Orange County NC Website
<br />Submittable Customer Terms of Service <br />v1.4 <br /> Page 17 of 28 <br />12.3.1. upon Customer’s reasonable request, and subject to the confidentiality obligations set forth in <br />the TOS, Submittable shall make available to Customer (or Customer’s independent, third-party <br />auditor that is not a competitor of Submittable and that has signed nondisclosure agreement <br />reasonably acceptable to Submittable) information regarding Submittable’s compliance with the <br />obligations set forth in this DPA; <br />12.3.2. following any notice by Submittable to Customer of a Security Breach or unauthorized disclosure <br />of Personal Information, upon Customer’s reasonable belief that Submittable is in breach of its <br />obligations in respect of protection of Personal Information under this DPA, or if such audit is <br />required by Customer’s Supervisory Authority, Customer may contact S ubmittable in <br />accordance with the “Notice” Section of this DPA to request an audit at Submittable’s premises <br />of the procedures relevant to the protection of Personal Information; <br />12.3.3. any such request shall occur no more than once annually, unless the audit is required by <br />applicable law or a Supervisory Authority; <br />12.3.4. each Party shall bear its own audit costs and expenses; <br />12.3.5. before the commencement of any such on-site audit, Customer and Submittable shall mutually <br />agree upon the scope, timing, and duration of the audi t; and <br />12.3.6. Customer shall promptly notify Submittable with information regarding any non-compliance <br />discovered during the course of an audit. <br />13. Scope Modifications. In the event a Party’s compliance with Privacy and Data Protection Requirements requires <br />the imposition of different or additional contractual obligations under this DPA, both Parties shall in good faith seek to amend <br />this DPA in order to address the requirements under Privacy and Data Protection Requirements. In the event the Parties <br />fail to reach an agreement on an amendment to this DPA, Submittable may unilaterally amend this DPA to conform to the <br />minimum additional requirements imposed by any Privacy and Data Protection Requirement without notice to Customer <br />and without Customer’s consent. <br />14. Term and Termination. <br />14.1. This DPA will remain in full force and effect so long as: (1) the TOS remains in effect; or (2) Submittable <br />retains any Personal Information related to the TOS in its possession or control (the “DPA Term”). <br />14.2. Any provision of this DPA that expressly or by implication should come into or continue in force on or after <br />the termination of the TOS or this DPA in order to protect Personal Information will remain in full force and <br />effect. <br />15. Data Return and Destruction. <br />15.1. During the TOS Term and for thirty (30) days after, at Customer’s request, and as applicable law allows, <br />Submittable shall allow Customer to download from the Services all or part of Customer’s Personal <br />Information in its possession or control. <br />15.2. Subject to the preceding paragraph, on termination of the TOS for any reason or expiration of its Term, <br />Submittable will destroy or, if directed in writing by Customer, return and not retain, all or any Personal <br />Information related to the TOS in its possession or control, except for one (1) copy that it may retain offline <br />in backup storage for only the period of time required by tax, audit, compliance, or other legally mandated <br />functions, and for which Submittable has obtained an appropriate electronic consent by the End User who <br />owns the Personal Information allowing Submittable to retain such Personal Information. <br />15.3. If any law, regulation, or government or regulatory body requires Submittable to retain any documents or <br />materials that Submittable would otherwise be required to return or destroy, it w ill notify Customer in writing <br />of that retention requirement, giving details of the documents or materials that it must retain, the legal basis <br />for retention, and establishing a specific timeline for destruction once the retention requirement ends. <br />Submittable may only use this retained Personal Information for the required retention reason or audit <br />purposes. <br />15.4. On written request, Submittable will certify in writing that it has logically destroyed the Personal Information <br />within thirty (30) after it completes its destruction obligations under this DPA. <br /> <br /> <br />DocuSign Envelope ID: 367666E5-0A49-40C9-BFB5-74D495BAB8F1