NerdioCon 2025: April 7-9, Palm Springs, CA
NerdioCon 2025: April 7-9, Palm Springs, CA
Properly quote and cost-predict Microsoft Azure.
Model and cost-predict Azure Virtual Desktop environments.
Effective August 16, 2018
This Privacy Policy describes how Nerdio (https://getnerdio.com/) collects, uses and discloses information, and what choices you have with respect to the information. Updates in this version of the Privacy Policy reflect changes in data protection law.
When we refer to “Nerdio”, we mean the Nerdio, Inc. entity that acts as the controller or processor of your information, as explained in more detail in the “Identifying the Data Controller and Processor” section below.
Nerdio (“Nerdio,” “we,” “us,” “our,” or “Company”) is committed to respecting the privacy of the information collected from its customers, visitors, and other users (“you” or “your”) of the Nerdio website, (the “Nerdio Site,” or “Site”). We created this Privacy Policy (this “Policy”) to explain how we collect, use, disclose, and safeguard your information when you use the Nerdio Site.
This Policy is only applicable to the Nerdio Site, and not to any other websites that you may be able to access from the Site or via the Services, each of which may have data collection and use practices and policies that differ materially from this Policy. This Policy applies to all personal information received by Nerdio whether in electronic, paper or verbal format.
PLEASE READ THIS POLICY CAREFULLY. We take the security and privacy of your personal information very seriously and only collect personally identifiable information that is appropriate for you to use, interact and improve Nerdio Site. If you do not agree with the terms of this Policy, please do not download the Site, access the Services, or otherwise use the Nerdio Site.
Personal Information. We may ask for certain personal information from you for the purpose of providing you with any content and/or services that you request (including but not limited to your name, organization, address, phone number, email address).
We may also decide to keep the info you submit to us on file so we can properly respond to any of your questions or concerns, as well as for future communication.
Testimonials. From time to time, we may specifically contact you to provide a testimonial regarding your experience, thoughts and comments about Nerdio. If you agree to provide a testimonial, we will publish your testimonial on our Site and the information you provide such as your full name and company will be public. However, you have the right to decline our request for a testimonial and not provide us any information.
Automatic Collection. We may automatically collect the following information about your use of our Services: access time, device ID, Application ID or other unique identifier; domain name, IP address, language information; device name and model; operating system information; location information; your activities within the Services; and the length of time that you are logged in.
Cookies. From time to time, we may use the standard “cookies” feature of major browser applications that allows us to store a small piece of data on your device about your activity on our Site. We do not set any personally identifiable information in cookies, nor do we employ any data capture mechanisms on our website other than cookies. We’re always looking to improve the quality of our service and to customize your experience on our Site. Cookies help us learn which areas of our site are useful and which areas need improvement. You can choose whether to accept cookies by changing the settings on your browser. However, if you choose to disable this function, your experience with our Site may be diminished and some features may not work as they were intended.
Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. Nerdio uses your information in furtherance of performance of a contract to provide you our Site, information we collect with your consent and our legitimate interests in operating our Site and business as listed below. Please see how we use the information we collect from you:
Personal Information. We will not share your personal information with any third parties without your consent, except as necessary to provide you with the Nerdio Site or to comply with the law. We may use your personal information to verify your identity, to check your qualifications, or to follow up with transactions initiated on the Site. We may also use your contact information to inform you of any changes to the Site, or to send you additional information about Company. If you give your permission, we may share your contact information with our business partners or other companies that we integrate with.
Anonymous Information. We use anonymous information to analyze our Site traffic, but we do not examine this information for individually identifying information. In addition, we may use anonymous IP addresses to help diagnose problems with our server, to administer our Site, or to display the content according to your preferences. Traffic and transaction information may also be shared with business partners and advertisers on an aggregate and anonymous basis.
Marketing. We may use your personal information to:
Use of Cookies. We may use cookies and other tracking technologies to deliver content specific to your interests, to save your password so you don’t have to re-enter it each time you visit our Site, or for other purposes. Promotions or advertisements displayed on our Site may contain cookies. Aggregate cookie and tracking information may be shared with third parties. Also, we may display certain advertising offers on our Site to allow service providers, advertisers, or other third parties to advertise on our Site. Most browsers are set up to accept cookies by default. You can remove or reject cookies, but be aware that such action could affect the availability and functionality of the Nerdio Site.
Disclosure To Protect Lawful Interests. We may disclose personal information if required to do so by law or in the good-faith belief that such action is necessary to (1) conform to the edicts of the law or comply with legal process served on Company or its parent company, subsidiaries or affiliates, (2) protect and defend the rights or property of Company or the users of the Site, or (3) act under exigent circumstances to protect the safety of the public or users of the Site.
Sale of Information. In order to accommodate changes in our business, we may sell or buy portions of our company or other companies or assets, including the information collected through this Site. If Company or substantially all of its assets are acquired; customer information will be one of the assets transferred to the acquirer.
Retention Period. We review our retention periods for personal information on a regular basis. We will hold your personal information on our systems for as long as you are using Nerdio Site.
Correcting Your Information. The accuracy of your information is important to us. We are working on making it easier for you to review and correct the information we hold about you. If you change email address, or you think any of the other information we hold is inaccurate or out of date, please email us at: hello@getnerdio.com.
Access To Information. You have the right to ask for a copy of the information we hold about you, free of charge, and we will respond to your request within 30 (thirty) days.
Marketing. You have the right to ask us not to process your personal information for marketing purposes. You can exercise your right to prevent such processing by checking or unchecking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at: hello@getnerdio.com.
Nerdio Site, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.
Right To Portability. You have the right to receive personal data you have provided to us in a structured, commonly used and machine readable format. You also have the right to request that we, as the controller, transmit this data directly to another controller. You may only exercise this right with respect to the personal data you have provided to us with your consent or for the performance of a contract. The right to data portability only applies to personal data. This means that it does not apply to genuinely anonymous data. If you wish to exercise your right to portability, free of charge, please contact us at hello@getnerdio.com. We will respond to your request within 30 (thirty) days.
Right To File A Complaint. If you are residing in European Economic Area: If you have any concerns and/or complaints regarding our information privacy practices, please contact us at hello@getnerdio.com, we will help to resolve your question, concern or complaint. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, after you contacted us, you have the right to file a complaint with your Data Protection Authority.
Nerdio’s servers are located in the United States. As part of the services offered to you through Nerdio Site, the information which you provide to us may be transferred to countries outside the European Union (“EU”). By way of example, this may happen if any of our or third-party providers’ servers are from time to time located in a country outside of the EU. These countries may not have similar data protection laws to the EU.
By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.
If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
IDENTIFYING THE DATA PROCESSOR AND DATA CONTROLLER
Data protection law in certain jurisdictions differentiates between the “controller” and “processor” of information. In general, you are the controller of your data. In general, Nerdio is the processor of your data.
DATA SECURITY
We have administrative, technical, and physical security measures in place to help prevent the loss, misuse, and alteration of the information that we obtain from you, but we make no assurances about our ability to prevent any such loss, misuse, to you or to any third party arising out of any such loss, misuse, or alteration. Any information disclosed online can potentially be intercepted and used by unauthorized parties.
CONTROLS FOR DO-NOT-TRACK FEATURES
Most web browsers and some mobile operating systems include a Do-Not-Track (“DNT”) feature or setting that you can activate to signal your privacy preference not to have information about your online browsing activities monitored or collected.
Our Site do not track your browsing activities across third party websites and we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your preference not to be tracked online. No uniform technology standard for recognizing and implementing DNT signals has been finalized. Because there is not yet a common understanding of how to interpret the DNT signal, we do not currently respond to DNT signals which may be sent from your computer, mobile device, or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will provide information about that practice in a revised version of this Policy.
The Site may contain links to other websites. If you choose to visit other websites, we are not responsible for the privacy practices or content of those other websites, and it is your responsibility to review the privacy policies at those websites to confirm that you understand and agree with their policies.
NOTICE CONCERNING THE INFORMATION OF CHILDREN
Nerdio Site is not directed to children. In connection with our Services, we do not knowingly solicit information from or market to children under the age of 16. Please contact us if your child has provided personal information to us and we will take reasonable measures to promptly delete the information from our records; however, please be aware that the information may not be completely or comprehensively removed from our databases, if it is kept in a de-identified manner and if we are not able to link that information to the individual.
At Nerdio, we believe in being transparent about how we collect and use data. This policy provides information about how and when we use cookies for these purposes. Capitalized terms used in this policy but not defined have the meaning set forth in our Privacy Policy, which also includes additional details about the collection and use of information at Nerdio.
Cookies are small text files sent by us to your computer or mobile device. These files enable Nerdio features and functionality. They are unique to your account or your browser. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or until they expire.
To find out more about cookies, visit this site.
Yes. Nerdio uses cookies and similar technologies like web plugins. We use both session-based and persistent cookies. Nerdio sets and accesses our own cookies on the domains operated by Nerdio and its corporate affiliates (collectively, the “Sites”). In addition, we use third-party cookies, such as Google Analytics.
In addition to our own cookies, we may also use various third-party cookies to report usage statistics of the Service, deliver advertisements on and through the Service, and so on.
Some cookies are associated with your account and personal information in order to remember that you are logged in. Other cookies are not tied to your account but are unique and allow us to carry out analytics and customization, among other, similar activities.
Cookies can be used to recognize you when you visit a Site or use our Services, remember your preferences, and give you a personalized experience that is consistent with your settings. Cookies also make your interactions faster and more secure.
Categories of Use | Description |
Authentication | If you’re signed in to our Services, cookies help us show you the right information and personalize your experience. |
Security | We use cookies to enable and support our security features, as well as to help us detect malicious activity. |
Preferences, features and services | Cookies can tell us which language you prefer and what your communications preferences are. They can help you fill out forms on our Sites more easily. They also provide you with features, insights, and customized content. |
Marketing | We may use cookies to help us deliver marketing campaigns and track their performance. Similarly, our partners may use cookies to provide us with information about your interactions with their services; however, use of those third-party cookies would be subject to the service provider’s policies. |
Performance, Analytics and Research | Cookies help us learn how well our Site and Services perform. We also use cookies to understand, improve, and research products, features, and services, including to create logs and record when you access our Sites and Services from different devices, such as your work computer or mobile device. |
You can find a list of the third-party cookies Nerdio uses on our sites, along with other relevant information, in our cookie tables. While we do our best to keep this table updated, please note that the number and names of cookies, pixels and other technologies may change from time to time.
Cookies and other ad technology such as beacons, pixels, and tags help us market more effectively to users that we and our partners believe may be interested in Nerdio. They also help provide us with aggregated auditing, research, and reporting, and know when content has been shown to you.
What can you do if you don’t want cookies to be set or want them to be removed, or if you want to opt out of internet-based targeting?
Some people prefer not to allow cookies, which is why most browsers give you the ability to manage cookies to suit you. In some browsers, you can set up rules to manage cookies on a site-by-site basis, giving you more fine-grained control over your privacy. What this means is that you can disallow cookies from all sites except those that you trust.
Browser manufacturers provide help pages relating to cookie management in their products. Please see the links below for more information.
For other browsers, please consult the documentation that your browser manufacturer provides.
You can opt out of interest-based targeting provided by participating ad servers through the Digital Advertising Alliance (http://youradchoices.com). In addition, on your iPhone, iPad, or Android, you can change your device settings to control whether you see online interest-based ads.
If you limit the ability of websites and applications to set cookies, you may worsen your overall user experience and/or lose the ability to access the services, since it will no longer be personalized to you. It may also stop you from saving customized settings like login information.
Our Sites and Services do not collect personal information about your online activities over time or across third-party websites or online services. Therefore, “do not track” signals transmitted from web browsers do not apply to our Sites or Services, and we do not alter any of our data collection and use practices upon receipt of such a signal.
If you have questions or comments about these policies, please email us at hello@getnerdio.com or call us at (877) 909-5410.
We reserve the right, at any time, to add to, change, update, or modify this Policy, simply by posting such change, update, or modification on the Site and without any other notice to you. Any such change, update, or modification will be effective immediately upon posting on the Site. It is your responsibility to review this Policy from time to time to ensure that you continue to agree with all of its terms.
Please see Microsoft Commercial Marketplace terms and conditions here.
Effective November 17, 2024
This Data Protection Addendum (“Addendum”) forms part of the Master Customer Agreement (“Agreement”) between Nerdio and Customer. Capitalized terms not otherwise defined herein will have the meaning given to them in the Agreement. Except as modified below, the terms of the Agreement will remain in full force and effect.
In consideration of the mutual obligations set out herein, the parties hereby agree that the terms and conditions set out below will be added as an Addendum to the Agreement. Except where the context requires otherwise, references in this Addendum to the Agreement are to the Agreement as amended by, and including, this Addendum. By entering into the Agreement, the parties are deemed to have signed all Exhibits, Attachments, Annexes, Schedules, and Appendices, including those incorporated by reference, to this Addendum where applicable.
1.1. In this Addendum, the following terms will have the meanings set out below and cognate terms will be construed accordingly:
1.1.1. “Applicable Laws” means (a) European Union or Member State laws with respect to any Customer Personal Data in respect of which Customer is subject to EU Data Protection Laws; and (b) any other applicable law with respect to any Customer Personal Data in respect of which Customer is subject to any other Data Protection Laws;
1.1.2. “CCPA” means (to the extent applicable) the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020, together with any regulations promulgated thereunder;
1.1.3. “Customer Personal Data” means any Personal Data Processed by a Contracted Processor solely on behalf of Customer to provide the Services pursuant to or in connection with the Agreement;
1.1.4. “Contracted Processor” means Nerdio or a Subprocessor;
1.1.5. “Data Protection Laws” means collectively, the GDPR and the UK Data Protection Laws, as applicable;
1.1.6. “EEA” means the European Economic Area;
1.1.7. “GDPR” means EU General Data Protection Regulation 2016/679;
1.1.8. “Processing” (including any grammatically inflected forms thereof) means any operation or set of operations which is performed on data or on sets of data, whether or not by automated means, including without limitation collection, recording, organization, structuring, storage, adaptation or alteration, access, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
1.1.9.“Restricted Transfer” means:
1.1.10. “Services” means the services and other activities to be supplied to or carried out by or on behalf of Nerdio for Customer pursuant to the Agreement;
1.1.11. “Standard Contractual Clauses” means the Standard Contractual Clauses for the Transfer of Personal Data as set out in European Commission Decision 2021/914/EC, available at https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32021D0914&from=EN;
1.1.12. “Subprocessor” means any person (including any third party, but excluding an employee of Nerdio or any of its sub-contractors) appointed by or on behalf of Nerdio to Process Customer Personal Data on behalf of Customer in connection with the Agreement;
1.1.15. The terms, “Commission”, “Controller”, “Data Subject”, “Member State”, “Personal Data”, “Personal Data Breach”, “Processor” and “Supervisory Authority” will have the same meaning as in the Data Protection Laws (as applicable), and their cognate terms will be construed accordingly;
1.1.16. “UK” means the United Kingdom;
1.1.17. “UK Data Protection Laws” means UK GDPR and the UK’s Data Protection Act 2018 (“UK DPA 2018”);
1.1.18. “UK DTA” means the UK’s ‘International Data Transfer Addendum to the EU Commission Standard Contractual Clauses’, Version B1.0, in force from March 21, 2022, available at https://ico.org.uk/media/for-organisations/documents/4019535/addendum-international-data-transfer.docx.
1.1.19. “UK GDPR” means the UK equivalent of the GDPR, as defined in section 3(10) (and as supplemented by section 205(4)) of the UK DPA 2018; and
2.1. Nerdio will:
2.2. Customer:
2.3. Exhibit A to this Addendum sets out certain information regarding the Contracted Processors’ Processing of the Customer Personal Data as required by article 28(3) of the GDPR (and, possibly, equivalent requirements of other Data Protection Laws).
Nerdio will take reasonable steps to ensure the reliability of any employee, agent or contractor of any Contracted Processor who may have access to the Customer Personal Data, ensuring in each case that access is strictly limited to those individuals who need to know/access the relevant Customer Personal Data, as strictly necessary for the purposes of the Agreement, and to comply with Applicable Laws in the context of that individual’s duties to the Contracted Processor, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
4.1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Nerdio will in relation to the Customer Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR and/or the equivalent provision(s) of the UK Data Protection Laws.
4.2. In assessing the appropriate level of security, Nerdio will take account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach.
5.1. Customer authorizes Nerdio to appoint (and permit each Subprocessor appointed in accordance with this section 5 to appoint) Subprocessors in accordance with this section 5 and any restrictions in the Agreement.
5.2.Nerdio may continue to use those Subprocessors already engaged by Nerdio as at the date of this Addendum, subject to Nerdio in each case as soon as practicable meeting the obligations set out in section 5.4.
5.3. Nerdio will give Customer prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within five (5) business days of receipt of that notice, Customer notifies Nerdio in writing of any objections (on reasonable grounds) to the proposed appointment:
5.4. With respect to each Subprocessor, Nerdio will:
5.5. Nerdio will ensure that each Subprocessor performs the obligations under sections 2.1, 3, 4, 6.1, 7.2, 8 and 10.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of Nerdio.
6.1. Taking into account the nature of the Processing, Nerdio will assist Customer by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the Customer’s obligations, as reasonably understood by Customer, to respond to requests to exercise Data Subject rights under the Data Protection Laws.
6.2. Nerdio will:
7.1. Nerdio will notify Customer promptly upon Nerdio becoming aware of a Personal Data Breach affecting Customer Personal Data, providing Customer with sufficient information to allow Customer to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.
7.2. Nerdio will co-operate with Customer and take such reasonable commercial steps as are directed by Customer to assist in the investigation, mitigation and remediation of each such Personal Data Breach, provided that such assistance shall be provided at Customer’s expense, except in the event that such Personal Data Breach is caused by Contracted Processor’s act or omissions, in which case such assistance shall be provided at Contracted Processor’s expense.
Nerdio will provide reasonable assistance to Customer with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which Customer reasonably considers to be required of Customer by article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of Customer Personal Data by, and taking into account the nature of the Processing and information available to, the Contracted Processors.
9.1. Subject to sections 9.2 and 9.3 Nerdio will promptly and in any event within thirty-one (31) days of the date of cessation of any Services involving the Processing of Customer Personal Data (the “Cessation Date”), delete and procure the deletion of all copies of those Customer Personal Data.
9.2. Subject to section 9.3, Customer may in its absolute discretion by written notice to Nerdio within thirty (30) days of the Cessation Date require Nerdio to (a) return a complete copy of all Customer Personal Data to Customer by secure file transfer in such format as is reasonably notified by Customer to Nerdio; and (b) delete and procure the deletion of all other copies of Customer Personal Data Processed by any Contracted Processor. Nerdio will comply with any such written request within thirty-one (31) days of the Cessation Date.
9.3. Each Contracted Processor may retain Customer Personal Data to the extent required by Applicable Laws and only to the extent and for such period as required by Applicable Laws and always provided that Nerdio will ensure the confidentiality of all such Customer Personal Data and will ensure that such Customer Personal Data is only Processed as necessary for the purpose(s) specified in the Applicable Laws requiring its storage and for no other purpose.
9.4. Nerdio will provide written certification to Customer that it has fully complied with this section 9 within thirty-one (31) days of the Cessation Date.
10.1. Subject to sections 10.1 to 10.3, Nerdio will make available to Customer on request all information necessary to demonstrate compliance with this Addendum, and will allow for and contribute to audits, including inspections, by Customer or an auditor mandated by Customer, provided that no such auditor will be a competitor of Nerdio or compensated on a contingency basis, in relation to the Processing of the Customer Personal Data by the Contracted Processors.
10.2. Information and audit rights of the Customer only arise under section 10.1 to the extent that the Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law (including, where applicable, article 28(3)(h) of the GDPR and/or equivalent provisions of the UK Data Protection Laws).
10.3. Customer will give Nerdio reasonable prior notice of any audit to be conducted under section 10.1 and will make (and ensure that each of its mandated auditors makes) reasonable efforts to avoid causing (or, if it cannot avoid, to minimize) any damage, injury or disruption to the Contracted Processors’ premises, equipment, personnel and business in the course of such an audit. Notwithstanding anything to the contrary in this section 10 no audit shall be undertaken unless or until Customer has requested, and Nerdio has provided, information about Nerdio’s data protection practices and Customer reasonably determines that an audit remains necessary to demonstrate material compliance with the obligations laid down in this Addendum.
For the purposes of such an audit:
11.1. To the extent Nerdio Processes Customer Personal Data regulated by the GDPR solely on behalf of Customer (“EU Personal Data”), and to the extent Customer is a Controller and Nerdio is a Processor on behalf of Customer with regard to such EU Personal Data, then to the extent required by the GDPR, Module 2 of the Standard Contractual Clauses (the “Controller to Processor Standard Contractual Clauses”) will apply to the transfer of such EU Personal Data by Customer to Nerdio and to Nerdio’s Processing of such EU Personal Data and the parties hereby agree to comply with such Controller to Processor Standard Contractual Clauses, which are hereby incorporated into the Agreement in their entirety, as set forth in Exhibit B. In the event of a conflict between the Agreement and the Controller to Processor Standard Contractual Clauses, the Controller to Processor Standard Contractual Clauses will control to the extent applicable to such EU Personal Data.
11.2. To the extent Nerdio Processes EU Personal Data, and to the extent Customer is a Processor on behalf of a third party with respect to EU Personal Data and Nerdio is a Processor on behalf of Customer with regard to such EU Personal Data, then to the extent required by the GDPR, Module 3 of the Standard Contractual Clauses (the “Processor to Processor Standard Contractual Clauses”) will apply to the transfer of such EU Personal Data by Customer to Nerdio and to Nerdio’s Processing of such EU Personal Data and the parties hereby agree to comply with such Processor to Processor Standard Contractual Clauses, which are hereby incorporated into the Agreement in their entirety, as set forth in Exhibit C. In the event of a conflict between the Agreement and the Processor to Processor Standard Contractual Clauses, the Processor to Processor Standard Contractual Clauses will control to the extent applicable to such EU Personal Data.
11.3. To the extent Nerdio Processes Personal Data regulated by the UK Data Protection Laws solely on behalf of Customer (“UK Personal Data”), then to the extent required by the UK Data Protection Laws, the UK DTA will apply to the transfer of such UK Personal Data by Customer to Nerdio and to Nerdio’s Processing of such UK Personal Data and the parties hereby agree to comply with such UK DTA, which is hereby incorporated into the Agreement in its entirety and as set forth in Exhibit D. In the event of a conflict between the Agreement and the UK DTA, the UK DTA will control to the extent applicable to the UK Personal Data.
11.4. To the extent Customer makes available to Nerdio any information relating to any identified or identifiable individual or household that is regulated by the CCPA for a business purpose pursuant to the Agreement and/or to the extent Nerdio Processes Personal Data regulated by the CCPA solely on behalf of Customer (collectively, “California Personal Data”), then to the extent required by the CCPA, the California Data Exhibit (attached hereto as Exhibit E, the “California Data Exhibit”) will apply to Nerdio’s Processing of such California Personal Data and the parties hereby agree to comply with such California Data Exhibit, which is hereby incorporated into the Agreement in its entirety. In the event of a conflict between the Agreement and the California Data Exhibit, the California Data Exhibit will control to the extent applicable to the California Personal Data.
Governing law and jurisdiction
12.1. Without prejudice to clauses 17 and 18 of the Standard Contractual Clauses and/or equivalent provision(s) in the UK DTA:
Order of precedence
12.2. Nothing in this Addendum reduces Nerdio’s obligations under the Agreement in relation to the protection of Personal Data or permits Nerdio to Process (or permit the Processing of) Personal Data in a manner which is prohibited by the Agreement.
12.3. Subject to section 12.2, with regard to the subject matter of this Addendum, in the event of inconsistencies between the provisions of this Addendum and any other agreements between the parties, including the Agreement and including (except where explicitly agreed otherwise in writing, signed on behalf of the parties) agreements entered into or purported to be entered into after the date of this Addendum, the provisions of this Addendum will prevail.
Miscellaneous.
12.4. Customer may:
12.5. If Customer gives notice under section 12.4.1:
12.6. If Customer gives notice under section 12.4.2, the parties will promptly discuss the proposed variations and negotiate in good faith with a view to agreeing and implementing those or alternative variations designed to address the requirements identified in Customer’s notice as soon as is reasonably practicable.
12.7. Should any provision of this Addendum be invalid or unenforceable, then the remainder of this Addendum will remain valid and in force. The invalid or unenforceable provision will be either (i) amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.
12.8. Customer represents, warrants, and covenants that: (i) it has (and will have) Processed, collected, and disclosed all Customer Personal Data and California Personal Data (collectively, “Processed Personal Data”) in compliance with applicable law and provided any notice and obtained all consents and rights required by applicable law to enable Nerdio to lawfully Process Processed Personal Data as permitted by the Agreement and/or this Addendum; (ii) it has (and will continue to have) full right and authority to make the Processed Personal Data available to Nerdio under the Agreement and this Addendum; and (iii) Nerdio’s Processing of the Processed Personal Data in accordance with the Agreement, this Addendum, and/or Customer’s instructions does and will not infringe upon or violate any applicable law or any rights of any third party. Customer shall indemnify, defend and hold Nerdio harmless against any claims, actions, proceedings, expenses, damages and liabilities (including without limitation any governmental investigations, complaints and actions) and reasonable attorneys’ fees arising out of Customer’s violation of this section 12.8. Notwithstanding anything to the contrary in the Agreement, Customer’s indemnification obligations under this section 12.8 shall not be subject to any limitations of liability set forth in the Agreement.
12.9. Notwithstanding anything to the contrary in the Agreement (including this Addendum), Customer acknowledges that Nerdio shall have a right to use and disclose data relating to the operation, support and/or use of the Services for its legitimate business purposes, such as product development and sales and marketing. To the extent any such data is considered personal data (as defined in, and regulated by the Data Protection Laws), then, to the extent Nerdio is subject to the Data Protection Laws as a Controller, Nerdio is the Controller of such data and accordingly shall Process such data in accordance with the Data Protection Laws. To the extent any such data is considered personal information (as defined in, and regulated by, the CCPA), then, to the extent Nerdio is subject to the CCPA as a business (as defined in the CCPA), Nerdio is the business (as defined in the CCPA) with respect to such data and accordingly shall Process such data in accordance with the CCPA.
This Exhibit A includes certain details of the Processing of Customer Personal Data as required by Article 28(3) GDPR (and, possibly, equivalent requirements of other Data Protection Laws).
Subject matter and duration of the Processing of Customer Personal Data
The subject matter of the Processing of the Customer Personal Data are set out in the Agreement and this Addendum. The duration of the Processing shall continue as long as Nerdio carries out Customer Personal Data Processing operations on behalf of Customer or until the termination of the Agreement (and all Customer Personal Data has been returned or deleted in accordance with this Addendum).
The nature and purpose of the Processing of Customer Personal Data
The nature of the processing is such that the Customer Personal Data will be subject to basic Processing, including but not limited to collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction for the purpose of providing the Services by Nerdio to Customer in accordance with the terms of the Agreement.
The types of Customer Personal Data to be Processed
The categories of Personal Data included within the Customer Personal Data to which Customer provides Nerdio access.
The categories of Data Subject to whom the Customer Personal Data relates
Individuals whose Personal Data is included within the Customer Personal Data uploaded to the Services by or behalf of Customer.
The obligations and rights of Customer
The obligations and rights of Customer are set out in the Agreement and this Addendum.
(a) For the purposes of the Controller to Processor Standard Contractual Clauses:
(1) Clause 7. The parties agree that the optional language in Clause 7 is included.
(2) Clause 9(a). The parties agree that under Option 2, Nerdio has Customer’s general authorization to subcontract its processing activities to the list of sub-processors set out in section (a)(11)(i). Nerdio will inform Customer in writing of any intended changes to the list of sub-processors set out in section (a)(11)(i) at least 10 days prior to engaging with any other sub-processor.
(3) Clause 11. The parties agree that the optional language in Clause 11 is excluded.
(4) Clause 13. The parties agree that the brackets are removed in the provisions in Clause 13(a) such that the appropriate provision will apply as applicable.
(5) Clause 17. Option 1 shall apply and the Controller to Processor Standard Contractual Clauses shall be governed by the laws of Ireland.
(6) Clause 18. The parties agree that any dispute arising from the Controller to Processor Standard Contractual Clauses shall be resolved by the courts of Ireland.
(7) Annex I.A.
i. The name and address of Customer, and the name, position, and contact details of the contact person of Customer (which is the data exporter) are as set forth in the Agreement.
ii. The name and address of Nerdio, and the name, position, and contact details of the contact person of Nerdio (which is the data importer) are as follows:
iii. The activities relevant to the data transferred are the provision and receipt of the Services as described in the Agreement.
iv. The signature and date are the signature and date set forth in the Agreement.
v. The roles of the parties are as follows: Nerdio is a processor and Customer is a controller.
(8) Annex I.B.
i. The categories of data subjects are individuals whose personal data is included within the Customer Personal Data uploaded to the Services by or behalf of Customer.
ii. The categories of personal data transferred are the categories of personal data included within the Customer Personal Data uploaded to the Services by or behalf of Customer.
iii. The categories of sensitive data transferred are the categories of sensitive data included within the Customer Personal Data uploaded to the Services by or behalf of Customer.
iv. The frequency of the transfer shall be on a continuous basis.
v. The nature of the processing is such that the personal data will be subject to basic processing, including but not limited to collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction for the purpose of providing the Services by data importer to the data exporter in accordance with the terms of the Agreement.
vi. The purpose of the data transfer and further processing is provision of the Services by data importer to data exporter.
vii. The duration of the processing under these Controller to Processor Standard Contractual Clauses shall continue as long as data importer carries out personal data processing operations on behalf of data exporter or until the termination of the Agreement (and all personal data has been returned or deleted in accordance with these Controller to Processor Standard Contractual Clauses).
viii. For transfers to sub-processors, personal data will be transferred to sub-processors in order for the data importer to provide the Services to the data exporter. The nature of the processing by such sub-processors will be as follows: the personal data will be subject to basic processing, which may include without limitation collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction for the purpose of providing the Services to the data exporter in accordance with the terms of the Agreement. The duration of the processing by such sub-processors shall continue as long as such sub-processors carry out personal data processing operations on behalf of the data importer.
(9) Annex I.C.
i. The data exporter’s competent supervisory authority will be determined by the GDPR.
(10) Annex II.
i. The data importer employs a number of technical and organizational measures as further specified in _N/A___. Taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Nerdio shall implement commercially reasonable technical and organizational measures with respect to Customer Personal Data intended to meet the security requirements under Applicable Laws
(11) Annex III.
i. Customer hereby authorizes the use of the following sub-processors:
(a) For the purposes of the Processor to Processor Standard Contractual Clauses:
(1) Clause 7. The parties agree that the optional language in Clause 7 is included.
(2) Clause 9(a). The parties agree that under Option 2, Nerdio has Customer’s general authorization to subcontract its processing activities to the list of sub-processors set out in section (a)(11)(i). Nerdio will inform Customer in writing of any intended changes to the list of sub-processors set out in section (a)(11)(i) at least 10 days prior to engaging with any other sub-processor.
(3) Clause 11. The parties agree that the optional language in Clause 11 is excluded.
(4) Clause 13. The parties agree that the brackets are removed in the provisions in Clause 13(a) such that the appropriate provision will apply as applicable.
(5) Clause 17. Option 1 shall apply and the Processor to Processor Standard Contractual Clauses shall be governed by the laws of Ireland.
(6) Clause 18. The parties agree that any dispute arising from the Processor to Processor Standard Contractual Clauses shall be resolved by the courts of Ireland.
(7) Annex I.A.
i. The name and address of Customer, and the name, position, and contact details of the contact person of Customer (which is the data exporter) are as set forth in the Agreement.
ii. The name and address of Nerdio, and the name, position, and contact details of the contact person of Nerdio (which is the data importer) are as set forth in Exhibit B, Section (a)(7)(ii).
iii. The activities relevant to the data transferred are the provision and receipt of the Services as described in the Agreement.
iv. The signature and date are the signature and date set forth in the Agreement.
v. The roles of the parties are as follows: Nerdio is a processor and Customer is a processor.
(8) Annex I.B.
i. The categories of data subjects are individuals whose personal data is included within the Customer Personal Data uploaded to the Services by or behalf of Customer.
ii. The categories of personal data transferred are the categories of personal data included within the Customer Personal Data uploaded to the Services by or behalf of Customer.
iii. The categories of sensitive data transferred are the categories of sensitive data included within the Customer Personal Data uploaded to the Services by or behalf of Customer.
iv. The frequency of the transfer shall be on a continuous basis.
v. The nature of the processing is such that the personal data will be subject to basic processing, including but not limited to collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction for the purpose of providing the Services by data importer to the data exporter in accordance with the terms of the Agreement.
vi. The purpose of the data transfer and further processing is provision of the Services by data importer to data exporter.
vii. The duration of the processing under these Processor to Processor Standard Contractual Clauses shall continue as long as data importer carries out personal data processing operations on behalf of data exporter or until the termination of the Agreement (and all personal data has been returned or deleted in accordance with these Processor to Processor Standard Contractual Clauses).
viii. For transfers to sub-processors, personal data will be transferred to sub-processors in order for the data importer to provide the Services to the data exporter. The nature of the processing by such sub-processors will be as follows: the personal data will be subject to basic processing, which may include without limitation collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction for the purpose of providing the Services to the data exporter in accordance with the terms of the Agreement. The duration of the processing by such sub-processors shall continue as long as such sub-processors carry out personal data processing operations on behalf of the data importer.
(9) Annex I.C.
i. The data exporter’s competent supervisory authority will be determined in accordance with the GDPR.
(10) Annex II.
i. Section (a)(10)(i) of Exhibit B is incorporated herein by reference.
(11) Annex III.
i. Section (a)(11)(i) of Exhibit B is incorporated herein by reference.
(a) For the purposes of the UK DTA:
(1) For the purposes of Table 1 of the UK DTA, the start date shall be the later of the DPA Date or the date the Agreement is entered into by the parties, and the names of the parties, their roles and their details shall be as set out in Exhibit B section (a)(7) and Exhibit C section (a)(7), respectively;
(2) For the purposes of Tables 2 and 3 of the UK DTA, the Controller to Processor Standard Contractual Clauses and the Processor to Processor Standard Contractual Clauses, including the information set out in Exhibit B section (a)(8), (10), and (11)(i) and Exhibit C section (a)(8), (10), and (11)(i), respectively, shall apply; and
(3) For the purposes of Table 4 of the UK DTA, either party may end the UK DTA.
a. In this Exhibit E, the following terms have the meanings given in the CCPA: “business purpose”, “personal information”, “processing”, “service provider”, “contractor”, “person”, “share”, “sharing”, “shared”, “sell”, “selling”, “sale” and “sold”.
b. Except as otherwise required by applicable law or as otherwise permitted by the CCPA, Nerdio shall:
i. not sell or share California Personal Data;
ii. not retain, use, or disclose California Personal Data for any purpose other than for the business purposes of providing the Services specified in the Agreement for the Customer, nor retain, use, or disclose California Personal Data for a commercial purpose other than the business purposes specified in the Agreement, or as otherwise permitted by the CCPA;
iii. not retain, use, or disclose California Personal Data outside of the direct business relationship between the parties;
iv. not combine California Personal Data, which Nerdio receives pursuant to the Agreement or from or on behalf of Customer, with personal information which it receives from or on behalf of another person or persons, or collects from its own interaction with the individual to whom such California Personal Data relates, except as otherwise expressly permitted by the CCPA;
v. reasonably cooperate with Customer in responding to any requests from any individual regarding California Personal Data relating to such individual, including reasonably assisting Customer in deletion, correction, or limitation of the use of such California Personal Data where required under the CCPA, and including instructing Nerdio’s service providers and/or contractors (if any) to so reasonably cooperate in such response;
vi. reasonably assist Customer through appropriate technical and organizational measures in Customer’s complying with the requirements of subdivisions (d) to (f), inclusive, of section 1798.100 of the CCPA, taking into account the nature of the California Personal Data processing by Nerdio;
vii. implement and maintain commercially reasonable security procedures and practices appropriate to the nature of the California Personal Data intended to protect such California Personal Data from unauthorized access, destruction, use, modification, or disclosure;
viii. comply with all applicable obligations under the CCPA and provide the same level of privacy protection with respect to California Personal Data as required by the CCPA;
ix. notify Customer if Nerdio determines it can no longer meet its obligations under the CCPA; and
x. comply with section 1798.140(m) of the CCPA with respect to deidentified data (as defined in the CCPA) received by Nerdio from Customer.
To the extent Nerdio is a contractor, Nerdio certifies that Nerdio understands the restrictions provided in sections 2(b)(i), 2(b)(ii), 2(b)(iii), and 2(b)(iv) and will comply with them.
c. Nerdio acknowledges and agrees that the California Personal Data has been disclosed to it for the limited and specified purposes set forth in the Agreement and Nerdio further acknowledges and agrees Customer shall have the right: (i) to take reasonable and appropriate steps to ensure that Nerdio uses California Personal Data in a manner consistent with Customer’s obligations under the CCPA; and (ii) upon notice from Customer to Nerdio, to take reasonable and appropriate steps to stop and remediate unauthorized use of California Personal Data.
d. To the extent required by the CCPA and to the extent Nerdio is a contractor, Nerdio shall permit Customer to monitor Nerdio’s compliance with this Exhibit E by conducting audits in accordance with section 10 of this Addendum and including, but not limited to, ongoing manual reviews and automated scans, and regular assessments, audits, or other technical and operational testing.
e. If Nerdio engages any other person to assist Nerdio in processing California Personal Data for a business purpose on behalf of Customer, Nerdio shall notify Customer of such engagement, and the engagement shall be pursuant to a written contract binding the other person to observe substantially similar requirements to those set forth in this Exhibit E. Nerdio hereby notifies Customer that Nerdio may engage the persons listed in section (a)(11)(i) of Exhibit B to this Addendum to assist Nerdio in processing California Personal Data for a business purpose on behalf of Customer.
Structured Onboarding & Training
90-day onboarding support with structured methodology
Curated training plan for day-to-day operation of Nerdio
Unlimited self-paced learning via Learning Management System (LMS) and up to four (4) credits for the virtual instructor led training (VILT) sessions within the first 12-months (1 credit = a single session of up to 2 hours of VILT.)
Ongoing Enablement & Technical Support
Designated Technical Account Manager
Access to best practices
Quarterly Executive Business Reviews
Unlimited technical support and premium support SLAs (details below)
Enhanced Product Experience
Semi-annual product roadmap presentations
Product release reviews and technical working sessions
Access to new Nerdio features in preview or private beta based on eligibility
Premium Support / Service Level Agreement
As part of the Customer Success Package, Customer is being provided premium support by Nerdio. The following service levels and support components are effective as of the Effective Date:
Service Description
Nerdio agrees to provide 24×7 support for the software product, Nerdio Manager for Enterprise, hereinafter referred to as “Product”. For a detailed view of the support scope please refer to https://nerdio.co/nmescope . Support includes and is not limited to:
Service Level Objectives
Nerdio commits to the following Service Level Objectives
Prioritization
Service Reporting
Nerdio will provide quarterly performance reports to the Customer that includes and is not limited to:
Support and Escalation
Support issues specific to the Product will be addressed via ticketing (see above) at which time severity will be applied to the issue. Any issues specific to the Product or its delivery of features may be designated as a software defect. Remediation of those defect includes and is no limited to:
Severity 1 (Critical) – Critical Outage: Halts Operations with Financial Impact or relates to a high-risk security issue. No Workaround exists.
Severity 2 (High) – Production Impact: Service is highly degraded and impacts the ability for operations. No reasonable workaround exists.
Severity 3 (Medium) – System Impaired: Features or functionality are impaired, but users can still leverage the service.
Severity 4 (Low) – General Guidance: General usage or configuration questions. No business or production impact.
Product Update and Release Schedule
The Product updates and releases include and are not limited to:
Note: Hotfixes applicable between releases with the exception for 7 days prior to a scheduled* release. Any hotfix within that period will be included in the *scheduled release.
*Current schedule for minor release is 6 weeks
© Copyright Nerdio 2025. All Rights Reserved.