Updated: June 3, 2022

Constellation HomeBuilder Systems has always been and will continue to be, committed to maintaining the accuracy, confidentiality, and security of your personal and corporate information. As part of this commitment, we have established Privacy Principles to govern our use of customer information. Constellation HomeBuilder Systems does not sell, share or distribute Customer Information to any third party organization.

---

CCPA Required Contract Clauses Addendum

This CCPA Required Contract Clauses Addendum (the “Addendum”) supplements the General Terms and Conditions (the “Agreement”) currently in effect between either (i) Constellation Homebuilder Systems, Inc. if Customer is located in the United States of America, or (ii) Constellation Homebuilder Systems, a division of Perseus Group Software Corp. if the Customer is located in Canada (“Supplier”) and the entity identified as
“Customer” in a written or electronic agreement for the provision of any Supplier products or services to Customer (“Customer”). Unless otherwise specified, capitalized terms in this Addendum have the same meaning as defined in the Agreement, and those definitions are incorporated by reference. In the event of conflict between the Agreement and this Addendum, the terms of this Addendum shall take precedence only with regard to
Customer Data that is governed by the CCPA.

1. Definitions. The following definitions and rules of interpretation apply in this Addendum:

(a) CCPA means the California Consumer Privacy Act of 2018, as amended (Cal. Civ. Code §§ 1798.100 to 1798.199), the CCPA Regulations (Cal. Code Regs. tit. 11, §§ 999.300 to 999.337), and any related regulations or guidance provided by the California Attorney General. Terms defined in the CCPA, including personal information and business purposes, carry the same meaning in this Addendum.

(b) Contracted Business Purposes means the services performed on behalf of the Customer, as more fully described in the Agreement, for which the Supplier receives or accesses personal information.

2. Supplier’s CCPA Obligations

(a) Supplier’s obligations under this Addendum shall only apply to the extent that Supplier is subject to the CCPA based on the relationship it has with Customer in providing products and services to Customer.

(b) Supplier will only collect, use, retain, or disclose personal information for the Contracted Business Purposes for which Customer provides or permits personal information access.

(c) Supplier will not collect, use, retain, disclose, sell, or otherwise make personal information available for Supplier’s own commercial purposes or in a way that does not comply with the CCPA. If a law requires the Supplier to disclose personal information for a purpose unrelated to the Contracted Business Purpose, the Supplier must first inform the Customer of the legal requirement and give the Customer an opportunity to object or challenge the requirement, unless the law prohibits such notice.

(d) Supplier will limit personal information collection, use, retention, and disclosure to activities reasonably necessary and proportionate to achieve the Contracted Business Purposes or another compatible operational purpose.

(e) Supplier must promptly comply with any Customer request or instruction requiring the Supplier to provide, amend, transfer, or delete the personal information, or to stop, mitigate, or remedy any unauthorized processing.

(f) If the Contracted Business Purposes require the collection of personal information from individuals on the Customer’sbehalf, Supplier will always provide a CCPA-compliant notice at collection that the Customer specifically pre-approves in writing. Supplier will not modify or alter the notice in any way without the Customer’s prior written consent.

(g) To the extent permitted by the CCPA, Supplier may aggregate, deidentify, or anonymize personal information so it no longer meets the personal information definition, and may use such aggregated, deidentified, or anonymized data as it sees fit. Supplier will not attempt to or actually re-identify any previously aggregated, deidentified, or anonymized data and will contractually prohibit downstream data recipients from attempting to or actually re-identifying such data.

3. Assistance with Customer’s CCPA Obligations

(a) Supplier will reasonably cooperate and assist Customer with meeting the Customer’s CCPA compliance obligations and responding to CCPA-related inquiries, including responding to verifiable consumer requests, taking into account the nature of the Supplier’s processing and the information available to the Supplier.

(b) Supplier must notify Customer immediately if it receives any complaint, notice, or communication that directly or indirectly relates either party’s compliance with the CCPA. Specifically, the Supplier must notify the Customer within seven (7) business days if it receives a verifiable consumer request under the CCPA.

4. Subcontracting

(a) Supplier may use subcontractors to provide the Contracted Business Services. Any subcontractor used must qualify as a service provider under the CCPA and Supplier cannot make any disclosures to the subcontractor that the CCPA would treat as a sale.

5. CCPA Warranties and Certification

(a) Both parties will comply with all applicable requirements of the CCPA when collecting, using, retaining, or disclosing personal information.

(b) Supplier certifies that it understands this Addendum’s and the CCPA’s restrictions and prohibitions on selling personal information and retaining, using, or disclosing personal information outside of the parties’ direct business relationship, and it will comply with them.

(c) Supplier warrants that it has no reason to believe any CCPA requirements or restrictions prevent it from providing any of the Contracted Business Purposes or otherwise performing under this Addendum. Supplier must promptly notify the Customer of any changes to the CCPA’s requirements that may adversely affect its performance under the Addendum.