”). Accounts may be provisioned by us or by your company administrator. You may be required to log into your Account using credentials assigned to you by your company administrator or through certain third-party authentication platforms (e.g., Auth0, Google OAuth, Microsoft OAuth). Unless otherwise permitted by us in writing, you may have only one Account. You must ensure information associated with your Account is current, accurate and complete at all times. To cancel or delete your Account, contact your company administrator.
As part of the Service, we may integrate or allow you to integrate content and data from one of our authorized data partners (e.g., Dun & Bradstreet, Experian) (each, a “Data Partner”). If you choose to integrate content and data from one or more Data Partners, you are required to have an account with the Data Partner(s) and you acknowledge that all substantive content and data provided by such Data Partner(s) is received from the Data Partner(s) as part of your agreement with the Data Partner(s) and any additional terms, conditions, fees, and policies imposed by the Data Partner(s) and your integrations of such content and data does not violate your agreement with them or any such additional terms, conditions, fees, or policies. If we integrate content and/or data into the Service from one or more Data Partners, you acknowledge and agree that such data and content is subject to these Terms and additional terms, conditions, fees, and policies imposed by the Data Partner(s). With respect to all content and data from Data Partners, we do not source, investigate, or otherwise preview such data content for accuracy or suitability (see also, Section 7). In addition to these Terms, you must abide by any and all terms and conditions of the Data Partner(s). You acknowledge and agree that you are solely responsible, and Matchbook has no responsibility or liability to you or any other person or entity for, any breach by you of such terms and conditions, or for the consequences of any such breach.
If you choose to purchase services from us, you acknowledge that you will be required to provide a current, valid, accepted method of payment (“Payment Method”) and you agree that we may charge your Payment Method. Matchbook uses authorized third parties for the purpose of processing your transactions and payment card authorization. By submitting Payment Method details to us or our third-party processors, you grant (or otherwise authorize) Matchbook the right to store and process your information with such third parties. You agree that Matchbook will not be responsible for any failures of such third parties to adequately protect your information.
You agree to maintain accurate, complete, and up-to-date information in your Account. Your failure to maintain accurate, complete, and up-to-date Account information, may result in your inability to fully access or use the Service. If at any time, you choose to cancel your Account, please email us, as detailed below.
By agreeing to these Terms or using the Service, you agree to receive communications from us, including via email.
Communications from us may include operational communications concerning your Account or responses to your inquiries or marketing materials. If you wish to opt-out of promotional emails, you can unsubscribe from our promotional email list by following the unsubscribe options in the promotional email itself. Please note that you cannot unsubscribe from certain correspondence from us, including messages relating directly to your Account.
The Matchbook, the MatchbookAI, and the “Matchbook Services” name and logo are trademarks and service marks of Matchbook. You do not have the right to use any of our trademarks, service marks or logos and your unauthorized use of any of these may be a violation of federal and state trademark laws.
You acknowledge that all intellectual property rights in the Service, whether registered or unregistered, including but not limited to rights in graphics, logos, “look and feel,” trade dress, structure, organization, code, and all content in the Service and compilation thereof (excluding the trademarks or other content provided by our data partners), anywhere in the world, belong to us or our licensors and are valuable trade secrets and confidential information of Matchbook, protected by intellectual property laws. You acknowledge and agree that Matchbook, or its licensors, owns all right, title and interest in and to the Service, including all intellectual property, industrial property and proprietary rights recognized anywhere in the world at any time and that the Service is protected by U.S. and international copyright and other intellectual property laws. Further, you acknowledge that the Service may contain information that Matchbook has designated as confidential and you agree not to disclose such information without Matchbook prior written consent. Nothing posted on the Service grants a license to any Matchbook trademarks, copyrights, or other intellectual property rights, whether by implication, estoppel or otherwise. You should assume that everything you see or read on the Service is proprietary information protected by intellectual property laws unless otherwise noted and may not be used except with the written permission of Matchbook. When accessing the Service, you agree to obey the law and to respect the intellectual property rights of others. Your use of the Service is at all times governed by and subject to laws regarding copyright ownership and use of intellectual property.
The Service may contain links to third-party websites, including but not limited to our Data Partners (collectively, “Third-Parties”). You acknowledge that we have no control over these Third-Parties’ websites or locations, and are not responsible for their contents, actions, and/or availability. We do not assume any liability for your use of any of the foregoing, which use you acknowledge and agree shall be at your own risk. Your use of the Third-Parties’ websites or locations will be governed by their terms and conditions and privacy policies (if any) (“Third-Party Terms”). It is your responsibility to read and comply with Third-Party Terms.
Under California Civil Code Section 1789.3, California users of an electronic commercial service receive the following consumer rights notice: California residents may reach the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs by mail at 1625 North Market Blvd., Sacramento, CA 95834, or by telephone at 916-445-1254 or 800-952-5210.
You are solely responsible for keeping your Account and any information associated with your Account (including, but not limited to, passwords and license keys) confidential and agree to be responsible for all activities that occur under your Account. You must not disclose your credentials or other information associated with your Account anyone else. If you know or suspect that anyone other than you knows your password or any other authentication information, you must promptly notify us using the contact details below. We are not responsible for any losses or liabilities arising out of or in connection with any unauthorized use of your Account or the Service.
You promise to us that (a) you are authorized to agree to these Terms, (b) you are not located in a country subject to a United States government embargo, nor are you located in a country that has been designated by the United States government as a “terrorist supporting” country, (c) you are not listed on any United States government list or prohibited or restricted parties, (d) you assume the risk of any information submitted by you, and (e) you will not disclose nor allow to be disclosed by any means any confidential information belonging to us that you become aware of.
You agree to indemnify and hold us and our affiliates, and their respective business partners, licensees, licensors, officers, directors, employees and agents (the “Indemnified Parties”) harmless from and against any and all claims, demands, losses, damages, liabilities, costs and expenses (including without limitation reasonable attorneys’ fees and costs), arising out of or in connection with: (a) your use of the Service; (b) your breach or violation of any of these Terms; or (c) your violation of the rights of any third-party. We reserve the right to assume the exclusive defense and control of any matter subject to indemnification by you, which shall not excuse your indemnity obligations. In such event, you shall provide the Indemnified Parties with such cooperation as is reasonably requested by the Indemnified Parties.
WE PROVIDE THE SERVICE ON AN “AS IS” AND “AS AVAILABLE” BASIS. WE MAKE NO GUARANTEE THAT THE SERVICE WILL BE UNINTERRUPTED, ACCURATE, ERROR FREE, OR FREE FROM VIRUSES OR OTHER HARMFUL COMPONENTS. WE HAVE NO OBLIGATION TO CORRECT ANY BUGS, DEFECTS OR ERRORS IN THE SERVICE OR TO OTHERWISE SUPPORT, DEVELOP OR MAINTAIN THE SERVICE. While we take reasonable precautions to prevent the existence of computer viruses and/or other malicious programs, we accept no liability for them.
To the maximum extent permitted by law, we exclude all conditions, warranties, representations and other terms, which may apply to the Service, whether express or implied, including without limitation implied warranties of merchantability, fitness for a particular purpose, title and non-infringement of the rights of third-parties with respect to the Service and all information and content included on the Service.
NO INFORMATION OR ADVICE OBTAINED THROUGH THE SERVICE, OR AFFIRMATION BY US, BY WORDS OR ACTIONS, SHALL CONSTITUTE A WARRANTY. WE ALSO MAKE NO PROMISES OR GUARANTEES, WHETHER EXPRESS OR IMPLIED, THAT THE CONTENT INCLUDED ON THE SERVICE IS ACCURATE, COMPLETE OR UP-TO-DATE, AND WE HAVE NO LIABILITY TO YOU FOR LOSSES ARISING OUT OF YOUR RELIANCE ON THE SERVICE (INCLUDING ANY LOSS OF PROFIT, LOSS OF BUSINESS, BUSINESS INTERRUPTION, OR LOSS OF BUSINESS OPPORTUNITY).
Because some states or jurisdictions do not allow the disclaimer of implied warranties, the foregoing disclaimers may not apply to you.
IN NO EVENT SHALL THE INDEMNIFIED PARTIES BE LIABLE TO YOU FOR ANY DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES (INCLUDING LOST PROFITS, ANY BREACH OF SECURITY OR ANY DAMAGE TO YOUR DEVICE, LOST DATA, PERSONAL INJURY, PROPERTY DAMAGE, OR LOSSES ARISING OUT OF YOUR USE OF OR RELIANCE ON THE SERVICE, OR YOUR INABILITY TO ACCESS OR USE THE SERVICE) ARISING FROM, RELATING TO, OR IN ANY WAY CONNECTED WITH THE USE OR THE PERFORMANCE OF THE SERVICE, OR THESE TERMS, ARISING AND WHETHER FRAMED IN CONTRACT OR TORT, REGARDLESS OF THE NEGLIGENCE (EITHER ACTIVE, AFFIRMATIVE, SOLE, OR CONCURRENT) OF MATCHBOOK, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Your sole remedy for dissatisfaction with the Service including, without limitation, content on the Service, is to stop using the Service. Such limitation shall also apply with respect to damages incurred by reason of services or products received through or advertised in connection with the Service or any links on the Service, as well as by reason of any information or advice received through or advertised in connection with the Service or any links on the Service.
In the event the foregoing exclusion of liability is determined, in whole or in part, to be invalid or unenforceable, then the Indemnified Parties’ liability arising in connection with the Service, or under these Terms whether in contract, tort (including negligence) or otherwise, shall not exceed, under any circumstances, the greater of: (i) the total amount paid for services from us in the preceding 30 days, or (ii) One Hundred Dollars ($100). You agree that any claim or cause of action arising under these Terms, in relation to our Service, or the performance or non-performance of the Service must be brought within one year after such claim or cause of action arises or be forever barred.
THE LIMITATIONS AND DISCLAIMER IN THIS SECTION DO NOT PURPORT TO LIMIT LIABILITY OR ALTER YOUR RIGHTS AS A CONSUMER THAT CANNOT BE EXCLUDED UNDER APPLICABLE LAW. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF OR THE LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, IN SUCH STATES OR JURISDICTIONS, MATCHBOOK’S LIABILITY SHALL BE LIMITED TO THE EXTENT PERMITTED BY LAW. THIS PROVISION SHALL HAVE NO EFFECT ON MATCHBOOK’S CHOICE OF LAW PROVISION SET FORTH BELOW.
If you are a California resident, you waive California Civil Code Section 1542, which states: “A general release does not extend to the claims that the creditor or releasing party does not know or suspect to exist in his or her favor at the time of executing the release and that, if known by him or her would have materially affected his or her settlement with the Debtor or released party.”
We reserve the right to change, edit, suspend, delete and/or cancel any part of the Service; disable, deactivate, freeze, suspend or terminate your Account; terminate these Terms; cancel your order; and/or withdraw permission to use the Service immediately, without prior notice or liability, if: (a) you commit any breach of these Terms; (b) we discontinue the Service, (c) we are prevented from providing the Service for any reason, (d) if required by law, (e) at the request of one of our Data Partners, or (f) due to an event beyond our control.
On termination of these Terms for any reason: (a) all rights granted to you under these Terms will cease immediately, (b) you must immediately cease all activities authorized by these Terms (including your use of the Service), and (c) you acknowledge that we may restrict your access to the Service. Sections 4, 5, 6, and 11-17 will survive any termination or expiration of these Terms.
If you wish to contact us in writing, or if any condition in these Terms require you to give us notice in writing, you can send this to us by email using the contact details at the bottom of these Terms. If we have to contact you or give you notice in writing, we may do so by email or using any other contact details you provide to us.
These Terms and any matter arising out of or relating to these Terms, and any claim, cause of action, controversy, or matter in dispute between you and us, whether sounding in contract, tort, statute, regulation or otherwise shall be governed by the internal laws of the State of California in the United States, without regard to any choice or conflict of laws principles (whether of the State of California or any other jurisdiction). The application of the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded. You and Matchbook agree that, except as otherwise provided below, the state and federal courts located in the County of Los Angeles, California will have exclusive jurisdiction of all Disputes arising out of or related to these Terms or your use of the Services and agree to submit to the personal jurisdiction and venue of these courts. Notwithstanding the foregoing, Matchbook shall be allowed to apply for equitable remedies (including injunctions) in any jurisdiction.
Arbitration Procedures. You and Matchbook agree that, except as provided in Section (d) below, all Disputes, (each a “Claim”), shall be finally and exclusively resolved by binding arbitration, which may be initiated by either party by sending a written notice requesting arbitration to the other party. Any election to arbitrate by one party shall be final and binding on the other. The arbitration will be conducted under the Streamlined Arbitration Rules and Procedures of JAMS that are in effect at the time the arbitration is initiated (the “JAMS Rules”) and under the terms set forth in these Terms. In the event of a conflict between the terms set forth in this Section 16 (Dispute Resolution) and the JAMS Rules, the terms in this Section will control and prevail.
Except as otherwise set forth in Section (d) below, you may seek any remedies available to you under federal, state or local laws in an arbitration action. As part of the arbitration, both you and Matchbook will have the opportunity for discovery of non-privileged information that is relevant to the Claim. The arbitrator will provide a written statement of the arbitrator’s decision regarding the Claim, the award given and the arbitrator’s findings and conclusions on which the arbitrator’s decision is based. The determination of whether a Claim is subject to arbitration shall be governed by the Federal Arbitration Act and determined by a court rather than an arbitrator. Except as otherwise provided in these Terms, (a) you and Matchbook may litigate in court to compel arbitration, stay proceedings pending arbitration, or confirm, modify, vacate or enter judgment on the award entered by the arbitrator, and (b) the arbitrator’s decision shall be final, binding on all parties and enforceable in any court that has jurisdiction, provided that any award may be challenged if the arbitrator fails to follow applicable law.
In the case of arbitration and where permitted by law, you are agreeing to give up your right to go to court to assert or defend your rights. Your rights will be determined by a neutral arbitrator and not a judge or jury. You are entitled to a fair hearing, but the arbitration procedures are simpler and more limited than rules applicable in court. Arbitrator decisions are enforceable as any court order and are subject to very limited review by a court.
The rights granted to you under these Terms may not be assigned without Matchbook’s prior written consent, and any attempted unauthorized assignment by you shall be null and void.
If any part of these Terms is determined to be invalid or unenforceable, then that portion shall be severed, and the remainder of these Terms shall be given full force and effect.
The prevailing party shall be entitled to recover from the other party all the reasonable costs, attorneys’ fees and other expenses incurred by such prevailing party in any legal action relating to these Terms.
Our failure to enforce any provision of these Terms shall in no way be construed to be a waiver of such provision, nor in any way affect our right to enforce the same provision at a later time. An express waiver by Matchbook of any provision, condition or requirement of these Terms shall not be understood as a waiver of your obligation to comply with the same provision, condition or requirement at a later time.
You acknowledge and agree that Matchbook would be irreparably damaged if the terms of these Terms were not specifically enforced, and therefore you agree that we shall be entitled, without bond, other security, or proof of damages, to appropriate equitable remedies with respect to any breach of these Terms, in addition to such other remedies as we may otherwise have available to us under applicable laws.
These Terms, including the documents referenced in these Terms, constitutes the entire agreement between you and Matchbook with respect to the Service and supersedes any and all prior agreements between you and Matchbook relating to the Service.
We may transfer our rights and obligations under these Terms to another organization, but this will not affect your rights or our obligations under these Terms.
We reserve the right, at our sole discretion, to amend these Terms at any time. In the event of a material change to these Terms and where required by applicable law, we will provide a conspicuous message informing you of the change through the Service, via an email address associated with your Account, or other communication method(s) that we deem reasonable. To the extent permitted under applicable law, we reserve the right at any time and from time-to-time to modify or discontinue, temporarily or permanently, the Service (or any part of it) with or without notice.
If you have any questions or comments relating to these Terms, please contact us at:
Matchbook Services, Inc.
11271 Ventura Boulevard #384
Studio City, California. 91604
This Information Security Addendum (“Addendum”) is incorporated into and made a part of the Master Service Agreement between Matchbook and Customer that references this document (the “Agreement”) and any capitalized terms used but not defined herein shall have the meaning set forth in the Agreement. In the event of any conflict between the terms of the Agreement and this Addendum, this Addendum shall govern.
While providing the Service, Matchbook will ensure there is a written information security program of policies, procedures and controls designed to provide physical, administrative, and technical safeguards consistent with industry-accepted best practices to protect the security and availability of Customer Data (the “Security Program”). The Security Program will include industry-standard practices designed to protect Customer Data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Matchbook will update the Security Program to address new and evolving security technologies, changes to industry standard practices, and changing security threats, provided that no such update will materially reduce the overall level of commitments or protections provided to Customer as described herein.
Matchbook will have an information security officer, or equivalent executive, that is designated as responsible for coordinating, managing, and monitoring the information security function, policies, and procedures.
The information security policies will be: (i) documented; (ii) reviewed and approved by management, including after material changes; and (iii) published, and communicated to personnel, and contractors, including appropriate ramifications for non-compliance.
Matchbook will perform information security risk assessments as part of a risk governance program that is established with the objective to regularly test, assess, and evaluate the effectiveness of the Security Program. Such assessments will be designed to recognize and assess the impact of risks and implement identified risk reduction or mitigation strategies to address new and evolving security technologies, changes to industry standard practices, and changing security threats.
Matchbook will establish and maintain sufficient controls to meet certification and attestation for the trust services criteria of availability and security as stated in the SOC 2 Type II standards (or equivalent standards). On an annual basis, Matchbook shall have an independent auditor conduct an audit of Matchbook’s internal controls (including those controls managed by any third-party data center provider) and prepare a SOC 2 Type II, or, in Matchbook’s sole discretion, an equivalent report.
b. Physical, Technical and Organizational Security Measures
Matchbook shall maintain all Customer Data in strict confidence, which is more than or equal to the degree of care and technical safeguards that meet or exceed applicable Industry Standards and that ensure a level of security appropriate to the particular risks of accidental, unlawful, or unauthorized destruction, loss, alteration, disclosure or access of Customer Data. At a minimum, and without limiting the foregoing, Matchbook shall implement the following security measures:
a. Physical and Technical Security Measures
Matchbook shall (i) secure its physical, technical, and administrative infrastructure, including all relevant business facilities, data centers, paper files, servers, networks, platforms, databases, cloud computing resources, back-up systems, passwords and credentials, hardware, and mobile devices; (ii) implement authentication and access controls within all relevant media, applications, networks, operating systems and equipment; (iii) encrypt Customer Data when transmitted over public or wireless networks or where otherwise appropriate; (iv) logically segregate Customer Data from information of Matchbook, its employees, or its other customers; (v) conduct penetration testing and vulnerability scans and promptly implement a corrective action plan to correct the material risks that are reported as a result of such testing (as described further in Section 6 of this Addendum); and (vi) implement any other measures that Matchbook, in its sole discretion, deems necessary to ensure the ongoing confidentiality, integrity, and availability of Customer Data and the ongoing security and resilience of systems and services used for processing
b. Organizational Security Measures
Matchbook shall (i) maintain appropriate personnel security and integrity practices; (ii) maintain written plans and policies for responding to Security Incidents; (iii) limit access to Customer Data to Authorized Persons only, and (iv) ensure that all Authorized Persons are made aware of the confidential nature of Customer Data before they may access such data.
Additionally, Matchbook shall ensure that any Authorized Person that processes Customer Data has agreed to protect Customer Data in accordance with Matchbook’s confidentiality obligations in the Agreement.
a. Business Continuity
Matchbook will maintain a business continuity plan to minimize the impact from Security Incidents and other events to Matchbook’s provision and support of the Service. The business continuity plan will (i) include processes for protecting personnel and assets and restoring functionality in accordance with the time frames outlined therein, and (ii) be tested annually and updated based on any deficiencies identified during such tests.
b. Disaster Recovery
Matchbook will maintain an information security contingency plan to address disaster recovery that is consistent with Industry Standards and will (i) test such plan at least once every year, (ii) make available summary test results that will include the actual recovery point and recovery times, and (iii) document any action plans within the summary test results to promptly address and resolve any deficiencies, concerns, or issues that prevented or may prevent the environment from being recovered in accordance with the plan.
a. Security Incident Detection. Matchbook monitors and analyzes system events in a timely manner in accordance with Matchbook’s current operating procedures.
b. Notification. If Matchbook becomes aware of a Security Incident, Matchbook shall notify Customer without undue delay. Matchbook shall provide Customer with timely information about the Security Incident to the extent known to Matchbook, including, but not limited to, the nature and consequences of the Security Incident, the measures taken and/or proposed by Matchbook to mitigate or contain the Security Incident, the status of Matchbook’s investigation, a contact point from which additional information may be obtained, and the categories and approximate number of data records concerned. Notwithstanding the foregoing, Customer acknowledges that because Matchbook personnel may not have visibility to the content of Customer Data, it may not be possible for Matchbook to provide information as to the particular nature of the Customer Data, or, where applicable, the identities, number, or categories of affected data subjects. Communications by or on behalf of Matchbook with Customer in connection with a Security Incident shall not be construed as an acknowledgement by Matchbook of any fault or liability with respect to the Security Incident.
The notice and report described above will be made available to Customer’s security or privacy contact(s) or, if no such contact(s) are designated, to the primary technical contact designated by Customer.
c. Cooperation. In the event of a Security Incident, Matchbook shall, taking into account the nature of the processing and the information available to Matchbook, provide Customer with reasonable cooperation and assistance necessary for Customer to comply with its obligations under applicable Data Security and Privacy Laws with respect to notifying (i) the relevant regulatory authorities, and (ii) individuals affected by such Security Incident
Matchbook maintains a process to timely identify and remediate system, device and application vulnerabilities through patches, updates, bug fixes, or other modifications to maintain the security of Customer Data. As part of this process, Matchbook conducts a third-party penetration test on at least an annual basis. Executive reports from such penetration tests will be made available to Customer upon Customer’s written request.
Vulnerabilities meeting defined risk criteria trigger alerts and are prioritized for remediation based on their potential impact to the Service. Upon becoming aware of such vulnerabilities, Matchbook will use commercially reasonable efforts to address critical and high vulnerabilities within 30 days, and medium vulnerabilities within 90 days. Matchbook assesses whether a vulnerability is “critical”, “high”, or “medium” by reference to the National Vulnerability Database’s Common Vulnerability Scoring System (CVSS).
a. Matchbook’s Responsibilities. During the term of the Agreement, Matchbook will comply with all Data Security and Privacy Laws applicable to the processing of Customer Data.
b. Customer’s Responsibilities. Customer shall, in its use of the Services, at all times process Customer Data, and provide instructions for the processing of Customer Data, in compliance with applicable Data Security and Privacy Laws. Customer shall ensure that the processing of Customer Data in accordance with Customer’s instructions will not cause Matchbook to be in breach of the Data Security and Privacy Laws. Customer is solely responsible for the accuracy, quality, and legality of (i) the Customer Data provided to Matchbook by or on behalf of Customer, (ii) the means by which Customer acquired any such Personal Data, and (iii) the instructions it provides to Matchbook regarding the processing of such Customer Data. Customer shall not provide or make available to Matchbook any Customer Data in violation of the Agreement or otherwise inappropriate for the nature of the Services and shall indemnify Matchbook from all claims and losses in connection therewith. Customer shall appropriately manage and protect its user roles and credentials, including but not limited to, by (i) ensuring that all users keep credentials confidential and do not share such information with unauthorized parties, (ii) promptly reporting to Matchbook any suspicious activities related to Customer’s account, (iii) appropriately configuring user and role-based access controls, including scope and duration of user access, taking into account the nature of the Customer Data, and (iv) maintaining appropriate password uniqueness, length, complexity, and expiration.
c. Customer Security Contact. Customer agrees to identify and maintain appropriate security contact(s) for all Security Incident and information security-related communications.
d. Customer Acknowledgement. Customer acknowledges and agrees that Matchbook may disclose Customer Data to its advisers, auditors or other third parties as reasonably required in connection with the performance of its obligations under this Addendum, the Agreement, or the provision of Services to Customer.
e. Limitations. Notwithstanding anything to the contrary in this Addendum or the Agreement, Matchbook’s obligations herein are only applicable to the Service. This Addendum does not apply to: (i) information shared with Matchbook that is not Customer Data; (ii) data in Customer’s VPN or a third-party network; and (iii) any data processed by Customer or its users in violation of the Agreement or this Addendum.
Following the Completion of the Services and upon written request by Customer, Matchbook shall, within ninety (90) calendar days, delete Customer’s Personal Data, unless further storage of such Customer Data is required or authorized by applicable law. If destruction is impracticable or prohibited by law, rule or regulation, Matchbook shall take measures to block such Customer Data from any further processing (except to the extent necessary for its continued hosting or processing required by law, rule or regulation) and shall continue to appropriately protect the Customer Data remaining in its possession, custody or control.
a. “Authorized Person” means an employee or contractor of Matchbook, or third-party subcontractor, agent, reseller, or auditor engaged by Matchbook, that has a need to know or otherwise access Customer Data in order to enable Matchbook to perform its obligations under the Agreement or this Addendum and who has undergone appropriate background screening and/or training by Matchbook.
b. “Customer Data” means information provided to Matchbook by or at the direction of Customer, information which is created or obtained by Matchbook on behalf of Customer, or information to which access was provided to Matchbook by or at the direction of Customer, in the course of Matchbook’s performance under the Agreement that: (i) identifies or can be used to identify an individual (including, without limitation, names, signatures, addresses, telephone numbers, email addresses, and other unique identifiers); or (ii) can be used to identify or authenticate an individual (including, without limitation, employee identification numbers, government-issued identification numbers, passwords or PINs, user identification and account access credentials or passwords, financial account numbers, credit report information, student information, biometric, health, genetic, medical, or medical insurance data, answers to security questions, an individual’s internet activity or similar interaction history, inferences drawn from other personal information to create consumer profiles, geolocation data, an individual’s commercial, employment, or education history, and other personal characteristics and identifiers. Customer’s business contact information is not by itself deemed to be Customer Data.
c. “Data Security and Privacy Laws” means applicable federal, state and foreign laws and regulations applicable to the security and privacy of Customer Data.
d. “Industry Standards” means the practices consistent with standards that have been publicly acknowledged and actually adopted by a substantial number of companies working with comparable information and which are recognized by reasonable experts in the field as acceptable, such as standards published by the National Institute of Standards and Technology (“NIST”) and the International Organization for Standardization (“ISO”).
e. “Security Incident” means the unauthorized or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data.