Legal

Terms of Service

THIS AGREEMENT GOVERNS YOUR ACQUISITION AND USE OF OUR SERVICES.

IF YOU REGISTER FOR A FREE TRIAL FOR OUR SERVICES, THIS AGREEMENT WILL ALSO GOVERN THAT FREE TRIAL.

BY ACCEPTING THIS AGREEMENT, EITHER BY CLICKING A BOX INDICATING YOUR ACCEPTANCE OR BY EXECUTING AN ORDER FORM THAT REFERENCES THIS AGREEMENT, YOU AGREE TO THE TERMS OF THIS AGREEMENT.

IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS AND CONDITIONS, IN WHICH CASE THE TERMS “YOU” OR “YOUR” SHALL REFER TO SUCH ENTITY AND ITS AFFILIATES. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS, YOU MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE SERVICES.

You may not access any of Our services if You are Our direct competitor, except with Our prior written consent. In addition, You may not access the Services for purposes of monitoring their availability, performance or functionality, or for any other benchmarking or competitive purposes.

This Agreement was last updated on January 17, 2018. It is effective between You and Us as of the date of You accepting this Agreement.

1. DEFINITIONS

“Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

“Agreement” means this Subscription Agreement.

“Alpha Services” or “Beta Services” each mean Services that are not generally available to customers.

“Content” means information obtained by Us from Our content licensors or publicly available sources and provided to You pursuant to an Order Form, as more fully described in the Documentation.

“Documentation” means Our online user guides, documentation, and help and training materials, as updated from time to time, accessible via propared.com or login to the applicable Service.

“Free Services” means the products and Services that are ordered by You and made available online by Us for free, including associated offline components, as described in the Documentation. “Free Services” exclude Purchased Services, Content and Non-Propared.com Applications.

“Malicious Code” means code, files, scripts, agents or programs intended to do harm, including, for example, viruses, worms, time bombs and Trojan horses.

“Marketplace” means an online directory, catalog or marketplace of applications that interoperate with the Services.

“Non-Propared.com Applications” means a web-based or offline software application that is provided by You or a third party and interoperates with a Service, including, for example, an application that is developed by or for You, is listed on a Marketplace, or is identified by Us as such.

“Order Form” means an ordering document specifying the Services to be provided hereunder that is entered into between You and Us or any of Our Affiliates, including any addenda and supplements thereto. By entering into an Order Form hereunder, an Affiliate agrees to be bound by the terms of this Agreement as if it were an original party hereto.

“Purchased Services” means Services that You or Your Affiliate purchase under an Order Form, as distinguished from those provided pursuant to a free trial.

“Services” means the products and services that are ordered by You under a free trial or an Order Form and made available online by Us, including associated offline components, as described in the Documentation. “Services” exclude Content and Non-Propared.com Applications.

“Subscription” means a subscription for use of any Service.

“User” means an individual who registers to use a Service, or who is authorized by You to use a Service on Your behalf, each having a user identification and password. Users may include, for example, Your employees, consultants, contractors and agents, and third parties with which You transact business.

“We,” “Us” or “Our” means the Propared LLC, a Colorado limited liability company.

“You” or “Your” means the person or company or other legal entity for which you are accepting this Agreement, and Affiliates of that company or entity.

“Your Data” means electronic data and information submitted by or for You to Services or collected and processed by or for You using the Services or Purchased Services, excluding Content and Non-Propared.com Applications.

2. FREE TRIAL

If You register on our website for a free trial, We will make one or more Services available to You on a trial basis free of charge until the earlier of (a) the end of the free trial period for which you registered to use the applicable Service(s), or (b) the start date of any Purchased Service Subscriptions ordered by You for such Service(s). Additional trial terms and conditions may appear on the registration web page for such Services. Any such additional terms and conditions are incorporated into this Agreement by reference and are legally binding. If you do not purchase a Subscription to the same services as those covered by the trial, we reserve the right to, among other things, restrict the functionality of the Services or otherwise restrict your access to the Services entirely.

NOTWITHSTANDING SECTION 9 (REPRESENTATIONS, WARRANTIES, EXCLUSIVE REMEDIES AND DISCLAIMERS), DURING THE FREE TRIAL THE SERVICES ARE PROVIDED “AS-IS” WITHOUT ANY WARRANTY.

Please review the user guides provided during the trial period so that You become familiar with the features and functions of the Services before You make Your purchase.

3. OUR RESPONSIBILITIES

3.1. Provision of Purchased Services.
We will (a) make the Services and Content available to You pursuant to this Agreement and the applicable Order Forms, (b) provide Our standard support for the Purchased Services to You at no additional charge, and/or upgraded support to the extent offered by Us and if purchased by You, and (c) use commercially reasonable efforts to make the online Purchased Services available 24 hours a day, 7 days a week, except for: (i) planned downtime (of which We shall give at least 8 hours electronic notice and which We shall schedule to the extent practicable during the hours between midnight and 5:00am eastern standard time), and (ii) any unavailability caused by circumstances beyond Our reasonable control, including, for example, an act of God, act of government, flood, fire, earthquake, civil unrest, act of terror, strike or other labor problem (other than one involving Our employees), Internet service provider failure or delay, Non-Propared.com Application, or denial of service attack.

3.2. Protection of Your Data.
We will maintain administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Your Data, including as is described in our Privacy Policy, which is incorporated herein by reference. Those safeguards will include, but will not be limited to, measures for preventing access, use, modification or disclosure of Your Data by Our personnel except (a) to provide the Services and prevent or address service or technical problems, (b) as compelled by law in accordance with Section 8.3 (Compelled Disclosure) below, or (c) as You expressly permit in writing.

Unless you purchase a Purchased Service, You may not be able to migrate Your data from a Free Service to a Purchased Service.

AT THE CONCLUSION OF A FREE TRIAL, OR WITH RESPECT TO YOUR USE OF FREE SERVICES, IN THE EVEN THAT YOU DO NOT LOGIN TO YOUR ACCOUNT FOR A PERIOD OF 30 DAYS, WE RESERVE THE RIGHT TO PERMANENTLY DELETE ANY DATA YOU ENTER INTO THE SERVICES, AND ANY CUSTOMIZATIONS MADE TO THE SERVICES BY OR FOR YOU UNLESS YOU PURCHASE A SUBSCRIPTION TO THE SAME SERVICES AS THOSE COVERED BY THE FREE TRIAL, OR PURCHASE UPGRADED SERVICES.

3.3 Our Personnel.
We will be responsible for the performance of Our personnel (including Our employees and contractors) and their compliance with Our obligations under this Agreement, except as otherwise specified herein.

3.4 Alpha & Beta Services.
From time to time, We may invite You to try Alpha or Beta Services at no charge or for a discounted rate. You may accept or decline any such trial in Your sole discretion. Alpha or Beta Services will be clearly designated as alpha, beta, pilot, limited release, developer preview, non-production, evaluation or by a description of similar import. Alpha and Beta Services are for evaluation purposes and not for production use, are not considered “Services” under this Agreement, are not supported, and may be subject to additional terms. Unless otherwise stated, any Alpha and Beta Services trial period will expire upon the earlier of one year from the trial start date or the date that a version of the Alpha or Beta Services becomes generally available. We may discontinue Alpha or Beta Services at any time in Our sole discretion and may never make them generally available. We will have no liability for any harm or damage arising out of or in connection with an Alpha or Beta Service.

3.5 Free Services.
We may offer Free Services at no charge. You may accept or decline any such Free Services in Your sole discretion. Free Services will be clearly designated as such. Free Services are not considered “Services” under this Agreement, are not supported, and may be subject to additional terms. We may discontinue Free Services at any time in Our sole discretion and may never make them generally available. We will have no liability for any harm or damage arising out of or in connection with a Free Service.

WE WILL USE REASONABLE EFFORTS, IN OUR SOLE DISCRETION, TO PROVIDE YOU WITH ADVANCE NOTICE VIA EMAIL IN THE EVENT WE INTEND TO DISCONTINUE FREE SERVICES.

NOTWITHSTANDING SECTION 9 (REPRESENTATIONS, WARRANTIES, EXCLUSIVE REMEDIES AND DISCLAIMERS), THE FREE SERVICES ARE PROVIDED “AS-IS” WITHOUT ANY WARRANTY.

4. USE OF SERVICES AND CONTENT

4.1 Subscriptions.
Unless otherwise provided in the applicable Order Form, (a) Services and Content are purchased as Subscriptions, (b) Subscriptions may be added during a Subscription term at the same pricing as the underlying Subscription pricing, prorated for the portion of that Subscription term remaining at the time the Subscriptions are added, and (c) any added Subscriptions will terminate on the same date as the underlying Subscriptions.

4.2 Usage Limits.
Free Services, Services, Purchased Services and Content may be subject to usage limits, including, for example, the quantities specified in Order Forms. Unless otherwise specified, (a) a quantity in an Order Form refers to Users, and the Free Service, Service, Purchased Service or Content may not be accessed by more than that number of Users, (b) a User’s password may not be shared with any other individual, and (c) a User identification may be reassigned to a new individual replacing one who no longer requires ongoing use of the Free Service, Service, Purchased Service or Content. If You exceed a contractual usage limit, We may work with You to seek to reduce Your usage so that it conforms to that limit. If, notwithstanding Our efforts, You are unable or unwilling to abide by a contractual usage limit, You will execute an Order Form for additional quantities of the applicable Free Service, Service, Purchased Service or Content promptly upon Our request, and/or pay any invoice for excess usage in accordance with Section 6.2 (Invoicing and Payment).

4.3 Your Responsibilities.
You will (a) be responsible for Users’ compliance with this Agreement, (b) be responsible for the accuracy, quality and legality of Your Data and the means by which You acquired Your Data, (c) use commercially reasonable efforts to prevent unauthorized access to or use of Services and Content, and notify Us promptly of any such unauthorized access or use, (d) use Services and Content only in accordance with the Documentation and applicable laws and government regulations, and (e) comply with terms of service of Non-Propared.com Applications with which You use a Free Service, Service, Purchased Service or Content.

4.4 Usage Restrictions.
You will not (a) make any Free Service, Service, Purchased Service or Content available to, or use any Service or Content for the benefit of, anyone other than You or Users, (b) sell, resell, license, sublicense, distribute, rent or lease any Free Service, Service, Purchased Service or Content, or include any Free Service, Service, Purchased Service or Content in a service bureau or outsourcing offering, (c) use a Free Service, Service, Purchased Service or Content to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy rights, (d) use a Free Service, Service, Purchased Service or Content to store or transmit Malicious Code, (e) interfere with or disrupt the integrity or performance of any Service or third-party data contained therein, (f) attempt to gain unauthorized access to any Free Service, Service, Purchased Service or Content or its related systems or networks, (g) permit direct or indirect access to or use of any Free Service, Service, Purchased Service or Content in a way that circumvents a contractual usage limit, (h) copy a Service or any part, feature, function or user interface thereof, (i) copy Content except as permitted herein or in an Order Form or the Documentation, (j) frame or mirror any part of any Free Service, Service, Purchased Service or Content, (k) access any Free Service, Service, Purchased Service or Content in order to build a competitive product or service, or (l) reverse engineer any Free Service, Service, Purchased Service (to the extent such restriction is permitted by law).

4.5. Removal of Content and Non-Propared.com Applications.
If We are required by a licensor to remove Content, or receive information that Content provided to You may violate applicable law or third-party rights, We may so notify You and in such event You will promptly remove such Content from Your systems. If We receive information that a Non-Propared.com Application hosted on a Free Service, Service or Purchased Service by You may violate our policies, applicable law or third-party rights, We may so notify You and in such event You will promptly disable such Non-Propared.com Application or modify the Non-Propared.com Application to resolve the potential violation. If You do not take required action in accordance with the above, We may disable the applicable Free Service, Service, Purchased Service, Content and/or Non-Propared.com Application until the potential violation is resolved.

5. NON-PROPARED.COM PROVIDERS

5.1. Acquisition of Non-Propared.com Products and Services.
We or third parties may make available (for example, through a Marketplace or otherwise) third-party products or services, including, for example, Non-Propared.com Applications and implementation and other consulting services. Any acquisition by You of such Non-Propared.com products or services, and any exchange of data between You and any Non-Propared.com provider, is solely between You and the applicable Non-Propared.com provider. We do not warrant or support Non-Propared.com Applications or other Non-Propared.com products or services, whether or not they are designated by Us as “certified” or otherwise, except as specified in an Order Form.

5.2. Non-Propared.com Applications and Your Data.
If You install or enable a Non-Propared.com Application for use with a Free Service, Service, Purchased Service or Content, You grant Us permission to allow the provider of that Non-Propared.com Application to access Your Data as required for the interoperation of that Non-Propared.com Application with the Service. We are not responsible for any disclosure, modification or deletion of Your Data resulting from access by a Non-Propared.com Application.

5.3. Integration with Non-Propared.com Applications.
The Free Services, Services, Purchased Services or Content may contain features designed to interoperate with Non-Propared.com Applications. To use such features, You may be required to obtain access to Non-Propared.com Applications from their providers, and may be required to grant Us access to Your account(s) on the Non-Propared.com Applications. If the provider of a Non-Propared.com Application ceases to make the Non-Propared.com Application available for interoperation with the corresponding service features on reasonable terms, We may cease providing those service features without entitling You to any refund, credit, or other compensation.

6. FEES AND PAYMENT FOR PURCHASED SERVICES

6.1. Fees. You will pay all fees specified in Order Forms.
Except as otherwise specified herein or in an Order Form, (i) fees are based on services and Content purchased and not actual usage, (ii) payment obligations are non-cancelable and fees paid are non-refundable, and (iii) quantities purchased cannot be decreased during the relevant Subscription term.

6.2. Invoicing and Payment.
You will provide Us with valid and updated credit card information. If You provide credit card information to Us, You authorize Us to charge such credit card for all Purchased Services listed in the Order Form for the initial Subscription term and any renewal Subscription term(s) as set forth in Section 12.2 (Term of Purchased Subscriptions). Such charges shall be made in advance, either annually or in accordance with any different billing frequency stated in the applicable Order Form. If the Order Form specifies that payment will be by a method other than a credit card, We will invoice You in advance and otherwise in accordance with the relevant Order Form. Unless otherwise stated in the Order Form, invoiced charges are due net 30 days from the invoice date. You are responsible for providing complete and accurate billing and contact information to Us and notifying Us of any changes to such information.

6.3. Overdue Charges.
If any invoiced amount is not received by Us by the due date, then without limiting Our rights or remedies, (a) those charges may accrue late interest at the rate of 1.5% of the outstanding balance per month, or the maximum rate permitted by law, whichever is lower, and/or (b) We may condition future Subscription renewals and Order Forms on payment terms shorter than those specified in Section 6.2 (Invoicing and Payment).

6.4. Suspension of Service and Acceleration.
If any amount owing by You under this or any other agreement for Our services is 30 or more days overdue (or 10 or more days overdue in the case of amounts You have authorized Us to charge to Your credit card), We may, without limiting Our other rights and remedies, accelerate Your unpaid fee obligations under such agreements so that all such obligations become immediately due and payable, and suspend Our services to You until such amounts are paid in full. We will give You at least 10 days’ prior notice that Your account is overdue, in accordance with Section 13.2 (Manner of Giving Notice), before suspending services to You.

6.5. Payment Disputes.
We will not exercise Our rights under Section6.3 (Overdue Charges) or 6.4 (Suspension of Service and Acceleration) above if You are disputing the applicable charges reasonably and in good faith and are cooperating diligently to resolve the dispute.

6.6. Taxes.
Our fees do not include any taxes, levies, duties or similar governmental assessments of any nature, including, for example, value-added, sales, use or withholding taxes, assessable by any jurisdiction whatsoever (collectively, “Taxes”). You are responsible for paying all Taxes associated with Your purchases hereunder. If We have the legal obligation to pay or collect Taxes for which You are responsible under this Section 6.6, We will invoice You and You will pay that amount unless You provide Us with a valid tax exemption certificate authorized by the appropriate taxing authority. For clarity, We are solely responsible for taxes assessable against Us based on Our income, property and employees.

6.7. Future Functionality.
You agree that Your purchases are not contingent on the delivery of any future functionality or features, or dependent on any oral or written public comments made by Us regarding future functionality or features.

7. PROPRIETARY RIGHTS AND LICENSES

7.1. Reservation of Rights.
Subject to the limited rights expressly granted hereunder, We and Our licensors reserve all of Our/their right, title and interest in and to the Free Services, Services, Purchased Services or Content, including all of Our/their related intellectual property rights. No rights are granted to You hereunder other than as expressly set forth herein.

7.2. License by Us to Use Content.
We grant to You a worldwide, limited-term license, under Our applicable intellectual property rights and licenses, to use Content acquired by You pursuant to Order Forms, subject to those Order Forms, this Agreement and the Documentation.

7.3. License by You to Host Your Data and Applications.
You grant Us and Our Affiliates a worldwide, limited-term license to host, copy, transmit and display Your Data, and any Non-Propared.com Applications and program code created by or for You using a Free Service, Service, Purchased Service, as necessary for Us to provide the services in accordance with this Agreement. Subject to the limited licenses granted herein, We acquire no right, title or interest from You or Your licensors under this Agreement in or to Your Data or any Non-Propared.com Application or program code.

7.4. License by You to Use Feedback.
You grant to Us and Our Affiliates a worldwide, perpetual, irrevocable, royalty-free license to use and incorporate into the Free Services, Services, Purchased Services or Content any suggestion, enhancement request, recommendation, correction or other feedback provided by You or Users relating to the operation of such services.

8. CONFIDENTIALITY

8.1. Definition of Confidential Information.
“Confidential Information” means all information disclosed by a party (“Disclosing Party”) to the other party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. Your Confidential Information includes Your Data; Our Confidential Information includes the Free Services, Services, Purchased Services and Content; and Confidential Information of each party includes the terms and conditions of this Agreement and all Order Forms (including pricing), as well as business and marketing plans, technology and technical information, product plans and designs, and business processes disclosed by such party. However, Confidential Information does not include any information that (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party, (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party, (iii) is received from a third party without breach of any obligation owed to the Disclosing Party, or (iv) was independently developed by the Receiving Party.

8.2. Protection of Confidential Information.
The Receiving Party will use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but not less than reasonable care) (i) not to use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement, and (ii) except as otherwise authorized by the Disclosing Party in writing, to limit access to Confidential Information of the Disclosing Party to those of its and its Affiliates’ employees and contractors who need that access for purposes consistent with this Agreement and who have signed confidentiality agreements with the Receiving Party containing protections no less stringent than those herein. Neither party will disclose the terms of this Agreement or any Order Form to any third party other than its Affiliates, legal counsel and accountants without the other party’s prior written consent, provided that a party that makes any such disclosure to its Affiliate, legal counsel or accountants will remain responsible for such Affiliate’s, legal counsel’s or accountant’s compliance with this Section 8.2.

8.3. Compelled Disclosure.
The Receiving Party may disclose Confidential Information of the Disclosing Party to the extent compelled by law to do so, provided the Receiving Party gives the Disclosing Party prior notice of the compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party’s cost, if the Disclosing Party wishes to contest the disclosure. If the Receiving Party is compelled by law to disclose the Disclosing Party’s Confidential Information as part of a civil proceeding to which the Disclosing Party is a party, and the Disclosing Party is not contesting the disclosure, the Disclosing Party will reimburse the Receiving Party for its reasonable cost of compiling and providing secure access to that Confidential Information.

9. REPRESENTATIONS, WARRANTIES, EXCLUSIVE REMEDIES AND DISCLAIMERS

9.1.Representations.
Each party represents that it has validly entered into this Agreement and has the legal power to do so.

9.2. Our Warranties.
We warrant that this Agreement, the Order Forms and the Documentation accurately describe the applicable administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Your Data. For any breach of an above warranty, Your exclusive remedies are those described in Sections 12.3 (Termination) and 12.4 (Refund or Payment upon Termination).

9.3. Disclaimers.
EXCEPT AS EXPRESSLY PROVIDED HEREIN, NEITHER PARTY MAKES ANY WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND EACH PARTY SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. CONTENT ALPHA AND BETA SERVICES ARE PROVIDED “AS IS,” EXCLUSIVE OF ANY WARRANTY WHATSOEVER. EACH PARTY DISCLAIMS ALL LIABILITY AND INDEMNIFICATION OBLIGATIONS FOR ANY HARM OR DAMAGES CAUSED BY ANY THIRD-PARTY HOSTING PROVIDERS.

10. INDEMNIFICATION

10.1. Indemnification by You.
You will defend Us against any claim, demand, suit or proceeding made or brought against Us by a third party alleging that Your Data, or Your use of any Service or Content in breach of this Agreement, infringes or misappropriates such third party’s intellectual property rights or violates applicable law (a “Claim Against Us”), and will indemnify Us from any damages, attorney fees and costs finally awarded against Us as a result of, or for any amounts paid by Us under a court-approved settlement of, a Claim Against Us, provided We (a) promptly give You written notice of the Claim Against Us, (b) give You sole control of the defense and settlement of the Claim Against Us (except that You may not settle any Claim Against Us unless it unconditionally releases Us of all liability), and (c) give You all reasonable assistance, at Your expense.

10.2. Exclusive Remedy.
This Section 10 states the indemnifying party’s sole liability to, and the indemnified party’s exclusive remedy against, the other party for any type of claim described in this Section 10.

11. LIMITATION OF LIABILITY

11.1 Limitation of Liability.
NEITHER PARTY’S LIABILITY WITH RESPECT TO ANY SINGLE INCIDENT ARISING OUT OF OR RELATED TO THIS AGREEMENT WILL EXCEED THE AMOUNT PAID BY CUSTOMER HEREUNDER IN THE 12 MONTHS PRECEDING THE INCIDENT, PROVIDED THAT IN NO EVENT WILL EITHER PARTY’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED THE TOTAL AMOUNT PAID BY CUSTOMER HEREUNDER. THE ABOVE LIMITATIONS WILL APPLY WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY. HOWEVER, THE ABOVE LIMITATIONS WILL NOT LIMIT CUSTOMER’S PAYMENT OBLIGATIONS UNDER SECTION 6 (FEES AND PAYMENT FOR PURCHASED SERVICES).

11.2. Exclusion of Consequential and Related Damages.
IN NO EVENT WILL EITHER PARTY HAVE ANY LIABILITY TO THE OTHER PARTY FOR ANY LOST PROFITS, REVENUES OR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER OR PUNITIVE DAMAGES, WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY, EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING DISCLAIMER WILL NOT APPLY TO THE EXTENT PROHIBITED BY LAW.

12. TERM AND TERMINATION

12.1 Term of Agreement.
This Agreement commences on the date You first accept it and continues until the expiration or termination of the later of (a) all Subscriptions hereunder, or (b) Free Services used by You.

12.2. Term of Purchased Subscriptions.
The term of each Subscription shall be as specified in the applicable Order Form. Except as otherwise specified in an Order Form, Subscriptions will automatically renew for additional periods equal to the expiring Subscription term or one year (whichever is shorter), unless either party gives the other notice of non-renewal at least 30 days before the end of the relevant Subscription term. The per-unit pricing during any automatic renewal term will be the same as that during the immediately prior term unless We have given You written notice of a pricing increase at least 60 days before the end of that prior term, in which case the pricing increase will be effective upon renewal and thereafter.

12.3. Termination.
A party may terminate this Agreement for cause (i) upon 30 days written notice to the other party of a material breach if such breach remains uncured at the expiration of such period, or (ii) if the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors.

12.4. Refund or Payment upon Termination.
If this Agreement is terminated by You in accordance with Section 12.3 (Termination for “cause”), We will refund You any prepaid fees covering the remainder of the term of all Order Forms after the effective date of termination. If this Agreement is terminated by Us in accordance with Section 12.3, You will pay any unpaid fees covering the remainder of the term of all Order Forms. In no event will termination relieve You of Your obligation to pay any fees payable to Us for the period prior to the effective date of termination.

12.5. Your Data Portability and Deletion.
Upon the termination or expiration of this Agreement, you will not have the ability to download or export Your Data.

12.6. Surviving Provisions.
The Sections titled “Fees and Payment for Purchase Services,” “Proprietary Rights and Licenses,” “Confidentiality,” “Disclaimers,” “Indemnification,” “Limitation of Liability,” “Refund or Payment upon Termination,” “Notices, Governing Law and Jurisdiction,” and “General Provisions” will survive any termination or expiration of this Agreement.

13. NOTICES, GOVERNING LAW AND JURISDICTION

13.1. Notices.
Except as otherwise specified in this Agreement, all notices, permissions and approvals hereunder shall be in writing and shall be deemed to have been given upon: (i) personal delivery, (ii) the second business day after mailing, (iii) the second business day after sending by confirmed facsimile, or (iv) the first business day after sending by email (provided email shall not be sufficient for notices of termination or an indemnifiable claim). Billing-related notices to You shall be addressed to the relevant billing contact designated by You. All other notices to You shall be addressed to the relevant services system administrator designated by You. All notices to be sent to the Us shall be sent to:

Propared, LLC
Attn: Legal Affairs
719 Terlun Drive
Durango, CO 81301

13.2. Agreement to Governing Law and Jurisdiction.
Each party agrees to the applicable governing law above without regard to choice or conflicts of law rules, and to the exclusive jurisdiction of the applicable courts above.

14. GENERAL PROVISIONS

14.1. Export Compliance.
The services, Content, other technology We make available, and derivatives thereof may be subject to export laws and regulations of the United States and other jurisdictions. Each party represents that it is not named on any U.S. government denied-party list. You shall not permit Users to access or use any Service or Content in a U.S.-embargoed country (currently Cuba, Iran, North Korea, Sudan or Syria) or in violation of any U.S. export law or regulation.

14.2. Anti-Corruption.
You have not received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from any of Our employees or agents in connection with this Agreement. Reasonable gifts and entertainment provided in the ordinary course of business do not violate the above restriction. If You learn of any violation of the above restriction, You will use reasonable efforts to promptly notify Us.

14.3 Entire Agreement and Order of Precedence.
This Agreement is the entire agreement between You and Us regarding Your use of services and Content and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. No modification, amendment, or waiver of any provision of this Agreement will be effective unless in writing and signed by the party against whom the modification, amendment or waiver is to be asserted. The parties agree that any term or condition stated in Your purchase order or in any other of Your order documentation (excluding Order Forms) is void. In the event of any conflict or inconsistency among the following documents, the order of precedence shall be: (1) the applicable Order Form, (2) this Agreement, and (3) the Documentation.

14.4. Assignment.
Neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the other party’s prior written consent (not to be unreasonably withheld); provided, however, either party may assign this Agreement in its entirety (including all Order Forms), without the other party’s consent to its Affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets. Notwithstanding the foregoing, if a party is acquired by, sells substantially all of its assets to, or undergoes a change of control in favor of, a direct competitor of the other party, then such other party may terminate this Agreement upon written notice. Notwithstanding, in the event of such a termination by You, We will not refund to You any prepaid fees covering the remainder of the term of all Subscriptions. Subject to the foregoing, this Agreement will bind and inure to the benefit of the parties, their respective successors and permitted assigns.

14.5. Relationship of the Parties.
This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between the parties.

14.6. Third-Party Beneficiaries.
Our Content licensors shall have the benefit of Our rights and protections hereunder with respect to the applicable Content. There are no other third-party beneficiaries under this Agreement.

14.7. Waiver.
No failure or delay by either party in exercising any right under this Agreement will constitute a waiver of that right.

14.8. Severability.
If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision will be deemed null and void, and the remaining provisions of this Agreement will remain in effect.

DATA PROCESSING ADDENDUM

The terms of this Data Protection Addendum (“DPA“) are incorporated into the Terms of Service dated 6/16/25, between Propared, LLC (“Propared”) and (“Customer”) and any other applicable agreements between Propared and Customer (the “Agreement”) for the DPA Term, to reflect the parties’ agreement with regard to the Processing of Personal Data in accordance with the requirements of all Applicable Laws, including Applicable Data Protection Laws.

This DPA applies only to the extent Propared Processes Customer Personal Data on behalf of Customer in connection with the Services as a Data Processor (as such terms are defined below). In the event and to the extent of a conflict between this DPA and the Order, this DPA shall control with respect to that conflict. In the event and to the extent of a conflict between this DPA and the SCCs, the SCCs shall control with respect to that conflict.

1. DEFINITIONS
   1. For the purposes of this DPA, the following terms will have the corresponding definitions:

“Applicable Laws” means all laws, regulations, binding court orders, and binding regulatory decisions in any jurisdiction as may be applicable to either party or otherwise relevant to this DPA.

“Business Days” means any day excluding Saturday, Sunday and any day which is recognized as a legal holiday in the jurisdiction of either of the parties.

“Data Controller” means the entity which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data. The term Data Controller shall include the term “Business” as that term has been defined in the CCPA.

“Data Processor” means the entity which Processes Personal Data on behalf of the Data Controller. The term Data Processor shall include the term “Service Provider” as that term has been defined in the CCPA.

“Applicable Data Protection Laws” means all laws, regulations, binding court orders, and binding regulatory decisions, relating to data protection and privacy of personal data, as amended, extended, re-enacted or replaced from time to time, in any jurisdiction as may be applicable to either party or otherwise relevant to the Processing of Personal Data under this DPA, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the UK Data Protection Act of 2018 (“UK DPA”), the California Consumer Privacy Act of 2018, as amended (“CCPA”) and similar data protection and privacy laws.

“Data Subject” means an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Deidentified Data” means any Personal Data (including Customer Personal Data), which has been deidentified or aggregated, pursuant to Applicable Data Protection Laws, such that the Data Subject to whom it relates cannot be identified, directly or indirectly, by Propared or any other party reasonably likely to receive or access such Personal Data.

“DPA Term” with respect to this DPA once executed in accordance with Section 1, means the duration of the Processing under this DPA with respect to an Order beginning on the Commencement Date of such Order and continuing for the duration that Propared is Processing Customer Personal Data in connection with the Order.

“Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject”) or household or that is otherwise regulated under Applicable Data Protection Laws; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, biometric data, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

“Personal Data Breach” means a validated breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data transmitted, stored or otherwise Processed under this DPA.

“Processing” (and its derivatives) means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

“Sale” and its derivatives, means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, Customer Personal Data to a third party for valuable consideration other than as for the purposes described in the Agreement (or as otherwise agreed in writing by the parties).

“SCCs” means:

1. for transfers of Personal Data subject to the GDPR, Module 2 (Transfer Controller to Processor) of the Annex to Commission Implementing Decision (EU) 2021/914 of 4 June 2021 (as may be amended, updated or superseded from time to time, and available at: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX:32021D0914&locale=en#d1e32-37-1) (“EU SCCs”); and
2. for transfers of Personal Data subject to UK DPA, the EU SCCs supplemented by the International Data Transfer DPA to the EU Commission Standard Contractual Clauses, the text of which is available at: https://ico.org.uk/media/for-organisations/documents/4019483/international-data-transfer-addendum.pdf, as may be amended, updated or superseded from time to time (“UK SCCs”).

“Subprocessor” means any other Processors engaged by Propared to Process Customer Personal Data.

“Transfer” means to disclose or otherwise make Customer Personal Data available to a third-party including by enabling remote access or by other means.

1. 1. In the event of any conflict or ambiguity between the provisions of this DPA, the Agreement and any Order, the conflict or ambiguity shall be resolved in the following descending order of precedence: this DPA; the Orders (with the most recent taking precedence); and the main body of the Agreement. Terms that have been capitalized but not defined in this DPA shall have the same meaning as in the Agreement or the Applicable Data Protection Laws.
   2. ROLES AND RESPONSIBILITIES
      1. Parties’ Roles. Customer, as Controller, appoints Propared as a Data Processor to Process the Customer Personal Data on Customer’s behalf. This DPA does not apply where Propared is the Controller.
      2. Customer’s Instruction. Propared shall Process Customer Personal Data for the purposes set forth in the Agreement and only in accordance with Customer’s lawful, documented instructions, unless Propared is required to Process Customer Personal Data by the Applicable Laws to which Propared is subject. In such case, Propared will inform the Customer of these legal requirements, unless Applicable Laws prohibit such information. Customer agrees that this DPA, the Agreement and any statements of work or Orders comprise Customer’s complete instructions to Propared regarding the Processing. The Customer’s instructions may be specific or of a general nature as set out in this DPA or as otherwise notified in writing by the Customer to Propared from time to time, including the costs (if any) associated with complying with such instructions. Propared is not responsible for determining if Customer’s instructions are compliant with Applicable Laws. However, Propared may refrain from complying with the Customer’s instruction if it notifies the Customer that, in Propared’s opinion, an instruction for the Processing of Customer Personal Data given by the Customer infringes Applicable Data Protection Laws. The purpose of this section is only to determine the scope and the purposes of Processing of Customer Personal Data by Propared and nothing in this DPA will be deemed an obligation of Propared to accept any instructions of the Customer other than to provide the Services as provided under the Agreement.
      3. Customer Compliance. Customer shall, in its use of the Services, Process Customer Personal Data in accordance with the requirements of Applicable Data Protection Laws, including any applicable requirements to provide notice to Data Subjects of the use of Propared as Processor. For the avoidance of doubt, Customer’s instructions for the Processing of Customer Personal Data shall comply with Applicable Data Protection Laws. Customer shall have sole responsibility for the accuracy, quality, and legality of Customer Personal Data and the lawfulness of the means by which Customer acquired and Processes Customer Personal Data prior to disclosing, transferring or otherwise making available, any Customer Personal Data to Propared. Customer shall ensure that its provision of Customer Personal Data to Propared in connection with the Agreement is lawful under Applicable Data Protection Laws.
      4. Sale of Personal Data. The parties acknowledge and agree that Customer does not Sell Customer Personal Data to Propared in connection with the Agreement and that Propared does not Sell Customer Personal Data to any third parties.
   3. DATA PROCESSING
      1. 1. To the extent applicable, Propared shall ensure that all personnel who have access to Customer Personal Data are subject to suitable confidentiality obligations.
         2. Each Party shall comply with Applicable Data Protection Laws in connection with the performance of its obligations and the exercise of its rights under this DPA.
         3. In the event that Propared becomes aware of a Personal Data Breach affecting Customer Personal Data stored on Propared’s systems or site, Propared shall notify Customer without undue delay, and in no event more than seventy-two (72) hours, and undertake such remediation as necessary to rectify the adverse effects of the Personal Data Breach. Propared shall (i) notify the Customer in writing of the Personal Data Breach and where permissible, any third-party legal process relating to the Personal Data Breach; (ii) help Customer investigate, evaluate, remediate, provide notice, and take any other action Customer deems reasonably necessary regarding the Personal Data Breach and any dispute, inquiry, investigation, or claim concerning the Personal Breach; and (iii) provide Customer with assurance satisfactory to Customer that it has taken reasonable steps to implement measures to remediate and address any Personal Data Breach including any future occurrence of such Personal Data Breach.
         4. Any notification required under Section 3.4 must satisfy the requirements under Applicable Data Protection Law and include, at a minimum where possible: (i) a description of the Personal Data Breach, including the number and categories of individuals affected, categories and number of records concerned, types of Personal Data affected, likely consequences of the Personal Data Breach, and date and time of such incident; (ii) a summary of the incident that caused the Personal Data Breach and any ongoing risks that the Personal Data Breach poses; (iii) a description of the measures proposed or taken by Propared to address the Personal Data Breach; (iv) any other information required under Applicable Data Protection Law; and (v) any other information reasonably requested by Customer relating to the Personal Data Breach.
         5. In the event of a Personal Data Breach affecting Customer Personal Data, Customer shall collaborate with Propared and provide input and make decisions in relation to the breach notification process, including but not limited to control over notifying any individuals, supervisory authorities, or third parties of the Personal Data Breach, unless Applicable Data Protection Law dictates otherwise.
   4. SUBPROCESSING
      1. Customer provides general authorization to Propared to appoint and use Subprocessors in accordance with this Section 4. Propared may continue to use those Subprocessors already engaged by Propared prior to the DPA Term, which are listed in https://www.propared.com/third-party-service-providers. Propared shall give Customer notice of the appointment of any new Subprocessor by updating such list on the Site from time to time in order to give Customer an opportunity to object to such change, including reasonable details of the Processing to be undertaken by the Subprocessor. Customer shall review the Subprocessor list regularly and monitor any updates to the list. If, within five (5) Business days of notification of a Subprocessor, Customer notifies Propared in writing of any objections (on reasonable grounds) to the proposed appointment: (a) Propared shall use reasonable efforts to make available a commercially reasonable change in the provision of the Services which avoids the use of that proposed Subprocessor; and (b) where: (i) such a change cannot be made within thirty (30) Business Days from Propared’s receipt of Customer’s notice; (ii) no commercially reasonable change is available; and/or (iii) Customer declines to bear the cost of the proposed change, notwithstanding anything in the Agreement, either party may by written notice to the other party with immediate effect terminate the Agreement either in whole or to the extent that it relates to the Services which require the use of the proposed Subprocessor.
      2. With respect to each Subprocessor, Propared shall: (a) before the Subprocessor first Processes Customer Personal Data (or, as soon as reasonably practicable), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by this DPA; and (b) ensure that the arrangement between Propared and the Subprocessor is governed by a written contract, including terms which offer the same or a greater level of protection for Customer Personal Data as those set out in this DPA. Propared shall be liable for the acts and omissions of its Subprocessors to the same extent Propared would be liable if performing the services of each Subprocessor directly under the terms of this DPA.
   5. TRANSFERS OF PERSONAL DATA AND THE SCCS
      1. Customer authorizes Propared to Transfer the Customer Personal Data across any national borders or permit remote access to Customer Personal Data from any employee, contingent worker, affiliate, Subprocessor or other third party outside of the country, and Customer hereby consents to the Transfer of Customer Personal Data, provided such Transfer complies with the provisions of this DPA and Applicable Data Protection Laws, including but not limited to the requirement to ensure an adequate level of data protection while transferring Customer Personal Data.
      2. With regard to Transfers of Customer Personal Data originating from the EEA to countries outside the EEA (which are not subject to an adequacy decision under Applicable Data Protection Laws), Propared will conduct the transfers of Customer Personal Data pursuant to the EU SCCs or another lawful transfer mechanism. With regard to Transfers of Customer Personal Data originating from the UK, Propared will conduct the transfers of Customer Personal Data pursuant to the UK SCCs or another lawful transfer mechanism. Schedule 1 sets out the description of Customer Personal Data Processing and Schedule 2 sets out the Technical and Organizational Measures necessary to complete the SCCs.
      3. For each applicable version of the SCCs between Propared and Customer: (a) Customer and Propared are deemed to have executed the SCCs as of the start of the DPA Term; and (b) Propared is the “Data Importer” and Customer is the “Data Exporter” under the SCCs. Nothing in this DPA shall modify the terms and conditions of the SCCs. Therefore, in the case of any conflict between this DPA and the SCCs, the latter shall prevail.
      4. In the event that EU or UK authorities or courts determine that the SCCs are no longer an appropriate basis for Transfers, Propared and Customer shall promptly take steps reasonably necessary to demonstrate adequate protection for the Customer Personal Data, using another approved mechanism. Customer understands and agrees that Propared may terminate the Transfers as needed to comply with Applicable Data Protection Laws.
      5. Propared shall, where legally permissible, advise Customer of any US-based governmental requests for access to Customer Personal Data (“US Data Requests”), and advise Customer of any EU-EEA based governmental requests for access to Customer Personal Data (“EU-EEA Data Requests”) or UK based governmental requests for access to Customer Personal Data (“UK Data Requests”) and work with Customer so that Customer may object to such US Data Requests, EU-EEA Data Requests, or UK Data Requests. For the avoidance of doubt, Customer understands that Propared may not be legally allowed to notify the Customer of US Data Requests, EU-EEA Data Requests or UK Data Requests under certain circumstances.
   6. COOPERATION WITH CUSTOMER
      1. With regard to Customer Personal Data as required under Applicable Data Protection Laws, Propared shall provide reasonable assistance to Customer, to carry out/respond to: (i) data protection impact assessments and prior consultations with data protection authorities; (ii) Data Subject requests to exercise rights, including requests to access their Customer Personal Data, to the extent that Customer is unable to access the relevant Customer Personal Data through the Services; (iii) inquiries or complaints received from a Data Subject, regulator, or other third party; and (iv) making any filings, disclosures, or registrations required by data protection authorities in connection with the provision or receipt of the Services.
      2. Propared will promptly inform Customer of (i) any Data Subject requests to exercise rights or (ii) any communications received from a Data Subject, regulator, or other third party, that relate to Propared’s provision of the Services to Customer. For the avoidance of doubt, Customer is responsible for responding to such requests or communications.
   7. SECURITY
      1. Propared shall maintain technical and organizational measures appropriate (having regard to the state of technological development and cost of implementation) for protection of the security, confidentiality and integrity of Personal Data (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss, theft or alteration or damage, unauthorized disclosure of, or access to, Personal Data) by putting in place the measures set out in Schedule 2 (“Security Measures”). Propared regularly monitors compliance with the Security Measures and Propared will not materially decrease the overall security of the Services during the Duration of Processing. Customer agrees that the Security Measures are appropriate for the categories of Personal Data being Processed.
      2. If Propared Processes any Customer Personal Data, it will, at all times, comply with its obligations under all Applicable Data Protection Laws and will implement and maintain all appropriate technical, administrative, physical, and organizational measures required to ensure a level of confidentiality and security appropriate to the risks represented by the Processing and the nature of Customer Personal Data; and prevent unauthorized or unlawful Processing of Company Personal Data, or the accidental loss, disclosure or destruction of, or damage to, Customer Personal Data. Any breach of this DPA by Propared shall be deemed a material breach of this DPA and the Agreement and, notwithstanding anything in the Agreement to the contrary, Customer may terminate the Agreement and/or the impacted Statement(s) of Work or Valid Order(s) immediately upon written notice to Propared without liability to Customer. Propared shall comply with all policies communicated by Customer regarding privacy and security (including the privacy statements of any relevant Company websites) and any reasonable security requests made by Customer during the Term.
   8. DELETION/RETURN OF CUSTOMER PERSONAL DATA
      1. To the extent applicable, upon the termination of the Agreement for any reason, or at any time upon Customer’s written request, Propared shall, as soon as reasonably practicable, make the Customer Personal Data accessible for download or return to Customer and/or securely delete or destroy, in accordance with Applicable Data Protection Laws, all originals and copies of Customer Personal Data, except to the extent otherwise required by the Agreement, this DPA or any Applicable Data Protection Laws. Upon written request by Customer, Propared shall promptly provide to Customer a written confirmation that all Customer Personal Data has been returned to Customer or securely destroyed in accordance with the Agreement and this DPA. Notwithstanding the foregoing, Propared may retain Customer Personal Data in accordance with Propared’s records management and digital archival back-up policies (“Records Management Policy“) provided such Customer Personal Data is destroyed in due course in accordance with the Records Management Policy and Applicable Data Protection Laws. Propared reserves the right to charge Customer for any reasonable costs and expenses incurred by Propared in destroying the Customer Personal Data pursuant to this section if the costs exceed a commercially reasonable amount.
   9. DEIDENTIFIED DATA.
      1. Subject to Applicable Data Protection Laws, Propared may freely use and disclose Deidentified Data for Propared’s own business purposes.
   10. AUDITS
       1. Upon Customer’s request with not less than thirty (30) days’ notice, Propared agrees to permit Customer to perform reviews of Propared’s compliance with its security obligations set forth under the DPA (“Propared Audits”). Propared Audits may be conducted by the internal and external auditors and personnel of Customer who have entered into Propared’s form of nondisclosure agreement (collectively, “Auditors”). Such Propared Audits shall be conducted in accordance with Propared’s security policies and procedures, without undue disruption to Propared’s operations, in a commercially reasonable manner, and shall be limited to the security aspects of the Services provided to Customer. Propared agrees to cooperate in a commercially reasonable manner with the Auditors and provide the Auditors commercially reasonable assistance as they may reasonably request in connection with the Propared Audit. Except in the case of an audit performed in response to a Security Incident, Propared Audit(s) will be performed at Customer’s sole cost and Customer will reimburse Propared for its reasonable costs associated with such additional Propared Audits. Propared shall bear all costs of audits performed in response to a Personal Data Breach. Customer shall promptly notify Propared with information regarding the results of Propared Audits, including any information that Propared is not Processing Personal Data in accordance with its obligations under this DPA.
   11. CCPA AND SIMILAR US APPLICABLE DATA PROTECTION LAWS
       1. If Propared is processing Customer Personal Data within the scope of the CCPA or similar Applicable Data Protection Laws implemented by a US state, Propared makes the following additional commitments to Customer: Propared will (i) process Customer Personal Data on behalf of Customer (ii) not retain, use, or disclose that data for any purpose other than for the purposes set out in this DPA and as permitted under the CCPA, including under any “sale” exemption; and (iii) not sell any Customer Personal Data, including that which Propared receives pursuant to this DPA or the Agreement. These CCPA terms do not limit or reduce any data protection commitments Propared makes to Customer in this DPA, the Agreement, or other agreement between Propared and Customer.
   12. SCHEDULE 1: DESCRIPTION OF PERSONAL DATA PROCESSING

       1. Location(s) of the Processing	Worldwide
          Data Controller(s)/ Exporter(s) (as applicable)	Name:  As set out in the Agreement for Customer. Address: As set out in the Agreement for Customer. Activities relevant to the data transferred under the DPA: the Data Exporter is exporting Personal Data to receive the Services described in the Agreement. Role: Controller
          Data Processor(s)/ Importer(s) (as applicable)	Name: Propared, LLC Address: 719 Terlun Drive Durango, CO 81301. Activities relevant to the data transferred under the DPA: Propared is importing and Processing the Data Exporter’s Personal Data to provide the Services described in the Agreement. Role: Processor Contact person’s name, position and contact details: Melissa Johnston: email: [email protected]
          Subject Matter and Duration of the Processing	The subject matter and duration of the Processing shall be according to the Agreement in connection with the Services.
          Purpose of the Processing / Processing Operations	The Customer Personal Data is Processed for the purpose of providing Services including: (a) customer service activities, such as processing orders, providing technical support and improving offerings, (b) on-premises software or hosting software, (c) consulting, professional, security, storage, and other services delivered to Customer, and (d) internal business processes and management, fraud detection and prevention, and compliance with governmental, legislative, and regulatory requirements.
          Categories of Data Subjects (whose Personal Data is transferred)	Customer Personal Data Processed may concern the following categories of data subjects: employees, contractors, suppliers, business partners, representatives and end users of the Customer, and other individuals whose personal data is Processed by or on behalf of Customer or Customer’s customers and delivered as part of the Services.
          Categories/ Types of Personal Data transferred	Customer Personal Data related directly or indirectly to the categories of data subjects listed above, including online and offline Customer Personal Data provided by or on behalf of the Customer or its users of the Services.
          Types of Special Category (“Sensitive”) Data transferred (if applicable)	N/A
          Applied restrictions or safeguards in respect of Sensitive Data (EU SCCs only)	N/A
          Frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis) (EU SCCs only)	Continuous basis for the duration of the Agreement.
          The period for which the Personal Data will be retained, or, if that is not possible, the criteria used to determine that period (EU SCCs only)	DPA Term, or as otherwise agreed in writing between the parties.
          Specific Elections (EU SCCs only)	EU SCCs Elections: The parties agree to elect the following options within the EU SCCs: For Clause 7 of the EU SCCs, the parties elect not to include the optional language. For Clause 9(a) of the EU SCCs, the parties elect to include the language in Option 2 with 15 Business Days as the specified time period. For Clause 11(a) of the EU SCCs, the parties elect to not include the optional language. Competent Supervisory Authority: The parties agree that the supervisory authority of the Data Exporter will act as the competent supervisory authority. Governing Law: For purposes of Clause 17 of the EU SCCs, the parties agree that the law of the country in which the Data Exporter is located will be the governing law. Choice of Forum and Jurisdiction: For purposes of Clause 18 of the EU SCCs, the parties agree that the courts of the country in which the Data Exporter is established will resolve any dispute arising from the EU SCCs.

   13. 1. SCHEDULE 2: TECHNICAL AND ORGANIZATIONAL MEASURES

       Propared maintains comprehensive policies and standards for protecting Customer Personal Data, grounded in industry-standard frameworks that ensure consistent security and privacy practices across its operations. Its Information Security Management System (ISMS) aligns with and adheres to ISO/IEC 27001 requirements. Propared regularly evaluates its systems against ISO 27001, CIS Controls, SOC 2, and NIST frameworks, addressing any identified risks or gaps as needed.

       To safeguard Customer Personal Data against accidental or unlawful destruction, loss, access, or alteration, Propared implements robust administrative, technical, physical, and product-level controls. Additionally, Propared requires that its Subprocessors maintain data security programs that meet or exceed its own standards, consistent with applicable services and accepted industry practices. A dedicated risk management program is in place to assess and validate the security posture of all Subprocessors.

       Categories	Practices
       Administrative Safeguards	Security and Privacy Training Incident Management Data Breach Notification Third Party Risk Management User Role Management
       Technical Safeguards	Data Encryption in transit and in rest SSL User Role Management Backup and Recovery Vulnerability Remediation Intrusion and Malware Protection Logging & Monitoring Identity & Access Control
       Physical Safeguards	Workplace Security Data Center Security
       Product Security	Secure Design Principles

Propared Privacy Policy

Effective Date: 4/22/2025

1. Introduction
2. Scope
3. What Information We Collect
4. Why We Collect Information
5. When We Disclose Information
6. Retention of Personal Information
7. Your Choices About the Information We Collect
8. Children’s Privacy
9. Visitors to the Site Outside of the United States
10. Links
11. Security
12. Your California Privacy Rights
13. Your Privacy Rights under Other US State Laws
14. Your Rights Under the General Data Protection Regulation
15. Your Rights Under the UK GDPR
16. Your Canada Privacy Rights
17. Your Australia Privacy Rights
18. Changes to This Privacy Policy
19. Contact Us

1. Introduction

Welcome. You have arrived at a website operated by Propared, LLC (“Propared,” “we,” “our” or “us”). Propared is a company devoted to thinking up better ways for theatre, arts, and event managers to organize shows and day-to-day operations. Propared’s software platform embodies a management philosophy that we practiced throughout our careers working in events and contributions from people like you. We build Propared so you can take this knowledge and use it to find success in all the amazing things you do.

At Propared, we take your privacy seriously. We provide this Privacy Policy (“Policy”) to tell you what information we collect about you, how we obtain it, how we share it, and how you may limit the ways in which we use your Personal Information. If you have questions about this Policy after you review it, feel free to contact us at [email protected].

1. Scope

This Policy governs propared.com, its subdomains, and all subdomains or portals that link to this Policy (“Site”); or otherwise when you provide Personal Information or interact with us online or in-person. This Policy also applies to Personal Information that we may collect from you via phone calls or other communications with our representatives or in any other instance when you contact us. For the purpose of this Policy, “Personal Information” (also referred to as “ Personal Data”) means any Personal Information relating to an identified or identifiable individual that is protected by applicable privacy laws. The definition of Personal Information does not include publicly available information from federal, state, or local government records, such as professional licenses and real estate or property records.

We are a “B2B” company, meaning our customers are businesses and not consumers. We refer to all the above as our “Services.” For our Services, we act as a service provider (aka a data processor).

By using our Site or otherwise using our Services, you acknowledge this Policy and agree to our Terms of Service (“Terms”).

1. What Information We Collect

As a rule, we limit the Personal Information we collect to that which is adequate, relevant and reasonably necessary for us to provide our Services to you.

Information That You Provide to Us

As you interact with our Site or Services, we only collect Personal Information that is relevant and reasonably necessary for us to provide our Services to you. This includes any information you provide via webforms, the chat function on our Site, uploads to our Site, and through telephone calls, letters, emails and other communications with you. In addition, we the Site uses a chatbot for any questions you might have. Please do not provide any sensitive Personal Information in on the chatbot or in our communications with you.

In the previous 12 months, we have collected the following Personal Information:

Customers (Prospective, Current and Past)

• Contact information such as your first and last name, email address, company, title, business address, telephone numbers, mobile numbers.

Users or Constituents

• Contact information such as your first and last name, preferred name, pronouns, company/organization you work for or are associated with, titles/job roles, email address, telephone numbers
• Image/photo
• Details (open text field)
• Dates, Times, Locations that you are scheduled to be.
• Pay Rates
• Tasks assigned to a you
• Account information for other resources such as cloud storage sites (e.g., Dropbox), websites, files hosted elsewhere

Our developers use this user/constituent Personal Information to fix bugs. If you are a user or constituent of one of our Customers (e.g., a theatre company or event manager using Propared’s Site or Services), your Personal Information will be collected and used in accordance with that Customer’s privacy policy. Please contact the organization for more information about how they use your Personal Information and how to exercise your privacy rights.

Information Collected Automatically

We use a platform called Drift to provide real-time customer support via chat. Drift may use functional cookies to remember your session and deliver chat services. These cookies do not track your browsing behavior for marketing or advertising purposes. No other cookies are deployed on our site.

Information Collected from Third Parties

The Site may include functionality that allows certain kinds of interactions between the Site and your account on a third-party website or application. The use of this functionality may involve the third-party site providing information to us.

Propared does not have control over the information that is collected, used, and shared by these third parties. We encourage you to review the privacy statements of these third parties to understand their privacy practices.

1. Why We Collect Information

We use the information we collect about you in a variety of ways, including the following:

To Provide Our Services

We process certain Personal Information when you access or use our services, including to:

• operate, maintain and improve the Site;
• fix bugs
• enable you to access and use the Site;
• enable you to organize shows and day-to-day operations for theatre, arts, and events.
• send you notices, updates, security alerts and support and other messages;
• provide and deliver the Services and features you request, process and complete transactions, and send you related information, including purchase confirmations and invoices;
• process your purchases of, or requests for our Services;
• create and verify user accounts;
• facilitate the functionality of our Site; and
• customize experiences and personalization when you are on our Site.

To Communicate with You

We process certain information to communicate with you in relation to your accounts, our services, our marketing, and your requests, including to:

• communicate with you about orders, purchases and our Services;
• respond to your customer service inquiries and requests for information;
• send you personalized promotions, content, and special offers;
• provide important safety information.

For Improvement of Our Site or Services

We want to ensure that our Site and Services (including our products) are continually improving and expanding so that we meet and exceed your needs and expectations. To do so, we may process certain Personal Information, including to:

• test, research, analyze, or develop new products and Services for you to organize shows and day-to-day operations for theatre, arts, and events;
• maintain, improve, and analyze our Site or Services; and
• detect, prevent, or investigate suspicious activity or fraud.

To Comply with Applicable Laws

We may be required to process certain Personal Information under certain laws and regulations, such as tax laws, as well as to:

• maintain appropriate records for internal administrative purposes; and
• comply with applicable legal and regulatory obligations, and respond to lawful governmental requests, as needed.

To Enforce our Terms, Agreements, or Policies

To maintain a safe, secure, and trusted environment for you when you use our Site and Services, we use your Personal Information to ensure our terms, policies, and agreements with you and any third parties are enforced.

With Your Consent

We process certain Personal Information to fulfill any other business or commercial purposes at your direction or with your consent.

1. When We Disclose Information

To the extent permitted by law, certain Personal Information about you may be disclosed in the following situations:

• Service providers. To provide information to our affiliates and nonaffiliated third parties who perform services or functions for us in conjunction with our services to you, but only if we have a contractual agreement with the other party which prohibits them from disclosing or using the information other than for the purposes for which it was disclosed. Examples of such disclosures include using a payment processor, website host or email marketing provider.
• Legal process. To comply with a validly issued and enforceable subpoena or summons; as a part of any actual or threatened legal proceedings or alternative dispute resolution proceedings either initiated by or against us, provided we disclose only the information necessary to file, pursue, or defend against the lawsuit and take reasonable precautions to ensure that the information disclosed does not become a matter of public record.
• Business transactions. In conjunction with a prospective purchase, sale, or merger of all or part of our practice, if we take appropriate precautions (for example, through a written confidentiality agreement) so the prospective purchaser or merger partner does not disclose information obtained in the course of the review.

Finally, we may aggregate, de-identify, and/or anonymize any information collected through the Site or Services such that such information is no longer linked to your Personal Information. We may use and share this aggregated and anonymized information (non-Personal Information) for any purpose, including without limitation, for research and marketing purposes, and may also share such data with our affiliates and third parties, including advertisers, promotional partners and others.

1. Retention of Personal Information

Propared will retain your Personal Information only for as long as is necessary for the purposes set out in this Policy. We will retain and use your Personal Information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your Personal Information to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.

All information you provide to us is stored on our secure servers or those of our third-party data storage providers.

We utilize the following criteria to determine the length of time for which we retain Personal Information:

• How long we have had a relationship with you or provided our Services to you
• The business purposes for which the information is used, and the length of time for which the information is required to achieve those purposes;
• Whether we are required to retain the information, or the information is otherwise necessary, in order to: comply with legal obligations or contractual commitments: defend against potential legal claims: detect or prevent potential illegal activity or actions in violation of our policies and procedures; secure our systems and online environment; or protect health and safety;
• The privacy impact on individuals of ongoing retention; and
• The manner in which information is maintained and flows through our systems, and how best to manage the lifecycle of information in light of the volume and complexity of the systems in our infrastructure.

1. Your Choices About the Information We Collect

Communications Preferences

We prefer to keep your Personal Information accurate and up to date. If you would like to change your contact information, please contact us using the information in the Contact Us section below. We will make good faith efforts to make requested changes in our then active databases as soon as reasonably practicable (but we may retain prior information as business records).

You can opt out of receiving marketing emails from us at any time. You will still receive transactional messages from us. To manage your email preferences with us, please click on the Unsubscribe link in any email you receive from us or contact us using the information in the Contact Us section below. Your choice will not affect our ability to share information in the other ways described in this Policy.

Do Not Track

Do Not Track (“DNT”) is a web browser setting that requests that a web application disable its tracking of an individual user. When you choose to turn on the DNT setting in your browser, your browser sends a special signal to websites, analytics companies, ad networks, plug in providers, and other web services you encounter while browsing to stop tracking your activity. Various third parties are developing or have developed signals or other mechanisms for the expression of consumer choice regarding the collection of information about an individual consumer’s online activities over time and across third-party websites or online services (e.g., browser do not track signals), but there is no universally agreed upon standard for what an organization should do when it detects a DNT signal. Currently, we do not monitor or take any action with respect to these signals or other mechanisms. You can learn more about Do Not Track here.

1. Children’s Privacy

Our Site is not intended for use by children under the age of 18. However, it is possible that our Customers may process the Personal Information of minors. We do not request, or knowingly collect, any Personal Information from children under the age of 18. If you are the parent or guardian of a child under 18 who you believe has provided her or his information to us, please contact us using the information in the Contact Us section below to request the deletion of that information.

Under the Family Educational Rights and Privacy Act (FERPA), Propared acts as a “school official” with “legitimate educational interests” and contractually relies on educational institutions to obtain parental consent, if required.

We do not use such information for any purpose other than to provide our Services and for the specific uses set forth above, in accordance with contractual agreements with our Customers and our Terms of Service.

1. Visitors to the Site Outside of the United States

If you are visiting the Site from a location outside of the U.S., your connection will be through and to servers located in the U.S. All information you receive from the Site will be created on servers located in the U.S., and all information you provide will be maintained on web servers and systems located within the U.S. The data protection laws in the United States may differ from those of the country in which you are located, and your information may be subject to access requests from governments, courts, or law enforcement in the United States according to laws of the United States. By using the Site or providing us with any information, you consent to the transfer to, and processing, usage, sharing and storage of your information in the United States and in other countries, as set forth in this Policy.

1. 10.Links

For your convenience, the Site and this Policy may contain links to other websites. Propared is not responsible for the privacy practices, advertising, products, services, or the content of such other websites. None of the links on the Site should be deemed to imply that Propared endorses or has any affiliation with the links.

1. 11.Security

We incorporate commercially reasonable safeguards to help protect and secure your Personal Information. However, no data transmission over the Internet, mobile networks, wireless transmission, or electronic storage of information can be guaranteed 100% secure. As a result, we cannot guarantee or warrant the security of any information you transmit to or from the Site, and you provide us with your information at your own risk.

1. 12.Your California Privacy Rights

This section of the Policy applies solely to California residents. We adopt this Section to comply with the California Consumer Privacy Act of 2018 (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”). Any terms defined in the CCPA or CPRA have the same meaning when used in this Section.

California residents have the following rights:

• To know the categories of Personal Information being collected about you, the purposes for which the categories of Personal Information are collected or used, and whether that information is sold or shared;
• To know the length of time we intend to retain each category of Personal Information;
• To know whether your Personal Information is sold or disclosed and to whom;
• To access your Personal Information;
• To delete the Personal Information you have provided to us, with certain exceptions;
• To correct your Personal Information;
• To opt out of the sale of Personal Information;
• To know if Sensitive Personal Information (“SPI”) is being collected about you, the categories of SPI being collected, the purposes for which the categories of SPI are collected or used, and whether the SPI is sold or shared;
• To limit the use of your SPI if it is used for cross-contextual behavioral advertising or for the purposes of inferring characteristics about you; and
• Not to be discriminated against, even if you exercise your privacy rights.

Request for Information, Correction, or Deletion

California residents have the right to request, under certain circumstances, that a business that collects Personal Information about them disclose the information listed below for the preceding 12 months:

• The categories of Personal Information collected about you;
• The categories of sources from which the Personal Information is collected;
• The business or commercial purpose for collecting, selling or sharing Personal Information;
• The categories of third parties to whom the business discloses Personal Information; and
• The specific pieces of Personal Information collected about you.

Please note that if we collected information about you for a single one-time transaction and do not keep that information in the ordinary course of business, that information will not be retained for purposes of a request under this section. In addition, if we have de-identified or anonymized data about you, we are not required to re-identify or otherwise link your identity to that data if it is not otherwise maintained that way in our records.

You can also request that we correct or delete your Personal Information. There may be certain exceptions to our obligation to correct or delete your information such as if you have an existing account or transaction with us or if we have a legitimate business reason to keep your information.

Personal Information Collected

We have collected the following categories of Personal Information within the last twelve (12) months:

Category of Personal Information	Sources of Personal Information	Business Purpose for Collection
Identifiers	You Automatically Third Parties	To provide, improve and market our products and Services To provide information you requested To identify potential customers To verify identity To prevent fraud To comply with law
Personal information described in California Civ. Code § 1798.80(e)	You Automatically Third Parties	To provide, improve and market our products and Services To provide information you requested To identify potential customers To verify identity To prevent fraud To comply with law

Information related to how long we retain each category of Personal Information is included in the Retention of Personal Information section above.

Personal Information Sold or Shared

We do not sell or share (as those terms are defined in the CCPA) the Personal Information of Customers.

We do not have actual knowledge that we sell or share the Personal Information of consumers under 16 years of age.

Personal Information Disclosed for Business Purposes

We have disclosed the following categories of Personal Information for business purposes in the last twelve (12) months:

Category of Personal Information	Recipient Categories	Business Purpose for Disclosure
Identifiers	Service Providers	Helping to ensure the security and integrity of Personal Information Debugging to identify and repair errors Performing services on behalf of the business Activities to verify or maintain the quality of, improve, upgrade, and/or enhance of our services
Personal information described in California Civ. Code § 1798.80(e)	Service Providers	Helping to ensure the security and integrity of Personal Information Debugging to identify and repair errors Performing services on behalf of the business Activities to verify or maintain the quality of, improve, upgrade, and/or enhance of our services

Do Not Sell My Personal Information

As a California resident, you also have the right, at any time, to tell us not to sell Personal Information – this is called the “right to opt-out” of the sale of Personal Information. We do not sell Personal Information.

Right to Limit Use of Sensitive Personal Information

California residents have the right to limit the use of each type of Sensitive Personal Information for each purpose with each type of third-party partner. Please note that we only keep your Sensitive Personal Information for a limited time, and only for the transaction for which it is required. Currently, we do not provide your Sensitive Personal Information to any third parties other than those service providers that are necessary for us to provide our Services to you.

Right Not to Be Discriminated Against

We will not discriminate against you for exercising any of your rights under the CCPA. Unless permitted by California law, we will not:

• Deny you goods or services.
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide you a different level or quality of goods or services.
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Third Party Marketing (“Shine The Light Act”)

California Civil Code Section 1798.83 permits our users who are California residents to request and obtain from us a list of what Personal Information (if any) we disclosed to third parties for their own direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. We do not currently disclose Personal Information protected under this section to third parties for their own direct marketing purposes.

Exercising Your California Privacy Rights

If you are a California resident, you or your authorized agent may make a request to access, correct, delete, opt-out of the sale of your Personal Information by contacting us using the information in the Contact Us section below.

If you are an user or constituent whose Personal Information has been collected or processed by one of our Customers (e.g., an organization such as a theatre company or event manager using Propared’s Site or Services), please visit the organization’s privacy policy or contact the organization directly regarding privacy requests.

If you use an authorized agent to submit your request, we may require proof of the written authorization you have given. We also may require you to confirm your identity and your residency to obtain the information, and you are only entitled to make this request twice in a 12-month period. For emails, please include “California Privacy Rights” as the subject line. You must include your full name, email address, and attest to the fact that you are a California resident. We will acknowledge your request within 10 days and respond to your request within 45 days or let you know if we need additional time. If you make this request by telephone, we may also ask you to provide the request in writing so that we may verify your identity. If we are unable to honor your request for any reason, we will notify you of the reason within the request time period.

1. 13.Your Privacy Rights under Other US State Laws

If you live in certain other U.S. states, such as Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, Nevada, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, or Virginia, you may have rights under applicable privacy laws once those laws have become effective.

Based on the applicable law in the state where you live, you may have the following rights with respect to your Personal Information:

• To confirm whether or not a controller is processing your Personal Data and to access such Personal Data;
• To know the categories of Personal Data we collect about you, the purposes for the collection, how long we retain your Personal Data, and whether that information is sold or shared or disclosed and to whom;
• To correct inaccuracies in your Personal Data;
• To delete your Personal Data;
• To obtain a copy of your Personal Data that you previously provided to us in a portable, and if technically feasible, readily usable format, if processing is carried out by automated means;
• To opt out of the processing of your  Personal Data for purposes of (i) targeted advertising, (ii) the sale of Personal Data, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.

Right to Opt Out

You may have the right to opt out of the processing of your  Personal Data for purposes of (i) targeted advertising, (ii) the sale of  Personal Data, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer. We do not engage in targeted advertising, the sale of  Personal Data or profiling.

Opt-Out Preference Signals

Some browsers and browser extensions support opt-out preference signals such as the Global Privacy Control (“GPC”) that can send a signal to the websites you visit indicating your choice to opt-out from certain types of data processing, including data sales. GPC is a web browser-level setting, maintained by either a browser or a browser extension, that a user or privacy-focused technology can set. In certain regions, when we detect such a signal, we will make reasonable efforts to respect your choices as required by applicable law.

Exercising Your Privacy Rights

For Customers, you may make a request to confirm, access, correct, delete, obtain a copy, or opt-out of the processing of your Personal Data for targeting advertising, sale, or profiling by using the information in the Contact Us section below. Please include your state of residence.

We may require you to confirm your identity and your residency in order to obtain the information, and you are only entitled to make this request up to twice annually. For emails, please include “Privacy Rights” as the subject line. You must include your full name, email address, and attest to the state in which you are a resident.

We will process your request within 45 days or let you know if we need additional time or cannot process your request. If you make this request by telephone, we may also ask you to provide the request in writing so that we may verify your identity. If we are unable to honor your request for any reason, we will notify you of the reason within the request time period.

Appeals of Our Decisions

In some jurisdictions, you may appeal to us if we refuse to take action on your exercise of certain choices described above. In order to appeal such a refusal, please contact us using the information in the Contact Us section below with the subject line “Appeal of Refusal to Take Action on Privacy Request” and provide the relevant information in the email.

If we decline to take action on any request you make, we will provide you with the information required by the applicable law where you live. This may include an explanation of why we declined your request, information on how to appeal our decision, and/or how to make a complaint to your state Attorney General.

1. 14.Your Rights Under the General Data Protection Regulation

This section of the Policy applies if you are a data subject who resides or is located in the European Economic Area (“EEA”). We adopt this section to comply with European privacy laws, including the General Data Protection Regulation (“GDPR”). Any terms defined in the GDPR have the same meaning when used in this section.

Under applicable law, we are considered the “data controller” of the Personal Information we handle under this Policy. In other words, we are responsible for deciding how to collect, use and disclose this information, subject to applicable law.

We want to ensure that the Personal Information we possess is always accurate and therefore we encourage you to update your information in your own account in case any changes have occurred. We have listed below the rights that you may be able to exercise in respect of the processing of your Personal Information, subject to applicable law. We take reasonable steps to ensure that the Personal Information that we process is limited to the Personal Information that are required in connection with the purposes set out in this Policy.

If you are a resident of or located within the EEA, you have certain data protection rights. These rights include:

• The right to access, update or delete the information we have collected from you.
• The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
• The right to object. You have the right to object to our processing of your Personal Information.
• The right of restriction. You have the right to request that we restrict the processing of your Personal Information.
• The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable, and commonly used format.
• The right to withdraw consent. You also have the right to withdraw your consent at any time where we relied on your consent to process your Personal Information.

Legal Basis for Processing Personal Information

We rely on the following legal bases for processing your Personal Information:

• Contract: To conclude or perform a contract with you; for example:
  • To provide our Services;
  • To manage our accounts and records;
  • To handle your inquiries and requests;
• Legitimate Interests: When we process your Personal Information for our legitimate interests, we make sure to consider and balance any potential impact on you and your rights under data protection laws. Our legitimate business interests do not automatically override your interests – we will not use your Personal Information for activities where our interests are overridden by the impact on you unless we have your consent or those activities are otherwise required or permitted to by law. You have the right to object to processing that is based on our legitimate interests, as further described below. Examples of legitimate interests include:
  • To respond to your customer service inquiries and requests for information;
  • To maintain, improve, and analyze our Site and Services we offer;
  • To conduct marketing activities;
  • To detect, prevent, or investigate security breaches or fraud; and
  • To facilitate the functionality of our Site;
• Legal Compliance: To comply with our legal obligations; for example:
  • To maintain appropriate records for internal administrative purposes and as required by applicable law, and
  • To provide important safety information.
• Consent: We will send you information by email on our Services or other promotions only with your consent or if you otherwise opt-in to receiving those communications. If you do not provide us with your consent to the processing of your Personal Information for this purpose, we will not send you this information. You have the right to withdraw your consent at any time as described below.

How to Exercise Your Rights Under the GDPR

If you are a Customer, you may exercise any of your rights under the GDPR by submitting a verifiable data subject request to us by using the contact details below. You may make a request related to your Personal Information or on behalf of someone for which you have authorization. You must include your full name, email address, and attest to the fact that you are a citizen or resident of the EEA by including your country of citizenship or residence in your request. We may require you to confirm your identity and/or legal standing for the request as well as your residency in the EEA to obtain the information. We will respond to your request within 30 days or let you know if we need additional time.

Please note that we will ask you to verify your identity before responding to such requests, and we may deny your request if we are unable to verify your identity or authority to make the request.

If you are an individual whose Personal Information has been collected or processed by one of our Customers (e.g., an organization such as a theatre company or event manager using Propared’s Site or Services), please visit the organization’s privacy policy or contact the organization directly regarding privacy requests.

Should you wish to raise a concern about our use of your data (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority; however, we hope that we can assist with any queries or concerns you may have about our use of your Personal Information first by contacting us as follows:

Propared, LLC, which delivers, or targets the delivery of, a digital service in European Union and European Economic Area, has appointed DataRep as its Legal Representative for the purposes of the Digital Services Act* in the EU/EEA.

Propared, LLC takes their obligations to deliver a safe and legal service seriously, and has appointed DataRep as their Legal Representative in the European Union so that you can contact them directly about concerns you may have, and to report illegal content which you identify.

If you want to raise a question to Propared, LLC regarding these issues, you may do so by.

• sending an email to DataRep at [email protected] quoting < Propared. LLC > in the subject line.
  contacting us on our online webform at www.datarep.com/data-request.
• mailing your inquiry to DataRep at DataRep. The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland, or
• phone call to +353 (1) 919 8899 (we will ask you to follow up by email to ensure our understanding of your request).

PLEASE NOTE: when mailing inquiries, it is ESSENTIAL that you mark your letters for “DataRep’ and not ‘Propared, LLC, or your inquiry may not reach us. Please refer clearly to Propared, LLC in your correspondence.

If you have any concerns over how DataRep will handle the personal data we will require to undertake our services, please refer to our privacy notice at www.datarep.com/privacy-policy

Local data representative

Country	Address
Austria	DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria
Belgium	DataRep, Rue des Colonies 11, Brussels, 1000
Bulgaria	DataRep, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria
Croatia	DataRep, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia
Cyprus	DataRep, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus
Czech Republic	DataRep, Platan Office, 28. Října 205/45, Floor 3&4, Ostrava, 70200, Czech Republic
Denmark	DataRep, Lautruphøj 1-3, Ballerup, 2750, Denmark
Estonia	DataRep, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia
Finland	DataRep, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland
France	DataRep, 72 rue de Lessard, Rouen, 76100, France
Germany	DataRep, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany
Greece	DataRep, Ippodamias Sq. 8, 4th floor, Piraeus, Attica, Greece
Hungary	DataRep, President Centre, Kálmán Imre utca 1, Budapest, 1054, Hungary
Iceland	DataRep, Laugavegur 13, 101 Reykjavik, Iceland
Ireland	DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland
Italy	DataRep, Viale Giorgio Ribotta 11, Piano 1, Rome, Lazio, 00144, Italy
Latvia	DataRep, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia
Liechtenstein	DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria
Lithuania	DataRep, 44A Gedimino Avenue, 01110 Vilnius, Lithuania
Luxembourg	DataRep, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg
Malta	DataRep, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta
Netherlands	DataRep, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands
Norway	DataRep, C.J. Hambros Plass 2c, Oslo, 0164, Norway
Poland	DataRep, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland
Portugal	DataRep, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal
Romania	DataRep, 15 Piaţa Charles de Gaulle, nr. 1-T, Bucureşti, Sectorul 1, 011857, Romania
Slovakia	DataRep, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia
Slovenia	DataRep, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia
Spain	DataRep, Calle de Manzanares 4, Madrid, 28005, Spain
Sweden	DataRep, S:t Johannesgatan 2, 4th floor, Malmo, SE – 211 46, Sweden
United Kingdom	DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom

1. 15.Your Rights Under the UK GDPR

If you are based in the United Kingdom, the following provisions also apply:

We take steps to ensure that appropriate safeguards are in place to guarantee the continued protection of your Personal Information, such as by entering into the UK International Data Transfer Agreement or the International Data Transfer Addendum to the European Commission’s Standard Contractual Clauses, adopted by the UK Government under section 119A of the Data Protection Act 2018.

You have the same data subject rights as those for the EU listed above, except that references to the “GDPR” should be read as references to the “UK GDPR” and complaints should be filed with the UK supervisory authority, the Information Commissioner’s Office.

1. 16.Your Canada Privacy Rights

Canadian laws provide specific privacy rights to our Canadian customers. If you are a resident of Canada, this section applies in addition to all other applicable rights and information contained in this Policy.

Where applicable, We follow applicable Canadian federal and provincial privacy laws (“Canadian Privacy Law”), including:

• The Personal Information Protection and Electronic Documents Act (PIPEDA)
• Alberta’s Personal Information Protection Act (Alberta PIPA)
• British Columbia’s Personal Information Protection Act (BC PIPA)
• Québec’s Act respecting the protection of Personal Information in the private sector (Québec Act).

Consent

In most cases, we rely on implied consent to collect, use, or disclose your Personal Information. In some circumstances, including those involving sensitive Personal Information, we obtain express consent. Where you have provided your consent to the collection, use, and transfer of your Personal Information (whether orally, in writing, or electronically), you may have the legal right to withdraw your consent under certain circumstances. In addition to the methods described above with respect to your privacy choices, you may withdraw your consent by submitting a request using the information in the “Contacting Us” section below. Please note that if you withdraw your consent, We may not be able to provide you with a particular product or service. We will explain the impact to you at the time of your request to help you with your decision.

Use of Your Personal Information

We will not collect, use, or disclose Personal Information except for the identified purposes identified above (See Disclosure of Your Information), unless we have received additional consent or the processing is authorized without consent. Where we engage service providers who utilize the Personal Information we provide to them, those relationships are governed by a written agreement regarding the confidentiality of your information.

Canadian Access and Challenge Rights

Canadian Privacy Law provides the right to receive information about the existence, use, and disclosure of your Personal Information and be provided access to that information. You may also challenge the accuracy and completeness of your Personal Information and have it amended as appropriate. Depending on the nature of the challenged information, amendment may involve correction, deletion, or addition of information.

Exercising Your Canadian Privacy Rights

If you are a Customer and have an account with us, you may view and update your account information (as noted above) directly by logging into your account. To submit a request for access to information not contained within your account, or to challenge the accuracy or completeness of your Personal Information, you may also submit a written request using the information in the “Contacting Us” section below. When submitting a request, We also may require you to confirm your identity and your residency to obtain the information. For emails, please include “Canadian Privacy Rights” as the subject line. You must include your full name, email address, and attest to the fact that you are a Canadian resident, and provide your province of residence. We will begin processing your request once you have completed the verification process and will respond within the timeframe required by law.

If We cannot substantively respond to your request in a timely manner, We will notify you and state the reason for the delay. Under certain circumstances, We may not be able to fulfill your request, such as when doing so would interfere with Our regulatory or legal obligations, where We cannot verify your identity, or if your request involves disproportionate cost or effort. However, We will respond to your request within a reasonable time, as required by law, and provide an explanation.

If you are an individual whose Personal Information has been collected or processed by one of our Customers (e.g., an organization such as a theatre company or event manager using Propared’s Site or Services), please visit the organization’s privacy policy or contact the organization directly regarding privacy requests.

Additional information about how to exercise your rights under Canadian Privacy Law can be found here:

Office of the Privacy Commissioner of Canada
Website
Phone: 1-800-282-1376

Office of the Information and Privacy Commissioner of Alberta
Website
Phone: 1-888-878-4044
Edmonton office: (780) 422-6860
Calgary office: (403) 297-2728

Office of the Information and Privacy Commissioner of British Columbia
Website
Vancouver: (604) 660-2421
Elsewhere in BC: (800) 663-7867

Commission d’acces a’ l’ information du Quebec
Website
Phone: 1-888-528-7741

1. 17.Your Australia Privacy Rights

As applicable, this Policy is subject to and does not limit the rights and/or exceptions available to us under the Australian Privacy Principles of the Privacy Act 1988 (Cth) (the “Privacy Act”).

We disclose Personal Information, for some of the purposes described above, to organizations located in Australia. We or our service providers may also make Personal Information held in Australia remotely available for processing by service provider personnel located in other countries. We take reasonable steps to ensure that overseas recipients of your Personal Information do not breach the privacy obligations relating to your Personal Information, and only use it for the purpose for which it was disclosed.

At your request, we will provide a copy of any Personal Information we hold about you, unless an exception under the Privacy Act applies. We may charge reasonable fees for retrieving this information, in which case we will obtain your prior consent.

When your Personal Information is no longer required, we take reasonable steps to destroy or permanently de-identify the information.

We will promptly acknowledge and investigate any complaint about the way we manage Personal Information.

We will take reasonable steps to remedy any issues resulting from our failure to comply with privacy obligations. If our response to you does not satisfactorily address your concerns, you may have the right to make a complaint to a competent regulator (e.g., Office of the Australian Information Commissioner at www.oaic.gov.au).

1. 18.Changes to This Privacy Policy

We may change this Privacy Policy at any time. We will post all changes to this Policy on this page and will indicate at the top of the page the modified policy’s effective date. We therefore encourage you to refer to this page on an ongoing basis so that you are aware of our current privacy policy. If required by the applicable law, we will notify you of the changes.

By continuing to use the Site or Services or providing us with information following such a replacement Policy being uploaded, you agree that you will be bound by the Privacy Policy as changed.

1. 19.Contact Us

If you have any questions or suggestions regarding this Policy, please contact us as follows:

Propared, LLC,
Attention: Privacy
719 Terlun Drive
Durango, CO 81301

Email: [email protected]