Contracts
Vendor Security Requirements
Effective June 5th 2023
DownloadTable of Contents
Supplier Security Requirements
Supplier shall implement and maintain all appropriate technical and organizational security measures to protect from a Security Incident and to preserve the security, integrity and confidentiality of all Personal Information processed under or in connection with the Agreement(s). Such measures shall have regard to the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. At a minimum, Supplier agrees to the following security measures:
Physical Controls. Supplier will maintain physical controls designed to secure relevant facilities, including layered controls covering perimeter and interior barriers, individual physical access controls, strongly-constructed facilities, suitable locks with key management procedures, access logging, and intruder alarms/alerts and response procedures.
Technical Controls.
Supplier shall:
- establish and enforce access control policies and measures to ensure that only individuals who have a legitimate need to access Personal Information will have such access, including multi-factor authentication;
- promptly terminate an individual’s access to Personal Information when such access is no longer required for performance under the Agreement;
- maintain reasonable and up-to-date anti-malware, anti-spam, and similar controls on Supplier’s networks, systems, and devices;
- log the appropriate details of access to Personal Information on Supplier’s systems and equipment, plus alarms for attempted access violations, and retain such records for no less than 90 days;
- maintain controls and processes designed to ensure that all operating system and application security patches are installed within the timeframe recommended or required by the issuer of the patch;
- implement reasonable user account management procedures to securely create, amend, and delete user accounts on networks, systems, and devices through which Supplier accesses Personal Information, including monitoring redundant accounts and ensuring that information owners properly authorize all user account requests; and
- have the ability to restore the availability and access to Personal Information in a timely manner in the event of a physical or technical incident.
Personnel Security. Supplier will maintain personnel policies and practices restricting access to Personal Information, including having appropriate use guidelines, written confidentiality agreements, and performing background checks in accordance with Applicable Laws on all personnel who Process Personal Information or who implement, maintain, or administer Supplier’s security measures.
Training and Supervision. Supplier must provide ongoing privacy and information security training and supervision for all Supplier personnel who Process Personal Information.
Encryption Requirements. All Personal Information shall be encrypted at all times (at rest and in transit) while in Supplier’s possession or control. All encryption shall be in accordance with industry standards, including NIST SP 800-57, and including at a minimum:
Encryption at rest and in transit of all Personal Information and any backup media containing Personal Information with:
- Industry best standard encryption algorithm (e.g. AES-256, RSA, WPA-2);
- Transport Layer Security “TLS” v1.2 or higher during transmission;
- Full disk encryption of removable media (e.g. USB drives, mobile devices, CD/DVD-ROMS, portable hard drives, etc.) or any laptops, smartphones, tablets, or other portable devices (collectively, “Portable Devices”) using an encryption algorithm that meets or exceeds industry best practices; and
- Digital certificates signed by a trusted certificate authority.
Key management policies and procedures for secure generation, storage, access, distribution, archiving, recovery, and destruction.
Use of Canary Networks, Systems, or Devices. To the extent that Supplier accesses
Canary-owned or Canary-managed networks, systems, or devices (including Canary APIs,
corporate email accounts, equipment, or facilities) to access Personal Information, Supplier must comply with Canary’s written instructions, system requirements, and policies made available to Supplier.
System Acquisition, Development, and Maintenance. If Supplier develops software for use by Canary and/or Canary clients or for use in Processing Personal Information, Supplier must adhere to industry best practices and standards for Secure Software Development Lifecycle (SSDLC), including all of, but not limited to, the following techniques:
- Consistently executed secure code reviews and testing either through manual peer review or via a code scanning solution;
- Leveraging security guidelines from one or all of the following industry best practices and standards – OWASP Top 10, SANS Top 25 and Cloud Security Alliance;
- Protection of test data and content and removal of test data and content before deployment to production;
- System acceptance testing; and
- System change control and approvals before deployment to production.
Public Cloud Services. If Supplier uses a public cloud service, Supplier must apply industry best practices for cloud management including:
- enforce MFA for all administrative users of Supplier cloud services;
- separation of cloud environments to include strong key management practices that separate and prevent access to Personal Information from other Supplier and Supplier customer users, as well as logical separation from other data and content; and
- use industry standard encryption to protect all Personal Information when transmitted over all networks to, from, and within a public cloud service; and stored withing a public cloud service.
PCI Compliance. To the extent Supplier Processes any Cardholder Data for or on behalf of Canary, Supplier will at all times meet or exceed all Applicable Laws related to the collection, storage, accessing, and transmission of such data, including those established by Payment Card Industry Data Security Standards. The Payment Card Industry Data Security Standards are currently published at the following URL https://www.pcisecuritystandards.org/.
Destruction; Sanitization.
Return or Deletion of Information. Upon the termination or expiration of the Agreement for the Services, Supplier will promptly return to Canary all copies, whether in written, electronic or other form or media, of Personal Information in Supplier’s possession or the possession of Sub-Processor; where permitted delete and render Personal Information unreadable in the course of disposal, securely dispose of all such hard copies, and where requested certify in writing Supplier’s compliance.
Sanitization. Supplier will use a media sanitization process that deletes and destroys data in accordance with the US Department of Commerce’s National Institute of Standards and Technology’s guidelines in NIST Special Publication 800-88 or equivalent standard.
Endpoint Security Requirements.
Supplier must maintain the following endpoint security requirements: patch management; full disk encryption; remote wipe capability in case of lost/stolen laptop; anti-malware; inactivity timeout, (e.g. screen saver lock); and complex passwords of at least 8 characters.
The storage or transmission of Personal Information on or through removable media (e.g. USB drives, mobile devices, CD/DVD Roms, etc.) is strictly prohibited.
Business Continuity and Disaster Recovery.
Business Continuity Plan. Supplier shall have a current Business Continuity Plan (“BCP”). Canary reserves the right to review a summary of the items included in the BCP. Supplier shall ensure that there is a person appointed by Supplier and charged with the responsibility of developing and maintaining the BCP. The BCP must be updated annually. Current test results of BCP testing must be retained until the next testing occurrence has been completed.
Disaster Recovery. Supplier shall have documented disaster recovery plans, provisioning and tested disaster recovery capabilities in place which can recover within an acceptable amount of time those critical functions/ services for which Canary has contracted, and restore connectivity from Supplier’s recovery site to Canary. In keeping with industry standards and best practices, Supplier plans shall be reviewed and successfully tested at a minimum annually. Supplier shall make available, upon request, a summary of the most current test report for systems or critical business process utilized in support of Canary with summary of corrective actions accomplished for any identified substantive plan or provisioning shortfalls discovered in the testing process.
Assessments; Audits; Corrections.
Canary’s Security Assessment. On Canary’s written request Supplier will promptly and accurately complete Canary’s written privacy and security questionnaire regarding any network, application, system, or device, or security measures applicable to Supplier’s access to Personal Information. Supplier will provide any additional assistance and cooperation that Canary may reasonably require during any assessment of Supplier’s security measures, including providing Canary with reasonable access to personnel, information, documentation, infrastructure and application software, to the extent any of the foregoing is involved in Supplier’s access to Personal Information.
Audits and Certifications; Regulatory Audits.
Audits and Certifications. Upon request by Canary, Canary may conduct an audit of Supplier’s architecture, systems and procedures relevant to the protection of Personal Information at locations where Personal Information is Processed. Supplier will work cooperatively with Canary to agree on an audit plan in advance of any audit. Provided, however, if the scope of the audit is addressed in a SSAE 16/SOC1, SOC2, ISO 27001, NIST, PCI DSS, HIPAA or similar audit report performed by a qualified third party auditor within the prior twelve (12) months, and Supplier confirms there are no known material changes in the controls audited, Canary may agree to accept those reports in lieu of requesting an audit of the controls covered by the report.
Regulatory Audit. Notwithstanding Section (i)(b) if a Regulator requires an audit of the data processing facilities from which Supplier process Personal Information in order to ascertain or monitor Canary’s compliance with Applicable Law, Supplier will cooperate with such audit.
Supplier’s Continuous Self-Assessment; Penetration Testing. Supplier will continuously monitor risk to Personal Information and ensure that the security measures are properly designed and maintained to protect the confidentiality, integrity, and availability of Personal Information. At least one time each year during the term of the Agreement, Supplier will retain, at its sole cost and expense, an independent third party to conduct a penetration test of Supplier’s infrastructure designed to detect any material security weaknesses in such infrastructure. Supplier will use a reputable third party to conduct such testing that is certified by recognized industry standards as being qualified to perform such penetration testing. Supplier will reasonably discuss the results of such testing with Canary in a general nature so as not to expose any potential vulnerabilities to broader disclosure and, to the extent any such material weakness is found, will take appropriate action, prompt under the circumstances, to remedy such weakness.
Terms and Conditions of Online Sales
Effective June 5th 2023
DownloadTable of Contents
PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY. THESE TERMS CONTAIN VERY IMPORTANT INFORMATION REGARDING YOUR RIGHTS AND OBLIGATIONS, AS WELL AS CONDITIONS, LIMITATIONS, AND EXCLUSIONS THAT MIGHT APPLY TO YOU.
SECTION 8 OF THESE TERMS REQUIRE THE USE OF ARBITRATION TO RESOLVE DISPUTES, RATHER THAN JURY TRIALS. SEE SECTION 8 FOR MORE INFORMATION REGARDING THIS ARBITRATION CLAUSE.
BY PLACING AN ORDER FOR PRODUCTS OR SERVICES FROM THIS WEBSITE, YOU AFFIRM THAT YOU ARE OF LEGAL AGE TO ENTER INTO THIS AGREEMENT, AND YOU ACCEPT AND ARE BOUND BY THESE TERMS AND CONDITIONS.
YOU MAY NOT ORDER OR OBTAIN PRODUCTS OR SERVICES FROM THIS WEBSITE IF YOU (A) DO NOT AGREE TO THESE TERMS, (B) ARE NOT THE OLDER OF (i) AT LEAST 18 YEARS OF AGE OR (ii) LEGAL AGE TO FORM A BINDING CONTRACT WITH CANARY, OR (C) ARE PROHIBITED FROM ACCESSING OR USING THIS WEBSITE OR ANY OF THIS WEBSITE'S CONTENTS, GOODS OR SERVICES BY APPLICABLE LAW.
These terms and conditions (these "Terms") apply to the purchase and sale of products and services through https://www.canarymarketing.com/ (the "Site"). These Terms are subject to change by Canary (referred to as "us", "we", or "our" as the context may require) without prior written notice at any time, in our sole discretion. Any changes to the Terms will be in effect as of the "Last Updated Date" referenced on the Site. You should review these Terms prior to purchasing any product or services that are available through this Site. Your continued use of this Site after the "Last Updated Date" will constitute your acceptance of and agreement to such changes.
These Terms are an integral part of the Website Terms of Use that apply generally to the use of our Site. You should also carefully review our Privacy Policy before placing an order for products or services through this Site (see Section 7).
- Order Acceptance and Cancellation. You agree that your order is an offer to buy, under these Terms, all products and services listed in your order. All orders must be accepted by us or we will not be obligated to sell the products or services to you. We may choose not to accept orders at our sole discretion, even after we send you a confirmation email with your order number and details of the items you have ordered.
- Prices and Payment Terms.
- All prices posted on this Site are subject to change without notice. The price charged for a product or service will be the price in effect at the time the order is placed and will be set out in your order confirmation email. Posted prices do not include taxes or charges for shipping and handling. All such taxes and charges will be added to your merchandise total, and will be itemized in your shopping cart and in your order confirmation email.
- Terms of payment are within our sole discretion and payment must be received by us before our acceptance of an order. We accept for all purchases. You represent and warrant that (i) the credit card information you supply to us is true, correct and complete, (ii) you are duly authorized to use such credit card for the purchase, (iii) charges incurred by you will be honored by your credit card company, and (iv) you will pay charges incurred by you at the posted prices, including shipping and handling charges and all applicable taxes, if any, regardless of the amount quoted on the Site at the time of your order.
- Shipments; Delivery; Title and Risk of Loss.
- We will arrange for shipment of the products to you. Please check the individual product page for specific delivery options. You will pay all shipping and handling charges specified during the ordering process. Shipping and handling charges are reimbursement for the costs we incur in the processing, handling, packing, shipping, and delivery of your order.
- Title and risk of loss pass to you upon our transfer of the products to the carrier. Shipping and delivery dates are estimates only and cannot be guaranteed. We are not liable for any delays in shipments.
- Returns and Refunds.
- ALL SALES ARE FINAL. YOU ACKNOWLEDGE AND AGREE THAT, EXCEPT AS HEREIN PROVIDED, ALL PRODUCT SALES ARE MADE ON A ONE-WAY BASIS; YOU HAVE NO ADDITIONAL RIGHT TO CANCEL AN ORDER, RETURN A PRODUCT, OR RECEIVE A REFUND OR CREDIT FOR A PRODUCT PURCHASE.
- For defective returns, please refer to the manufacturer's warranty (see Section 5) included in the manufacturer's warranty, if any.
- Inspection and Rejection of Nonconforming Products.
- You shall inspect the inspect the Products upon three (3) days of receipt ("Inspection Period"). You will be deemed to have accepted the Products unless you notify Canary in writing of any Nonconforming Products during the Inspection Period and provide such written evidence or other documentation as reasonably required by Canary. "Nonconforming Products" means only the following: (i) product shipped is different than identified in your order confirmation email; or (ii) it does not conform to the brand and model listed in your purchase confirmation at the end of the checkout process.
- If you timely notify Canary of any Nonconforming Goods, Canary shall, in its sole discretion, (i) replace such Nonconforming Products with conforming Products, or (ii) credit or refund the Price for such Nonconforming Products, together with any reasonable shipping and handling expenses incurred by you in connection therewith.
- You acknowledge and agree that the remedies set forth in 4(c) are your exclusive remedies for the delivery of Nonconforming Products. Except as provided under 4(c), all sales of Products to you are made on a one-way basis and you have no right to return products purchased under this Agreement to Canary .
- Manufacturer's Warranty and Disclaimers.
- We do not manufacture or control any of the products offered on our Site. The availability of products through our Site does not indicate an affiliation with or endorsement of any product or manufacturer. Accordingly, we do not provide any warranties with respect to the products offered on our Site. However, a product that you purchase may be accompanied by a manufacturer’s warranty. You acknowledge and agree that all matters relating to any manufacturer’s warranty run strictly between you and the manufacturer. To the extent you wish to obtain warranty service for defective products, please follow the instructions included in the manufacturer's warranty, if any.
- ALL PRODUCTS AND SERVICES OFFERED ON THIS SITE ARE PROVIDED “AS IS” WITHOUT ANY WARRANTY WHATSOEVER, INCLUDING, WITHOUT LIMITATION, ANY (A) WARRANTY OF MERCHANTABILITY; (B) WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE; OR (C) WARRANTY AGAINST INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OF A THIRD PARTY; WHETHER EXPRESS OR IMPLIED BY LAW, COURSE OF DEALING, COURSE OF PERFORMANCE, USAGE OF TRADE, OR OTHERWISE.
- YOU AFFIRM THAT WE SHALL NOT BE LIABLE, UNDER ANY CIRCUMSTANCES, FOR ANY BREACH OF WARRANTY CLAIMS OR FOR ANY DAMAGES ARISING OUT OF THE MANUFACTURER'S FAILURE TO HONOR ITS WARRANTY OBLIGATIONS TO YOU.
- Limitation of Liability.
- No Consequential, Indirect, and Related Damages. IN NO EVENT SHALL WE BE LIABLE TO YOU OR ANY THIRD PARTY FOR CONSEQUENTIAL, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE OR ENHANCED DAMAGES, LOST PROFITS OR REVENUES OR DIMINUTION IN VALUE, ARISING OUT OF, OR RELATING TO, AND/OR IN CONNECTION WITH ANY BREACH OF THESE TERMS, REGARDLESS OF (A) WHETHER SUCH DAMAGES WERE FORESEEABLE, (B) WHETHER OR NOT WE WERE ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND (C) THE LEGAL OR EQUITABLE THEORY (CONTRACT, TORT OR OTHERWISE) UPON WHICH THE CLAIM IS BASED.
- Maximum Liability. OUR SOLE AND ENTIRE MAXIMUM LIABILITY, FOR ANY REASON, AND YOUR SOLE AND EXCLUSIVE REMEDY SHALL BE LIMITED TO THE ACTUAL AMOUNT PAID BY YOU FOR THE PRODUCTS AND SERVICES YOU HAVE ORDERED THROUGH OUR SITE.
- The limitation of liability set forth above shall only apply to the extent permitted by law.
- Privacy. We respect your privacy and are committed to protecting it. Our Privacy Policy, https://www.canarymarketing.com/privacy-policy/, governs the processing of all personal data collected from you in connection with your purchase of products or services through the Site.
- Dispute Resolution and Binding Arbitration.
- Agreement to Arbitrate. YOU AND CANARY ARE AGREEING TO GIVE UP ANY RIGHTS TO LITIGATE CLAIMS IN A COURT OR BEFORE A JURY, OR TO PARTICIPATE IN A CLASS ACTION OR REPRESENTATIVE ACTION WITH RESPECT TO A CLAIM. OTHER RIGHTS THAT YOU WOULD HAVE IF YOU WENT TO COURT MAY ALSO BE UNAVAILABLE OR MAY BE LIMITED IN ARBITRATION. ANY CLAIM, DISPUTE OR CONTROVERSY (WHETHER IN CONTRACT, TORT OR OTHERWISE, WHETHER PRE-EXISTING, PRESENT OR FUTURE, AND INCLUDING STATUTORY, CONSUMER PROTECTION, COMMON LAW, INTENTIONAL TORT, INJUNCTIVE AND EQUITABLE CLAIMS) BETWEEN YOU AND US ARISING FROM OR RELATING IN ANY WAY TO YOUR PURCHASE OF PRODUCTS OR SERVICES THROUGH THE SITE, WILL BE RESOLVED EXCLUSIVELY AND FINALLY BY BINDING ARBITRATION.
- Details of Arbitration Procedure.
- The arbitration will be administered by the American Arbitration Association ("AAA") in accordance with the Consumer Arbitration Rules (the "AAA Rules") then in effect, except as modified by this Section 8. (The AAA Rules are available at www.adr.org/ or by calling the AAA at 1-800-778-7879.) The arbitration will be governed by the then-current version of the AAA’s Commercial Arbitration RulesThe Federal Arbitration Act will govern the interpretation and enforcement of this section.
- The arbitrator will have exclusive authority to resolve any dispute relating to arbitrability and/or enforceability of this arbitration provision, including any unconscionability challenge or any other challenge that the arbitration provision or the agreement is void, voidable, or otherwise invalid. The arbitrator will be empowered to grant whatever relief would be available in court under law or in equity. Any award of the arbitrator(s) will be final and binding on each of the parties, and may be entered as a judgment in any court of competent jurisdiction.
- Right to Opt Out. You may elect to pursue your claim in small-claims court rather than arbitration if you provide us with written notice of your intention do so within 60 days of your purchase. The arbitration or small-claims court proceeding will be limited solely to your individual dispute or controversy.
- Waiver of Class Arbitration. You agree to an arbitration on an individual basis. In any dispute, NEITHER YOU NOR CANARY WILL BE ENTITLED TO JOIN OR CONSOLIDATE CLAIMS BY OR AGAINST OTHER CUSTOMERS IN COURT OR IN ARBITRATION OR OTHERWISE PARTICIPATE IN ANY CLAIM AS A CLASS REPRESENTATIVE, CLASS MEMBER OR IN A PRIVATE ATTORNEY GENERAL CAPACITY. The arbitral tribunal may not consolidate more than one person's claims, and may not otherwise preside over any form of a representative or class proceeding. The arbitral tribunal has no power to consider the enforceability of this class arbitration waiver and any challenge to the class arbitration waiver may only be raised in a court of competent jurisdiction.
- If any provision of this arbitration agreement is found unenforceable, the unenforceable provision will be severed and the remaining arbitration terms will be enforced.
- General Provisions.
- Force Majeure. We will not be liable or responsible to you, nor be deemed to have defaulted or breached these Terms, for any failure or delay in our performance under these Terms when and to the extent such failure or delay is caused by or results from acts or circumstances beyond our reasonable control, including, without limitation, acts of God, flood, fire, earthquake, explosion, governmental actions, war, invasion or hostilities (whether war is declared or not), terrorist threats or acts, riot or other civil unrest, national emergency, revolution, insurrection, epidemic, lockouts, strikes or other labor disputes (whether or not relating to our workforce), or restraints or delays affecting carriers or inability or delay in obtaining supplies of adequate or suitable materials, materials or telecommunication breakdown or power outage.
- Governing Law and Jurisdiction. This Site is operated from the US. All matters arising out of or relating to these Terms are governed by and construed in accordance with the internal laws of the State of California without giving effect to any choice or conflict of law provision or rule (whether of the State of California or any other jurisdiction) that would cause the application of the laws of any jurisdiction other than those of the State of California.
- Assignment. You will not assign any of your rights or delegate any of your obligations under these Terms without our prior written consent. Any purported assignment or delegation in violation of this Section 9(c) is null and void. No assignment or delegation relieves you of any of your obligations under these Terms.
- No Waivers. The failure by us to enforce any right or provision of these Terms will not constitute a waiver of future enforcement of that right or provision. The waiver of any right or provision will be effective only if in writing and signed by a duly authorized representative of Canary.
- No Third-Party Beneficiaries. These Terms do not and are not intended to confer any rights or remedies upon any person other than you.
- Notices.
- To You. We may provide any notice to you under these Terms by: (i) sending a message to the email address you provide or (ii) by posting to the Site. Notices sent by email will be effective when we send the email and notices we provide by posting will be effective upon posting. It is your responsibility to keep your email address current.
- To Us. To give us notice under these Terms, you must contact us as follows: by personal delivery, overnight courier, or registered or certified mail to 2700 Camino Ramon, Suite 110 San Ramon CA 94583. We may update the facsimile number or address for notices to us by posting a notice on the Site. Notices provided by personal delivery will be effective immediately. Notices provided by facsimile transmission or overnight courier will be effective one business day after they are sent. Notices provided by registered or certified mail will be effective three business days after they are sent.
- Severability. If any provision of these Terms is invalid, illegal, void or unenforceable, then that provision will be deemed severed from these Terms and will not affect the validity or enforceability of the remaining provisions of these Terms.
- Entire Agreement. These Terms, our Website Terms of Use and our Privacy Policy will be deemed the final and integrated agreement between you and us on the matters contained in these Terms.
Vendor DPA
Effective June 5th 2023
DownloadTable of Contents
SUPPLIER DATA PROTECTION ADDENDUM (“DPA”)
This Data Protection Addendum (“DPA”) is entered into by and between Canary LLC, a California limited liability company located at 2700 Camino Ramon, Suite 110 San Ramon CA 94583 (“Canary”) and the party (including any personnel, contractor, or agent acting on behalf of such party) that performs Services for Canary under the Agreement (“Supplier”).
BACKGROUND
Canary and Supplier have entered into one or more purchase orders, contracts, and/or agreements (“Agreement(s)”) that may require Supplier to process Personal Information provided by Canary. This DPA forms part of the Agreement(s) and/or other services agreement(s) between Canary and Supplier.
To comply with Data Protection Law (defined below), Canary must ensure the appropriate protection of all Personal Information when Canary engages third party Suppliers. Accordingly, this DPA sets out the additional terms, requirements and conditions on which Supplier will obtain, handle, process, disclose, transfer, or store Personal Information when providing services under the Agreement.
AGREED TERMS
- DEFINITIONS AND INTERPRETATION.
- Definitions.
- Capitalized terms used but not defined in this DPA will have the meanings otherwise set forth in the Agreement. For purposes of this DPA, the following terms will have the meaning ascribed below:
- “Data Protection Law” means all applicable federal, state, and foreign laws, directives, and regulations relating to the Processing, protection, security or privacy of Personal Information, including where applicable, the guidance and codes of practice issued by regulatory bodies in any relevant jurisdiction. This includes, but is not limited to, the California Consumer Privacy Act (“CCPA”) (Cal. Civ. Code §§1798.100 et seq.), the General Data Protection Regulation, Regulation (EU) 2016/679 (“GDPR”), equivalent requirements in the United Kingdom including the UK General Data Protection Regulation and the Data Protection Act 2018 (“UK Data Protection Law”), and the Swiss Federal Act on Data Protection (“FADP”).
- “Cardholder Data” means any primary account number, cardholder name, expiration date and/or service code, and security-related information (including but not limited to card validation codes/values, full track data, PINs and PIN blocks) used to authenticate cardholders or authorize payment card transactions.
- “Data Subject” means an identified or identifiable natural person about whom Personal Information relates.
- “Personal Information” means any information Supplier processes for Canary that (a) identifies or relates to an individual who can be identified directly or indirectly from that data alone or in combination with other information in Supplier's possession or control or that Supplier is likely to have access to, or (b) the relevant Data Protection Law otherwise define as protected Personal Information. Personal Information includes names, email addresses, postal addresses, telephone numbers, payment card information, online identifiers (including IP addresses and cookie identifiers).
- “Processing” or “Process” means either any activity that involves the use of Personal Information or as the relevant Data Protection Law may otherwise define processing, or process. It includes obtaining, recording or holding the Personal Information, or carrying out any operation or set of operations on the Personal Information including organizing, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring Personal Information to third parties.
- “Secondary Use” means Processing Personal Information for purposes other than as necessary to fulfill the Agreement and comply with the specific instructions stated in the Agreement, or for any purpose that would be a considered a “sale” of Personal Information as defined by the CCPA.
- “Security Incident” means any accidental or unlawful destruction, loss, or alteration of Personal Information, or any unauthorized access to, or use or disclosure of, Personal Information.
- “Services” means the services provided by Supplier to Canary under and as more particularly described in the Agreement(s).
- “Subprocessor” means any third party (including any Supplier affiliates) engaged directly or indirectly by Supplier to process any Personal Information relating to this DPA and/or the Agreements. The term "Subprocessor" shall also include any third party appointed by a Subprocessor to process any Personal Information relating to this DPA and/or the Contract(s). Subprocessor includes “Subprocessor” within the meaning of Standard Contractual Clauses.
- “Supplier” means the party (including any personnel, contractor, or agent acting on behalf of such party) that performs Services for Canary under the Agreement.
- Supplemental Terms. The Attachments form part of this DPA and will have effect as if set out in full in the body of this DPA. Any reference to this DPA includes the Attachments.
- Order of Precedence. In the case of conflict or ambiguity between: (a) any of the provisions of this DPA and the provisions of the Agreement, the provisions of this DPA will prevail; and (b) any of the provisions of this DPA and any executed Standard Contractual Clauses, the provisions of the executed Standard Contractual Clauses will prevail.
- ROLE AND SCOPE OF PROCESSING.
- Relationship of the Parties.
- Canary and Supplier acknowledge that for the purpose of Data Protection Law, Canary is the Controller and Supplier is the Processor. Supplier shall process Personal Information under the Agreements only as a Processor acting on behalf of Canary (whether as Controller or itself a Processor on behalf of a third party Controller). Each party shall comply with its obligations under Data Protection Law.
- For the purposes of the CCPA (to the extent the CCPA is applicable), Canary is a "business" and Supplier is a "service provider". Supplier, as service provider, will not (a) sell Canary Personal Information, or (b) retain, use, or disclose Canary Personal Information for any purposes other than for performing Supplier’s obligations under the Agreement. The Parties agree that Canary's transfer of Personal Information to Supplier is not a sale, and Supplier provides no monetary or other valuable consideration to Canary in exchange for Canary Personal Information. Supplier certifies that it understands the restrictions set out in this Section 2.1 and will comply with them.
- Details of Personal Information Processing. Attachment 1 to this DPA sets out a description of the Personal Data as required by Data Protection Law.
- Limited Use. Supplier will only Process the Personal Information to the extent, and in such a manner, as is necessary to provide the Services in accordance with Canary’s instructions. Supplier will not process the Personal Information for any other purpose or in a way that does not comply with this DPA or the Data Protection Law.
- Confidentiality and Non-Disclosure. Personal Information will be deemed Canary’s Confidential Information under the Agreement. Supplier will ensure that persons authorized by Supplier to Process any Personal Information are subject to appropriate confidentiality obligations. Supplier will maintain the confidentiality of all Personal Information and will not disclose Personal Information to third parties unless Canary or this DPA specifically authorizes the disclosure, or as required by law. If a law requires Supplier to process or disclose Personal Information, Supplier must first inform Canary of the legal requirement and give Canary an opportunity to object or challenge the requirement, unless the law prohibits such notice.
- Return or Disposal. At Canary's request, Supplier will give Canary a copy of or access to all or part of Canary's Personal Information in its possession or control in the format and on the media reasonably specified by Canary. On termination of the Agreement for any reason or expiry of its term, Supplier agrees to delete and securely erase or, if directed in writing by Canary (which may be delivered via email), return and not retain, all or any Personal Information related to this agreement in its possession or control.
- Relationship of the Parties.
- SECURITY.
- Security Measures. Supplier must at all times implement and maintain reasonable and appropriate physical, technical and organizational security measures designed to safeguard Personal Information against unauthorized or unlawful processing, access, copying, modification, storage, reproduction, display or distribution, and against accidental loss, destruction or damage including, but not limited to, the minimum security measures set out in Attachment 2.
- Security Assistance. Taking into account the nature of Processing and the information available to the Supplier, Supplier will assist Canary in ensuring compliance with its security obligations under Data Protection Law, including Article 32 of the GDPR and Article 32 of the UK GDPR.
- SECURITY INCIDENT.
- Security Incident Response Program. Supplier must maintain a reasonable Security Incident response program.
- Security Incident Notification.
- If Supplier becomes aware of any unauthorized or unlawful processing of the Personal Information or any Security Incident, Supplier will immediately, and without undue delay:
- stop the unauthorized access;
- secure the Personal Information;
- notify Canary (in no event more than 24 hours after the discovery of the Security Incident) by sending an email to security@canarymarketing.com with the information described in Subsection (b) below. This notification is required even if Supplier has not conclusively established the nature or extent of the Security Incident; and
- assist Canary in complying with its Security Incident notification or cure obligations under applicable laws and as otherwise reasonably requested.
- Where the Supplier becomes aware of any Security Incident, it shall, without undue delay, provide Canary with timely and sufficient information to allow Canary to meet any obligations under Data Protection Law. This includes, but is not limited to:
- a description of the Personal Information subject to the Security Incident (including the categories and number of data records and Data Subjects concerned) and the likely consequences of the Security Incident;
- the date and time of the Security Incident;
- a description of the circumstances that led to the Security Incident (e.g., loss, theft, copying);
- a description of the measures Supplier has taken and proposes to take to address the Security Incident; and
- relevant contact people who will be available until the parties mutually agree that the Security Incident has been resolved.
- If Supplier becomes aware of any unauthorized or unlawful processing of the Personal Information or any Security Incident, Supplier will immediately, and without undue delay:
- Remediation; Investigation. In the event of a Security Incident, Supplier shall, at Supplier’s cost, take appropriate steps to promptly remediate the root cause(s) of any Security Incident, and will fully co-operate with Canary in Canary's handling of the matter . Furthermore, Supplier shall take such measures and actions as are directed by Canary (or as appropriate) to assist in the investigation, mitigation, and remediation of each such Security Incident, and shall keep Canary up-to-date about all developments in connection with the Security Incident.
- No Unauthorized Statements. Except as required by applicable laws, Supplier will not make (or permit any third party to make) any statement concerning the Security Incident that directly or indirectly references Canary or any of Canary’s clients, unless Canary provides its explicit written authorization.
- Security Incident Assistance. Taking into account the nature of Processing and the information available to the Supplier, Supplier will assist Canary in ensuring compliance with Canary’s notification obligations under Data Protection Law in connection with any Security Incident, including in ensuring compliance with Canary’s obligations pursuant to Articles 33 and 34 of the GDPR and Articles 33 and 34 of the UK GDPR.
- CROSS-BORDER TRANSFERS OF PERSONAL INFORMATION.
- Supplier shall, at all times, provide an adequate level of protection for the Personal Information, wherever Processed, in accordance with the requirements of the applicable Data Protection Law.
- Personal Information Originating from the UK, EEA or Switzerland. If Personal Information originates from the UK, EEA or Switzerland and is transferred by Canary to Supplier for Processing in a country not subject to an adequacy decision in accordance with the GDPR (“UK/EEA/Switzerland Data Transfer”), the parties will conduct such UK/EEA/Switzerland Data Transfer in accordance with all applicable laws. The parties hereby agree to the Standard Contractual Clauses for EEA/Switzerland Data Transfers, together with the version as modified by the UK Information Commissioner's Office's international data transfer addendum ("IDTA") (together, "EU SCCs") (which will be deemed executed by the parties as of the effective date of the Agreement). For the purpose of this Section 5.2 the EU SCCs means Module Two (Transfer controller to processor) of the Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (the text of which is available at: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX:32021D0914&locale=en), and the IDTA means the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses published by the UK Information Commissioner's Office (the text of which is available at: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-data-transfer-agreement-and-guidance/) (or any successor IDTA approved by the relevant UK authorities) in which Canary will be referred to as the “data exporter” and Supplier will be referred to as the “data importer”, incorporating: (a) the relevant Options set out in Part 1 of Attachment 2 to this DPA; (b) Annex I pre-populated with the details set out in Part 2 of Attachment 2 to this DPA; and (c) Annex II pre-populated with the details set out in Part 3 of Attachment 2 to this DPA. For the purposes of this Section 5.2, the EU SCCs will come into effect upon commencement of an EEA/Switzerland Data Transfer. If there is any conflict between the Sections of this DPA or the sections of the Agreement and the EU SCCs, in so far as the conflict relates to an EEA/Switzerland Data Transfer the EU SCCs will prevail.
- SUBPROCESSORS.
- Supplier may only authorize a third party or Subprocessor to process the Personal Information if:
- Canary provides prior written consent after Supplier supplies Canary with full details regarding such Subprocessor;
- Supplier enters into a written contract with the Subprocessor that contains terms substantially the same as those set out in this DPA and, upon Canary's written request, provides Canary with copies of such contracts;
- Supplier maintains control over all Personal Information it entrusts to the Subprocessor; and
- the Subprocessor's contract terminates automatically on termination of this DPA for any reason.
- Supplier must list all approved Subprocessors in Attachment 1 and include any Subprocessor's name and location and contact information for the person responsible for privacy and data protection compliance.
- Where the Subprocessor fails to fulfil its obligations under such written agreement, Supplier remains fully liable to Canary for the Subprocessor's performance of its agreement obligations. The parties consider Supplier to control any Personal Information controlled by or in the possession of its Subprocessors. Upon Canary's written request, Supplier will audit a Subprocessor's compliance with its obligations regarding Canary's Personal Information and provide Canary with the audit results.
- Supplier may only authorize a third party or Subprocessor to process the Personal Information if:
- COOPERATION; ASSISTANCE.
- Data Subject’s Rights Assistance. Supplier shall fully cooperate with Canary to enable Canary (or its third party Controller) to respond to any requests, complaints or other communications from Data Subjects and regulatory or judicial bodies relating to the processing of Personal Information under the Agreement(s), including requests from a Data Subject seeking to exercise their rights under Data Protection Law. In the event that any such request, complaint, or communication is made directly to Supplier, Supplier must notify Canary immediately, and shall not respond to such communication without Canary’s express authorization. Supplier will comply with any deletion instruction from Canary regarding Personal Information unless an exception under Data Protection Law permits it to retain Personal Information. If Supplier determines such an exception exists notwithstanding a deletion instruction from Canary, then Supplier will: (i) notify Canary of such exception; and (ii) defend and indemnify Canary for any claims arising from or related to Supplier’s retention of such Personal Information.
- Data Protection Impact Assessment Assistance. Taking into account the nature of Processing and the information available to the Supplier, Supplier will assist Canary in ensuring compliance with the obligations under Articles 35 and 36 of the GDPR.
- TERM AND TERMINATION. This DPA will remain in full force and effect so long as the Agreement remains in effect, or Supplier retains any Personal Information related to the Agreement in its possession or control (Term). Any provision of this DPA that expressly or by implication should come into or continue in force on or after termination of the Agreement in order to protect Personal Information will remain in full force and effect. Supplier's failure to comply with the terms of this DPA is a material breach of the Agreement. In such event, Canary may terminate the Agreement effective immediately upon written notice to Supplier without further liability or obligation.
- LIABILITY AND INDEMNITY.
- Liability. Notwithstanding anything else to the contrary in the Agreement, Supplier agrees that:
- It shall be liable for any unauthorized use, exposure or loss of Personal Information (including Client Personal Data) arising under or in connection with the Agreement and the DPA to the extent such loss results from any failure of Supplier (or its Subprocessors) to comply with its obligations under the DPA and/or applicable law or regulation;
- any exclusion of damages or limitation of liability that may apply to limit Supplier’s liability in the Agreement shall not apply to Supplier’s liability arising under or in connection with the DPA, howsoever caused, regardless of how such amounts or sanctions awarded are characterized and regardless of the theory of liability, which liability shall be expressly excluded from any agreed exclusion of damages or limitation of liability.
- Indemnity. To the fullest extent permitted by applicable law, Supplier shall indemnify, defend, and hold Canary, including its Authorized Affiliates, and each of its affiliates, partners, principals, officers, directors, employees, subcontractors and agents harmless against any claims, suits, or proceedings and any resulting liabilities, fines, losses, damages, costs and expenses (including reasonable attorney's fees) that Canary may suffer or incur as a result of any act or omission on the part of Supplier or its subcontractors, or anyone acting on their behalf, that leads to Canary being liable for breach of Data Protection Law or a third-party contract.
- Liability. Notwithstanding anything else to the contrary in the Agreement, Supplier agrees that:
- RECORDS. Supplier will keep detailed, accurate and up-to-date written records regarding any processing of Personal Information it carries out for Canary, including but not limited to, the access, control and security of the Personal Information, approved Subprocessors and affiliates, the Processing purposes, categories of Processing, any transfers of Personal Information to a third country and related safeguards, and a general description of the technical and organizational security measures (Records). Supplier shall make this record available on request to Canary or any relevant EU or Member State supervisory authority. Supplier will ensure that the Records are sufficient to enable Canary to verify Supplier's compliance with its obligations under this DPA and Supplier will provide Canary with copies of the Records upon request.
- AUDIT. Supplier shall, and shall procure that its agents and Subprocessors shall, make available to Canary, all information necessary and allow for and contribute to audits of such data processing facilities, procedures, records and documentation which relate to the Processing of the Personal Information, including without limitation, inspections (on reasonable written notice) by Canary, its auditors or agents or any regulatory or government body, including any supervisory authority, in order to ascertain compliance with the terms of this DPA or Data Protection Law.
- SURVIVAL. Supplier’s obligations under this DPA will survive termination of the Agreement and the completion of the Services.
- CERTIFICATION. Supplier certifies that Supplier understands and will comply with the requirements and restrictions set forth in this DPA.
- GENERAL
- Governing Law. This DPA shall be governed by and construed in accordance with the governing law and jurisdiction provisions in the Agreement, unless and to the extent required otherwise by the Data Protection Law or, where applicable, the Standard Contractual Clauses.
- Parties acknowledge and agree that any breach by Supplier of the DPA shall constitute a material breach of the Agreement, in which event and without prejudice to any other right or remedy available to it, Canary may elect to immediately terminate the Agreement (in whole or in part) in accordance with the termination provisions in the Agreement
- [SIGNATURE PAGE FOLLOWS]
IN WITNESS WHEREOF, the Parties hereto have caused this Agreement to be executed as of the date first written above by their respective officers thereunto duly authorized.
Canary LLC. | |
By_____________________ (Authorized Signature) Name: Title: Date: | |
Supplier Full Legal Entity Name: | |
By_____________________ (Authorized Signature) Name: Title: Date: |
Part 1 – Selected Options
Clause 7 (Docking clause) | Clause 7 will not be incorporated. |
Clause 9 (Use of Subprocessors) | Option 2 and the specific time period referred to will be 14 days. |
Clause 11 (Redress) | The Option in Clause 11(a) will not be incorporated. |
Clause 13 (Supervision) | The following paragraph of Clause 13(a) will be incorporated: The supervisory authority of the Member State in which the representative within the meaning of Article 27(1) of Regulation (EU) 2016/679 is established, as indicated in Annex I.C, shall act as competent supervisory authority. |
Clause 17 (Governing law) | Option 1 and the governing law will be the laws of Ireland. |
Clause 18 (Choice of forum and jurisdiction) | The courts inserted will be the courts of Ireland. |
Part 2 – Content of Annex 1 to the EU SCCs
A. LIST OF PARTIES
Data exporter:
Name: | Canary LLC dba Canary Marketing |
Address: | 2700 Camino Ramon, Suite 110, San Ramon, CA 94583 USA |
Contact person’s name, position and contact details: | Attn: Privacy e-mail: privacy@canarymarketing.com |
Activities relevant to the data transferred under these Clauses: | The services as set out in the Agreement |
Signature and date: | See signature page |
Role (controller/processor): | Controller |
Data importer(s):
Name: | |
Address: | |
Contact person’s name, position and contact details: | |
Activities relevant to the data transferred under these Clauses: | The services as set out in the Agreement |
Signature and date: | See signature page |
Role (controller/processor): | Processor |
B. DESCRIPTION OF TRANSFER
C. COMPETENT SUPERVISORY AUTHORITY
Identify the competent supervisory authority/ies in accordance (e.g. in accordance with Clause 13 SCCs) |
|
Part 3 – Content of Annex II to the EU SCCs
As set out in Attachment 3.
ATTACHMENT 2 Security Measures
Supplier shall implement and maintain all appropriate technical and organizational security measures to protect from a Security Incident and to preserve the security, integrity and confidentiality of all Personal Information processed under or in connection with the Agreement(s). Such measures shall have regard to the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. At a minimum, Supplier agrees to the following security measures:
Physical Controls.
Supplier will maintain physical controls designed to secure relevant facilities, including layered controls covering perimeter and interior barriers, individual physical access controls, strongly-constructed facilities, suitable locks with key management procedures, access logging, and intruder alarms/alerts and response procedures.
Technical Controls. Supplier will:
- establish and enforce access control policies and measures to ensure that only individuals who have a legitimate need to access Personal Information will have such access, including multi-factor authentication;
- promptly terminate an individual’s access to Personal Information when such access is no longer required for performance under the Agreement;
- maintain reasonable and up-to-date anti-malware, anti-spam, and similar controls on Supplier’s networks, systems, and devices;
- log the appropriate details of access to Personal Information on Supplier’s systems and equipment, plus alarms for attempted access violations, and retain such records for no less than 90 days;
- maintain controls and processes designed to ensure that all operating system and application security patches are installed within the timeframe recommended or required by the issuer of the patch;
- implement reasonable user account management procedures to securely create, amend, and delete user accounts on networks, systems, and devices through which Supplier accesses Personal Information, including monitoring redundant accounts and ensuring that information owners properly authorize all user account requests; and
- have the ability to restore the availability and access to Personal Information in a timely manner in the event of a physical or technical incident.
Personnel Security.
Supplier will maintain personnel policies and practices restricting access to Personal Information, including having appropriate use guidelines, written confidentiality agreements, and performing background checks in accordance with Applicable Laws on all personnel who Process Personal Information or who implement, maintain, or administer Supplier’s security measures.
Training and Supervision.
Supplier must provide ongoing privacy and information security training and supervision for all Supplier personnel who Process Personal Information.
Encryption Requirements.
All Personal Information shall be encrypted at all times (at rest and in transit) while in Supplier’s possession or control. All encryption shall be in accordance with industry standards, including NIST SP 800-57, and including at a minimum:
Encryption at rest and in transit of all Personal Information and any backup media containing Personal Information with:
- Industry best standard encryption algorithm (e.g. AES-256, RSA, WPA-2);
- Transport Layer Security “TLS” v1.2 or higher during transmission;
- Full disk encryption of any laptops, smartphones, tablets, or other portable devices (collectively, “Portable Devices”) using an encryption algorithm that meets or exceeds industry best practices; and
- Digital certificates signed by a trusted certificate authority.
Key management policies and procedures for secure generation, storage, access, distribution, archiving, recovery, and destruction.
Use of Canary Networks, Systems, or Devices.
To the extent that Supplier accesses Canary-owned or Canary-managed networks, systems, or devices (including Canary APIs, corporate email accounts, equipment, or facilities) to access Personal Information, Supplier must comply with Canary’s written instructions, system requirements, and policies made available to Supplier.
System Acquisition, Development, and Maintenance.
If Supplier develops software for use by Canary and/or Canary clients or for use in Processing Personal Information, Supplier must adhere to industry best practices and standards for Secure Software Development Lifecycle (SSDLC), including all of, but not limited to, the following techniques:
- Consistently executed secure code reviews and testing either through manual peer review or via a code scanning solution;
- Leveraging security guidelines from one or all of the following industry best practices and standards – OWASP Top 10, SANS Top 25 and Cloud Security Alliance;
- Protection of test data and content and removal of test data and content before deployment to production;
- System acceptance testing; and
- System change control and approvals before deployment to production.
Public Cloud Services.
If Supplier uses a public cloud service, Supplier must apply industry best practices for cloud management including:
- enforce MFA for all administrative users of Supplier cloud services;
- separation of cloud environments to include strong key management practices that separate and prevent access to Personal Information from other Supplier and Supplier customer users, as well as logical separation from other data and content; and
- use industry standard encryption to protect all Personal Information when transmitted over all networks to, from, and within a public cloud service; and stored withing a public cloud service.
PCI Compliance.
To the extent Supplier Processes any Cardholder Data for or on behalf of Canary, Supplier will at all times meet or exceed all Applicable Laws related to the collection, storage, accessing, and transmission of such data, including those established by Payment Card Industry Data Security Standards. The Payment Card Industry Data Security Standards are currently published at the following URL https://www.pcisecuritystandards.org/.
Destruction; Sanitization.
Return or Deletion of Information.
Upon the termination or expiration of the Agreement for the Services, Supplier will promptly return to Canary all copies, whether in written, electronic or other form or media, of Personal Information in Supplier’s possession or the possession of Subprocessor; where permitted delete and render Personal Information unreadable in the course of disposal, securely dispose of all such hard copies, and where requested certify in writing Supplier’s compliance.
Sanitization.
Supplier will use a media sanitization process that deletes and destroys data in accordance with the US Department of Commerce’s National Institute of Standards and Technology’s guidelines in NIST Special Publication 800-88 or equivalent standard.
- Endpoint Security Requirements.
- Supplier must maintain the following endpoint security requirements: patch management; full disk encryption; remote wipe capability in case of lost/stolen laptop; anti-malware; inactivity timeout, (e.g. screen saver lock); and complex passwords of at least 8 characters.
- The storage or transmission of Personal Information on or through removable media (e.g. USB drives, mobile devices, CD/DVD Roms, etc.) is strictly prohibited.
- Business Continuity and Disaster Recovery.
- Business Continuity Plan.
- Supplier shall have a current Business Continuity Plan (“BCP”). Canary reserves the right to review a summary of the items included in the BCP. Supplier shall ensure that there is a person appointed by Supplier and charged with the responsibility of developing and maintaining the BCP. The BCP must be updated annually. Current test results of BCP testing must be retained until the next testing occurrence has been completed.
- Disaster Recovery.
- Supplier shall have documented disaster recovery plans, provisioning and tested disaster recovery capabilities in place which can recover within an acceptable amount of time those critical functions/ services for which Canary has contracted, and restore connectivity from Supplier’s recovery site to Canary. In keeping with industry standards and best practices, Supplier plans shall be reviewed and successfully tested at a minimum annually. Supplier shall make available, upon request, a summary of the most current test report for systems or critical business process utilized in support of Canary with summary of corrective actions accomplished for any identified substantive plan or provisioning shortfalls discovered in the testing process.
Assessments; Audits; Corrections.
Canary’s Security Assessment.
On Canary’s written request Supplier will promptly and accurately complete Canary’s written privacy and security questionnaire regarding any network, application, system, or device, or security measures applicable to Supplier’s access to Personal Information. Supplier will provide any additional assistance and cooperation that Canary may reasonably require during any assessment of Supplier’s security measures, including providing Canary with reasonable access to personnel, information, documentation, infrastructure and application software, to the extent any of the foregoing is involved in Supplier’s access to Personal Information.
Audits and Certifications; Regulatory Audits.
Upon request by Canary, Canary may conduct an audit of Supplier’s architecture, systems and procedures relevant to the protection of Personal Information at locations where Personal Information is Processed. Supplier will work cooperatively with Canary to agree on an audit plan in advance of any audit. Provided, however, if the scope of the audit is addressed in a SSAE 16/SOC1, SOC2, ISO 27001, NIST, PCI DSS, HIPAA or similar audit report performed by a qualified third party auditor within the prior twelve (12) months, and Supplier confirms there are no known material changes in the controls audited, Canary may agree to accept those reports in lieu of requesting an audit of the controls covered by the report. Notwithstanding this Section if a Regulator requires an audit of the data processing facilities from which Supplier process Personal Information in order to ascertain or monitor Canary’s compliance with Data Protection Law, Supplier will cooperate with such audit.
Supplier’s Continuous Self-Assessment; Penetration Testing.
Supplier will continuously monitor risk to Personal Information and ensure that the security measures are properly designed and maintained to protect the confidentiality, integrity, and availability of Personal Information. At least one time each year during the term of the Agreement, Supplier will retain, at its sole cost and expense, an independent third party to conduct a penetration test of Supplier’s infrastructure designed to detect any material security weaknesses in such infrastructure. Supplier will use a reputable third party to conduct such testing that is certified by recognized industry standards as being qualified to perform such penetration testing. Supplier will reasonably discuss the results of such testing with Canary in a general nature so as not to expose any potential vulnerabilities to broader disclosure and, to the extent any such material weakness is found, will take appropriate action, prompt under the circumstances, to remedy such weakness.
Website Terms of Use
Effective June 5th 2023
DownloadTable of Contents
Last Modified: 5/12/2023
These terms of use are entered into by and between You and Canary LLC ("Canary," "we," or "us"). The following terms and conditions (collectively, "Terms of Use"), govern your access to and use of https://www.canarymarketing.com/, including any content, functionality, and services offered on or through https://www.canarymarketing.com/ (the "Website").
Please read the Terms of Use carefully before you start to use the Website. By using the Website, you accept and agree to be bound and abide by these Terms of Use and our Privacy Policy, found at https://www.canarymarketing.com/privacy-policy/, incorporated herein by reference. If you do not want to agree to these Terms of Use or the Privacy Policy, you must not access or use the Website.
- Changes to the Terms of Use
We may revise and update these Terms of Use from time to time in our sole discretion. All changes are effective immediately when we post them.
Your continued use of the Website following the posting of revised Terms of Use means that you accept and agree to the changes. You are expected to check this page so you are aware of any changes, as they are binding on you.
We reserve the right to withdraw or amend this Website, and any service or material we provide on the Website, in our sole discretion without notice. We will not be liable if for any reason all or any part of the Website is unavailable at any time or for any period. From time to time, we may restrict access to some parts of the Website, or the entire Website, to users, including registered users.
- Making all arrangements necessary for you to have access to the Website.
- Ensuring that all persons who access the Website through your internet connection are aware of these Terms of Use and comply with them.
To access the Website or some of the resources it offers, you may be asked to provide certain registration details or other information. It is a condition of your use of the Website that all the information you provide on the Website is correct, current, and complete. You agree that all information you provide to register with this Website or otherwise, including, but not limited to, through the use of any interactive features on the Website, is governed by our Privacy Policy https://www.canarymarketing.com/privacy-policy/, and you consent to all actions we take with respect to your information consistent with our Privacy Policy.
If you choose, or are provided with, a user name, password, or any other piece of information as part of our security procedures, you must treat such information as confidential, and you must not disclose it to any other person or entity. You also acknowledge that your account is personal to you and agree not to provide any other person with access to this Website or portions of it using your user name, password, or other security information. You agree to notify us immediately of any unauthorized access to or use of your user name or password or any other breach of security. You also agree to ensure that you exit from your account at the end of each session. You should use particular caution when accessing your account from a public or shared computer so that others are not able to view or record your password or other personal information.
We have the right to disable any user name, password, or other identifier, whether chosen by you or provided by us, at any time in our sole discretion for any or no reason, including if, in our opinion, you have violated any provision of these Terms of Use.
The Website and its entire contents, features, and functionality (including but not limited to all information, software, text, displays, images, video, and audio, and the design, selection, and arrangement thereof) are owned by Canary, its licensors, or other providers of such material and are protected by United States and international copyright, trademark, patent, trade secret, and other intellectual property or proprietary rights laws.
These Terms of Use permit you to use the Website for your personal, non-commercial use only. You must not reproduce, distribute, modify, create derivative works of, publicly display, publicly perform, republish, download, store, or transmit any of the material on our Website, except as follows:
- Your computer may temporarily store copies of such materials in RAM incidental to your accessing and viewing those materials.
- You may store files that are automatically cached by your Web browser for display enhancement purposes.
- Modify copies of any materials from this site.
- Delete or alter any copyright, trademark, or other proprietary rights notices from copies of materials from this site.
You must not access or use for any commercial purposes any part of the Website or any services or materials available through the Website.
If you print, copy, modify, download, or otherwise use or provide any other person with access to any part of the Website in breach of the Terms of Use, your right to use the Website will stop immediately and you must, at our option, return or destroy any copies of the materials you have made. No right, title, or interest in or to the Website or any content on the Website is transferred to you, and all rights not expressly granted are reserved by Canary. Any use of the Website not expressly permitted by these Terms of Use is a breach of these Terms of Use and may violate copyright, trademark, and other laws.
The Canary name, and all related names, logos, product and service names, designs, and slogans are trademarks of Canary or its affiliates or licensors. You must not use such marks without the prior written permission of Canary. All other names, logos, product and service names, designs, and slogans on this Website are the trademarks of their respective owners.
You may use the Website only for lawful purposes and in accordance with these Terms of Use. You agree not to use the Website:
- In any way that violates any applicable federal, state, local, or international law or regulation (including, without limitation, any laws regarding the export of data or software to and from the US or other countries).
- For the purpose of exploiting, harming, or attempting to exploit or harm minors in any way by exposing them to inappropriate content, asking for personally identifiable information, or otherwise.
- To transmit, or procure the sending of, any advertising or promotional material [without our prior written consent], including any "junk mail," "chain letter," "spam," or any other similar solicitation.
- To impersonate or attempt to impersonate Canary, a Canary employee, another user, or any other person or entity (including, without limitation, by using email addresses associated with any of the foregoing).
- To engage in any other conduct that restricts or inhibits anyone's use or enjoyment of the Website, or which, as determined by us, may harm Canary or users of the Website, or expose them to liability.
- Use the Website in any manner that could disable, overburden, damage, or impair the site or interfere with any other party's use of the Website, including their ability to engage in real time activities through the Website.
- Use any robot, spider, or other automatic device, process, or means to access the Website for any purpose, including monitoring or copying any of the material on the Website.
- Use any manual process to monitor or copy any of the material on the Website, or for any other purpose not expressly authorized in these Terms of Use, without our prior written consent.
- Use any device, software, or routine that interferes with the proper working of the Website.
- Introduce any viruses, Trojan horses, worms, logic bombs, or other material that is malicious or technologically harmful.
- Attempt to gain unauthorized access to, interfere with, damage, or disrupt any parts of the Website, the server on which the Website is stored, or any server, computer, or database connected to the Website.
- Attack the Website via a denial-of-service attack or a distributed denial-of-service attack.
- Otherwise attempt to interfere with the proper working of the Website.
The information presented on or through the Website is made available solely for general information purposes. We do not warrant the accuracy, completeness, or usefulness of this information. Any reliance you place on such information is strictly at your own risk. We disclaim all liability and responsibility arising from any reliance placed on such materials by you or any other visitor to the Website, or by anyone who may be informed of any of its contents.
This Website includes content provided by third parties, including materials provided by other third-party licensors. All statements and/or opinions expressed in these materials, and all articles and responses to questions and other content, other than the content provided by Canary, are solely the opinions and the responsibility of the person or entity providing those materials. These materials do not necessarily reflect the opinion of Canary. We are not responsible, or liable to you or any third party, for the content or accuracy of any materials provided by any third parties.
We may update the content on this Website from time to time, but its content is not necessarily complete or up-to-date. Any of the material on the Website may be out of date at any given time, and we are under no obligation to update such material.
All information we collect on this Website is subject to our Privacy Policy https://www.canarymarketing.com/privacy-policy/. By using the Website, you consent to all actions taken by us with respect to your information in compliance with the Privacy Policy.
- Online Purchases and Other Terms and Conditions
All purchases through our site or other transactions for the sale of goods, or services, or information formed through the Website, or resulting from visits made by you, are governed by our Terms of Sale https://www.canarymarketing.com/terms-of-sale/, which are hereby incorporated into these Terms of Use.
YOU EXPRESSLY UNDERSTAND AND AGREE THAT TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, YOUR USE OF THE WEBSITE, ITS CONTENT, AND ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE IS AT YOUR SOLE RISK, AND THAT THE WEBSITE, ITS CONTENT, AND ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS, WITH ALL FAULTS AND WITHOUT ANY WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. NEITHER CANARY NOR ANY PERSON ASSOCIATED WITH CANARY MAKES ANY WARRANTY OR REPRESENTATION WITH RESPECT TO THE COMPLETENESS, SECURITY, RELIABILITY, QUALITY, ACCURACY, OR AVAILABILITY OF THE WEBSITE. WITHOUT LIMITING THE FOREGOING, NEITHER CANARY NOR ANYONE ASSOCIATED WITH CANARY REPRESENTS OR WARRANTS THAT THE WEBSITE, ITS CONTENT, OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE WILL BE ACCURATE, RELIABLE, ERROR-FREE, OR UNINTERRUPTED, THAT DEFECTS WILL BE CORRECTED, THAT OUR SITE OR THE SERVER THAT MAKES IT AVAILABLE ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS, OR THAT THE WEBSITE OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE WILL OTHERWISE MEET YOUR NEEDS OR EXPECTATIONS.
TO THE FULLEST EXTENT PROVIDED BY LAW, CANARY HEREBY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF MERCHANTABILITY, TITLE, NON-INFRINGEMENT, AND FITNESS FOR PARTICULAR PURPOSE.
- Limitation on Liability
- TO THE FULLEST EXTENT PROVIDED BY LAW, IN NO EVENT WILL CANARY BE LIABLE FOR DAMAGES OF ANY KIND, UNDER ANY LEGAL THEORY, ARISING OUT OF OR IN CONNECTION WITH YOUR USE, OR INABILITY TO USE, THE WEBSITE, ANY WEBSITES LINKED TO IT, ANY CONTENT ON THE WEBSITE OR SUCH OTHER WEBSITES, INCLUDING ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO, PERSONAL INJURY, PAIN AND SUFFERING, EMOTIONAL DISTRESS, LOSS OF REVENUE, LOSS OF PROFITS, LOSS OF BUSINESS OR ANTICIPATED SAVINGS, LOSS OF USE, LOSS OF GOODWILL, LOSS OF DATA, AND WHETHER CAUSED BY TORT (INCLUDING NEGLIGENCE), BREACH OF CONTRACT, OR OTHERWISE, EVEN IF FORESEEABLE.
- Cap on Liability. TO THE FULLEST EXTENT PROVIDED BY LAW, IN NO EVENT WILL THE COLLECTIVE LIABILITY OF CANARY AND ITS SUBSIDIARIES AND AFFILIATES, AND THEIR LICENSORS, SERVICE PROVIDERS, EMPLOYEES, AGENTS, OFFICERS, AND DIRECTORS, TO ANY PARTY (REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT, OR OTHERWISE) EXCEED THE AMOUNT YOU HAVE PAID TO CANARY FOR THE APPLICABLE PRODUCT, OR SERVICE IN THE LAST 6 MONTHS OUT OF WHICH LIABILITY AROSE.
- THE FOREGOING DOES NOT AFFECT ANY LIABILITY THAT CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE LAW.
- Indemnification
You agree to defend, indemnify, and hold harmless Canary, its affiliates, licensors, and service providers, and its and their respective officers, directors, employees, contractors, agents, licensors, suppliers, successors, and assigns from and against any claims, liabilities, damages, judgments, awards, losses, costs, expenses, or fees (including reasonable attorneys' fees) arising out of or relating to your violation of these Terms of Use or your use of the Website, including, but not limited to, any use of the Website's content, services, and products other than as expressly authorized in these Terms of Use, or your use of any information obtained from the Website.
All matters relating to the Website and these Terms of Use, and any dispute or claim arising therefrom or related thereto (in each case, including non-contractual disputes or claims), shall be governed by and construed in accordance with the internal laws of the State of California without giving effect to any choice or conflict of law provision or rule (whether of the State of California or any other jurisdiction).
Any legal suit, action, or proceeding arising out of, or related to, these Terms of Use or the Website shall be instituted exclusively in the federal courts of the United States or the courts of the State of California. You waive any and all objections to the exercise of jurisdiction over you by such courts and to venue in such courts.
At Canary's sole discretion, it may require You to submit any disputes arising from these Terms of Use or use of the Website, including disputes arising from or concerning their interpretation, violation, invalidity, non-performance, or termination, to final and binding arbitration under the Rules of Arbitration of the American Arbitration Association applying California law.
ANY CAUSE OF ACTION OR CLAIM YOU MAY HAVE ARISING OUT OF OR RELATING TO THESE TERMS OF USE OR THE WEBSITE MUST BE COMMENCED WITHIN ONE (1) YEAR AFTER THE CAUSE OF ACTION ACCRUES; OTHERWISE, SUCH CAUSE OF ACTION OR CLAIM IS PERMANENTLY BARRED.
No waiver by Canary of any term or condition set out in these Terms of Use shall be deemed a further or continuing waiver of such term or condition or a waiver of any other term or condition, and any failure of Canary to assert a right or provision under these Terms of Use shall not constitute a waiver of such right or provision.
If any provision of these Terms of Use is held by a court or other tribunal of competent jurisdiction to be invalid, illegal, or unenforceable for any reason, such provision shall be eliminated or limited to the minimum extent such that the remaining provisions of the Terms of Use will continue in full force and effect.
The Terms of Use, our Privacy Policy, and Terms of Sale, constitute the sole and entire agreement between you and Canary regarding the Website and supersede all prior and contemporaneous understandings, agreements, representations, and warranties, both written and oral, regarding the Website.
This website is operated by Canary https://www.canarymarketing.com
All notices of copyright infringement claims should be sent to the copyright agent designated in our Copyright Policy (legal@canarymarketing.com) in the manner and by the means set out therein.
Sales Order Terms and Conditions
Effective June 5th 2023
DownloadTable of Contents
SALES ORDER TERMS AND CONDITIONS
- APPLICABILITY.
- These terms and conditions for services (these "SO Terms") are the only terms which govern the provision of services ("Services") by Canary LLC ("Canary") to the Client named on accompanying sales order (the "Sales Order") ("Client"). Canary and Client are collectively referred herein as the “Parties”, and each as a “Party.” Notwithstanding anything herein to the contrary, if a written contract signed by both parties is in existence covering the Services covered hereby, the terms and conditions of said contract shall prevail to the extent they are inconsistent with these Terms.
- The accompanying Sales Order and these SO Terms (collectively, this "Agreement") comprise the entire agreement between the parties, and supersede all prior or contemporaneous understandings, agreements, negotiations, representations and warranties, and communications, both written and oral. These Terms prevail over any of Client's general terms and conditions of purchase regardless whether or when Client has submitted its purchase order or such terms.
- SHIPMENT AND DELIVERY
- Product Shipping. Unless expressly agreed to by the Parties in writing, Canary shall select the method of shipment of, and the carrier for, the Products. Canary may, in its sole discretion, without liability or penalty, make partial shipments of Products to Client.
- Delivery. Unless expressly agreed to by the Parties, Canary shall deliver the Products to the address specified in the Sales Order (the “Delivery Location”), using Canary's (or manufacturers, as the case may be) standard methods for packaging and shipping such Products.
- Late Delivery. Any time quoted by Canary for delivery is an estimate only. Canary is not liable for or in respect of any loss or damage arising from any delay in filling any order, or delay in delivery.
- Quantity. If Canary delivers to Client a quantity of Products of up to 3% more or less than the quantity set forth in the Sales Order, Client shall not be entitled to object to or reject the Products or any portion of them by reason of the surplus or shortfall and shall pay for such Products the price set forth in the Sales Order adjusted pro rata.
- Client's Acts or Omissions. If Canary's performance of its obligations under this Agreement is prevented or delayed by any act or omission of Client or its agents, subcontractors, consultants, or employees, Canary shall not be deemed in breach of its obligations under this Agreement or otherwise liable for any costs, charges, or losses sustained or incurred by Client, in each case, to the extent arising directly or indirectly from such prevention or delay. If there are any returns, address changes or refused packages, any charges incurred from carrier will be invoiced when received.
- TITLE AND RISK OF LOSS.
- Unless expressly agreed to by the Parties in writing, title and risk of loss to all Products sold hereunder passes to Client upon Canary’s tender of such units to the carrier.
- INSPECTION AND REJECTION OF NONCONFORMING PRODUCTS.
- Acceptance of Products. Client shall inspect the Products within fifteen (15) days of receipt ("Inspection Period"). Client will be deemed to have accepted the Products unless it notifies Canary in writing of any Nonconforming Products during the Inspection Period and furnishes such written evidence or other documentation as reasonably required by Canary. "Nonconforming Products" means only the following: (i) product shipped is different than identified in Buyer's purchase order; or (ii) product shipped is materially defective.
- Remedy for Nonconforming Products. If Client timely notifies Canary of any Nonconforming Products, Canary shall, in its sole discretion, (i) replace such Nonconforming Products with conforming Products, or (ii) credit or refund the Price for such Nonconforming Goods, together with any reasonable shipping and handling expenses incurred by Client in connection therewith.
- Expenses. Client shall ship, at its expense and risk of loss, the Nonconforming Products to Client's facility. If Canary exercises its option to replace Nonconforming Products, Canary shall, after receiving Client’s shipment of Nonconforming Products, ship to Client, at Canary’s expense, the replaced Products to the Delivery Location.
- Exclusive Remedy. Client acknowledges and agrees that the remedies set forth in Section 4.2 are Client's exclusive remedies for the delivery of Nonconforming Products. Except as provided under Section 4.2, all sales of Products to Client are made on a one-way basis and Client has no right to return Products purchased under this Agreement to Canary.
- PRICE AND PAYMENT.
- Price. Client shall purchase the Products from Canary at the prices set forth in the Sales Order (the "Price").
- Invoicing; Payment Terms. Canary shall issue an invoice for each Sales Order. Client shall pay all invoiced amounts due to Canary within thirty (30) days after the date of such invoice, except for any amounts disputed by Client in good faith.
- Invoice Disputes. In the event of a payment dispute, Client shall deliver a written statement to Canary (along with a reasonably detailed description of the dispute) within fifteen (15) days from the date of such invoice. Client will be deemed to have accepted all invoices for which Canary does not receive timely notification of disputes and shall pay all undisputed amounts due under such invoices within the period set forth in Section 4.2 (Invoicing; Payment Terms). The Parties shall seek to resolve all such disputes expeditiously and in good faith.
- INTELLECTUAL PROPERTY.
- Client-Supplied Materials. Client hereby grants to Canary a limited, revocable, non-exclusive, sublicensable, royalty-free license to use, reproduce, distribute, and display the trademarks, logos, copyrights, and any other intellectual property or materials that Client provides to Canary in connection with this Agreement (the “Client-Supplied Materials”) for the purpose of providing Services set forth in this Agreement. Client warrants that it is the exclusive owner of such Client-Supplied Materials, and agrees to indemnify, defend and hold harmless Canary against any and all costs, losses, liabilities, expenses (including reasonable attorney's fees), judgments, fines, and amounts paid in settlement actually and reasonably incurred in connection with third- party claims against Canary that result from any claim relating to Client-Supplied Materials.
- Canary IP. Except for any Confidential Information of Client or Client-Supplied Materials, all intellectual property rights, including copyrights, trade secrets, know-how and other confidential information, together with all of the goodwill associated therewith, derivative works and all other rights (collectively, "Intellectual Property Rights") in and to all documents, work product, and other materials that are delivered to Client under this Agreement or prepared by or on behalf of Canary in the course of performing the Services, shall be owned by Canary or it’s licensors. Canary hereby grants Client a license to use all Intellectual Property Rights free of additional charge and on a non-exclusive, worldwide, non-transferable, non-sublicensable, fully paid-up, royalty-free, and perpetual basis solely to the extent necessary to enable Client to make reasonable use of the Deliverables and the Services.
- WARRANTY.
- Mutual Warranty. Each Party represents and warrants to the other party that: (a) it is duly organized, validly existing, and in good standing (unless the party is an individual), (b) it shall comply with all applicable laws and regulations, and (c) it shall comply with all confidentiality provisions in the Agreement.
- Canary Warranty. Canary further represents and warrants to Client that it shall perform the Services using personnel of required skill, experience, and qualifications and in a professional and workmanlike manner in accordance with generally recognized industry standards for similar services and shall devote adequate resources to meet its obligations under the Agreement.
- Client Warranty. Client further represents and warrants to Canary that: the designs, specifications, instructions, directions and Client-Supplied Materials or other materials furnished to Canary by Client does not infringe, violate, or misappropriate any intellectual property rights or other rights of any person or entity.
- LIMITATIONS OF LIABILITY AND WAIVERS.
- Disclaimer of Damages. IN NO EVENT SHALL CANARY BE LIABLE TO CLIENT OR ANY THIRD PARTY FOR ANY LOSS OF USE, REVENUE OR PROFIT, OR FOR ANY CONSEQUENTIAL, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR PUNITIVE DAMAGES WHETHER ARISING OUT OF BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, REGARDLESS OF WHETHER SUCH DAMAGES WERE FORESEEABLE AND WHETHER OR NOT CANARY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND NOTWITHSTANDING THE FAILURE OF ANY AGREED OR OTHER REMEDY OF ITS ESSENTIAL PURPOSE.
- Cap on Liability. IN NO EVENT SHALL CANARY'S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO AGREEMENT, WHETHER ARISING OUT OF OR RELATED TO BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, EXCEED THE TOTAL OF THE AMOUNTS PAID TO CANARY FOR THE PRODUCTS AND SERVICES SOLD HEREUNDER OR $50,000, WHICHEVER IS LESS.
- Disclaimer of Warranties. EXCEPT FOR THE WARRANTIES SET FORTH IN SECTION 6, CANARY MAKES NO WARRANTY WHATSOEVER WITH RESPECT TO THE PRODUCTS OR SERVICES, INCLUDING ANY WARRANTY OF MERCHANTABILITY; OR WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE; OR WARRANTY AGAINST INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OF A THIRD PARTY; WHETHER EXPRESS OR IMPLIED BY LAW, COURSE OF DEALING, COURSE OF PERFORMANCE, USAGE OF TRADE, OR OTHERWISE.
- TERMINATION; SURVIVAL.
- Termination for Convenience. Canary may terminate Agreement, in whole or in part, at any time with or without cause upon ten (10) days' prior written notice to Client.
- Termination for Cause. Either Party may terminate Agreement, effective upon written notice to the other Party (the "Defaulting Party") if the Defaulting Party: materially breaches Agreement, and such breach is incapable of cure, or with respect to a material breach capable of cure, the Defaulting Party does not cure such breach within thirty (30) days after receipt of written notice of such breach.
- Effects of Expiration or Termination. If Canary terminates Agreement for any reason, Canary shall not be liable to Client for any damage of any kind (whether direct or indirect) incurred by Client by reason of the expiration or earlier termination of Agreement.
- Survival. Provisions of Agreement which by their nature should apply beyond their terms will remain in force after any termination or expiration of Agreement including, but not limited to, the following sections: 6 (Warranty), 7 (Limitations of Liability and Waiver), 9 (Confidentiality), 10.7 (Governing Law; Submission to Jurisdiction), and 8.4 (Survival) .
- CONFIDENTIALITY
- Scope of Confidential Information. From time to time during the Term of this Agreement, either Party (as the "Disclosing Party") may disclose or make available to the other Party (as the "Receiving Party"), non-public or proprietary information of Disclosing Party, that is clearly identified as confidential at the time of disclosure, or is received under circumstances that a person exercising reasonable business judgment would understand as imposing an obligation of confidentiality ("Confidential Information").
- Exclusions. Confidential Information does not include any information that: (a) is or becomes generally available to the public other than as a result of Receiving Party's breach of this Section; (b) is or becomes available to the Receiving Party on a non-confidential basis from a third-party source, provided that such third party is not and was not prohibited from disclosing such Confidential Information; (c) was in Receiving Party's possession prior to Disclosing Party's disclosure hereunder; or (d) was or is independently developed by Receiving Party without using any Confidential Information.
- Protection of Confidential Information. The Receiving Party shall: protect and safeguard the confidentiality of the Disclosing Party's Confidential Information with at least the same degree of care as the Receiving Party would protect its own Confidential Information, but in no event with less than a commercially reasonable degree of care; not use the Disclosing Party's Confidential Information, or permit it to be accessed or used, for any purpose other than to exercise its rights or perform its obligations under this Agreement; and not disclose any such Confidential Information to any person or entity, except to the Receiving Party's employees, officers, directors, shareholders, partners, members, managers, agents, independent contractors, service providers, sublicensees, subcontractors, attorneys, accountants, and financial advisors (collectively, “Representatives”) who need to know the Confidential Information to assist the Receiving Party, or act on its behalf, to exercise its rights or perform its obligations under this Agreement.
- Return or Destruction. On Disclosing Party's written request, Receiving Party will, at its discretion, promptly return to Disclosing Party or destroy all Confidential Information; provided, however, that Receiving Party may retain copies of Confidential Information that are stored on Receiving Party's IT backup and disaster recovery systems until the ordinary course deletion thereof, or as required by applicable law. Receiving Party will continue to be bound by the terms and conditions of this Agreement with respect to such retained Confidential Information.
- GENERAL
- Force Majeure. Neither Party shall be liable, nor be deemed to have defaulted or breached Agreement, for any failure or delay in fulfilling or performing any term of Agreement when and to the extent such failure or delay is caused by or results from acts or circumstances beyond the reasonable control of that Party including, without limitation, acts of God, flood, fire, earthquake, explosion, governmental actions, war, invasion, or hostilities (whether war is declared or not), terrorist threats or acts, riot, or other civil unrest, national emergency, revolution, insurrection, epidemic, lockouts, strikes or other labor disputes (whether or not relating to either party's workforce), or restraints or delays affecting carriers or inability or delay in obtaining supplies of adequate or suitable materials, materials or telecommunication breakdown or power outage.
- Relationship of the Parties. The relationship between the parties is that of independent contractors. Nothing contained in Agreement shall be construed as creating any agency, partnership, joint venture or other form of joint enterprise, employment or fiduciary relationship between the parties, and neither party shall have authority to contract for or bind the other party in any manner whatsoever.
- Amendment and Modification. No amendment to or modification of Agreement is effective unless it is in writing and signed by an authorized representative of each Party .
- Notices. All notices, requests, consents, claims, demands, waivers, and other communications hereunder (each, a "Notice") shall be in writing and addressed to the parties at the addresses set forth on the face of the Sales Order or to such other address that may be designated by the receiving party in writing. All Notices shall be delivered by personal delivery, nationally recognized overnight courier (with all fees pre-paid), facsimile (with confirmation of transmission), or certified or registered mail (in each case, return receipt requested, postage prepaid). Except as otherwise provided in Agreement, a Notice is effective only upon receipt of the receiving party, and if the party giving the Notice has complied with the requirements of this Section.
- Assignment. Canary may at any time assign, transfer, or subcontract any or all of its rights or obligations under Agreement without Client's prior written consent.
- No Third-Party Beneficiaries. Agreement is for the sole benefit of the parties hereto and their respective successors and permitted assigns and nothing herein, express or implied, is intended to or shall confer upon any other person or entity any legal or equitable right, benefit, or remedy of any nature whatsoever under or by reason of these Terms
- Governing Law; Choice of Forum.
- ALL CLAIMS ARISING OUT OF OR RELATING TO THESE TERMS WILL BE GOVERNED BY CALIFORNIA LAW, EXCLUDING CALIFORNIA’S CONFLICT OF LAWS RULES, AND WILL BE LITIGATED EXCLUSIVELY IN THE FEDERAL OR STATE COURTS OF CONTRA COSTA COUNTY, CALIFORNIA, USA. EACH PARTY IRROVOCABLY SUBMITS TO THE EXCLUSIVE JURISDICTION OF SUCH COURTS IN ANY SUCH SUIT, ACTION, OR PROCEEDING.
- If the United Nations Convention on Contracts for the International Sale of Goods and the Uniform Computer Information Transactions Act are otherwise applicable, the parties expressly exclude them from applicability under the Terms.
Supplier Code of Conduct
Effective June 5th 2023
DownloadTable of Contents
SUPPLIER CODE OF CONDUCT
INTRODUCTION.
Canary is committed to providing value to our clients — while also being a powerful force for good. Business integrity, responsible product sourcing, and the safety and wellbeing of workers across the global supply chain are of paramount importance to Canary. Our commitment to operating with high ethical standards and making a positive difference in everything we do is what makes Canary special.
These principles apply to all aspects of Canary's business, and encompass all manufacturers, subcontractors, service providers, vendors, and other suppliers (each a "Supplier" and collectively "Suppliers") that supply the products that Canary provides to it’s clients.
These principles are reflected in this Code of Conduct ("Code of Conduct"), which establishes the minimum standards that must be met by any Supplier that sells goods to or does business with Canary, regarding:
- Supplier's treatment of worker;
- workplace safety;
- the impact of Supplier's activities on the environment; and
- Supplier's ethical business practices.
WHO MUST COMPLY?
This Code of Conduct applies to all Suppliers that provide goods or services to Canary. Supplier is responsible for compliance with the standards set out in this Code of Conduct ("Standards") throughout its operations and throughout its entire supply chain.
Without limiting Supplier's obligations hereunder, Supplier shall comply with the Standards in:
- all of its Facilities; and
- all of its operations, including with respect to manufacturing, distribution, packaging, sales, marketing, product safety and certification, intellectual property, labor, immigration, health, worker safety, and the environment.
Without limiting Supplier's obligations hereunder, Supplier is responsible for compliance with the Standards by all of its suppliers, vendors, agents, and subcontractors and their respective Facilities ("Partner(s)").
STANDARDS.
- COMPLIANCE WITH LAW.
- In the conduct of its activities, Canary is committed to complying with all applicable laws, regulations and national and international conventions, as well as with the best practices, in particular with regards to ethics, social responisbility, and protection of the environment. As such, Canary expects its Suppliers to apply the same respect for applicable laws and ethics principles. Supplier shall comply with all applicable national and local laws and regulations (including laws and regulations relating to all the Standards), and with the principles stipulated in the Conventions of the International Labour Organization, the Universal Declaration of Human Rights, the United Nations Global Compact, the OECD Guidelines for Multinational Enterprises and the United Nations Women’s Empowerment Principles.
- Where law or other applicable regulations address the same issue as this Code of Conduct, the highest standards shall apply. Where this Code of Conduct is in contradiction with applicable law, the applicable law shall apply.
- LABOR STANDARDS AND SOCIAL RESPONSIBILITIES.
- Prohibition of Forced Labor. All labor must be voluntary. Supplier shall not support or engage in slavery or human trafficking in any part of its supply chain. Without limiting Supplier's obligations hereunder, Supplier shall not, and shall ensure that its Partners do not, support or engage in, or require any compelled, involuntary, or forced labor; bonded labor; indentured labor; and prison labor. Withholding identity papers or work permits or requiring workers to deposit a bond or the use of any other constraint is strictly prohibited. Supplier may not require workers to work to repay a debt owed to Supplier or any third-party. All workers are entitled to accept or leave their employment freely.
- Prohibition of Child Labor. Work by children under the age of sixteen (16) is strictly prohibited. In countries where local laws set a higher age than 16, the highest age is applicable. Without limiting Supplier's obligations hereunder, Supplier shall not, and shall ensure that its Partners do not, support or engage in, or require any labor which is likely to jeopardize a person’s physical or mental health, safety, or morals, to be perfomed by any person under the age of eighteen (18).
- Prohibition of Illegal, Clandestine, and Undeclared Employment. Supplier is required to comply with all applicable regulations to prevent illegal, clandestine, and undeclared employment.
- Prohibition of Discrimination. Canary requires that Supplier treat all workers equally and fairly. Suppliers may not engage in any kind of discrimination. In particular, Supplier shall not discriminate in regards to hiring, compensation, training, advancement or promotion, termination, retirement, or any other employment practice based on race, color, national origin, gender, gender identity, sexual orientation, military status, religion, age, marital or pregnancy status, disability, or any other characteristic other than the worker's ability to perform the job.
- Prohibition of Harassment and Abuse. Canary requires that Supplier treat workers with respect and dignity. Supplier shall not subject workers to corporal punishment, or physical, verbal, sexual, or psychological abuse or harassment. Supplier must not condone or tolerate such behavior by its Partners.
- Wages and Benefits. Supplier must compensate all workers with wages, including overtime premiums, and benefits that, at a minimum, meet the higher of: the minimum wage and benefits established by applicable law; collective agreements; industry standards; and an amount sufficient to cover basic living requirements. Supplier shall make wage payments at least monthly and provide benefits on a timely basis. Supplier's obligation to compensate and provide benefits applies to all workers at all times, including during periods of training, apprenticeship, and probation.
- Work Hours. Supplier shall not require or allow workers to work more than the maximum legally permitted number of regularly paid hours worked per week. Additional overtime hours are voluntary, and must not exceed the maximum legally permitted number of overtime hours worked per week.
- Freedom of Association and Collective Bargaining. Canary requires Supplier to respect, and not interfere with, the right of workers to decide whether to lawfully associate with groups of their choice, including the right to form or join trade unions and to engage in collective bargaining, without any sanction, discrimination or harassment.
- ENSURING HEALTH AND SAFETY.
- Canary expects Suppliers to provide a safe, healthy, and sanitary working environment to their workers. Supplier shall implement procedures and safeguards to prevent workplace hazards, and work-related accidents and injuries which may be caused by, related to, or result from their work, including during the operation of equipment or during work-related travel. Supplier is required to comply with all applicable local and international regulations and laws in this regard. Supplier shall provide workers adequate and appropriate personal protective equipment to protect workers against hazards typically encountered in the scope of work.
- ENVIRONMENTAL REGULATIONS AND PROTECTION.
- Operation of Supplier's Facilities. Supplier shall operate its Facilities in compliance with all environmental laws, including laws and international treaties relating to waste disposal; emissions; discharges; and hazardous and toxic material handling.
- Inputs and Components. Supplier must ensure that the goods that it manufactures (including the inputs and components that it incorporates into its goods) comply with all environmental laws and treaties. Supplier must ensure that it will only use packaging materials that comply with all environmental laws and treaties.
- Resource Efficiency and Waste Minimization. Supplier shall seek to improve resource efficiency and reduce resource consumption including raw materials, energy, water, and fuel. Supplier is expected to make reasonable efforts to eliminate or reduce levels of waste (both solid and wastewater) generated and to increase landfill diversion, reuse, and recycling. Supplier is encouraged to develop and use environmentally friendly innovations and practices that reduce negative environmental impacts.
- Pollution and Emissions Reduction. Supplier shall take reasonable steps to minimize emissions of greenhouse gases and of toxic and hazardous pollutants. Supplier is encouraged to track greenhouse gas emissions and to set science-based (in-line with the Paris Agreement) greenhouse gas reduction goals.
- BUSINESS INTEGRITY REQUIREMENTS. Canary requires exemplary integrity from Suppliers in the conduct of their business activities.
- Confidentiality. Supplier shall abide by its obligations relating to protection, collection, and proper handling of confidential information.
- Protection of Personal Information. Canary requires Suppliers to comply with all applicable federal, state, and foreign laws, directives, and regulations relating to the processing and protection of personally identifiable information (PII) or personal data (Personal Information). This includes, but is not limited to, the EU General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) and the California Consumer Privacy Act (CCPA) (Cal. Civ. Code §§1798.100 to 1789.199).
- Customs and Security Authorities. Supplier shall comply with applicable customs laws, including those relating to imports and the ban on transshipment of merchandise to the importing country.
- Trade Restrictions and International Sanctions. Supplier shall respect international trade restrictions and sanctions, taking into account any changes in these measures, as well as all laws and regulations concerning export controls.
- Prevention of Insider Trading. Supplier acknowledges that Supplier or its Partners may gain access to proprietary information about Canary’s clients that could be deemed material non-public information under U.S. federal or state securities laws or similar laws in foreign jurisdictions. As applicable, Supplier and its Partners will not use or disclose such proprietary information for trading in Canary’s clients’ securities or for any other purpose in violation of U.S. federal or state insider trading laws or similar laws in foreign jurisdictions.
- Prohibition of Money-laundering. Money-laundering can occur where an action is taken to mask the true origin of money or assets that are connected to criminal activity. Supplier must commit to taking all appropriate measures to prevent their operations from being used as vehicles for money-laundering.
- Prohibition of All Forms of Corruption. Canary expects Supplier to respect all applicable laws concerning corruption and to take appropriate measures to prevent, detect and sanction any corruption or trading in influence, directly or indirectly, across the scope of Supplier’s activities.
- Prevention of Conflicts of Interest. Supplier must comply with all applicable laws concerning conflicts of interest and to make every effort to prevent the occurrence of situations that create a conflict of interest within the scope of their business relationship with Canary.
- Respect for Competition. Supplier must be committed to compliance with competition law applicable in their host countries.
- Gifts and Invitations. Gifts or invititations may be considered acceptable expressions of courtesy within the context of good business relations if limited in scope and value, given openly and transparently, permitted under applicable local law, customary in the location in which they would be given, provided to reflect gratitude or esteem, and not offered with an expectation that something will be offered in return. In some cases, these practices might be subject to anti-bribery or anti-corruption regulations or other legal requirements. Therefore, it is important to be aware of such rules and fully comply with them.
- Public Statements. Supplier is expected to be extremely attentive to their public statements, particularly on the Internet and in social media, and to ensure that any statements are not attributed to Canary or Canary’s clients, and are consistent with Supplier’s commitment to both confidentiality and professional secrecy.
- Information Transparency. Canary requires Suppliers to provide clear and accurate information regarding the methods and resources used, production sites and characteristics of the products or services supplied, and to refrain from making any misleading claims.
TERMINATION.
Supplier has a responsibility to act ethically and to comply with applicable law, this Code of Conduct, and Canary policies and procedures at all times. Violations break trust with Canary and our clients. In the event of any violation of this Code of Conduct or any failure to meet the Standards herein, Canary reserves the right to review the business relationship and may immediately terminate its business relationship (including any purchase order(s) and purchase contracts) with Supplier, without prejudice to other rights of Canary or remedies it might seek.
INSPECTION AND AUDIT.
- Inspection. Supplier acknowledges that these Standards set out audit standards that Canary may use to determine whether Supplier is meeting the requirements set out in this Code of Conduct. Supplier acknowledges that Canary may in its discretion conduct inspections of the Facilities to confirm Supplier's compliance with this Code of Conduct. Canary has no obligation to conduct inspections.
- Accurate Records and Access to Information. Supplier is required to keep proper records to demonstrate compliance with this Code of Conduct. Supplier must provide Canary with access to complete, original and accurate records.
Vendor PO Terms and Conditions
Effective June 5th 2023
DownloadTable of Contents
PURCHASE ORDER TERMS AND CONDITIONS (“PO TERMS”)
- APPLICABILITY.
- This purchase order is an offer by Canary LLC ("Canary") for the purchase of the goods or products (“Products”) and services (“Services”) provided by supplier specified on the face of this purchase order (the “Supplier”) from the party to whom the purchase order is addressed ("Canary") in accordance with and subject to these terms and conditions (the "PO Terms"; together with the terms and conditions on the face of the purchase order, the "Order").
- This Order, together with any documents incorporated herein by reference, constitutes the sole and entire agreement of the parties with respect to the Order, and supersedes all prior or contemporaneous understandings, agreements, negotiations, representations and warranties, and communications, both written and oral, with respect to the subject matter of the Order. The Order expressly limits Supplier's acceptance to the terms of the Order. These PO Terms prevail over any terms or conditions contained in any other documentation and expressly exclude any of Supplier's general terms and conditions of sale or any other document issued by Supplier in connection with this Order.
- Canary is not obligated to any minimum purchase or future purchase obligations under this Order.
- ACCEPTANCE.
- This Order is not binding on Canary until Supplier accepts the Order in writing or starts to perform in accordance with the Order. Canary may withdraw the Order at any time before it is accepted by Supplier.
- SHIPMENT AND DELIVERY
- Product Shipping. Supplier shall give written notice of shipment to Canary when the Products are delivered to a carrier for transportation. All Products shall be delivered to the address specified in the Purchase Order (the "Delivery Location") during Canary's normal business hours or as otherwise instructed by Canary.
- Delivery Date. Supplier shall deliver the Products in the quantities and on the date(s) specified in the Purchase Order or as otherwise agreed in writing by the parties (the "Delivery Date"). Timely delivery of the Products is of the essence. If Supplier fails to deliver the Products in full on the Delivery Date, Canary may terminate these PO Terms immediately by providing written notice to Supplier and Supplier shall indemnify Canary against any losses, claims, damages, and reasonable costs and expenses directly attributable to Supplier's failure to deliver the Products on the Delivery Date.
- Quantity. Supplier shall deliver the quantities of the Products specified in each Purchase Order. If Supplier delivers more than 3% or less than the quantity of Products specified in Purchase Order, Canary may reject all or any excess Products. If Canary does not reject the Products and instead accepts the delivery of Products at the increased or reduced quantity, the Price for the Products shall be adjusted on a pro-rata basis.
- Product Packaging. Supplier shall properly pack, mark, and ship Products as instructed by Canary and otherwise in accordance with applicable law and industry standards. If there are no shipping instructions provided by Canary, Supplier shall pack Products in a manner sufficient to ensure that the Products are delivered in undamaged condition.
- INSPECTION AND REJECTION OF NONCONFORMING OR DEFECTIVE PRODUCTS.
- Inspection and Rejection of Nonconforming or Defective Products. Canary has the right to inspect the Products on or after the Delivery Date. Canary, at its sole option, may inspect all or a sample of the Products, and may reject all or any portion of the Products if it determines the Products are Nonconforming or Defective.
- Rejected Product. If Canary rejects any portion of the Products, Canary has the right, effective upon written notice to Supplier, to: (a) rescind the Purchase Order or these PO Terms in its entirety; (b) accept the Products at a reasonably reduced price; or (c) reject the Products and require replacement of the rejected Products. If Canary requires replacement of the Products, Supplier shall, at its expense, promptly replace the nonconforming Products and pay for all related expenses, including, but not limited to, transportation charges for the return of the defective Products and the delivery of replacement Products. If Supplier fails to timely deliver replacement Products, Canary may replace them with Products from a third party and charge Supplier the cost thereof and terminate these PO Terms for cause pursuant to Section 17 (Termination). Any inspection or other action by Canary under this Section shall not reduce or otherwise affect Supplier's obligations under these PO Terms, and Canary shall have the right to conduct further inspections after Supplier has carried out its remedial actions.
- TITLE AND RISK OF LOSS.
- Title. Title passes to Canary upon delivery of the Products to the Delivery Location. Title will transfer to Canary even if Supplier has not been paid for such Products, provided that Canary will not be relieved of its obligation to pay for Products in accordance with the terms hereof.
- Risk of Loss. Supplier bears all risk of loss or damage to the Products until delivery of the Products to the Delivery Location.
- PRICE AND PAYMENT.
- Price. Canary shall purchase the Products from Supplier at the prices set forth in the Purchase Order (the "Price"). Unless otherwise specified in the Purchase Order, the Price includes all packaging, transportation costs to the Delivery Location, insurance, customs duties and fees. No increase in the Price is effective, whether due to increased material, labor, or transportation costs or otherwise, without the prior written consent of Canary.
- Invoices. Supplier shall issue an invoice to Canary by emailing AP@canarymarketing.com within thirty (30) days after the completion of delivery of the Products. Each invoice for Products must set forth in reasonable detail the amounts payable by Canary under these PO Terms and contain the following information, as applicable: a reference to these PO Terms; Purchase Order number, amendment number, and line-item number; Supplier's name; Supplier's identification number; carrier name; ship-to address; weight of shipment; quantity of Products shipped; number of cartons or containers in shipment; bill of lading number; country of origin and any other information necessary for identification and control of the Products. Canary reserves the right to return and withhold payment for any invoices or related documents that are inaccurate or incorrectly submitted to Canary.
- Invoice Disputes. In the event of a payment dispute, Canary shall deliver a written statement to Supplier prior to the date payment is due on the disputed invoice listing all disputed items. The parties shall seek to resolve all such disputes expeditiously and in good faith. Supplier shall continue performing its obligations under these PO Terms notwithstanding any such dispute.
- Payment Terms. Canary shall pay all properly invoiced amounts due to Supplier within thirty (30) days after Canary's receipt of such invoice, except for any amounts disputed by Canary in good faith. Payment of invoices will not be deemed acceptance of the Products or waive Canary's right to inspect, but rather such Products will be subject to acceptance under Section 4.
- Setoff. Without prejudice to any other right or remedy it may have, Canary reserves the right to set off at any time any amount owing to it by Supplier against any amount payable by Canary to Supplier.
- PRODUCT LICENCE GRANT.
- For those portions of a Product that are custom work product that Supplier creates for Canary (“Deliverables”), Section 8 (Ownership of Intellectual Property and Materials) will apply.
- For those portions of a Product that are not Deliverables, Supplier grants Canary, a perpetual, irrevocable, non-exclusive, worldwide, fully paid-up, royalty-free license to use, modify, sell and offer for sale, import, and otherwise dispose of the Product.
- OWNERSHIP OF INTELLECTUAL PROPERTY AND MATERIALS
- Ownership of Developed IP. Subject to Section 8.2 below (Retained Rights): (a) title to Deliverables shall transfer to Canary upon delivery, (b) Canary owns anything protectable by an Intellectual Property Right (“IP”) other than IP owned, created, or discovered by a party before Supplier performs Services (“Background IP”) created or discovered by Supplier in connection with the Services (“Developed IP”), (c) the Developed IP is a “work made for hire” to the extent permitted by applicable law, and Canary retains all copyrights, trademark rights, rights in trade secrets, patent rights, moral rights, and any other intellectual property rights (registered or unregistered) throughout the world (“Intellectual Property Rights”) in the Developed IP.
- Retained Rights. To the extent Supplier, or any of Supplier’s employees, subcontractors, or agents retain any rights (including moral rights) in or to the Developed IP as a matter of law (“Retained Rights”), Supplier shall assign (or shall procure the assignment of) all rights (including Intellectual Property Rights) to Canary. If Retained Rights may not be assigned for any reason, Supplier shall and hereby does waive the enforcement of such Retained Rights, and Supplier shall and hereby does grant Canary an exclusive, irrevocable, sublicensable, assignable, perpetual, worldwide, royalty-free license to use, reproduce, distribute, perform, display, modify, rent, and otherwise exploit the Work Product and the Retained Right(s).
- Background IP and Third Party Materials. Supplier shall not incorporate into the Deliverables any Background IP or any information or materials owned or created by any third party or in which any third party has an interest (“Third-Party Materials”) without obtaining Canary’s prior written consent to such incorporation. If Supplier includes any Supplier Background IP in any Deliverables, Supplier shall describe such Background IP in writing and shall grant and hereby does grant to Canary, or Supplier shall obtain for Canary, at no additional cost to Canary, a non‑exclusive, royalty‑free, perpetual, irrevocable, sublicensable, assignable, worldwide license to use, reproduce, distribute, perform, display, modify, rent, and otherwise exploit the Background IP and/or the Third-Party Materials.
- Canary-Supplied Materials. To the extent Canary provides to Supplier any IP or materials in connection with these PO Terms (“Canary‑Supplied Materials”) Canary grants Provider a non-exclusive, non-sublicensable, non-assignable, fully revocable, license during the term of the applicable Purchase Order to use the Canary‑Supplied Materials for the sole purpose of providing the Services. Other than as set out in this Section 8.4 (Canary-Supplied Materials), Supplier shall acquire no right, title, or interest in the Company-Supplied Materials or any other IP or materials and all such interest shall inure to the sole benefit of Canary.
- REPRESENATIONS AND WARRANTIES.
- Supplier represents and warrants to Canary that:
- Products and Specifications. For a period of twelve (12) months from the Delivery Date, all Products shall: (a) be free from any defects in workmanship, material, and design; (b) conform to applicable specifications, drawings, designs, samples, and other requirements specified by Canary; (c) be fit for their intended purpose and operate as intended; (d) be merchantable; (e) be free and clear of all liens, security interests, or other encumbrances; and (f) not infringe or misappropriate any third party's patent or other intellectual property rights. These warranties survive any delivery, inspection, acceptance, or payment of or for the Products by Canary.
- Claims. Supplier has no knowledge of unresolved claims, demands, or pending litigation alleging that the Services infringe or misappropriate any patent rights, copyrights, trademark rights, rights in trade secrets, database rights, moral rights, and any other intellectual rights (registered or unregistered) throughout the world (the “Intellectual Property Rights”) of any third party.
- Quality. To the extent Supplier provides Services to Canary, Supplier shall perform the Services using personnel of required skill, experience, and qualifications and in a professional and workmanlike manner in accordance with generally recognized industry standards for similar services and shall devote adequate resources to meet its obligations under these PO Terms.
- OFAC. Neither Supplier nor any direct or indirect owner or shareholder of Supplier is identified on the list of Specially Designated Nationals and Blocked Persons maintained by the U.S. Office of Foreign Assets Control (“OFAC”) as in effect on the date hereof, or any similar list issued by OFAC or any other department or agency of the United States of America (collectively, the “OFAC Lists”), or are included in, owned by, controlled by, acting for or on behalf of, providing assistance, support, sponsorship, or services of any kind to, or otherwise associated with any of the persons referred to or described in the OFAC Lists. Supplier will not procure any materials, components, goods or services used in connection with the Services from any person or entity that appears on the OFAC Lists or is located in a country subject to economic sanctions administered by OFAC.
- Compliance With Law. In connection with this Order, Supplier shall be in compliance with and shall comply with all applicable laws, regulations, directives, and ordinances, including but not limited to, Anti-Bribery Laws (defined below), conflict mineral laws, employment laws, import and export laws, and Data Protection Laws (defined below). Supplier has and shall maintain in effect all the licenses, permissions, authorizations, consents, and permits that it needs to carry out its obligations under these PO Terms.
- Anti-Bribery. In conformity with the United States Foreign Corrupt Practices Act and any applicable anti-bribery or anti-corruption laws (the “Anti-Bribery Laws”) Supplier shall not directly or indirectly (a) make any offer, payment, promise to pay, or authorize payment, or offer a gift, promise to give, or authorize the giving of anything of value for the purpose of influencing an act or decision of an official of any government (including a decision not to act) or any other person, or inducing such official or person to use their influence to affect any such act or decision in order to assist Canary or supplier in obtaining, retaining, or directing any business or (b) take any other action that causes a violation of Anti-Bribery Laws.
- Compliance With Code of Conduct. Supplier shall comply with Canary’s Supplier Code of Conduct at https://www.canarymarketing.com/supplier-code-of-conduct/ (or such other URL as Canary may specify).
- Security. Supplier shall, at its expense, implement and maintain appropriate technical and organizational measures to protect Canary-Supplied Materials, including Personal Information, and any other Canary Confidential Information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Canary-Supplied Materials, including Personal Information, or any other Canary Confidential Information, transmitted, stored, or otherwise processed.
- Confidentiality, Privacy and Data Protection Obligations. Supplier shall comply with Supplier’s confidentiality, privacy and data protection obligations under these PO Terms, including Section 15 (Confidentiality) and Section 16 (Privacy and Data Protection).
- These warranties are cumulative and in addition to any other warranty provided by law or equity. Any applicable statute of limitations runs from the date of Canary's discovery of the noncompliance of the Products or Services with the foregoing warranties.
- Supplier represents and warrants to Canary that:
- RELATIONSHIP OF THE PARTIES; NO AGENCY
- Independent Contractor. It is understood and acknowledged that in providing the Products and Services, Supplier acts in the capacity of an independent contractor and not as an employee or agent of the Canary. Supplier has no authority to commit, act for or on behalf of Canary, or to bind Canary to any obligation or liability. Supplier shall not be eligible for and shall not receive any employee benefits from Canary.
- INDEMNIFICATION.
- Supplier shall indemnify, defend, and hold harmless Canary, Canary’s clients, and the respective officers, directors, employees, and agents of the foregoing (collectively, "Indemnified Party") against any and all losses, damages, liabilities, deficiencies, claims, actions, judgments, settlements, interest, awards, penalties, fines, costs, or expenses of whatever kind, including reasonable attorneys' fees, fees and the costs of enforcing any right to indemnification under these PO Terms and the cost of pursuing any insurance Suppliers, (collectively, "Losses"), relating to any claim of a third party or Canary arising out of or occurring in connection with: (a) the Products purchased from Supplier; (b) Supplier's negligence, willful misconduct, fraud, misrepresentation, or violation of law; (c) Supplier’s breach of these PO Terms; (d) any property damage, bodily injury, or death related to Supplier’s performance under these PO Terms or use of a Product or Service; or (e) any claim that Canary's or Indemnified Party's use, possession, or sale of the Products or use of the Services violates, infringes, or misappropriates the patent, copyright, trade secret or other intellectual property right of any third party. Canary will have the right to approve any counsel retained to defend against any claim in which Canary is named a defendant, and will not unreasonably withhold such approval. Additionally, Canary will have the right to participate in the defense of any such claim concerning matters that relate to Canary. In no event shall Supplier enter into any settlement without Canary's or Indemnified Party's prior written consent.
- LIMITATION OF LIABILITY.
- No Liability for Consequential or Indirect Damages. IN NO EVENT SHALL CANARY BE LIABLE TO SUPPLIER OR ANY THIRD PARTY FOR ANY LOSS OF USE, REVENUE OR PROFIT, OR FOR ANY CONSEQUENTIAL, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR PUNITIVE DAMAGES WHETHER ARISING OUT OF BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, REGARDLESS OF WHETHER SUCH DAMAGES WERE FORESEEABLE AND WHETHER OR NOT CANARY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND NOTWITHSTANDING THE FAILURE OF ANY AGREED OR OTHER REMEDY OF ITS ESSENTIAL PURPOSE.
- Nothing in these PO Terms will exclude or limit Supplier's liability under the following Sections: 9 (Representations and Warranties), 11 (Indemnification), 15 (Confidentiality), and 16 (Privacy and Data Protection) hereof. Nothing in these PO Terms will exclude or limit Supplier's liability under Supplier's liability for fraud, personal injury or death caused by its negligence or willful misconduct
- INSURANCE.
- Minimum Coverages. Without limiting Supplier’s indemnification obligations under these PO Terms, during the Term and for or a period of one (1) year thereafter, Supplier shall, at its own expense, maintain and carry insurance in full force and effect that includes, but is not limited to, at least the following types and amounts of insurance coverage, subject to the requirements set forth in Section 16.1: (a) commercial general liability (including contractual and product liability) with limits no less than $1,000,000 for each occurrence and $2,000,000 in the aggregate; (b) workers compensation insurance as required by law in the state where the Services will be provided, including employer’s liability coverage for injury, disease and death, with coverage limits of not less than $1,000,000 per occurrence; (c) umbrella (excess) liability with limits no less than $5,000,000 per occurrence and in the aggregate; and (d) automobile liability insurance coverage for all owned, non-owned and hired vehicles with coverage limits of not less than $1,000,000 per occurrence for bodily injury and property damage.
- Network Security and Privacy Liability. If Supplier will collect, store, process or otherwise access any Personal Information related to Canary, its customers, or its employees, then Supplier will additionally maintain network security and privacy liability insurance with coverage limits of not less than US $2,000,000 per claim, that includes coverage for: (a) Supplier’s unauthorized disclosure of, or failure to properly handle, personal or other confidential data; and (b) financial loss, including any related defense expense, resulting from Supplier’s wrongful acts in rendering Services.
- Evidence of Insurance. Upon Canary's request, Supplier shall provide Canary with copies of the certificates of insurance for all insurance coverage required by these PO Terms, and shall not do anything to invalidate such insurance. The certificate of insurance shall name Canary as an additional insured. Supplier will provide Canary with thirty (30) days' advance written notice in the event of a cancellation or material change in Supplier's insurance policy.
- TERMINATION; SURVIVAL.
- Termination for Convenience. Canary may terminate this Order, in whole or in part, at any time with or without cause upon ten (10) days' prior written notice to Supplier.
- Termination for Cause. In addition to any remedies that may be provided under these PO Terms, Canary may terminate this Order with immediate effect upon written notice to Supplier, either before or after the acceptance of the Products or Services, if Supplier has not performed or complied with any of these PO Terms, in whole or in part. If Supplier becomes insolvent, files a petition for bankruptcy or commences or has commenced against it proceedings relating to bankruptcy, receivership, reorganization, or assignment for the benefit of creditors, then Canary may terminate this Order upon written notice to Supplier.
- Effects of Expiration or Termination.
- Upon expiration or termination of this Order for any reason, Supplier shall promptly: (a) deliver to Canary all documents, work product, and other materials, whether or not complete, prepared by or on behalf of Supplier in the course of performing the Services for which Canary has paid; (b) return to Canary all Canary-owned property, equipment, or materials in its possession or control; (c) deliver to Canary, all documents and tangible materials (and any copies) containing, reflecting, incorporating, or based on Canary's Confidential Information; (e) on a pro rata basis, repay all fees and expenses paid in advance for any Products and Services which have not been provided; (g) permanently erase all of Canary's Confidential Information from its computer systems; and (h) certify in writing to Canary that Supplier has complied with the requirements of this Section 14.3.1 (Effects of Expiration or Termination).
- If Canary terminates these PO Terms for any reason, Supplier's sole and exclusive remedy is payment for the Products and Services received and accepted by Canary prior to the termination.
- Survival. Provisions of these PO Terms which by their nature should apply beyond their terms will remain in force after any termination or expiration of these PO Terms including, but not limited to, the following sections: 9 (Representations and Warranties), 11 (Indemnification), 13 (Insurance), 15 (Confidentiality), 16 (Privacy and Data Protection), 17.7 (Governing Law; Choice of Forum), and 14.4 (Survival).
- CONFIDENTIALITY
- NDA; Non-use and Non-Disclosure. If the parties have entered into a standard Canary Non-Disclosure Agreement (“NDA”), the terms of such agreement will apply to and be incorporated in these PO Terms. If the parties have not entered into an NDA, then Supplier shall use the Confidential Information solely to fulfill obligations under these PO Terms and, subject to Section 15.4 (Required Disclosure), shall keep the Confidential Information strictly confidential and shall not disclose or permit access to Confidential Information other than to its employees who have a legitimate need to know such Confidential Information for the Purpose, and are bound by written confidentiality agreements no less protective of the Confidential Information than the terms contained herein. Supplier shall safeguard the Confidential Information from unauthorized use, access, or disclosure using at least the degree of care it uses to protect its most sensitive information and no less than a reasonable degree of care. Supplier shall promptly notify Canary of any unauthorized use or disclosure of Confidential Information and use its best efforts to prevent further use or disclosure. Supplier shall be responsible for any breach of these PO Terms caused by its employees.
- Scope of Confidential Information All non-public or proprietary information of Canary, including, but not limited to, specifications, samples, patterns, designs, plans, drawings, documents, data, business operations, customer lists, pricing, discounts, or rebates, disclosed by Canary to Supplier, whether disclosed orally or disclosed or accessed in written, electronic or other form or media, and whether or not marked, designated, or otherwise identified as "confidential," is confidential, solely for the use of performing these PO Terms and may not be disclosed or copied unless authorized by Canary in writing.
- Exclusions. Confidential Information shall not apply to information that is: (a) in the public domain; (b) known to the Supplier at the time of disclosure; or (c) rightfully obtained by the Supplier on a non-confidential basis from a third party.
- Required Disclosure. If Supplier is required by a valid legal order to disclose any Confidential Information, Supplier shall, before such disclosure, notify Canary of such requirements so that Canary may seek a protective order or other remedy, and Service Supplier shall reasonably assist Canary therewith. If Supplier remains legally compelled to make such disclosure, it shall: (i) only disclose that portion of the Confidential Information that, in the written opinion of its legal counsel, Supplier required to disclose; and (ii) use reasonable efforts to ensure that such Confidential Information is afforded confidential treatment.
- PRIVACY AND DATA PROTECTION.
- Applicability of this Section. This Section 16 (Privacy and Data Protection; Security) shall apply only if Supplier has access to any Personal Information (defined below) in connection with the Services.
- Definitions.
- “Data Protection Law” means all applicable federal, state, and foreign laws, directives, and regulations relating to the processing, protection, security, or privacy of Personal Information, including where applicable, the guidance and codes of practice issued by regulatory bodies in any relevant jurisdiction. This includes, but is not limited to, the EU General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) and the California Consumer Privacy Act (CCPA) (Cal. Civ. Code §§1798.100 to 1789.199).
- “Personal Information” means any information Supplier processes for Canary that (a) identifies or relates to an individual who can be identified directly or indirectly from that data alone or in combination with other information in Supplier's possession or control or that Supplier is likely to have access to, or (b) the relevant Data Protection Law otherwise defines as protected Personal Information. Personal Information includes, but is not limited to, names, email addresses, postal addresses, telephone numbers, payment card information, online identifiers (including IP addresses and cookie identifiers), and any information that constitutes “personal data” within the meaning of the GDPR or “personal information” within the meaning of the CCPA.
- Data Processing. If Supplier receives, or has access to, uses or stores Personal Information in connection with these PO Terms, then Supplier shall: (a) process such Personal Information in accordance with Canary’s instructions only and not process the Personal Information for any other use or for any purpose that would be considered a “sale” of Personal Information as defined by the CCPA (“Secondary Use”); (b) comply with Data Protection Laws and with the Data Processing Addendum set forth at https://www.canarymarketing.com/data-processing-addendum/ (or such other URL as Canary may specify) (“DPA”) in addition to Section 14 (Confidentiality); and (c) destroy Personal Information upon the conclusion of these PO Terms or when the Personal Information is no longer needed to perform the Services, whichever is sooner.
- Information Security and Incident Response. Supplier shall, at all times, implement and maintain administrative, physical, technical, and organizational security measures (“Safeguards”) in order to: (a) protect the confidentiality and integrity of Personal Information; and (b) prevent unauthorized access to or unlawful processing of Personal Information (“Security Incident”). Such safeguards shall be consistent with all applicable laws and regulations and meet or exceed all relevant industry standards. If Supplier becomes aware of any Security Incident, Supplier shall immediately, and without undue delay: (a) stop the unauthorized access; (b) secure the Personal Information; (c) notify Canary (in no event more than 24 hours after the discovery of the Security Incident) by sending email to security@canarymarketing.com; (d) assist Canary in investigating and remedying any Security Incident and any related inquiry or claim; and (e) provide Canary with assurance that Supplier has corrected all circumstances under Supplier’s control that led to the Security Incident.
- GENERAL
- Notices. All notices, request, consents, claims, demands, waivers and other communications hereunder (each, a "Notice") will be in writing and addressed to the parties at the addresses set forth on the face of this Order or to such other address that may be designated by the receiving party in writing. All Notices will be delivered by personal delivery, nationally recognized overnight courier (with all fees pre-paid), facsimile (with confirmation of transmission) or certified or registered mail (in each case, return receipt requested, postage prepaid). Except as otherwise provided in this Order, a Notice is effective only (a) upon receipt of the receiving party, and (b) if the party giving the Notice has complied with the requirements of this Section.
- Severability. If any term or provision of these PO Terms is invalid, illegal, or unenforceable in any jurisdiction, such invalidity, illegality, or unenforceability shall not affect any other term or provision of these PO Terms or invalidate or render unenforceable such term or provision in any other jurisdiction .
- Amendment and Modification. No change to these PO Terms is binding upon Canary unless it is in writing, specifically states that it amends these PO Terms and is signed by an authorized representative of Canary .
- Waiver. No waiver by any party of any of the provisions of the Order shall be effective unless explicitly set forth in writing and signed by the party so waiving. Except as otherwise set forth in the Order, no failure to exercise, or delay in exercising, any rights, remedy, power, or privilege arising from the Order shall operate or be construed as a waiver thereof, nor shall any single or partial exercise of any right, remedy, power, or privilege hereunder preclude any other or further exercise thereof or the exercise of any other right, remedy, power, or privilege.
- Cumulative Remedies. All rights and remedies provided in this Order are cumulative and not exclusive, and the exercise by either Party of any right or remedy does not preclude the exercise of any other rights or remedies that may now or subsequently be available at law, in equity, by statute, in any other agreement between the Parties, or otherwise. Notwithstanding the foregoing, the Parties intend that, if Canary terminates the Order in accordance with Section 14 (Termination), Supplier's sole and exclusive remedy is the right to payment for the Products and Services received and accepted.
- Assignment. Supplier shall not assign, transfer, delegate, or subcontract any of its rights or obligations under the Order without the prior written consent of Canary. Any purported assignment or delegation in violation of this Section shall be null and void. No assignment or delegation shall relieve the Supplier of any of its obligations hereunder. Canary may at any time assign, transfer, or subcontract any or all of its rights or obligations under these PO Terms without Supplier's prior written consent.
- No Third-Party Beneficiaries.
- Subject to Section 17.6.1.2 (below) these PO Terms benefits solely the Parties to these PO Terms and their respective permitted successors and assigns and nothing in these PO Terms, express, or implied, confers on any other Person any legal or equitable right, benefit or remedy of any nature whatsoever under or by reason of these PO Terms.
- The Parties hereby designate Indemnified Parties and End Users as third-party beneficiaries with the right to enforce Section 14 (Indemnification) and Section 9 (Warranties), respectively, together with any related provision of these PO Terms.
- Governing Law; Choice of Forum.
- ALL CLAIMS ARISING OUT OF OR RELATING TO THESE PO TERMS WILL BE GOVERNED BY CALIFORNIA LAW, EXCLUDING CALIFORNIA’S CONFLICT OF LAWS RULES, AND WILL BE LITIGATED EXCLUSIVELY IN THE FEDERAL OR STATE COURTS OF CONTRA COSTA COUNTY, CALIFORNIA, USA. EACH PARTY IRROVOCABLY SUBMITS TO THE EXCLUSIVE JURISDICTION OF SUCH COURTS IN ANY SUCH SUIT, ACTION, OR PROCEEDING.
- If the United Nations Convention on Contracts for the International Sale of Goods and the Uniform Computer Information Transactions Act are otherwise applicable, the parties expressly exclude them from applicability under the Terms.
- Counterparts. These PO Terms may be executed in counterparts, each of which is deemed an original, but all of which together are deemed to be one and the same agreement.
- Force Majeure. Neither party will be liable to the other for any delay or failure in performing its obligations under these PO Terms to the extent that such delay or failure is caused by an event or circumstance that is beyond the reasonable control of that party, without such party's fault or negligence, and which by its nature could not have been foreseen by such party or, if it could have been foreseen, was unavoidable ("Force Majeure Event(s)"). Force Majeure Events include, but are not limited to, acts of God or the public enemy, government restrictions, floods, fire, earthquakes, explosion, epidemic, war, invasion, hostilities, terrorist acts, riots, strike, embargoes or industrial disturbances. Supplier's economic hardship or changes in market conditions are not considered Force Majeure Events. Supplier will use all diligent efforts to end the failure or delay of its performance, ensure that the effects of any Force Majeure Event are minimized and resume performance under the Order. If a Force Majeure Event prevents Supplier from carrying out its obligations under the Order for a continuous period of more than ten (10) business days, Canary may terminate these PO Terms or any Purchase Order immediately by giving written notice to Supplier.
Canary Sub-Processors
Effective September 8th 2023
DownloadTable of Contents
Canary Sub-Processors
Last Updated: September 7th, 2023
Canary uses the third party companies below (each, a “sub-processor”) to process personal data (i) on behalf of Canary clients; (ii) in accordance with customer instructions as communicated by Canary; and (iii) in strict accordance with the terms of a written contract between Canary and the sub-processor.
Canary imposes obligations on its sub-processors to implement appropriate technical and organizational measures ensuring that the sub-processing of personal data is protected to the standards required by applicable data protection laws. Further information relating to sub-processor security measures can be found via the external links below.
Canary maintains an up-to-date list of the names and locations of all sub-processors below.
Duration of processing: For each sub-processor below, processing of personal data will be for the duration that the customer uses and continues to use the applicable service(s), and for the retention periods as set out in client’s agreement with Canary.
Sub-Processor | Subject matter | Nature and purpose of processing | Location(s) of processing | External links for additional information relating to security |
Bright Stores, Inc. | Personal data contained in communications sent through or uploaded to the services | Commerce platform | United States of America (USA) | |
Shopify Inc. | Personal data contained in communications sent through or uploaded to the services | Commerce platform | Canada | |
SurveyMonkey, Inc. (Wufoo) | Personal data contained in communications sent through or uploaded to the services | Online form builder | USA | |
Zapier, Inc. | Personal data contained in communications sent through or uploaded to the services | Cloud-based automation technology services | USA | |
FedEx | Personal data contained in communications sent through or uploaded to the services | Shipping | USA | |
USPS | Personal data contained in communications sent through or uploaded to the services | Shipping | USA | |
DHL Express | Personal data contained in communications sent through or uploaded to the services | Shipping | USA | |
United Parcel Service (UPS) | Personal data contained in communications sent through or uploaded to the services | Shipping | USA | |
Microsoft Corporation | Personal data contained in communications sent through or uploaded to the services | Hosting Provider (Azure) Email provider Online form builder | USA | |
Google Cloud Platform (GCP) | Personal data contained in communications sent through or uploaded to the services | Cloud hosting | USA |
Effective September 8th 2023 to September 8th 2023
DownloadTable of Contents
Canary Sub-Processors
Last Updated: September 7th, 2023
Canary uses the third party companies below (each, a “sub-processor”) to process personal data (i) on behalf of Canary clients; (ii) in accordance with customer instructions as communicated by Canary; and (iii) in strict accordance with the terms of a written contract between Canary and the sub-processor.
Canary imposes obligations on its sub-processors to implement appropriate technical and organizational measures ensuring that the sub-processing of personal data is protected to the standards required by applicable data protection laws. Further information relating to sub-processor security measures can be found via the external links below.
Canary maintains an up-to-date list of the names and locations of all sub-processors below.
Duration of processing: For each sub-processor below, processing of personal data will be for the duration that the customer uses and continues to use the applicable service(s), and for the retention periods as set out in client’s agreement with Canary.
Sub-Processor | Subject matter | Nature and purpose of processing | Location(s) of processing | External links for additional information relating to security |
Bright Stores, Inc. | Personal data contained in communications sent through or uploaded to the services | Commerce platform | United States of America (USA) | |
Shopify Inc. | Personal data contained in communications sent through or uploaded to the services | Commerce platform | Canada | |
SurveyMonkey, Inc. (Wufoo) | Personal data contained in communications sent through or uploaded to the services | Online form builder | USA | |
Zapier, Inc. | Personal data contained in communications sent through or uploaded to the services | Cloud-based automation technology services | USA | |
FedEx | Personal data contained in communications sent through or uploaded to the services | Shipping | USA | |
USPS | Personal data contained in communications sent through or uploaded to the services | Shipping | USA | |
DHL Express | Personal data contained in communications sent through or uploaded to the services | Shipping | USA | |
United Parcel Service (UPS) | Personal data contained in communications sent through or uploaded to the services | Shipping | USA | |
Microsoft Corporation | Personal data contained in communications sent through or uploaded to the services | Hosting Provider (Azure) Email provider Online form builder | USA | |
Google Cloud Platform (GCP) | Personal data contained in communications sent through or uploaded to the services | Cloud hosting | USA |
Privacy Policy
Effective February 14th 2024
DownloadTable of Contents
Privacy Policy
1. Overview
This Privacy Policy describes how Canary LLC. collects, uses, discloses, transfers, and stores your personal information as we engage with you to provide our products, services and content. We encourage you to review this information so that you may understand and consent to how we may collect, use, and share your personal information.
The current version of our Privacy Policy can be found at: https://www.canarymarketing.com/privacy-policy/
Canary LLC. respects individual privacy and values the confidence of its customers, clients, and business partners. Not only do we strive to process and store personal information in a manner consistent with the laws of the countries in which we do business, but we also have a tradition of upholding the highest ethical standards in our business practices. This Privacy Policy (the "Policy") sets forth the privacy principles Canary LLC. follows with respect to transfers of personal information from the EEA to the United States.
2. What Information We Collect
In order to provide products, services, and content to our customers, we must collect certain personal information from and about you. Such services may include submitting shipping orders on your behalf, as well as others. Canary LLC. does not sell personal information.
The types of personal information collected, processed, and stored by Canary LLC. will be limited to those which are required to establish and maintain these services. This information has been collected and transferred to third parties within the last 12 months. Such information may include:
Information We Collect Directly from You:
- First and Last Name
- Contact Information (phone number and e-mail address)
- Company Name
- Demographic Information (Gender, Occupation)
- Billing Address
- Occasionally we may request tax ID information when shipping internationally
- Any Personal Data you provide when you communicate with us or our customer service representatives (so please only provide what is necessary).
- Any Personal Data you provide us when purchasing products
Information We Automatically Collect when You use our Site
- IP address
- Web browser information (browser type and language)
- Pages you visit, time spent on a page, and links you click on for the services only (not for marketing purposes)
- Certain Cookies (see below for more information) (collectively, “Usage Data”)
3. How We Use Personal Information
Canary LLC. will use the information it collects in order to:
- Establish, maintain, and improve our merchandising, product, and customer relations and marketing related services.
- Respond to inquiries or perform other tasks that are necessary when acting as a supplier of our products or services.
- Provide you with information related to confirmations, technical notices, updates, security alerts, and support and administrative messages.
- Ensure the accuracy and correctness of existing personal information and making updates, as necessary.
- Comply with legal obligations or other legal purposes, such as audit, security, fraud prevention, or preserving and defending Canary LLC.'s legal rights
Data that has been anonymized does not personally identify you and is not covered by this Privacy Statement.
Canary LLC. will retain your personal information for only as long as is necessary to provide our products and services, except where retention of personal information is necessary for compliance with a law, regulation, or other legal authority, or is otherwise permitted to be maintained for other legal purposes, such as audit, security, fraud prevention, or preserving and defending Canary LLC.’s legal rights.
4. Cookies and Other Technologies
Canary LLC.’s websites, products, services, and content may use “cookies” and other technologies such as web beacons and pixel tags. These technologies may be used to help us deliver and improve our site and services as well as better understand user behavior so we can provide you with a more personal and interactive experience that is tailored to your interests and needs.
“Cookies” are alphanumeric identifiers in the form of data files that are inserted by a website and stored by your web browser on your computer’s hard drive. We may set and access cookies, such as session, statistical or marketing cookies, on your computer to enable website functionality, monitor how you interact with the website and your usage history, store your preferences or provide you with targeted content related to our products and services that maybe of interest to you.
Most internet browsers will allow you to stop cookies from being stored on your computer and to delete cookies stored on your computer, however, if you choose to eliminate cookies, the functionality of the website may be impaired not operate properly.
We, or third-party service providers acting on our behalf, may use web beacons, or pixel tags to collect certain usage information. Web beacons are images embedded in a web page or email for the purpose of measuring and analyzing website usage and activity.
We use this information to provide, enhance and improve our products, services, and content as well as to monitor and analyze its usage. Web beacons may also be used for the technical administration of our services, to better tailor our websites to user needs, to generate and derive useful data and information concerning the interests, characteristics and usage behavior of our users, and to verify that users meet our access criteria.
Pixel tags are also used to enable us to send email messages in a format a customer can read. They also tell us whether email has been opened. We may use this information to reduce, tailor, or eliminate messages that we send to users.
In some of our email messages we may use a “click-through URL” linked to web pages on our websites. When a recipient clicks on these URLs, a separate web server records their click before arriving at the destination. We use click-through data to help us determine the interest in particular content or topics. If you prefer not to be tracked in this way you may opt to not click on links contained in our emails.
Like most websites, we gather some information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type and language, Internet service provider (ISP), referring and exit pages, operating system, date/time stamp, and clickstream data.
We may use this information to analyze trends, administer our website, and to learn about user behavior.
5. Sharing, Disclosure and Transfer to Third-Parties
We do not sell personal data to any third parties.
In order to manage our relationship with you as a supplier of our products and services, your information may be shared with third-party service providers or other external entities that may be engaged to assist us in managing the processes required to meet our obligations as a supplier of products and services or when required to do so by applicable law. Any engagement of a third-party service provider will be governed by appropriate contractual requirements prohibiting the use of your information for any purposes beyond those specifically directed by Canary LLC., and requiring that they ensure sufficient administrative and technical security mechanisms are in place to prevent your information from being improperly used, disclosed, or accessed.
As a result of the operations and services we provide, the sharing of your information with other service providers, partners, and customers may result in your data being sent to countries outside of your country of residence, which may have data protection laws that differ from those in your country of residence. Regardless of the source or destination location of your information, Canary LLC. will protect your information as described in this Privacy Statement and abide by all applicable data protection laws. Canary LLC. remains responsible for information that we share with third parties for processing on our behalf.
For individuals located in the European Economic Area (“EEA”), when transfers to third parties outside of the EEA occur, Canary LLC. will put sufficient protections in place to ensure compliance with the applicable legal requirements, such as use of European Union (“EU”) Model Contracts, or other such protocols as may be in place from time to time.
In addition, your personal information may be transferred to a third-party as a result of an asset sale, acquisition, merger, reorganization, or other change of control or if we sell, merge, or transfer any part of our business. Part of the sale may include your Personal Information.
We may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security, law enforcement or data privacy requirements.
6. Access to Personal Information
The amount of personal information that we require you to supply in order to use our services will be limited to that which is relevant to supply such services.
You have the right to request access to, withdraw your consent to the use and processing of, and request the correction of inaccuracies or erasure of your information that we maintain about you, subject to our obligations to maintain your information under applicable laws. We may limit or deny requests that interfere with our legitimate interests, or charge reasonable fees for access, except as prohibited by applicable law.
Because such information is necessary to the performance of the services that we provide to you, any request to withdraw consent for processing, or request erasure of your information may result in Canary LLC. being unable to continue providing its services. In response to a consent withdrawal request, Canary LLC. will describe the specific consequences of processing your request, with respect to Canary LLC.’s ability to continue providing services.
Canary LLC. will only store personally identifiable data about you for as long as it is reasonably required to fulfill the purposes under which it was first provided by you unless a longer retention period is required or permitted by law.
You may make review, update access, correction, or deletion requests by contacting us at:
Email: privacy@canarymarketing.com
Mailing Address:
2633 Camino Ramon #120, San Ramon, CA 94583
7. Protection of Personal Information
We take precautions to safeguard your information. Canary LLC. uses commercially reasonable technical, administrative, and physical controls to protect your data. We use a combination of network perimeter protections, data encryption techniques and authentication procedures, among others, to maintain the security of your personal information and our systems from unauthorized access. We also enforce physical access controls to our buildings and files.
Your personal information is stored and located on a secured system behind network perimeter control and protection systems. We only authorize access to personal information for those employees, contractors and agents who need to know that information in order to administer, deliver, maintain, develop, or improve our services.
8. Third-Party Sites and Services
Our websites and content may contain links to other websites. As such, Canary LLC. does not endorse and is not responsible for the privacy practices or the content of these third-party websites. We exercise no control over how your information is stored, maintained, or displayed by third parties or on third-party sites.
9. EU-U.S. Data Privacy Framework Principles
Canary LLC complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. Canary LLC has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
In compliance with the EU-U.S. DPF, Canary LLC commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF should first contact Canary LLC at:
Attention: Privacy
2633 Camino Ramon # 120,
San Ramon, CA, 94583
2633 Camino Ramon # 120,
San Ramon, CA, 94583
In compliance with the EU-U.S. DPF, Canary commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF.
Our commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
10. Children
Canary LLC.’s service is not directed to children. We do not knowingly collect personally identifiable information from children. If you, as a parent or guardian, become aware that your child has provided us with Personal Information without your consent, please contact us. If we become aware that a user is under the age of 16 and has provided us with Personal Information without verifiable parental consent, we will delete such information from our files.
11. Consumer Rights Under the California Consumer Privacy Act
This section applies solely to individuals who reside in the State of California (“Consumers”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other California laws. Any terms defined in the CCPA have the same meaning when used in this notice.
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
12. Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months.
13. Deletion
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if our need to retain the information meets the exception criteria described in the CCPA or EU GDPR statutes.
14. Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us using the mechanism described in the above section “Access to Personal Information”
Only you or a person registered with the California Secretary of State, if you are a California Resident, that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
To submit a verifiable request, please initially provide the following information using the contact information in the “Access to Personal Data” section of this policy.
- Name
- Contact Information (Email Address and Phone Number)
Once you submit your verifiable consumer request, we will attempt to verify your identity by matching the information you provided us with the information in our systems. If you submit a request to know specific pieces of personal information or a request to delete certain information, additional steps may be taken to validate your identity and the request prior to processing.
We will generally avoid requesting additional information from you to verify you. However, if we cannot verify your identity based on the information originally provided or what we currently maintain, we may request additional information from you, which will only be used to verify your identity and for security or fraud-prevention purposes. We will delete any new personal information we collect to verify your identity as soon as practical after processing your request unless otherwise required by law.
If we are unable to verify your identity, we will deny your request and inform you of our inability to verify your identity and explain why we were unable to do so.
Please note that we are only required to respond to your request for access to your personal information twice within a 12-month period.
15. Non-Discrimination
We will not discriminate against you for exercising any of your CCPA or Privacy rights.
16. Questions Regarding the Privacy Policy or Use of Personal Data
We welcome your comments or questions about this Privacy Policy or our practices regarding your personal. If you wish to inquire about this Privacy Policy, our practices, or exercise your privacy rights you may also contact us as described in the "Access to Personal Data" section of this policy.
17. Privacy Policy Changes and Notifications
Canary LLC. may update its Privacy Policy from time to time. Use of information we collect now is subject to the current version of our Privacy Policy. Please check back for updates.
Effective February 14th 2024 to February 14th 2024
DownloadTable of Contents
Privacy Policy
- Overview
This Privacy Policy describes how Canary LLC. collects, uses, discloses, transfers, and stores your personal information as we engage with you to provide our products, services and content. We encourage you to review this information so that you may understand and consent to how we may collect, use, and share your personal information.
The current version of our Privacy Policy can be found at: https://www.canarymarketing.com/privacy-policy/
Canary LLC. respects individual privacy and values the confidence of its customers, clients, and business partners. Not only do we strive to process and store personal information in a manner consistent with the laws of the countries in which we do business, but we also have a tradition of upholding the highest ethical standards in our business practices. This Privacy Policy (the "Policy") sets forth the privacy principles Canary LLC. follows with respect to transfers of personal information from the EEA to the United States.
- What Information We Collect
In order to provide products, services, and content to our customers, we must collect certain personal information from and about you. Such services may include submitting shipping orders on your behalf, as well as others. Canary LLC. does not sell personal information.
The types of personal information collected, processed, and stored by Canary LLC. will be limited to those which are required to establish and maintain these services. This information has been collected and transferred to third parties within the last 12 months. Such information may include:
Information We Collect Directly from You:
- First and Last Name
- Contact Information (phone number and e-mail address)
- Company Name
- Demographic Information (Gender, Occupation)
- Billing Address
- Occasionally we may request tax ID information when shipping internationally
- Any Personal Data you provide when you communicate with us or our customer service representatives (so please only provide what is necessary).
- Any Personal Data you provide us when purchasing products
Information We Automatically Collect when You use our Site
- IP address
- Web browser information (browser type and language)
- Pages you visit, time spent on a page, and links you click on for the services only (not for marketing purposes)
- Certain Cookies (see below for more information) (collectively, “Usage Data”).
- How We Use Personal Information
Canary LLC. will use the information it collects in order to:
- Establish, maintain, and improve our merchandising, product, and customer relations and marketing related services.
- Respond to inquiries or perform other tasks that are necessary when acting as a supplier of our products or services.
- Provide you with information related to confirmations, technical notices, updates, security alerts, and support and administrative messages.
- Ensure the accuracy and correctness of existing personal information and making updates, as necessary.
- Comply with legal obligations or other legal purposes, such as audit, security, fraud prevention, or preserving and defending Canary LLC.'s legal rights
Data that has been anonymized does not personally identify you and is not covered by this Privacy Statement.
Canary LLC. will retain your personal information for only as long as is necessary to provide our products and services, except where retention of personal information is necessary for compliance with a law, regulation, or other legal authority, or is otherwise permitted to be maintained for other legal purposes, such as audit, security, fraud prevention, or preserving and defending Canary LLC.’s legal rights.
- Cookies and Other Technologies
Canary LLC.’s websites, products, services, and content may use “cookies” and other technologies such as web beacons and pixel tags. These technologies may be used to help us deliver and improve our site and services as well as better understand user behavior so we can provide you with a more personal and interactive experience that is tailored to your interests and needs.
“Cookies” are alphanumeric identifiers in the form of data files that are inserted by a website and stored by your web browser on your computer’s hard drive. We may set and access cookies, such as session, statistical or marketing cookies, on your computer to enable website functionality, monitor how you interact with the website and your usage history, store your preferences or provide you with targeted content related to our products and services that maybe of interest to you.
Most internet browsers will allow you to stop cookies from being stored on your computer and to delete cookies stored on your computer, however, if you choose to eliminate cookies, the functionality of the website may be impaired not operate properly.
We, or third-party service providers acting on our behalf, may use web beacons, or pixel tags to collect certain usage information. Web beacons are images embedded in a web page or email for the purpose of measuring and analyzing website usage and activity.
We use this information to provide, enhance and improve our products, services, and content as well as to monitor and analyze its usage. Web beacons may also be used for the technical administration of our services, to better tailor our websites to user needs, to generate and derive useful data and information concerning the interests, characteristics and usage behavior of our users, and to verify that users meet our access criteria.
Pixel tags are also used to enable us to send email messages in a format a customer can read. They also tell us whether email has been opened. We may use this information to reduce, tailor, or eliminate messages that we send to users.
In some of our email messages we may use a “click-through URL” linked to web pages on our websites. When a recipient clicks on these URLs, a separate web server records their click before arriving at the destination. We use click-through data to help us determine the interest in particular content or topics. If you prefer not to be tracked in this way you may opt to not click on links contained in our emails.
Like most websites, we gather some information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type and language, Internet service provider (ISP), referring and exit pages, operating system, date/time stamp, and clickstream data.
We may use this information to analyze trends, administer our website, and to learn about user behavior.
- Sharing, Disclosure and Transfer to Third-Parties
We do not sell personal data to any third parties.
In order to manage our relationship with you as a supplier of our products and services, your information may be shared with third-party service providers or other external entities that may be engaged to assist us in managing the processes required to meet our obligations as a supplier of products and services or when required to do so by applicable law. Any engagement of a third-party service provider will be governed by appropriate contractual requirements prohibiting the use of your information for any purposes beyond those specifically directed by Canary LLC., and requiring that they ensure sufficient administrative and technical security mechanisms are in place to prevent your information from being improperly used, disclosed, or accessed.
As a result of the operations and services we provide, the sharing of your information with other service providers, partners, and customers may result in your data being sent to countries outside of your country of residence, which may have data protection laws that differ from those in your country of residence. Regardless of the source or destination location of your information, Canary LLC. will protect your information as described in this Privacy Statement and abide by all applicable data protection laws. Canary LLC. remains responsible for information that we share with third parties for processing on our behalf.
For individuals located in the European Economic Area (“EEA”), when transfers to third parties outside of the EEA occur, Canary LLC. will put sufficient protections in place to ensure compliance with the applicable legal requirements, such as use of European Union (“EU”) Model Contracts, or other such protocols as may be in place from time to time.
In addition, your personal information may be transferred to a third-party as a result of an asset sale, acquisition, merger, reorganization, or other change of control or if we sell, merge, or transfer any part of our business. Part of the sale may include your Personal Information.
We may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security, law enforcement or data privacy requirements.
- Access to Personal Information
The amount of personal information that we require you to supply in order to use our services will be limited to that which is relevant to supply such services.
You have the right to request access to, withdraw your consent to the use and processing of, and request the correction of inaccuracies or erasure of your information that we maintain about you, subject to our obligations to maintain your information under applicable laws. We may limit or deny requests that interfere with our legitimate interests, or charge reasonable fees for access, except as prohibited by applicable law.
Because such information is necessary to the performance of the services that we provide to you, any request to withdraw consent for processing, or request erasure of your information may result in Canary LLC. being unable to continue providing its services. In response to a consent withdrawal request, Canary LLC. will describe the specific consequences of processing your request, with respect to Canary LLC.’s ability to continue providing services.
Canary LLC. will only store personally identifiable data about you for as long as it is reasonably required to fulfill the purposes under which it was first provided by you unless a longer retention period is required or permitted by law.
You may make review, update access, correction, or deletion requests by contacting us at:
Email: privacy@canarymarketing.com
Mailing Address:
2633 Camino Ramon #120, San Ramon, CA 94583
- Protection of Personal Information
We take precautions to safeguard your information. Canary LLC. uses commercially reasonable technical, administrative, and physical controls to protect your data. We use a combination of network perimeter protections, data encryption techniques and authentication procedures, among others, to maintain the security of your personal information and our systems from unauthorized access. We also enforce physical access controls to our buildings and files.
Your personal information is stored and located on a secured system behind network perimeter control and protection systems. We only authorize access to personal information for those employees, contractors and agents who need to know that information in order to administer, deliver, maintain, develop, or improve our services.
- Third-Party Sites and Services
Our websites and content may contain links to other websites. As such, Canary LLC. does not endorse and is not responsible for the privacy practices or the content of these third-party websites. We exercise no control over how your information is stored, maintained, or displayed by third parties or on third-party sites.
- EU-U.S. Data Privacy Framework Principles
Canary LLC complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. Canary LLC has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
In compliance with the EU-U.S. DPF, Canary LLC commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF should first contact Canary LLC at:
Attention: Privacy
2633 Camino Ramon # 120,
San Ramon, CA, 94583
2633 Camino Ramon # 120,
San Ramon, CA, 94583
In compliance with the EU-U.S. DPF, Canary commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF.
Our commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
- Children
Canary LLC.’s service is not directed to children. We do not knowingly collect personally identifiable information from children. If you, as a parent or guardian, become aware that your child has provided us with Personal Information without your consent, please contact us. If we become aware that a user is under the age of 16 and has provided us with Personal Information without verifiable parental consent, we will delete such information from our files.
- Consumer Rights Under the California Consumer Privacy Act
This section applies solely to individuals who reside in the State of California (“Consumers”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other California laws. Any terms defined in the CCPA have the same meaning when used in this notice.
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
- Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months.
- Deletion
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if our need to retain the information meets the exception criteria described in the CCPA or EU GDPR statutes.
- Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us using the mechanism described in the above section “Access to Personal Information”
Only you or a person registered with the California Secretary of State, if you are a California Resident, that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
To submit a verifiable request, please initially provide the following information using the contact information in the “Access to Personal Data” section of this policy.
- Name
- Contact Information (Email Address and Phone Number)
Once you submit your verifiable consumer request, we will attempt to verify your identity by matching the information you provided us with the information in our systems. If you submit a request to know specific pieces of personal information or a request to delete certain information, additional steps may be taken to validate your identity and the request prior to processing.
We will generally avoid requesting additional information from you to verify you. However, if we cannot verify your identity based on the information originally provided or what we currently maintain, we may request additional information from you, which will only be used to verify your identity and for security or fraud-prevention purposes. We will delete any new personal information we collect to verify your identity as soon as practical after processing your request unless otherwise required by law.
If we are unable to verify your identity, we will deny your request and inform you of our inability to verify your identity and explain why we were unable to do so.
Please note that we are only required to respond to your request for access to your personal information twice within a 12-month period.
- Non-Discrimination
We will not discriminate against you for exercising any of your CCPA or Privacy rights.
- Questions Regarding the Privacy Policy or Use of Personal Data
We welcome your comments or questions about this Privacy Policy or our practices regarding your personal. If you wish to inquire about this Privacy Policy, our practices, or exercise your privacy rights you may also contact us as described in the "Access to Personal Data" section of this policy.
- Privacy Policy Changes and Notifications
Canary LLC. may update its Privacy Policy from time to time. Use of information we collect now is subject to the current version of our Privacy Policy. Please check back for updates.