LOYALIST PLATFORM AGREEMENT

This Loyalist Platform Agreement ("Agreement") is entered by and between Loyalist Technologies, Inc. ("Loyalist," "we," or "us") and you or the entity you represent ("you"). This Agreement governs your access and use of Loyalist's restaurant loyalty platform and related services (collectively, the "Services"). This Agreement is effective as of the date you indicate acceptance (e.g., via click-through or other electronic means) or otherwise first access or use the Services (the "Effective Date").

PLEASE READ THIS AGREEMENT CAREFULLY. BY INDICATING ACCEPTANCE OR OTHERWISE ACCESSING OR USING THE SERVICES, YOU AGREE TO BE BOUND BY THE TERMS AND CONDITIONS DESCRIBED IN THIS AGREEMENT AND ALL TERMS INCORPORATED INTO THIS AGREEMENT BY REFERENCE. IF YOU DO NOT AGREE TO ALL OF THE TERMS AND CONDITIONS DESCRIBED IN THIS AGREEMENT, DO NOT USE THE SERVICES.

We may make changes to this Agreement. If we make changes, we may provide you with notice of such changes, such as by sending an email, providing a notice through the Services, or otherwise. Unless we say otherwise in our notice, the amended Agreement will be effective immediately, and your continued use of the Services after we provide such notice will confirm your acceptance of the changes. If you do not agree to the amended Agreement, you must immediately stop using the Services. Any changes to this Agreement will not apply to any dispute between you and us arising prior to the date on which we posted the updated Agreement incorporating such changes or otherwise notified you of such changes.

  1.         1.The Services.
  2.         1.Grant. Subject to the terms and conditions of this Agreement and solely during the Subscription Period (as defined below), Loyalist will provide access to the Services to you solely for your internal business purposes.
  3.         2.Ownership. Except for the rights expressly granted in Section 1.1 above, Loyalist retains all right, title and interest in and to the Services, together with all components thereof, including all intellectual property rights related to or embodied in the foregoing. No license or other right will be created under this Agreement by implication, estoppel or otherwise, except as specifically provided in this Agreement. You acknowledge that the Services include Loyalist's valuable trade secrets and improper use or disclosure may cause Loyalist irreparable harm. Accordingly, you agree to use the Services solely as authorized in this Agreement. You further acknowledge that the rights granted pursuant to this Agreement are not a sale and do not transfer to you title or ownership of the Services, but only a right of limited use. ALL RIGHTS NOT EXPRESSLY GRANTED HEREUNDER ARE RESERVED TO LOYALIST.
  4.         3.Your Data. You hereby instruct and authorize Loyalist to: (a) use any data or information of or about you or your customers ("Customers") that is provided by you to Loyalist or collected through the Services ("Your Data") to provide the Services to, and communicate with, you and Customers; and (b) create and use aggregated or de-identified information, data and statistics derived from Your Data or related to your or Customers' or Users' (as defined below) use of the Services ("Usage Data") to monitor the performance of the Services, improve the Services and to develop new product and service offerings. As between the parties and subject to the express grants within this Agreement, you own all right, title and interest in and to Your Data, and any and all intellectual property rights embodied in Your Data. The Data Processing Addendum attached as Exhibit A (the “DPA”) is incorporated into the Agreement by this reference and will govern the processing of any of Your Personal Data (as defined in the DPA) contained in Your Data.
  1.         2.Restrictions. You may not, in whole or in part, (a) modify, disclose, alter, translate, or create derivative works of the Services, (b) license, sublicense, resell, distribute, lease, rent, lend, transfer, assign, or otherwise dispose of the Services, (c) use the Services to store or transmit any viruses, software routines, or other code designed to permit unauthorized access, to disable, erase, or otherwise harm software, hardware, or data, or to perform any other harmful actions, (d) use the Services to build a competitive product or service, or copy any features or functions of the Services, (e) remove, alter, or obscure any proprietary notices in or on the Services including copyright notices, (f) reverse engineer, decompile, disassemble, decrypt, re-engineer, reverse assemble, reverse compile or otherwise translate, create, or attempt to create the source code of the Services or their structural framework (in whole or in part), or perform any process intended to determine the source code for the Services, (g) circumvent or attempt to circumvent any technological protection measures intended to restrict access to or use of any portion of the Services or the functionality of the Services, (h) use the Services for any purpose that is illegal in any way or that advocates illegal activity, or (i) cause or permit any User or third party to do any of the foregoing.
  2.         3.Accounts and Eligibility.
  1.         1.Accounts. To access and use the Services, you must register for an electronic account with us (an "Account"). You may, on behalf of the entity you represent, create Accounts for each user that you authorize to access and use the Services (each, a "User") and the terms and conditions of this Agreement will apply to each such User. You will ensure that no User or other person accesses the Services on behalf of another person or entity and that no User shares or transfers access rights to the Services. You must, and must ensure that all Users, (a) provide accurate Account information and promptly update that information if it changes, (b) maintain the security of each such Account, and (c) notify us in promptly in writing upon discovery or suspicion that someone has accessed such Account without permission. You are responsible for any and all acts or omissions of Users.
  2.         2.Eligibility. You represent and warrant that all Users (a) are at least 18 years of age, (b) are not a resident of, or located in, any country subject to a United States embargo or other similar United States export restrictions, including Iran, Cuba, North Korea, the Region of Crimea, Sudan or Syria, and (c) are not on the United States Treasury Department’s list of Specifically Designated Nationals, the United States Department of Commerce’s Denied Persons List or Entity List, or any other United States export control list. If you use the Services on behalf of another person or entity, (i) all references to "you" throughout this Agreement will include such person or entity (except as used in this Section 3.2(i)), (ii) you represent that you are authorized to accept this Agreement on such person's or entity's behalf, and (iii) in the event you or such person or entity violates this Agreement, such person or entity also agrees to be responsible to us.
  1.         4.Payment Terms.
  1.         1.Fees. We charge a monthly or annual subscription fee for use of the Services. On a monthly or annual subscription basis during the Subscription Period, we will either invoice you or we (or our authorized payment processor) will charge the credit/debit card you provided to Loyalist. If we invoice you, all amounts are due on the date set forth on the invoice. Unless we state otherwise, all payments (a) must be made in U.S. dollars, (b) by check or by bank wire transfer in immediately available funds to an account designated by us or by credit/debit card via Loyalist or our authorized payment processor and (c) are non-refundable.
  2.         2.Charges. If payments are made by credit/debit card, you authorize Loyalist (or its authorized payment processor) to charge the payment card provided to Loyalist in accordance with the terms and conditions of this Agreement, and you represent and warrant that you are authorized to use and have fees charged to the credit/debit card provided by you to Loyalist. If your payment method fails or your payment is past due, we may suspend your use of the Services until all such fees are paid in full.  We also may collect fees owed by charging other payment methods on file with us or retain collection agencies and legal counsel.
  3.         3.Price Increases. You acknowledge and agree that we may increase the price of the Services in our discretion; provided, that increases will apply only to the immediately-subsequent Subscription Period.
  4.         4.Failure to Pay. If any fees under this Agreement are 30 days or more overdue, we may, without limiting our other rights or remedies, immediately terminate this Agreement without any further cure period and accelerate your unpaid fee obligations such that all such obligations become immediately due and payable upon termination.  
  1.         5.Term, Termination, and Effects of Termination. 
  1.         1.Term. This Agreement commences upon the Effective Date and, unless terminated as set forth in Section 5.2, continues for the initial subscription period you selected when entering into this Agreement (the "Initial Subscription Period"). Thereafter, unless terminated as set forth in Section 5.2, this Agreement will automatically renew for successive subscription periods equal in length to the Initial Subscription Period (each, a "Subscription Period") (the Initial Subscription Period and the Renewal Subscription Period are referred to individually and collectively as the "Subscription Period").
  2.         2.Termination. Either party may terminate this Agreement by providing the other party with written notice of termination no less than 30 days prior to the close of the then-current Subscription Period. Either party may terminate this Agreement, for cause, if the other party materially breaches this Agreement and does not remedy such breach within 30 days after its receipt of written notice of such breach. In addition, you may terminate this Agreement at any time by deleting your Account.
  3.         3.Effects of Termination. Upon any termination of this Agreement, (a) all rights granted to you under this Agreement will immediately terminate, (b) either (i) we will collect all fees due and payable as of the date of termination by charging the payment card you provided to us or (ii) we will invoice you for all fees due and payable as of the date of termination and you will promptly pay all such fees and (c) you must delete from your systems or otherwise destroy all Confidential Information of Loyalist in your possession or control (and, upon Loyalist's request, certify in writing as to such deletion or destruction). Notwithstanding any terms to the contrary in this Agreement, (A) Sections 2, 4.4, 5.3 and 6 through 11 will survive any termination or expiration of this Agreement, and (B) no refunds will be issued.
  1.         6.Representations and Warranties. You represent, warrant and covenant that (a) you are, and will remain during the Subscription Period, in full compliance with all applicable laws, rules, and regulations, (b) you have, and will maintain during the Subscription Period, all required licenses, permits, and other authorizations to operate your business, (c) you possess all necessary rights and consents to grant Loyalist the rights set forth in this Agreement with respect to Your Data, (d) you have collected Your Data in accordance with all applicable laws, rules, regulations and standards, (e) neither Your Data nor Loyalist's use of Your Data to provide the Services will (i) infringe, misappropriate, or otherwise violate any intellectual property rights, privacy rights, or other rights of any third party or (ii) violate applicable laws, rules, regulations, or standards (f) you will use the Services in accordance with all applicable laws, rules, regulations and standards, and your use of the Services in accordance with this Agreement will not cause Loyalist to be non-compliant with any applicable laws, rules, regulations, or standards and (g) Your Data is accurate and complete.
  2.         7.Disclaimer. THE SERVICES ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS WITHOUT ANY REPRESENTATIONS, WARRANTIES, COVENANTS, OR CONDITIONS OF ANY KIND (EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE), INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. FURTHER, WE DO NOT REPRESENT OR WARRANT THAT (A) YOUR ACCESS TO OR USE OF THE SERVICES WILL BE SECURE, TIMELY, UNINTERRUPTED, ERROR-FREE, OR OPERATE IN COMBINATION WITH ANY OTHER HARDWARE, SOFTWARE, SYSTEM, OR DATA, (B) THE SERVICES WILL MEET YOUR REQUIREMENTS OR EXPECTATIONS, OR OTHERWISE PRODUCE ANY PARTICULAR RESULTS, (C) ANY DATA PROVIDED VIA THE SERVICES WILL BE ACCURATE OR RELIABLE, OR THAT YOUR DATA WILL NOT BE LOST, DAMAGED, OR CORRUPTED, (D) ERRORS OR DEFECTS WILL BE CORRECTED, PATCHES OR WORKAROUNDS WILL BE PROVIDED, OR WE WILL DETECT ANY BUG IN THE SERVICES, (E) THE SERVICES OR THE SERVER(S) THAT MAKE THE SERVICES AVAILABLE ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS, (F) THIRD-PARTY DISRUPTIONS OR SECURITY BREACHES OF THE SERVICES WILL BE PREVENTED, OR (G) THE SERVICES WILL COMPLY WITH APPLICABLE LAWS, RULES, REGULATIONS, OR STANDARDS.
  3.         8.Indemnification. You will indemnify, hold harmless and, at Loyalist's election, defend Loyalist, its affiliates, and its and their respective officers, directors, agents and employees from and against any and all claims, liabilities, losses, damages and expenses of any kind resulting from, related to or arising out of any actual or alleged (a) breach by you or any Users of this Agreement or any other act or omission of you or any Users, (b) your or any Users' gross negligence or willful misconduct, or (c) your or your Users' violation of applicable laws, rules, or regulations. For third-party claims, if we direct you to defend the claim, then (i) we have the right to approve the counsel that you select to defend such claim and (ii) we may also have our own counsel participate in the defense and settlement of such claim at our own expense. We may also exclusively retain control of the defense of a third-party claim by providing written notice to you. You will not settle a third-party claim without our prior written consent.
  4.         9.Limitation of Liability. LOYALIST'S SOLE AND AGGREGATE LIABILITY TO YOU ON ANY AND ALL CLAIMS, LOSSES, OR LIABILITIES ARISING OUT OF THE RELATIONSHIP BETWEEN THE PARTIES (INCLUDING THIS AGREEMENT), WHETHER ARISING IN CONTRACT, TORT, OR OTHERWISE, WILL BE LIMITED TO DIRECT DAMAGES AND WILL IN NO EVENT EXCEED THE FEES ACTUALLY PAID TO LOYALIST IN THE PRECEDING 6 MONTH PERIOD AND ASSOCIATED WITH SERVICES PROVIDED. IN NO EVENT WILL LOYALIST BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL, EXEMPLARY OR PUNITIVE DAMAGES OR FOR ANY LOSS OF PROFITS OR BUSINESS. THIS SECTION 9 WILL BE GIVEN FULL EFFECT EVEN IF ANY REMEDY SPECIFIED IN THIS AGREEMENT IS DEEMED TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.
  5.         10.Confidentiality.
  1.         1.Definition. "Confidential Information" any data or information of any type related to Loyalist, including, without limitation, all data and information related Loyalist's business, assets, finances, operations and other technology and intellectual property. You will hold all Confidential Information in strict confidence and will not disclose it to any third party. Except as strictly necessary to exercise your rights under this Agreement, (a) you will not use any Confidential Information for the benefit of yourself or any party other than Loyalist or its designee and (b) you will not reproduce Confidential Information in any form. Without limiting the foregoing, you will not publish or otherwise disclose the results of any use of the Services without the prior express written consent of Loyalist.
  2.         2.Feedback. You or your personnel may voluntarily provide Loyalist with suggestions, comments, or other feedback on the Services or Loyalist ("Feedback"). You will not, and will ensure your personnel do not, provide any such Feedback to any third party without our prior written consent. We may freely use and authorize the use of the Feedback without restriction or payment of any kind to you.
  1.         11.General Provisions.
  1.         1.Entire Agreement. This Agreement is the entire agreement of the parties regarding the Services.  This Agreement supersedes all prior or contemporaneous agreements, proposals, negotiations, conversations, discussions, and understandings, written or oral, with respect to the Services and all past dealings or industry customs.  
  2.         2.Governing Law and Venue. This Agreement will in all respects be governed by, and construed in accordance with, the laws of the State of New York, without regard for any choice of law or other rules that would cause the laws of any other jurisdiction to apply. Each party irrevocably submits to the exclusive jurisdiction of any state or federal court sitting in Manhattan, New York (the "Chosen Courts") in any litigation arising out of or relating to this Agreement, agrees that all claims in respect of any such litigation will be heard and decided only in any such Chosen Court, waives any claim of inconvenient forum or other challenge to venue in any such Chosen Court, and agrees not to bring or maintain any such litigation before any tribunal other than the Chosen Courts (except, for clarity, in any proper appeal from a Chosen Court).
  3.         3.Audit. Loyalist may, by itself or through an independent third party, audit your use of the Services to verify your compliance with this Agreement. You agree to provide reasonable access to your systems and records for purposes of conducting these audits.
  4.         4.Third-Party Services. You acknowledge and agree that we use third-party hosting infrastructures and/or other services in connection with the Services ("Third-Party Services"). Notwithstanding any terms to the contrary in this Agreement, Loyalist disclaims any liability or responsibility with respect to the Third-Party Services.  
  5.         5.Publicity. You consent to Loyalist's use of your name and logo on the Loyalist website and in marketing materials, identifying you as a customer of Loyalist and describing your use of the Services. You agree that Loyalist may issue a press release identifying you as customer of Loyalist.
  6.         6.Force Majeure. Neither party will be responsible for any failure to perform or delay attributable in whole or in part to any cause beyond its reasonable control, whether foreseeable or not, including but not limited to acts of God (fires, storms, floods, earthquakes, etc.), civil disturbances, disruption of telecommunications, disruption of power or other essential services, interruption or termination of service by any service providers, epidemic, pandemic (including COVID-19), government actions, labor disturbances, vandalism, cable cut, computer viruses or other similar occurrences, or any malicious or unlawful acts of any third party.
  7.         7.Electronic Communications. Loyalist may choose to electronically deliver all communications with you, which may include email to the email address on or linked to your Account. Loyalist’s electronic communications to you may transmit or convey information about action taken on your request, portions of your request that may be incomplete or require additional explanation, any notices required under applicable law, and any other notices. You agree to do business electronically with Loyalist and to receive electronically all current and future notices, disclosures, communications, and information, and that such electronic communications satisfy any legal requirement that such communications be in writing. An electronic notice will be deemed to have been received on the day of receipt as evidenced by such email.
  8.         8.Maintenance and Modifications.  Notwithstanding any terms to the contrary in this Agreement, (a) Loyalist may conduct maintenance on the Services from time to time without prior notice to you and (b) Loyalist may modify features of the Services from time to time at Loyalist's sole discretion, provided that those modifications will not materially degrade the Services.
  9.         9.Assignment. You may not transfer, assign, or delegate this Agreement nor any right or duty under this Agreement, by operation of law or otherwise, without our prior written consent and any attempted transfer, assignment or delegation without such consent will be void and without effect. This Agreement will be binding upon and enforceable against any successor or permitted assignee.
  10.         10.Waivers. No failure or delay (in whole or in part) on the part of a party to exercise any right or remedy hereunder will operate as a waiver thereof or effect any other right or remedy. All rights and remedies hereunder are cumulative and are not exclusive of any other rights or remedies provided hereunder or by law. The waiver of one breach or default or any delay in exercising any rights will not constitute a waiver of any subsequent breach or default.
  11.         11.Severability. If any provision of this Agreement is invalid, illegal or unenforceable in any jurisdiction, (a) such invalidity, illegality or unenforceability will not affect any other provision of this Agreement or invalidate or render unenforceable such provision in any other jurisdiction, and (b) such provision, in such jurisdiction, will be replaced by a valid, legal and enforceable provision that best reflects the parties’ intent for such first provision.

EXHIBIT A – DATA PROCESSING ADDENDUM

This Data Processing Addendum (“DPA”) is entered into by and between Loyalist and you.  This DPA amends and forms part of the Agreement. This DPA applies where Loyalist Processes Your Personal Data as a Processor on your behalf in connection with providing the Services. This DPA will be effective as of the effective date of the Agreement.  This DPA will terminate automatically upon termination of the Agreement or as earlier terminated pursuant to the terms of this DPA.  

  1.         1.Data Processing And Protection
  2.         1.Limitations on Use. Loyalist will Process Your Personal Data only: (a) in a manner consistent with your documented instructions as specified under Section 1.2 (Instructions); and (b) as required by applicable laws. Without limiting the instructions under Section 1.2, Loyalist will not: (x) retain, use, or disclose Your Personal Data (i) outside of the direct business relationship between the parties or (ii) for any purpose other than for the specific purpose of performing the Services, including retaining, using, or disclosing Your Personal Data for a commercial purpose other than providing the Services; (y) sell or share (as defined by Data Protection Law) Your Personal Data; or (z) combine Your Personal Data with Personal Data Loyalist receives from individuals or other customers, except as permitted by Data Protection Law.
  3.         2.Instructions. You instruct Loyalist to Process Your Personal Data as necessary to provide the Services and as otherwise authorized or permitted under this DPA and the Agreement, including as specified in Attachment 2 (Scope of Processing).  This DPA, the Agreement, and any instructions you provide through configuration tools made available by Loyalist constitute your documented instructions regarding Loyalist’s Processing of Your Personal Data.  Additional instructions you provided (if any) require prior written agreement by you and Loyalist, including agreement on any additional fees to carry out such instructions.  You will not instruct Loyalist to perform any Processing of Your Personal Data that violates any Data Protection Law. Loyalist may suspend Processing based upon any of your instructions that Loyalist reasonably suspects violate Data Protection Law.  
  4.         3.Compliance. Each party will comply with its obligations under Data Protection Law. Loyalist shall notify you promptly upon determining that it cannot meet its obligations under Data Protection Law. Upon receiving written notice from you that Loyalist has Processed Your Personal Data without authorization, Loyalist will take reasonable and appropriate steps to stop and remediate such Processing.
  5.         4.Confidentiality. Loyalist will ensure that persons authorized by Loyalist to Process any Your Personal Data are subject to appropriate confidentiality obligations.
  6.         5.Security. Loyalist will implement and maintain appropriate technical and organizational measures designed to protect Your Personal Data against Security Incidents and provide the level of protection required by Data Protection Law.
  7.         6.Disposal. At your choice, Loyalist will (or will enable you via the Services to) delete (and will delete existing copies of) all Your Personal Data after the end of the provision of Services (unless Data Protection Law requires the storage of such Your Personal Data by Loyalist, in which case Loyalist will only further retain and Process such Your Personal Data for the limited duration and purposes required by such Data Protection Law).
  8.         7.Deidentified Data. You authorize Loyalist to Process Deidentified Data to improve the Services.  Loyalist will (a) take reasonable measures to ensure the Deidentified Data cannot be associated with a Data Subject and (b) publicly commit to maintain and use Deidentified Data in deidentified form and not attempt to reidentify Deidentified Data except to assess the sufficiency of the deidentification process.

2.Data Processing Assistance

  1.         1.Data Subject Rights Assistance. You shall be responsible for responding to requests from Data Subjects to exercise rights under Data Protection Law relating to Your Personal Data (each a “Data Subject Request”).  You will inform Loyalist of any Data Subject request that Loyalist must comply with and provide the information necessary for Loyalist to comply with the request.  Loyalist will, to the extent permitted by Data Protection Law, notify you without undue delay if Loyalist receives a Data Subject Request.  To the extent you do not have the ability to address the Data Subject Request through the Services, Loyalist will, upon your request, provide commercially reasonable efforts to assist you in responding to such Data Subject Request, to the extent the response to such Data Subject Request is required under Data Protection Law.
  2.         2.Security Assistance. Taking into account the nature of Processing and the information available to Loyalist, Loyalist will provide commercially reasonable efforts to assist you in your efforts to comply with your obligations to secure Your Personal Data by providing the information and assistance described in Section 3 (Audits).  
  3.         3.Security Incident Notice and Assistance. Loyalist will notify you without undue delay after becoming aware of a Security Incident.  Loyalist will further take commercially reasonable steps to mitigate the effects and minimize any impact from the Security Incident.  Taking into account the nature of Processing and the information available to Loyalist, Loyalist will reasonably assist you in complying with your notification obligations imposed under Data Protection Law in connection with any Security Incident.  
  4.         4.Data Protection Impact Assessment (“DPIA”) and Prior Consultation Assistance. Taking into account the nature of Processing and the information available to Loyalist, Loyalist will reasonably assist you in complying with the obligations related to DPIAs and consulting with regulatory authorities.
  1.         3.Audits
  1.         1.General Assistance. Subject to Section 3.3 (Conducting Audits), Loyalist will make available to you information necessary to demonstrate compliance with its obligations in this DPA.  Any such information or results of audits will be deemed the confidential information of Loyalist under the Agreement.
  2.         2.Loyalist Reports. Loyalist may procure summaries of independent audits by third parties to assess Loyalist’s adherence to the following standards or requirements: (a) SOC 2 Type II (or reports or other documentation describing the controls implemented by Loyalist that replace or are substantially equivalent to SOC 2 Type II); (b) ISO 27001 (or certifications or other documentation evidencing compliance with such alternative standards as are substantially equivalent to ISO 27001); and/or (c) PCI DSS Service Provider Level 1 (or certifications or other documentation evidencing compliance with such alternative standards as are substantially equivalent to PCI DSS) (collectively, “Reports”).  Subject to the confidentiality obligations in the Agreement, Loyalist will provide you with a copy of Loyalist’s then-current Reports as reasonably requested no more than once per year.
  3.         3.Conducting Audits. You agree to exercise its audit rights by first requesting the Reports as described in Section 3.2 (Loyalist Reports).  You will only request additional information or an on-site audit of Loyalist to the extent the information provided by Loyalist is not reasonably sufficient to enable you to evaluate Loyalist’s compliance with this DPA and/or Data Protection Law.  Except in the event of a Security Incident or regulatory investigation, you will provide no less than 30 days' advance notice of your request for an on-site audit and will cooperate in good faith with Loyalist to schedule any such audit on a mutually agreed upon date and time (such agreement not to be unreasonably withheld by either party). Any such on-site audit must occur during Loyalist’s normal business hours and be conducted by a nationally recognized independent auditor.  You will be responsible for ensuring that the auditor will: (a) comply with reasonable and applicable on-site policies and procedures provided by Loyalist, (b) sign a standard confidentiality agreement with Loyalist, and (c) not unreasonably interfere with Loyalist’s business activities. You will provide a written summary of any audit findings to Loyalist, and the results of the audit will be the confidential information of Loyalist.  
  1.         4.Subprocessors
  1.         1.Appointment of Subprocessors. You authorize Loyalist to use subcontractors to Process Your Personal Data in connection with providing the Services (each, a “Subprocessor”).  You consent to Loyalist’s appointment of the Subprocessors identified on Attachment 3 (the “Subprocessor List”).
  2.         2.Objection Right for New Subprocessors.
  3.         1.  Loyalist will notify you of its intent to update the Subprocessor List at least 15 days prior to engaging a new Subprocessor. You may object to Loyalist’s use of a new Subprocessor within 10 days of receiving such notice by sending an e-mail to hello@eatloyalist.comclearly indicating its desire to object to any such change.  
  4.         2.  If you object to the change in Subprocessors, Loyalist and you will cooperate in good faith to resolve your objection.  If the parties unable to resolve your objection within 10 days, then either party may terminate the Agreement only with respect to those Services that Loyalist indicates cannot be provided without the objected-to Subprocessor.
  1.         3.Liability. Loyalist will impose data protection obligations upon any Subprocessor that are no less protective of Your Personal Data than those included in this DPA.  Loyalist will remain liable to you for any breach of such obligations by its Subprocessors as it would for its own acts and omissions.
  1.         5.Limitation Of Liability

Each party’s and all of its affiliates’ liability, taken together in the aggregate, arising out of or related to this DPA, whether in contract, tort, or under any other theory of liability, is subject to the limitation of liability in the Agreement. Nothing in this section is intended to restrict the rights of data subjects under Data Protection Law.

  1.         6.Miscellaneous

Except as specifically amended and modified by this DPA, the terms and provisions of the Agreement remain unchanged and in full force and effect. No supplement, modification, or amendment of this DPA will be binding unless executed in writing by each party to this DPA.  

Attachment 1: Definitions

For purposes of this DPA, the following terms will have the meaning ascribed below:

CCPA” means the California Consumer Privacy Act of 2018, including (a) as amended by the California Privacy Rights Act of 2020 or otherwise and (b) any regulations promulgated thereunder.

Controller” means “controller” and “business” (and analogous variations of such terms) under Data Protection Law.

Data Protection Law” means the CCPA, the Colorado Privacy Act, the Connecticut Act Concerning Personal Data Privacy and Online Monitoring, the Virginia Consumer Data Protection Act, the Utah Consumer Privacy Act, and any other state, federal, or local data protection or privacy laws that apply to Loyalist’s Processing of Your Personal Data.

Deidentified Data” means information that cannot reasonably be linked to or associated with you or any Customer.

Personal Data” means “personal data” and “personal information” (and analogous variations of such terms) under Data Protection Law.

Process” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, extending further to such operation or operations under Data Protection Law.

Processor” means “processor” and “service provider” (and analogous variations of such terms) under Data Protection Law.

Security Incident” means “personal data breach” and “security incident” (and analogous variations of such terms) under Data Protection Law.  

Your Personal Data” means Personal Data that Loyalist Processes on your behalf in connection with providing the Services as described in Attachment 2. Your Personal Data excludes any information provided by Customers to Loyalist pursuant to Loyalist’s privacy policy, such as information a Customer provides to create a Loyalist account.

Attachment 2 - Scope of Processing

Subject-Matter and Duration of Processing

Loyalist Processes Your Personal Data in the course of providing the Services in accordance with the Agreement and until the Agreement terminates or expires.

Nature and Purpose of Processing

Loyalist will store and analyze Your Personal Data, among other Processing activities.

Types of Your Personal Data

Loyalist will Process contact information (e.g., names, phone numbers, and email addresses) and reservation history information (e.g., dates and times of reservations, participation in special events, etc.).

Categories of Data Subjects

The data subjects will include Customers.  

Special Categories of Data (as applicable)

Not applicable.

Period of Data Retention

Loyalist will retain the Personal Data until the termination of the Agreement, unless otherwise agreed to by the parties.

Attachment 3 - Subprocessor List

Subprocessor Name

Services Performed

Countries where Subprocessor will Process Your Personal Data

Cros-Border Data Transfer Mechanism

Amazon Web Services

Web hosting

United States

N/A, no cross-border transfer performed

Twilio

SMS, email + voice services

United States

N/A, no cross-border transfer performed

-  -