Envoy California Privacy Rights Act Addendum

Any customer of Envoy that qualifies as a Business (as defined below) may accept this addendum by referencing it in their agreement with Envoy. The parties agree as follows.

1. Definitions

“Business” has the meaning provided under the CPRA.

“CPRA” means the California Privacy Rights Act.

“Customer” means the Envoy customer that has accepted this addendum.

“Personal Information” has the meaning provided under the CPRA.

“Principal Agreement” means the agreement between Envoy and Customer regarding the provision of the Services to Customer.

“Service Provider” has the meaning provided under the CPRA.

“Services” means Envoy’s cloud-based software services and related products.

“Sub-Processor” means any individual or entity other than Envoy or Customer appointed by Envoy to process Customer’s Personal Information in connection with the Principal Agreement.

2. Envoy’s use of Personal Information

(a) Customer, as a Business, instructs Envoy, as a Service Provider, to use Personal Information supplied by, or collected on behalf of, Customer only as necessary to provide the Services under the Principal Agreement (the “Authorized Processing”).

(b) Envoy and Customer shall comply with the CPRA. If a party determines that they cannot comply with the CPRA, or if the Authorized Processing is not permitted under that act, they must immediately notify the other party and cease the processing. Envoy will assist Company in responding to any requests made by consumers under the CPRA.

(c) Envoy will not sell any of Customer’s Personal Information. Envoy will not disclose Customer’s Personal Information except as authorized under this addendum. Envoy will not combine any of Customer’s Personal Information with Personal Information that Envoy independently collects as a Business.

Customer hereby authorizes Envoy to appoint Sub-Processors to assist with the Authorized Processing. Customer hereby consents to Envoy’s use of any Sub-Processors listed at https://envoy.com/subprocessors/. Each authorized Sub-Processor must, in a written agreement with Envoy, agree to obligations substantially similar to Envoy’s obligations under this agreement.

Security measures
(a) Envoy will maintain appropriate technical and organizational measures to protect the security, confidentiality, and integrity of the Authorized Processing as described here: https://envoy.com/security-details/#data-security. Envoy will provide additional information upon request as necessary to demonstrate compliance with the foregoing obligation.

(b) Envoy will promptly notify Customer of any incident involving the unauthorized loss, alteration, or disclosure of Customer’s Personal Information. Envoy will share with Customer any information related to the incident that Customer needs to meet its obligations under the CPRA.
Contact Information
If you have any questions or comments you can contact us at hi@envoy.com.

Envoy, Inc.
410 Townsend St, Suite 410
San Francisco, CA 94107
United States
Last updated on January 13, 2023