Integration Schedule

Preamble. In order to support and facilitate the relationship between Sift and Partner, the parties intend to integrate certain technology that supports their respective Services. Sift and Partner agree as follows:

  1. Certain Definitions. The following terms have the following meanings and in the event of conflict with the Terms, the definitions in this section shall apply specifically to the terms and obligations of this Schedule:
    • API” means the application programming interface (API) through which Partner and Sift may pass each other Data.
    • Customer Data” means, for the purposes of this Schedule, the data which Customer provides for use within either or both of the Sift Services and Partner Services, and to which neither Sift nor Partner claim any ownership. Usage of Customer Data by each party is governed by a separate written services agreement between the respective party and Customer.
    • Data” means, collectively, Customer Data, Partner Data and Sift Data exchanged by the parties via an integration of the technologies of Sift and Partner.
    • Data Protection Laws” means the data protection and privacy laws applicable to a party’s processing of Data in connection with the Agreement, including, to the extent applicable: (1) (i) the EU General Data Protection Regulation 2016/679 (“GDPR”); (ii) the EU e-Privacy Directive (Directive 2002/58/EC) (“e-Privacy Directive“); (iii) any national implementations of (i) and (ii); (iv) the Swiss Federal Data Protection Act of 19 June 1992 and its corresponding ordinances; and (v) in respect of the United Kingdom (“UK“), the GDPR as it forms part of United Kingdom law by virtue of section 3 of the European Union (Withdrawal) Act 2018 (“UK GDPR“) and any other privacy and data protection laws applicable in the UK (in each case as may be amended, extended or re-enacted from time to time, and (2) the California Consumer Privacy Act of 2018 (California Civil Code §§ 1798.100 to 1798.199) and its implementing regulations, as amended or superseded from time to time (“CCPA”).
    • Partner Data” means the proprietary data resulting from the Partner Services that may be received by Sift pursuant to this Agreement with authorization of Customer.
    • Sensitive Personal Information” means for the purposes of this Agreement (a) full credit or debit card numbers or financial account information; Social Security numbers or local equivalents; passport numbers; driver’s license numbers or similar identifiers; passwords; physical or mental health condition or information; or any information subject to the Health Insurance Portability and Accountability Act, the Payment Card Industry Data Security Standards, and other applicable regulations, laws or industry standards designed to protect similar sensitive information; (b) information related to children under the age of 13 (or in the EEA, under 16); (c) any information defined under the EU General Data Protection Regulation 2016/679 as a “special category” of personal data; and (d) any other information Sift reasonably determines is sensitive, provided Sift communicates such determination to Partner.
    • Sift Data” means the proprietary data resulting from the Sift Services that may be received by Partner pursuant to this Agreement with authorization of Customer.
  2. Relationship with Customer. Each party shall execute a written agreement with each Customer, in accordance with the obligations herein. Neither party shall look to the other or be responsible for acting on Customer’s behalf, and each party shall take its respective instructions as to performance of its Services solely from the Customer (except where doing so would violate this Agreement). Therefore, notwithstanding any other provision herein, neither party shall be liable to the other (or be required to indemnify the other) for any claims, losses or expenses arising from the actions or omissions of a Customer.
  3. Technology License and Integration. Subject to the provisions of this Agreement, each party hereby grants to the other party a world-wide, revocable, non-exclusive license, to its applicable technology, such as application programming interfaces (APIs) that facilitate the transfer of Data solely as described herein. Sift Data may be accessed by the Customer within the technical environment of the Partner that provides the Partners Services to Customer (the “Partner Environment”), and Customer Data (and if applicable, Partner Data) may be accessed by Sift within the Sift Services technical environment (“Sift Environment”, and with Partner Environment, “Technical Environments”). Each party will be solely responsible for the management of their respective Technical Environments.
  4. Data Usage. Neither party shall: (a) make the other party’s Services or respective Data available to anyone other than the Customers; (b) transfer, sublicense, resell, time share or similarly exploit the other party’s Services or respective Data; (c) access the other party’s Services or respective Data to build (or facilitate the building of) a competitive product or service; (d) reverse engineer, modify, adapt, or otherwise attempt to gain unauthorized access to the other party’s Services or respective Data, or introduce any malicious code into the other party’s Services; and (e) use the other party’s Services or respective Data for any purposes not contemplated by this Agreement.
  5. Data Protection and Security Obligations.
    • 5.1 Customer Terms. The parties agree that they are each acting as a third party vendor to the respective Customer and exchanging Data with each other at the Customer’s instigation, and therefore, each party shall enter into an appropriate data protection agreement, along with adequate data transfer and security protections, as required under applicable Data Protection Laws as it relates to the party’s processing of Data. Each party shall ensure that it has obtained all necessary consents and authorizations from the respective Customer to lawfully share Data with the other party for the purposes described in this Agreement and shall not transfer any Sensitive Personal Information to the other party.
    • 5.2 Use of Data. Each party shall be independently responsible, as an independent controller or processor (or equivalent terms under Data Protection Laws), for its own compliance with applicable Data Protection Laws when processing Data that it receives from the other party via Sift Connect. Without limiting the foregoing, each party agrees that it (i) shall not use Data for any purposes other than the purposes specified in this Agreement and the applicable services agreement between each party and the Customer; (ii) shall not sell or transfer the Data to any third parties for any purposes other than the purposes specified in this Agreement and the applicable services agreement between each party and the Customer (including for targeted advertising); and (iii) to the extent required by applicable Data Protection Laws, ensure that all consents have been obtained from, and all notices (including privacy notices) have been given to, all individuals whose personal data or personal information is contained within the Data. In no event shall either party have the right to require the other party to delete Data at any time, including upon termination of the Agreement, except as otherwise may be required by applicable laws and regulations.
    • 5.3 Cooperation. In the event that either party receives any correspondence, enquiry, request or complaint from an individual, regulator or other third party (“Correspondence”) related to the Data that it receives from the other party, it shall promptly inform the other party giving full details of the same, and the parties shall cooperate reasonably and in good faith in order to respond to the Correspondence in accordance with any requirements under applicable Data Protection Law.
    • 5.4 Security. Each party shall provide appropriate physical, technical and organizational security measures designed to protect the Data that it receives from the other party in accordance with applicable Data Protection Laws and this Agreement, including with respect to international transfers of Data.
  6. Deletion of Data. Within ninety (90) days of termination or expiration of Sift’s agreement with the Customer, or termination of the Agreement for any reason, Partner will securely destroy all Sift Data and upon Sift’s request, will certify to Sift its compliance with the terms of this Section, and if applicable, Sift will security destroy all Partner Data and upon Partner’s request, will certify to Partner its compliance with the terms of this Section.
  7. Indemnification; Limitation of Liability. In addition to the indemnification provision in the Terms, the parties agree as follows:
    • 7.1 By Partner. Partner will defend Sift, its officers, directors and employees (the “Indemnified Party”) against any third party claim, demand, suit, investigation or proceeding (each, a “Claim”) made or brought against Sift: (a) brought by a Customer (except to the extent such claim is based on Sift’s material breach of the Terms, including this Schedule), or (b) arising out of Partner’s material breach of the Terms including this Schedule, and shall indemnify Sift for any damages, attorneys fees and costs finally awarded against Sift as a result of, or for any amounts paid by Sift under a court-approved settlement of, a Claim.
    • 7.2 By Sift. Sift will defend Partner, its officers, directors and employees (the “Indemnified Party”) against Claim made or brought against Partner arising out of Sift’s material breach of the Terms including this Schedule, and shall indemnify Sift for any damages, attorneys fees and costs finally awarded against Sift as a result of, or for any amounts paid by Sift under a court-approved settlement of, a Claim.
    • 7.3 Conditions. The indemnifying party’s obligations under this Section are contingent on the Indemnified Parties: (a) promptly providing written notice of the claim to the indemnifying party, (b) giving the indemnifying party sole control of the defense and settlement of the claim, and (c) providing the indemnifying party, at the indemnifying party’s expense, all reasonable assistance in connection with such claim. In no event will an Indemnified Party be liable for any settlement that admits any fault or liability of an Indemnified Party without the prior written consent of an Indemnified Party.
    • 7.4 LIMITATIONS ON LIABILITY. ALL LIMITATIONS ON LIABILITY AS SET FORTH IN THE TERMS SHALL APPLY TO THIS SCHEDULE, EXCEPT THAT UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER IN TORT, CONTRACT, OR OTHERWISE, WILL EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY DAMAGES, COSTS, OR LIABILITIES IN RELATION TO ITS INDEMNIFICATION OBLIGATIONS UNDER THIS SECTION 5 IN AGGREGATE IN EXCESS OF TWO HUNDRED THOUSAND DOLLARS ($200,000).