This US State Data Processing Addendum (State DPA) is entered into between Actonia, Inc., a Illinois corporation (Actonia), and the customer agreeing to this State DPA (Customer) and is incorporated into and governed by the terms of the Master Subscription and Services Agreement between the parties (Agreement).
To the extent state data protection statutes (State Data Protection Laws) apply to Customer’s Personal Information, the parties must comply with the following terms.
1. DEFINITIONS.
Any capitalized term not defined in this State DPA will have the meaning given to it in the Agreement.
● Affiliate means any entity that directly or indirectly controls, is controlled by, or is under common control of a party. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of a party.
● Controller means Customer, the entity which determines the purposes and means of the processing of Personal Data.
● Personal Information or Personal Data means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, or any information that is linked or reasonably linkable to an identifiable natural person or an identified or identifiable individual.
● Processor means Actonia, the entity which Processes Personal Data on behalf of Controller.
● Sub-processor means any third party (including Actonia’s Affiliates) engaged by Actonia to process Personal Data under this State DPA in the provisioning of Services to Customer.
● Services means the web subscription services provided by Actonia to Customer pursuant to the Agreement.
2. PURPOSE.
a. Actonia has agreed to provide Services to Customer in accordance with the terms of the Agreement. In providing Services, Actonia will process Personal Data on behalf of Customer. Actonia will process and protect such Personal Data in accordance with the terms of this State DPA and the State Data Protection Laws.
b. With respect to Personal Data under this State DPA, the parties agree that Customer is the ‘data controller’ and Actonia is the ‘data processor’. Customer will comply with its obligations as a Controller and Actonia will comply with its obligations as a Processor under this State DPA.
c. Where a Customer’s Affiliate or a Customer client is the controller with respect to certain Personal Data, Customer represents and warrants to Actonia that it is authorized to instruct Actonia and otherwise act on behalf of such Customer’s Affiliate or a Customer’s client in relation to Personal Data in accordance with the Agreement and this State DPA.
3. SCOPE.
a. In providing Services to Customer pursuant to the terms of the Agreement, Actonia will treat Personal Data as confidential and will only process Personal Data on behalf of Customer, and only to the extent necessary to provide Services and in accordance with the Customer’s instructions as documented in the Agreement and this State DPA.
b. Actonia and Customer must take steps to ensure that any natural person acting under the authority of Customer or Actonia who has access to Personal Data does not process the Personal Data except as specified in this State DPA unless required to do so by State Data Protection Laws.
4. LIMITATIONS ON USE OF PERSONAL INFORMATION
a. General Limits. Actonia will limit Personal Information collection, use, retention, and disclosure to activities reasonably necessary and proportionate to achieve Services.
b. Specific Limits. Actonia may not:
- Retain, use, or disclose any Personal Information provided by or on Customer’s behalf or collected by Actonia on Customer’s behalf for any purpose other than (i) providing Services as directed by Customer under the terms of the Agreement; (ii) complying with Actonia’s legal obligations; or (iii) as allowed by applicable State Data Protection Laws,
- Sell or share Personal Information, and
- Combine Personal Information with any Personal Information it receives from another entity or collects on its own.
- Non-Compliance Notice. Actonia will advise Customer if Actonia determines it can no longer meet its obligations under the applicable State Data Protection Laws.
5. ACTONIA'S OBLIGATIONS
a. Customer’s Additional Rights. To the extent required by the State Data Protection Laws, Customer has the right to take reasonable and appropriate steps to: (i) help ensure that Actonia uses Personal Information transferred in a manner consistent with the Customer’s obligations under State Data Protection Laws; and (ii) upon notice (including under Section 4(c) above), to stop and remediate unauthorized use of Personal Information.
b. Confidentiality. Actonia will ensure through a nondisclosure agreement that any persons accessing or processing Personal Information are subject to a duty of confidentiality with respect to the Personal Information.
c. Sub-processors. Customer authorizes Actonia to disclose or transfer Personal Information to or allow access to Customer’s Personal Information by Sub-processors (i.e., subcontractors) solely for purposes of providing Services under the Agreement.
- Flow down. Prior to any disclosure, Actonia will impose on the Sub-processor, in writing, obligations concerning Personal Information as required by the State Data Protection Laws.
- New Sub-processors and Objections. Upon request, Actonia will give Customer a list of each Sub-processor used. Customer may object to Actonia ’s use of a new Sub-processor by notifying Actonia in writing within 30 days after receipt of a notice from Actonia regarding any new Sub-processor. If Customer objects to a new Sub-processor as permitted in the preceding sentence, Actonia will use commercially reasonable efforts to make available to Customer a change in Services or recommend a change to Customer’s configuration or use of Services, to avoid processing of Personal Information by the objected-to new Sub-processor without unreasonably burdening Customer. If Actonia is unable to make available such change in Services or to recommend such a change to Customer’s configuration or use of Services that is reasonably satisfactory to Customer, within a reasonable period of time (which shall in no event exceed 30 days), Customer may terminate the applicable orders or SOW by providing written notice to Actonia. In such event, Actonia will refund to Customer any prepaid fees covering the remainder of the term of such orders or SOW following the effective date of termination.
d. Assistance. To the extent Customer, in its use of Services, cannot address a consumer's request from within the Service, Actonia must, upon Customer’s request, and to the extent possible, provide commercially reasonable efforts to assist Customer in responding to such consumer request, to the extent Actonia is legally permitted to do so and the response to such consumer request is required under the State Data Protection Laws. Actonia must also assist Customer in meeting its obligations under the State Data Protection Laws.
6. CUSTOMER'S OBLIGATIONS
a. Compliance. Customer represents and warrants, in its use of Services, that it will comply with applicable State Data Protection Laws, including any applicable requirements to provide notice to or obtain consent from consumers for processing by Actonia. All Affiliates of Customer who use Services will comply with the obligations of Customer set out in this State DPA.
b. Compliance. Upon Customer’s reasonable request, Actonia will make available to Customer all information in its possession necessary to demonstrate Actonia’s compliance with its privacy obligations.
c. Quality, Legality, and Accuracy of Personal Information. Customer represents and warrants that, as having sole responsibility for the quality, legality, and accuracy of Personal Information, it has obtained all necessary permissions and authorizations necessary to permit Actonia, its Affiliates, and Sub-processors, to exercise their rights or perform their obligations under this State DPA.
7. NOTIFICATION OF SECURITY BREACH
a. Security Measures. In order to protect the Customer’s Personal Information, Actonia will (i) implement and maintain all reasonable security measures appropriate to the nature of the Personal Information, including, without limitation, technical, physical, administrative, and organizational controls, and will maintain the confidentiality, security, and integrity of such Personal Information; (ii) implement and maintain industry standard systems and procedures for detecting, preventing, and responding to attacks, intrusions, or other systems failures, and regularly test or otherwise monitor the effectiveness of the safeguards’ key controls, systems, and procedures; (iii) designate an employee or employees to coordinate implementation and maintenance of its security measures; and (iv) identify reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of the Customer’s Personal Information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assess the sufficiency of any safeguards in place to control these risks.
b. Notice of Data Breach. If Actonia knows or has a confirmed suspicion that the Customer’s Personal Information has been accessed, disclosed, or acquired without proper authorization and contrary to the terms of this State DPA, Actonia will alert Customer of any such data breach within 2 business days, and immediately take such actions as may be necessary to preserve forensic evidence and eliminate the cause of the data breach. Actonia will give the highest priority to immediately correcting any data breach and will devote such resources as may be required to accomplish that goal. Actonia will provide Customer with all information necessary to enable Customer to fully understand the nature and scope of the data breach. To the extent that Customer, in its sole reasonable discretion, deems it warranted, Customer may provide notice to any or all parties affected by any data breach. In such case, Actonia will consult with Customer in a timely fashion regarding appropriate steps required to notify third parties. Actonia will provide Customer with information about what Actonia has done or plans to do to minimize any harmful effect or the unauthorized use, disclosure of, or access to, Personal Information.
8. AUDIT
a. Cooperation Regarding Assessments. Actonia will allow, and cooperate with, reasonable assessments by Customer or Customer’s designated assessor. Alternatively, if required by the applicable State Data Protection Laws, Actonia may arrange for a qualified and independent assessor to assess Actonia’s policies and technical and organizational measures in support of Actonia’s privacy obligations under the State Data Protection Laws using appropriate and accepted control standard or framework and assessment procedure for such assessments.
b. Method. Any audit conducted under this State DPA by Customer will consist of an examination of the most recent reports, certificates, or extracts prepared by an independent auditor. If this is not sufficient in the reasonable opinion of Customer, Customer may conduct a more extensive audit which will be: (i) at Customer’s expense; (ii) limited in scope to matters specific to Customer and agreed in advance; (iii) carried out during Actonia’s business hours and upon reasonable notice which must be not less than 4 weeks unless an identifiable material issue has arisen; and (iv) conducted in a way which does not interfere with Actonia’s day-to-day business. Any such audit must be conducted remotely, except Customer or its regulatory agency, or both, may conduct an on-site audit at Actonia’s premises if required by the State Data Protection Laws. In no event will any audit of a Sub-processor, beyond a review of reports, certifications, and documentation made available by the Sub-processor, be permitted without the Sub-processor’s consent.
c. Frequency. Customer may not perform an audit more than once in any 12-month period.
9. DELETION AND RETURN OF PERSONAL INFORMATION
At Customer’s request prior to termination or expiration of an order or SOW, Actonia will delete or make available for return all Personal Information to Customer as described in the Agreement, unless retention of the Personal Information is required by a law applicable to Actonia. Where any Personal Information is retained beyond termination, Personal Information must be treated as confidential and will no longer be actively processed.
10. MISCELLANEOUS
a. The term of this State DPA continues for the duration of the Agreement, and this State DPA will automatically terminate upon the termination or expiration of the Agreement.
b. This State DPA is governed by the terms of the Agreement between the parties. All terms not defined in this State DPA have the meanings ascribed to such terms in the Agreement. If there is a conflict between this State DPA and the Agreement, this State DPA governs, except that in all instances the limitation of liability and disclaimer of damages in the agreement applies. This State DPA and the Agreement constitute the entire agreement between the parties and supersede all prior or contemporaneous negotiations, agreements, and representations, whether oral or written, related to this subject matter. No modification or waiver of any term of this State DPA is effective unless both parties sign it.
Rankings
Interactive rank tracking with unlimited competitors.
Content
AI insights and GenAI writer meets SEO performance.
Technical
Crawlability, indexation, rankings, traffic, etc. across URL(s).
Research
Instant topic, content, and competitor gaps.
Analytics
Where rankings, traffic, and business impact meet.
Monitor Visibility
Track brand citations and mentions in AI search.
