SCHOLARS INC DBA ABODE
SAAS TERMS AND CONDITIONS

Last revised on: July 7, 2025

These Scholars Inc dba Abode SaaS Terms and Conditions (“Terms and Conditions”) include and incorporate the SaaS Services Order Form (“Order Form”), (collectively, the “Agreement”). These Terms and Conditions set forth terms additional to, and not in lieu of the Order Form or Services Agreement. Capitalized terms used but not defined herein shall have the same meanings as set forth in the Order Form or Services Agreement. 

  1. SUBSCRIPTION TO THE SERVICE
    1. Subject to the Agreement, Scholars Inc dba Abode (“Abode”) will use commercially reasonable efforts to provide Customer access to Abode’s digital connectivity software as a service that helps companies create engaging recipient experiences (the “Platform”), and all of the “Services” set forth herein and in Customer’s Order Form (as used herein, the “Services” shall include the Platform and the Software (defined below)). Access and use of the Platform shall be limited to the Service Capacity set forth on the Order Form. Abode shall provide the Services to Customer, and provide Customer with training, implementation, and support services related thereto, on the terms and subject to the conditions set forth in this Agreement.

  1. RESTRICTIONS AND RESPONSIBILITIES
    1. During the Term and subject to Customer’s compliance with the Agreement, Abode will provide Customer and its employees, contractors, or agents that Customer has authorized to use the Services (collectively, the “Authorized Users”)  with the right to access and use the Services in accordance with this Agreement (including the terms and conditions contained in any relevant Order Form); provided that Customer shall be any liable for breach of this Agreement by its Authorized Users. With respect to the Software that is distributed or provided to Customer for use on Customer premises or Equipment, Abode hereby grants Customer a limited, non-exclusive, non-transferable (except as expressly set forth in this Agreement), non-sublicensable license to use such Software during the Term only in connection with the Services.
    2. Customer will not, directly or indirectly: reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, ideas, know-how or algorithms relevant to the Services (including the Platform) or any software, documentation or data related to the Services (“Software”); modify, translate, or create derivative works based on the Services or any Software (except to the extent expressly permitted by Abode or authorized within the Services); use the Services or any Software for timesharing or service bureau purposes or otherwise for the benefit of a third party; remove any proprietary notices or labels; use the Services to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy rights; use the Services to store or transmit viruses, worms, time bombs, Trojan horses and other harmful or malicious code, files, scripts, agents or programs (collectively, “Malicious Code”); upload, share, or distribute any content composed of minors, inappropriate language, and/or any content promoting bigotry, racism or discrimination based on race, gender, religion, nationality, disability, sexual orientation, or age;  and/or intentionally interfere with or disrupt in any manner with the operation of the Services or the Software.
    3. Further, Customer may not remove or export from the United States or allow the export or re-export of the Services, Software or anything related thereto, or any direct product thereof in violation of any restrictions, laws or regulations of the United States Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control, or any other United States or foreign agency or authority.  As defined in FAR section 2.101, the Software and documentation are “commercial items” and according to DFAR section 252.227-7014(a)(1) and (5) are deemed to be “commercial computer software” and “commercial computer software documentation.”  Consistent with DFAR section 227.7202 and FAR section 12.212, any use modification, reproduction, release, performance, display, or disclosure of such commercial software or commercial software documentation by the U.S. Government will be governed solely by the terms of this Agreement and will be prohibited except to the extent expressly permitted by the terms of this Agreement. 
    4. Customer covenants and warrants that Customer will use the Services only in compliance with Abode’s standard published policies in effect as of the date of this Agreement and all applicable laws and regulations. Customer hereby agrees to indemnify and hold harmless Abode against any damages, losses, liabilities, settlements and expenses (including reasonable attorneys’ fees) in connection with any claim or action that arises from an actual violation of the foregoing directly resulting from Customer’s use of Services. Although Abode has no obligation to monitor Customer’s use of the Services, Abode may do so and may prohibit any use of the Services it reasonably believes actually is in violation of this Agreement.
    5. Customer shall be responsible for obtaining and maintaining any equipment and ancillary services needed to connect to, access or otherwise use the Services, including, without limitation, modems, hardware, servers, software, operating systems, networking, web servers and the like (collectively, “Equipment”).  Customer shall also be responsible for maintaining the security of the Equipment, Customer account, passwords (including but not limited to administrative and user passwords) and files, and for all uses of Customer account or the Equipment with Customer’s knowledge or consent.
  2. CONFIDENTIALITY 
    1. Each party (the “Receiving Party”) understands that the other party (the “Disclosing Party”) has disclosed or may disclose business, technical or financial information relating to the Disclosing Party’s business that a reasonable person would consider confidential based on the nature of the information or the circumstances surrounding its disclosure or which is marked as “confidential” or “proprietary” by the Disclosing Party (hereinafter referred to as “Proprietary Information” of the Disclosing Party). Proprietary Information of Abode includes non-public information regarding features, functionality and performance of the Service. Proprietary Information of Customer includes non-public Customer Data (as defined below) provided by Customer to Abode to enable the provision of the Services. The Receiving Party agrees: (a) to take reasonable, but no less than industry standard, precautions to protect such Proprietary Information; and (b) not to use (except as necessary in performance of the Services or as otherwise permitted herein) or divulge to any third person any such Proprietary Information.  The Disclosing Party agrees that the foregoing shall not apply with respect to any information after five (5) years following the disclosure thereof or any information that the Receiving Party can document: (i) is or becomes generally available to the public through no fault of the Receiving Party; or (ii) was in its possession or known by it prior to receipt from the Disclosing Party; or (iii) was rightfully disclosed to it without restriction by a third party; or (iv) was independently developed without use of any Proprietary Information of the Disclosing Party; or (v) is required to be disclosed by law. 

  1. INTELLECTUAL PROPERTY
    1. Abode shall own and retain all right, title and interest in and to: (a) the Services; (b) the source code and object code underlying the Services and the underlying structure, ideas, know-how or algorithms relevant to the Services; (c) any software, documentation, data (other than Customer Data), applications, inventions or other technology related to or developed in connection with the Services; (d) all improvements, enhancements, or modifications to any of the foregoing (whether or not based upon any suggestions, enhancement requests, recommendations or other feedback provided by Customer relating to the Services and/or resulting from incorporation of Customer Data or other Customer intellectual property into the Services); and (e) all intellectual property rights related to any of the foregoing (collectively, “Abode IP”), and such Abode IP shall be Abode’s sole and exclusive property. Customer shall have no proprietary interest in the Abode IP, and will not seek, and will require its employees, agents, or subcontractors not to seek, patent, copyright, trademark, registered design, or other protection for any rights in any Abode IP. Customer acknowledges that the Abode IP is protected by intellectual property rights owned by or licensed to Abode. Other than as expressly set forth in this Agreement, no license or other rights in any Abode IP are granted to the Customer.
    2. During the Term, Customer hereby grants Abode a license to use all necessary intellectual property rights of Customer free of charge and on a non-exclusive, worldwide, non-transferable (except as expressly set forth in this Agreement), sublicensable, fully paid-up, royalty-free, solely to the extent necessary to enable Abode to provide the Services. Customer hereby agrees to provide the trademarks, logos, color schemes, and other intellectual property for use by Abode upon request in order to provide the Services. Except as set forth in this Section 4: nothing in this Agreement shall grant or shall be deemed to grant Abode any right, title or interest in or to the Customer’s intellectual property rights. If Customer participates in a podcast or blog article with Abode, then Abode hereby grants Customer a license to use such podcast free of additional charge and on a non-exclusive, worldwide, non-transferable, and non-sublicensable basis to the extent necessary to enable Customer to make reasonable use of the podcast or blog article. Abode may use Customer’s name and logo on Abode’s websites and promotional materials to identify Customer as a user of the Services.

  1. DATA COLLECTION AND USE
    1. As between Customer and Abode, Customer shall own all right, title and interest in and to the Customer Data, as well as any data that is based on or derived from the Customer Data and provided to Customer as part of the Services. As used herein, “Customer Data” means information or data that is submitted, posted, or otherwise transmitted by or on behalf of Customer through the Platform, excluding Aggregated Data. During the Term and subject to the terms of the Agreement, Customer hereby grants Abode an assignable, worldwide, fully paid-up, royalty-free, non-exclusive right and license to use and sub-license the Customer Data for the purposes of providing the Services and to conduct the activities set forth in Section 5.3. Abode will use industry standard technical and organizational measures designed to prevent unauthorized access, use, or disclosure of Customer's Proprietary Information in accordance with Abode's security and privacy policies.
    2. End users (e.g., students and/or recent graduates) who register through the Abode Platform (whether through the main Abode website or through a custom-branded website for Customer) shall own all right, title, and interest in and to their individual student data (collectively, the “Student Data”). Each of Customer and Abode shall have a license to use the Student Data; provided, however, that Customer understands and agrees that such license may be limited or revoked by the student at any time as set forth in the Privacy Policy. Customer acknowledges and agrees that Customer has no right to, and is specifically prohibited from, selling Student Data.
    3. Abode shall have the right to collect and analyze data and other information relating to the provision, use and performance of various aspects of the Services and related systems and technologies (including, without limitation, information concerning Customer Data and Student Data and data derived therefrom, provided any data derived from Customer Data that would enable a third party to identify Customer shall be de-identified and aggregated.) (“Aggregated Data”), and Abode will be free (solely during the Term) to use Aggregated Data to improve and enhance the Services, the Platform, and the Software, and for other development, diagnostic and corrective purposes in connection with the Services and other Abode offerings and to disclose such data solely in aggregate or other de-identified form in connection with its business; provided, that, in any event, Abode may not identify Customer or any of its employees or consultants in connection with any such disclosures. Abode shall not disclose to any third party any Aggregated Data that reveals or discloses Customer’s Proprietary Information or the identity of the Customer.
  2. PAYMENT OF FEES
    1. Customer will pay Abode the then applicable fees described in the Order Form for the Services in accordance with the terms therein (the “Fees”). If Customer’s use of the Services exceeds the Service Capacity set forth on the Order Form or otherwise requires the payment of additional fees (per the terms of this Agreement), Customer shall be billed for such usage and Customer agrees to pay the additional fees in the manner provided on the Order Form. Abode reserves the right to change the Services Fees and to institute new charges and Fees at the end of the Initial Service Term or then current renewal term, upon thirty (30) days prior notice to Customer (which may be sent by email), provided such Fees shall not increase more than the greater of (a) 7%, or (b) an amount equal to the change in the National Consumer Price Index, published by the United States Bureau of Labor Statistics over the preceding year,  during any renewal. If Customer believes that Abode has billed Customer incorrectly, Customer must contact Abode no later than 60 days after the closing date on the first billing statement in which the error or problem appeared, in order to receive an adjustment or credit. Inquiries should be directed to info@abodehr.com. Customer may withhold any and all payment of Fees that Customer disputes in good faith, pending resolution of such dispute. Abode shall not fail to perform any obligation hereunder by reason of Customer’s good faith withholding of any Fees in accordance with this section.
    2. Except as provided for good faith disputes above, Abode may choose to bill through an invoice, in which case, full payment for invoices issued in any given month must be received by Abode thirty (30) days after the mailing date of the invoice. Unpaid amounts are subject to a finance charge of 1.5% per month on any outstanding balance, or the maximum permitted by law, whichever is lower, plus all expenses of collection and may result in immediate termination of Service. Customer shall be responsible for all taxes associated with Services other than U.S. taxes based on Abode’s net income.
    3. Each party shall be solely responsible for the payment of all applicable federal and state taxes, including any sales, use, excise, or transfer taxes, associated with payments to it under this Agreement, except for taxes assessed on the other party’s net income.
  3. TERM AND TERMINATION
    1. Subject to earlier termination as provided below, this Agreement shall commence on the Effective Date and shall remain in force and effect for so long as the current or any subsequent Order Form for the Services that references this Agreement is in effect.
    2. Subsequent to the Initial Service Term, Customer may terminate this Agreement and/or any applicable order form upon forty-five (45) days’ prior written notice to Abode. 
    3. In addition to any other remedies it may have, either party may also terminate this Agreement for cause upon notice in the event the other party breaches any material term of this Agreement and fails to cure such breach within thirty (30) days of the non-breaching party’s notice thereof; provided that the cure period for any default with respect to payment of Fees shall be five (5) business days.  Upon Termination, Customer will pay in full for all Services listed in the Order Form(s) that are payable in arrears. In the event that the Agreement is terminated prior to the end of the Term due to Abode’s material breach, Abode shall issue a pro-rated refund to Customer for any prepaid fees attributable to the period after the effective date of termination. All sections of this Agreement which by their nature should survive termination will survive termination, including, without limitation, accrued rights to payment, confidentiality obligations, warranty disclaimers, and limitations of liability.
    4. Subject to Title 11 of the United States Code, if either party becomes or is declared insolvent or bankrupt, is the subject of any proceedings relating to its liquidation, insolvency, or for the appointment of a receiver or similar officer for it, or makes an assignment for the benefit of any creditor, then the other party may terminate this Agreement, including the applicable Order Form, upon 30-days’ written notice.
  4. WARRANTY AND DISCLAIMER

Abode shall use best efforts consistent with prevailing industry standards to maintain the Services in a manner which minimizes errors and interruptions in the Services. Services may be temporarily unavailable for scheduled maintenance or for unscheduled emergency maintenance, either by Abode or by third-party providers, or because of other causes beyond Abode’s reasonable control, but Abode shall use best efforts to provide advance notice in writing or by e-mail of any scheduled service disruption. Abode further represents and warrants that the Services do not contain any virus or other malicious code. ABODE DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR FREE; NOR DOES IT MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM USE OF THE SERVICES.  EXCEPT AS EXPRESSLY SET FORTH IN THIS SECTION, THE SERVICES AND IMPLEMENTATION SERVICES ARE PROVIDED “AS IS” AND ABODE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED FROM ABODE OR ELSEWHERE SHALL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THIS AGREEMENT.

  1. INDEMNITY 
    1. By Abode. Abode shall indemnify, defend, and hold Customer and its officers, directors, employees and agents (“Customer Indemnified Parties”) against any loss, liability, judgment, penalty, damage or expense (including reasonable attorneys’ fees and costs) awarded by a court of competent jurisdiction or agreed to in a good faith settlement (“Losses”) resulting from any third-party claim, suit, action or other proceeding (an “Action”) brought against any Customer Indemnified Party alleging or arising out of an allegation: (i) that the Services (excluding any Customer or any third party products or content) infringes any intellectual property right of any third party, including, without limitation, patent, trademark or copyright, except to the extent an Action results from an unauthorized use, modification, or combination thereof by a Customer Indemnified Party; or (ii) of a breach of Abode’s confidentiality obligations set forth in Section 3. [The foregoing obligations do not apply with respect to portions or components of the Service (a) not supplied by Abode, (b) that are modified after delivery by Abode to remedy the infringement claim, (c) where Customer continues allegedly infringing activity after being notified thereof or after being informed of modifications that would have avoided the alleged infringement, or (f) where Customer’s use of the Service is not strictly in accordance with this Agreement.  If, due to a claim of infringement, the Services are held by a court of competent jurisdiction to be or are believed by Abode to be infringing, Abode may, at its option and expense (i) replace or modify the Service to be non-infringing provided that such modification or replacement contains substantially similar features and functionality, (ii) obtain for Customer a license to continue using the Service, or (iii) if neither of the foregoing is commercially practicable, terminate this Agreement and Customer’s rights hereunder and provide Customer a refund of any prepaid, unused fees for the Service in addition to a reimbursement for any resulting damages and costs Customer incurs as a result of  such claims.]
    2. By Customer. Customer shall indemnify, hold harmless, and defend Abode and its officers, directors, employees, and agents (“Abode Indemnified Parties”) against any Losses resulting from any third-party Action brought against any Abode Indemnified Party alleging or arising out of an allegation (i) that the Customer’s unauthorized use, modification, or combination thereof of the Services by a Abode Indemnified Party infringes any intellectual property right of any third-party, including, without limitation, patent, trademark, or copyright; or (ii) of a breach of Customer’s confidentiality obligations as set forth in Section 3.  
  2. LIMITATION OF LIABILITY

NOTWITHSTANDING ANYTHING TO THE CONTRARY, EXCEPT FOR BODILY INJURY OF A PERSON OR LIABILITY DUE TO ABODE’S WILFULL MISCONDUCT OR FRAUD, ABODE AND ITS OFFICERS, AFFILIATES, REPRESENTATIVES, AND EMPLOYEES SHALL NOT BE RESPONSIBLE OR LIABLE WITH RESPECT TO ANY SUBJECT MATTER OF THIS AGREEMENT OR TERMS AND CONDITIONS RELATED THERETO UNDER ANY CONTRACT, NEGLIGENCE, STRICT LIABILITY OR OTHER THEORY: (A) FOR ERROR OR INTERRUPTION OF USE OR FOR LOSS OR INACCURACY OR CORRUPTION OF DATA OR COST OF PROCUREMENT OF SUBSTITUTE GOODS, SERVICES OR TECHNOLOGY OR LOSS OF BUSINESS; (B) FOR ANY INDIRECT, EXEMPLARY, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES; (C) FOR ANY MATTER BEYOND ABODE’S REASONABLE CONTROL; OR (D) FOR ANY AMOUNTS THAT, TOGETHER WITH AMOUNTS ASSOCIATED WITH ALL OTHER CLAIMS, EXCEED THE FEES PAID BY CUSTOMER TO ABODE FOR THE SERVICES UNDER THIS AGREEMENT IN THE 12 MONTHS PRIOR TO THE ACT THAT GAVE RISE TO THE LIABILITY(OR IF THE AGREEMENT HAS BEEN ACTIVE FOR LESS THAN 12 MONTHS, THE AVERAGE MONTHLY FEES EXTRAPOLATED OVER A 12 MONTH PERIOD) (“LIABILITY CAP”), IN EACH CASE, WHETHER OR NOT ABODE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. HOWEVER, WITH RESPECT TO CLAIMS ARISING FROM ABODE’S BREACH OF CONFIDENTIALITY OR INDEMNITY CLAIMS, ABODE’S LIABILITY SHALL NOT EXCEED THREE TIMES THE LIABILITY CAP.

  1. FORCE MAJEURE
Any delay in the performance of any duties or obligations of either party (except the payment of money owed) will not be considered a breach of this Agreement if such delay is caused by an act, event, or occurrence beyond such party’s reasonable control, including, without limitation, acts of God, fires, floods, storms, landslides, epidemics, pandemics, lightning, earthquakes, drought, blight, famine, quarantine, blockade, governmental acts or inaction, orders or injunctions, war, insurrection or civil strife, sabotage, explosions, labor strikes, work stoppages, acts of terror, or outages or issues with upstream providers or network carriers (any such event, a “Force Majeure Event”), provided that such party uses reasonable efforts, under the circumstances, to notify the other party of the cause of such delay and to resume performance as soon as commercially feasible.
  1. SERVICE AVAILABILITY & TECHNICAL SUPPORT
Notwithstanding any other terms of service published elsewhere, Abode commits to Customer that the Abode Engagement Platform shall be available 99.9%, measured monthly, excluding scheduled maintenance, but not emergency maintenance. If Abode fails to maintain the above stated 99.9% monthly availability during any four out of 6 consecutive month period during the Term, such failure shall be deemed a material breach of the Agreement for which Customer shall use as grounds for termination of the Agreement.
Abode will provide technical support to Customer via electronic mail on weekdays during the hours of 9:00 am through 5:00 pm Eastern time, with the exclusion of Federal holidays. Customer may initiate a helpdesk ticket by emailing info@abodehr.com. Abode will use best efforts to respond to all helpdesk tickets within 1 business day.
  1. MISCELLANEOUS

If any provision of this Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable. This Agreement is not assignable, transferable or sublicensable by either party without the other party’s prior written consent, except in connection with a corporate reorganization or merger, acquisition, or sale of all or substantially all of its business and/or assets. This Agreement is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements, communications and other understandings relating to the subject matter of this Agreement, and that all waivers and modifications must be in a writing signed by both parties, except as otherwise provided herein. No agency, partnership, joint venture, or employment is created as a result of this Agreement and Customer does not have any authority of any kind to bind Abode in any respect whatsoever.  In any action or proceeding to enforce rights under this Agreement, the prevailing party will be entitled to recover costs and attorneys’ fees. All notices under this Agreement will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by facsimile or e-mail; the day after it is sent, if sent for next day delivery by recognized overnight delivery service; and upon receipt, if sent by certified or registered mail, return receipt requested. This Agreement shall be governed by the laws of the State of Delaware without regard to its conflict of laws provisions. Customer hereby expressly consents to the exclusive personal jurisdiction and venue in the state and federal courts for the county in  Delaware for any action arising from or related to this Agreement. The United Nations Convention on Contracts for the International Sale of Goods does not apply to this Agreement. Customer shall always comply with all international and domestic laws, ordinances, regulations, and statutes that are applicable to its purchase and use of the Services and Software.

DATA PROTECTION ADDENDUM 

1. Introduction 

This Data Protection Addendum (“Addendum”) is entered into and is supplemental to, and made pursuant to, the Abode Terms of Service or other agreement executed between Abode and Customer for Abode’s provision of the Service (the “Agreement”) as of the effective date of such Agreement (“Effective Date”) and is by and between Scholars, Inc. DBA Abode, a Delaware corporation (“Abode”), and the Customer (i.e., “You”) that executed the Agreement. This Addendum applies to Abode’s Processing of Personal Data under the Agreement. Any terms used in this Addendum and not defined will have the meanings given to them in the applicable Agreement.

Customer enters into this Addendum on behalf of itself and, to the extent required under applicable Data Protection Laws and Regulations, in the name and on behalf of its Affiliates to the extent such Affiliates are included and covered under the Agreement with Abode. For the purposes of this Addendum only, and except where indicated otherwise, the term “Customer” shall include Customer and its Affiliates. 

This Addendum has been pre-signed on behalf of Abode. This Addendum shall become legally binding upon Customer entering into the Agreement. 

2. Definitions 

Capitalized terms that are used but not defined in this Addendum have the meanings given in the Agreement. 

a. “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interest of the subject entity. 

b. “Applicable Data Protection Laws” means all applicable privacy and data protection laws and regulations and in each case, as amended, superseded, or replaced from time to time, including, without limitation, the EU General Data Protection Regulation (EU) 2016/679 ("GDPR"); the United Kingdom Data Protection Act 2018; the California Consumer Privacy Act of 2018 and the California Privacy Rights Act ("CCPA"); the Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”); and the Australian Privacy Principles and the Australian Privacy Act (1988). 

c. “Contact Data” means the Personal Data that Abode Processes as a controller, such as account information and payment information. 

d. “Customer Data” means the Personal Data that Abode Processes on behalf of Customer. 

e. “Data Subject” means the identified or identifiable natural person who is the subject of Personal Data or the meaning as set forth in Applicable Data Protection Laws, including similar terms, such as “Consumer” as used in the CCPA. 

f. “Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction and including all "processing" as defined in any Applicable Data Protection Laws. 

g. “Personal Data” means “personal data”, “personal information”, “personally identifiable information” or similar information defined in and governed by Applicable Data Protection Laws. 

h. “Security Incident” means any confirmed unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Customer Data Processed by Abode and/or its Subprocessors in connection with the provision of the Service. Security Incidents do not include unsuccessful attempts or activities that do not compromise the security of Personal Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks or other network attacks on firewalls or networked systems. 

i. “Service-Generated Data” means usage data and metadata that is generated through the use of the Service, including data generated through the use of support. This Addendum applies to Service-Generated Data solely to the extent Service-Generated Data constitutes Personal Data.

j. “Service” means collectively the Website and Mobile Application (each as defined in the Agreement), including all associated content, functionality and services. 

k. “Subprocessor” means any third-party authorized by Abode to Process Customer Data in assistance with fulfilling its obligations with respect to providing the Service under the Agreement or this Addendum. 

3. General; Termination 

a. This Addendum forms part of the Agreement and except as expressly set forth in this Addendum, the Agreement remains unchanged and in full force and effect. If there is any conflict between this Addendum and the Agreement, this Addendum will govern. 

b. Any liabilities arising under this Addendum are subject to the limitations of liability in the Agreement. 

c. This Addendum will be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement, unless required otherwise by Applicable Data Protection Laws. 

d. This Addendum will remain in effect until, and automatically terminate upon, deletion of Customer Data as described in this Addendum. 

4. Relationship of the Parties 

a. Abode as Processor. The parties acknowledge and agree that with regard to the Processing of Customer Data, Customer acts as a controller and Abode is a processor. Abode will process Customer Data under and in accordance with Customer’s instructions as outlined in Section 6 (Role and Scope of Processing). 

b. Abode as Controller. To the extent that any Service-Generated Data is considered Personal Data and as to any Contact Data, Abode is the controller with respect to such data and will Process such data in accordance with its Privacy Policy. 

5. Compliance with Law. Each party will comply with its obligations under Applicable Data Protection Laws with respect to its Processing of Customer Data. 

6. Role and Scope of the Processing 

a. Customer Responsibilities. Customer is solely responsible for obtaining and maintaining all the necessary consents prior to accessing, storing, uploading, processing, or storing Customer Data in the Service. Customer has provided, and will continue to provide, all notices and has obtained, and will continue to obtain, all consents, permissions, and rights necessary under applicable laws, including Applicable Privacy Law, for Abode to lawfully process Customer Data for the purposes contemplated by the Agreement. Customer has complied with all applicable laws, rules, and regulations, including Applicable Privacy Laws, in the collection and provision to Abode and its Subprocessors of such Customer Data.

b. Customer Instructions. Abode will Process Customer Data only in accordance with Customer’s documented, lawful instructions except to the extent required by Applicable Data Protection Laws to which Abode is subject or where Abode becomes aware or believes that Customer’s instructions violate Applicable Data Protection Laws, in which case Abode will notify Customer. By entering into the Agreement, Customer instructs Abode to Process Customer Data to provide the Service and pursuant to any other written instructions given by Customer and acknowledged in writing by Abode as constituting instructions for purposes of this Addendum. Customer acknowledges and agrees that such instruction authorizes Abode to Process Customer Data (a) to perform its obligations and exercise its rights under the Agreement; and (b) to perform its legal obligations and to establish, exercise or defend legal claims in respect of the Agreement. 

7. Subprocessing 

a. Customer specifically authorizes Abode to use its Affiliates as Subprocessors, and generally authorizes Abode to engage Subprocessors to Process Customer Data. In such instances, Abode: 

(i) will enter into a written agreement with each Subprocessor, imposing data protection obligations substantially similar to those set out in this Addendum to the extent applicable to the nature of the services provided by such Sub-processor; and 

(ii) remains liable for compliance with the obligations of this Addendum and for any acts or omissions of the Subprocessor that cause Abode to breach any of its obligations under this Addendum. 

b. A list of Abode’s Subprocessors, including their functions and locations, is available at https://www.abodehr.com/subprocessors, and may be updated by Abode from time to time in accordance with this Addendum. 

c. Customer must email info@abodehr.com to subscribe to notice of new Subprocessors that will be engaged. Abode will notify Customer by updating the list of Subprocessors and, if Customer has subscribed to notices as set forth in the preceding sentence, via email. If, within five (5) calendar days after such notice, Customer notifies Abode in writing that Customer objects to Abode’s appointment of a new Subprocessor based on reasonable data protection concerns, the parties will discuss such concerns in good faith and whether they can be resolved. If the parties are not able to mutually agree to a resolution of such concerns, Customer, as its sole and exclusive remedy, may terminate the Agreement for convenience with no refunds and Customer will remain liable to pay any committed fees in an order form, order, statement of work or other similar ordering document. 

8. Security 

a. Security Measures. Abode will implement and maintain technical and organizational security measures designed to protect Customer Data from Security Incidents and to preserve the security and confidentiality of the Customer Data, in accordance with Abode’s security standards referenced in the Agreement (“Security Measures”). 

b. Customer Responsibility. 

(i) Customer is responsible for reviewing the information made available by Abode relating to data security and making an independent determination as to whether the Service meet Customer’s requirements and legal obligations under Applicable Data Protection Laws. Customer acknowledges that the Security Measures provide a level of security appropriate to the risk in respect of the Customer Data and that they may be updated from time to time upon reasonable notice to Customer to reflect process improvements or changing practices (but the modifications will not materially decrease Abode’s obligations as compared to those reflected in such terms as of the Effective Date). 

(ii) Customer agrees that, without limitation of Abode’s obligations under this Section 8, Customer is solely responsible for its use of the Service, including (a) making appropriate use of the Service to ensure a level of security appropriate to the risk in respect of the Customer Data; (b) securing the account authentication credentials, systems and devices Customer uses to access the Service; (c) securing Customer’s systems and devices that it uses with the Service; and (d) maintaining its own backups of Customer Data. 

c. Security Incident. Upon becoming aware of a confirmed Security Incident, Abode will notify Customer without undue delay unless prohibited by applicable law. A delay in giving such notice requested by law enforcement and/or in light of Abode’s legitimate needs to investigate or remediate the matter before providing notice will not constitute an undue delay. Such notice to Customer will describe, to the extent possible, (a) the details of the Security Incident as known or as reasonable requested by Customer, and (b) the steps taken, deemed necessary and reasonable by Abode, to mitigate the potential risks, to the extent that the remediation is within Abode’s reasonable control. Without prejudice to Abode’s obligations under this Section 8.c., Customer is solely responsible for complying with Security Incident notification laws applicable to Customer and fulfilling any third-party notification obligations related to any Security Incidents. Abode’s notification of or response to a Security Incident under this Section 8.c. will not be construed as an acknowledgement by Abode of any fault or liability with respect to the Security Incident. These obligations will not apply to Security Incidents to the extent they are caused by Customer.

9. Audits and Reviews of Compliance. The parties acknowledge that Customer must be able to assess Abode’s compliance with its obligations under Applicable Data Protection Laws and this Addendum, insofar as Abode is acting as a processor on behalf of Customer. 

a. Abode’s Audit Program. Abode uses external auditors to verify the adequacy of its security measures with respect to its processing of Customer Data. Such audits (e.g., SOC 2 Type 2) are performed at least once annually at Abode’s expense by independent, third-party security professionals at Abode’s selection and result in the generation of a confidential audit report (“Audit Report”). 

b. Customer Audit. Upon Customer’s written request at reasonable intervals, and subject to reasonable confidentiality controls, Abode will make available to Customer a copy of Abode’s most recent Audit Report. Customer agrees that any audit rights granted by Applicable Data Protection Laws will be satisfied by these Audit Reports.

10. Impact Assessments and Consultations. Abode will provide reasonable cooperation to Customer, to the extent Customer does not otherwise have access to the relevant information and such information is available to Abode, in connection with any data protection impact assessment (at Customer’s expense only if such reasonable cooperation will require Abode to assign significant resources to that effort) or consultations with regulatory authorities as required by Applicable Data Protection Laws. 

11. Data Subject Requests. Abode will upon Customer’s request (and at Customer’s expense) provide Customer with such assistance as it may reasonably require to comply with its obligations under Applicable Data Protection Laws to respond to requests from individuals to exercise their rights under Applicable Data Protection Laws (e.g., rights of data access, rectification, erasure, restriction, portability and objection) in cases where Customer cannot reasonably fulfill such requests independently by using the self-service functionality of the Service. If Abode receives a request from a Data Subject in relation to the Processing of their Customer Data, Abode will advise the Data Subject to submit their request to Customer, and Customer will be responsible for responding to any such request. 

12. Return or Deletion of Customer Data 

a. Customers may delete or export Customer Data at any time while using the Service in a manner consistent with the functionality of the Service. Termination or expiration of the Agreement serves as instruction for Abode to delete all Customer Data within a commercially reasonable timeframe as determined by Abode.

b. Notwithstanding the foregoing, Customer understands that Abode may retain Customer Data if required by law, and such data will remain subject to the requirements of this Addendum. 

13. International Provisions 

a. Processing in the United States. Customer acknowledges that, as of the Effective Date, Abode’s primary processing facilities are in the United States. Notwithstanding the foregoing, Customer acknowledges that Abode may in connection with the provision of the Service, need to transfer and process Customer Data to and in the United States and anywhere else in the world where Abode or its Subprocessors maintain data processing operations. Abode will ensure such transfers are made in compliance with the requirements of Applicable Privacy Laws and this Addendum. 

b. Jurisdiction Specific Terms. To the extent that Abode Processes Customer Data originating from and protected by Applicable Data Protection Laws in one of the Jurisdictions listed in Schedule 4 (Jurisdiction Specific Terms), then the terms specified therein with respect to the applicable jurisdiction(s) will apply in addition to the terms of this Addendum. 

c. Cross Border Data Transfer Mechanism. To the extent that Customer’s use of the Services requires an onward transfer mechanism to lawfully transfer personal data from a jurisdiction (i.e., the European Economic Area (“EEA”), the United Kingdom (“UK”), Switzerland or any other jurisdiction listed in Schedule 3) to Abode located outside of that jurisdiction (a “Transfer Mechanism”), the terms and conditions of Schedule 3 (Cross Border Transfer Mechanisms) will apply.

SCHEDULE 1 

SUBJECT MATTER & DETAILS OF PROCESSING 

1. Nature and Purpose of the Processing. Abode will process Personal Data as necessary to provide the Service under the Agreement. Abode does not sell Customer Data (or end user information within such Customer Data) and does not share such end users’ information with third parties for compensation or for those third parties’ own business interests. 

a. Customer Data. Abode will process Customer Data as a processor in accordance with Customer’s instructions as outlined in Section 6.a (Customer Instructions) of this Addendum. 

b. Service-Generated Data and Contact Data. Abode will process Service-Generated Data and Contact Data as a controller for the purposes outlined in Section 4.b (Abode as Controller) of this Addendum.

2. Processing Activities. 

a. Customer Data. Customer Data will be subject to the following basic processing activities: the provision of the Service and disclosures in accordance with the Agreement and/or as compelled by applicable laws. 

b. Service-Generated Data and Contact Data. Personal Data contained in Service-Generated Data and/or Contact Data will be subject to the following processing activities by Abode: Abode may use Service-Generated Data and/or Contact Data to operate, improve and support the Service, to provide marketing and service-related messages and for other lawful business practices, such as analytics, benchmarking and reporting.

3. Duration of the Processing. The period for which Personal Data will be retained and the criteria used to determine that period is as follows: 

a. Customer Data. Prior to the termination of the Agreement, Abode will Process Customer Data in accordance with sections 3 and 12 of this Addendum. 

b. Service-Generated Data and Contact Data. Upon termination of the Agreement, Abode may retain, use, and disclose Service-Generated Data and/or Contact Data for the purposes set forth above in Section 2.b (Service-Generated Data and Contact Data) of this Schedule 1, subject to the confidentiality obligations set forth in the Agreement. Abode will anonymize or delete Personal Data contained within Service-Generated Data and/or Contact Data when Abode no longer requires it for the purpose set forth in Section 2.b (Service-Generated Data and/or Contact Data) of this Schedule 1.

4. Categories of Data Subjects. 

a. Customer Data. Individuals whose Personal Data is included in Customer Data. 

b. Service-Generated Data and Contact Data. Customer’s authorized users with access to an Abode account, customers, suppliers, and end users.

5. Categories of Personal Data. 

a. Customer Data. The categories of Customer Data are: any Customer Data that Customer, or third parties acting on their behalf, may submit to Abode in connection with the performance of the Service, to the extent of which is exclusively determined and controlled by the Customer, such as first and last name, email address, phone number, gender, education, current location, links to third party social media platforms, mailing address, clothing size, IP address and system configuration information. 

b. Service-Generated Data and Contact Data. Abode processes Personal Data within Service-Generated Data and/or Contact Data, such as name, email address, phone number, account preferences, and content of communications with support.

6. Sensitive Data or Special Categories of Data.

a. Customer Data. Customers are prohibited from including sensitive data or special categories of data in Customer Data. 

b. Service-Generated Data and Contact Data. Sensitive data is not contained in Service-Generated Data and/or Contact Data.

SCHEDULE 2 

TECHNICAL & ORGANIZATIONAL SECURITY MEASURES 

Where applicable, this Schedule 2 will serve as Annex II to the Standard Contractual Clauses. The following provides more information regarding Abode’s technical and organizational security measures set forth below. 

Technical and Organizational Security Measures:

1. Measures of pseudonymization and encryption of personal data. 

  • Data encryption at rest is managed by Google Cloud services.
  • The method of encryption is the Advanced Encryption Standard (AES) algorithm, AES-256.
  • Customer Data is encrypted in transit using HTTPS and is logically isolated. 

2. Measures for ensuring ongoing confidentiality, integrity, and availability and resilience of processing systems and services. 

  • Managed by Firebase and Google Cloud Platform services.
  • Abode currently maintains documented security practices for access control to Firebase and GCP admin services and maintain audit logs to those services. 

3. Measures for ensuring the ability to restore availability and access to Personal Data in a timely manner in the event of a physical or technical incident. 

  • Abode’s platform is cloud based, which is managed by Firebase & Google Cloud platform.

4. Processes for regular testing, assessing and evaluating the effectiveness of technical and organisational measures in order to ensure the security of processing. 

  • Abode’s platform is cloud based, all data centers are managed by Google.
  • From an internal controls perspective:
    • Abode uses Apple Business Essentials, Vanta, and NordLayer to manage access to apps and websites for employees. Devices are checked to ensure disk encryption, password managers are utilized, HD is encrypted, VPNs are used, etc. Websites are blocked based on categories.
    • For privileged accounts and email provider Abode enforces a maximum password age of 90 days, 2FA enforced, no password reuse, and lockout after 6 attempts.
    • A password manager is used to enforce the following password requirements:
      • Length: 10+
      • At least 1 of each of the following: Uppercase, lowercase, number, symbols
      • No password reuse

5. Measures for user identification and authorization. 

  • Customer Data is only accessible through the application by authenticated and authorized users of the client. Authentication and authorization of access to such data is managed through Firebase & Google Cloud Platform services.

6. Measures for the protection of data during transmission. 

  • All transmission is managed by Firebase & Google Cloud Platform.
  • Customer Data in transit is encrypted using HTTPS and is logically isolated.

7. Measures for the protection of data during storage. 

  • All Customer Data storage is managed by Firebase and Google Cloud Platform services. Customer Data is encrypted and security rules are utilized to further limit access based on user permissions.

8. Measures for ensuring physical security of locations at which personal data are processed. 

  • Abode’s platform is cloud based, all data centers are managed by Google.

9. Measures for ensuring events logging. 

  • Logs are regularly monitored and are stored for up to three (3) years. Logs are also configured with notifications. 

10. Measures for ensuring systems configuration, including default configuration. 

  • Configurations are managed by Firebase and Google Cloud platform. We follow guidelines from those services. We also complete an annual penetration test.

 

11. Measures for internal IT and IT security governance and management. 

  • Abode uses Apple Business Essentials, Vanta, and NordLayer to manage access to apps and websites for employees. Devices are checked to ensure disk encryption, password managers are utilized, HD is encrypted, VPNs are used, etc. Websites are blocked based on categories.
  • For privileged accounts and email provider we enforce a maximum password age of 90 days, 2FA enforced, no password reuse, and lockout after 6 attempts.
  • A password manager is used to enforce the following password requirements:
    • Length: 10+
    • At least 1 of each of the following: Uppercase, lowercase, number, symbols
    • No password reuse
  • All employees undergo background checks as well as sign a CIIAA and technology use policy. In addition, all employees are required to complete video training for security and privacy awareness.
  • Abode has an excel document for managing inventory and how it is assigned. This includes status to track maintenance and disposal history.
  • Abode’s Mobile Device Policy is included in our Information Security Policy and states the following: 
    • All end-user devices (e.g., mobile phones, tablets, laptops, desktops) must comply with this policy. Employees must use extreme caution when opening email attachments received from unknown senders, which may contain malware. System level and user level passwords must comply with the Access Control Policy. Providing access to another individual, either deliberately or through failure to secure its access, is prohibited.
    • All end-user, personal (BYOD) or company owned devices used to access Scholars, Inc. information systems (i.e. email) must adhere to the following rules and requirements:
      • Devices must be encrypted with a password-protected screensaver.
      • Devices must be locked whenever left unattended.
      • Users must report any suspected misuse or theft of a mobile device immediately to the engineering department.
      • Confidential information must not be stored on mobile devices or USB drives (this does not apply to business contact information, e.g., names, phone numbers, and email addresses).
      • Any mobile device used to access company email must not be shared with any other person.
      • Upon termination employee devices are locked and are either returned immediately in person or they are sent a return label to mail the device back. All information is then wiped from the device. Identity management system is not utilized. Vanta is used to ensure logical access to systems is removed. Abode uses apple business essentials to manage devices but do not utilize an identity management system.

12. Measures for certifications/assurance of processes and products. 

  • Abode is SOC 2 compliant and utilizes Vanta, Snyk, Cloud Monitoring and Sentry to ensure Abode remains compliant for all security measures, people management, vulnerability management and keeping policies up to date. 

13. Measures for ensuring data minimization. 

  • Abode only collects Personal Data when relevant to the service provided. Abode does not include Personal Data in logging.

 

14. Measures for ensuring data quality. 

  • Personal Data is defined and edited by the user. Data that is imported through any integrations is customizable through the Abode platform.

15. Measures for ensuring limited data retention. 

  • Customer accounts and data shall be deleted within sixty (60) days of contract termination through manual data deletion processes.
  • Backups are removed after thirty (30) days.

 

16. Measures for ensuring accountability. 

  • Abode has policies in place that are reviewed and acknowledged annually by all employees. 
  • Abode maintains documentation for security and data processing measures.
  • All vendors who process data are reviewed for appropriate security measures before use.

17. Measures for allowing data portability and ensuring erasure. 

  • For candidates:
    • Data deletion can be done through their settings page and all information is deleted immediately.
    • Data request can also be done through their settings page in the platform and all information will be emailed.
  • For business users, data deletion can be done upon request or up to sixty (60) days after Agreement termination.  

18. For transfers to [sub]-processors, also describe the specific technical and organisational measures to be taken by the [sub]-processor to be able to provide assistance to the controller and, for transfers from a processor to a [sub]-processor, to the data exporter. 

When Abode engages a Subprocessor under this Addendum, Abode and the Subprocessor enter into an agreement with data protection terms substantially similar to those contained herein. Each Subprocessor agreement must ensure that Abode is able to meet its obligations to Customer. In addition to implementing technical and organisational measures to protect personal data, Subprocessors must a) notify Abode in the event of a Security Incident so Abode may notify Customer; b) delete data when instructed by Abode in accordance with Customer’s instructions to Abode; c) not engage additional Subprocessors without authorization; d) not change the location where data is processed; or e) not process data in a manner which conflicts with Customer’s instructions to Abode. 

SCHEDULE 3 

CROSS BORDER DATA TRANSFER MECHANISM 

1. Definitions 

a. “Standard Contractual Clauses” means the 2021 Standard Contractual Clauses approved by the European Commission in decision 2021/914. 

b. “UK IDTA” means the UK international data transfer addendum (Schedule 5).

 

2. UK IDTA.  For data transfers from the United Kingdom, the UK IDTA will be deemed entered into (and incorporated into this Addendum by reference) together with the Standard Contractual Clauses as set forth in Section 3 of this Schedule below.

3. The 2021 Standard Contractual Clauses. For data transfers from the EEA, the UK, and Switzerland that are subject to the Standard Contractual Clauses, the Standard Contractual Clauses will apply in the following manner: 

a. Module One (Controller to Controller) will apply where Customer is a controller of Service-Generated Data and/or Contact Data and Abode is a controller of Service-Generated Data and/or Contact Data. 

b. Module Two (Controller to Processor) will apply where Customer is a controller of Customer Data and Abode is a processor of Customer Data; 

c. For each Module, where applicable: 

(i) in Clause 7, the option docking clause will not apply; 

(ii) in Clause 9, Option 2 will apply, and the time period for prior notice of Subprocessor changes will be as set forth in Section 7 (Subprocessing) of this Addendum; 

(iii) in Clause 11, the optional language will not apply; 

(iv) in Clause 17 (Option 1), the 2021 Standard Contractual Clauses will be governed by Irish law. 

(v) in Clause 18(b), disputes will be resolved before the courts of Ireland; 

(vi) In Annex I, Part A: 

Data Exporter: Customer and authorized Affiliates of Customer. 

Contact Details: Customer’s account owner email address, or to the email address(es) for which Customer elects to receive privacy communications. 

Data Exporter Role: The Data Exporter’s role is outlined in Section 4 of this Addendum. 

Signature & Date: By entering into the Agreement, Data Exporter is deemed to have signed these Standard Contractual Clauses incorporated herein, including their Annexes, as of the Effective Date of the Agreement. 

Data Importer: Scholars, Inc. 

Contact Details: Abode Privacy – info@abodehr.com 

Data Importer Role: The Data Importer’s role is outlined in Section 4 of this Addendum. 

Signature & Date: By entering into the Agreement, Data Importer is deemed to have signed these Standard Contractual Clauses, incorporated herein, including their Annexes, as of the Effective Date of the Agreement. 

(vii) In Annex I, Part B: 

The categories of data subjects are described in Schedule 1, Section 4. 

The sensitive data transferred is described in Schedule 1, Section 6. 

The frequency of the transfer is a continuous basis for the duration of the Agreement. 

The nature of the processing is described in Schedule 1, Section 1. 

The purpose of the processing is described in Schedule 1, Section 1. 

The period of the processing is described in Schedule 1, Section 3. 

For transfers to Subprocessors, the subject matter, nature, and duration of the processing is outlined at https://www.abodehr.com/subprocessors.

(viii) In Annex I, Part C: The Irish Data Protection Commission will be the competent supervisory authority. 

(ix) Schedule 2 serves as Annex II of the Standard Contractual Clauses. 

4. As to the specific modules, the parties agree that the following modules apply, as the circumstances of the transfer may apply: 

Controller-Controller - Module One 

Controller-Processor - Module Two 

5. To the extent there is any conflict between the Standard Contractual Clauses or the UK IDTA and any other terms in this Addendum, including Schedule 4 (Jurisdiction Specific Terms), the provisions of the Standard Contractual Clauses or the UK IDTA, as applicable, will prevail. 

SCHEDULE 4 

JURISDICTION SPECIFIC TERMS 

1. California 

a. The definition of “Applicable Data Protection Law” includes the California Consumer Privacy Act and the California Privacy Rights Act (collectively, the “CCPA”). 

b. The terms “business”, “commercial purpose”, “service provider”, “sell.””share” and “personal information” have the meanings given in the CCPA. 

c. With respect to Customer Data, Abode is a service provider under the CCPA with the Customer as the business. 

d. Abode will not (a) sell or share Customer Data; (b) retain, use or disclose any Customer Data for any purpose other than for the specific purpose of providing the Service, including retaining, using or disclosing the Customer Data for a commercial purpose other than providing the Service; or (c) retain, use or disclose the Customer Data outside of the direct business relationship between Abode and Customer. 

e. The parties acknowledge and agree that the Processing of Customer Data authorized by Customer’s instructions described in Section 6 of this Addendum is integral to and encompassed by Abode’s provision of the Service and the direct business relationship between the parties. 

f. Notwithstanding anything in the Agreement or any Order Form entered in connection therewith, the parties acknowledge and agree that Abode’s access to Customer Data does not constitute part of the consideration exchanged by the parties in respect of the Agreement. 

g. To the extent that any Service-Generated Data is considered Personal Data and/or as to Contact Data, pursuant to the CCPA, Abode is the business under the CCPA with respect to such data and will Process such data in accordance with its Privacy Policy. 

h. Abode implements and maintains reasonable security and privacy practices appropriate to the nature of the personal information that it processes as set forth in section 8 of this Addendum.

2. EEA 

a. The definition of “Applicable Data Protection Laws” includes the General Data Protection Regulation (EU 2016/679) (“GDPR”). 

b. When Abode engages a Subprocessor under Section 7 (Subprocessing), it will: 

(i) require any appointed Subprocessor to protect Customer Data to the standard required by Applicable Data Protection Laws, such as including the same data protection obligations referred to in Article 28(3) of the GDPR, in particular providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of the GDPR; and 

(ii) require any appointed Subprocessor to agree in writing to only process data in a country that the European Union has declared to have an “adequate” level of protection; or to only process data on terms equivalent to the Standard Contractual Clauses. 

c. GDPR Penalties. Notwithstanding anything to the contrary in this Addendum or in the Agreement (including, without limitation, either party’s indemnification obligations), neither party will be responsible for any GDPR fines issued or levied under Article 83 of the GDPR against the other party by a regulatory authority or governmental body in connection with such other party’s violation of the GDPR. 

3. Switzerland 

a. The definition of “Applicable Data Protection Laws” includes the Swiss Federal Act on Data Protection. 

b. When Abode engages a Subprocessor under Section 7 (Subprocessing), it will 

(i) require any appointed Subprocessor to protect Customer Data to the standard required by Applicable Data Protection Laws, such as including the same data protection obligations referred to in Article 28(3) of the GDPR, in particular providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of the GDPR; and 

(ii) require any appointed Subprocessor to agree in writing to only process data in a country that the European Union has declared to have an “adequate” level of protection; or to only process data on terms equivalent to the Standard Contractual Clauses. 

4. United Kingdom 

a. References in this Addendum to GDPR will to that extent be deemed to be references to the corresponding laws of the United Kingdom (including the UK GDPR and Data Protection Act 2018). 

b. When Abode engages a Subprocessor under Section 7 (Subprocessing), it will: 

(i) require any appointed Subprocessor to protect Customer Data to the standard required by Applicable Data Protection Laws, such as including the same data protection obligations referred to in Article 28(3) of the GDPR, in particular providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of the GDPR; and 

(ii) require any appointed Subprocessor to agree in writing to only process data in a country that the European Union has declared to have an “adequate” level of protection; or to only process data on terms equivalent to the Standard Contractual Clauses and the UK IDTA.

5.  Australia

a. As the definition of “Applicable Data Protection Laws” includes the Australian Privacy Principles and the Australian Privacy Act (1988), the following applies:

(i) The definition of “Personal Data” includes “Personal Information” as defined under the Australian Privacy Principles and the Australian Privacy Act (1988).

(ii) The definition of “sensitive data” includes “Sensitive Information” as defined under the Australian Privacy Principles and the Australian Privacy Act (1988). 

6.   Canada

a. As the definition of “Applicable Data Protection Laws” includes the Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”), the following applies:

(i) Abode’s Subprocessors, as described in this Addendum, are third parties under the PIPEDA, with whom Abode has entered into a written contract that includes terms substantially similar to this Addendum. Abode has conducted appropriate due diligence on its Subprocessors.

(ii) Abode will implement technical and organizational measures as set forth in Schedule 2.

SCHEDULE 5

UK IDTA

This Addendum has been issued by the Information Commissioner for Parties making Restricted Transfers. The Information Commissioner considers that it provides Appropriate Safeguards for Restricted Transfers when it is entered into as a legally binding contract.

Part 1: Tables

Table 1: Parties

Start date

the Effective Date of the Agreement

The Parties

Exporter (who sends the Restricted Transfer)

Importer (who receives the Restricted Transfer)

Parties’ details

See the Agreement

Full legal name: Scholars, Inc.

Trading name (if different): Abode

Main address (if a company registered address): 1644 Platte St Suite 303, Denver, CO 80202

Official registration number (if any) (company number or similar identifier): Delaware, 6720504

Key Contact

See the Agreement

Contact details including email: info@abodehr.com

Signature (if required for the purposes of Section ‎2)

By entering into the Agreement, Exporter is deemed to have signed this Addendum.

By entering into the Agreement, Importer is deemed to have signed this Addendum.

Table 2: Selected SCCs, Modules and Selected Clauses

Addendum EU SCCs

The Approved EU SCCs, including the Appendix Information and with only the following modules, clauses or optional provisions of the Approved EU SCCs brought into effect for the purposes of this Addendum: 

See Schedule 3, Section 3.

Personal data received from the Importer may be combined with personal data collected by the Exporter.

Table 3: Appendix Information

Appendix Information” means the information which must be provided for the selected modules as set out in the Appendix of the Approved EU SCCs (other than the Parties), and which for this Addendum is set out in:

Annex 1A: List of Parties: See Table 1

Annex 1B: Description of Transfer: See Schedule 1

Annex II: Technical and organisational measures including technical and organisational measures to ensure the security of the data: See Schedule 2

Annex III: List of Sub processors (Modules 2 and 3 only): See https://www.abodehr.com/subprocessors

Table 4: Ending this Addendum when the Approved Addendum Changes

Ending this Addendum when the Approved Addendum changes

Which Parties may end this Addendum as set out in Section ‎19: Importer

Part 2: Mandatory Clauses

Entering into this Addendum
  1. Each Party agrees to be bound by the terms and conditions set out in this Addendum, in exchange for the other Party also agreeing to be bound by this Addendum.
  2. Although Annex 1A and Clause 7 of the Approved EU SCCs require signature by the Parties, for the purpose of making Restricted Transfers, the Parties may enter into this Addendum in any way that makes them legally binding on the Parties and allows data subjects to enforce their rights as set out in this Addendum. Entering into this Addendum will have the same effect as signing the Approved EU SCCs and any part of the Approved EU SCCs.

Interpretation of this Addendum 

  1. Where this Addendum uses terms that are defined in the Approved EU SCCs those terms shall have the same meaning as in the Approved EU SCCs. In addition, the following terms have the following meanings:

Addendum 

This International Data Transfer Addendum which is made up of this Addendum incorporating the Addendum EU SCCs.

Addendum EU SCCs

The version(s) of the Approved EU SCCs which this Addendum is appended to, as set out in Table 2, including the Appendix Information.

Appendix Information

As set out in Table ‎3.

Appropriate Safeguards

The standard of protection over the personal data and of data subjects’ rights, which is required by UK Data Protection Laws when you are making a Restricted Transfer relying on standard data protection clauses under Article 46(2)(d) UK GDPR.

Approved Addendum

The template Addendum issued by the ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section ‎18.

Approved EU SCCs 

The Standard Contractual Clauses set out in the Annex of Commission Implementing Decision (EU) 2021/914 of 4 June 2021.

ICO

The Information Commissioner.

Restricted Transfer

A transfer which is covered by Chapter V of the UK GDPR.

UK 

The United Kingdom of Great Britain and Northern Ireland.

UK Data Protection Laws 

All laws relating to data protection, the processing of personal data, privacy and/or electronic communications in force from time to time in the UK, including the UK GDPR and the Data Protection Act 2018.

UK GDPR 

As defined in section 3 of the Data Protection Act 2018.

  1. This Addendum must always be interpreted in a manner that is consistent with UK Data Protection Laws and so that it fulfils the Parties’ obligation to provide the Appropriate Safeguards. 
  2. If the provisions included in the Addendum EU SCCs amend the Approved SCCs in any way which is not permitted under the Approved EU SCCs or the Approved Addendum, such amendment(s) will not be incorporated in this Addendum and the equivalent provision of the Approved EU SCCs will take their place.
  3. If there is any inconsistency or conflict between UK Data Protection Laws and this Addendum, UK Data Protection Laws applies.
  4. If the meaning of this Addendum is unclear or there is more than one meaning, the meaning which most closely aligns with UK Data Protection Laws applies. 
  5. Any references to legislation (or specific provisions of legislation) means that legislation (or specific provision) as it may change over time. This includes where that legislation (or specific provision) has been consolidated, re-enacted and/or replaced after this Addendum has been entered into. 

Hierarchy 

  1. Although Clause 5 of the Approved EU SCCs sets out that the Approved EU SCCs prevail over all related agreements between the parties, the parties agree that, for Restricted Transfers, the hierarchy in Section ‎10 will prevail.
  2. Where there is any inconsistency or conflict between the Approved Addendum and the Addendum EU SCCs (as applicable), the Approved Addendum overrides the Addendum EU SCCs, except where (and in so far as) the inconsistent or conflicting terms of the Addendum EU SCCs provides greater protection for data subjects, in which case those terms will override the Approved Addendum.
  3. Where this Addendum incorporates Addendum EU SCCs which have been entered into to protect transfers subject to the General Data Protection Regulation (EU) 2016/679 then the Parties acknowledge that nothing in this Addendum impacts those Addendum EU SCCs.

Incorporation of and changes to the EU SCCs

  1. This Addendum incorporates the Addendum EU SCCs which are amended to the extent necessary so that:
  1. together they operate for data transfers made by the data exporter to the data importer, to the extent that UK Data Protection Laws apply to the data exporter’s processing when making that data transfer, and they provide Appropriate Safeguards for those data transfers; 
  2. Sections ‎9 to ‎11 override Clause 5 (Hierarchy) of the Addendum EU SCCs; and
  3. this Addendum (including the Addendum EU SCCs incorporated into it) is (1) governed by the laws of England and Wales and (2) any dispute arising from it is resolved by the courts of England and Wales, in each case unless the laws and/or courts of Scotland or Northern Ireland have been expressly selected by the Parties.
  1. Unless the Parties have agreed alternative amendments which meet the requirements of Section ‎12, the provisions of Section ‎15 will apply.
  2. No amendments to the Approved EU SCCs other than to meet the requirements of Section ‎12 may be made.
  3. The following amendments to the Addendum EU SCCs (for the purpose of Section ‎12) are made: 
  1. References to the “Clauses” means this Addendum, incorporating the Addendum EU SCCs;
  2. In Clause 2, delete the words:

“and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679”;

  1. Clause 6 (Description of the transfer(s)) is replaced with:

“The details of the transfers(s) and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred) are those specified in Annex I.B where UK Data Protection Laws apply to the data exporter’s processing when making that transfer.”;

  1. Clause 8.7(i) of Module 1 is replaced with:

“it is to a country benefiting from adequacy regulations pursuant to Section 17A of the UK GDPR that covers the onward transfer”;

  1. Clause 8.8(i) of Modules 2 and 3 is replaced with:

“the onward transfer is to a country benefiting from adequacy regulations pursuant to Section 17A of the UK GDPR that covers the onward transfer;”

  1. References to “Regulation (EU) 2016/679”, “Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)” and “that Regulation” are all replaced by “UK Data Protection Laws”. References to specific Article(s) of “Regulation (EU) 2016/679” are replaced with the equivalent Article or Section of UK Data Protection Laws;
  2. References to Regulation (EU) 2018/1725 are removed;
  3. References to the “European Union”, “Union”, “EU”, “EU Member State”, “Member State” and “EU or Member State” are all replaced with the “UK”;
  4. The reference to “Clause 12(c)(i)” at Clause 10(b)(i) of Module one, is replaced with “Clause 11(c)(i)”;
  5. Clause 13(a) and Part C of Annex I are not used; 
  6. The “competent supervisory authority” and “supervisory authority” are both replaced with the “Information Commissioner”;
  7. In Clause 16(e), subsection (i) is replaced with:

“the Secretary of State makes regulations pursuant to Section 17A of the Data Protection Act 2018 that cover the transfer of personal data to which these clauses apply;”;

  1. Clause 17 is replaced with:

“These Clauses are governed by the laws of England and Wales.”;

  1. Clause 18 is replaced with:

“Any dispute arising from these Clauses shall be resolved by the courts of England and Wales. A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts of any country in the UK. The Parties agree to submit themselves to the jurisdiction of such courts.”; and

  1. The footnotes to the Approved EU SCCs do not form part of the Addendum, except for footnotes 8, 9, 10 and 11. 

Amendments to this Addendum 

  1. The Parties may agree to change Clauses 17 and/or 18 of the Addendum EU SCCs to refer to the laws and/or courts of Scotland or Northern Ireland.
  2. If the Parties wish to change the format of the information included in Part 1: Tables of the Approved Addendum, they may do so by agreeing to the change in writing, provided that the change does not reduce the Appropriate Safeguards.
  3. From time to time, the ICO may issue a revised Approved Addendum which: 
  1. makes reasonable and proportionate changes to the Approved Addendum, including correcting errors in the Approved Addendum; and/or
  2. reflects changes to UK Data Protection Laws;

The revised Approved Addendum will specify the start date from which the changes to the Approved Addendum are effective and whether the Parties need to review this Addendum including the Appendix Information. This Addendum is automatically amended as set out in the revised Approved Addendum from the start date specified. 

  1. If the ICO issues a revised Approved Addendum under Section ‎18, if any Party selected in Table 4 “Ending the Addendum when the Approved Addendum changes”, will as a direct result of the changes in the Approved Addendum have a substantial, disproportionate and demonstrable increase in: 
    1. its direct costs of performing its obligations under the Addendum; and/or 
    2. its risk under the Addendum, 

and in either case it has first taken reasonable steps to reduce those costs or risks so that it is not substantial and disproportionate, then that Party may end this Addendum at the end of a reasonable notice period, by providing written notice for that period to the other Party before the start date of the revised Approved Addendum.

  1. The Parties do not need the consent of any third party to make changes to this Addendum, but any changes must be made in accordance with its terms.

Alternative Part 2 Mandatory Clauses:

Mandatory Clauses

Part 2: Mandatory Clauses of the Approved Addendum, being the template Addendum B.1.0 issued by the ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section ‎‎18 of those Mandatory Clauses.

PRODUCT
Early-Career Experience
Employer Experience
OUR CUSTOMERS
Case Studies
Testimonials
RESOURCES
Blogs
Guides
Podcast
GET IN TOUCH
Schedule a Demo
Contact Us
LinkedIn
COMPANY
Why Abode?
Careers
Copyright © 2021-2025 Scholars, Inc.
Privacy Policy
Terms
DMCA Policy
Security