CompStak Terms of Use

Effective Date: January 21, 2020

1. Introduction

Please carefully review these Terms of Use (“TOU” or “Agreement”), for CompStak, Inc. (“CompStak”, “We”, or “Us”) as they contain important information regarding your legal rights, remedies, and obligations. These TOU apply if you visit, view, use, or access (collectively, “access”) CompStak’s websites made available on CompStak.com (the “Website”), and/or (hereinafter, “or”) if you request, view, use or access any CompStak Data (as defined herein) via any phone application including any texting service, or, you access data, information, products, services, or applications (collectively, with the Website, the “Services”) made available by or from CompStak.

2. Legally Binding Agreement

By accessing the Services, you represent and warrant that you have read and understood, and agree to be bound by these TOU and that you acknowledge the adequacy of consideration for this Agreement. Please review this document carefully as it is a legally binding document between you and CompStak. If you do not agree to these TOU, you are prohibited from accessing, and must immediately discontinue your access of the Services. Please exit and discontinue all access immediately.

THE SECTIONS BELOW TITLED “BINDING ARBITRATION” AND “CLASS ACTION WAIVER” CONTAIN A BINDING ARBITRATION AGREEMENT AND CLASS ACTION WAIVER. THEY AFFECT YOUR LEGAL RIGHTS. PLEASE READ THEM.

3. Eligibility

The Services are not targeted to, and should not be used by, persons under the age of 18. BY ACCESSING THE SERVICES, YOU REPRESENT AND WARRANT THAT YOU ARE AT LEAST 18 YEARS OLD, ARE LEGALLY QUALIFIED TO ENTER INTO AND FORM CONTRACTS UNDER APPLICABLE LAW, and are not barred from accessing the Services under the laws of any applicable jurisdiction.

If you are using the Services on behalf of a company, entity, or organization (each a “Subscribing Entity”), then you represent and warrant that you: (i) are an authorized representative of that Subscribing Entity with the authority to bind such entity to the TOU and (ii) agree to be bound by the TOU individually and on behalf of such Subscribing Entity. You further represent and warrant that the Subscribing Entity is not a CompStak Competitor, nor are you or your Subscribing Entity using the Services for or on behalf of a CompStak Competitor, as defined in Section 8(B)(ix).

4. Privacy Policy; Changes to Agreement

1. Privacy Policy: By accessing the Services, you consent to the collection and use of certain information about you, as specified in the Services’ Privacy Policy (the “Privacy Policy”), incorporated hereto and available here CompStak encourages users of the Services to frequently check the Privacy Policy for changes. By accessing the Services, you represent and warrant that you have read and understood, and agree to be bound by, the Privacy Policy. IF YOU DO NOT UNDERSTAND OR DO NOT AGREE TO BE BOUND BY THE PRIVACY POLICY, YOU MUST IMMEDIATELY EXIT AND DISCONTINUE ALL ACCESS TO THE SERVICES.
2. Changes: COMPSTAK RESERVES THE RIGHT TO CHANGE THIS AGREEMENT AND/OR THE PRIVACY POLICY AT ANY TIME. Notice of any such change will be given by the posting of a new version or a change notice on the Services; provided, however, that CompStak will use commercially reasonable efforts to notify you of any material changes to these TOU at least 30 days in advance of the effective date of such material change. Changed TOU will be indicated by the “effective date” at the top of this Agreement. If you do not agree to such changes, please exit and discontinue all access to the Services immediately. It is your responsibility to review this Agreement and the Privacy Policy periodically. If at any time you find any TOU or the Privacy Policy unacceptable, you must immediately leave, and refrain from using, the Services.

5. Member Registration, User Name, and Points

1. Member Registration: By accessing the Services, you are not automatically a CompStak Member; you are a “Visitor.” In order to become a CompStak member (“Member”), you are required to complete a registration process. You certify, represent and warrant that the information you provide therein is true, accurate, complete, current, and that it belongs to you. You shall keep your information complete and up-to-date at all times. Failure to maintain your registration information may cause your access to the Services to be interrupted, suspended, or terminated. You are responsible for monitoring your account, changing your password periodically and notifying CompStak immediately of any unauthorized use or breach of security of your password.
2. Members and Contacts: Your Member registration information and information you provide regarding commercial properties is automatically entered into CompStak’s proprietary database (the “Database”), which contains, among other things, building information, completed lease deal information (including, but not limited to rental rates, leased squared footage, tenant name and real estate broker and salesperson name), sale transaction information (including, but not limited to price, buyer, seller, cap rate and NOI) and related property, tenant and market information. Please note: as a Member, you may contribute to and access the Database; however, CompStak retains all proprietary and intellectual property rights to the Database, and you do not retain any ownership rights in the Database as a result of any information you provide. Likewise, information contributed to the Database may be shared with other Members and with third parties, in CompStak’s discretion. When you provide your registration information and other information regarding commercial properties, you intend to interact with other Members and third parties through the CompStak Services and to have CompStak share and resell the information you contribute. To learn more about our Database, please see Section 10.
3. User Name: In order to access certain Services as a Member, you must log on with a unique user name or email address.
4. Points: The Services allow you to earn points or credits (“Points”) by performing certain actions. Points are not real money, do not have monetary value, and may never be redeemed for “real world” money, or other items of monetary value from outside of the Services without our written permission. While we may use terms like “buy”, “earn”, “spend” or “sell” in reference to Points, we do so only for convenience and such terms in no way indicate that Points have monetary value or are real money. You acknowledge that Points are not real currency and are not redeemable for any sum of money from us at any time. We make no guarantee as to the nature, quality or value of the features of the Services.
   1. License Points obtained via the Services are provided to you under a limited, personal, revocable, non-transferable (except as specifically provided below), non-sublicensable license to use within the Services. Points may not be transferred (except as specifically provided below) or resold in any manner, including, without limitation, by means of any direct sale or auction service. You have no property interest, right or title in or to any such Points appearing or originating in the Services, or any other attributes associated with use of the Services.
   2. Limitation of Liability: We have no liability for hacking or loss of your Points; provided that we will use commercially reasonable efforts to restore Points in the event of any hacking or loss. We have no obligation to, and will not, reimburse you for any Points or any goods or services obtained via Points that are forfeited due to your violation of the TOU. We reserve the right, without prior notification, to limit the quantity of Points and/or to refuse to provide you with any Points. Price, exchangeability, and availability of Points are determined by us in our sole discretion and are subject to change without notice. You agree that we have the absolute right to manage, distribute, regulate, control, modify, cancel, restrict, terminate and/or eliminate Points as we see fit in our sole discretion, and that we will have no liability for exercising such right. You agree that under no circumstances are we liable to you for any damages or claims that may arise from the loss or use of your Points regardless of the circumstances. You absolve us of any responsibility to maintain or update your Points balance. However, if there is a loss of Points in your account due to technical or operational problems with the Services, we may replenish the lost Points once the loss has been verified. Without limiting any of the foregoing, our maximum liability or responsibility to you is to replenish the Points lost.
   3. Redemption: You may redeem Points for CompStak Data or as otherwise set forth on the Services. We will, in our sole discretion, determine and communicate the availability and exchange rate for any Points, which may be modified at any time. All redemptions are subject to the TOU and all limitations and requirements stated via the Services. All redemptions of Points are final. Once your Points have been redeemed, they will be subtracted from your Point balance and will not be refunded or returned, except in our sole discretion. CompStak may also issue Points at no charge to users, at its discretion.
   4. Loss of Points: CompStak may subtract Points from your account if it determines, in its sole discretion, that you did not properly “earn” the Points, including if CompStak Data you previously submitted is outdated or has been superseded by other CompStak Data submission.
   5. Allocation between Members: Points may be transferred among Members who are using the Services under the same Plan (as defined below).

6. Subscription Accounts

CompStak offers additional, paid, services (each, a “Plan”). Subscription fees and terms vary and additional conditions, restrictions and limitations may apply to each Plan and will be as set forth in a separate agreement between you and CompStak (a “Master Subscription Agreement”). Payment terms will be as set forth in the Master Subscription Agreement.

7. Your License to Use

Subject to your compliance with the terms and conditions of this Agreement, and any other agreement between you and CompStak, CompStak grants you a non-exclusive, non-sublicensable, non-assignable, revocable, non-transferable license to access the Services. Except as expressly set forth herein, this Agreement grants you no rights in or to the intellectual property of CompStak or any other party. In the event that you breach any provision of this Agreement, your rights under this paragraph will immediately terminate. By accepting this license, you agree that all information contained in the Database, and the compilation of such information, is the proprietary, confidential information of CompStak, that you will safeguard and protect such information, and that you will use the information in accordance with the Code (as defined below). Your obligations set forth above shall survive termination of this Agreement.

8. Code of Conduct

The Services allow commercial real estate professionals to share “comp” information. This sharing of information through the functionality of the Services is the only permitted use of the Services. All Members and Visitors must fully comply with the following CompStak Code of Conduct (the “Code”) at all times. You certify, represent and warrant that you will not violate this Code.

1. Restrictions on Inputting Information: You shall not enter trade secrets or illegal or improper information in or through the Services (either directly through the Services or via any transmission to CompStak, including email), including, without limitation, the following:
   1. Information that is known to be false, inaccurate, incorrect, incomplete, inexact, outdated or otherwise wrong;
   2. Information subject to confidentiality, non-disclosure, non-competition, trade secret or proprietary rights, limitations or restrictions;
   3. Information that infringes the copyrights or intellectual property rights of others;
   4. Home addresses, Social Security numbers or credit card numbers;
   5. Information that is sexually explicit, profane, pornographic, immoral, obscene, vulgar, offensive, inflammatory, violent, dangerous, harmful, threatening, abusive, harassing, hateful, discriminatory or racially, ethnically or otherwise objectionable, or which may solicit information from anyone under the age of 18;
   6. Information that is defamatory, libelous, fraudulent, knowingly incorrect, or invasive of privacy or publicity rights of others;
   7. Information that advocates or encourages conduct that could constitute a criminal offense;
   8. Information that is actionable or may subject CompStak to legal action or liability of any kind;
   9. Information obtained directly from CoStar Group, or any affiliate, subsidiary or related entity of CoStar Realty Information, Inc.
   10. Information obtained directly from Real Capital Analytics, or any affiliate, subsidiary or related entity of Real Capital Analytics, Inc.
   11. Information that violates any applicable local, state, national or international law, regulation, or convention; or
   12. Information that violates any provision of this Agreement or any other agreement or policy set forth by CompStak.
2. Use of Information Obtained via the Services: CompStak has no actual control over use of information by you or any other user outside the Services. You shall not use information accessed through the Services for any purpose or in any manner that is illegal or improper, including, without limitation, the following:
   1. For any purpose, activity or in any manner that is criminal, illegal or actionable;
   2. In violation of any local, state, national or international laws, regulations or conventions;
   3. To illegally ‘spam’ anyone or to sell, give, make available or otherwise distribute information to a spammer or for the purpose of spamming;
   4. For unethical marketing activities;
   5. To communicate with anyone using language or in any manner that is sexually explicit, profane, pornographic, immoral, obscene, vulgar, offensive, violent, dangerous, harmful, threatening, abusive, harassing, hateful, discriminatory, or racially, ethnically or otherwise objectionable;
   6. To prepare or compile information that is distributed in any manner or form to any third-party;
   7. To enhance, verify, supplement, append, confirm, or modify any compilation of information that is thereinafter distributed in any manner or form to a third-party;
   8. For sale, re-sale, sub-license, commercial use, or redistribution of any kind, without CompStak’s express, prior consent.;
   9. For, at the direction of, or on behalf of (directly or indirectly) any company whose primary business to provide an online commercial real estate analytics platform, including but not limited to, CoStar Group (a “CompStak Competitor”), or to build a competitive product.
3. Acts against the Services: You shall not attempt to or engage in potentially harmful acts that are directed against the Services including, without limitation, the following:
   1. Using the Services in contravention of any other agreement to which you are a party, including without limitation any employment agreement to which you may be a party;
   2. Causing, allowing or assisting any other person to use your account or impersonate you;
   3. Sharing your password or login with any other person;
   4. Logging onto a server or account that you are not authorized to access;
   5. Forging screen names, manipulating identifiers, or otherwise impersonating any other person or misrepresenting your identity or affiliation with any person or entity;
   6. Emulating or faking usage of the Services;
   7. Violating or attempting to violate any security features of the Services;
   8. Using manual or automated software, devices, scripts robots, other means or processes to access, “scrape,” “crawl” or “spider” any pages contained in the Services;
   9. Falsely stating or otherwise misrepresenting your affiliation with any person or entity;
   10. Introducing viruses, worms, software, Trojan horses or other similar harmful code into the Services;
   11. Interfering or attempting to interfere with the use of the Services by any other user, host or network, including, without limitation by means of submitting a virus, overloading, “flooding,” “spamming,” “mail bombing,” or “crashing” the Services;
   12. Causing, allowing or assisting machines, bots or automated services to access or use the Services without the express written permission of CompStak;
   13. Tampering with the operation, functionality or the security of the Services;
   14. Attempting to override or circumvent any security or usage rules embedded into the Services that permit digital materials to be protected;
   15. Attempting to probe, scan, or test the vulnerability of the Services, or any associated system or network, or breach any security or authentication measures;
   16. Misusing, tricking, disrupting or otherwise interfering with the functioning of the Services;
   17. Harvesting or collecting email addresses or other contact information of other users from the Services by electronic or other means;
   18. Reverse engineering, decompiling, disassembling, deciphering or otherwise attempting to derive the source code for any underlying intellectual property used to provide the Services;
   19. Engaging in “framing,” “mirroring,” or otherwise simulating the appearance or function of the Services;
   20. Uploading, posting, transmitting, sharing, storing or otherwise making available any content that CompStak in its sole discretion deems to be harmful, threatening, unlawful, defamatory, infringing, abusive, inflammatory, harassing, vulgar, obscene, fraudulent, invasive of privacy or publicity rights, hateful, or racially, ethnically or otherwise objectionable;
   21. Without CompStak’s prior, express consent, advertising or selling any products, services or otherwise (whether or not for profit), or soliciting others or using the Services for commercial purposes of any kind other than sharing comparables information with other real estate professionals.
4. Suspected Misuse and Penalties: CompStak may monitor the Services for violations of the Code, and you agree (a) not to bypass said monitoring, (b) that CompStak will not be liable for monitoring and (c) nothing CompStak says or does waives its rights to monitor the Services. CompStak shall be the sole and final arbiter of suspected Code violations. If CompStak determines that you have materially breached this agreement, it may, and without limiting any of its other remedies, immediately and without notice:
   1. Delete or modify content;
   2. Suspend your account;
   3. Terminate your account;
   4. Identify you to third parties;
   5. Take legal action.

You agree that you will be liable for breaches of the Code, and these TOU, by you and your affiliates, consultants, agents, contractors or employees and anyone else accessing the Services on your behalf (directly or indirectly), and you agree to pay CompStak liquidated damages as described below for any such breach of the Code, or these TOU. You agree that damages to CompStak from a breach of the Code or these TOU would be extremely difficult to quantify. Therefore, at CompStak’s option, in lieu of actual damages, CompStack will be entitled to $75,000 in liquidated damages as a reasonable estimate of our damages for each such breach. CompStak intends to cooperate fully with any law enforcement officials or agencies in the investigation of any violation of this Agreement or of any applicable laws.

9. Your Creative Content

Separate and apart from contributing to the Database, the Services may allow you to post content, such as messages, images, text, photos, graphics, audio, video or other material (“your Creative Content”) through message boards, forums, Member blogs or other interactive features. With respect to your Creative Content, while you retain any and all of your lawfully owned rights therein, you hereby grant CompStak a royalty-free, perpetual, irrevocable, worldwide, transferable, non-exclusive and fully-sublicensable right and license to view, store, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform and display your Creative Content (in whole or part) and/or to incorporate it in other works in any form, media, or technology now known or later developed, and to exercise the same rights with respect to such works. You also permit any Visitor of the Services to access, store, distribute, perform, reproduce and prepare derivative works of your Creative Content. No compensation will be paid to you or to any other person or entity with respect to your Creative Content. You grant CompStak the right to use your name and/or likeness and/or any name and/or likeness that you may submit in connection with your Creative Content if CompStak should choose, without compensation or need for your prior approval, or to exercise any of the rights licensed by you hereunder, in connection with a fictional name or persona or without any attribution at all. You also agree to irrevocably waive (and cause to be waived) any claims and assertions of moral rights or attribution with respect to your Creative Content.

CompStak may remove your Creative Content at any time in its sole discretion. You are solely responsible at your own cost and expense to create backup copies of your Creative Content. Likewise, by accessing the Services you may be exposed to other Members’ Creative Content that you find offensive, indecent or objectionable — you agree that you use the Services at your own risk.

You agree that CompStak is not under any obligation of confidentiality, express or implied, with respect to your Creative Content. You represent and warrant that you own or otherwise control all necessary rights to your Creative Content, that it does not violate or infringe upon the intellectual property rights of a third party, that it is accurate, that it does not contain libelous, defamatory or otherwise unlawful material, that it does not violate anyone’s rights to publicity or privacy, that it will not cause injury to any person or entity, that it does not otherwise violate these TOU, and that you will indemnify CompStak and its service providers for all claims resulting from your Creative Content. UNDER NO CIRCUMSTANCES WILL COMPSTAK BE LIABLE IN ANY WAY FOR OR IN CONNECTION WITH YOUR CREATIVE CONTENT.

As the provider of the Services, CompStak is only a forum and is not liable for any statements, representations, or omissions made through Your (or other Visitors’) Creative Content. Any opinions, advice, purported facts, or recommendations expressed therein are those of the Visitors who make them, and not those of CompStak; CompStak does not endorse any opinion, purported fact, recommendation or advice expressed therein. Likewise, it is your responsibility to exercise due care and caution (for your privacy, safety, and identity, among other concerns) when posting your Creative Content or accessing the Services.

10. The Commercial Real Estate Data and Information Available On the Services

1. Statement of Principles:
   1. We are open, transparent and fair about our practices and policies with respect to the collection and use of information.
   2. We utilize our Members and leading edge technology to build and maintain the most comprehensive, accurate and up-to-date database possible of information regarding commercial properties, including building information, completed lease deal information (such as rental rates, leased square footage, tenant names, real estate broker names and salesperson names), sales transaction information (including, but not limited to price, buyer, seller, cap rate and NOI), and related property, tenant and market information (collectively, “CompStak Data”). We maintain security measures to reasonably safeguard the data and its use.
   3. We collect information that is necessary for the legitimate business purposes of CompStak and our Members. We collect information that is obtained lawfully and by fair means, and do not encourage members and users to disclose trade secrets.
   4. We will monitor privacy and data protection developments. We encourage Members to respect compliance programs with respect to their own use of the Services.
2. Information Collected: The Services make the following subsets of CompStak Data about commercial properties available to our Members: lease deal information (which may include, but is not limited to, rental rates, leased square footage, lease terms, floor(s) leased, landlord concessions, tenant names, real estate broker name, salesperson name, etc.), transaction information (including, but not limited to price, buyer, seller, cap rate and NOI), and related building information (which may include, but is not limited to, landlord name, address, building name, building agent, year built, building class, etc.).
3. Sources of CompStak Data:
   1. Our Members build and maintain the Services’ database of CompStak Data. CompStak may aggregate, supplement or enhance its CompStak Data from established, reputable sources and trusted data suppliers. CompStak may also add to CompStak Data by collecting and including openly and freely available commercial property information. Data providers may only contribute information to CompStak that they have a legal right to provide.
   2. CompStak Data available on the Services may be readily available without restriction from any number of different data sources, including:
      1. Public records: Records created and maintained by government agencies and open for public inspection and use.
      2. Publicly available information: Information that is available to the general public from non-governmental sources.
      3. Non-public available information provided to CompStak by a Member authorized to share such information: Information that is privately owned and is not available to the general public or that is generally offered for a fee for use and redistribution without restriction.
      4. Openly available information: Information that has been made available without restriction by a property’s representatives, typically for their own convenience, competitive advantage, business benefit or other commercial purposes.
      5. Derived information: Partial or derived information from any combination of the above sources that is assembled, aggregated, appended, calculated or associated together.
4. Concerns about CompStak Data: If you have any concerns about any CompStak Data, you can contact CompStak by email at support@CompStak.com.
5. Online Privacy Policy: (Applicable to Members and Visitors) The Privacy Policy applies to information collected online from and about our members, users and visitors to CompStak. For more information, see the Privacy Policy .

11. Intellectual Property

The Services and all content and materials located thereon, including without limitation any CompStak names and logos (the “CompStak Marks”), Database, designs, text, graphics and other files, and the selection, arrangement and organization thereof, are the intellectual property of CompStak or its licensors. Except as explicitly provided, neither the Services nor this Agreement grant you any right, title or interest in or to any such content or materials. The CompStak Marks are trademarks or registered trademarks of CompStak. Other trademarks, service marks, graphics, logos and domain names appearing on the Services may be the trademarks of third parties. The Website is Copyright © 2017, CompStak, Inc., ALL RIGHTS RESERVED. Moreover, except as expressly stated herein, or as expressly granted by CompStak in a signed writing, you have no intellectual property or other rights in the information you contribute to the Database.

As CompStak asks others to respect its intellectual property rights, CompStak respects the intellectual property rights of others. You agree that you shall not remove, obscure, or alter any proprietary rights notices (including copyright and trademark notices) which may be affixed to or contained within the Services. Likewise, if you have evidence, know, or have a good faith belief that your rights have been violated and you want CompStak to delete, edit, or disable the material in question, you must provide CompStak with all of the following information pursuant to the Digital Millennium Copyright Act (“DMCA”) by providing CompStak’s DMCA Agent (listed below) with the following information in writing:

1. a physical or electronic signature of a person authorized to act on behalf of the owner of the exclusive right that is allegedly infringed;
2. identification of the copyrighted work claimed to have been infringed, or, if multiple copyrighted works are covered by a single notification, a representative list of such works;
3. identification of the material that is claimed to be infringed or to be the subject of infringing activity and that is to be removed or access to which is to be disabled, and information reasonably sufficient to permit CompStak to locate the material;
4. information reasonably sufficient to permit CompStak to contact you, such as an address, telephone number, and if available, an electronic mail address at which you may be contacted;
5. a statement that you have a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law; and
6. a statement that the information in the notification is accurate, and under penalty of perjury, that you are authorized to act on behalf of the owner of an exclusive right that is allegedly infringed. For this notification to be effective, you must provide it to CompStak’s designated agent at:

DMCA Agent
CompStak.com
CompStak, Inc.
675 6th Avenue, Floor 4
New York, NY 10010
copyright@compstak.com

Please consult your legal counsel (or see 17 U.S.C. § 512) to confirm these requirements and your compliance therewith. It is CompStak’s policy to respond to notices of alleged infringement that comply with the DMCA. In addition, CompStak will promptly terminate without notice the accounts of users that are determined by CompStak to be “repeat infringers.” If CompStak receives more than three takedown notices regarding your any content you have submitted, including your Creative Content, then you will be considered a repeat infringer and your account will be terminated.

You acknowledge that if you fail to comply with all of the requirements of this section, your DMCA notice may not be valid. Please note that under Section 512(f) of the DMCA, any person who knowingly materially misrepresents that material or activity is infringing may be subject to liability.

12. Disclaimers; Limitation of Liability; Third Party Disputes

1. NO WARRANTIES: ALTHOUGH COMPSTAK TAKES REASONABLE MEASURES TO KEEP THE SERVICES ERROR-FREE AND SAFE, YOU ACCESS THEM AT YOUR OWN RISK. COMPSTAK, ON BEHALF OF ITSELF AND ITS LICENSORS AND SUPPLIERS, HEREBY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, RELATING TO THE SERVICES, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. THE SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE.” NEITHER COMPSTAK NOR ITS LICENSORS OR SUPPLIERS WARRANT THAT THE SERVICES WILL MEET YOUR REQUIREMENTS OR THAT THE OPERATION OF THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, SAFE OR SECURE. COMPSTAK DOES NOT WARRANT AGAINST INTERFERENCE WITH YOUR ENJOYMENT OF THE SERVICE, THAT THE FUNCTIONS CONTAINED IN OR SERVICES PERFORMED OR PROVIDED BY THE SERVICES WILL MEET YOUR REQUIREMENTS, THAT THE OPERATION OF THE SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE OR NOT INTERFERE WITH YOUR USE OR ENJOYMENT OF ANY OTHER PRODUCTS, GOODS OR SERVICES, INCLUDING APPLICATIONS ON ANY MOBILE DEVICE ON WHICH YOU HAVE INSTALLED THE APP, OR THAT DEFECTS IN THE SERVICES WILL BE CORRECTED. NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY COMPSTAK OR ITS AUTHORIZED REPRESENTATIVES SHALL CREATE A WARRANTY NOT EXPRESSLY PROVIDED FOR IN THE TOU.
2. YOUR RESPONSIBILITY FOR DAMAGE: YOU AGREE THAT YOUR USE OF THE SERVICES IS AT YOUR SOLE RISK. YOU WILL NOT HOLD COMPSTAK OR ITS LICENSORS OR SUPPLIERS, AS APPLICABLE, RESPONSIBLE FOR ANY DAMAGE OR LOSS THAT RESULTS FROM YOUR USE OF THE SERVICES, INCLUDING WITHOUT LIMITATION ANY DAMAGE TO ANY OF YOUR COMPUTERS OR DATA. THE SERVICES MAY CONTAIN BUGS, ERRORS, PROBLEMS OR OTHER LIMITATIONS.
3. YOUR RESPONSIBILITY FOR YOUR ACTIONS: YOU AGREE AND UNDERSTAND THAT YOU MAY BE HELD LEGALLY RESPONSIBLE FOR DAMAGES SUFFERED BY OTHER VISITORS OR THIRD PARTIES AS THE RESULT OF YOUR REMARKS, INFORMATION, OR FEEDBACK OR OTHER CONTENT POSTED OR MADE AVAILABLE ON OR THROUGH THE SERVICES THAT IS DEEMED DEFAMATORY OR OTHERWISE LEGALLY ACTIONABLE.
4. LIMITATION OF LIABILITY: YOU AGREE THAT NEITHER COMPSTAK, ITS DIRECTORS, OFFICERS, EMPLOYEES AND AGENTS, NOR ITS LICENSORS OR SUPPLIERS, HAVE ANY LIABILITY WHATSOEVER IN CONNECTION WITH YOUR ACCESS OF THE SERVICES. COMPSTAK IS NOT RESPONSIBLE FOR THE ACTIONS OF THIRD-PARTIES (INCLUDING OTHER VISITORS OR MEMBERS), AND YOU RELEASE COMPSTAK AND ITS DIRECTORS, OFFICERS, EMPLOYEES AND AGENTS FROM ANY CLAIMS AND DAMAGES, KNOWN OR UNKNOWN, ARISING OUT OF OR IN ANY WAY CONNECTED WITH ANY CLAIM YOU HAVE AGAINST ANY SUCH THIRD-PARTIES. THE LIABILITY OF COMPSTAK, ITS DIRECTORS, OFFICERS, EMPLOYEES, AND AGENTS, AND ITS LICENSORS AND SUPPLIERS, IS LIMITED TO THE MAXIMUM EXTENT PERMITTED BY LAW. IN NO EVENT SHALL COMPSTAK, ITS DIRECTORS, OFFICERS, EMPLOYEES AND AGENTS, OR ITS LICENSORS OR SUPPLIERS, BE LIABLE FOR ANY SPECIAL, INCIDENTAL, PUNITIVE OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOST PROFITS, LOST DATA OR CONFIDENTIAL OR OTHER INFORMATION, LOSS OF PRIVACY, FAILURE TO MEET ANY DUTY, INCLUDING WITHOUT LIMITATION OF GOOD FAITH OR OF REASONABLE CARE, NEGLIGENCE, OR OTHERWISE, REGARDLESS OF THE FORESEEABILITY OF THOSE DAMAGES OR OF ANY ADVICE OR NOTICE GIVEN TO COMPSTAK, ITS DIRECTORS, OFFICERS, EMPLOYEES, AND AGENTS, OR ITS LICENSORS AND SUPPLIERS) ARISING OUT OF OR RELATING TO YOUR USE OF THE SERVICES. THIS LIMITATION SHALL APPLY REGARDLESS OF WHETHER THE DAMAGES ARISE OUT OF BREACH OF CONTRACT, TORT, OR ANY OTHER LEGAL THEORY OR FORM OF ACTION. ADDITIONALLY, THE MAXIMUM LIABILITY OF COMPSTAK AND ITS DIRECTORS, OFFICERS, EMPLOYEES, AGENTS, LICENSORS AND SUPPLIERS TO YOU UNDER ALL CIRCUMSTANCES WILL NOT EXCEED THE GREATER OF $200.00 USD OR THE AMOUNT YOU HAVE PAID US IN THE LAST 12 MONTHS.
5. APPLICATION: THE ABOVE DISCLAIMERS, WAIVERS AND LIMITATIONS DO NOT IN ANY WAY LIMIT ANY OTHER DISCLAIMER OF WARRANTIES OR ANY OTHER LIMITATIONS OF LIABILITY BETWEEN YOU AND COMPSTAK OR BETWEEN YOU AND ANY OF COMPSTAK’S DIRECTORS, OFFICERS, EMPLOYEES, AGENTS, LICENSORS OR SUPPLIERS. SOME JURISDICTIONS MAY NOT ALLOW THE EXCLUSION OF CERTAIN IMPLIED WARRANTIES OR THE LIMITATION OF CERTAIN DAMAGES, SO SOME OF THE ABOVE DISCLAIMERS, WAIVERS AND LIMITATIONS OF LIABILITY MAY NOT APPLY TO YOU. UNLESS LIMITED OR MODIFIED BY APPLICABLE LAW, THE FOREGOING DISCLAIMERS, WAIVERS AND LIMITATIONS SHALL APPLY TO THE MAXIMUM EXTENT PERMITTED, EVEN IF ANY REMEDY FAILS ITS ESSENTIAL PURPOSE. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY YOU THROUGH THE WEBSITE, SERVICES, OR OTHERWISE SHALL ALTER ANY OF THE DISCLAIMERS OR LIMITATIONS STATED IN THIS SECTION.
6. THIRD PARTY DISPUTES: YOU IRREVOCABLY RELEASE COMPSTAK (AND OUR OFFICERS, DIRECTORS, AGENTS, SUBSIDIARIES, JOINT VENTURES, AND EMPLOYEES) FROM ANY AND ALL CLAIMS, DEMANDS AND DAMAGES (ACTUAL AND CONSEQUENTIAL) OF EVERY KIND AND NATURE, KNOWN AND UNKNOWN, ARISING OUT OF OR IN ANY WAY CONNECTED WITH ANY DISPUTE YOU HAVE WITH ANY SERVICE PROVIDER, THIRD PARTY SERVICE OR OTHER THIRD PARTY.

13. Indemnification

You agree to indemnify and hold CompStak, its directors, officers, employees and agents, and its suppliers, licensors, and service providers, harmless from and against any loss, liability, claim, demand, damages, costs and expenses, including reasonable attorneys’ fees (collectively, “Claims”), arising out of or in connection with: (1) your use of the Services; (2) any violation of this Agreement (including, without limitation, the Code); and (3) your violation of any law or the rights of any third party. CompStak will have the right, but not the obligation, to participate through counsel of its choice in any defense by you of any Claims as to which you are required to defend, indemnify, or hold harmless CompStak. You may not settle any Claims without the prior written consent of the concerned CompStak person or persons.

14. Third Party Websites

On the Services, you may find links to websites operated by third parties (“Third-Party Sites”). CompStak does not endorse or control Third-Party Sites, each of which may be governed by its own terms of service and privacy policy. CompStak disclaims, and you hereby agree to assume, all responsibility and liability for any damages or other harm, whether to you or third-parties, resulting from your use of Third-Party Sites and any content found on those Third-Party Sites. Please take all protections necessary to protect yourself and your computer system when accessing Third-Party Sites, particularly when downloading or purchasing anything therefrom. Your correspondence or business dealings with, or participation in promotions of, advertisers found on or through the Services are solely between you and such advertiser. YOU AGREE THAT YOUR USE OF CONTENT FROM THIRD-PARTY SITES IS AT YOUR OWN RISK AND COMPSTAK WILL NOT BE RESPONSIBLE OR LIABLE FOR ANY LOSS OR DAMAGE OF ANY SORT INCURRED AS THE RESULT OF ANY SUCH USE OR DEALINGS, OR AS THE RESULT OF THE PRESENCE OF ADVERTISERS ON THE SERVICES.

15. Termination

1. By You: You may cancel your account at any time and for any reason through the “My Account” link. WHEN YOU TERMINATE YOUR ACCOUNT, YOU WILL NOT RECEIVE ANY REFUND OF ANY SUBSCRIPTION FEES CHARGED TO YOUR ACCOUNT PRIOR TO RECEIPT OF YOUR CANCELLATION. WHERE APPLICABLE, AND UNLESS OTHERWISE SET FORTH IN YOUR SPECIFIC PLAN DETAILS, YOUR ACCOUNT WILL REMAIN ACTIVE UNTIL THE END OF YOUR CURRENT SUBSCRIPTION TERM UNLESS OTHERWISE TERMINATED BY COMPSTAK. SUBSCRIPTION FEES WILL NOT BE PRORATED OR REFUNDED FOR PARTIAL-MONTH USAGE. YOU WILL FORFEIT YOUR ACCUMULATED POINTS AND RATING AT THE END OF THE SUBSCRIPTION TERM AFTER THE EFFECTIVE DATE OF YOUR CANCELLATION.
2. By CompStak: CompStak may suspend, terminate, or disable access to your account at any time for an actual or suspected breach (in CompStak’s reasonable discretion) of any provision of the TOU. CompStak, in its sole discretion and for any reason or no reason, may discontinue the Services and any related services including support (or any part thereof), at any time, with or without notice. You agree that CompStak shall not be liable to you or any third-party for any such termination. Without limiting the generality of the foregoing, CompStak may terminate your access to the Services in cases of actual or suspected fraud, or violations of these TOU or other laws or regulations, and any suspected fraudulent, abusive, or illegal activity may be referred to appropriate law enforcement authorities. These remedies are in addition to any other remedies CompStak may have at law or in equity. Upon termination, you will no longer have access to the Services and will forfeit your accumulated points and rating . At our discretion, we may provide you with a prorated refund of subscription fees if we terminate your user account.
3. Effect of Termination; Survival
   If this Agreement terminates, you will no longer be authorized to access the Services. Sections 8 – 13 and 15 – 18 of the Agreement will survive termination.

16. Binding Arbitration, Class Action Waiver, Venue and Jurisdiction

1. Binding Arbitration: In the event of a dispute arising under or relating to this Agreement (each, a “Dispute”), either party may elect to finally and exclusively resolve the dispute by binding arbitration governed by the Federal Arbitration Act (“FAA”). Any election to arbitrate, at any time, shall be final and binding on the other party. IF EITHER PARTY CHOOSES ARBITRATION, NEITHER PARTY SHALL HAVE THE RIGHT TO LITIGATE SUCH CLAIM IN COURT OR TO HAVE A JURY TRIAL, EXCEPT EITHER PARTY MAY BRING ITS CLAIM IN ITS LOCAL SMALL CLAIMS COURT, IF PERMITTED BY THAT SMALL CLAIMS COURT RULES AND IF WITHIN SUCH COURT’S JURISDICTION. ARBITRATION IS DIFFERENT FROM COURT, AND DISCOVERY AND APPEAL RIGHTS MAY ALSO BE LIMITED IN ARBITRATION. All disputes will be resolved before a neutral arbitrator, whose decision will be final except for a limited right of appeal under the FAA. The arbitration shall be commenced and conducted by the Judicial Arbitration and Mediation Services (“JAMS”) pursuant to its then current Comprehensive Arbitration Rules and Procedures and in accordance with the Expedited Procedures in those rules, or, where appropriate, pursuant to JAMS’ Streamlined Arbitration Rules and Procedures. All applicable JAMS’ rules and procedures are available at the JAMS website http://www.jamsadr.com. Each party will be responsible for paying any JAMS filing, administrative and arbitrator fees in accordance with JAMS rules. Judgment on the arbitrator’s award may be entered in any court having jurisdiction. This clause shall not preclude parties from seeking provisional remedies in aid of arbitration from a court of appropriate jurisdiction. The arbitration may be conducted in person, through the submission of documents, by phone, or online. If conducted in person, the arbitration shall take place in the United States county where you reside. The parties may litigate in court to compel arbitration, to stay a proceeding pending arbitration, or to confirm, modify, vacate or enter judgment on the award entered by the arbitrator. The parties shall cooperate in good faith in the voluntary and informal exchange of all non-privileged documents and other information (including electronically stored information) relevant to the Dispute immediately after commencement of
2. Class Action Waiver: You agree that any arbitration or proceeding shall be limited to the Dispute between us and you individually. To the full extent permitted by law, (i) no arbitration or proceeding shall be joined with any other; (ii) there is no right or authority for any Dispute to be arbitrated or resolved on a class action-basis or to utilize class action procedures; and (iii) there is no right or authority for any Dispute to be brought in a purported representative capacity on behalf of the general public or any other persons. YOU AGREE THAT YOU MAY BRING CLAIMS AGAINST US ONLY IN YOUR INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING.
3. Equitable Relief: Should you or CompStak seek equitable relief of any kind, you or CompStak, as applicable, are permitted to seek equitable relief in court, in aid of arbitration.
4. Claims: You and CompStak agree that, notwithstanding any other rights the party may have under law or equity, any cause of action arising out of or related to the TOU or the Services, excluding a claim for indemnification, must commence within one year after the cause of action accrues. Otherwise, such cause of action is permanently barred.
5. Improperly Filed Claims: All claims you bring against CompStak, or CompStak brings against you, must be resolved in accordance with this section. All claims filed or brought contrary to this section will be considered improperly filed. Should you or CompStak (the “ Filing Party”) file a claim contrary to this section, the non-Filing Party may recover attorneys’ fees and costs up to $5,000, provided that the non-Filing Party has notified in writing of the improperly filed claim, and the Filing Party has failed to promptly withdraw the claim.
6. Modifications: In the event that CompStak makes any future change to the Binding Arbitration provision (other than a change to CompStak’s Arbitration Notice Address), you may reject any such change by sending us written notice within thirty (30) days of the effective date of the change to CompStak’s Arbitration Notice Address, in which case your account with CompStak and your license to use the Services shall terminate immediately, and this section, as in effect immediately prior to the amendments you reject, shall survive the termination of the TOU.
7. Enforceability: If only part of Section 16 or the entirety of this Section 16 is found to be unenforceable, then the entirety of this Section 16 shall be null and void and, in such case, the parties agree that the exclusive jurisdiction and venue described in Section 16.H shall govern any action arising out of or related to the TOU.
8. Governing Law; Choice of Forum: The laws of the State of New York, excluding its conflicts of law rules, govern the TOU and your use of the Services. Your use of the Services may also be subject to other local, state, national, or international laws; provided, however, that the United Nations Convention on Contracts for the International Sale of Goods shall not apply to any provision of this TOU. To the extent that any action relating to any dispute hereunder is permitted to be brought in a court of law, such action shall be subject to the exclusive jurisdiction of the state and federal courts located in New York, New York, and you hereby irrevocably submit to personal jurisdiction in such courts, and waive any defense of inconvenient forum.
9. Specific Proceedings: Any legal process initiated in order to obtain identifying information of a Visitor or Member in connection with asserting claims against such user must be initiated by way of a pre-action discovery proceeding in New York state court under N.Y. C.P.L.R. § 3102(c). If you are concerned about whether any Member is sharing information he/she is not authorized to share, please contact us at legal@compstak.com and we will endeavor to work with you to resolve your concerns without the need to commence a legal proceeding.

17. Feedback

CompStak values your enthusiasm regarding the Services. If you choose to contribute by sending CompStak or our employees any ideas for products, services, features, modifications, enhancements, content, refinements, technologies, content offerings (such as audio, visual, games, or other types of content), promotions, strategies, or product/feature names, or any related documentation, artwork, computer code, diagrams, or other materials (collectively “Feedback”), then regardless of what your accompanying communication may say, the following terms shall apply, so that future misunderstandings can be avoided. Accordingly, by sending Feedback to CompStak, you agree that:

1. CompStak has no obligation to review, consider, or implement your Feedback, or to return to you all or part of any Feedback for any reason;
2. Feedback is provided on a non-confidential basis, and CompStak is not under any obligation to keep any Feedback you send confidential or to refrain from using or disclosing it in any way; and
3. You irrevocably grant CompStak and its successors and assigns perpetual and unlimited permission to reproduce, distribute, create derivative works of, modify, publicly perform (including on a through-to-the-audience basis), communicate to the public, make available, publicly display, and otherwise use and exploit the Feedback and derivatives thereof for any purpose and without restriction, free of charge and without attribution of any kind, including by making, using, selling, offering for sale, importing, and promoting commercial products and services that incorporate or embody Feedback, whether in whole or in part, and whether as provided or as modified.

18. Miscellaneous

1. CompStak’s failure to exercise or enforce any right or provision of this Agreement shall not constitute a waiver of such right or provision.
2. If any provision of this Agreement shall be deemed unlawful, void, or for any reason unenforceable, then that provision shall be deemed severable from the Agreement and shall not affect the validity and enforceability of any remaining provisions.
3. Neither the course of conduct and/or course of dealing between the parties nor trade practice shall act to modify any provision of this Agreement.
4. CompStak may assign its rights and duties under this Agreement to any party at any time without notice to you. Your rights and duties under this Agreement are not assignable by you without written consent of CompStak.
5. Headings are used for convenience only and are not to be used for meaning or intent.
6. This Agreement, along with your Plan, and any other signed writing between you and CompStak regarding the Services, constitutes the entire understanding between you and CompStak and supersedes any prior or contemporaneous communications or provisions on the subject matter. This Agreement cannot be modified, unless in a writing labeled “Modification to TOU”, executed by both you and an officer of CompStak.

CompStak, Inc.

Attn: Legal Department
675 6th Avenue, Floor 4
New York, NY, 10010
Legal@CompStak.com

CompStak Privacy Policy

Effective Date: July 19, 2024

Introduction

This policy covers how CompStak, Inc. (“CompStak,” “We,” or “Us”) treats information that relates to an identified or identifiable person (“Personal Information”) and other information that CompStak collects when you visit CompStak.com (the “Website”), and/or when you access our information, products, or services (collectively, with the Website, the “Services”) whether you are using our Services as a visitor to our Website (“Visitor”) or as a user who has completed our registration process (“Members).” (Visitors and Members collectively referred to as “Users”). This policy does not apply to our collection and use of data about commercial properties contained in our Database, which is covered in our Fair Information Statement, available here.

Please read this policy carefully and review it often because it may change. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY YOU MAY NOT USE THE WEBSITE OR SERVICES.

1. Scope of Privacy Policy

This Privacy Policy applies to Personal Information and other information collected by CompStak. When you navigate away from our Website to websites controlled by third parties, you leave the CompStak Website, at which point our Privacy Policy no longer applies.

2. The Information We Collect, Our Cookie Policy

CompStak’s Services include the collection, aggregation, and organization of information about commercial properties, such as building information (including, but not limited to, building pictures), completed lease deal information (including, but not limited to, rental rates, leased squared footage, tenant names and real estate broker and salesperson names), sales transaction information (including, but not limited to price, buyer, seller, cap rate and NOI), and related property, tenant and market information. Members can provide such information for inclusion in our Database. By visiting our Website or becoming a Member, you are authorizing us to gather, parse, and retain data and information that you provide to us as necessary to deliver and support our Services.

Information Collected Directly from You: CompStak collects Personal Information when you register. We may also collect Personal Information from you in other ways, such as when you contact our customer-support team or provide us with your credit card information in connection with CompStak purchases. We may also collect Personal Information from you when you choose to request information about CompStak or our Services, seek customer or technical support, or otherwise communicate with us, including at conferences and other events.

Information Collected Passively: Whenever you visit CompStak, we also receive and record information on our server logs from your browser, including your IP address, CompStak cookie information, and the pages you request. We relate this information to the Personal Information you provide. CompStak uses this information to provide our Services, to improve our products and Services, to contact you, to conduct research, and to develop and maintain non-identifiable or aggregated data and analytics. We may also collect certain information automatically through our Services or other methods of web analysis, such as mobile carrier, mobile advertising identifiers, MAC address, IMEI, Advertiser ID, and other device identifiers that are automatically assigned to your computer or device when you access the Internet, browser type and language, geo-location information, hardware type, operating system, Internet service provider, pages that you visit before and after using the Services, the date and time of your visit, the amount of time you spend on each page, information about the links you click and pages you view within the Services, and other actions taken through use of the Services such as preferences.

We, as well as third parties that provide content, advertising, or other functionality on our Services, may use cookies, pixel tags, local storage, and other technologies (“Technologies”) to automatically collect information through the Services. We use Technologies that are essentially small data files placed on your computer, tablet, mobile phone, or other devices (referred to collectively as a “device” that allow us to record certain pieces of information whenever you visit or interact with our sites, Services, applications, messaging, and tools, and to recognize you across devices.

Cookies and Similar Technologies: CompStak uses “cookies.” Cookies are small lines of text/data that are written onto a User’s computer by a website to store that User’s preferences. Most browsers allow you to manage cookies including blocking and deleting them. If you block or delete our cookies, CompStak may not work as well or at all for you. Cookies and similar technologies may be used by our online data partners or vendors to associate activities with other personal information they or others have about you, including by association with your email or home address. We (or service providers on our behalf) may then send communications and marketing to these email or home addresses. You may opt out of receiving this advertising by visiting https://app.retention.com/optout .

Clear gifs (Web beacons): We use a software technology called clear gifs (a.k.a. web beacons), that help us better manage content on our site by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of web users. In contrast to cookies, which are stored on a User’s computer hard drive, clear gifs are embedded invisibly on web pages. We tie the information gathered by clear gifs to personally identifiable information Users submit while they are on the system. We use clear gifs in our HTML-based emails to let us know which emails have been opened by recipients. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns.

Cookies and Interest-Based Advertising: You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy, at https://thenai.org/opt-out/ http://www.youronlinechoices.eu/ https://youradchoices.ca/choices/ and www.aboutads.info/choices/ To separately make choices for mobile apps on a mobile device, you can download DAA’s AppChoices application from your device’s app store. Alternatively, for some devices you may use your device’s platform controls in your settings to exercise choice.

Please note you must separately opt out in each browser and on each device. Advertisements on third party websites that contain the AdChoices link may have been directed to you based on information collected by advertising partners over time and across websites. These advertisements provide a mechanism to opt out of the advertising partners’ use of this information for interest-based advertising purposes.

Media Widgets: Our Website may include social media features such as the Facebook, Twitter and LinkedIn (that might include widgets such as the share this button or other interactive mini-programs). These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. These social media features are either hosted by a third party or hosted directly on our Website. Your interactions with these features are governed by the privacy policy of the company providing it.

We may also use Google Analytics and other vendors to collect information regarding visitor behavior and visitor demographics on some of our Services, and to develop Website content. For more information about Google Analytics, please visit www.google.com/policies/privacy/partners/ You can opt out of Google’s collection and Processing of data generated by your use of the Services by going to http://tools.google.com/dlpage/gaoptout

Member Screen Names: During registration, Members must create a unique screen name that may be publicly attributed (tied) to their use of our system and may be both displayed in our system or shared in public communications. Members should be careful not to include Personal Information in their screen name or post Personal Information about themselves.

Member Passwords: During registration, Members must select a password. Passwords are used to secure Member information and the integrity of the system. We only store a one-way encryption of Member passwords which means passwords cannot be unencrypted by us. Our login page provides a way for Members to obtain access to the system in case they lose or forget their password.

Member Ratings and System Use Information: We use screen names to compile and process historical and statistical information about how and when our Users use the system. Historical and statistical information includes information about selected actions that our Members take while on the system. We may also aggregate and store historical and statistical information for Members or Visitors. System use information is collected, surveyed, evaluated and scored by the system to assess the quality of data. Member actions are effectively confirmed or challenged by the later actions of other Members. We use this evaluation process to maintain our collaborative, self-correcting system and to promote the development of the most accurate, complete and up-to-date data possible. Members are objectively rated by the system based upon their actions.

Our system uses points as an incentive and a point balance will be maintained for each Member based upon system use information. We may also use this information to add, adjust or discontinue certain Services or functionality and to enforce our policies and procedures. Compiled system use information, Member ratings, point balances and information on data submitted may be displayed online and shared along with screen names, both online and in other public communications.

Subscription and Payment Information: Users and Members may be asked to provide payment information (for example, to open a subscription account or to purchase a Comp), such as PayPal, credit card, and/or other payment information needed to process their payments. We may use this information to contact Users and Members about payment processing. Payment information is protected using secure socket layer technology (SSL).

Surveys and Contests: We may provide Users the opportunity to participate in contests or surveys from time to time. Participation in contests or surveys is completely voluntary. If Users choose to participate, we may request certain additional Personal Information. We may use this information to monitor system traffic, supplement, amend and personalize our system, direct advertisements, communicate with participants, develop our products and Services, or conduct market research.

Information from Other Sources: We may receive information about you from other sources, including through third party services and organizations to supplement information provided by you. For example, if you access our Services through a third party application, such as a social networking service, we may collect information about you from that third party application that you have made public via your privacy settings.

3. How We Use Your Personal Information and the Information you Contribute to our Database

Use of Personal Information: We use Personal Information for a variety of internal and service-related purposes, and we may use vendors and suppliers to allow us to offer CompStak. Such purposes include to provide Services or information requested (for example, to manage accounts, respond to questions and requests, and respond to requests for support), administrative purposes (such as to develop new Services, measure interest in Services, and process applications, transactions, and payments), marketing CompStak products and Services (including tailoring and notifying you about content and offers, providing Services, and other reasons with your consent), research and development, and outbound marketing (including by mail, email, and/or telephone in accordance with applicable law). CompStak does not rent, sell, or share Personal Information about you with other people or non-affiliated companies for their independent marketing purposes.

Access to Personal Information: Members may have access to their information through the Login area of our system.

Use of Payment Information: We use and share with our vendors credit card or other payment information for identification and verification purposes and to help facilitate payment processing. We do not share credit card or other payment information with third parties other than to process payments.

Other Use and Sharing: We may create and/or share with third parties non-identifiable and/or aggregated information for a variety of reasons, including in the performance of analysis and evaluation of interest in and use of various portions or features of the Services, research, analytics, marketing services, including evaluating market trends and/or under a joint marketing agreement to provide services that will be of particular interest and relevance, and other legally permissible purposes.

Communicating with our Members: We will typically communicate with our Members using their registered email address. If we cannot reach our Members by email, we may use other contact information such as their address, telephone number, Twitter ID, Instant Messenger ID, Facebook ID and/or LinkedIn ID. We will communicate with Members in accordance with their preferences and in response to inquiries, to provide requested Services and to manage their accounts. We will send Members mandatory service-related announcements and notifications by email when necessary. Members cannot opt-out of these communications, which are not promotional in nature. If Members do not wish to receive them, they have the option of canceling their account. We may broadcast or otherwise distribute important messages to all Users or send individual messages to specific Users where we have appropriate contact information to do so. We also may send information to Members by email about our Services, including special alerts, offers, awards, surveys, contests, promotions and updates. Members will be given the option not to receive these types of communications. We will use email addresses to distribute and collect surveys, notify contest winners and award prizes.

Legal Sharing for Protection of Us, You, and Others: We may disclose Personal Information to third parties who are assisting us in protecting against or preventing actual or potential fraud, unauthorized transactions, claims or other liabilities, or to investigate potential fraudulent or questionable activities. We may disclose Personal Information in response to legal process, such as in response to a court order or a subpoena. We may disclose Personal Information in response to a law enforcement agency’s request, or where we believe it is necessary to investigate, prevent, or take action regarding illegal activities or suspected fraud, violations of our Terms of Use, or as we believe may be otherwise required by law. We may also disclose Personal Information to protect our rights or interests or the rights or interests of others.

Merger or Sale: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, Personal Information and other information we have collected may be treated as an asset and transferred in accordance with this Policy.

Use of Information in the Database: When Members contribute information to the Database, they provide this information so that CompStak may, in CompStak’s sole discretion, disclose such information to other Members and/or third parties for any purpose, including in exchange for payment or other remuneration made by such third parties to CompStak.

Other Uses: We may use Personal Information for any purpose for which we have a legitimate interest, such as direct marketing, individual or market research, anti-fraud protection, or any other purpose disclosed to you at the time you provide Personal Information or with your consent.

4. How We Secure Personal Information

CompStak limits access to Personal Information. We have put in place physical, electronic, and managerial procedures in an effort to safeguard and help prevent unauthorized access, maintain data security, and use correctly the Personal Information we collect from you.

No data transmissions through the Internet or mobile devices, or even the physical transfer of information, can be guaranteed to be completely secure. We cannot eliminate fully all security risks associated with personal information and technical mistakes are possible. We do not ensure or warrant the security of any data or information you transmit to us and you do so at your own risk.

If CompStak learns of a security systems breach, then we may attempt to notify you electronically. You agree that we may communicate with you electronically regarding security, privacy, and administrative issues. We may post a notice on our Website if a security breach occurs. If this happens, you will need a web browser enabling you to view and access CompStak.com. Depending on where you live, you may have a legal right to receive notice of a security breach in writing. To receive free written notice of a security breach (or to withdraw your consent from receiving electronic notice), you should notify us at: CompStak, Inc., Attn: Legal Department, 675 6th Avenue, Floor 4, New York, NY 10010.

5. Children

Children under the age of 18 are not permitted to use our system. We do not knowingly collect information from or about children.

6. Transfer of Personal Information

The Website and our servers are operated in the United States. Please be aware that any information you provide to us may be transferred into the United States. Personal Information may be accessible to law enforcement or other authorities pursuant to a lawful request. By providing information to CompStak, you consent to the transfer and storage of Personal Information to and in the United States. Please see our Terms of Use for more information.

7. Your Rights

For purposes of the California Consumer Privacy Act, CompStak does not “sell” your Personal Information.

You have the right to make choices regarding certain uses and disclosures of the Personal Information you provide depending on applicable law. Where you have consented to CompStak’s processing of your Personal Information, you may withdraw that consent at any time by contacting us. Even if you withdraw your consent, we may still collect and use non-personal information regarding your activities on our Website and/or information from the advertisements on third party websites for non-interest based advertising purposes.

Upon request and as required by applicable law, we will provide an individual with access to, a copy of, restriction of use of, or correction or deletion of Personal Information that we have collected about them (provided that they have given proof of identity). This can be requested by sending us an email through the email link provided below or writing to us at the below address. Although CompStak makes good faith efforts to provide individuals with access to Personal Information, there may be circumstances in which we are unable to provide access according to applicable law. If CompStak determines that access should be restricted in any particular instance, we will provide you with an explanation of why that determination has been made and a contact point for any further inquiries. If you would like to exercise any of these rights, please log into your account or contact us as set forth below. We will process such requests in accordance with applicable laws. To protect your privacy, CompStak will take commercially reasonable steps to verify your identity before granting access to or making any changes to Personal Information.

California residents have the right not to receive discriminatory treatment by CompStak for the exercise of their rights conferred by the California Consumer Privacy Act

8. Supervisory Authority

If you are located in the European Economic Area, you have the right to lodge a complaint with a supervisory authority if you believe our processing of your Personal Information violates applicable law.

9. Data Retention

CompStak retains the Personal Information we receive as described in this Privacy Policy for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.

10. How We May Update Our Privacy Policy

If our information practices change, we will post any adjustments to our Privacy Policy on this Website. If you are concerned about how your information is used, bookmark this page and check back periodically.

11. How to Contact Us

If you have questions or suggestions, please email CompStak atsupport@compstak.com or call (646) 926-6707. Written communication should be sent to CompStak, Inc., 675 6th Avenue, Floor 4, New York, NY 10010.

Fair Information Statement

Effective Date: October 1, 2017

Summary

This Fair Information Statement applies ONLY to the information about commercial properties that is compiled and available on CompStak.com (“CompStak, “We,” or “US”). THIS STATEMENT DOES NOT APPLY TO INFORMATION COLLECTED FROM OR ABOUT OUR MEMBERS OR VISITORS DURING REGISTRATION OR USE OF COMPSTAK.COM. Information collected from or about our Users is covered in our separate Privacy Policy Capitalized terms used and not defined in this policy have the meaning given to them in the Terms of Use

1. Statement Of Principles

CompStak.com is committed to the following principles:

We are open, transparent and fair about our practices and policies with respect to the collection and use of information.

We utilize our Users and leading edge technology to build and maintain the most comprehensive, accurate and up-to-date database possible of information regarding commercial properties, including building information (such as building pictures), completed lease deal information (such as rental rates, leased square footage, tenant names, real estate broker names and salesperson names), sales transaction information (including, but not limited to price, buyer, seller, cap rate and NOI), and related property, tenant and market information. We maintain security measures to reasonably safeguard the data and its use.

We collect information that is necessary for the legitimate business purposes of CompStak® and our Users. We collect information that is obtained lawfully and by fair means, and do not encourage members and users to disclose trade secrets.

We comply with all applicable laws. We will monitor privacy and data protection developments. We encourage Users to respect compliance programs with respect to their own use of CompStak.com.

2. Information Collected

CompStak.com makes the following information about commercial properties available to our Members: lease deal information (which may include, but is not limited to, rental rates, leased square footage, lease terms, floor(s) leased, landlord concessions, tenant names, real estate broker name, salesperson name, etc.), sales transaction information (including, but not limited to price, buyer, seller, cap rate and NOI), and related building information (which may include, but is not limited to, building pictures, landlord name, address, building name, building agent, year built, building class, etc.)

3. Sources Of CompStak.com commercial Property Information

Our Members build and maintain CompStak.com’s Database. CompStak.com may aggregate, supplement or enhance its business information from established, reputable sources and trusted data suppliers. CompStak.com may also collect and include openly and freely available commercial property information itself. Data providers may only contribute information to CompStak.com that they have a legal right to provide.

Information on CompStak.com may be readily available without restriction from any number of different data sources. The following types of information may be reflected in the Database:

• Public records: Records created and maintained by government agencies and open for public inspection and use.
• Publicly available information: Information that is available to the general public from non-governmental sources.
• Non-public available information: Information that is privately owned and is not available to the general public or that is generally offered for a fee for use and redistribution without restriction.
• Openly available information: Information that has been made available without restriction by a property’s representatives, typically for their own convenience, competitive advantage, business benefit or other commercial purposes.
• Freely available information: Information that is accessible or available on the Internet or from other offline sources.
• Derived information: Partial or derived information from any combination of the above sources that is assembled, aggregated, appended, calculated or associated together.

4. Concerns About Data Appearing In the Database

If you have any concerns about data appearing in our Database, you can contact CompStak.com support by email at support@CompStak.com.

5. Online Privacy Policy (Applicable to Members, Users and Visitors)

CompStak.com’s Privacy Policy applies to information collected online from and about our Community members, users and visitors to CompStak.com. For more information, see ourPrivacy Policy.

Commission Decision C(2010)593

Standard Contractual Clauses (processors)

For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection

Name of the data exporting organisation:

E-mail:

Other information needed to identify the organisation: (the data exporter) And Name of the data importing organisation:

Company: CompStak, Inc.

Address: 675 6th Avenue, Floor 4, New York, NY 10010.

Tel: (646)-926-6707 e-mail: help@compstak.com

Other information needed to identify the organisation:

CompStak, Inc. (the data importer)

each a “party,” together “the parties,”

HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.

Clause 1

Definitions

For the purposes of the Clauses:

1. ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
2. ‘the data exporter’ means the controller who transfers the personal data;
3. ‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
4. ‘the subprocessor’ means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
5. ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
6. ‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

Clause 2

Details of the transfer

The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.

Clause 3

Third-party beneficiary clause

1. The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
2. The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
3. The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

Clause 4

Obligations of the data exporter

The data exporter agrees and warrants:

1. that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
2. that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law
3. that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;
4. that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
5. that it will ensure compliance with the security measures;
6. that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
7. to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
8. to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
9. that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
10. that it will ensure compliance with Clause 4(a) to (i).

Clause 5

Obligations of the data importer

The data importer agrees and warrants:

1. to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
2. that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
3. that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;
4. that it will promptly notify the data exporter about:
   1. any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
   2. any accidental or unauthorised access, and
   3. any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
5. to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
6. at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
7. to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
8. that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;
9. that the processing services by the subprocessor will be carried out in accordance with Clause 11;
10. to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.

Clause 6

Liability

1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.
2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity. The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.
3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.

Clause 7

Mediation and jurisdiction

1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
   1. to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
   2. to refer the dispute to the courts in the Member State in which the data exporter is established.
      2. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

Clause 8

Cooperation with supervisory authorities

1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b).

Clause 9

Governing Law

The Clauses shall be governed by the law of the Member State in which the data exporter is established.

Clause 10

Variation of the contract

The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.

Clause 11

Subprocessing

1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor’s obligations under such agreement.
2. The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
3. The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
4. The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.

Clause 12

Obligation after the termination of personal data processing services

1. The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
2. The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.

On behalf of the data exporter:

Name (written out in full): Email:

On behalf of the data importer:

Name: Michael Mandel, CompStak, Inc.

Position: CEO

Address: 675 6th Avenue, Floor 4, New York, NY 10010.

Other information necessary in order for the contract to be binding (if any):

Signature:

Appendix 1 to the Standard Contractual Clauses

This Appendix forms part of the Clauses and must be completed and signed by the parties. The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix.

Data exporter

The data exporter has purchased or otherwise has access to Services provided by CompStak, Inc. pursuant to an agreement. The Services include the processing of personal data.

Data importer

The data importer has agreed to provide Services (on a software-as-a-service basis) using infrastructure and software to process data (including personal data) as set forth in this Appendix 1.

Data subjects

The personal data transferred by the data exporter to the data importer concerns the following categories of data subjects:

• Data exporter’s customers and end-users
• Data exporter’s employees, consultants and agents who are authorized by data exporter to use the Services

Categories of data

The personal data transferred by the data exporter to the data importer concern the following categories of data:

• Name
• E-Mail
• Address

Special categories of data (if appropriate)

The personal data transferred concern the following special categories of data (please specify):

None.

Processing operations

The personal data transferred will be subject to the following basic processing activities as directed by the data exporter as part of the Services:

• Collection and receipt from data exporter
• Organization
• Adaptation, Alteration and Analytics
• Storage
• Reporting (including dissemination of reports)
• Erasure and destruction

Data Exporter

Name:

Data Importer

Name: Michael Mandel, CompStak, Inc.

Appendix 2 to the Standard Contractual Clauses

This Appendix forms part of the Clauses and must be completed and signed by the parties.

Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):

Organizational Measures:

Security Management

• CompStak coordinates stakeholders from various functions through internal communications systems to direct and manage the information security strategy and controls adopted by the organisation.
• An Information Security Risk Assessment exercise is performed periodically to assess and review the level of risks in respect of data security and mitigate them as appropriate.
• Security incidents are reported, investigated, acted upon and where appropriate notified to clients as per the CompStak’s policies and defined processes.

Personnel Security (Human Resources Security)

• CompStak employees are background checked and required to sign Terms of Employment as per defined policies and processes. Terms of Employment of all CompStak employees contains clauses addressing compliance to CompStak policies on Confidentiality, Intellectual Property and Data Privacy.
• Educating CompStak employees on essential security policies and emphasizing on the user responsibilities related to incident management, data privacy, business continuity and information security is an ongoing process at CompStak.
• CompStak employee policies on Confidentiality, Intellectual Property and Data Privacy are available for inspection by clients upon request.

Business Continuity Planning

• CompStak has an established Business Continuity/Disaster Recovery strategy which aims at reducing the disruption caused by disasters and security failures to an acceptable level through a combination of preventive and recovery measures.  It covers the organisation’s facilities, equipment, personnel and processes including information processing depending on the business continuity needs.
• CompStak’s Business Continuity and Disaster Recovery strategy in respect of its facilities, infrastructure and delivery centres covers the base facilities and technology infrastructure at each facility as well as the specific needs of individual clients or projects. The details and documentation associated with the Business Continuity and Disaster Recovery strategy are available for audit by clients upon request.

Physical & Environmental Security

The personal data that is to be the subject of the transfers governed by these Standard Contractual Clauses will be processed only in Amazon Web Services (AWS) facilities located in the U.S. Data importer has engaged AWS as a subprocessor. AWS has contractually agreed with data importer to maintain the following security measures with respect to the personal data:

• AWS will maintain an information security program (including the adoption and enforcement of internal policies and procedures) designed to (a) help data importer secure personal data against accidental or unlawful loss, access or disclosure, (b) identify reasonably foreseeable and internal risks to security and unauthorized access to the AWS Network, and (c) minimize security risks, including through risk assessment and regular testing. AWS will designate one of more employees to coordinate and the accountable for the information security program. The information security program will include the following measures:
  • The AWS Network will be electronically accessible to employees, contractors and any other person as necessary to provide the services.
  • AWS will maintain access controls and policies to manage what access is allowed to the AWS Network from each network connection and user, including the use of firewalls or functionally equivalent technology and authentication controls.
  • AWS will maintain corrective action and incident response plans to respond to potential security threats.
• Physical components of the AWS Network are housed in nondescript facilities (the “Facilities”), which are subject to the follows:
  • Physical barrier controls are used to prevent unauthorized entrance to the Facilities both at the perimeter and at building access points.
  • Passage through the physical barriers at the Facilities requires either electronic access control validation (e.g., card access systems, etc.) or validation by human security personnel (e.g., contract or in-house security guard service, receptionist, etc.).
  • Employees and contractors are assigned photo-ID badges that must be worn while the employees and contractors are at any of the Facilities.
  • Visitors are required to sign-in with designated personnel, must show appropriate identification, and are assigned a visitor ID badge that must be worn while the visitor is at any of the Facilities, and are continually escorted by authorized employees or contractors while visiting the Facilities.
  • AWS provides access to the Facilities to those employees and contractors who have a legitimate business need for such access privileges. When an employee or contractor no longer has a business need for the access privileges assigned to him/her, the access privileges are promptly revoked, even if the employee or contractor continues to be an employee of AWS or its affiliates.
  • All access points (other than main entry doors) are maintained in a secured (locked) state.
  • Access points to the Facilities are monitored by video surveillance cameras designed to record all individuals accessing the Facilities.
  • AWS also maintains electronic intrusion detection systems designed to detect unauthorized access to the Facilities, including monitoring points of vulnerability (e.g., primary entry doors, emergency egress doors, roof hatches, dock bay doors, etc.) with door contacts, glass breakage devices, interior motion-detection, or other devices designed to detect individuals attempting to gain access to the Facilities.
  • All physical access to the Facilities by employees and contractors is logged and routinely audited.
• AWS will conduct periodic reviews of the security of its AWS Network and adequacy of its information security program as measured against industry security standards and its policies and procedures.
• AWS will continually evaluate the security of its AWS Network and associated Services to determine whether additional or different security measures are required to respond to new security risks of findings generated by the periodic reviews.

Technical Measures

Data Importer — Workstation Security

• Standard workstation images are installed on desktops and laptops with built in desktop security tools.
• Every workstation has Antivirus tools and Desktop Firewall.
• Unique user IDs and appropriate Password controls implemented for all users.
• Centralized Patch Management is employed on all work stations.
• Restricted Internet Access using Websense Content based URL Filtering is available in select locations.
• Digital Signatures are used for email encryption.
• Any Instant Messenger services used are encrypted.
• A central Anti Virus Console is used for the monitoring and control of Antivirus software.
• All laptops, tablets and other electronic devices used by CompStak employees are encrypted.

Data Importer — Server Security

• CompStak Standard Server Image.
• Antivirus Software for Servers.
• System Security Policies are enforced using Windows Domains/ Active Directory.
• Access Control enforced – Least Privilege Principle implemented.
• Periodic Log reviews performed.
• Centralised Patch Management Process.
• Regular Backup Process implemented.
• Message Filters to block spam, viruses and executable downloads.
• Periodic security reviews are performed.

Data Importer — Network Security

• Secure Network design Architecture.
• VPN Solution (Encryption) implemented for employees.
• Multiple Layers of Network Security:
  • Access Control List on Perimeter Routers
  • External Firewall (Internet Facing) in Failover mode1
  • Internal Firewall in Failover mode – (Different product vendors for External & Internal Firewalls)
• All incoming and outgoing data is encrypted with current year encryption standards. CompStak has implemented tight networking controls between CompStak systems and database and the outside world for all data that resides in CompStak’s data centers. CompStak implements strong https upkeep and locks all network communications.