Terms & Conditions
Terms of ServiceEnd User License Agreement (EULA)Acceptable Use Policy (AUP)Data Processing Addendum (DPA)Marketing Affiliate Program AgreementEarnings & Results DisclaimerPrivacy
Privacy PolicyCookie PolicyThird Party Sub-ProcessorsData Subject Request (DSAR)Last Updated: December 24, 2024
This Data Processing Addendum (“DPA”) forms part of the Cometly Terms of Service or other agreement governing the use of Cometly (“Agreement”) entered into by and between Comet LLC d/b/a Cometly (“Cometly,” “Processor,” “we,” “us,” or “our”) and you, the Client (“you,” “your,” “Controller,” or “Customer”). This DPA outlines the terms under which Cometly processes Personal Data on behalf of the Customer in accordance with applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA), and the California Privacy Rights Act (CPRA).
By using our Services, you accept this DPA and represent and warrant that you have full authority to bind your organization to it. If you cannot or do not agree to be bound by this DPA, do not provide Personal Data to us.
You must ensure that you have all necessary consents or other lawful bases to collect and provide Personal Data to Cometly for processing under this DPA.
You shall not supply Cometly with sensitive or special categories of Personal Data unless expressly agreed in writing and in full compliance with applicable Data Protection Laws.
You are responsible for the accuracy, quality, and legality of Personal Data and the means by which you acquired it.
You shall comply with all applicable Data Protection Laws in your use of the Services, including obligations related to data subject rights, data security, and data breach notifications.
Consent Management Responsibilities:
Cometly ensures that individuals authorized to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
Cometly implements and maintains industry-standard technical and organizational measures to protect Personal Data against unauthorized or unlawful processing and against accidental loss, destruction, damage, alteration, or disclosure. These measures include, but are not limited to:
Cometly will provide assistance, as feasible, to help you respond to requests from Data Subjects to exercise their rights under applicable Data Protection Laws (e.g., access, rectification, erasure, restriction of processing, data portability, objection).
In the event of a Personal Data Breach, Cometly will notify you without undue delay and, where feasible, no later than 72 hours after becoming aware of the breach. The notification will include:
Upon termination of the Agreement, Cometly will, at your choice, delete or return all Personal Data processed on your behalf, and delete existing copies unless retention is required by applicable law. If deletion is not feasible, Cometly will restrict further processing of the Personal Data.
Cometly may engage Sub-Processors to provide certain functionalities (e.g., hosting, analytics, payment processing) that require processing of Personal Data, subject to the terms of our Privacy Policy and Third-Party Sub-Processors list.
Cometly maintains an up-to-date list of Sub-Processors used for data processing on your behalf, available at: https://www.cometly.com/sub-processors. We will notify you of any new Sub-Processors at least 30 days prior to their engagement via email or in-app notice. You have the right to object to the use of a new Sub-Processor by providing a written objection within this period. If we cannot reasonably accommodate your objection, you may terminate this Agreement under Section 9.3 Termination by Customer.
Obligations of Sub-Processors: Cometly ensures that Sub-Processors are bound by written agreements that impose data protection obligations no less protective than those contained in this DPA. Cometly remains fully liable to you for the performance of Sub-Processors’ obligations.
Cometly processes and stores Personal Data primarily in the United States. For Personal Data originating from the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, Cometly ensures that such transfers are conducted in accordance with applicable Data Protection Laws. This includes utilizing Standard Contractual Clauses (SCCs) approved by the European Commission or the UK Addendum, as applicable.
Supplementary Measures: Cometly implements additional safeguards to ensure an equivalent level of protection as required under GDPR, including encryption, pseudonymization, and data minimization.
Controller’s Responsibilities: If required by applicable law, you are responsible for notifying and obtaining consent from your end users regarding data transfers and ensuring compliance with local jurisdictional requirements.
Upon reasonable request, Cometly will make available information necessary to demonstrate compliance with this DPA, including third-party certifications, summaries of security measures, and relevant policies.
Further audits may be conducted in accordance with the terms and frequency specified in the Agreement or as required by law. Such audits will be performed by an independent auditor at Cometly’s expense, provided that the audit scope is reasonable and does not unreasonably interfere with Cometly’s business operations.
The liability provisions in the Agreement apply to this DPA unless prohibited by law. To the extent permitted by law, Cometly’s total aggregate liability under this DPA shall not exceed the amounts paid or payable by you to Cometly for the Services in the twelve (12) months immediately preceding the claim.
(a) IF YOU HAVE NOT PAID ANY AMOUNTS TO COMETLY IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE CLAIM, COMETLY’S LIABILITY SHALL BE LIMITED TO $10,000.
The remedies set forth in this DPA are the sole and exclusive remedies available to the parties for any breach of this DPA.
This DPA remains in effect as long as Cometly processes Personal Data on your behalf under the Agreement.
This DPA is governed by and construed in accordance with the laws specified in the Agreement. Any disputes arising under this DPA shall be resolved in accordance with the dispute resolution provisions of the Agreement.
Cometly may update this DPA from time to time to reflect changes in data protection practices or legal requirements. If the changes are material, Cometly will notify you via email or through your account dashboard. Continued use of the Services after such changes constitutes your acceptance of the updated DPA.
In the event of any conflict between this DPA and the Agreement, this DPA shall prevail solely with respect to the processing of Personal Data.
If any provision of this DPA is held invalid or unenforceable, the remaining provisions shall remain in full force and effect.
Neither party may assign or transfer this DPA without the prior written consent of the other party, except to a successor in connection with a merger, acquisition, or sale of all or substantially all assets.
This DPA, together with the Agreement, constitutes the entire agreement between the parties regarding the processing of Personal Data and supersedes any prior agreements or understandings, whether written or oral, related to such processing.
If you have any questions about this DPA or wish to obtain a signed copy, please contact us at:
Comet LLC d/b/a Cometly
41 University Drive
Suite 400
Newtown, Pennsylvania 18940
United States
Email: support@cometly.com
.svg)
Ad tracking & optimization.
.svg)
.svg)
.svg)
.svg)
