Utah Privacy Addendum

Version 1.0.0

CDCK and Customer agree to add the following terms to their Agreement:


Both sides agree to do their respective parts to comply with the Utah Consumer Privacy Act or UCPA, consistent with Customer’s role as controller and CDCK’s role as processor.


Whenever it is feasible and legal to do so, each side will give the other prompt Notice of consumer rights requests, regulatory inquiries, and other communications under the UCPA. Both sides agree to cooperate in good faith to respond to and honor such communications.

Security and Breach Response

Taking into account the nature of processing and the information available to CDCK, CDCK will give Customer reasonable assistance in meeting the Customer’s obligations to secure personal data and notify of breaches.

Processor Requirements

CDCK and Customer intend the following terms to meet the requirements of Utah Code section 13-61-301(2):


CDCK will process personal data on Customer’s behalf and in accordance with Customer’s instructions in order to provide services under the Agreement, for the duration of the Agreement.


CDCK will ensure that each person processing personal data is subject to a duty of confidentiality with respect to the data.


CDCK will engage any subcontractor pursuant to a written contract that requires the subcontractor to meet the obligations of CDCK with respect to the personal data.

Deidentified Data

If CDCK receives deidentified data from Customer, CDCK will comply with all relevant provisions of the UCPA.


If the terms of this addendum conflict with terms of the Agreement, the terms of this addendum take precedence for personal data subject to the UCPA.


  1. This addendum uses the terms consumer, deidentified data, processing, processor, and controller as defined by the UCPA.

  2. This addendum uses the term personal data as defined by the UCPA, limited to consumer personal data processed by CDCK on behalf of Customer.

  3. This addendum uses the term Notice as defined in the Agreement.