Vai al contenuto principale

Sticker Mule Data privacy Agreement

Last updated: March 18, 2026

This Sticker Mule Data Privacy Agreement (this “SM DPA”) applies to the Personal Data subject to Privacy Requirements (as defined below) that may be processed by Sticker Mule on behalf of Customer pursuant to all agreements entered into from time to time between Sticker Mule and Customer (collectively, the “Agreement”), including agreements referenced here: Legal | Sticker Mule. “Customer” means the individual or entity that has entered into the Agreement for Services (as such term is defined in the Agreement) with Sticker Mule.

WHEREAS Sticker Mule processes certain information for the purposes in the Agreement; and

WHEREAS, the purpose of this SM DPA is to clarify the parties’ respective obligations regarding the protection of certain information and/or systems in connection with Sticker Mule’s provision of services pursuant to the Agreement (the “Services”);

NOW, THEREFORE, in consideration of the mutual promises, covenants and agreements contained herein, Sticker Mule and Customer hereby agree as follows, with the intent to be legally bound:

I. Definitions

  1. For purposes of this SM DPA:
    1. “Personal Information” shall mean any information that is reasonably identifiable to an individual or household and is subject to Privacy Laws.
    2. “Privacy Laws” shall mean applicable local, state, federal and foreign laws, orders, rules and regulations that relate to privacy, data protection, data transfer, data destruction or breach notification issues, or that otherwise relate to the Processing of Personal Information including without limitation the California Consumer Privacy Act (Cal. Civ. Code § 1798.100 et seq. and together with the regulations promulgated thereunder, the “CCPA”),.
    3. “Process” or “processing” means any operation or set of operations performed upon information, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
    4. “Security Incident” means the actual or reasonably suspected compromise of confidentiality, privacy, security, integrity or availability of Personal Information.

II. No Exchange of Consideration

To fulfill the business purpose(s) of Customer and provide the Services, Sticker Mule processes certain Personal Information. The Parties agree that the processing of Personal Information is solely for Sticker Mule to provide the Services, and that Sticker Mule has not provided to or received from Customer any monetary or other valuable consideration in exchange for Sticker Mule’s access to Personal Information.

III. Restrictions on Processing

  1. Sticker Mule will not process Personal Information other than as is:
    1. necessary to perform its obligations under the Agreement; and
    2. required or permitted by Privacy Requirements and the terms hereof.

  2. In addition to any restrictions in the Agreement on Sticker Mule’s use of subcontractors and other third parties, Sticker Mule shall not disclose or provide access to Personal Information without a written agreement with each such third party that (i) imposes obligations on the third party that are at least equivalent to, and as protective as, those imposed on Sticker Mule under this SM DPA; (ii) requires such third party to process Personal Information solely as necessary to provide Services; and (iii) prohibits such third party from “selling” or “sharing” Personal Information as those terms are defined by the CCPA or substantially similar terms in other Privacy Laws.
  3. Sticker Mule shall remain accountable and responsible for all actions by such subcontractors and other third parties with respect to the processing of Personal Information.
  4. Sticker Mule may aggregate and anonymize Personal Information it processes on behalf of Customer and process Personal Information and such aggregated or anonymized data to support, provide, and improve Sticker Mule services to the extent permitted by Privacy Laws.

IV. Cybersecurity Program

  1. Sticker Mule represents and warrants that it shall have and maintain a comprehensive cybersecurity program designed to assess risk and provide for administrative, technical and physical safeguards that consistent with generally accepted industry standards and in compliance with Privacy Laws, and to protect against unauthorized access or disclosure, and unauthorized, unlawful or accidental loss, destruction, acquisition, or damage, and against all other unauthorized forms of processing Personal Information.
  2. Sticker Mule will, without unreasonable delay and within any timelines required by Privacy Laws, notify Customer of any Security Incident. Sticker Mule will reasonably cooperate with Customer in investigating and remediating the Security Incident.
  3. Customer shall have the right to perform reasonable inquiries into Sticker Mule’s compliance with Privacy Laws, cybersecurity practices, policies, procedures, and technology as they relate to the Agreement or this SM DPA, in no event more than once annually, at the sole expense of Customer, and only to the extent required by Privacy Laws.

V. Privacy Requirements

  1. Sticker Mule will promptly, and within any appropriate timeframes and other requirements of Privacy Laws, comply with any and all reasonable requests from Customer for reasonable assistance with performing any processing, risk assessment, or response to any privacy rights request under Privacy Law. Sticker Mule agrees to remediate any unauthorized processing of Personal Information upon Customer’s reasonable request. Sticker Mule agrees that the Customer has the right to take reasonable steps to stop and remediate Sticker Mule’s unauthorized processing of Personal Information.
  2. If Sticker Mule receives a request directly from an individual to exercise the individual’s rights under Privacy Law, Sticker Mule shall promptly notify Customer of such request, and comply with Customer’s reasonable instructions related to the response to such request.
  3. Sticker Mule agrees that it will not “sell” or “share” Personal Information Processed pursuant to the Agreement, as those terms are defined by the CCPA, or substantially similar terms in other Privacy Laws.
  4. Sticker Mule agrees that it will notify Customer immediately, if it makes the determination that it can no longer meet its obligations under Privacy Laws.
  5. Each party agrees that it has read, understands, and is compliant with the requirements of the CCPA, including the requirement to implement reasonable security measures to protect Personal Information.

VI. Compliance with Laws and Contracts

Each party represents and warrants that it will, at its sole expense, comply with (i) all Privacy Laws, and with (ii) all applicable provisions of contracts to which such party is a party related to the privacy, confidentiality, security, integrity and availability of Personal Information.

VII. Conflicts

To the extent any of the terms of this SM DPA conflict with those in the Agreement, the terms of this SM DPA govern, as of the effective date of this SM DPA.