Data Processing Addendum

last updated on:

Effective Date:

April 24, 2023

Introduction

This Data Processing Addendum (the ”DPA” or ”Addendum”) forms part of the Liminex Products Terms of Service and End User License Agreement (available at http://www.tutorme.com/policies/product-privacy) (”EULA”) between your Organization (or the ”School”) if the School is located in the European Union (”EU”), European Economic Area (”EEA”), Switzerland, or the United Kingdom, and Liminex, Inc. doing business as GoGuardian (”GoGuardian”). For purposes of this DPA, the School in this DPA shall be ascribed the same meaning as your Organization in the EULA.

In the event of any conflict between this DPA and the EULA with regard to the processing of Personal Data, this DPA will control to the extent of the conflict. All capitalized terms used but not defined in this DPA shall have the meaning ascribed to them in the EULA. For avoidance of doubt, this DPA shall not apply to Organizations, Schools or our customers located outside of the EEA or Switzerland.

In the course of providing our Products under the EULA, we may Process certain Personal Data (as such term is defined below) on behalf of the School, and where we Processes Personal Data on behalf of the School, the parties agree to comply with the terms and conditions in this DPA in connection with such Personal Data.

I. DEFINITIONS

A. Controller” means the entity which determines the purposes and means of the Processing of Personal Data.

B. ”Data Protection Laws” means all laws and regulations, including laws and binding regulations of the EU, the EEA and their Member States (including the GDPR) and Switzerland, applicable to the Processing of Personal Data under the EULA.

C. ”Data Subject” means the identified or identifiable person to whom Personal Data relates.

D. ”GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

E. ”Notification Email Address” means the email address of the designated school official for the School.

F. ”Personal Data” means any information that relates to an identified or identifiable natural person (i.e. the Data Subject), to the extent that such information is protected as personal data under applicable Data Protection Laws and is submitted by the School or its students (”School Data”) through the Products.

G. ”Process” or ”Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

H. ”Processor” means the entity which Processes Personal Data on behalf of the Controller.

I. “Products” means the Offerings as defined in the EULA.

J. ”Security Measures” has the meaning given in Section 5.1.‍

K. ”Subprocessor” means any entity engaged by us to Process Personal Data in connection with the Products.

L. ”Supervisory Authority” means an independent public authority which is established by an EU/EEA Member State or Switzerland or the United Kingdom pursuant to Data Protection Laws.

II. PROCESSING OF PERSONAL DATA

A. Roles of the Parties and our Processing of Personal Data. The parties acknowledge and agree that with regard to the Processing of Personal Data, the School is the Controller, we are the Processor. By entering into this DPA, the School instructs us to Process Personal Data only in accordance with Data Protection Laws: (a) to provide the Products; (b) as further specified through the School’s use of the Products (including through use of preference options and other functionality of the Products); (c) as documented in the EULA, including this DPA; and (d) as further documented in any other written instructions given by the School and acknowledged by us as constituting instructions for purposes of this DPA (together the "Purpose"). We may condition the acknowledgement described in (d) on the payment of additional fees or the acceptance of additional terms. We act on behalf of and on the instructions of the School in carrying out the Purpose including with regard to transfers of Personal Data outside the EU/EEA, unless EU/EEA Member State law or Swiss law to which we are subject requires other Processing of School Data by us, in which case we will inform the School (unless that law prohibits us from doing so on important grounds of public interest) via the Notification Email Address.

B. School’s Processing of Personal Data. The School shall, in its use of the Products and provision of instructions, Process Personal Data in accordance with the requirements of applicable Data Protection Law. The School shall have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which the School acquired Personal Data.

C. Details of the Processing.

i. Duration of the Processing. The Term plus the period from the expiry of the Term until deletion of all School Data by us in accordance with the DPA.

ii. Purpose of the Processing. We will process School Data for the purposes of providing the Products to the School in accordance with the DPA and as defined under Section II.A above.

iii. Types of Personal Data Processed. The types of Personal Data processed is set forth in Annex I.

iv. Categories of Data Subjects Processed. The categories of Data Subjects are set forth in Annex I.

III. RIGHTS OF DATA SUBJECTS

A. Data Subject Requests. We shall, to the extent legally permitted, promptly notify the School if we receive any requests from a Data Subject to exercise rights in accordance with Data Protection Laws (each, a “Data Subject Request”). Taking into account the nature of the Processing, we shall assist the School by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the School’s obligation to respond to a Data Subject Request under applicable Data Protection Laws. To the extent legally permitted, the School shall be responsible for any costs arising from our provision of such assistance, including any fees associated with provision of additional functionality.

IV. SUBPROCESSORS

A. Appointment of Subprocessors. The School acknowledges and agrees that we may engage third party Subprocessors in connection with the provision of the Products. We will enter into a written agreement with each Subprocessor containing data protection obligations that provide the same data protection obligations for Personal Data as those in this DPA, taking into account the nature of the Products provided by such Subprocessor.

B. List of Current Subprocessors and Notification of New Subprocessors. A current list of Subprocessors for the Products, is available upon request. We shall inform the School of any intended changes concerning the addition or replacement of other Subprocessors, thereby giving the School the opportunity to object to such changes.

C. Liability. We shall be liable for the acts and omissions of its Subprocessors to the same extent we would be liable if performing the Products of each Subprocessor directly under the terms of this DPA.

V. SECURITY

A. Our Security Measures. We will implement and maintain technical and organizational measures to protect School Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access (the ”Security Measures”) in accordance with Data Protection Laws, including as set forth in Annex II. We may update or modify the Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Personal Data.

B. Security Compliance by Our Staff. We will take appropriate steps to ensure compliance with the Security Measures by its staff to the extent applicable to their scope of performance, including ensuring that all such persons it authorizes to Process School Personal Data have committed themselves to confidentiality.

C. Our Security Assistance. The School agrees that we will (taking into account the nature of the Processing of School Personal Data and the information available to us) assist the School in ensuring compliance with any of the School’s obligations in respect of security of Personal Data (including in case of a Personal Data security incident), in accordance with applicable Data Protection Laws, by implementing and maintaining Security Measures. A current overview of our Security Measures will be provided to the School upon request.

VI. SCHOOL DATA INCIDENT MANAGEMENT AND NOTIFICATION

A. Incident Notification. We shall notify the School of any security incident relating to School Personal Data (within the meaning of applicable Data Protection Law) of which we become aware and which may require a notification to be made to a Supervisory Authority or Data Subject under applicable Data Protection Law or which we are required to notify to the School under applicable Data Protection Law (a ”School Data Incident”). We shall provide commercially reasonable cooperation and assistance in identifying the cause of such School Data Incident and take commercially reasonable steps to remediate the cause to the extent the remediation is within our control. The obligations herein shall not apply to security incidents with regard to any Personal Data not processed by us on behalf of the School under his DPA.

B. Delivery of Notification. Notification(s) of any School Data Incidents will be delivered to a Notification Email Address established by the School. The School is solely responsible for ensuring that the Notification Email Address is current and valid.

C. No Assessment of School Data by Us. We will not assess the contents of School Data in order to identify information subject to any specific legal requirements. The School is solely responsible for complying with legal requirements for incident notification applicable to the School and fulfilling any third party notification obligations related to any School Data Incident(s).

D. No Acknowledgement of Fault by Us. Our notification of or response to a School Data Incident under this Section VI will not be construed as an acknowledgement by us of any fault or liability with respect to the School Data Incident.

VII. RETURN AND DELETION OF SCHOOL DATA

A. Deletion Upon Termination. Upon termination of the EULA under which we are Processing Personal Data, we shall, upon the School’s request, and subject to the limitations of the School’s selected Products, return all School Data and copies of such data to the School or securely destroy them and demonstrate to the satisfaction of the School that it has taken such measures, unless applicable law prevents it from returning or destroying all or part of School Data. We may only continue to retain the School Data after such date if permitted by the applicable laws to which it is subject.

VIII. DEMONSTRATION OF COMPLIANCE

A. No more than once per contract year as required by relevant Data Protection Laws and data protection authorities, during our regular business hours and at the School’s sole expense, we will make available to the School all information necessary to demonstrate compliance with the obligations laid down in this DPA and allow for and contribute to audits, including inspections, conducted by the School, pursuant to the agreement of the parties and a confidentiality agreement to our satisfaction, in a reasonable time and manner. As permitted by relevant law, we may fulfill this inspection or audit request by providing the School with an executive summary or SO2 or SOC2-successor or equivalent report by a reputable, independent third party. All information accessed or obtained by the School in connection with this audit shall be considered our confidential information.

B. We shall inform the School in compliance with and as required by relevant Data Protection Laws, if, in its opinion, a Purpose or any documented instruction it receives from the School with respect to the Processing of Personal Data, infringes or prevents it from complying with Data Protection Laws.

IX. LIMITATION OF LIABILITY

A. Liability under the EULA. Each party’s liability, taken together in the aggregate, arising out of or related to this DPA, whether in contract, tort or under any other theory of liability, is subject to the ‘Limitation of Liability’ section of the EULA, and any reference in such section to the liability of a party means the aggregate liability of that party and its affiliates under the EULA and all DPAs together. For the avoidance of doubt, our total liability for all claims from the School arising out of or related to the EULA and this DPA shall apply in the aggregate for all claims under both the EULA and any DPA established under the EULA, including by multiple schools within a district, and, in particular, shall not be understood to apply individually and severally to schools within a district that is a contractual party to any such DPA.

X. SPECIFIC PROVISIONS IN THE EU/EEA, UNITED KINGDOM, AND SWITZERLAND

A. Transfers of School Data outside the EU/EEA or Switzerland. If School Data are stored and/or Processed outside the EU/EEA or Switzerland:

1. To the extent legally required, with respect to Personal Data transferred from the EEA and Switzerland, the parties are deemed to have signed the clauses issued pursuant to the EU Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, available at http://data.europa.eu/eli/dec_impl/2021/914/oj (“2021 Standard Contractual Clauses”), which form part of this DPA, and will be deemed completed as follows:

i. School acts as controller and we act as processor and Module 2 of the 2021 Standard Contractual Clauses applies to transfers of Personal Data from School to us;

ii. Clause 7 (the optional docking clause) is not included;

iii. Under Clause 9 (Use of sub-processors), the parties select Option 2 (General written authorization). We shall provide notice of updates to School at least ten (10) days in advance of any intended additions or replacements of sub-processors.

iv. Under Clause 11, the optional language requiring that data subjects be permitted to lodge a complaint with an independent dispute resolution body does not apply;

v. Under Clause 17, the parties choose Option 1 (the law of an EU Member State that allows for third-party beneficiary rights). The parties select the laws of Ireland;

vi. Under Clause 18, the parties select the courts of Ireland;

vii. Annexes I and II of the 2021 Standard Contractual Clauses are set forth below.

2. With respect to transfers of Personal Data that are subject to the Switzerland Federal Act on Data Protection (“FADP”), the 2021 Standard Contractual Clauses shall be deemed to have the following differences to the extent required by the FADP:

i. References to the GDPR are to be understood as references to the FADP insofar as the data transfers are subject exclusively to the FADP and not to the GDPR.

ii. The term “member state” shall not be interpreted to exclude data subjects in Switzerland from the possibility of suing for their rights in their place of habitual residence (Switzerland) in accordance with Clause 18(c).

iii. References to personal data in 2021 Standard Contractual Clauses also refer to data about identifiable legal entities until the entry into force of revisions to the FADP that eliminate this broader scope.

iv. Under Annex I(C): Where the transfer is subject exclusively to the FADP, the supervisory authority is the Swiss Federal Data Protection and Information Commissioner. Where the transfer is subject to both the FADP and the GDPR, the supervisory authority is the Swiss Federal Data Protection and Information Commissioner insofar as the transfer is governed by the FADP, and the supervisory authority is as set forth in the 2021 Standard Contractual Clauses insofar as the transfer is governed by the GDPR.

B. Transfers of School Data outside the United Kingdom. With respect to School Data transferred from the United Kingdom for which UK Data Protection Law (and not the law in any European Economic Area jurisdiction or Switzerland) governs the international nature of the transfer, and such law permits use of the 2010 Standard Contractual Clauses but does not permit use of the 2021 Standard Contractual Clauses, the 2010 Standard Contractual Clauses (decision 2010/87/EU available here) form part of this DPA and take precedence over the rest of this DPA to the extent of any conflict and shall be deemed completed as follows:

1. The “exporter” is the School. The “importer” is Liminex, and our contact information is set forth herein. Where Clause 9 of the 2010 Standard Contractual Clauses requires specification of the law that governs the Clauses, the parties select the law of the United Kingdom. The “illustrative indemnification clause” labelled “optional” is deemed stricken.

Appendices 1 of the 2010 Standard Contractual Clauses are completed as set forth in Annex IA and IB below. Appendix 2 is complete as set forth in Annex II below. By agreeing to this DPA, the Parties are deemed to be signing the 2010 Standard Contractual Clauses and its applicable Appendices.

2. We shall maintain our membership in and comply with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks with respect to such School Data transferred under such Frameworks.

Schedule A

Annexes I and II of the 2021 Standard Contractual Clauses

ANNEX I

A. LIST OF PARTIES

Data exporter(s):

Name: The entity identified as “School” in the EULA.

Address: The address for School associated with its account or as otherwise specified in the EULA or other Agreement with us.

Contact person’s name, position and contact details: The contact details associated with its account or as otherwise specified in the EULA or other Agreement with us.

Activities relevant to the data transferred under these Clauses: The processing activities set forth in the EULA, including our provision of the Products to the School.

Signature and date: By using the Products, the data exporter will be deemed to have signed this Annex I.

Role (controller / processor): Controller

‍

Data importer(s):

Name: Liminex as identified in the EULA

Address: The address for us as specified in the EULA.

Contact person’s name, position and contact details: The contact details for us as specified in the EULA.

Activities relevant to the data transferred under these Clauses: The processing activities set forth in the EULA, including our provision of the Products to the School.

Signature and date: By providing the Products on School’s instructions, the

data importer will be deemed to have signed this Annex I.

Role (controller / processor): Processor

B. DESCRIPTION OF TRANSFER

Categories of data subjects whose personal data is transferred:

School officials, teachers, student end users and other individuals (such as parents) about whom data is provided to us via our Products by (or at the direction of) the School or by end users.

Categories of personal data transferred:

Data relating to school officials, educators, student end users, or other individuals (such as parents) provided to us via the Products, by (or at the direction of) the School or by student end users. The Personal Data provided may include: (a) product set up information, including number of devices, number of students, and network configuration, and a password; (b) information about School personnel and teachers and their permission levels in our Products; (c) requests submitted for Product support; (d) chats and video conferences within GoGuardian Teacher; (e) unique identifiers generated by us, and other relevant unique identifiers (f) a student’s school-managed account information: student’s name, email address, Google Profile ID, Google Image URL, organizational unit, and device identifiers necessary to associate a student with a certain device, unique/account identifiers for students generated by us; (g) depending on Products and features selected by the School, the student’s browsing history, IP address, online content, snapshots, grade and attendance information, demographic information, and assessment information; (h) if the School chooses to integrate us with another school software system, unique identifiers necessary to connect our systems; (i) geographic location of devices for the purpose of the School locating and recovering its devices using GoGuardian Admin; (and) (j) parent’s/guardian’s name, email address, and optionally phone number from the School.

Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measure:

None anticipated, but the Products do not impose a technical restriction on the categories of Personal Data above provided through the Products.

The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis):

On a continuous basis for as long as School is engaging us to provide the Products.

Nature of the processing: The nature of the Processing is as forth in the EULA or other agreement between the parties.

Purpose(s) of the data transfer and further processing:

The purposes for the data transfer are to facilitate our provision of Products pursuant to the EULA or other agreement between the parties.

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period:

The data will be retained for the time period needed to accomplish the purposes of processing, unless otherwise required by applicable law.

For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing:

Transfers to subprocessors are for the same purposes as transfers to the processor.

C. COMPETENT SUPERVISORY AUTHORITY

Identify the competent supervisory authority/ies in accordance with Clause 13: Ireland Data Protection Commissioner

ANNEX II - TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA

Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons.

Access Control and Management

We implement lifecycle management practices to ensure that all access is promptly terminated when user access is no longer necessary. Only authorized users are granted access to our information systems, and users are limited to specific defined, documented, and approved levels of access rights consistent with the least privilege principle.

Access to our information system is granted based on a valid need-to-know that is determined by assigned official duties and satisfying all personnel security criteria, separation of duties and intended system usage. Proper identification and approval is required for requests to establish system accounts.

Information must be classified and protected according to its risk profile. Any data classified as Confidential, Restricted, or with a required need for confidentiality or integrity, are stored on encrypted systems.

Data Recovery & Logging

As part of the our Disaster Recovery Plan, we implement a backup solution to protect the availability of its information.

We retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. Network and Host-Based Intrusion Detection Systems are to be used, where applicable.

Configuration and Change Management

We implement a configuration management plan to meet the compliance requirements for each system and a change management program to track, review, approve, or disapprove, and log changes. We control and monitor user-installed software.

Incident Response

Our Incident Response Team responds to security incidents in accordance with our Incident Response Plan.

Media Protection

We protect removable and portable storage media that stores or processes non-public data with necessary measures, such as encryption, to ensure non-public data is prohibited from unauthorized access and disclosure.

Physical Protection

Our facilities maintain a list of individuals with authorized access to our offices. Our facilities and offices are protected by physical security measures to ensure information assets are physically protected from damage, unauthorized access, theft, and interruptions to business processes. Employees will have access to systems and facilities removed upon termination of employment.

Risk & Vulnerability Management

We, from time to time, identify reasonably foreseeable internal and external threats that could result in unauthorized disclosure, misuse, alteration, or destruction of organization owned or managed information or information systems. Areas of physical, administrative, and technical risks are assessed for potential impact and likelihood. Security controls in place to mitigate the resultant risks of identified threats are evaluated. We regularly conduct vulnerability scanning and testing and identify steps to reduce risk.

The installation of new types of equipment that are not currently on the approved list of network devices for our infrastructure network must be approved by a group prior to installation.

Backups & Recovery:

We implement a backup solution to protect the availability of its information. The frequency of information system backups and the transfer rate of backup information to an alternate storage site (if so designated) shall be consistent with our recovery objectives and internal policies.

We regularly perform data backups for all appropriate systems. All backup solutions and media are tested at least annually or as needed to ensure the highest integrity and availability.

System and Information Integrity

All endpoints capable of running anti-virus software must have installed company-approved and licensed anti-malware software. Vendor-supplied security updates, service packs, and patches are implemented on production systems in a timely fashion. Firewalls are used to protect the internal network resources from public networks such as the Internet.

We implement an encryption management program to use proven, government-approved, FIPS-validated encryption technologies in all IT systems that process, store, and transmit non-public data.

When sensitive information is transmitted over any publicly accessible communication network, it must be sent in encrypted form.

Training & Compliance

We conduct an IT Security Awareness and Training program that outlines the types and frequency of training sessions for all employees that meet organizational, security, compliance, and contractual requirements.

Users are required to observe and follow our policies, standards, and procedures at all times. Audits of compliance with this standard are performed on a regular basis.

table of contents

Min. read

Giveaway/sweepstakes official rules

This sweepstakes promotion or social media giveaway (“Campaign”) shall be subject to these official rules (the “Official Rules”), and by entering, the Participant (“You”) agree to be bound by the terms and conditions herein. Certain restrictions may apply.

NO PURCHASE IS NECESSARY TO ENTER OR WIN. PARTICIPANTS MUST HAVE INTERNET ACCESS PRIOR TO THE START DATE OF THE CAMPAIGN. A PURCHASE OR PAYMENT OF ANY KIND WILL NOT INCREASE YOUR CHANCES OF WINNING. ODDS OF WINNING WILL DEPEND ON THE TOTAL NUMBER OF ENTRIES RECEIVED.
VOID WHERE PROHIBITED BY LAW.

1. Sponsor: The Sponsor of the Campaign is Liminex, Inc. dba GoGuardian, acting on behalf of itself and its affiliates (“GoGuardian”), 2030 East Maple Avenue, Suite 100, El Segundo CA 90245.

2. Eligibility: This Campaign is open only to those who sign up and enter into the Giveaway / Sweepstakes per the directions of the applicable Giveaway / Sweepstakes official post and who are 18 years old as of the date of entry. The Campaign is only open to legal residents of the United States and is void where prohibited by law. Employees of GoGuardian, its affiliates, subsidiaries, advertising and promotion agencies, and suppliers, (collectively the “Employees”), and immediate family members and/or those living in the same household of Employees are not eligible to participate in the Campaign. The Campaign is subject to all applicable federal, state, and local laws and regulations.

3. Agreement to Rules: By participating, You agree to be fully unconditionally bound by these Official Rules, and You represent and warrant that You meet the eligibility requirements. In addition, You agree to accept the decisions of GoGuardian as final and binding as it relates to the content of this Campaign.

4. Campaign Period: Entries will be accepted online for the dates set forth in the applicable Giveaway / Sweepstakes official post. All online entries must be received by such date. No submissions will be accepted after the deadline for any reason.

5. How to Enter: The Campaign must be entered by submitting an entry following the directions of the applicable Giveaway / Sweepstakes official post. The entry must fulfill all Campaign requirements, as specified, to be eligible to win a prize. Entries that are incomplete or do not adhere to the rules or specifications may be disqualified at the sole discretion of GoGuardian.

You may enter only once. You must provide the information requested. You may not enter more times than indicated by using multiple email addresses, identities, or devices in an attempt to circumvent the rules. If You use fraudulent methods or otherwise attempt to circumvent the rules, your submission may be removed from eligibility at the sole discretion of GoGuardian.

No responsibility is assumed by GoGuardian, their respective subsidiaries, parents, partners, for any computer, online, telephone or technical malfunctions that may occur. Entries will be declared made by the authorized account holder of the at the time of entry. “Authorized account holder” is defined as the natural person who is assigned to a social media profile by an Internet Access provider, online service provider, or other organization (e.g., business, educational institution, etc.) that is responsible for assigning e-mail addresses for the domain associated with the submitted e-mail address. All entries become the property of GoGuardian and will not be returned to You. All entries must be submitted from a valid e-mail account that may be identified with a natural person by appropriate independent means, including, without limitation, reverse domain name search. Potential winner may be requested to provide GoGuardian with proof that the potential winner is the authorized account holder of the e-mail address associated with the winning entry.

6. Prizes: The Winner(s) of the Campaign (the “Winner”) will receive the prize listed in the applicable Giveaway / Sweepstakes official post. Actual/appraised value may differ at time of prize award. The specifics of the prize shall be solely determined by GoGuardian. No cash or other prize substitution shall be permitted except at GoGuardian’s discretion. The prize is nontransferable. Any and all prize-related expenses, including without limitation any and all federal, state, and/or local taxes, shall be the sole responsibility of Winner. No substitution of prize or transfer/assignment of prize to others or request for the cash equivalent by Winner is permitted. Acceptance of prize constitutes permission for GoGuardian to use Winner’s name, likeness, and entry for purposes of advertising and trade without further compensation unless prohibited by law.

‍7. Odds: The odds of winning depend on the number of eligible entries received.‍

8. Winner Selection and Notification: Winner will be selected per the method set forth in the applicable Giveaway / Sweepstakes official post under the supervision of GoGuardian. Winner will be notified per the method set forth in the applicable Giveaway / Sweepstakes official post within five (5) days following selection of Winner. GoGuardian shall have no liability for Winner’s failure to receive notices due to spam, junk email, or other security settings or for Winner’s provision of incorrect or otherwise non-functioning contact information. If Winner cannot be contacted, is ineligible, fails to claim the prize within two (2) days from the time award notification was sent, or fails to timely return a completed and executed Affidavit of Eligibility/Prize Acceptance Form/Release of liability as required, the prize may be forfeited and an alternate Winner selected. Receipt by Winner of the prize offered in this Campaign is conditioned upon compliance with any and all federal, state, and local laws and regulations. ANY VIOLATION OF THESE OFFICIAL RULES BY WINNER (AT GOGUARDIAN‘S SOLE DISCRETION) WILL RESULT IN WINNER’S DISQUALIFICATION AS WINNER OF THE CAMPAIGN, AND ALL PRIVILEGES AS WINNER WILL BE IMMEDIATELY TERMINATED.

9. Rights Granted by You: By entering this content (e.g., photo, video, text, etc.), You understand and agree that GoGuardian, anyone acting on behalf of GoGuardian, and GoGuardian’s licensees, successors, and assigns, shall have the right, where permitted by law, to print, publish, broadcast, distribute, and use in any media now known or hereafter developed, in perpetuity and world-wide, without limitation, your entry, name, portrait, picture, voice, likeness, image, statements about the Campaign, and biographical information for news, publicity, information, trade, advertising, public relations, and promotional purposes, without any further compensation, notice, review, or consent. By entering this content, You represent and warrant that your entry is an original work of authorship, and does not violate any third party’s proprietary or intellectual property rights. If your entry infringes upon the intellectual property right of another, You will be disqualified at the sole discretion of GoGuardian. If the content of your entry is claimed to constitute infringement of any proprietary or intellectual proprietary rights of any third party, You shall, at your sole expense, defend or settle against such claims. You shall indemnify, defend, and hold harmless GoGuardian from and against any suit, proceeding, claims, liability, loss, damage, costs or expense, which GoGuardian may incur, suffer, or be required to pay arising out of such infringement or suspected infringement of any third party’s right.

10. Terms & Conditions: GoGuardian reserves the right, in its sole discretion, to cancel, terminate, modify or suspend the Campaign should virus, bug, non-authorized human intervention, fraud, or other cause beyond GoGuardian’s control corrupt or affect the administration, security, fairness, or proper conduct of the Campaign. In such case, GoGuardian may select the Winner from all eligible entries received prior to and/or after (if appropriate) the action taken by GoGuardian. GoGuardian reserves the right, in its sole discretion, to disqualify any individual who tampers or attempts to tamper with the entry process or the operation of the Campaign or website or violates these Official Rules. GoGuardian has the right, in its sole discretion, to maintain the integrity of the Campaign, to void votes for any reason, including, but not limited to: multiple entries from the same user from different IP addresses; multiple entries from the same computer in excess of that allowed by Campaign rules; or the use of bots, macros, scripts, or other technical means for entering. Any attempt by an entrant to deliberately damage any website or undermine the legitimate operation of the Campaign may be a violation of criminal and civil laws. Should such an attempt be made, GoGuardian reserves the right to seek damages to the fullest extent permitted by law.

‍11. Limitation of Liability: By entering, You agree to release and hold harmless GoGuardian and its subsidiaries, affiliates, advertising and promotion agencies, partners, representatives, agents, successors, assigns, employees, officers, and directors from any liability, illness, injury, death, loss, litigation, claim, or damage that may occur, directly or indirectly, whether caused by negligence or not, from: (i) such entrant’s participation in the Campaign and/or his/her acceptance, possession, use, or misuse of any prize or any portion thereof; (ii) technical failures of any kind, including but not limited to the malfunction of any computer, cable, network, hardware, or software, or other mechanical equipment; (iii) the unavailability or inaccessibility of any transmissions, telephone, or Internet service; (iv) unauthorized human intervention in any part of the entry process or the Promotion; (v) electronic or human error in the administration of the Promotion or the processing of entries. If the Campaign is not capable of running as planned for any reason, including legal restrictions, tampering, unauthorized intervention, fraud, technical failures, or any other causes beyond the control of Campaign Provider that corrupt or affect the administration, security, fairness, integrity or proper conduct of the Campaign, GoGuardian reserves the right to cancel, terminate, modify or suspend the Campaign.

‍12. Disputes: THIS CAMPAIGN IS GOVERNED BY THE LAWS OF CALIFORNIA WITHOUT RESPECT TO CONFLICT OF LAW DOCTRINES. As a condition of participating in this Campaign, You agrees that any and all disputes that cannot be resolved between the parties, and causes of action arising out of or connected with this Campaign, shall be resolved individually, without resort to any form of class action, exclusively before a court located in Los Angeles County, CA having jurisdiction. Further, in any such dispute, under no circumstances shall You be permitted to obtain awards for, and hereby waives all rights to, punitive, incidental, or consequential damages, including reasonable attorney’s fees, other than participant’s actual out-of-pocket expenses (i.e. costs associated with entering this Campaign). You further waives all rights to have damages multiplied or increased.

‍13. Privacy Policy: Information submitted with an entry is subject to the Privacy Policy stated on the GoGuardian website. To read the Privacy Policy, go to https://www.goguardian.com/policies/privacy.

‍14. Winners List: To obtain a copy of the Winner’s name or a copy of these Official Rules, mail your request along with a stamped, self-addressed envelope to: Liminex, Inc. dba GoGuardian, 2030 East Maple Avenue, Suite 100, El Segundo CA 90245, ATTN: Marketing Department, Giveaway / Sweepstakes Winner List. Requests must be received no later than five (5) days after the Winner of the applicable Giveaway / Sweepstakes is announced.

‍15. No Endorsement: The Campaign hosted by GoGuardian is in no way sponsored, endorsed, administered by, or associated with Google, Facebook, Instagram or Twitter.