Partner Rewards Terms of Use

Last revised: March 3, 2022

These Partner Rewards Terms of Use (“Partner Rewards Terms”), apply to your access and use of all websites, applications and other online products and services provided by Prizeout Corp., a Delaware corporation (“Prizeout”, “we”, or “our”), and constitute a legal and binding agreement by and between you and your affiliates (“Partner” or “you”) and Prizeout (each a “Party” and collectively, the “Parties”). By accessing and using the Service (defined below), you are agreeing to these Partner Rewards Terms. As used herein, “you” shall also refer to Partner Users (as defined below) as applicable.

WHEREAS, Prizeout offers certain software products and services through its proprietary online platform (the “Service”), as described herein; and

WHEREAS, Partner desires to obtain from Prizeout, the right for itself, its authorized employees and consultants (collectively, “Partner Users”) to use the portals described herein, and Partner’s end users (“End Users”, together with Partner Users, “Users”) to access and use the Service via Partner’s software, mobile application and/or website (collectively, the “Partner Platform”) or as may be otherwise set forth herein.

NOW, THEREFORE, in consideration of the mutual representations, warranties, covenants and agreements contained herein, and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, and upon the terms and conditions hereof, Prizeout and Partner agree as follows:

  1. Description of the Service; Access to the Service; Partner Responsibilities.

    1. Description of the Service.
      1. Prizeout will provide Partner with a rewards program under which gift cards, vouchers, and/or other mechanisms to provide stored value (e.g., account credits etc.) delivered electronically with unique, digital codes (“Gift Cards”) offered by approved merchants (“Merchants”) are issued to Partner’s customers, employees, consultants or other individuals as End Users of the Service, in accordance with Partner’s instructions submitted via the Partner Portal (“Rewards”).
      2. The Service selects Merchants on the basis of proprietary algorithms. Prizeout may update its list of approved Merchants, which may result in the adjustment of available Gift Cards. While Partner may request the addition of a Merchant to the Service, no guarantee is offered with respect to the addition of any Merchant on the Service.
      3. Prizeout will grant Partner access to its proprietary partner portal (the “Partner Portal”), providing Partner with the ability to: (i) submit requests for Rewards; (ii) view the Subaccount Balance (defined herein); (iii) view withdrawal history; and (iv) open tickets and submit requests to Prizeout.
    2. Grant of Rights. Prizeout grants to Partner and Users the non-exclusive, non-transferable (except as may be permitted herein) right to access and use the Service in accordance with these Partner Rewards Terms. Prizeout grants only the licenses and rights specified in these Partner Rewards Terms. No other licenses or rights (including, without limitation, licenses or rights under patents) are granted either directly, by implication, or otherwise.
    3. Use Restrictions. In Partner’s use of the Service, Partner agrees not to (i) distribute, sell, lease, loan, sublicense, encumber or otherwise provide access to the Service to any person or entity other than Users as contemplated hereunder; (ii) modify, adapt, or hack the Service or otherwise attempt to gain unauthorized access to the Service or related systems or networks; (iii) create derivative works of or otherwise modify the Service or make any copies of the Service, in any form; (iv) remove or alter any legal, copyright, trademark, watermark, or other proprietary rights notice contained in or on the Service; (v) attempt to bypass or break any security mechanism on the Service or use the Service in any manner that interferes with or disrupts the integrity, security or performance of the Service and its components; (vi) attempt to decipher, decompile, reverse engineer or otherwise discover the source code of any software making up the Service; or (vii) launch or facilitate, whether intentionally or unintentionally, a denial of service attack on the Service or any other conduct that materially and adversely impacts the availability, reliability, or stability of the Service.
    4. Data Access and Use: Partner shall provide Prizeout with End User data required by Prizeout to perform the Service, including email address and/or telephone number, and such other information as may be identified and agreed by the parties (“End User Data”). Prizeout may use such End User Data to provide the Service pursuant to these Partner Rewards Terms, and in accordance with its privacy policy and any terms of use (together, the “Prizeout Terms”), when consented to by End Users. The Parties acknowledge and agree that Prizeout may use End User Data (as well as data generated by Partner or any User’s use of the Service) to allow End Users to access the Service, and to improve the Service, including customization and personalization of the algorithm for End Users. Each Party shall comply with the Privacy and Data Security Addendum, attached as Addendum I hereto. To the extent of a conflict between Addendum I and this Agreement, Addendum I shall control.
    5. Partner Responsibilities.
      1. Partner shall be liable to Prizeout for the total cash amounts withdrawn by End Users in the form of Gift Cards, which shall not include any bonus amounts (“Withdrawal Amounts”). Any bonus amounts on Gift Cards redeemed by End Users are the sole liability of the applicable Merchant.
      2. Partner is solely responsible for complying with any applicable federal, state, local and any other tax laws, rules or regulations, including any withholding or reporting requirements relating to Withdrawal Amounts.
      3. To use the Partner Portal, each Partner User needs to create an individual account (“Account”), and must provide accurate, complete and updated information for each such Account. Partner is responsible for all activity on all Accounts and for ensuring that each Partner User maintains the confidentiality and security of his/her password. Prizeout is not liable for any acts or omissions by any Partner User in connection with his/her Account. Each Partner User must immediately notify Prizeout at techsupport@prizeout.com if any such Partner User knows or has any reason to suspect that his/her Account or password has been stolen, misappropriated or otherwise compromised, or in case of any actual or suspected unauthorized use of any Account.
    6. Temporary Suspension: Prizeout reserves the right to restrict functionalities or suspend the Service (or any part thereof), or Partner or any Users’ right to access and use the Service, and remove, disable or quarantine any data if (i) Prizeout reasonably believes that Partner or any User has violated these Partner Rewards Terms or the Prizeout Terms (as applicable) or is using the Service in a manner that poses a security risk to the Service or any other clients or users of the Service; (ii) Prizeout suspects or detects any malicious software connected to Partner’s account or use of the Service by Partner or any User; or (iii) Partner fails to make any payments or transfers of funds to Prizeout in accordance with these Partner Rewards Terms. Prizeout will use commercially reasonable efforts to notify Partner via email when taking any of the foregoing actions. Prizeout shall not be liable to Partner, any User or any other third party for any such modification, suspension or discontinuation of any rights to access or use the Service.

  2. Payments; Transfers of Funds.

    During the term hereof, Partner will fund a subaccount at a bank selected by Prizeout (the “Subaccount”) via ACH, wire transfer or credit card with a US dollar amount (the “Subaccount Balance”) sufficient to fund average monthly Withdrawal Amounts, as mutually agreed upon by the Parties. Prizeout shall transfer funds from the Subaccount to a Prizeout operating account in amounts corresponding to Withdrawal Amounts. In the event that the Subaccount Balance falls below an amount reasonably expected to sufficiently fund average monthly Withdrawal Amounts, Partner shall promptly replenish the Subaccount in accordance with Prizeout’s written request. Prizeout shall repay to Partner the Subaccount Balance net of all Withdrawal Amounts to Partner within thirty (30) days after the termination of these Partner Rewards Terms.

  3. Representations and Warranties; Disclaimers.

    1. Authority; No Conflicts. Each Party represents and warrants that: (i) it is duly organized, validly existing and in good standing under the laws of the jurisdiction of its formation, and has the full right and legal authority to enter into, and fully perform, these Partner Rewards Terms in accordance with its terms; and (ii) the execution, delivery and performance of these Partner Rewards Terms by such Party: (A) is within such Party’s corporate power; (B) has been duly authorized by all necessary corporate action on such Party’s part; (C) does not and shall not contravene or constitute a default under, and is not and shall not be inconsistent with, any judgment decree or order, or any contract, agreement, or other undertaking, applicable to such Party, and no approval or other action by any governmental authority or agency is required in connection herewith; and (D) shall constitute a legal, valid and binding obligation of such Party, enforceable against such Party in accordance with its terms.
    2. Compliance with Laws. Each Party hereby represents, warrants, and covenants that in performing its obligations and exercising its rights hereunder, it will comply in all material respects with all applicable international, federal, state and local laws (including applicable tax, privacy and data protection laws) (“Applicable Laws”) relating to the Service provided hereunder, and will obtain and maintain all permits, licenses, and consents required in connection therewith.
    3. Acts, Errors, or Omissions. Each Party hereby represents, warrants, and covenants that it shall be solely responsible for any and all its acts, errors, or omissions and the acts, errors, and omissions of its third party service providers (or any other person or entity acting on its behalf) utilized to satisfy its obligations associated with these Partner Rewards Terms.
    4. Limited Warranty. Prizeout warrants that the Service will materially comply with the terms and conditions set forth herein. Partner’s sole and exclusive remedy and Prizeout’s sole and exclusive liability for breach of the foregoing warranty shall be for Prizeout to repair or replace the defective component of the Service, or, if repair or replacement cannot be provided within a reasonable time, terminate the applicable component of the Service.
    5. DISCLAIMERS. EXCEPT AS SPECIFICALLY SET FORTH IN SECTION 3(D), THE SERVICE, INCLUDING ALL SERVER AND NETWORK COMPONENTS, ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS, WITHOUT ANY WARRANTIES OF ANY KIND TO THE FULLEST EXTENT PERMITTED BY LAW, AND PRIZEOUT EXPRESSLY DISCLAIMS ANY AND ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. PARTNER ACKNOWLEDGES THAT PRIZEOUT DOES NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, TIMELY, SECURE, ERROR-FREE OR FREE FROM VIRUSES OR OTHER MALICIOUS SOFTWARE, AND NO INFORMATION OR ADVICE OBTAINED BY PARTNER FROM PRIZEOUT OR THROUGH THE SERVICE SHALL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THESE PARTNER REWARDS TERMS.

  4. Intellectual Property.

    1. Limited Trademark License. During the term hereof, each Party hereby grants to the other Party a limited, revocable, non-exclusive and non-transferable right to use its name, trademarks and logos (collectively, “Marks”) on the Partner Platform or in the Service (as applicable) in connection with providing the Service to Users, as well as on customer/vendor lists. Each Party represents and warrants that the use of its Marks or any other materials it supplies, by the other Party, as permitted hereunder, does not infringe upon or violate the Intellectual Property Rights of any third party. “Intellectual Property Rights” means ownership of all right, title and interest in and to any kind of intellectual property, including copyrights, patents, Marks, trade secrets, rule sets, and all other proprietary rights therein, and the right to apply for, register, obtain, hold, extend and renew any of the foregoing.
    2. Prizeout Ownership. Prizeout and its third party vendors and licensors (as applicable) own all Intellectual Property Rights in and to the Service and any other products or services (and any portion thereof) used to provide the Service hereunder, along with source code, object code or underlying structure, ideas or algorithms, documentation, data, updates or derivative works related to any of the foregoing.
    3. License to Feedback. By submitting ideas, suggestions or feedback to Prizeout, Partner agrees that items submitted do not contain confidential or proprietary information; and Partner grants Prizeout an irrevocable, unlimited, royalty-free and fully-paid perpetual license to use such items for any business purpose.

  5. Confidentiality.

    1. Treatment of Confidential Information. During and after the term hereof, Recipient shall: (i) protect and keep strictly confidential Disclosing Party’s Confidential Information and use it solely for the purpose for which it is provided and as permitted hereunder; (ii) only disclose or provide access to Disclosing Party’s Confidential Information to directors, members, partners, trustees, officers, employees, agents, consultants, affiliates, advisors, counsel, stakeholders, vendors or other representatives (collectively, “Representatives”) who are under confidentiality obligations at least as restrictive as those contained herein, on a need-to-know basis or as otherwise permitted hereunder; (iii) protect Disclosing Party’s Confidential Information using the same degree of care, but no less than a reasonable degree of care, to prevent the unauthorized use or disclosure of such Confidential Information, as Recipient uses to protect its own confidential information of a similar nature; (iv) make copies of Disclosing Party’s Confidential Information only to the extent permitted hereunder; and (v) not to develop any other materials, products, or services using Disclosing Party’s Confidential Information. “Confidential Information” as used herein, shall mean any information and/or documentation with respect to a Party (“Disclosing Party”), and its affiliates, employees, agents, customers or vendors, disclosed to the other Party (“Recipient”) (whether transmitted orally, in writing, or through any electronic medium), including, but not limited to: (A) trade secrets, work product, know-how, ideas, inventions, programs, algorithms, formulas, hardware, devices, designs, schematics, drawings, technical or engineering information, data systems processes or techniques, vendor and customer lists; (B) information relating to business plans, sales, pricing, product information, services, personnel, financial data, forecasts, strategies, marketing plans or methods, or security procedures and measures; (C) API’s, software, applications, programs and systems, including source code, object code, and documentation and commentary related thereto; (D) End User Data; (E) confidential information of third parties in Disclosing Party’s possession; (F) any information that is of value to its owner and is treated as confidential, or that gives Disclosing Party some competitive business advantage or the opportunity of obtaining such advantage or the disclosure of which could be detrimental to its interests; and (G) all information generally understood to be confidential, and all information which is maintained in confidence by Disclosing Party. “Confidential Information” shall be deemed to include: (y) any notes, analyses, compilations, studies, interpretations, memoranda or other documents prepared by Recipient or its Representatives which contain, reflect or are based upon, in whole or in part, any of Disclosing Party’s Confidential Information furnished to Recipient or its Representatives pursuant hereto; and (z) the terms and conditions of these Partner Rewards Terms (except for any terms and conditions of use required to be accepted by Users hereunder).
    2. Exceptions. “Confidential Information” does not include information that: (i) is known to Recipient, as evidenced by its written records, before receipt thereof under these Partner Rewards Terms; (ii) is disclosed to Recipient by a third party who is under no known obligation of confidentiality to Disclosing Party with respect to such information; (iii) is or becomes generally known to the public through no fault of Recipient; or (iv) is independently developed by the Recipient, as evidenced by its written records, without use of any of Disclosing Party’s Confidential Information. The burden of proving any exception is on Recipient. Notwithstanding the foregoing, Recipient may disclose Disclosing Party’s Confidential Information pursuant to a subpoena or other validly issued administrative or judicial notice requesting the disclosure of Disclosing Party’s Confidential Information; provided, however, that Disclosing Party is given prompt written notice, an opportunity to object to such disclosure, seek protective treatment (for which Recipient will provide reasonable cooperation), and the scope of each such disclosure is limited to the greatest extent possible and made in accordance with the advice of legal counsel.
    3. Return/Destruction of Information. Upon termination or expiration of these Partner Rewards Terms, upon Disclosing Party’s direction, Recipient shall promptly return to Disclosing Party or destroy all of Disclosing Party’s Confidential Information; provided, however, that, Recipient may retain copies of such Confidential Information as required by Applicable Laws, its internal protocols and procedures, or as may be electronically preserved or recorded automatically to standard back-up or archival systems, and, provided, further, that, with respect to such Confidential Information, Recipient will comply with its applicable policies and procedures, Applicable Laws and the obligations set forth herein.
    4. Equitable Relief. The Parties acknowledge and agree that there can be no adequate remedy at law for any breach of a Party’s obligations under this Section 5. Therefore, upon any such breach or threatened breach, the non­breaching Party will be entitled to seek appropriate equitable relief (without the necessity of proving actual damages or posting a bond), in addition to whatever remedies it may have at law.

  6. Indemnification.

    1. Indemnification Obligations of Prizeout. Prizeout shall indemnify, defend and hold harmless Partner and its directors, officers, employees and agents from and against any claims, liabilities, losses, damages and costs (including reasonable attorneys’ fees) (collectively, “Losses”) arising out of or relating to a third party claim, inquiry or investigation alleging that the use of the Service as permitted under these Partner Rewards Terms, infringes or misappropriates such third party’s valid United States patent, copyright, trademark or trade secret (“Prizeout IP Claim”). In no event shall Prizeout have any obligations or liability under this Section 6(a) arising from the use of the Service (or any portion thereof) in a modified form or in combination with materials not furnished by Prizeout; or any content, information, or data provided by Partner, Users, or any other third parties.
    2. Indemnification Obligations of Partner. Partner shall indemnify, defend and hold harmless Prizeout, its affiliates and each of their respective directors, officers, employees and agents from and against any and all Losses arising out of or relating to a third party claim, inquiry or investigation arising from or in connection with the use of the Service by Partner or any User.
    3. Conditions to Indemnification. An indemnitor’s obligations to indemnify an indemnitee hereunder are conditioned upon (i) prompt notification of any Loss; provided, however, that failure by indemnitee to provide such notice shall not relieve indemnitor of any liability hereunder if no prejudice occurs; and (ii) indemnitee’s full cooperation in the defense of such Loss.
    4. Infringement Remedy. If the Service, or any portion thereof, becomes, or in Prizeout’s opinion is likely to become, the subject of a Prizeout IP Claim, then Prizeout may, in its sole discretion and at its expense: (i) obtain for Partner the right to use the allegedly/potentially infringing portions of the Service; (ii) modify the allegedly/potentially infringing portions of the Service so as to render them non-infringing without substantially diminishing or impairing their functionality; or (iii) replace the allegedly/potentially infringing portions of the Service with non-infringing items of substantially similar functionality. If Prizeout determines that the foregoing remedies are not commercially reasonable, then Prizeout may terminate these Partner Rewards Terms repay to Partner any pre-paid or pre-funded amounts relating thereto. The provisions of Sections 6(a) and 6(d) state the sole, exclusive and entire liability of Prizeout to Partner and constitute Partner’s sole and exclusive remedy with respect to a Prizeout IP Claim brought by reason of access to or use of the Service by Partner or Users.

  7. LIMITATION OF LIABILITY.

    TO THE EXTENT NOT PROHIBITED BY APPLICABLE LAW, IN NO EVENT SHALL PRIZEOUT HAVE ANY LIABILITY FOR INDIRECT, SPECIAL, INCIDENTAL, EXEMPLARY, CONSEQUENTIAL OR PUNITIVE DAMAGES OF ANY KIND, WHETHER UNDER THESE PARTNER REWARDS TERMS OR OTHERWISE, FOR BUSINESS INTERRUPTION, OR LOSS OF REVENUE, PROFITS, DATA, GOODWILL, USE OR OTHER INTANGIBLE LOSSES, REGARDLESS OF THE FORM OF ACTION IN WHICH SUCH DAMAGES ARE ASSERTED, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE) OR OTHERWISE, EVEN IF PRIZEOUT HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS, AND NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY REMEDY. IN NO EVENT SHALL PRIZEOUT’S TOTAL AGGREGATE LIABILITY TO YOU UNDER THESE PARTNER REWARDS TERMS (INCLUDING ALL SCHEDULES, STATEMENTS OF WORK AND EXHIBITS HERETO), WHETHER FOR CONTRACT, TORT (INCLUDING NEGLIGENCE) OR OTHERWISE, EXCEED THE LESSER OF THE NET PROFITS RECEIVED BY PRIZEOUT IN CONNECTION HEREWITH DURING THE TWELVE (12) MONTHS PRECEDING THE EVENTS GIVING RISE TO A CLAIM OR TWENTY-FIVE THOUSAND DOLLARS ($25,000).

  8. Termination.

    Either Party may terminate these Partner Rewards Terms at any time for any reason or no reason. Upon the termination hereof: (i) all rights and licenses granted by the Parties hereunder and all obligations of Prizeout with respect to the Service provided to Partner will immediately cease; and (ii) the Parties shall make any payments to one another in accordance with these Partner Rewards Terms that are due through the effective date of termination.

  9. General Provisions.

    1. Assignment. You may not assign or delegate any of your rights or obligations under these Partner Rewards Terms without Prizeout’s prior written consent. Prizeout may assign these Partner Rewards Terms in connection with an acquisition, merger, corporate reorganization, or sale, license or transfer of all, or substantially all, of its assets without obtaining your consent. These Partner Rewards Terms shall inure to the benefit of, and shall be binding upon, the Parties’ successors and permitted assigns.
    2. Modification. We may modify these Partner Rewards Terms from time to time in which case we will update the “Last Revised” date at the top of these Partner Rewards Terms. If we make changes that are material, we will use reasonable efforts to attempt to notify you, such as by e-mail and/or by placing a prominent notice on the Service. You waive any right you may have to receive specific notice of such changes or modifications, except as required by law. However, it is your sole responsibility to review these Partner Rewards Terms and our other terms and policies from time to time to view any changes. The updated Partner Rewards Terms will be effective as of the time of posting, or such later date as may be specified in the updated Partner Rewards Terms. Your continued access or use of the Service after the modifications have become effective will be deemed your acceptance of the modified Partner Rewards Terms.
    3. Notices. All notices hereunder shall be in writing and deemed to be properly given (i) upon personal delivery; (ii) if sent by electronic mail, upon confirmation of receipt; or (iii) if provided via overnight courier or registered or certified mail, upon confirmation of receipt. All notices shall be sent to the address set forth on the signature pages hereto or to such other address as may be designated by the Parties.
    4. Dispute Resolution. If the Parties cannot resolve a dispute or claim arising under these Partner Rewards Terms (“Dispute”) after meeting and conferring in good faith, then no earlier than ten (10) days and no more than sixty (60) days following written notice to the other Party, either Party may initiate mandatory, confidential, non-binding mediation (“Mediation”) hereunder upon written notice to the other Party. The then-current JAMS International Mediation Rules and Procedures, either as written or as modified by mutual agreement of the Parties to the Dispute, shall govern any Mediation hereunder, and any Mediation shall be conducted in New York County in the State of New York. The mediator shall be jointly appointed by the Parties; provided, however, if the Parties cannot agree on a mediator, then one will be chosen by JAMS at random. All costs and expenses of the appointed mediator shall be shared equally by the Parties. Each Party shall be represented in a Mediation by one or more senior representatives duly authorized to resolve the Dispute. All offers, promises, conduct and statements, whether oral or written, made in the course of any Mediation by either of the Parties, their agents, employees, experts or attorneys, and by the mediator or any JAMS employees, are confidential, privileged and inadmissible for any purpose, including impeachment, in any arbitration, litigation or other proceeding involving the Parties; provided, however, that evidence that is otherwise admissible or discoverable shall not be rendered inadmissible or non-discoverable as a result of its use in any Mediation. If a Dispute has not been resolved within thirty (30) days after the conclusion of a Mediation, then any Party to the Dispute may commence litigation.
    5. Governing Law; Venue. These Partner Rewards Terms shall be governed by and construed in accordance with the laws of the State of New York, without regard to its provisions governing conflicts of law. The Parties hereby consent to the exclusive jurisdiction of the state and federal courts located in New York County in the State of New York in connection with any Dispute.
    6. Independent Contractors. The relationship of the Parties is that of independent contractors. Nothing in these Partner Rewards Terms will be deemed to create an association, partnership, joint venture, agency or employer and employee relationship between the Parties. Neither Party shall have any authority to act for or to bind the other Party in any manner.
    7. Severability; Remedies. If any part of these Partner Rewards Terms is found to be invalid, illegal or unenforceable for any reason, then all other parts nevertheless remain valid, legal and enforceable. To the extent permitted by law, the rights and remedies in these Partner Rewards Terms are cumulative and not exclusive of any other right or remedy that might be available under the law. If either Party fails to require the other Party to perform any provision of these Partner Rewards Terms, such failure does not prevent such Party from later enforcing such provision.
    8. Waiver. The waiver by either Party of a breach of, or a default under, any provision of these Partner Rewards Terms, shall be in writing and shall not be construed as a waiver of any subsequent breach of, or default under, the same or any other provision of these Partner Rewards Terms, nor shall any delay or omission on the part of either Party to exercise or avail itself of any right or remedy that it has or may have hereunder operate as a waiver of any right or remedy.
    9. Force Majeure. Neither Party will be liable for the failure to perform any obligation hereunder if such failure is caused by a “Force Majeure Event”, which shall mean causes that are beyond a Party’s reasonable control, including, but not limited to, acts of God, natural disasters, pandemics, war, civil disturbance, action by governmental entity and strike. The Party affected by a Force Majeure Event will provide prompt notice to the other Party and resume performance as soon as reasonably possible when such Force Majeure Event concludes.
    10. Survival. Termination or expiration of these Partner Rewards Terms does not release either Party from obligations that, either expressly, or by their nature, survive termination or expiration hereof. Sections 2, 3, 4(b), 4(c) and 5 through 9 shall survive the termination or expiration of these Partner Rewards Terms.
    11. Entire Agreement. These Partner Rewards Terms, including any and all schedules, statements of work and exhibits hereto, supersede all prior or contemporaneous discussions, proposals, negotiations, agreements and communications, between the Parties regarding the subject matter hereof, and constitutes the entire agreement between the Parties concerning the subject matter hereof.

ADDENDUM I

PRIVACY AND DATA SECURITY ADDENDUM

  1. Definitions

    1. In this Addendum, capitalized terms shall have the meanings set out below. Any capitalized terms not defined below or elsewhere in this Addendum shall have the meanings ascribed to these terms in the Agreement:
    2. “Affiliate” means in relation to a Party, any entity which (directly or indirectly) controls, is controlled by and/or under common control with that Party.
    3. “Applicable Law” means all laws, rules and regulations of any jurisdiction applicable to the either Party’s performance or exercise of rights under the Agreement, including but not limited to those applicable to the Processing of Personal Data, including without limitation, the EU General Data Protection Regulation (EU) 2016/679 (“GDPR“), the California Consumer Privacy Act of 2018 (“CCPA“) and as of January 1, 2023 the California Privacy Rights Act of 2020 and the Virginia Consumer Data Protection Act. For the avoidance of doubt, if a Party’s Processing activities involving Personal Data are not within the scope of a given Applicable Law, such law is not applicable for purposes of this Addendum
    4. “Controller” means the person who, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
    5. “End User” means an individual who is entitled to receive the benefit of, or use, the services described in the Agreement.
    6. “New EU SCCs” means the Standard Contractual Clauses issued pursuant to the EU Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, available at http://data.europa.eu/eli/dec_impl/2021/914/oj and completed as described in the “Data Transfers” section below.
    7. “Old EU SCCs” means the Standard Contractual Clauses issued pursuant to EU Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council, available at http://data.europa.eu/eli/dec/2010/87/2016-12-17 and completed as described in the “Data Transfers” section below.
    8. “Old EU Controller-to-Controller SCCs” means the Standard Contractual Clauses issued pursuant to EU Commission Decision of 27 December 2004 introduction of an alternative set of standard contractual clauses for the transfer of personal data to third countries, available at https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32004D0915:EN:HTML and completed as described in the “Data Transfers” section below.
    9. “Personal Data” means any information relating to an identified or identifiable individual and has the meaning set forth in any Applicable Law pertaining to Personal Data, personal information, and/or personally identifiable information.
    10. “Personal Data Breach” means the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, End User Data.
    11. “Process” or “Processing” means any operation or set of operations that is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, return or destruction.
    12. “Processor” means an entity that Processes Personal Data on behalf of a Controller.
    13. “Service” means the services provided by Prizeout to Partner as specified in the Agreement.

  2. Relationship of the Parties

    1. 2.1 Partner shall act as a Controller and Prizeout shall act as a Processor of End User Data, except that when a Data Subject acknowledges and consents to the Prizeout Terms, each Party shall act as an independent Controller with respect to copies of End User Data in such Party’s own possession. The term “End User Account Data” refers to End User Data for which this paragraph authorizes Prizeout to act as an independent Controller.

  3. End User Data

    1. 3.1 Purpose Limitation. Prizeout will not sell End User Data, Process End User Data for any purpose other than for the specific purposes set forth in the Agreement, or otherwise engage in any Processing of the End User Data outside of what a Processor may engage in under the GDPR or what a Service Provider (as defined under the CCPA) may engage in under the CCPA, unless obligated to do otherwise by Applicable Law. In such case, Prizeout will inform Partner of that legal requirement before the Processing unless legally prohibited from doing so. Further details regarding Prizeout’s Processing operations are set forth in Exhibit B. For purposes of this paragraph, “sell” shall have the meaning set forth in the CCPA.
    2. 3.2 Lawful Instructions. Partner will not instruct Prizeout to Process End User Data in violation of Applicable Law. Prizeout will immediately inform Partner if, in Prizeout’s opinion, an instruction from Partner infringes Applicable Law. The Agreement, including this Addendum, and Partner’s configurations within the Service (as Partner may be able to modify from time to time) constitute Partner’s complete and final instructions to Prizeout regarding the Processing of End User Data, including for purposes of the Standard Contractual Clauses.
    3. 3.3 Limitations on Disclosure. Prizeout will not disclose End User Data to any third party without first obtaining Partner’s written consent, except as provided in Section 3.4 (Subprocessors), Section 3.7 (Data Subject Requests) or Section 5 (Data Transfers). Prizeout will require all employees, contractors and agents that Process End User Data on Prizeout’s behalf to protect the confidentiality of the End User Data and to comply with the other relevant requirements of this Addendum.
    4. 3.4 Subprocessors
      1. 3.4.1 Prizeout may subcontract the collection or other Processing of End User Data only in compliance with Applicable Law and any additional conditions for subcontracting set forth in the Agreement. Partner acknowledges and agrees that Prizeout’s affiliates and certain third parties may be retained as subprocessors to Process End User Data on Prizeout’s behalf (under this Addendum as well as under the Standard Contractual Clauses, if they apply) in order to provide the Service. Partner acknowledges and agrees that Prizeout may use those third-party subprocessors listed at Exhibit A (the “Subprocessor List“). Prior to a subprocessor’s Processing of End User Data, Prizeout will impose contractual obligations on the subprocessor substantially the same as those imposed on Prizeout under this Addendum. Prizeout remains liable for its subprocessors’ performance under this Addendum to the same extent Prizeout is liable for its own performance.
      2. 3.4.2 Prizeout shall provide Partner with notification of new subprocessors before authorizing such subprocessor(s) to Process End User Data in connection with the provision of the Service. The subprocessor agreements to be provided under Clause 5(j) of the Standard Contractual Clauses may have all commercial information, or provisions unrelated to the Standard Contractual Clauses, redacted prior to sharing with Partner, and Prizeout agrees that such copies will be provided only upon written request.
      3. 3.4.3 Partner may object to Prizeout’s use of a new subprocessor on reasonable grounds relating to the protection of End User Data by notifying Prizeout promptly in writing at infosec@prizeout.com within ten (10) business days after receipt of Prizeout’s notice in accordance with the mechanism set out in Section 3.4.2. In its notification, Partner shall explain its reasonable grounds for objection. In the event Partner objects to a new subprocessor, Prizeout will use commercially reasonable efforts to make available to Partner a change in the Service or recommend a commercially reasonable change to Partner’s configuration or use of the Service to avoid Processing of End User Data by the objected-to new subprocessor without unreasonably burdening Partner. If Prizeout is unable to make available such change within a reasonable period of time, which shall not exceed thirty (30) days, either Party may terminate without penalty the Processing of End User Data and/or the Agreement with respect only to those services which cannot be provided by Prizeout without the use of the objected-to new subprocessor by providing written notice to the other Party.
    5. 3.5 Security. Prizeout will provide reasonable assistance to Partner regarding Partner’s compliance with its security obligations under Applicable Law relevant to Prizeout’s role in Processing the End User Data, taking into account the nature of Processing and the information available to Prizeout, by implementing technical and organizational measures set forth in Annex II of Exhibit B, without prejudice to Prizeout’s right to make future replacements or updates to the measures that do not lower the level of protection of End User Data. Prizeout will ensure that the persons Prizeout authorizes to Process the End User Data are subject to written confidentiality agreements or are under an appropriate statutory obligation of confidentiality no less protective than the confidentiality obligations set forth in the Agreement.
    6. 3.6 Personal Data Breach Notification & Response. Prizeout will comply with the Personal Data Breach-related obligations directly applicable to it under Applicable Law. Taking into account the nature of Processing and the information available to Prizeout, Prizeout will assist Partner by informing it of a confirmed Personal Data Breach without undue delay or within the time period required under Applicable Law, and in any event no later than seventy-two (72) hours following such confirmation. Prizeout will notify Partner at the email address provided in the signature block of this Addendum for purposes of Personal Data Breach notifications. Any such notification is not an acknowledgement of fault or responsibility. To the extent available, this notification will include Prizeout’s then-current assessment of the following, which may be based on incomplete information:
      1. (a) the nature of the Personal Data Breach, including, where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of Personal Data records concerned;
      2. (b) the likely consequences of the Personal Data Breach; and
      3. (c) measures taken or proposed to be taken by Prizeout to address the Personal Data Breach, including, where applicable, measures to mitigate its possible adverse effects.

      Prizeout will provide timely and periodic updates to Partner as additional information regarding the Personal Data Breach becomes available. Partner is solely responsible for complying with legal requirements for incident notification applicable to Partner and fulfilling any third-party notification obligations related to any Personal Data Breach.

    7. 3.7 Data Subject Requests. To the extent legally permitted, Prizeout shall promptly notify Partner if Prizeout receives any requests from an individual seeking to exercise any rights afforded to them under Applicable Law regarding their End User Data (a “Data Subject Request“). To the extent Partner, in its use of the Service, does not have the ability to address a Data Subject Request, Prizeout shall, upon Partner’s request, provide commercially reasonable efforts to assist Partner in responding to such Data Subject Request, to the extent Prizeout is legally permitted to do so and the response to such Data Subject Request is required under Applicable Law.
    8. 3.8 DPIAs and Consultation with Supervisory Authorities. Upon Partner’s written request, Prizeout shall provide Partner with reasonable cooperation and assistance as needed and appropriate to fulfill Partner’s obligations under Applicable Law to carry out a data protection impact assessment related to Partner’s use of the Service. Prizeout shall provide reasonable assistance to Partner in the cooperation or prior consultation with the Supervisory Authority (as defined under the GDPR) in the performance of its tasks relating the data protection impact assessment, and to the extent required under the Applicable Law.
    9. 3.9 Audits. Prizeout shall allow for and contribute to audits, including inspections, conducted by Partner or another auditor mandated by Partner subject to the following conditions: so long as the Agreement remains in effect and at Partner’s sole expense, Partner may request that Prizeout provide it with documentation, data, and records (“Records“) no more than once annually relating to Prizeout’s compliance with this Addendum (an “Audit“), except, in the event of a Personal Data Breach occurring on Prizeout’s systems, Partner will also have the right to conduct an Audit within a reasonable period of time following such Personal Data Breach. To the extent Partner uses a third-party representative to conduct the Audit, Partner shall ensure that such third-party representative is bound by obligations of confidentiality no less protective than those contained in this Agreement. Partner shall provide Prizeout with fourteen (14) days prior written notice of its intention to conduct an Audit. Partner shall conduct its Audit in a manner that will result in minimal disruption to Prizeout’s business operations and shall not be entitled to receive data or information of other customers or partners of Prizeout or any other Confidential Information of Prizeout that is not directly relevant for the authorized purposes of the Audit. Partner shall reimburse Prizeout for any time expended for an Audit at the Prizeout’s then-current rates, which shall be made available to Partner upon request.
    10. 3.10 Legal Process. If Prizeout is legally compelled by a court or other government authority to disclose End User Data, then to the extent permitted by law, Prizeout will promptly provide Partner with sufficient notice of all available details of the legal requirement and reasonably cooperate with Partner’s efforts to challenge the disclosure, seek an appropriate protective order, or pursue such other legal action, as Prizeout deems appropriate.
    11. 3.11 Return or Destruction of Personal Data. To the extent Partner, in its use of the Service, does not have the ability to access a copy of all End User Data, upon Partner’s request, Prizeout will promptly return to Partner a copy of any End User Data that Partner cannot access on its own within thirty (30) days and, if Partner also requests deletion of the End User Data, will carry that out as set forth below. Upon termination of the Agreement and written request from Partner, Prizeout shall delete or anonymize End User Data, unless prohibited by Applicable Law. Nothing will oblige Prizeout to delete or anonymize End User Data from files created for security, backup and business continuity purposes sooner than required by Prizeout’s data retention processes. If Partner requires earlier deletion of such End User Data, and such deletion is commercially feasible, Partner must first pay Prizeout’s reasonable charges for such deletion, which may include costs for business interruptions associated with such a request. If Partner has not requested return or deletion of End User Data within ninety (90) days from termination of the Agreement, Prizeout shall have the right, but not the obligation, to delete or anonymize the End User Data.
    12. 3.12 Certification. Prizeout understands the restrictions and obligations set forth in this Addendum and certifies that it will comply with them.

  4. End User Account Data

    1. 4.1 Each Party shall act as a Controller with respect to End User Account Data processed in connection with the Agreement and shall independently determine the purposes and means of such processing.
    2. 4.2 Compliance with Applicable Law. Each Party is solely responsible for compliance with Applicable Law with respect to its own processing of End User Account Data in connection with the Agreement, including any legal requirement:
      1. (a) To provide notice or transparency to data subjects regarding its own Processing of End User Account Data;
      2. (b) to obtain an individual’s consent with respect to its own Processing of End User Account Data; and
      3. (c)applicable to its own transfer of End User Account Data to the other Party.
    3. 4.3 Data Subject Requests. If a Party receives any request by a data subject to exercise rights under Applicable Law with respect to End User Account Data (such as an applicable right to access such End User Account Data), or a request purporting to exercise such rights, (collectively, a “Request“), or a complaint related to the Processing of such data, the Parties will reasonably cooperate to address the situation promptly and in compliance with Applicable Law. Without limiting the foregoing:
      1. 4.3.1 Where one Party receives a Request that concerns Processing in respect of which the other Party is the Controller, that Party shall promptly:
        1. (a) forward the request to the other Party, and, if requested by the other Party, promptly inform the data subject that it has done so and that the other Party will manage the response;
        2. (b) permit the other Party to manage the response to the Request, including further communication with the data subject; and
        3. (c) to the extent the End User Account Data is in the first Party’s custody, control or possession, promptly implement the other Party’s decisions with respect to how the Request will be honored or denied.
    4. 4.4 Security. Each Party shall implement and maintain appropriate technical, physical, administrative and organizational measures against theft, unauthorized or unlawful acquisition, access, or Processing of or accidental loss, destruction, alteration, or damage to End User Account Data, as well as any other minimum security requirements set forth in Applicable Law. Each Party shall ensure such measures are appropriate to the type of data and the harm that might result from unauthorized or unlawful acquisition, access or Processing or accidental loss, destruction, alteration or damage to the End User Account Data.
    5. 4.5 Breach of End User Account Data.
      1. 4.5.1 If a Party experiences or reasonably suspects a Personal Data Breach of End User Account Data (“Breached Party“), it shall notify the other Party as soon as practicable, and in any event not later than seventy-two (72) hours after discovery.
      2. 4.5.2 The Breached Party will provide reasonable assistance and cooperation to the other Party to take measures that in the other Party’s reasonable determination (a) reduce the risk to individuals whose Personal Data was involved; (b) otherwise help the other Party qualify for an exemption from a legal requirement to notify an individual or a supervisory authority of the Data Breach; or (c) are necessary for the other Party to comply with Applicable Law with respect to the Personal Data Breach.
      3. 4.5.3 Each Party shall cooperate with the other, to the extent reasonably requested, in relation to any notification to supervisory authorities or to data subjects that either Party is required to make under Applicable Law.

  5. Data Transfers

    1. 5.1 In the course of the provision of services under the Agreement by Prizeout, it may be necessary to transfer End User Data (including End User Account Data) to Prizeout located in a country that does not currently offer an adequate level of data protection within the meaning of the Applicable Law (e.g., the United States).
    2. 5.2 With respect to End User Data (including End User Account Data) transferred from the European Economic Area, the New EU SCCs shall apply and form part of this Addendum. For purposes of the New EU SCCs, they shall be deemed completed as follows:
      1. 5.2.1 Module 1 of the New EU SCCs shall apply to transfers of End User Account Data.
      2. 5.2.2 Module 2 of the New EU SCCs shall apply to transfers of End User Data.
      3. 5.2.3 Clause 7 (the optional docking clause) is not included.
      4. 5.2.4 Where Module 2 applies: under Clause 9 (Use of sub-processors), the parties select Option 2 (General written authorization). The initial list of sub-processors is set forth in Exhibit A, and Prizeout shall update that list at least 10 business days in advance of any intended additions or replacements of sub-processors.
      5. 5.2.5 Under Clause 11 (Redress), the optional requirement that data subjects be permitted to lodge a complaint with an independent dispute resolution body does not apply.
      6. 5.2.6 Under Clause 17 (Governing law), the parties choose Option 1 (the law of an EU Member State that allows for third-party beneficiary rights). The parties select the law of Ireland.
      7. 5.2.7 Under Clause 18 (Choice of forum and jurisdiction), the parties select the courts of Ireland.
      8. 5.2.8 Annexes I and II of the New EU SCCs are set forth in Exhibit B below.
      9. 5.2.9 Annex III of the New EU SCCs (List of subprocessors) is inapplicable.
    3. 5.3 With respect to End User Data (including End User Account Data) transferred from Switzerland for which Swiss law (and not the law in any European Economic Area jurisdiction) governs the international nature of the transfer, the New EU SCCs shall apply and shall be deemed to have the following differences to the extent required by the Swiss Federal Act on Data Protection (“FADP“):
      1. 5.3.1 References to the GDPR in the New EU SCCs are to be understood as references to the FADP insofar as the data transfers are subject exclusively to the FADP and not to the GDPR.
      2. 5.3.2 The term “member state” in the New EU SCCs shall not be interpreted in such a way as to exclude data subjects in Switzerland from the possibility of suing for their rights in their place of habitual residence (Switzerland) in accordance with Clause 18(c) of the New EU SCCs.
      3. 5.3.3 References to personal data in the New EU SCCs also refer to data about identifiable legal entities until the entry into force of revisions to the FADP that eliminate this broader scope.
      4. 5.3.4 Under Annex I(C) of the New EU SCCs (Competent supervisory authority): where the transfer is subject exclusively to the FADP and not the GDPR, the supervisory authority is the Swiss Federal Data Protection and Information Commissioner, and where the transfer is subject to both the FADP and the GDPR, the supervisory authority is the Swiss Federal Data Protection and Information Commissioner insofar as the transfer is governed by the FADP, and the supervisory authority is as set forth in the New EU SCCs insofar as the transfer is governed by the GDPR.
    4. 5.4 Where End User Data is transferred from the United Kingdom for which United Kingdom law (and not the law in any European Economic Area jurisdiction) governs the international nature of the transfer, and such law permits use of the Old EU SCCs but not use of the New EU SCCs, the Old EU SCCs shall apply until such time that the United Kingdom adopts new standard contractual clauses, in which case the new standard contractual clauses will control. For purposes of the Old EU SCCs, they shall be deemed completed as follows:
      1. 5.4.1 The “exporter” is the Partner and the exporter’s contact information is set forth below.
      2. 5.4.2 The “importer” is Prizeout, and Prizeout’s contact information is set forth below.
      3. 5.4.3 Clause 9 of the Old EU SCCs specifies that the law of the United Kingdom with govern the Old EU SCCs.
      4. 5.4.4 The content of Appendix 1 and 2 of the Old EU SCCs is set forth in Exhibit B.
        To provide additional safeguards, the obligations in Module 2 of Section III of the New EU SCCs (Local Laws and Obligations in Case of Access by Public Authorities) shall form part of this Addendum with respect to End User Data subject to the UK Data Protection Act 2018, regardless of whether the rest of the New EU SCCs apply to any End User Data.
    5. 5.5 Where End User Account Data is transferred from the United Kingdom for which United Kingdom law (and not the law in any European Economic Area jurisdiction) governs the international nature of the transfer, and such law permits use of the Old EU Controller-to-Controller SCCs but not use of the New EU SCCs, the Old EU Controller-to-Controller SCCs shall apply until such time that the United Kingdom adopts new standard contractual clauses, in which case the new standard contractual clauses will control. For purposes of the Old EU Controller-to-Controller SCCs, they shall be deemed completed as follows:
      1. 5.5.1 The “exporter” is the Partner and the exporter’s contact information is set forth below.
      2. 5.5.2 The “importer” is Prizeout, and Prizeout’s contact information is set forth below.
      3. 5.5.3 Under Section I(h), the data importer selects Option (iii).
      4. 5.5.4 Section IV of the Old EU Controller-to-Controller SCCs specifies that United Kingdom law will govern the Old EU Controller-to-Controller SCCs.
      5. 5.5.5 The content of Annex B of the Old EU Controller-to-Controller SCCs is set forth in Exhibit B.
        To provide additional safeguards, the obligations in Module 1 of Section III of the New EU SCCs (Local Laws and Obligations in Case of Access by Public Authorities) shall form part of this Addendum with respect to End User Account Data subject to the UK Data Protection Act 2018, regardless of whether the rest of the New EU SCCs apply to any End User Account Data.

EXHIBIT A

Prizeout Subprocessors

Subprocessor Purpose
Google Cloud Cloud hosted infrastructure
Cloudflare Network Hosting
Sendgrid & Twilio Send consumer emails (Gift Cards)
Zendesk Respond to consumer inquiries
OneTrust GDPR / CCPA requests
Datadog Track and manage logs

EXHIBIT B

Annexes I and II of the New EU SCCs

ANNEX I

A.     LIST OF PARTIES

MODULE ONE: Transfer controller to controller

MODULE TWO: Transfer controller to processor

Data exporter(s):

Name: The exporter is the Partner specified in the Agreement.

The exporter’s contact information for Prizeout to use is as set forth in Partner’s Account.

Activities relevant to the data transferred under these Clauses: Obtaining the Services from Data Importer

Role (controller/processor): Controller

Data importer(s):

Name: Prizeout Corp.

Address: 33 West 17th Street, 8th Floor, New York, NY 10011


Contact details:
infosec@prizeout.com
Attn: Information Security

Activities relevant to the data transferred under these Clauses: Providing the Services to Data Exporter.

Role (controller/processor): Processor or Controller, as applicable

B.     DESCRIPTION OF TRANSFER

MODULE ONE: Transfer controller to controller

MODULE TWO: Transfer controller to processor

Categories of data subjects whose personal data is transferred

Data exporter’s users.

Categories of personal data transferred

Email address, year of birth, first and last name, redeemable account balance, current location (region and country); zip code; gender.

Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.

None anticipated.

The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).

Continuously, for the length of the Agreement between the parties.

Nature of the processing

Personal data transferred will be processed to (i) provide services to the data exporter and fulfil the data importer’s obligations under the Agreement; (ii) provide customer support to the data exporter; and (iii) compliance with applicable law.

Purpose(s) of the data transfer and further processing

To (i) provide services to the data exporter and fulfil the data importer’s under the Agreement; (ii) provide customer support to the data exporter; and (iii) compliance with applicable law.

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period

Personal data shall be retained for the length of time necessary to provide services under the Agreement, or as otherwise required by applicable law.

For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing

Prizeout’s subprocessors will process personal data to assist Prizeout in providing the services pursuant to the Agreement, for as long as needed for Prizeout to provide the services.

C.     COMPETENT SUPERVISORY AUTHORITY

The parties shall follow the rules for identifying such authority under Clause 13 and, to the extent legally permissible, select the Irish Data Protection Commission.

ANNEX II

TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA

Prizeout will maintain reasonable administrative, technical and physical controls designed to ensure the privacy, security, and confidentiality of the Protected Information (“Safeguards”), including:

These controls, which the organization will maintain during the term of the Agreement, include the following:

Access controls:

  • Access management: Each Prizeout user is granted a unique user ID.
  • Network Security: Access to the Prizeout network requires valid authentication. Prizeout implements multi factor authentication for access to its internal systems containing partner data. All access to these internal systems is logged accordingly and monitored for anomalies.
  • Least privilege: Prizeout assigns access privileges consistent with the principles of least privilege.
  • Physical Access: Access to Prizeout facilities is granted only to those individuals who need such access.

Asset management:

  • Classification: Prizeout classifies data according to its sensitivity.
  • Encryption: Prizeout implements controls to encrypt partner data both in transit and at rest. The controls are based on the data classification level derived from the inherent sensitivity of the data being processed.
  • Asset control: Prizeout maintains an inventory of all company-issued devices and restricts access to media storing personal data.

Vendor Management:

  • Classification and Security: Vendors are classified based on the sensitivity of data which they process, and are contractually obligated to adhere to security requirements commensurate with the security of the data they process.
  • Monitoring: Vendor risk assessments are conducted and reviewed at regular intervals by the Prizeout team.

Information Transfer:

  • Guidelines: Prizeout has processes and controls in place to ensure that data is protected in accordance with our data classification, both during transmission and in storage.
  • Restrictions: Access control lists and permissions dictate restrictions around different data classifications.

© 2023-2024, Prizeout Corp. All rights reserved.