Data Privacy and Security

This Data Privacy and Security Agreement constitutes the agreement ("Agreement") between SPLICE Software Incorporated ("SPLICE"), and you, the users, and/or the organization on whose behalf you are accepting the agreement ("the Client"). 

NOW THEREFORE in consideration of the mutual covenants and agreements hereinafter contained and other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the parties agree they will exchange "Data" with each other, which will be defined and governed as follows:

1.    DEFINITIONS

1.1    "Anonymous Information" or "AI" means any data that specifically does not include any NPII or PII, and which there is a reasonable basis to believe that the information cannot be used to identify the individual.

1.2    "Data" means all digital information or graphic content exchanged between SPLICE and the Client in the preparation and provision of Services outlined in the Master Service Agreement dated as of the date hereof between SPLICE and the Client (the "MSA") and the Quote.

1.3    "Non-Public Identity Information" or "NPII" means any information provided by the Client that is specifically not intended to be available to the general public, including, but not limited to, social security numbers, social insurance numbers, driver's license numbers, credit or debit card numbers, location data, website identifications, IP addresses, cookies, and (i) that identifies the individual; or (ii) with respect to which there is a reasonable basis to believe the information can be used to identify the individual.

1.4    "Personal Identity Information" or "PII" means any and all information provided by the Client that may also be available to the general public, and which can be used to uniquely identify an individual including, but not limited to, name, postal address, email address, land or mobile phone number and (i) that identifies the individual; or (ii) with respect to which there is a reasonable basis to believe the information can be used to identify the individual.

1.5    "Personal Health Information" or "PHI" means any and all health related information provided by the Client that is specifically not intended to be available to the general public, including, but not limited to, the past, present, or future physical or mental health or condition of an individual; the provision of health care to the individual; or the past, present or future payment for the provision of health care to the individual and (i) that identifies the individual; or (ii) with respect to which it contains elements of NPII and/or PII, there is a reasonable basis to believe the information can be used to identify the individual.

1.6    "Personal Transaction Information" or "PTI" means any and all detailed or summary
 
information that relates to an individual's interaction with the Client, including, but not limited to, purchases, online activity, call-center activity, promotion history, and (i) that identifies the individual; or (ii) with respect to which it contains elements of NPII and/or PII, there is a reasonable basis to believe the information can be used to identify the individual.

1.7    "Sensitive Data" means all data that contains NPII or PII, or which it is reasonable to expect that the combination of attributes could be used to identify the individual.

Capitalized terms used, but not otherwise defined herein, shall have the meanings set forth in the MSA.

2.    OWNERSHIP OF DATA. The ownership of NPII, PII, PHI, and/or PTI provided by the Client to SPLICE is, and will remain, with the Client. The Client agrees that it will not transmit data that it does not have lawful ownership of and/or has explicit approval to use. SPLICE agrees that it will not share, expose, or report on Client Data to any affiliated or unaffiliated entity or service provider without the express written consent of the Client. The Client agrees that SPLICE shall have the right and ability to process Data and compile into AI for purposes including, but not limited to, learning, forecasting, statistical analysis, process improvement, and reporting. The Client agrees SPLICE has ownership of and/or has explicit approval to use all aggregate AI compiled or processed through processes listed above.

3.    PROCESSING and USE OF DATA. Use of the Client Data by SPLICE for any purpose outside the scope of providing the Services or as otherwise specified in this Agreement is strictly prohibited without the prior written consent of the owner of the Client Data. SPLICE agrees that it will process and use the Client provided Data in a mutually agreed to and secure environment, in order to fulfill the obligations as outlined in the Quote.

4.    BACKUP, RETENTION and DELETION OF DATA SPLICE agrees that it will use reasonable efforts to backup and retain the Client provided original, and SPLICE created replicated versions, of Data in an industry standard, mutually agreed to method and secure environment. When the five (5) year Retention Period has passed, SPLICE will take industry standard and mutually agreed to action to promptly, completely, and permanently delete all the Client provided, and any SPLICE created, copies and backups of NPII, PII, PHI and/or PTI data from SPLICE maintained environments.

5.    PROTECTION OF DATA. SPLICE agrees that it will use reasonable efforts to maintain the Data that it receives, processes, uses, and retains on mutually agreed to, and secure, environments. SPLICE will use reasonable efforts to limit access to Client provided Data to personnel and/or contractors who have signed confidentiality agreements and have been informed of the provisions in the appropriate Quote.