This Publisher Agreement (“Agreement”) is entered by and between you and the Publisher or entity that you represent (hereinafter referred to as “Publisher “, “You” or “Your”) along with its affiliates and our entity, details of which are incorporated in the respective Insertion Order along with its affiliates, group Companies (hereinafter referred to as “Company“)
Unless the context otherwise requires, this Agreement shall be construed as follows:
In this Agreement, each of the aforesaid shall be individually
referred to as a “Party” and collectively referred to as the
“Parties”.
The title of each paragraph is written only for the convenience of
reading and does not have any legal or contractual obligations.
Any reference to a "person" includes any natural person,
partnership, firm, governmental authority, joint venture,
association or other entity (whether or not having separate legal
personality).
The words “include” and “including” shall not be construed as
terms of limitation.
References to any statute or provision include a reference to that
statute or statutory provision as from time to time amended,
extended, re-enacted or consolidated and to all statutory
instruments made pursuant to it.
Words denoting the singular shall include the plural and vice
versa.
“Action” shall include any of the following: view, click, installation of any software or application, or any other action, as applicable and agreed upon between the Parties, provided the foregoing was performed by an actual end user in the normal course.
“Ads” or “Advertisements” shall mean any promotional content, in whatever format (including without limitation text, graphics, video, audio, rich media and links), provided by Company’s upstream advertisers (“Advertisers”) to be served through or displayed on the Property either owned by Publisher or for which Publisher is authorized in connection with the Service.
“Affiliate” means any entity that controls, is controlled by, or subject to common control with, a party. The term “control”, including the terms “controlling”, controlled by” and “under common control with”, means the possession, direct or indirect, of the power to direct or cause the direction of management and policies through the ownership of voting shares.
“Applicable Laws" means all applicable laws, codes, ordinances, orders, rules, and regulations of local, state, and federal governments and agencies , including without limitation the California Consumer Privacy Act and the General Data Protection Regulation of the European Union (GDPR).
“Approved Transactions” shall mean an Action, excluding any Action which: (i) resulted from or engaged with Fraudulent Activity, as determined by Company in its sole discretion; (ii) was performed by the Publisher’s employees, agents or contractors; or (iii) violates the Campaign Conditions.
“Campaign Conditions” means conditions and/or restrictions imposed by the Company or its Advertiser for the promotion and distribution of the Ads.
“Confidential Information” shall mean any non-public, proprietary,
confidential and/or trade secret information of a party hereof,
whether furnished before or after the Effective Date (as
hereinafter defined), and regardless of the manner in which it is
furnished, and which given the totality of the circumstances, a
reasonable person or entity should have reason to believe is
proprietary, confidential, or competitively sensitive, including,
without limitation, research and development, formulas,
programming, know-how, proprietary knowledge, technology and any
related documentation, engineering, production, operation and any
enhancements or modifications relating thereto, and other designs,
drawings, engineering notebooks, industrial models, software and
specifications, financial and marketing information, business
plans, business procedures, clients’ list, business partners or
other information disclosed by one of the parties hereto (the
“Disclosing Party“) to the other party (the “Receiving Party“)
either directly or indirectly in writing or orally . Confidential
Information shall not, however, include any information which: (i)
was known to the Receiving Party or in its possession at the time
of disclosure without any confidentiality obligation; (ii) becomes
publicly known and made generally available after disclosure by
the Disclosing Party to the Receiving Party through no action or
inaction of the Receiving Party; (iii) is independently developed
by the Receiving Party without reliance on or use of the
Confidential Information or any part thereof and the Receiving
Party can show written proof of such independent development; (iv)
is required to be disclosed by applicable law, regulatory
authority or a valid court order, provided that the Receiving
Party shall provide the Disclosing Party with reasonable prior
written notice of the required disclosure in order for the
Disclosing Party to obtain a protective order and the disclosure
shall be limited to the extent expressly required; (v) is approved
for release by prior written authorization of the Disclosing
Party; or (vi) the Receiving Party can demonstrate it was
disclosed by the third party without any obligations of
confidentiality. Company’s Confidential Information includes the
terms and pricing of this Agreement.
Effective Date- The Date as set forth in the IO or the date where
the Publisher starts to avail services of the Company.
“Fraudulent Activity” shall mean (a) the display, promotion, distribution or interaction with the Advertisements in any manner which engages with anything other than natural persons viewing actually displayed Advertisements in the normal course of using any device, including, without limitation, browsing through online, mobile or any other technology, as determined by Company in its sole discretion which may lead to falsely generated or artificially-inflated revenues; and/or (b) the automatic redirection of visitors, blind text links, misleading links, forced clicks, etc. from the Advertisements. Without limiting the foregoing, Fraudulent Activity shall include any of the following practices: (i) inclusion or counting of views or clicks: by a natural person who has been engaged for the purpose of viewing the Advertisements, whether exclusively or in conjunction with any other activities of that person (including, without limitation, employing any means to induce, encourage, incentivize or trick the end user into viewing or clicking on the Advertisements); and/or by non-human visitors (such as bots); and/or that are not actually visible to the human eye, discernible to human senses or perceived by a human being; (ii) masking or cloaking any URL, or employing any means to obscure the true source of traffic, or conceal conversions; (iii) generating automated, fraudulent or otherwise invalid impressions, inquiries, views, clicks or conversions, or artificially inflating impressions, inquiries, views, clicks, or conversions, or employing any misleading or practices (such as repeated manual clicks); (iv) Installing or transmitting Malicious Code.
“Malicious Code” shall mean viruses, worms, malware, spyware, adware, time bombs, Trojan horses, drive-by download applications or other harmful or malicious code, files, scripts, agents or programs, including code that: (i) is intended to or has the effect of misappropriating, hijacking, commandeering, or disrupting access to or use or operation of any information, device, hardware, system or network, or (ii) materially interferes with or disrupts the end users’ web or mobile navigation or intervenes with the end users’ control over the operating system, browser settings, browser functionality or webpage’s display.
“Objectionable Content” shall mean content that promotes or contains links to content that is (i) pornographic, sexually explicit or obscene, (ii) harassing, threatening, abusive, inflammatory or racist, (iii) illegal, contrary to public policy or that could facilitate the violation of any applicable law, regulation or government policy, (iv) libelous or defamatory, (v) is misleading or deceptive; (vi) violates the Proprietary Rights, or the privacy, publicity, moral or any other right of any third party; (vii) offers or disseminates any counterfeit or fraudulent goods, or services, schemes, investment opportunities or promotions or advice not permitted by law; (viii) promotes the use of drugs or drug paraphernalia, illegal substances or dangerous products; (ix) promotes online gambling, or (x) harmful to Company’s or any other party’s systems and networks, or includes Malicious Code.
“Proprietary Rights” shall mean all intellectual property rights, including, without limitation: (a) all inventions, whether patentable or not, all improvements thereto and derivatives thereof, and all patents and patent applications; (b) all registered and unregistered: marks, trademarks, service marks, trade names, trade dress and associated logos, domain names and registrations and applications for registration thereof; (c) all copyrights in copyrightable works, all other rights of authorship, including without limitation moral rights, and all applications and registrations in connection therewith; (d) all trade secrets and Confidential Information; (e) all rights in databases and data compilations, whether or not copyrightable; and (f) all copies and tangible embodiments of any or all of the foregoing (in whatever form, including electronic media).
Subject to the Publisher’s compliance with the terms hereof, during the Term, Company hereby grants the Publisher a limited, worldwide, non-sublicensable, non-transferable, royalty-free, non-exclusive, revocable license to use the services solely for the purpose of serving Ads through Company collectively, the "Service".
Except as set forth expressly herein or as permitted by the Service, Publisher shall not, and shall not permit any third party, to (a) copy, decompile, disassemble, adapt, translate, create derivatives works of, reverse engineer or attempt to find the underlying code of, the Service ; (b) modify the Service, or insert any code or product, or in any other way manipulate the Service in any way; (c) modify the Services in any way without Company’s prior written consent, (d) sublicense, sell, rent, lease or distribute the Services or bypass any security measure of Company with respect to the Service, (e) distribute the Services on a stand-alone basis, (f) use the Services to create (or facilitate the creation of) any product or service that is competitive with the Service; (g) alter, modify, crop or create derivatives works of the Ads, or any other creative and substantive materials, in whatever format, provided by Company or its Advertisers for the purpose of the delivery of the Ads (“Creative”); or (h) use the Service except for Publisher’s own internal purposes. Publisher releases Company from and waives any and all claims and/or demands against Company in connection with all aspects of the Creative.
To the extent any of the restrictions set forth above are not enforceable under applicable law, Publisher shall inform the Company in writing prior to engaging in any of the applicable activities.
Publisher may not use robots, spiders, scraping or other technology to access or use the Service to obtain any information beyond what Company provides to Publisher under the Agreement.
Publisher may not use the Service to syndicate, mediate or broker campaigns or the distribution of Ads through other third parties or affiliates, without the express written approval of Company. Publisher shall make available to Company, upon request, with any information relating to the Property and any campaign and shall ensure that the distribution or promotion of the Ads is in compliance with the Campaign Conditions.
The Company reserves the right to terminate this agreement with immediate effect in event the Publisher is found to be in breach of its obligations under this clause. Publisher agrees to indemnify the Company of any losses, damages or claims which the Company incurs due to the Publisher’s breach of this clause.
Mutual Warranties. Each Party represents and warrants that:
it is duly organized under applicable law and has sufficient
authority to enter into this Agreement and that, the execution and
performance under this Agreement does not conflict with any
contractual obligations such party has to any third party.
Company Warranties. Company represents and warrants that the
Service:
does not, to the best of its knowledge, infringe the intellectual
property rights of any third party.
comply with all applicable law and regulations (provided, that
with respect to data provided by Publisher to Company, Company’s
compliance with applicable law is subject to Publisher’s full
compliance with applicable law with respect to such data,
including its transfer to, and processing by, Company)
does
not to the best of its knowledge contain any Malicious Code.
The Company reserves the right, in its sole discretion and without liability, to reject or remove any Ads or Creative from the Service. Publisher acknowledges that any campaign may be terminated or suspended, whether by Company or its Advertisers, at any time and without notice to Publisher. Publisher hereby acknowledges that Company is providing the Service as an intermediary between Advertisers and Publisher and as such Company shall not be held responsible or liable for any actions or omissions performed or omitted by any third parties (including with respect to the content of the Creative or Ads).
Publisher Warranties. Publisher represents and warrants that its
property:
does not infringe the intellectual property rights of any third
party,
does not contain any Objectionable Content, and is not directed to
or primarily appeals to children under the age of 13,
complies with all applicable laws and regulations, including
applicable data protection laws,
does not collect, use or transfer the data of end users in any
manner not clearly and accurately disclosed pursuant to a privacy
policy that complies with applicable law and regulations, and
does not contain any Malicious Code.
Does not employ improper ways and means to deliver Objectives
(Clicks, Installs, Activations or Impressions) using either manual
cheats, specialized programs, code/s, script/s, bot/s, Trojan/s,
emulator/s, or other fraudulent methods. The Publisher shall not
deliver Objectives by auto initiation of Video Views, Page Visits,
Clicks, Activations and Installs and that these must be result of
user-initiated action. Publisher acknowledges that if Publisher
uses any of the above-mentioned improper ways and means to deliver
any Objectives then Company has the right to reject all payments
where such improper ways and means are detected and/or reasonably
suspected and has the sole right to terminate any outstanding
order.
Publisher shall have all right, title and interest in its
Property. Company retains all right, title and interest in the
Proprietary Rights in the Service, as well as any derivative
therefrom. If Publisher provides Company with any feedback
regarding the Service, Company may use all such feedback without
restriction. Nothing herein shall be interpreted to provide
Publisher any rights in the Service except the limited right to
use and receive the Services as set forth herein. The Company or
its Advertiser shall own all the rights, title and interests in
the Creative or the Advertisement supplied to the Publisher or
created by the Publisher for the purpose of this Agreement.
Nothing in this Agreement shall be construed as providing the
Publisher a right to use any of Company or its affiliates trade
names, trademarks, service marks, logos, or other distinctive
brand features. Company reserves all rights in the Services not
expressly licensed above. You agree that your use of any
components of the Services that are licensed under an open-source
software license are subject to and governed solely by the terms
of the applicable license(s) for that software, and not by this
Agreement.
Subject to the terms herein, the Company shall make payments to
the Publisher subject to the terms communicated to the Publisher,
solely in consideration for Approved Transactions. The payments
due to Publisher (“Consideration “) shall be solely calculated and
based on Company’s tracking systems and/or reports, which shall be
considered final and binding, and no other measurements or
statistics of any kind shall be accepted or have any effect.
Company shall make available to Publisher such reports on a
monthly basis.
If no discrepancy is reported to Company by Publisher within seven
(7) calendar days from the date of receipt of campaign reports,
the numbers will be considered as correct and final. Any
discrepancy reported within 7 days as mentioned above is subject
to be negotiated with evidence by both Parties.
Notwithstanding anything to the contrary, Considerations shall be
made solely for Approved Transactions, and Company shall not be
obligated to remit Considerations, and shall be entitled to
withhold Considerations or demand a refund (in the event
Consideration were already paid) (a) in connection with payments
that were not fully remitted to Company from its Advertisers, or
approved by its Advertisers (b) if determined by Company, at its
sole discretion, that Publisher has engaged in Fraudulent
Activity, was in breach of this Agreement or that Consideration
were paid for Approved Transactions that are later determined to
have not met the requirements set forth herein to be an Approved
Transaction.
Publisher is solely responsible for providing and maintaining
accurate contact and payment information associated with
Publisher’s account. Any bank fees and other commissions incurred
by Company due to any error or omission of contact or payment
information may be deducted by Company from any Consideration due
to Publisher. It is hereby clarified that Publisher shall not be
entitled to receive any additional payment except for the
Consideration agreed upon by Company and as communicated to
Publisher.
The company reserves the right to deduct, set off, claw back or
charge back any amounts Publisher may owe to Company against any
amounts payable or otherwise owing to Publisher.
All payments due to Publisher under this Agreement will be
exclusive of taxes, duties, levies, tariffs, and other
governmental charges (including, without limitation, VAT, if
applicable) (collectively, “Taxes “). Publisher will be
responsible for payment of all Taxes and any related interest and
penalties resulting from any payments made hereunder, other than
any taxes based on Company’s net income. Company may be obligated
by law to obtain tax information from Publisher and payments to
Publisher may be withheld until Publisher provide this information
or otherwise satisfy Company that Publisher is not an entity from
whom Company is required to obtain tax information or Also, if
required by applicable law, payments may be subject to tax
withholding.
All Consideration shall be remitted to Publisher in USD within net
sixty (60) days from the date of receipt of undisputed invoice and
subject to its approval by Company, whether by wire transfer (or
similar service) to the account specified by the Publisher . All
the fees and/or commissions related to the payment shall be at the
exclusive charge of Publisher.
The Service enables the Publisher to collect and track data
concerning the characteristics and activities of Property’s end
users as long as the Services are used, including Data pertaining
to end users or their devices, whether identifiable or not
(“Data”), pursuant to the existing device permissions.
Publisher represents and warrants that: (a) Publisher is permitted
to collect, use and transfer Data through the Service; (b) it has
provided its end users with sufficient notice (including through
an adequate and accessible privacy policy) and obtained their
permissions, as required by applicable laws and regulations, as
well as any applicable mobile application marketplace’s policies
and requirements (such as Google Play or the App Store, as
applicable), in connection with the collection, use and disclosure
of Data through the use of the Service, including with respect to
the use of any technological methods for the purpose of collecting
such Data (such as cookies), including for the purpose of
displaying interest-based or targeted content: (c) it shall
collect, use or disclose Data in accordance with any applicable
laws and with its privacy policy.
Company may use the Data in accordance with applicable laws and
regulations, and with its own privacy policy, available at
Company’s website.
Publisher shall not provide to Company any data regarding children
under the age of 13, or any health, financial, or insurance data
or other data which may be considered as of sensitive nature.
By entering into the Agreement, Publisher hereby agrees to the
terms of the Data Protection Addendum, which is incorporated
herein by reference.
During the course of services, parties have or shall receive, or
access to records and information of confidential and proprietary
nature to Disclosing Party. The Receiving Party acknowledges and
agrees that such information is an asset of Disclosing Party, is
not generally known to the trade, is of a confidential nature and,
must be kept strictly confidential and used only in the
performance of Receiving Party duties under this Agreement. The
Receiving Party agrees that it will not use, disclose,
communicate, copy or permit the use or disclosure of any such
information to any third party in any manner whatsoever except for
the purpose of this agreement or as otherwise directed by written
consent of Disclosing Party. The Receiving Party shall disclose
only such information to employees who “need to know” the
Confidential Information in connection with the Agreement and only
after such employees have been informed of the confidential nature
of the information and have agreed to be bound by a similar
binding obligation of confidentiality and non-disclosure. The
Receiving Party further agrees that the Disclosing Party
Confidential Information shall remain the sole property of the
Disclosing Party. No license shall be granted by the Disclosing
Party to the Receiving Party with respect to Confidential
Information disclosed hereunder unless otherwise expressly
provided therein.
Upon termination of this Agreement or upon the request of
Disclosing Party, the Receiving Party shall return to Disclosing
Party all of the confidential information or destroy all of the
confidential information, and all copies or reproductions thereof,
which are in Receiving Party possession or control. The Receiving
Party shall provide the Disclosing Party with a written
certificate thereby certifying and informing the Disclosing Party
that all the confidential information, its copies and
reproductions thereof has been destroyed. If the Receiving Party
breaches any of its obligations with respect to confidentiality
and unauthorized use of the Disclosing Party’s Confidential
Information, Disclosing Party will be entitled to seek equitable
and injunctive relief to protect rights and interest as-well as
other remedies available to the Disclosing party under law and
equity. This section shall survive the expiry or termination of
this agreement for a period of 1 year post expiry or termination
of this agreement.
Company Indemnification. Company shall defend, indemnify and hold
harmless Publisher from and against any direct damages, costs,
losses, liabilities or expenses (including court costs and
reasonable attorneys’ legal fees; collectively “Damages “)) which
Publisher may suffer or incur in connection with any actual claim,
demand, action or other proceeding by any third party (“Claim “)
arising from: (a) any breach of Company’s obligations,
representations or warranties herein; or (b) a claim that the
underlying technology of the Services infringes the intellectual
property rights of a third party. Notwithstanding the foregoing,
Company shall have no responsibility or liability for any claim to
the extent resulting from or arising out of (a) the use of the
Service not in compliance with this Agreement or applicable law,
(b) the combination of the Service with any code or services not
provided by Company, (c) the modification of any Service by any
party other than Company or (d) the use of any Service that is not
the most up-to-date Service.
Publisher Indemnification. Publisher shall defend and indemnify
Company (and its affiliates, officers, directors and employees)
from and against any and all Damages which Company may suffer or
incur in connection with any Claim arising from: (a) any breach of
Publisher’s obligations, representations or warranties herein; or
(b) any use of the Service in violation of any applicable law or
regulations (c) gross negligence and willful conduct or fraud.
Procedure. The obligations of either Party to provide
indemnification under this Agreement will be contingent upon the
indemnified party (i) providing the indemnifying party with prompt
written notice of any claim for which indemnification is sought
(provided that the indemnified party’s failure to notify the
indemnifying party will not diminish the indemnifying party’s
obligations except to the extent that the indemnifying party is
materially prejudiced as a result of such failure), (ii)
cooperating fully with the indemnifying party (at the indemnifying
party’s expense), and (iii) allowing the indemnifying party to
control the defense and settlement of such claim, provided that no
settlement may be entered into without the consent of the
indemnified party if such settlement would require any action on
the part of the indemnified party other than to cease using any
allegedly infringing or illegal content or services. Subject to
the foregoing, an indemnified party will at all times have the
option to participate in any matter or litigation through counsel
of its own selection at its own expense.
Except as expressly provided herein, Publisher accepts the Service
on an “AS IS” and “AS AVAILABLE” basis and acknowledges that
Company makes no other warranty and disclaims all implied and
statutory warranties, including, but not limited to, any implied
warranty of merchantability, fitness for a particular purpose or
non-infringement.
Company does not guarantee that the Service will always be
complete, accurate, safe, secure, bug-free or error-free, or that
the foregoing will always function without disruptions, delays or
imperfections. Company may change, suspend or discontinue the
Service at any time, including the availability of any feature or
database, without notice or liability. In addition, Company may
impose limits on certain features and services or restrict the
Publisher’s access to the Service without notice or liability.
In no event shall the Company, its directors, officers, affiliates
or agents be liable for any consequential, indirect, special or
punitive damages, arising out of or relating to the Service or the
arrangements contemplated herein.
Except for intentional misconduct or gross negligence, Company’s
entire liability for the provision of the Service or under any
provision of this Agreement shall not exceed the amount of payment
received by Publisher from Company in the one (1) month preceding
the applicable claim.
The term of this Agreement shall commence on the Effective Date
and shall continue until terminated by either Party pursuant to
this Agreement (“Term “).
Either Party may terminate this Agreement at any time by providing
a prior written notice of 30 days to the other Party, without
liability to the other Party.
Upon any termination or expiration of this Agreement, Company will
cease providing the Service and all licenses and rights provided
herein shall be revoked. In the event of any termination (a) any
undisputed outstanding amounts of Approved Transactions will be
paid to Publisher within a net thirty (30) days period after such
termination; (b) any outstanding debit balance shall be paid by
Publisher within 30 business days after such termination.
Any obligations of the Parties that by their nature are intended
to survive the termination or expiration of this Agreement,
including the obligations of the Parties in Sections 3 – 9 and 12
– 14 of this Agreement, shall survive any termination thereof.
Either Party may terminate this Agreement immediately if the other
party materially breaches this Agreement and the non-breaching
party provides the breaching party with a written notice of the
breach, and the breaching party does not cure such breach within
15 days of the provision of such notice.
During the Term of this Agreement and for a period of one (1) year hereafter, Publisher shall not knowingly solicit, directly or through any third party, any Advertiser for whom it delivered service pursuant to the Company under this Agreement. The Publisher shall not encourage any such Advertiser to transfer from the Company services and work directly with the Publisher. Without prejudice to any other right of the Company according to this Agreement and the applicable law, in the event the Publisher directly solicits such Advertiser and/or causes them to work directly with itself, the Publisher shall pay Company 50% of the revenue what Company would have otherwise earned if the Publisher had not violated this provision. During the term of this agreement and for a period of 1 Year thereafter, Publisher shall not (either directly or indirectly through a Third Party) employ, solicit to employ, cause to be solicited for the purpose of employment, any employees of Company, or aid any third person to do so, without the specific written consent of Company.
Updates. If Company provides the Publisher with any upgrades,
patches, enhancements, or fixes for the Services (“Updates”), or
if Company notifies of such Updates through its Company or
integration section, then such Updates will become part of the
Services and subject to this Agreement. The Publisher is required
to use the most updated and current version of the Services .
Company shall have no obligation, however, under this Agreement to
provide any Updates or any other support to the Publisher for the
Services.
Modifications. The Company may modify or discontinue offering the
services, at any time and without notice to the Publisher. The
Company makes no guarantees with respect to the availability or
uptime of its Service; however, the Company shall use its
reasonable commercial efforts to ensure that the availability or
uptime of the Service shall meet industry standards. The Company
may change the method of access to the Service at any time. In the
event of degradation or instability of the Service or an
emergency, Company may, in its sole discretion, temporarily
suspend Publisher’s access to the Service.
Publicity. During the Term, Company may refer to Publisher as a
business partner of Company, including by displaying Publisher’s
name and logo on Company’s website and other marketing materials.
Export Controls. Publisher represents and warrants that it is not located in, under the control of, or a national or resident of any country to which the United States has embargoed goods or services; (ii) is not identified as a “Specially Designated National;” by the Office of Foreign Assets Control; (iii) is not placed on the U.S. Commerce Department’s Denied Persons List; and (iv) will not access or use any Service if any applicable laws in Publisher’s country prohibit Publisher from doing so in accordance with this Agreement.
Neither Party shall be (i) an entity or person, or owned or controlled by an entity or person, that (A) is currently the subject of any economic sanctions or restrictive measures administered or imposed by the Office of Foreign Assets Control of the U.S. Department of the Treasury, the U.S. Department of State, the U.S. Department of Commerce, the United Nations Security Council, the European Union, the United Kingdom, the United Arab Emirates, the Philippines or any other relevant authority (collectively, “Sanctions”) or (B) resides, is organized or chartered, or has a place of business in a country or territory that is currently the subject of Sanctions; or (ii) is engaging or will engage in any dealings or transactions prohibited by Sanctions or will directly or indirectly use the proceeds of any transactions contemplated hereunder, or lend, contribute or otherwise make available such proceeds to or for the benefit of any person or entity, for the purpose of financing or supporting, directly or indirectly, the activities of any person or entity that is currently the subject of Sanctions; or (iii) is violating or will violate any applicable anti-bribery and anti-corruption laws.
Entire Agreement. This Agreement and any amendments thereto, represent the entire and complete agreement between the Parties regarding the subject matter hereof and supersedes any and all other agreements between the Parties, whether written or oral, regarding the subject matter hereof. This Agreement may be executed in two or more counterparts, each of which shall be deemed an original, but all of which together shall constitute one and the same instrument. Either Party may enter into this Agreement by executing any such counterpart manually or electronically (such as Adobe Sign or DocuSign) and deliver the executed counterpart by facsimile or electronic means to the other Party. The receiving Party may rely on the receipt of such document so executed and delivered as if the original had been received. The Parties agree that this Agreement, if executed in accordance with this Clause, shall be deemed to be valid, accurate and authentic, and given the same effect as, a written and signed agreement between or amongst the Parties in hard copy.
Severability- If any provision of this Agreement is held by a
court of competent jurisdiction to be invalid, illegal, or
unenforceable, the remainder of this Agreement will remain in full
force and effect.
Relationship. No agency, partnership, joint venture, or employment
relationship is created as a result of this Agreement, and neither
Party has any authority of any kind to bind the other in any
respect. The parties will perform under this Agreement as
independent contractors. This Agreement does not create a joint
venture, partnership, or formal business organization of any kind.
This Agreement is binding upon, inures to the benefit of, and is
enforceable by the parties and their respective successors and
assigns.
Force Majeure. Either Party shall not be liable for any failure to perform its obligations hereunder where such failure results from any cause beyond its reasonable control, including, without limitation, epidemic, pandemic mechanical, electronic or communications failure or degradation. The parties agree to promptly notify the other of any force majeure event which impairs the ability of the affected party to perform its obligations under this Agreement. If such force majeure event continues for a period of more than 30 days from the date of notification of such event, either party has the right to terminate this agreement with no liability whatsoever.
No waiver. The failure of either Party to exercise any right provided for herein shall not be deemed a waiver of any further rights hereunder. All waivers must be in writing. A waiver of any default hereunder or of any of the terms and conditions of this Agreement shall not be deemed to be a continuing waiver or a waiver of any other default or of any other term or condition but shall apply solely to the instance to which such waiver is directed.
Notices. Publisher may provide Company with notices required
hereunder by contacting Company at any email address Company
provided, including in its registration information. All notices
under this Agreement must be delivered in writing by courier,
certified or registered mail (postage prepaid and return receipt
requested), or by email to the other party at the address set
forth in the Insertion Order.
Amendments. Company may revise this Agreement from time to time,
in its sole discretion, and the most current version will always
be posted on Company’s website (as reflected in the “Last Revised”
heading). By continuing to access or use the Service after any
revisions become effective, the Publisher agrees to be bound by
the revised Agreement.
Assignment. Publisher may not assign any of its rights or obligations under this Agreement without the prior written consent of Company, except in the event of an assignment by Publisher to a purchaser of all or substantially all of the Publisher’s assets or share capital, in which event the Publisher shall provide Company with written notice of the assignment. Assignment in violation of the foregoing shall be void.
Governing law. This Agreement shall be governed by the laws of Singapore, any dispute or claim arising out of or relating to this Agreement, or any breach thereof shall be solely settled by arbitration in Singapore in accordance with the Arbitration Rules of the Singapore International Arbitration Centre (“SIAC”) for the time being in force, which rules are deemed to be incorporated by reference in this Section. The arbitration tribunal shall consist of one (1) arbitrator to be appointed by the Chairman of SIAC. The language of the arbitration shall be English. Subject to the above, the courts in Singapore shall have exclusive jurisdiction.
This Data Processing Addendum (“DPA”) entered into between the Parties or Company Insertion Order and applicable terms and conditions (the “Agreement”). You acknowledge that you (collectively, “You”, "Your”, or “Data Controller”, “Business”, “Publisher”, “SSP”) have read and understood and agree to comply with this DPA, and are entering into a binding legal agreement with the Company (“Company”, “Data Processor”, “DSP”) to reflect the parties’ agreement with regard to the Processing of Personal Data. Both parties shall be referred to as the “Parties” and each, a “Party”.
WHEREAS, Company provides a platform which facilitates and optimizes Advertising campaigns for advertisers, as set forth in the Agreement for the Publisher to display on its property and/or its Business partners ’s property, the advertisement of Company or its advertisers to the end users (“End Users”); and
WHEREAS, Company may process Personal Data on Your behalf, in the capacity of a Data Processor; and the Parties wish to set forth the arrangements concerning the Processing of Personal Data (as defined below) and agree to comply with the following provisions with respect to any Personal Data acting reasonably and in good faith.
NOW THEREFORE, in consideration of the mutual promises set forth herein and other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties, intending to be legally bound, agree as follows:
The headings contained in this DPA are for convenience only and
shall not be interpreted to limit or otherwise affect the
provisions of this DPA.
References to clauses or sections are references to the clauses or
sections of this DPA unless otherwise stated.
Words used in the singular include the plural and vice versa, as
the context may require.
Capitalized terms not defined herein shall have the meanings
assigned to such terms in the Agreement.
“Affiliate” means any entity that directly or indirectly controls,
is controlled by, or is under common control with the subject
entity. “Control”, for purposes of this definition, means direct
or indirect ownership or control of more than 50% of the voting
interests of the subject entity.
“Controller” or “Data Controller” or “Business” means the entity
which determines the nature purposes and means and the types of
targeted individuals of the Processing of Personal Data. For the
purposes of this DPA only, and except where indicated otherwise,
the term "Data Controller" shall include the Organization and/or
the Organization’s Authorized Affiliates.
“CCPA” means the California Consumers Privacy Act of 2018, and its
modifications, amendments and regulations, including the
California Privacy Rights Act of 2020.
“Data Protection Laws and Regulations” means the applicable laws
and regulations of the European Union, the European Economic Area
and their Member States, Switzerland, the United Kingdom and the
US, applicable to the Processing of Personal Data under the
Agreement.
“Data Subject” means the identified or identifiable person to whom
the Personal Data relates.
“GDPR” means the Regulation (EU) 2016/679 of the European
Parliament and of the Council of 27 April 2016 on the protection
of natural persons with regard to the processing of personal data
repealing Directive 95/46/EC (General Data Protection Regulation).
“Member State” means a country that belongs to the European Union
and/or the European Economic Area. “Union” means the European
Union.
“Personal Data” or “Personal Information” means any information
relating to an identified or identifiable natural person; an
identifiable natural person is one who can be identified, directly
or indirectly, in particular by reference to an identifier such as
a name, an identification number, location data, an online
identifier or to one or more factors specific to the physical,
physiological, genetic, mental, economic, cultural or social
identity of that natural person. For the avoidance of doubt,
Publisher’s business contact information is not by itself deemed
to be Personal Data.
“Process(ing)” means any operation or set of operations which is
performed upon Personal Data, whether or not by automatic means,
such as collection, recording, organization, structuring, storage,
adaptation or alteration, retrieval, consultation, use, disclosure
by transmission, dissemination or otherwise making available,
alignment or combination, restriction, erasure or destruction.
“Processor” or “Data Processor” or “Service Provider” means the
entity which Processes Personal Data on behalf of the Controller.
“Security Documentation” means the Security Documentation of
Company as stated in Annex -III.
“Standard Contractual Clauses” or “SCCs” means (i) the standard
contractual clauses for the transfer of Personal Data to Data
processors established in third countries which do not ensure an
adequate level of protection as set out in Regulation (EU)
2016/679 of the European Parliament and of the Council from June
4, 2021, as available here, as updated, amended, replaced or
superseded from time to time by the European Commission; or (ii)
where required from time to time by a supervisory authority for
use with respect to any specific restricted transfer, any other
set of contractual clauses or other similar mechanism approved by
such Supervisory Authority or by Applicable Laws for use in
respect of such Restricted Transfer, as updated, amended, replaced
or superseded from time to time by such Regulatory Authority or
Data Protection Laws and Regulations;
“Sub-processor” means any Processor engaged by Company and/or
Company Affiliate to Process Personal Data on behalf of
Publisher.
“Supervisory Authority” means an independent public authority
which is established by an EU Member State pursuant to the
GDPR.
“UK GDPR” means the Data Protection Act 2018, as updated, amended,
replaced or superseded from time to time by the ICO.
“UK
Standard Contractual Clauses” or “UK SCCs” means the standard
contractual clauses for the transfer of Personal Data to Data
processors established in third countries which do not ensure an
adequate level of protection as set out by the ICO, as available
here, as updated, amended, replaced or superseded from time to
time by the ICO.
The Parties acknowledge and agree that with regard to the Processing of Personal Data, the Publisher is the Controller of the Personal Data and Company is the Data processor of such Personal Data, except when the Publisher acts as a Data Processor of the Personal Data, in which case Company is a sub-processor. In no event will the Parties process Personal Data jointly as joint or separate Controllers. Notwithstanding anything to the contrary, if the SSP is the Party executing this DPA with Company, the SSP shall ensure that the applicable publisher and/or Property owner shall comply with all obligations imposed to Publishers, including, the publisher obligations detailed in Section 3.
Publisher shall, in its use of the Services, at all times (by itself and/or on behalf of the applicable publisher and/or owner of the Property) comply with any and all applicable laws, rules, regulations, platform policies, any applicable self-regulatory regimes and best industry standards, including, without limitation and as applicable: U.S. laws; the rules, codes and guidelines of the Digital Advertising Alliance; the Network Advertising Initiative; the Transparency and Consent Framework for Publishers (as amended from time to time) available at https://iabeurope.eu/tcf-for-publishers/; any platform restrictions such as the Apple Tracking Transparency Framework (or similar to this framework, for example, from Google); any and all applicable laws. Company does not have a direct relationship with any End User visiting the Property or viewing ads delivered to the Property, therefore, Publisher shall collect and Process Personal Data in accordance with the requirements of Data Protection Laws and Regulations and comply at all times with the obligations, including, without limitation, the obligations applicable to Data Controllers. Publisher agrees that it is responsible and shall be fully liable at all times for providing any and all required notices, disclosures and obtaining any and all End Users consents required by Data Protection Laws and Regulations (or any other applicable and lawful legal basis) on behalf of itself, Company and all applicable advertisers, with respect to processing Personal Data, location data, user device identification and/or any other information of the End Users. Publisher represents and warrants that it shall, at all times maintain and make operational on Property a mechanism for obtaining and recording consent and that enables consent to be withdrawn, in accordance with applicable Data Protection Laws and regulations.
Without derogating from the Publisher's responsibilities set out
in this Section 3, Publisher shall display on the applicable
Property a link to an accessible privacy policy that will provide
the End Users with all disclosures required by applicable privacy,
spam, marketing and/or advertisement Data Protection Laws and
Regulations of the jurisdiction in which such End Users reside,
including, without limitation: (i) data collection practices,
purposes, processing activities, usage or any other detail
required by applicable Data Protection Laws and Regulations such
as the collection of the IP addresses and/or the ID
Advertisement); (ii) expressly identifying that the Publisher uses
third-party partners to serve ads and collect, for such purpose,
End User Personal Data; and (iii) to the extent required by Data
Protection Laws and Regulations, full and complete details of the
Publisher, Company, the relevant advertisers and any other
relevant third party.
For the avoidance of doubt, Publisher’s instructions for the
Processing of Personal Data shall comply with Data Protection Laws
and Regulations. Publisher shall have sole responsibility for the
means by which Publisher acquired, collected, Processes and shares
Personal Data. Without limitation, Publisher shall comply with any
and all transparency-related obligations (including, without
limitation, displaying any and all relevant and required privacy
notices or policies) and shall at all times have any and all
required ongoing legal bases in order to collect, Process and
transfer to Company the Personal Data and to authorize the
Processing by Company of the Personal Data.
Publisher shall, at all times, comply with Data Protection Laws
and Regulations and respect all End User - or device - based
privacy choices, including, without limitation, those limiting ad
tracking, age (e.g., children data), geolocation data, targeting
and re-targeting practices, and etc. Whether Publisher receives
any complaint, claim or other request from the End User regarding
the Processing of the End User’s Personal Data, Publisher agrees
to fulfill such request without undue delay. Where needed,
Publisher shall notify Company of the necessary assistance and in
such case, insofar as possible, Company agrees to assist Publisher
with the fulfillment of relevant End User’s requests.
If Publisher is unable to comply with its consent and notice
obligations or any other obligation with respect to Personal Data,
including, as described in this Section 3, Publisher shall
promptly notify Company. Publisher shall defend, hold harmless and
indemnify Company, its Affiliates and subsidiaries (including
without limitation their directors, officers, agents,
subcontractors and/or employees) from and against liability of any
kind related to breach, violation or infringement by Publisher
and/or its authorized users of any Data Protection Laws and
Regulations and/or this DPA and/or this Section 3.
Subject to the Agreement, Company shall Process Personal Data in
accordance with Publisher’s documented instructions as necessary
for the following purposes: (i) Processing in accordance with this
DPA and the Agreement and Data Protection Laws and Regulations;
(ii) Processing to comply with other documented reasonable
instructions provided by Publisher (e.g., via email) where such
instructions are consistent with the terms of the Agreement; and
(iii) Processing when required by Union or Member State law or any
other applicable law to which Company is or may, and its
Affiliates are or may, be subject to, in which case, Company shall
inform Publisher of the legal requirement before Processing,
unless that law prohibits such information on important grounds of
public interest.
To the extent that Company and its Affiliates cannot comply with a
request (including, without limitation, any instruction,
direction, code of conduct, certification, or change of any kind)
from the Publisher and/or its authorized users relating to
Processing of Personal Data or where Company considers such a
request to be unlawful, Company (i) shall inform Publisher,
providing relevant details of the problem (but not legal advice),
(ii) Company may, without any kind of liability towards Publisher,
temporarily cease all Processing of the affected Personal Data
(other than securely storing those data), and (iii) if the Parties
do not agree on a resolution to the issue in question and the
costs thereof, each Party may, as its sole remedy, terminate the
Agreement and this DPA and the Publisher will have no further
claims against Company due to the termination of the Agreement
and/or the DPA in the situation described in this paragraph.
Company will not be liable in the event of any claim brought by a third party, including, without limitation, a Data Subject, arising from any act or omission of Company, to the extent that such is a result of Publisher’s instructions.
The subject-matter, duration of the Processing, the nature and purpose of the Processing, as well as the types of Personal Data Processed and categories of Data Subjects under this DPA are further specified in Schedule 1 (Details of the Processing) to this DPA.
If Company receives a request from a Data Subject to exercise the Data Subject's right as described under Data Protection Laws and Regulations (“Data Subject Request”), Company shall, to the extent legally permitted and insofar as possible, notify and forward such Data Subject Request to Publisher. Taking into account the nature of the Processing, Company shall reasonably assist Publisher by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of Publisher’s obligation to respond to a Data Subject Request under Data Protection Laws and Regulations..
Company shall grant access to the Personal Data to persons under
its authority (including, without limitation, its personnel) only
on a need to know basis and ensure that such persons engaged in
the Processing of Personal Data have committed themselves to
confidentiality or are under an appropriate statutory obligation
of confidentiality.
Company may disclose and Process the Personal Data (a) as
permitted hereunder (b) to the extent required by a court of
competent jurisdiction or other Supervisory Authority and/or
otherwise as required by applicable laws or applicable Data
Protection Laws and Regulations (in such a case, Company shall
inform the Publisher of the legal requirement before the
disclosure, unless that law prohibits such information on
important grounds of public interest), or (c) on a “need-to-know”
basis under an obligation of confidentiality to legal counsel(s),
data protection advisor(s), accountant(s), investors or potential
acquirers.
The Publisher may email the Company to receive Company’s current
list of Sub-processors.
In case Company intends to add a Sub Processor, it shall notify
the Publisher and the Publisher may reasonably object to Company’s
use of a Sub-processor for reasons related to the GDPR by
notifying Company promptly in writing within three (3) business
days after receipt of Company’s notice and such written objection
shall include the reasons related to the GDPR for objecting to
Company’s use of such Sub-processor. Failure to object to such
Sub-processor in writing within three (3) business days following
Company’s notice shall be deemed as acceptance of the
Sub-Processor. In the event Publisher reasonably objects to a
Sub-processor, as permitted in the preceding sentences, Company
will use reasonable efforts to make available to Publisher a
change in the Sub-Processor. If Company is unable to make
available such change within a reasonable period of time, which
shall not exceed thirty (30) days, Publisher may, as a sole
remedy, terminate the applicable Agreement and this DPA by
providing written notice to Company; Until a decision is made
regarding the Sub-processor, Company may temporarily suspend the
Processing of the affected Personal Data. Publisher will have no
further claims against Company due to the termination of the
Agreement and/or the DPA in the situation described in this
paragraph.
This Section 7 shall not apply to subcontractors of Company which
provide ancillary support the performance of the DPA. This
includes, for example, telecommunication services, maintenance and
user service, cleaning staff, or auditors.
Taking into account the state of the art, the costs of
implementation, the scope, the context, the purposes of the
Processing as well as the risk of varying likelihood and severity
for the rights and freedoms of natural persons, Company shall
maintain all industry-standard technical and organizational
measures required pursuant to Article 32 of the GDPR for
protection of the security, confidentiality and integrity of
Personal Data, as set forth in the Security Documentation as
stated in Schedule 3 of this DPA which are hereby approved by
Publisher.
To the extent that Publisher cannot satisfy its audit requirements
by sending privacy and security questionnaires/assessments, at
Publisher’s cost and expense, and upon Publisher’s prior written
notice of 30 days to Company , and subject to confidentiality
obligations set forth in the Agreement and this DPA, Company shall
allow for and contribute to audits, including inspections of
Company, conducted by the controller or another auditor mandated
by the controller (who is not a direct or indirect competitor of
Company) provided that the parties shall agree on the scope,
methodology, timing and conditions of such audits and inspections.
Notwithstanding anything to the contrary, such audits and/or
inspections shall not contain any information, including without
limitation, personal data that does not belong to Publisher. The
audit right is conditioned upon providing 30 days prior notice of
the controller’s intention to audit. The right to Audit, at the
controller’s expense, shall take place during normal business
hours, and the Controller’s auditors shall take all reasonable
measures to prevent unnecessary disruption to the processor’s
operations. This audit right may be exercised up to once per year
and the Audit and the Auditor shall be bound by the
confidentiality obligations. The audit shall only be related to
the scope of the agreement and the DPA entered into between the
parties.
Company shall notify Publisher without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data, including Personal Data, transmitted, stored or otherwise Processed by Company (a “Personal Data Incident”). Company shall make reasonable efforts to identify the cause of such Personal Data Incident and take those steps as Company deems necessary, possible and reasonable in order to remediate the cause of such a Personal Data Incident to the extent the remediation is within Company’s reasonable control. The obligations herein shall not apply to incidents that are caused or attributable to the Publisher. In any event, Publisher will be the party responsible for notifying supervisory authorities and/or concerned data subjects (where required by Data Protection Laws and Regulations).
Subject to the Agreement, Company shall, delete the Personal Data after the end of the Services relating to Processing, and shall delete existing copies unless applicable law requires storage of the Personal Data. In any event, to the extent required or allowed by applicable law, Company may retain one copy of the Personal Data for evidence purposes and/or for the establishment, exercise or defense of legal claims and/or to comply with applicable laws and regulations. Company will retain the Personal Information described above for the life of an active campaign and for six (6) months thereafter, or until the Publisher instruct Company otherwise to delete such Personal Information, noting that Company will continue to retain the Personal Information for longer periods only to the extent required or allowed by applicable law or auditing requirements.
The Parties acknowledge and agree that, by executing the DPA, the
Publisher enters into the DPA on behalf of itself and, as
applicable, in the name and on behalf of its Authorized
Affiliates, thereby establishing a separate DPA with the Company.
Each Authorized Affiliate agrees to be bound by the obligations
under this DPA. All access to by Authorized Affiliates must comply
with the terms and conditions of the Agreement and this DPA and
any violation of the terms and conditions therein by an Authorized
Affiliate shall be deemed a violation by Publisher.
The Publisher shall remain responsible for coordinating all
communication with Company under the Agreement and this DPA and
shall be entitled to make and receive any communication in
relation to this DPA on behalf of its Authorized Affiliates.
Upon Publisher’s request, Company shall provide Publisher, at Publisher’s cost and expenses, with reasonable cooperation and assistance needed to fulfill Publisher’s obligation under the GDPR to carry out a data protection impact assessment, to the extent Publisher does not otherwise have access to the relevant information, and to the extent such information is available to Company. Company shall provide, at Publisher’s cost, reasonable assistance to Publisher in the cooperation or prior consultation with the Supervisory Authority, to the extent required under the GDPR.
Transfers to countries that offer adequate level of data
protection. Personal Data may be transferred from the EU Member
States, the three EEA member countries (Norway, Liechtenstein and
Iceland) (collectively, “EEA”) and the United Kingdom to countries
that offer adequate level of data protection under or pursuant to
the adequacy decisions published by the relevant data protection
authorities of the EEA, the Union, the Member States or the
European Commission (“Adequacy Decisions”), without any further
safeguard being necessary.
Transfers to other countries. If the Processing of Personal Data
includes transfers from the EEA to countries which do not offer
adequate level of data protection or which have not been subject
to an Adequacy Decision (“Other Countries”), the Parties shall
comply with the below terms shall apply:
With respect to the EU transfers of Personal Data, Publisher as a
Data Exporter (as defined in the SCCs) and Company on behalf of
itself and each Company’s Affiliate hereby enter into the Standard
Contractual Clauses (Module 2 Controller to Processor) set out in
Schedule-2. To the extent that there is any conflict or
inconsistency between the terms of the Standard Contractual
Clauses and the terms of this DPA, the terms of the Standard
Contractual Clauses shall take precedence.
With respect to the UK transfers of Personal Data (from the UK to
other countries which have not been subject to a relevant Adequacy
Decision), Publisher as a Data Exporter (as defined in the UK
SCCs) and Company on behalf of itself and each Company’s Affiliate
(as applicable) as a Data Importer (as defined in the UK SCCs),
hereby enter into the UK SCCs set out in Schedule 2.
This DPA shall automatically terminate upon the termination or expiration of the Agreement under which the Services are provided. Sections 3, 10 and 15 shall survive the termination or expiration of this DPA for any reason. This DPA cannot, in principle, be terminated separately to the Agreement, except where the Processing ends before the termination of the Agreement, in which case, this DPA shall automatically terminate.
14.1. To the extent that the Personal Data is subject to the CCPA,
Company shall not sell or share Publisher’s Personal Data. Company
acknowledges that when processing Personal Data in the context of
the provision of the Services, Publisher is not selling or sharing
Personal Data to Company.
Company is considered a Service Provider (as defined by CCPA), and
agrees not to retain, use or disclose Personal Data: (i) for any
purpose other than the Business Purpose (as defined below); (ii)
for no other commercial or Business Purpose; or (iii) outside the
direct business relationship between Company and Publisher.
Notwithstanding the foregoing, Company may use, disclose, or
retain Personal Data to: (i) transfer the Personal Data to other
Company’s entities (including, without limitation, affiliates and
subsidiaries), service providers, third parties and vendors,
availing Services from the Publisher; (ii) to comply with, or as
allowed by, applicable laws; (iii) to defend legal claims or
comply with a law enforcement investigation; (ii) for internal use
by Company or for any other purpose permitted under the CCPA;
(iii) to detect data security incidents, or protect against
fraudulent or illegal activity; and (iv) collect and analyse
anonymous information. Company shall use commercially reasonable
efforts to comply with its obligations under CCPA. If Company
becomes aware of any material and applicable requirement (to
Company as a service provider) under CCPA that Company cannot
comply with, Company shall use commercially reasonable efforts to
notify Publisher. Upon written Publisher’s notice, Company shall
use commercial reasonable and appropriate steps to stop and
remediate Company’s alleged unauthorized use of Personal Data;
provided that Publisher must explain and demonstrate in the
written notice which processing activity of Personal Data it
considers to be unauthorized and the applicable reasons. Company
shall use commercially reasonable efforts to enable Publisher to
comply with consumer requests made pursuant CCPA. Notwithstanding
anything to the contrary, Publisher shall be fully and solely
responsible for complying with its own requirements under CCPA.
14.2. In circumstances where Publisher provides the Services in a
way that causes Company to collect Personal Information subject to
the CCPA and/or any other applicable US laws, Publisher shall
provide the data subjects with all notices and disclosures as
required by the CCPA, including by clearly and conspicuously
posting a link to communicate to California residents that they
may opt out of any of their Personal Information (according to the
Publisher’s then-current applicable tools, at Publisher’s sole
election and responsibility, which enable California residents to
exercise their right of opting out of their Personal Information).
Publisher undertakes to immediately notify Company in writing when
and if Publisher receives from any California resident their
demand to opt out of the sale of their Personal Information,
In the event of any conflict between the provisions of this DPA and the provisions of the Agreement, the provisions of this DPA shall prevail over the conflicting provisions of the Agreement. Notwithstanding anything to the contrary in the Agreement and/or in any agreement between the parties and to the maximum extent permitted by law: (A) Company’s (including Company’s Affiliates’) entire, total and aggregate liability, related to personal data or information, privacy, or for breach of, this DPA and/or Data Protection Laws and Regulations, including, without limitation, if any, any indemnification obligation under the Agreement or applicable law regarding data protection or privacy, shall be limited to the amounts paid by Company under the Agreement within three (3) months preceding the event that gave rise to the claim. This limitation of liability is cumulative and not per incident; (B) In no event will Company and/or Company Affiliates and/or their third-party providers, be liable under, or otherwise in connection with this DPA for: (i) any indirect, exemplary, special, consequential, incidental or punitive damages; (ii) any loss of profits, business, or anticipated savings; (iii) any loss of, or damage to data, reputation, revenue or goodwill; and (C) The foregoing exclusions and limitations on liability set forth in this Section shall apply regardless of the form, theory or basis of liability (such as, but not limited to, breach of contract or tort).
This DPA may be amended at any time by a written instrument duly signed by each of the Parties.
Company may assign this DPA or its rights or obligations hereunder to any Affiliate thereof, or to a successor or any Affiliate thereof, in connection with a merger, consolidation or acquisition of all or substantially all of its shares, assets or business relating to this DPA or the Agreement. Any Company’s obligation hereunder may be performed (in whole or in part), and any Company right or remedy may be exercised (in whole or in part), by an Affiliate of Company.
The Parties represent and warrant that they each have the power to
enter into, execute, perform and be bound by this DPA.
You, as the signing person on behalf of Publisher, represent and
warrant that you have, or you were granted, full authority to bind
the Organization and, as applicable, its Authorized Affiliates to
this DPA. If you cannot, or do not have authority to, bind the
Organization and/or its Authorized Affiliates, you shall not
supply or provide Personal Data to Company.
By signing this DPA, Publisher enters into this DPA on behalf of
itself and, to the extent required or permitted under applicable
Data Protection Laws and Regulations, in the name and on behalf of
its Authorized Affiliates.
Governing Law and Jurisdiction- This DPA shall be governed by laws
and jurisdiction as stated in the Principle Agreement.
SCHEDULE 1 - DETAILS OF THE PROCESSING
SCHEDULE 2 – STANDARD CONTRACTUAL CLAUSES
Schedule-3- Technical and Organizational measures
Company will Process Personal Data as further instructed by
Publisher in its use of the Services.
Nature and Purpose of Processing
Performing the Agreement, this DPA and/or other contracts
executed by the Parties, .
For Company to comply with documented reasonable instructions
provided by Publisher where such instructions are consistent
with the terms of the Agreement or Data Protection Laws.
Duration of Processing
Subject to any Section of the DPA and/or the Agreement dealing
with the the consequences of the expiration or termination
thereof, Company will Process Personal Data for the duration of
the Agreement, unless otherwise agreed upon in writing.
Device Identifiers and type of application
IP Address, country/city
Advertising ID
IP address. And other non-Personal Information including:
Device make, model and operating system;
Device properties related to screen size & orientation, audio
volume and battery;
Carrier;
Operating system;
Name and properties of mobile application through which a
consumer interacts with the Services;
Country, time zone and locale settings (country and preferred
language);
Network connection type and speed;
Activity of a user on an application following installation; and
Internet browser user-agent used to access the Services.
In some limited circumstances Personal Data may also come from
others sources, for example, in the case of tracking vendors,
fraud detection or as required by applicable law..
End Users
The frequency of the transfer. Continuous basis
The period for which the personal data will be retained, or, if
that is not possible, the criteria used to determine that
period
As described in this DPA and/or the Agreement
For transfers to (sub-) processors, also specify subject matter,
nature and duration of the processing. The Publisher may email
the Company to receive Company’s current list of Sub-processors.
EU SCCs. If the Processing of Personal Data includes transfers
from the EEA to countries outside the EEA which do not offer
adequate level of data protection or which have not been subject
to an Adequacy Decision, the Parties shall comply with Chapter V
of the GDPR. The Parties hereby agree to execute the Standard
Contractual Clauses incorporated herein by reference as
follows:
a) The Standard Contractual Clauses Module-2
(Controller-to-Processor), will apply, with respect to restricted
transfers between Publisher and Company that are subject to the EU
GDPR.
b) The Parties agree that for the purpose of transfer of Personal
Data between Publisher (as Data Exporter) and Company (as Data
Importer), the following shall apply: (i) Clause 7 of the Standard
Contractual Clauses shall be applicable; (ii) In Clause 9, option
2 shall apply and the method described in Section 7 of the DPA
(Authorization Regarding Sub-Processors) shall apply; (iii) Clause
11 of the Standard Contractual Clauses shall be not applicable;
(iv) In Clause 13: The Data Protection Authority of Spain shall
act as the Supervisory authority; (v) In Clause 17, option 1 shall
apply. The Parties agree that the Standard Contractual Clauses
shall be governed by the laws of Spain; and (vi) In Clause 18(b)
the Parties choose the courts of Spain, as their choice of forum
and jurisdiction.
c) Annex I.A: With respect to Module Two: (i) Data Exporter is
Publisher as a data controller and (ii) the Data Importer is
Company as a data processor. Data Exporter and Data Importer
Contact details: As detailed in the Agreement.
Signature and Date: By entering into the Agreement and this DPA,
each Party is deemed to have signed these Standard Contractual
Clauses incorporated herein, including their Annexes, as of the
Effective Date of the DPA.
d) Annex I.B of the Standard Contractual Clauses shall be
completed as described in Schedule 1 (Details of the Processing)
of this DPA.
e) Annex I.C of the Standard Contractual Clauses shall be
completed as follows: The competent supervisory authority is the
Spain supervisory authority.
f) Annex II of the Standard Contractual Clauses shall be as
described and agreed between the parties in Schedule 3 of this
DPA.
g) Annex III of the Standard Contractual Clauses- The Publisher
may email the Company to receive Company’s current list of
Sub-processors.
UK SCCs. If the Processing of Personal Data includes transfers
from the UK to countries which do not offer adequate level of data
protection or which have not been subject to an Adequacy Decision,
the Parties shall comply with Article 45(1) of the UK GDPR and
Section 17A of the Data Protection Act 2018. The Parties hereby
agree to execute the International Data Transfer Addendum to the
EU Commission Standard Contractual Clauses as follows:
a) The UK Standard Contractual Clauses (Controller-to-Processor
and Processor to Processor) if applicable, will apply with respect
to restricted transfers between Publisher and Company that are
subject to the UK GDPR.
b) The Parties agree that for the purpose of transfer of Personal
Data between Publisher (as Data Exporter) and Company (as Data
Importer), the following shall apply: (i) Clause 7 of the Standard
Contractual Clauses shall be applicable; (ii) In Clause 9, option
2 shall apply and the method described in Section 7 of the DPA
(Authorization Regarding Sub-Processors) shall apply; (iii) Clause
11 of the Standard Contractual Clauses shall be not applicable;
(iv) In Clause 17, option 1 shall apply. The Parties agree that
the Standard Contractual Clauses shall be governed by the laws of
England and Wales; and (v) In Clause 18(b) the Parties choose the
courts of England and Wales. The Parties agree to submit
themselves to the jurisdiction of such courts, as their choice of
forum and jurisdiction.
c) Annex I.A: With respect to Module Two: Data Exporter is
Publisher as a data controller and the Data Importer is Company as
a data processor. With respect to Module Three: Data Exporter is
Publisher as a data processor and the Data Importer is Company as
a data processor (sub-processor).
Data Exporter and Data Importer Contact details: As detailed in
the Agreement.
Signature and Date: By entering into the Agreement and this DPA,
each Party is deemed to have signed these UK Standard Contractual
Clauses incorporated herein, including their Annexes, as of the
Effective Date of the DPA.
d) Annex I.B of the UK Standard Contractual Clauses shall be
completed as described in Schedule 1 (Details of the Processing)
of this DPA.
e) Annex I.C of the UK Standard Contractual Clauses shall be
completed as follows: The competent supervisory authority is the
ICO supervisory authority.
f) Annex II of the UK Standard Contractual Clauses shall be as
described and agreed between the parties in Schedule 3 of this
DPA.
Annex III of the UK Standard Contractual Clauses- The Publisher
may email the Company to receive Company’s current list of
Sub-processors.
This document describes technical and organizational security
measures and controls implemented by Company to protect Personal
Data and ensure the ongoing confidentiality and integrity.
The servers for the online and offline systems, databases, and data protection (backup) are run and maintained at Amazon Web Services (AWS)/ Google Cloud Services (GCP) in professional and secured data centers. The subcontractors are selected carefully and with respect to their security awareness and their expertise based on audits and certificates. Some of the relevant safeguards of the following checklist are not shown separately because it is the responsibility of subcontractors or is not published in detail for the sake of maintaining the security of confidentiality.
The access control to the server infrastructure occurs by the
security infrastructure of Amazon web services IAM security
policies and there through AWS ensured control system. During all
operations time, the entrance to Company premises is secured by a
personalized fingerprint detection system. Also, outside of the
times of business operation, the office entrance is permanently
and automatically monitored by cameras. In addition, the outer
doors of the building are closed mechanically. An access control
by key cards allow entrance to the building, while in the
reception area is manned during times of the business operations.
The entrance area is secured with optical space surveillance
(video).
Internet lines are secured with firewall and every computer runs
an anti-virus and malware detection system.
The unauthorized use of computer systems is prevented by:
Personal Computers:
Company uses Google GSuite as its office services tool and relies
on google security systems and password management via google
gsuite.
Each owner has his own passwords known only to him, which may not
be distributed. In case of any disclosure of one of the passwords,
it has to be changed immediately. The quality of passwords is
subject to defined requirements and is continuously checked. For
all activities related to the DP system, reports shall be created
automatically.
Password assignment,
Blocking multiple incorrect password attempts,
Multi-factor authentication if possible,
Use one-time passwords if possible.
Private/public key authentication as required by Amazon Web
Services VPN secured connections from outside of AWS premises.
Multi-tier provisioned personal private/public key authentication
for different users Access control and permissions per key –
managed in AWS Identity and Access Management system (IAM) The
restriction of access possibility of beneficiary for using a data
processing system exclusively on the data authorized for access is
controlled via AWS/ GCP Identity and Access Management system
(IAM).
The unauthorized reading, copying, modification, or removal of
data during transfer is prevented by SSL and SSH encryption of
data transmission, Completeness checks if relevant, and
Development of the transport connection is only between defined
and secured certificates of systems.
The data security from accidental loss or destruction is
guaranteed by:
Redundant data storage in AWS S3/ GCP Cloud Storage service,
timely data aggregations per days, weeks, and months periods,
Software exclusion: Breakdown of the servers for independent and
autonomous fulfillment of the tasks (shared-nothing between server
architecture), Multiple incremental data backup, Data backups with
a timetable which appropriately reflects data changes while using,
Multiple data nodes in a distributed data system and Data Base
redundancy via real-time replications, Additional measures of AWS/
GCP data integrity systems.
The separation rule according to the principle of earmarking
Personal data is permitted to be used only for the purpose for
which they were originally collected.
Data collected for different purposes can be processed separately
and is guaranteed by:
Software exclusion (client separation, multi-tenant
architecture)
The database principle, separation by access control Separation of
test and production data Separation of development and production
environment.