Last modified: July 1, 2024

 

California

A. To the extent that the Publisher sells to or shares with Aries any personal information in scope of the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020, and its implementing regulations (“CCPA”):

  1. The purposes for which such personal information is made available to Aries is to provide, manage, operate and secure the services under the Agreement subject to the Aries Privacy Policy at https://staging.ariessys.com/about/privacy-policy;
  2. The Publisher is making the personal information available to Aries only for the limited and specified purposes set forth in the Agreement, and Aries is required to use the personal information only for those limited and specified purposes;
  3. Aries is required to comply with applicable sections of the CCPA, including – with respect to the personal information that the Publisher makes available to Aries – providing the same level of privacy protection as required of businesses by the CCPA;
  4. Aries grants the Publisher the right – with respect to the personal information that the Publisher makes available to Aries – to take reasonable and appropriate steps to ensure that Aries uses the personal information in a manner consistent with the Publisher’s obligations under the CCPA;
  5. Aries grants the Publisher the right, upon notice, to take reasonable and appropriate steps to stop and remediate unauthorized use of personal information made available to Aries; and
  6. Aries is required to notify the Publisher after it makes a determination that it can no longer meet its obligations under the CCPA.

 

B. To the extent that Aries is processing on behalf of the Publisher any personal information in scope of the CCPA:

  1. Aries is prohibited from selling or sharing such personal information it collects pursuant to the Agreement;
  2. The specific business purpose for which Aries is processing personal information pursuant to the Agreement is to provide, manage, operate and secure the services under the Agreement, and the Publisher is disclosing the personal information to Aries only for the limited and specified business purpose set forth in the Agreement;
  3. Aries is prohibited from retaining, using, or disclosing the personal information that it collected pursuant to the Agreement for any purpose other than for the business purpose specified in the Agreement or as otherwise permitted by the CCPA;
  4. Aries is prohibited from retaining, using, or disclosing the personal information that it collected pursuant to the Agreement for any commercial purpose other than the business purposes specified in the Agreement, unless expressly permitted by the CCPA;
  5. Aries is prohibited from retaining, using, or disclosing the personal information that it collected pursuant to the Agreement outside the direct business relationship between Aries and the Publisher, unless expressly permitted by the CCPA;
  6. Aries is required to comply with all applicable sections of the CCPA, including – with respect to the personal information that Aries collected pursuant to the Agreement – providing the same level of privacy protection as required of businesses by the CCPA;
  7. Aries grants the Publisher the right to take reasonable and appropriate steps to ensure that Aries uses the personal information that it collected pursuant to the Agreement in a manner consistent with the Publisher’s obligations under the CCPA;
  8. Aries is required to notify the Publisher after it makes a determination that it can no longer meet its obligations under the CCPA;
  9. Aries grants the Publisher the right, upon notice, to take reasonable and appropriate steps to stop and remediate Aries’s unauthorized use of personal information; and
  10. Aries is required to enable the Publisher to comply with consumer requests made pursuant to the CCPA or the Publisher is required to inform Aries of any consumer request made pursuant to the CCPA that they must comply with and provide the necessary information to Aries to comply with the request.

 

 

Colorado, Connecticut, Oregon, Texas, Utah, and Virginia

A. To the extent that Aries Systems is processing on behalf of the Publisher any personal data in scope of the Colorado Privacy Act, Connecticut Data Privacy Act, Oregon Consumer Privacy Act, Texas Data Privacy and Security Act, Utah Consumer Privacy Act, and/or Virginia Consumer Data Protection Act, Aries Systems shall:

  1. Ensure that each person processing personal data is subject to a duty of confidentiality with respect to the data;
  2. At the direction of the Publisher, delete or return all personal data to the Publisher as requested at the end of the provision of the services under the Agreement, unless retention of the personal data is required by law;
  3. Upon reasonable request of the Publisher, make available to the Publisher all information in its possession necessary to demonstrate its compliance with the obligations under the foregoing laws;
  4. Allow, and cooperate with, reasonable assessments by the Publisher or its designated assessor; alternatively, Aries may arrange for a qualified and independent assessor to conduct an assessment of Aries’ policies and technical and organizational measures in support of the obligations under the foregoing laws using an appropriate and accepted control standard or framework and assessment procedure for such assessments. Aries shall provide a report of such assessment to the Publisher upon request; and
  5. Engage any subcontractor pursuant to a written contract in accordance with the foregoing laws that requires the subcontractor to meet the obligations of Aries with respect to the personal data;

and the parties shall, taking into account the context of the processing, implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk and establish a clear allocation of the responsibilities between them to implement the measures.