Data Protection Addendum

Current as of September 7, 2023

This DATA PROTECTION ADDENDUM (the “DPA”) is incorporated into and forms part of the (the “Agreement”) between Emerald and the exhibitor, advertiser, sponsor, Event Partner or other party (each, an “Emerald Partner”) specified in the Agreement in which the DPA is referenced. Any terms used but not defined herein shall have the same meaning given to them in the Agreement.

1) Definitions

(a) “Downstream Participant” means any third party that Processes Personal Information that is not Emerald, an Emerald Partner, nor a Service Provider or Processor of an Emerald Partner.

(b) “Data Protection Laws” means any and all applicable data protection, security, or privacy-related laws, statutes, directives, or regulations, including but not limited to: (i) the California Consumer Privacy Act of 2018, Cal. Civ. Code § 1798.100 et seq. (“CCPA”), together with any amending or replacement legislation, including the California Privacy Rights Act of 2020 and any regulations promulgated thereunder; (ii) the Virginia Consumer Data Protection Act of 2021, Va. Code Ann. § 59.1-571 to -581; (iii) the Colorado Privacy Act of 2021, Co. Rev. Stat. § 6-1-1301 et seq.; (iv) Connecticut Public Act No. 22-15, “An Act Concerning Personal Data Privacy and Online Monitoring”; (v) the Utah Consumer Privacy Act of 2022, Utah Code Ann. § 13-61-101 et seq.; (vi) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Information and on the free movement of such data (“GDPR”), together with any amending or replacement legislation, and any EU Member State laws and regulations promulgated or incorporated thereunder; (vii) the GDPR as saved into United Kingdom law by virtue of section 3 of the United Kingdom’s European Union (Withdrawal) Act 2018 (“UK GDPR”); and (viii) all other equivalent or similar laws and regulations in any relevant jurisdiction relating to Personal Information and privacy, and as each may be amended, extended or re-enacted from time to time.

(c) “Personal Information” means information that identifies, relates to, describes, is capable of being associated with, or can reasonably be linked, directly or indirectly, with a particular individual or household, or is otherwise defined as “personal data,” or “personally identifiable information” by applicable Data Protection Laws.
The terms “Process,” “Processor,” “Sale,” “Service Provider,” and “Share” shall have the same meaning as in the Data Protection Laws, and their cognate terms shall be construed accordingly.

2) Emerald Partner Duties

(a) Unless the parties expressly agree in writing that certain Personal Information may be used for lawful marketing purposes, any Personal Information provided or made available by Emerald to Emerald Partner (“Emerald Personal Information”) may be used by Emerald Partner only to the extent necessary for the purpose of Emerald Partner’s participation in the Event and in accordance with the terms of the Agreement.

(b) Emerald Partner shall not:
i. Distribute, disclose, sell, share, sublicense, or otherwise transfer the Emerald Personal Information to any Downstream Participant, unless expressly permitted by the Agreement;
ii. Retain, use, disclose or process the Emerald Personal Information for any purpose other than as set forth herein and only in compliance with Data Protection Laws; or
iii. Engage in any activity that would give Emerald actual knowledge or reason to believe that Emerald Partner intends to commit a violation of CCPA or any other applicable law, or that Emerald Partner intends to use the Emerald Personal Information in violation of CCPA or any other applicable law.

(c) Emerald Partner shall implement and maintain reasonable and appropriate physical, administrative and technical procedures and safeguards designed to protect Emerald Personal Information from unauthorized or illegal access, destruction, use, modification, or disclosure. Emerald Partner shall limit access to Emerald Personal Information to its employees who have a need to access the Emerald Personal Information for the purpose set forth herein and who agree to be bound by the terms of this Addendum. Without limiting the foregoing, Emerald Partner shall comply with the same level of privacy protection as required of a business pursuant to the CCPA with respect to the Personal Information.

(d) Emerald Partner shall provide Emerald with assistance as Emerald may reasonably request to comply with and fulfill the responsibilities of Emerald under applicable Data Protection Laws. In the event that Emerald notifies Emerald Partner that any individual has made a request to have their Personal Information deleted or to opt out of the Sale or Sharing of their Personal Information, Emerald Partner shall promptly delete such individual’s Personal Information and will cease any and all use of the Personal Information. Upon request from Emerald, Emerald Partner will provide documentation that verifies it no longer retains or uses the Personal Information of any individual who has made requests to opt out of the Sale or Sharing of their Personal Information. Emerald Partner shall further comply with any individual’s request to unsubscribe from any communications from Emerald Partner.

(e) Emerald Partner grants Emerald the right to take reasonable and appropriate steps to ensure that Emerald Partner uses the Emerald Personal Information in a manner consistent with this Agreement and applicable Data Protection Laws.

(f) Emerald Partner grants Emerald the right, upon reasonable notice, to take reasonable and appropriate steps to stop and remediate the unauthorized use of Emerald Personal Information.

(g) Emerald Partner shall promptly notify Emerald in the event that Emerald Partner makes a determination that it can no longer meet its obligations under this Agreement or any applicable Data Protection Law.

3) Modifications

If any modification to this Addendum is required as a result of a change in Data Protection Laws, then Emerald may revise this Addendum at any time. Depending on the nature of the changes, we may update you via email if we have your personal information; or we may update the Policy without notice by posting a revised version on Emerald’s website. Emerald Partner shall check back periodically to stay up to date on any changes.

4) Indemnification

Emerald Partner shall indemnify, defend, and hold harmless Emerald and its officers, directors, employees, and agents from and against all claims, demands, suits, causes of action, awards, judgments and liabilities, including reasonable attorneys’ fees and costs (collectively “Claims”) arising out of or alleged to have arisen out of Emerald Partner’s breach of its obligations under this Addendum, or any breach by Emerald Partner’s Service Providers, and any Downstream Participants.