Resilinc Customer Data Policy

Customer hereby grants Resilinc a worldwide, non-exclusive, non-transferable right to use and process Customer Data under the Terms to provide the Enterprise Services, including using and processing Customer Data to:

• Deliver the Enterprise Services’ features and functionality as described in Resilinc’s documentation, and as licensed, configured, and used by the Customer and its Authorized Users;
• Provide support to Customer, address technical issues with the Enterprise Services, and honor Customer’s written instructions and meet its legal obligations; ‎and
• Secure, monitor, improve and extend current or future Enterprise Services, including by developing new Enterprise Services or features or functionalities, and by enhancing (1) Customer’s and Authorized Users’ productivity, and (2) the Services’ capabilities, reliability, performance, quality, and value.

As part of providing the Enterprise Services, Customer expressly authorizes Resilinc to create supply chain insights and anonymized or de-identified data from Customer Data, which shall not constitute Customer Data provided they do not:

• Identify, and cannot be linked to, Customer or any of its Authorized Users in any way, or
• Contain, embody or reflect any Customer Confidential Information.

Resilinc does not and will not use, process, incorporate or include any Customer Data in the development, training or tuning of any generative artificial intelligence system or large language model (“Generative AI System”) and will ensure that Customer Data is segregated from any datasets used for Generative AI System development or training.

“Personal Data” is a subset of Customer Data and means any information relating to an identified or identifiable natural person, where such person is one who can be ‎identified, directly or indirectly, by reference to any identifier, such as a name, an identification number, location data, or an online identifier or otherwise.

To the extent Customer Data contains personal data, Resilinc shall process such Personal Data in accordance with the Resilinc Data Processing Addendum (DPA), which is intended to meet all requirements of applicable global data protection laws.

As to Customer Data that is also Personal Data, in case of any conflict between this policy, the Terms and the Resilinc Data Processing Addendum, the Resilinc Data Processing Addendum will control.

Resilinc does not and will not (1) sell or share Personal Data, (2) process Personal Data for purposes other than providing the Enterprise Services that Customer has contracted with Resilinc to provide, or (3) use Personal Data outside Resilinc’s direct relationship with Customer.