This Publisher Agreement ("Agreement") is entered by and between you and the Publisher or entity that you represent (hereinafter referred to as "Publisher ", "You" or "Your") along with its affiliates and our entity, details of which are incorporated in the respective Insertion Order along with its affiliates, group Companies (hereinafter referred to as "Company")
Unless the context otherwise requires, this Agreement shall be construed as follows:-
- In this Agreement, each of the aforesaid shall be individually referred to as a "Party" and collectively referred to as the "Parties".
- The title of each paragraph is written only for the convenience of reading and does not have any legal or contractual obligations.
- Any reference to a "person" includes any natural person, partnership, firm, governmental authority, joint venture, association, or other entity (whether or not having separate legal personality).
- The words "include" and "including" shall not be construed as terms of limitation.
- References to any statute or provision include a reference to that statute or statutory provision as from time to time amended, extended, re-enacted, or consolidated and to all statutory instruments made pursuant to it.
- Words denoting the singular shall include the plural and vice versa.
- 1.1. "Action" shall include any of the following: view, click, installation of any software or application, or any other action, as applicable and agreed upon between the Parties, provided the foregoing was performed by an actual end user in the normal course.
- 1.2. "Ads" or "Advertisements" shall mean any promotional content, in whatever format (including without limitation text, graphics, video, audio, rich media and links), provided by Company’s upstream advertisers ("Advertisers") to be served through or displayed on the Property either owned by Publisher or for which Publisher is authorized in connection with the Service.
- 1.3. "Affiliate" means any entity that controls, is controlled by, or subject to common control with, a party. The term "control", including the terms "controlling", controlled by" and "under common control with", means the possession, direct or indirect, of the power to direct or cause the direction of management and policies through the ownership of voting shares.
- 1.4. "Applicable Laws" means all applicable laws, codes, ordinances, orders, rules, and regulations of local, state, and federal governments and agencies, including without limitation the California Consumer Privacy Act and the General Data Protection Regulation of the European Union (GDPR).
- 1.5. "Approved Transactions" shall mean an Action, excluding any Action which: (i) resulted from or engaged with Fraudulent Activity, as determined by Company in its sole discretion; (ii) was performed by the Publisher’s employees, agents or contractors; or (iii) violates the Campaign Conditions.
- 1.6. "Campaign Conditions" means conditions and/or restrictions imposed by the Company or its Advertiser for the promotion and distribution of the Ads.
- 1.7. "Confidential Information" shall mean any non-public, proprietary, confidential and/or trade secret information of a party hereof, whether furnished before or after the Effective Date (as hereinafter defined), and regardless of the manner in which it is furnished, and which given the totality of the circumstances, a reasonable person or entity should have reason to believe is proprietary, confidential, or competitively sensitive, including, without limitation, research and development, formulas, programming, know-how, proprietary knowledge, technology and any related documentation, engineering, production, operation and any enhancements or modifications relating thereto, and other designs, drawings, engineering notebooks, industrial models, software and specifications, financial and marketing information, business plans, business procedures, clients’ list, business partners or other information disclosed by one of the parties hereto (the "Disclosing Party") to the other party (the "Receiving Party") either directly or indirectly in writing or orally. Confidential Information shall not, however, include any information which: (i) was known to the Receiving Party or in its possession at the time of disclosure without any confidentiality obligation; (ii) becomes publicly known and made generally available after disclosure by the Disclosing Party to the Receiving Party through no action or inaction of the Receiving Party; (iii) is independently developed by the Receiving Party without reliance on or use of the Confidential Information or any part thereof and the Receiving Party can show written proof of such independent development; (iv) is required to be disclosed by applicable law, regulatory authority or a valid court order, provided that the Receiving Party shall provide the Disclosing Party with reasonable prior written notice of the required disclosure in order for the Disclosing Party to obtain a protective order and the disclosure shall be limited to the extent expressly required; (v) is approved for release by prior written authorization of the Disclosing Party; or (vi) the Receiving Party can demonstrate it was disclosed by the third party without any obligations of confidentiality. Company’s Confidential Information includes the terms and pricing of this Agreement.
- 1.8. Effective Date- The Date as set forth in the IO or the date where the Publisher starts to avail services of the Company.
- 1.9. "Fraudulent Activity" shall mean (a) the display, promotion, distribution or interaction with the Advertisements in any manner which engages with anything other than natural persons viewing actually displayed Advertisements in the normal course of using any device, including, without limitation, browsing through online, mobile or any other technology, as determined by Company in its sole discretion which may lead to falsely generated or artificially-inflated revenues; and/or (b) the automatic redirection of visitors, blind text links, misleading links, forced clicks, etc. from the Advertisements. Without limiting the foregoing, Fraudulent Activity shall include any of the following practices: (i) inclusion or counting of views or clicks: by a natural person who has been engaged for the purpose of viewing the Advertisements, whether exclusively or in conjunction with any other activities of that person (including, without limitation, employing any means to induce, encourage, incentivize or trick the end user into viewing or clicking on the Advertisements); and/or by non-human visitors (such as bots); and/or that are not actually visible to the human eye, discernible to human senses or perceived by a human being; (ii) masking or cloaking any URL, or employing any means to obscure the true source of traffic, or conceal conversions; (iii) generating automated, fraudulent or otherwise invalid impressions, inquiries, views, clicks or conversions, or artificially inflating impressions, inquiries, views, clicks, or conversions, or employing any misleading or practices (such as repeated manual clicks); (iv) Installing or transmitting Malicious Code.
- 1.10. "Malicious Code" shall mean viruses, worms, malware, spyware, adware, time bombs, Trojan horses, drive-by download applications or other harmful or malicious code, files, scripts, agents or programs, including code that: (i) is intended to or has the effect of misappropriating, hijacking, commandeering, or disrupting access to or use or operation of any information, device, hardware, system or network, or (ii) materially interferes with or disrupts the end users’ web or mobile navigation or intervenes with the end users’ control over the operating system, browser settings, browser functionality or webpage’s display.
- 1.11. "Objectionable Content" shall mean content that promotes or contains links to content that is (i) pornographic, sexually explicit or obscene, (ii) harassing, threatening, abusive, inflammatory or racist, (iii) illegal, contrary to public policy or that could facilitate the violation of any applicable law, regulation or government policy, (iv) libelous or defamatory, (v) is misleading or deceptive; (vi) violates the Proprietary Rights, or the privacy, publicity, moral or any other right of any third party; (vii) offers or disseminates any counterfeit or fraudulent goods, or services, schemes, investment opportunities or promotions or advice not permitted by law; (viii) promotes the use of drugs or drug paraphernalia, illegal substances or dangerous products; (ix) promotes online gambling, or (x) harmful to Company’s or any other party’s systems and networks, or includes Malicious Code.
- 1.12. "Proprietary Rights" shall mean all intellectual property rights, including, without limitation: (a) all inventions, whether patentable or not, all improvements thereto and derivatives thereof, and all patents and patent applications; (b) all registered and unregistered: marks, trademarks, service marks, trade names, trade dress and associated logos, domain names and registrations and applications for registration thereof; (c) all copyrights in copyrightable works, all other rights of authorship, including without limitation moral rights, and all applications and registrations in connection therewith; (d) all trade secrets and Confidential Information; (e) all rights in databases and data compilations, whether or not copyrightable; and (f) all copies and tangible embodiments of any or all of the foregoing (in whatever form, including electronic media).
2. Service and license
Subject to the Publisher’s compliance with the terms hereof, during the Term, Company hereby grants the Publisher a limited, worldwide, non-sublicensable, non-transferable, royalty-free, non-exclusive, revocable license to use the services solely for the purpose of serving Ads through Company collectively, the "Service ".
- 3.1. Except as set forth expressly herein or as permitted by the Service, Publisher shall not, and shall not permit any third party, to (a) copy, decompile, disassemble, adapt, translate, create derivatives works of, reverse engineer or attempt to find the underlying code of, the Service ; (b) modify the Service, or insert any code or product, or in any other way manipulate the Service in any way; (c) modify the Services in any way without Company’s prior written consent, (d) sublicense, sell, rent, lease or distribute the Services or bypass any security measure of Company with respect to the Service, (e) distribute the Services on a stand-alone basis, (f) use the Services to create (or facilitate the creation of) any product or service that is competitive with the Service; (g) alter, modify, crop or create derivatives works of the Ads, or any other creative and substantive materials, in whatever format, provided by Company or its Advertisers for the purpose of the delivery of the Ads ("Creative"); or (h) use the Service except for Publisher’s own internal purposes. Publisher releases Company from and waives any and all claims and/or demands against Company in connection with all aspects of the Creative.
- 3.2. To the extent any of the restrictions set forth above are not enforceable under applicable law, Publisher shall inform the Company in writing prior to engaging in any of the applicable activities.
- 3.3. Publisher may not use robots, spiders, scraping or other technology to access or use the Service to obtain any information beyond what Company provides to Publisher under the Agreement.
- 3.4. Publisher may not use the Service to syndicate, mediate or broker campaigns or the distribution of Ads through other third parties or affiliates, without the express written approval of Company. Publisher shall make available to Company, upon request, with any information relating to the Property and any campaign and shall ensure that the distribution or promotion of the Ads is in compliance with the Campaign Conditions.
- 3.5. The Company reserves the right to terminate this agreement with immediate effect in the event the Publisher is found to be in breach of its obligations under this clause. Publisher agrees to indemnify the Company of any losses, damages or claims which the Company incurs due to the Publisher’s breach of this clause.
- 4.1. Mutual Warranties. Each Party represents and warrants that:
- It is duly organized under applicable law and has sufficient authority to enter into this Agreement and that,
- The execution and performance under this Agreement does not conflict with any contractual obligations such party has to any third party.
- 4.2. Company Warranties. Company represents and warrants that the Service:
- does not, to the best of its knowledge, infringe the intellectual property rights of any third party.
- comply with all applicable law and regulations (provided, that with respect to data provided by Publisher to Company, Company’s compliance with applicable law is subject to Publisher’s full compliance with applicable law with respect to such data, including its transfer to, and processing by, Company).
- does not to the best of its knowledge contain any Malicious Code.
- 4.3. The Company reserves the right, in its sole discretion and without liability, to reject or remove any Ads or Creative from the Service. Publisher acknowledges that any campaign may be terminated or suspended, whether by Company or its Advertisers, at any time and without notice to Publisher. Publisher hereby acknowledges that Company is providing the Service as an intermediary between Advertisers and Publisher and as such Company shall not be held responsible or liable for any actions or omissions performed or omitted by any third parties (including with respect to the content of the Creative or Ads).
- 4.4. Publisher Warranties. Publisher represents and warrants that its property:
- does not infringe the intellectual property rights of any third party,
- does not contain any Objectionable Content, and is not directed to or primarily appeals to children under the age of 13,
- complies with all applicable laws and regulations, including applicable data protection laws,
- does not contain any Malicious Code.
- Does not employ improper ways and means to deliver Objectives (Clicks, Installs, Activations or Impressions) using either manual cheats, specialized programs, code/s, script/s, bot/s, Trojan/s, emulator/s, or other fraudulent methods. The Publisher shall not deliver Objectives by auto initiation of Video Views, Page Visits, Clicks, Activations and Installs and that these must be a result of user-initiated action. Publisher acknowledges that if Publisher uses any of the above-mentioned improper ways and means to deliver any Objectives then Company has the right to reject all payments where such improper ways and means are detected and/or reasonably suspected and has the sole right to terminate any outstanding order.
5. Intellectual Property
- 5.1. Publisher shall have all right, title and interest in its Property. Company retains all right, title and interest in the Proprietary Rights in the Service, as well as any derivative therefrom. If Publisher provides Company with any feedback regarding the Service, Company may use all such feedback without restriction. Nothing herein shall be interpreted to provide Publisher any rights in the Service except the limited right to use and receive the Services as set forth herein. The Company or its Advertiser shall own all the rights, title and interests in the Creative or the Advertisement supplied to the Publisher or created by the Publisher for the purpose of this Agreement.
- 5.2. Nothing in this Agreement shall be construed as providing the Publisher a right to use any of Company or its affiliates’ trade names, trademarks, service marks, logos, or other distinctive brand features. Company reserves all rights in the Services not expressly licensed above. You agree that your use of any components of the Services that are licensed under an open-source software license are subject to and governed solely by the terms of the applicable license(s) for that software, and not by this Agreement.
- 6.1. Subject to the terms herein, the Company shall make payments to the Publisher subject to the terms communicated to the Publisher, solely in consideration for Approved Transactions. The payments due to Publisher ("Consideration ") shall be solely calculated and based on Company’s tracking systems and/or reports, which shall be considered final and binding, and no other measurements or statistics of any kind shall be accepted or have any effect. Company shall make available to Publisher such reports on a monthly basis.
- 6.2. If no discrepancy is reported to Company by Publisher within seven (7) calendar days from the date of receipt of campaign reports, the numbers will be considered as correct and final. Any discrepancy reported within 7 days as mentioned above is subject to be negotiated with evidence by both Parties.
- 6.3. Notwithstanding anything to the contrary, Considerations shall be made solely for Approved Transactions, and Company shall not be obligated to remit Considerations, and shall be entitled to withhold Considerations or demand a refund (in the event Consideration were already paid) (a) in connection with payments that were not fully remitted to Company from its Advertisers, or approved by its Advertisers (b) if determined by Company, at its sole discretion, that Publisher has engaged in Fraudulent Activity, was in breach of this Agreement or that Consideration were paid for Approved Transactions that are later determined to have not met the requirements set forth herein to be an Approved Transaction.
- 6.4. Publisher is solely responsible for providing and maintaining accurate contact and payment information associated with Publisher’s account. Any bank fees and other commissions incurred by Company due to any error or omission of contact or payment information may be deducted by Company from any Consideration due to Publisher. It is hereby clarified that Publisher shall not be entitled to receive any additional payment except for the Consideration agreed upon by Company and as communicated to Publisher.
- 6.5. The company reserves the right to deduct, set off, claw back or charge back any amounts Publisher may owe to Company against any amounts payable or otherwise owing to Publisher.
- 6.6. All payments due to Publisher under this Agreement will be exclusive of taxes, duties, levies, tariffs, and other governmental charges (including, without limitation, VAT, if applicable) (collectively, "Taxes "). Publisher will be responsible for payment of all Taxes and any related interest and penalties resulting from any payments made hereunder, other than any taxes based on Company’s net income. Company may be obligated by law to obtain tax information from Publisher and payments to Publisher may be withheld until Publisher provide this information or otherwise satisfy Company that Publisher is not an entity from whom Company is required to obtain tax information or Also, if required by applicable law, payments may be subject to tax withholding.
- 6.7. All Consideration shall be remitted to Publisher in USD within net sixty (60) days from the date of receipt of undisputed invoice and subject to its approval by Company, whether by wire transfer (or similar service) to the account specified by the Publisher. All the fees and/or commissions related to the payment shall be at the exclusive charge of Publisher.
7. Data Protection
- 7.1. The Service enables the Publisher to collect and track data concerning the characteristics and activities of Property’s end users as long as the Services are used, including Data pertaining to end users or their devices, whether identifiable or not ("Data"), pursuant to the existing device permissions.
- 7.4. Publisher shall not provide to Company any data regarding children under the age of 13, or any health, financial, or insurance data or other data which may be considered as of sensitive nature.
- 7.5. By entering into the Agreement, Publisher hereby agrees to the terms of the Data Protection Addendum, which is incorporated herein by reference.
- 8.1. During the course of services, parties have or shall receive, or access to records and information of confidential and proprietary nature to Disclosing Party. The Receiving Party acknowledges and agrees that such information is an asset of Disclosing Party, is not generally known to the trade, is of a confidential nature and, must be kept strictly confidential and used only in the performance of Receiving Party duties under this Agreement. The Receiving Party agrees that it will not use, disclose, communicate, copy or permit the use or disclosure of any such information to any third party in any manner whatsoever except for the purpose of this agreement or as otherwise directed by written consent of Disclosing Party. The Receiving Party shall disclose only such information to employees who "need to know" the Confidential Information in connection with the Agreement and only after such employees have been informed of the confidential nature of the information and have agreed to be bound by a similar binding obligation of confidentiality and non-disclosure. The Receiving Party further agrees that the Disclosing Party Confidential Information shall remain the sole property of the Disclosing Party. No license shall be granted by the Disclosing Party to the Receiving Party with respect to Confidential Information disclosed hereunder unless otherwise expressly provided therein.
- 8.2. Upon termination of this Agreement or upon the request of Disclosing Party, the Receiving Party shall return to Disclosing Party all of the confidential information or destroy all of the confidential information, and all copies or reproductions thereof, which are in Receiving Party possession or control. The Receiving Party shall provide the Disclosing Party with a written certificate thereby certifying and informing the Disclosing Party that all the confidential information, its copies and reproductions thereof has been destroyed. If the Receiving Party breaches any of its obligations with respect to confidentiality and unauthorized use of the Disclosing Party’s Confidential Information, Disclosing Party will be entitled to seek equitable and injunctive relief to protect rights and interest as-well as other remedies available to the Disclosing party under law and equity. This section shall survive the expiry or termination of this agreement for a period of 1 year post expiry or termination of this agreement.
- 9.1. Company Indemnification. Company shall defend, indemnify and hold harmless Publisher from and against any direct damages, costs, losses, liabilities or expenses (including court costs and reasonable attorneys’ legal fees; collectively "Damages ")) which Publisher may suffer or incur in connection with any actual claim, demand, action or other proceeding by any third party ("Claim ") arising from: (a) any breach of Company’s obligations, representations or warranties herein; or (b) a claim that the underlying technology of the Services infringes the intellectual property rights of a third party. Notwithstanding the foregoing, Company shall have no responsibility or liability for any claim to the extent resulting from or arising out of (a) the use of the Service not in compliance with this Agreement or applicable law, (b) the combination of the Service with any code or services not provided by Company, (c) the modification of any Service by any party other than Company or (d) the use of any Service that is not the most up-to-date Service.
- 9.2. Publisher Indemnification. Publisher shall defend and indemnify Company (and its affiliates, officers, directors and employees) from and against any and all Damages which Company may suffer or incur in connection with any Claim arising from: (a) any breach of Publisher’s obligations, representations or warranties herein; or (b) any use of the Service in violation of any applicable law or regulations (c) gross negligence and willful conduct or fraud.
- 9.3. Procedure. The obligations of either Party to provide indemnification under this Agreement will be contingent upon the indemnified party (i) providing the indemnifying party with prompt written notice of any claim for which indemnification is sought (provided that the indemnified party’s failure to notify the indemnifying party will not diminish the indemnifying party’s obligations except to the extent that the indemnifying party is materially prejudiced as a result of such failure), (ii) cooperating fully with the indemnifying party (at the indemnifying party’s expense), and (iii) allowing the indemnifying party to control the defense and settlement of such claim, provided that no settlement may be entered into without the consent of the indemnified party if such settlement would require any action on the part of the indemnified party other than to cease using any allegedly infringing or illegal content or services. Subject to the foregoing, an indemnified party will at all times have the option to participate in any matter or litigation through counsel of its own selection at its own expense.
10. Disclaimer of Warranties
- 10.1. Except as expressly provided herein, Publisher accepts the Service on an "AS IS" and "AS AVAILABLE" basis and acknowledges that Company makes no other warranty and disclaims all implied and statutory warranties, including, but not limited to, any implied warranty of merchantability, fitness for a particular purpose or non-infringement.
- 10.2. Company does not guarantee that the Service will always be complete, accurate, safe, secure, bug-free or error-free, or that the foregoing will always function without disruptions, delays or imperfections. Company may change, suspend or discontinue the Service at any time, including the availability of any feature or database, without notice or liability. In addition, Company may impose limits on certain features and services or restrict the Publisher’s access to the Service without notice or liability.
11. Limitation of Liability
- 11.1. In no event shall the Company, its directors, officers, affiliates or agents be liable for any consequential, indirect, special or punitive damages, arising out of or relating to the Service or the arrangements contemplated herein.
- 11.2. Except for intentional misconduct or gross negligence, Company’s entire liability for the provision of the Service or under any provision of this Agreement shall not exceed the amount of payment received by Publisher from Company in the one (1) month preceding the applicable claim.
12. Term and Termination
- 12.1. The term of this Agreement shall commence on the Effective Date and shall continue until terminated by either Party pursuant to this Agreement ("Term ").
- 12.2. Either Party may terminate this Agreement at any time by providing a prior written notice of 30 days to the other Party, without liability to the other Party.
- 12.3. Upon any termination or expiration of this Agreement, Company will cease providing the Service and all licenses and rights provided herein shall be revoked. In the event of any termination (a) any undisputed outstanding amounts of Approved Transactions will be paid to Publisher within a net thirty (30) days period after such termination; (b) any outstanding debit balance shall be paid by Publisher within 30 business days after such termination.
- 12.4. Any obligations of the Parties that by their nature are intended to survive the termination or expiration of this Agreement, including the obligations of the Parties in Sections 3 – 9 and 12 – 14 of this Agreement, shall survive any termination thereof.
- 12.5. Either Party may terminate this Agreement immediately if the other party materially breaches this Agreement and the non-breaching party provides the breaching party with a written notice of the breach, and the breaching party does not cure such breach within 15 days of the provision of such notice.
13. Non- Solicitation
During the Term of this Agreement and for a period of one (1) year hereafter, Publisher shall not knowingly solicit, directly or through any third party, any Advertiser for whom it delivered service pursuant to the Company under this Agreement. The Publisher shall not encourage any such Advertiser to transfer from the Company services and work directly with the Publisher. Without prejudice to any other right of the Company according to this Agreement and the applicable law, in the event the Publisher directly solicits such Advertiser and/or causes them to work directly with itself, the Publisher shall pay Company 50% of the revenue what Company would have otherwise earned if the Publisher had not violated this provision. During the term of this agreement and for a period of 1 Year thereafter, Publisher shall not (either directly or indirectly through a Third Party) employ, solicit to employ, cause to be solicited for the purpose of employment, any employees of Company, or aid any third person to do so, without the specific written consent of Company.
- 14.1. Updates. If Company provides the Publisher with any upgrades, patches, enhancements, or fixes for the Services ("Updates"), or if Company notifies of such Updates through its Company or integration section, then such Updates will become part of the Services and subject to this Agreement. The Publisher is required to use the most updated and current version of the Services. Company shall have no obligation, however, under this Agreement to provide any Updates or any other support to the Publisher for the Services.
- 14.2. Modifications. The Company may modify or discontinue offering the services, at any time and without notice to the Publisher. The Company makes no guarantees with respect to the availability or uptime of its Service; however, the Company shall use its reasonable commercial efforts to ensure that the availability or uptime of the Service shall meet industry standards. The Company may change the method of access to the Service at any time. In the event of degradation or instability of the Service or an emergency, Company may, in its sole discretion, temporarily suspend Publisher’s access to the Service.
- 14.3. Publicity. During the Term, Company may refer to Publisher as a business partner of Company, including by displaying Publisher’s name and logo on Company’s website and other marketing materials.
- 14.4. Export Controls. Publisher represents and warrants that it is not located in, under the control of, or a national or resident of any country to which the United States has embargoed goods or services; (ii) is not identified as a "Specially Designated National;" by the Office of Foreign Assets Control; (iii) is not placed on the U.S. Commerce Department’s Denied Persons List; and (iv) will not access or use any Service if any applicable laws in Publisher’s country prohibit Publisher from doing so in accordance with this Agreement.
- 14.5. Neither Party shall be (i) an entity or person, or owned or controlled by an entity or person, that (A) is currently the subject of any economic sanctions or restrictive measures administered or imposed by the Office of Foreign Assets Control of the U.S. Department of the Treasury, the U.S. Department of State, the U.S. Department of Commerce, the United Nations Security Council, the European Union, the United Kingdom, the United Arab Emirates, the Philippines or any other relevant authority (collectively, "Sanctions") or (B) resides, is organized or chartered, or has a place of business in a country or territory that is currently the subject of Sanctions; or (ii) is engaging or will engage in any dealings or transactions prohibited by Sanctions or will directly or indirectly use the proceeds of any transactions contemplated hereunder, or lend, contribute or otherwise make available such proceeds to or for the benefit of any person or entity, for the purpose of financing or supporting, directly or indirectly, the activities of any person or entity that is currently the subject of Sanctions; or (iii) is violating or will violate any applicable anti-bribery and anti-corruption laws.
- 14.6. Entire Agreement. This Agreement and any amendments thereto, represent the entire and complete agreement between the Parties regarding the subject matter hereof and supersedes any and all other agreements between the Parties, whether written or oral, regarding the subject matter hereof. This Agreement may be executed in two or more counterparts, each of which shall be deemed an original, but all of which together shall constitute one and the same instrument. Either Party may enter into this Agreement by executing any such counterpart manually or electronically (such as Adobe Sign or DocuSign) and deliver the executed counterpart by facsimile or electronic means to the other Party. The receiving Party may rely on the receipt of such document so executed and delivered as if the original had been received. The Parties agree that this Agreement, if executed in accordance with this Clause, shall be deemed to be valid, accurate and authentic, and given the same effect as, a written and signed agreement between or amongst the Parties in hard copy.
Severability- If any provision of this Agreement is held by a court of competent jurisdiction to be invalid, illegal, or unenforceable, the remainder of this Agreement will remain in full force and effect.
- 14.7. Relationship. No agency, partnership, joint venture, or employment relationship is created as a result of this Agreement, and neither Party has any authority of any kind to bind the other in any respect. The parties will perform under this Agreement as independent contractors. This Agreement does not create a joint venture, partnership, or formal business organization of any kind. This Agreement is binding upon, inures to the benefit of, and is enforceable by the parties and their respective successors and assigns.
- 14.8. Force Majeure. Either Party shall not be liable for any failure to perform its obligations hereunder where such failure results from any cause beyond its reasonable control, including, without limitation, epidemic, pandemic mechanical, electronic or communications failure or degradation. The parties agree to promptly notify the other of any force majeure event which impairs the ability of the affected party to perform its obligations under this Agreement. If such force majeure event continues for a period of more than 30 days from the date of notification of such event, either party has the right to terminate this agreement with no liability whatsoever.
- 14.9. No waiver. The failure of either Party to exercise any right provided for herein shall not be deemed a waiver of any further rights hereunder. All waivers must be in writing. A waiver of any default hereunder or of any of the terms and conditions of this Agreement shall not be deemed to be a continuing waiver or a waiver of any other default or of any other term or condition but shall apply solely to the instance to which such waiver is directed.
- 14.10. Notices. Publisher may provide Company with notices required hereunder by contacting Company at any email address Company provided, including in its registration information. All notices under this Agreement must be delivered in writing by courier, certified or registered mail (postage prepaid and return receipt requested), or by email to the other party at the address set forth in the Insertion Order.
- 14.11. Amendments. Company may revise this Agreement from time to time, in its sole discretion, and the most current version will always be posted on Company’s website (as reflected in the "Last Revised" heading). By continuing to access or use the Service after any revisions become effective, the Publisher agrees to be bound by the revised Agreement.
- 14.12. Assignment. Publisher may not assign any of its rights or obligations under this Agreement without the prior written consent of Company, except in the event of an assignment by Publisher to a purchaser of all or substantially all of the Publisher’s assets or share capital, in which event the Publisher shall provide Company with written notice of the assignment. Assignment in violation of the foregoing shall be void.
- 14.13. Governing law. This Agreement shall be governed by the laws of Singapore, any dispute or claim arising out of or relating to this Agreement, or any breach thereof shall be solely settled by arbitration in Singapore in accordance with the Arbitration Rules of the Singapore International Arbitration Centre ("SIAC") for the time being in force, which rules are deemed to be incorporated by reference in this Section. The arbitration tribunal shall consist of one (1) arbitrator to be appointed by the Chairman of SIAC. The language of the arbitration shall be English. Subject to the above, the courts in Singapore shall have exclusive jurisdiction.
Data Protection Addendum
This Data Processing Addendum ("DPA") entered into between the Parties or Company Insertion Order and applicable terms and conditions (the "Agreement"). You acknowledge that you (collectively, "You", "Your", or "Data Controller", "Business", "Publisher", "SSP") have read and understood and agree to comply with this DPA, and are entering into a binding legal agreement with the Company ("Company", "Data Processor", "DSP") to reflect the parties’ agreement with regard to the Processing of Personal Data. Both parties shall be referred to as the "Parties" and each, a "Party".
WHEREAS, Company provides a platform which facilitates and optimizes Advertising campaigns for advertisers, as set forth in the Agreement for the Publisher to display on its property and/or its Business partners ’s property, the advertisement of Company or its advertisers to the end users (“End Users”); and
WHEREAS, Company may process Personal Data on Your behalf, in the capacity of a Data Processor; and the Parties wish to set forth the arrangements concerning the Processing of Personal Data (as defined below) and agree to comply with the following provisions with respect to any Personal Data acting reasonably and in good faith.
NOW THEREFORE, in consideration of the mutual promises set forth herein and other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties, intending to be legally bound, agree as follows:
1. INTERPRETATION AND DEFINITIONS
- 1.1 The headings contained in this DPA are for convenience only and shall not be interpreted to limit or otherwise affect the provisions of this DPA.
- 1.2 References to clauses or sections are references to the clauses or sections of this DPA unless otherwise stated.
- 1.3 Words used in the singular include the plural and vice versa, as the context may require.
- 1.4 Capitalized terms not defined herein shall have the meanings assigned to such terms in the Agreement.
- 1.5 Definitions
- “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
- “Controller” or “Data Controller” or “Business” means the entity which determines the nature purposes and means and the types of targeted individuals of the Processing of Personal Data. For the purposes of this DPA only, and except where indicated otherwise, the term "Data Controller" shall include the Organization and/or the Organization’s Authorized Affiliates.
- “CCPA” means the California Consumers Privacy Act of 2018, and its modifications, amendments and regulations, including the California Privacy Rights Act of 2020.
- “Data Protection Laws and Regulations” means the applicable laws and regulations of the European Union, the European Economic Area and their Member States, Switzerland, the United Kingdom and the US, applicable to the Processing of Personal Data under the Agreement.
- “Data Subject” means the identified or identifiable person to whom the Personal Data relates.
- “GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data repealing Directive 95/46/EC (General Data Protection Regulation).
- “Member State” means a country that belongs to the European Union and/or the European Economic Area. “Union” means the European Union.
- “Personal Data” or “Personal Information” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. For the avoidance of doubt, Publisher’s business contact information is not by itself deemed to be Personal Data.
- “Process(ing)” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- “Processor” or “Data Processor” or “Service Provider” means the entity which Processes Personal Data on behalf of the Controller.
- “Security Documentation” means the Security Documentation of Company as stated in Annex -III.
- “Standard Contractual Clauses” or “SCCs” means (i) the standard contractual clauses for the transfer of Personal Data to Data processors established in third countries which do not ensure an adequate level of protection as set out in Regulation (EU) 2016/679 of the European Parliament and of the Council from June 4, 2021, as available here, as updated, amended, replaced or superseded from time to time by the European Commission; or (ii) where required from time to time by a supervisory authority for use with respect to any specific restricted transfer, any other set of contractual clauses or other similar mechanism approved by such Supervisory Authority or by Applicable Laws for use in respect of such Restricted Transfer, as updated, amended, replaced or superseded from time to time by such Regulatory Authority or Data Protection Laws and Regulations;
- “Sub-processor” means any Processor engaged by Company and/or Company Affiliate to Process Personal Data on behalf of Publisher.
- “Supervisory Authority” means an independent public authority which is established by an EU Member State pursuant to the GDPR.
- “UK GDPR” means the Data Protection Act 2018, as updated, amended, replaced or superseded from time to time by the ICO.
- “UK Standard Contractual Clauses” or “UK SCCs” means the standard contractual clauses for the transfer of Personal Data to Data processors established in third countries which do not ensure an adequate level of protection as set out by the ICO, as available here, as updated, amended, replaced or superseded from time to time by the ICO.
2. PROCESSING OF PERSONAL DATA
- 2.1 The Parties acknowledge and agree that with regard to the Processing of Personal Data, the Publisher is the Controller of the Personal Data and Company is the Data processor of such Personal Data, except when the Publisher acts as a Data Processor of the Personal Data, in which case Company is a sub-processor. In no event will the Parties process Personal Data jointly as joint or separate Controllers. Notwithstanding anything to the contrary, if the SSP is the Party executing this DPA with Company, the SSP shall ensure that the applicable publisher and/or Property owner shall comply with all obligations imposed to Publishers, including, the publisher obligations detailed in Section 3.
3. PUBLISHER OBLIGATIONS
- 3.1 Publisher shall, in its use of the Services, at all times (by itself and/or on behalf of the applicable publisher and/or owner of the Property) comply with any and all applicable laws, rules, regulations, platform policies, any applicable self-regulatory regimes and best industry standards, including, without limitation and as applicable: U.S. laws; the rules, codes and guidelines of the Digital Advertising Alliance; the Network Advertising Initiative; the Transparency and Consent Framework for Publishers (as amended from time to time) available at https://iabeurope.eu/tcf-for-publishers/; any platform restrictions such as the Apple Tracking Transparency Framework (or similar to this framework, for example, from Google); any and all applicable laws. Company does not have a direct relationship with any End User visiting the Property or viewing ads delivered to the Property, therefore, Publisher shall collect and Process Personal Data in accordance with the requirements of Data Protection Laws and Regulations and comply at all times with the obligations, including, without limitation, the obligations applicable to Data Controllers. Publisher agrees that it is responsible and shall be fully liable at all times for providing any and all required notices, disclosures and obtaining any and all End Users consents required by Data Protection Laws and Regulations (or any other applicable and lawful legal basis) on behalf of itself, Company and all applicable advertisers, with respect to processing Personal Data, location data, user device identification and/or any other information of the End Users. Publisher represents and warrants that it shall, at all times maintain and make operational on Property a mechanism for obtaining and recording consent and that enables consent to be withdrawn, in accordance with applicable Data Protection Laws and regulations.
- 3.3 For the avoidance of doubt, Publisher’s instructions for the Processing of Personal Data shall comply with Data Protection Laws and Regulations. Publisher shall have sole responsibility for the means by which Publisher acquired, collected, Processes and shares Personal Data. Without limitation, Publisher shall comply with any and all transparency-related obligations (including, without limitation, displaying any and all relevant and required privacy notices or policies) and shall at all times have any and all required ongoing legal bases in order to collect, Process and transfer to Company the Personal Data and to authorize the Processing by Company of the Personal Data.
- 3.4 Publisher shall, at all times, comply with Data Protection Laws and Regulations and respect all End User - or device - based privacy choices, including, without limitation, those limiting ad tracking, age (e.g., children data), geolocation data, targeting and re-targeting practices, and etc. Whether Publisher receives any complaint, claim or other request from the End User regarding the Processing of the End User’s Personal Data, Publisher agrees to fulfill such request without undue delay. Where needed, Publisher shall notify Company of the necessary assistance and in such case, insofar as possible, Company agrees to assist Publisher with the fulfillment of relevant End User’s requests.
- 3.5 If Publisher is unable to comply with its consent and notice obligations or any other obligation with respect to Personal Data, including, as described in this Section 3, Publisher shall promptly notify Company. Publisher shall defend, hold harmless and indemnify Company, its Affiliates and subsidiaries (including without limitation their directors, officers, agents, subcontractors and/or employees) from and against liability of any kind related to breach, violation or infringement by Publisher and/or its authorized users of any Data Protection Laws and Regulations and/or this DPA and/or this Section 3.
4. COMPANY’S PROCESSING OF PERSONAL DATA
- 4.1.1 Subject to the Agreement, Company shall Process Personal Data in accordance with Publisher’s documented instructions as necessary for the following purposes: (i) Processing in accordance with this DPA and the Agreement and Data Protection Laws and Regulations; (ii) Processing to comply with other documented reasonable instructions provided by Publisher (e.g., via email) where such instructions are consistent with the terms of the Agreement; and (iii) Processing when required by Union or Member State law or any other applicable law to which Company is or may, and its Affiliates are or may, be subject to, in which case, Company shall inform Publisher of the legal requirement before Processing, unless that law prohibits such information on important grounds of public interest.
- 4.1.2 To the extent that Company and its Affiliates cannot comply with a request (including, without limitation, any instruction, direction, code of conduct, certification, or change of any kind) from the Publisher and/or its authorized users relating to Processing of Personal Data or where Company considers such a request to be unlawful, Company (i) shall inform Publisher, providing relevant details of the problem (but not legal advice), (ii) Company may, without any kind of liability towards Publisher, temporarily cease all Processing of the affected Personal Data (other than securely storing those data), and (iii) if the Parties do not agree on a resolution to the issue in question and the costs thereof, each Party may, as its sole remedy, terminate the Agreement and this DPA and the Publisher will have no further claims against Company due to the termination of the Agreement and/or the DPA in the situation described in this paragraph.
- 4.1.3 Company will not be liable in the event of any claim brought by a third party, including, without limitation, a Data Subject, arising from any act or omission of Company, to the extent that such is a result of Publisher’s instructions.
- 4.1.4 The subject-matter, duration of the Processing, the nature and purpose of the Processing, as well as the types of Personal Data Processed and categories of Data Subjects under this DPA are further specified in Schedule 1 (Details of the Processing) to this DPA.
5. RIGHTS OF DATA SUBJECTS
- 5.1 If Company receives a request from a Data Subject to exercise the Data Subject's right as described under Data Protection Laws and Regulations (“Data Subject Request”), Company shall, to the extent legally permitted and insofar as possible, notify and forward such Data Subject Request to Publisher. Taking into account the nature of the Processing, Company shall reasonably assist Publisher by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of Publisher’s obligation to respond to a Data Subject Request under Data Protection Laws and Regulations.
6. COMPANY PERSONNEL
- 6.1 Company shall grant access to the Personal Data to persons under its authority (including, without limitation, its personnel) only on a need to know basis and ensure that such persons engaged in the Processing of Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
- 6.2 Company may disclose and Process the Personal Data (a) as permitted hereunder (b) to the extent required by a court of competent jurisdiction or other Supervisory Authority and/or otherwise as required by applicable laws or applicable Data Protection Laws and Regulations (in such a case, Company shall inform the Publisher of the legal requirement before the disclosure, unless that law prohibits such information on important grounds of public interest), or (c) on a “need-to-know” basis under an obligation of confidentiality to legal counsel(s), data protection advisor(s), accountant(s), investors or potential acquirers.
7. AUTHORIZATION REGARDING SUB-PROCESSORS
- 7.1 The Publisher may email the Company to receive Company’s current list of Sub-processors.
- 7.2 In case Company intends to add a Sub Processor, it shall notify the Publisher and the Publisher may reasonably object to Company’s use of a Sub-processor for reasons related to the GDPR by notifying Company promptly in writing within three (3) business days after receipt of Company’s notice and such written objection shall include the reasons related to the GDPR for objecting to Company’s use of such Sub-processor. Failure to object to such Sub-processor in writing within three (3) business days following Company’s notice shall be deemed as acceptance of the Sub-Processor. In the event Publisher reasonably objects to a Sub-processor, as permitted in the preceding sentences, Company will use reasonable efforts to make available to Publisher a change in the Sub-Processor. If Company is unable to make available such change within a reasonable period of time, which shall not exceed thirty (30) days, Publisher may, as a sole remedy, terminate the applicable Agreement and this DPA by providing written notice to Company; Until a decision is made regarding the Sub-processor, Company may temporarily suspend the Processing of the affected Personal Data. Publisher will have no further claims against Company due to the termination of the Agreement and/or the DPA in the situation described in this paragraph.
- 7.3 This Section 7 shall not apply to subcontractors of Company which provide ancillary support the performance of the DPA. This includes, for example, telecommunication services, maintenance and user service, cleaning staff, or auditors.
- 8.1 Taking into account the state of the art, the costs of implementation, the scope, the context, the purposes of the Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Company shall maintain all industry-standard technical and organizational measures required pursuant to Article 32 of the GDPR for protection of the security, confidentiality and integrity of Personal Data, as set forth in the Security Documentation as stated in Schedule 3 of this DPA which are hereby approved by Publisher.
- 8.2 To the extent that Publisher cannot satisfy its audit requirements by sending privacy and security questionnaires/assessments, at Publisher’s cost and expense, and upon Publisher’s prior written notice of 30 days to Company, and subject to confidentiality obligations set forth in the Agreement and this DPA, Company shall allow for and contribute to audits, including inspections of Company, conducted by the controller or another auditor mandated by the controller (who is not a direct or indirect competitor of Company) provided that the parties shall agree on the scope, methodology, timing and conditions of such audits and inspections. Notwithstanding anything to the contrary, such audits and/or inspections shall not contain any information, including without limitation, personal data that does not belong to Publisher. The audit right is conditioned upon providing 30 days prior notice of the controller’s intention to audit. The right to Audit, at the controller’s expense, shall take place during normal business hours, and the Controller’s auditors shall take all reasonable measures to prevent unnecessary disruption to the processor’s operations. This audit right may be exercised up to once per year and the Audit and the Auditor shall be bound by the confidentiality obligations. The audit shall only be related to the scope of the agreement and the DPA entered into between the parties.
9. PERSONAL DATA INCIDENT MANAGEMENT AND NOTIFICATION
Company shall notify Publisher without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data, including Personal Data, transmitted, stored or otherwise Processed by Company (a “Personal Data Incident”). Company shall make reasonable efforts to identify the cause of such Personal Data Incident and take those steps as Company deems necessary, possible and reasonable in order to remediate the cause of such a Personal Data Incident to the extent the remediation is within Company’s reasonable control. The obligations herein shall not apply to incidents that are caused or attributable to the Publisher. In any event, Publisher will be the party responsible for notifying supervisory authorities and/or concerned data subjects (where required by Data Protection Laws and Regulations).
10. DELETION OF PERSONAL DATA
Subject to the Agreement, Company shall, delete the Personal Data after the end of the Services relating to Processing, and shall delete existing copies unless applicable law requires storage of the Personal Data. In any event, to the extent required or allowed by applicable law, Company may retain one copy of the Personal Data for evidence purposes and/or for the establishment, exercise or defense of legal claims and/or to comply with applicable laws and regulations. Company will retain the Personal Information described above for the life of an active campaign and for six (6) months thereafter, or until the Publisher instruct Company otherwise to delete such Personal Information, noting that Company will continue to retain the Personal Information for longer periods only to the extent required or allowed by applicable law or auditing requirements.
11. AUTHORIZED AFFILIATES
- 11.1 The Parties acknowledge and agree that, by executing the DPA, the Publisher enters into the DPA on behalf of itself and, as applicable, in the name and on behalf of its Authorized Affiliates, thereby establishing a separate DPA with the Company. Each Authorized Affiliate agrees to be bound by the obligations under this DPA. All access to by Authorized Affiliates must comply with the terms and conditions of the Agreement and this DPA and any violation of the terms and conditions therein by an Authorized Affiliate shall be deemed a violation by Publisher.
- 11.2 The Publisher shall remain responsible for coordinating all communication with Company under the Agreement and this DPA and shall be entitled to make and receive any communication in relation to this DPA on behalf of its Authorized Affiliates.
- 11.3 Upon Publisher’s request, Company shall provide Publisher, at Publisher’s cost and expenses, with reasonable cooperation and assistance needed to fulfill Publisher’s obligation under the GDPR to carry out a data protection impact assessment, to the extent Publisher does not otherwise have access to the relevant information, and to the extent such information is available to Company. Company shall provide, at Publisher’s cost, reasonable assistance to Publisher in the cooperation or prior consultation with the Supervisory Authority, to the extent required under the GDPR.
12. TRANSFERS OF DATA
- 12.1 Transfers to countries that offer an adequate level of data protection. Personal Data may be transferred from the EU Member States, the three EEA member countries (Norway, Liechtenstein, and Iceland) (collectively, “EEA”) and the United Kingdom to countries that offer an adequate level of data protection under or pursuant to the adequacy decisions published by the relevant data protection authorities of the EEA, the Union, the Member States, or the European Commission (“Adequacy Decisions”), without any further safeguard being necessary.
- 12.2 Transfers to other countries. If the Processing of Personal Data includes transfers from the EEA to countries that do not offer an adequate level of data protection or which have not been subject to an Adequacy Decision (“Other Countries”), the Parties shall comply with the below terms.
- 12.2.1 With respect to the EU transfers of Personal Data, Publisher as a Data Exporter (as defined in the SCCs) and Company on behalf of itself and each Company’s Affiliate hereby enter into the Standard Contractual Clauses (Module 2 Controller to Processor) set out in Schedule-2. To the extent that there is any conflict or inconsistency between the terms of the Standard Contractual Clauses and the terms of this DPA, the terms of the Standard Contractual Clauses shall take precedence.
- 12.2.2 With respect to the UK transfers of Personal Data (from the UK to other countries which have not been subject to a relevant Adequacy Decision), Publisher as a Data Exporter (as defined in the UK SCCs) and Company on behalf of itself and each Company’s Affiliate (as applicable) as a Data Importer (as defined in the UK SCCs), hereby enter into the UK SCCs set out in Schedule 2.
13. TERMINATIONThis DPA shall automatically terminate upon the termination or expiration of the Agreement under which the Services are provided. Sections 3, 10 and 15 shall survive the termination or expiration of this DPA for any reason. This DPA cannot, in principle, be terminated separately to the Agreement, except where the Processing ends before the termination of the Agreement, in which case, this DPA shall automatically terminate.
- 14.1. To the extent that the Personal Data is subject to the CCPA, Company shall not sell or share Publisher’s Personal Data. Company acknowledges that when processing Personal Data in the context of the provision of the Services, Publisher is not selling or sharing Personal Data to Company.Company is considered a Service Provider (as defined by CCPA), and agrees not to retain, use or disclose Personal Data: (i) for any purpose other than the Business Purpose (as defined below); (ii) for no other commercial or Business Purpose; or (iii) outside the direct business relationship between Company and Publisher. Notwithstanding the foregoing, Company may use, disclose, or retain Personal Data to: (i) transfer the Personal Data to other Company’s entities (including, without limitation, affiliates and subsidiaries), service providers, third parties and vendors, availing Services from the Publisher; (ii) to comply with, or as allowed by, applicable laws; (iii) to defend legal claims or comply with a law enforcement investigation; (ii) for internal use by Company or for any other purpose permitted under the CCPA; (iii) to detect data security incidents, or protect against fraudulent or illegal activity; and (iv) collect and analyse anonymous information. Company shall use commercially reasonable efforts to comply with its obligations under CCPA. If Company becomes aware of any material and applicable requirement (to Company as a service provider) under CCPA that Company cannot comply with, Company shall use commercially reasonable efforts to notify Publisher. Upon written Publisher’s notice, Company shall use commercial reasonable and appropriate steps to stop and remediate Company’s alleged unauthorized use of Personal Data; provided that Publisher must explain and demonstrate in the written notice which processing activity of Personal Data it considers to be unauthorized and the applicable reasons. Company shall use commercially reasonable efforts to enable Publisher to comply with consumer requests made pursuant CCPA. Notwithstanding anything to the contrary, Publisher shall be fully and solely responsible for complying with its own requirements under CCPA.
- 14.2. In circumstances where Publisher provides the Services in a way that causes Company to collect Personal Information subject to the CCPA and/or any other applicable US laws, Publisher shall provide the data subjects with all notices and disclosures as required by the CCPA, including by clearly and conspicuously posting a link to communicate to California residents that they may opt out of any of their Personal Information (according to the Publisher’s then-current applicable tools, at Publisher’s sole election and responsibility, which enable California residents to exercise their right of opting out of their Personal Information). Publisher undertakes to immediately notify Company in writing when and if Publisher receives from any California resident their demand to opt out of the sale of their Personal Information,
15. RELATIONSHIP WITH AGREEMENT
In the event of any conflict between the provisions of this DPA and the provisions of the Agreement, the provisions of this DPA shall prevail over the conflicting provisions of the Agreement. Notwithstanding anything to the contrary in the Agreement and/or in any agreement between the parties and to the maximum extent permitted by law: (A) Company’s (including Company’s Affiliates’) entire, total and aggregate liability, related to personal data or information, privacy, or for breach of, this DPA and/or Data Protection Laws and Regulations, including, without limitation, if any, any indemnification obligation under the Agreement or applicable law regarding data protection or privacy, shall be limited to the amounts paid by Company under the Agreement within three (3) months preceding the event that gave rise to the claim. This limitation of liability is cumulative and not per incident; (B) In no event will Company and/or Company Affiliates and/or their third-party providers, be liable under, or otherwise in connection with this DPA for: (i) any indirect, exemplary, special, consequential, incidental or punitive damages; (ii) any loss of profits, business, or anticipated savings; (iii) any loss of, or damage to data, reputation, revenue or goodwill; and (C) The foregoing exclusions and limitations on liability set forth in this Section shall apply regardless of the form, theory or basis of liability (such as, but not limited to, breach of contract or tort).
This DPA may be amended at any time by a written instrument duly signed by each of the Parties.
17. LEGAL EFFECT
Company may assign this DPA or its rights or obligations hereunder to any Affiliate thereof, or to a successor or any Affiliate thereof, in connection with a merger, consolidation or acquisition of all or substantially all of its shares, assets or business relating to this DPA or the Agreement. Any Company’s obligation hereunder may be performed (in whole or in part), and any Company right or remedy may be exercised (in whole or in part), by an Affiliate of Company.
The Parties represent and warrant that they each have the power to enter into, execute, perform and be bound by this DPA.You, as the signing person on behalf of Publisher, represent and warrant that you have, or you were granted, full authority to bind the Organization and, as applicable, its Authorized Affiliates to this DPA. If you cannot, or do not have authority to, bind the Organization and/or its Authorized Affiliates, you shall not supply or provide Personal Data to Company.By signing this DPA, Publisher enters into this DPA on behalf of itself and, to the extent required or permitted under applicable Data Protection Laws and Regulations, in the name and on behalf of its Authorized Affiliates.
19. Governing Law and Jurisdiction- This DPA shall be governed by laws and jurisdiction as stated in the Principle Agreement.
List of Schedules
Schedule 1 - DETAILS OF THE PROCESSING
Schedule 2 - STANDARD CONTRACTUAL CLAUSES
Schedule 3 - Technical and Organizational measures
SCHEDULE 1 – DETAILS OF THE PROCESSING
Subject matter Company will Process Personal Data as further instructed by Publisher in its use of the Services.
Nature and Purpose of Processing
- Performing the Agreement, this DPA and/or other contracts executed by the Parties,
- For Company to comply with documented reasonable instructions provided by Publisher where such instructions are consistent with the terms of the Agreement or Data Protection Laws.
Duration of Processing
Subject to any Section of the DPA and/or the Agreement dealing with the the consequences of the expiration or termination thereof, Company will Process Personal Data for the duration of the Agreement, unless otherwise agreed upon in writing.
Type of Personal Data
- Device Identifiers and type of application
- IP Address, country/city
- Advertising ID
- IP address, And other non-Personal Information including:
- Device make, model and operating system;
- Device properties related to screen size & orientation, audio volume and battery;
- Operating system;
- Name and properties of mobile application through which a consumer interacts with the Services;
- Country, time zone and locale settings (country and preferred language);
- Network connection type and speed;
- Activity of a user on an application following installation; and
- Internet browser user-agent used to access the Services.
In some limited circumstances Personal Data may also come from others sources, for example, in the case of tracking vendors, fraud detection or as required by applicable law.
Categories of Data Subjects
The frequency of the transfer. Continuous basis
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period
As described in this DPA and/or the Agreement
For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing. The Publisher may email the Company to receive Company’s current list of Sub-processors.
SCHEDULE 2 - STANDARD CONTRACTUAL CLAUSES
EU SCCs. If the Processing of Personal Data includes transfers from the EEA to countries outside the EEA which do not offer adequate level of data protection or which have not been subject to an Adequacy Decision, the Parties shall comply with Chapter V of the GDPR. The Parties hereby agree to execute the Standard Contractual Clauses incorporated herein by reference as follows:
- a) The Standard Contractual Clauses Module-2 (Controller-to-Processor), will apply, with respect to restricted transfers between Publisher and Company that are subject to the EU GDPR.
- b) The Parties agree that for the purpose of transfer of Personal Data between Publisher (as Data Exporter) and Company (as Data Importer), the following shall apply: (i) Clause 7 of the Standard Contractual Clauses shall be applicable; (ii) In Clause 9, option 2 shall apply, and the method described in Section 7 of the DPA (Authorization Regarding Sub-Processors) shall apply; (iii) Clause 11 of the Standard Contractual Clauses shall be not applicable; (iv) In Clause 13: The Data Protection Authority of Spain shall act as the Supervisory authority; (v) In Clause 17, option 1 shall apply. The Parties agree that the Standard Contractual Clauses shall be governed by the laws of Spain; and (vi) In Clause 18(b) the Parties choose the courts of Spain, as their choice of forum and jurisdiction.
- c) Annex I.A: With respect to Module Two: (i) Data Exporter is Publisher as a data controller and (ii) the Data Importer is Company as a data processor. Data Exporter and Data Importer Contact details: As detailed in the Agreement.
- Signature and Date: By entering into the Agreement and this DPA, each Party is deemed to have signed these Standard Contractual Clauses incorporated herein, including their Annexes, as of the Effective Date of the DPA.
- d) Annex I.B of the Standard Contractual Clauses shall be completed as described in Schedule 1 (Details of the Processing) of this DPA.
- e) Annex I.C of the Standard Contractual Clauses shall be completed as follows: The competent supervisory authority is the Spain supervisory authority.
- f) Annex II of the Standard Contractual Clauses shall be as described and agreed between the parties in Schedule 3 of this DPA.
- g) Annex III of the Standard Contractual Clauses- The Publisher may email the Company to receive Company’s current list of Sub-processors.
UK SCCs, If the Processing of Personal Data includes transfers from the UK to countries which do not offer adequate level of data protection or which have not been subject to an Adequacy Decision, the Parties shall comply with Article 45(1) of the UK GDPR and Section 17A of the Data Protection Act 2018. The Parties hereby agree to execute the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses as follows:
- a) The UK Standard Contractual Clauses (Controller-to-Processor and Processor to Processor) if applicable, will apply with respect to restricted transfers between Publisher and Company that are subject to the UK GDPR.
- b) The Parties agree that for the purpose of transfer of Personal Data between Publisher (as Data Exporter) and Company (as Data Importer), the following shall apply: (i) Clause 7 of the Standard Contractual Clauses shall be applicable; (ii) In Clause 9, option 2 shall apply, and the method described in Section 7 of the DPA (Authorization Regarding Sub-Processors) shall apply; (iii) Clause 11 of the Standard Contractual Clauses shall be not applicable; (iv) In Clause 17, option 1 shall apply. The Parties agree that the Standard Contractual Clauses shall be governed by the laws of England and Wales; and (v) In Clause 18(b) the Parties choose the courts of England and Wales. The Parties agree to submit themselves to the jurisdiction of such courts, as their choice of forum and jurisdiction.
- c) Annex I.A: With respect to Module Two: Data Exporter is Publisher as a data controller and the Data Importer is Company as a data processor. With respect to Module Three: Data Exporter is Publisher as a data processor and the Data Importer is Company as a data processor (sub-processor).
- Data Exporter and Data Importer Contact details: As detailed in the Agreement.
- Signature and Date: By entering into the Agreement and this DPA, each Party is deemed to have signed these UK Standard Contractual Clauses incorporated herein, including their Annexes, as of the Effective Date of the DPA.
- d) Annex I.B of the UK Standard Contractual Clauses shall be completed as described in Schedule 1 (Details of the Processing) of this DPA.
- e) Annex I.C of the UK Standard Contractual Clauses shall be completed as follows: The competent supervisory authority is the ICO supervisory authority.
- f) Annex II of the UK Standard Contractual Clauses shall be as described and agreed between the parties in Schedule 3 of this DPA.
- g) Annex III of the UK Standard Contractual Clauses- The Publisher may email the Company to receive Company’s current list of Sub-processors.
Technical and Organizational Security Measures
This document describes technical and organizational security measures and controls implemented by Company to protect Personal Data and ensure the ongoing confidentiality and integrity.
1. Security measures
The servers for the online and offline systems, databases, and data protection (backup) are run and maintained at Amazon Web Services (AWS)/ Google Cloud Services (GCP) in professional and secured data centers. The subcontractors are selected carefully and with respect to their security awareness and their expertise based on audits and certificates. Some of the relevant safeguards of the following checklist are not shown separately because it is the responsibility of subcontractors or is not published in detail for the sake of maintaining the security of confidentiality.
2. Access control
The access control to the server infrastructure occurs by the security infrastructure of Amazon web services IAM security policies and there through AWS ensured control system. During all operations time, the entrance to Company premises is secured by a personalized fingerprint detection system. Also, outside of the times of business operation, the office entrance is permanently and automatically monitored by cameras. In addition, the outer doors of the building are closed mechanically. An access control by key cards allow entrance to the building, while in the reception area is manned during times of the business operations. The entrance area is secured with optical space surveillance (video).Internet lines are secured with firewall and every computer runs an anti-virus and malware detection system.
3. Admission control
The unauthorized use of computer systems is prevented by:
Company uses Google GSuite as its office services tool and relies on google security systems and password management via google gsuite.Each owner has his own passwords known only to him, which may not be distributed. In case of any disclosure of one of the passwords, it has to be changed immediately. The quality of passwords is subject to defined requirements and is continuously checked. For all activities related to the DP system, reports shall be created automatically.
- Password assignment,
- Blocking multiple incorrect password attempts,
- Multi-factor authentication if possible,
- Use one-time passwords if possible.
Servers/ databases/ services:
- Private/public key authentication as required by Amazon Web Services
- VPN secured connections from outside of AWS premises.
- Multi-tier provisioned personal private/public key authentication for different users
- Access control and permissions per key – managed in AWS Identity and Access Management system (IAM)
The restriction of access possibility of beneficiary for using a data processing system exclusively on the data authorized for access is controlled via AWS/ GCP Identity and Access Management system (IAM).
The unauthorized reading, copying, modification, or removal of data during transfer is prevented by SSL and SSH encryption of data transmission, Completeness checks if relevant, and Development of the transport connection is only between defined and secured certificates of systems.
4. Availability Control
The data security from accidental loss or destruction is guaranteed by:
Redundant data storage in AWS S3/ GCP Cloud Storage service, timely data aggregations per days, weeks, and months periods, Software exclusion: Breakdown of the servers for independent and autonomous fulfillment of the tasks (shared-nothing between server architecture), Multiple incremental data backup, Data backups with a timetable which appropriately reflects data changes while using, Multiple data nodes in a distributed data system and Data Base redundancy via real-time replications, Additional measures of AWS/ GCP data integrity systems.
5. The separation rule according to the principle of earmarking
Personal data is permitted to be used only for the purpose for which they were originally collected.
Data collected for different purposes can be processed separately and is guaranteed by:
- Software exclusion (client separation, multi-tenant architecture)
- The database principle, separation by access control
- Separation of test and production data
- Separation of development and production environment.