These Data Terms are incorporated into the Agreement between 吸湿视频 and Customer. Capitalized terms used but not otherwise defined herein shall have the meanings ascribed to them in the Agreement.
DATA AND PRIVACY
Privacy Policies. Customer agrees to post on its website a privacy policy that (i) complies with Applicable Law and (ii) accurately discloses all applicable data collection, use and disclosure practices, including, but not limited to, an explanation of the purposes for which data is collected by or will be transferred to, third parties, the use of cookies, pixels, beacons, locally stored objects, or other similar technologies by third parties for purposes of targeting individual end users with interest-based, and other types of Advertisements. Customer shall comply with its privacy policy. Customer further agrees that its privacy policy will provide end users with a conspicuous link to a functional opt-out page. If Customer uses the 吸湿视频 Materials to buy Inventory directly or indirectly on behalf of any third party, Customer will ensure that such third party complies with this provision.
Customer Data Use. Customer may not use, sell, or otherwise disclose the 吸湿视频 Data, except that, subject in each case to the restrictions below, Customer may use and disclose 吸湿视频 Data: (a) to evaluate and purchase Inventory through the 吸湿视频 Platform in connection with this Agreement, (b) to provide aggregate reporting to the applicable Advertiser for which Customer is purchasing Inventory, and (c) as required by court order, law, or governmental or regulatory agency (after, if permitted, giving prior written notice to 吸湿视频). Customer may not use any 吸湿视频 Data to create or supplement user profiles or targetable segments. All such use of the 吸湿视频 Materials by Customer must comply with Customer鈥檚 privacy polic(ies), all applicable laws, regulations, self-regulatory principles, and the Digital Advertising Alliance principles. Customer may not combine any pseudonymous personal data received via the 吸湿视频 Materials with any identifying personal data without the end user鈥檚 consent.
Required Consent. To the extent that any data, including persistent identifiers (such as IP address or device identifiers) or precise geo-location data, about end users are collected, used, transmitted, or processed by or on behalf of Customer or a party on behalf of which Customer is directly or indirectly buying Inventory using 吸湿视频 Materials, Customer represents and warrants that all necessary disclosures have been provided to and appropriate consents have been or will be obtained from such end user (鈥Required Consents鈥), as applicable. These Required Consents include, but are not limited to, those necessary to collect information about individual end users through the use of technologies, such as cookies and pixels, located on the End User鈥檚 device, and to pass such information to 吸湿视频 for processing in accordance with the Agreement. All Required Consents shall be obtained by Customer before any such technologies are set on the applicable End User鈥檚 device, regardless of whether such technologies are set directly by Customer or by or through 吸湿视频.
吸湿视频 Data Use. 吸湿视频 shall have the right to collect, use, and disclose data transmitted through or otherwise derived from Customer鈥檚 use of the 吸湿视频 Materials as described in the applicable 吸湿视频 privacy polic(ies).
DATA PROCESSING
吸湿视频 will process any Personal Information that Customer includes in its use of the 吸湿视频 Materials (the 鈥Customer Personal Data鈥) on Customer鈥檚 behalf as a processor, and Customer shall be the controller of such data. Customer represents and warrants that it will not, and it shall not, send any Restricted Personal Information to 吸湿视频 or the 吸湿视频 Materials. With regard to Customer Personal Data, 吸湿视频 shall:
(a) process Customer Personal Data only in accordance with Customer鈥檚 documented instructions and not for 吸湿视频鈥檚 own purposes. If 吸湿视频 is required to process Customer Personal Data for any other purpose by a law to which 吸湿视频 is subject, 吸湿视频 shall inform Customer of this requirement before the processing, unless that law prohibits this on grounds of public interest;
(b) promptly notify Customer if it determines that it cannot comply with its data processing obligations under these Data Terms. In such event, 吸湿视频 shall work with Customer and take all reasonable and appropriate steps to remediate (if remediable) any processing until such time as the processing complies with the subject requirements. 吸湿视频 shall immediately cease processing Customer Personal Data if Customer determines 吸湿视频 has not or cannot correct any non-compliance with these processing requirements within a reasonable time frame;
(c) taking into account the nature of the processing, reasonably cooperate with Customer to respond to any requests, complaints, or other communications from data subjects and regulatory or judicial bodies relating to the processing of Personal Information under the Agreement, including requests from data subjects seeking to exercise their rights under Applicable Laws. In the event that any such request, complaint, or communication is made directly to 吸湿视频, 吸湿视频 shall promptly pass this onto Customer and shall not respond to such communication without Customer鈥檚 express authorization;
(d) taking into account the nature of the processing and the information available to 吸湿视频, reasonably assist Customer, at Customer鈥檚 cost, to ensure compliance with the obligations under the GDPR with respect to security, breach notifications, impact assessments, and consultations with supervisory authorities or regulators;
(e) upon termination of this Agreement or upon Customer鈥檚 request, destroy all Customer Personal Data (unless a law requires storage of the Customer Personal Data); and
(f) make available to Customer all information reasonably necessary to demonstrate compliance with the obligations laid down in these Data Terms and, upon prior written notice, and not more than once per calendar year, with 30 days鈥 written notice, contribute to audits, including inspections, conducted by Customer or an auditor mandated by Customer at Customer鈥檚 cost.
Customer acknowledges and agrees that 吸湿视频 may retain its Affiliates and other third parties as sub-processors (all together 鈥Sub-Processors鈥) in connection with the provision of the 吸湿视频 Materials. 吸湿视频 shall not subcontract any processing of Personal Information to a sub-Processor without the prior written consent of Customer. Notwithstanding this, Customer consents to 吸湿视频 engaging in Sub-Processors to process Personal Information provided that 吸湿视频:
(1) provides at least 30 days鈥 prior written notice to Customer of the engagement of any new Sub-Processor;
(2) imposes the same data protection obligations as are imposed on 吸湿视频 under this Agreement; and
(3) will be liable to Customer for any breach of these Data Terms that is caused by an act, error or omission of such Sub-Processor.
RESTRICTED TRANSFERS
The Parties agree that, when the transfer of Personal Information from Customer to 吸湿视频 is a Restricted Transfer, it shall be subject to the appropriate SCCs as follows:
(a) in relation to data that is protected by the GDPR, the EU SCCs will apply completed as follows:
1) Module Two will apply;
2) in Clause 7, the optional docking clause will apply;
3) in Clause 9, Option 2 will apply, and the time period for prior notice of subprocessor changes shall be done with 30 days鈥 prior written notice;
4) in Clause 11, the optional language will not apply;
5) in Clause 17, Option 1 will apply, and the EU SCCs will be governed by Irish law;
6) in Clause 18(b), disputes shall be resolved before the courts of Ireland;
7) Annex I of the EU SCCs shall be deemed completed with the information in Annex I below; and
8) Annex II of the EU SCCs shall be deemed completed with the information in Annex II below.
(b) in relation to data that is protected by the UK GDPR, the UK SCCs will apply completed as follows:
1) Appendix 1 of the UK SCCs shall be deemed completed with the information in Annex I below; and
2) Appendix 2 of the UK SCCs shall be deemed completed with the information in Annex II below.
(c) in the event that any provision of this Agreement contradicts, directly or indirectly, the Standard Contractual Clauses, the Standard Contractual Clauses shall prevail.
SECURITY
吸湿视频 maintains records in accordance with the Sarbanes-Oxley Act. 吸湿视频 will ensure that its personnel and subcontractors who have access to the Customer Personal Data have committed themselves to confidentiality and are aware of and comply with 吸湿视频鈥檚 duties and their personal duties and obligations under this Agreement.
吸湿视频 will maintain appropriate technical and organizational security measures to ensure a level of security appropriate to the risks that are presented by the processing of Customer Personal Data (鈥Security Measures鈥). Such measures shall have regard to the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for tA. DESCRIPTION OF TRANSFERhe rights and freedoms of natural persons. At a minimum, 吸湿视频 agrees to the following Security Measures (i) Personal Information is not changed while stored, transferred or otherwise processed, unless such change constitutes a functionality of the 吸湿视频 Services, and Customer has provided its acknowledgement thereof; (ii) Personal Information that is stored, transferred or otherwise processed is encrypted or kept in another equally secure format; (iii) the availability of and access to Personal Information can be ensured in a timely manner in the event of a physical or technical incident; (iv) a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing is in place; (v) logs are kept of all processing performed under the Agreement; and (vi) appropriate safeguards are in place to restrict and/or limit access to Personal Information to those employees who (a) have a strict need to know in order to perform the 吸湿视频 Services; (b) have been provided with appropriate training on the handling of Personal Information; and (c) have agreed to confidentiality obligations consistent with the terms herein.
In the event of a Security Incident, 吸湿视频 shall promptly (and in no event later than 48 hours of becoming aware of such Security Incident) inform Customer and provide written details of the Security Incident, including the type of data affected and the identity of affected person(s) as soon as such information becomes known or available to 吸湿视频, and take any measures and actions reasonably appropriate to remedy or mitigate the effects of a Security Incident.
CCPA
With respect to the Parties鈥 obligations under the California Consumer Privacy Act of 2018 (Title 1.81.5 of the Civil Code of the State of California), together with all effective regulations adopted thereunder the (鈥CCPA鈥) relating to a California consumer鈥檚 personal information or household, then (and with respect to such Personal Information): (a) 吸湿视频 is a 鈥渟ervice provider鈥 (as defined by CCPA); and Customer is and will be disclosing such Personal Information hereunder to 吸湿视频 for a 鈥渂usiness purpose鈥 (as defined by CCPA), and 吸湿视频 will process such Personal Information solely on behalf of Customer and only as necessary to perform such business purpose for Customer; and (b) 吸湿视频 will not: (i) 鈥渟ell鈥 (as defined by CCPA) Personal Information; or (ii) retain, use, or disclose Personal Information for any purpose (including a 鈥渃ommercial purpose鈥 (as defined by CCPA)) other than the specific purpose of performing services to Customer under this Agreement or outside of the direct business relationship between Customer and 吸湿视频. The Parties represent that they understand the restrictions set forth in this section and will comply with them, and, if directed by Customer with regard to a particular California 鈥渃onsumer鈥 (as defined by CCPA), 吸湿视频 will delete such consumer鈥檚 Personal Information.
Annex I
Data Processing Description
This Annex I forms part of the Agreement and describes the processing that 吸湿视频 (as the processor) will perform on behalf of Customer (as the controller).
A. DESCRIPTION OF TRANSFER
| Categories of data subjects whose personal data is transferred: | Visitors of online properties. (i.e., visitors to websites and CTV) |
| Categories of personal data transferred: | pseudonymous identifiers relating to consumer devices (including IP address, device identifiers, cookie identifiers); geo location data |
| Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures: | N/A |
| The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis): | Continuous |
| Nature of the processing: | Collection, storage, and dissemination of data to deliver digital advertisements on websites and other devices such as CTV |
| Purpose(s) of the data transfer and further processing: | The data processing activities consist of serving and tracking digital advertisements |
| The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period: | For as long as necessary for the purposes of the engagement |
| For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing: | N/A |
B. COMPETENT SUPERVISORY AUTHORITY
| Identify the competent supervisory authority/ies in accordance (e.g. in accordance with Clause 13 SCCs) | Where the EU GDPR applies, the Irish Data Protection Authority shall be the competent supervisory authority; where the UK GDPR applies, the UK Information Commissioner鈥檚 Office shall be the competent supervisory authority |
Annex II
Technical and Organizational Security Measures
Description of the technical and organizational measures implemented by 吸湿视频 as the processor to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons.
吸湿视频 has implemented the following security measures:
1. Systems Security.
(a) System Adequacy. 吸湿视频 has obtained and has configured, with no single points of failure, adequate hardware, software, power, and human capital redundancies to perform its security-related obligations under the Agreement in accordance with commercially reasonable practices. The operating system and software of 吸湿视频鈥檚 web server(s) and third-party platforms utilized to perform its obligations under the Agreement will be properly configured to commercially reasonable standards, including, but not limited to, disabling all unnecessary services, closing all known and published security deficiencies therein, and permitting access thereto only to authorized personnel, subject to password protection. All currently available security-related software patches for the operating system and software will be applied as soon as practicable (depending on the nature of the security flaw) but not later than thirty (30) days of the release of such patches; provided however if a patch negatively impacts the operating system or software or other systems of 吸湿视频, then 吸湿视频 shall as soon as commercially reasonable correct such security flaws.
(b) Firewall. 吸湿视频 has implemented and will maintain continuously throughout the Term of the Agreement firewall protection for all of 吸湿视频鈥檚 networks, databases, technology, platforms, and computer systems. 吸湿视频 will update such firewall software promptly after such updates become available, provided such updates do not negatively impact the firewall software. 吸湿视频 will periodically test such perimeter router and firewall devices for effectiveness. Without limiting the foregoing, 吸湿视频 will promptly report within 24 hours to Customer any known security deficiencies (whether arising from software, network, or facilities deficiencies) discovered by 吸湿视频 that may affect user information that is personally identifiable or sensitive and/or Confidential Information. 吸湿视频 will keep a log of all actions taken in response to security incidents related to the systems involved in performing 吸湿视频鈥檚 obligations under the Agreement. The log will be time and date stamped.
(c) Encryption. 吸湿视频 will encrypt or hash the passwords in password and username files for their networks, databases, platform, technology, and computer systems involved in performing the Agreement using commercially reasonable encryption levels.
(d) Passwords. 吸湿视频 will protect networks, databases, software, and computer systems involved in performing the Agreement with a user name and password system. 吸湿视频 also has two-factor authorization available on the 吸湿视频 Platform. Customer will be prompted to comply with 吸湿视频鈥檚 password policy when creating its account credentials. 吸湿视频 will, when possible, securely log (with time and date) those commands that require additional privileges, to enable a complete audit trail of activities. When individuals terminate their employment with 吸湿视频, their passwords and access to privileged password facilities will be terminated immediately.
(e) Accountability. 吸湿视频 will ensure that individual access and accountability controls are in place with respect to its employees who will have access to the networks, databases, software, technology, platform, Confidential Information, and computer systems involved in performing the Agreement.
(f) Archival Records. 吸湿视频 will daily (including weekends) create and maintain archival backups of all 吸湿视频 networks, databases, technology, platform, and software utilized to perform 吸湿视频鈥檚 obligations to Customer under the Agreement for the sole purpose of enabling restoration of these systems but not necessarily restoration of any user data stored on these systems. Archival backups will be stored on a secure server or on other secure media to which access is restricted only to employees of 吸湿视频 or authorized third parties on a need to know basis. 吸湿视频, with reasonable best efforts, will ensure business continuity during a Disaster (鈥Disaster鈥 to include, but not limited to: earthquake, flood, fire, storm or other natural disaster, act of God, civil disturbance or commotion, acts of terrorism, disruption of the public markets, war or armed conflict) with three primary objectives: 1) to identify and respond to Disasters; 2) to protect personnel and systems; and 3) to limit damage. 吸湿视频 is committed to resuming partial operations as soon as reasonably possible depending on the nature and severity of the Disaster.
(g) Maintenance. All networking, software, technology, the platform, and computer systems necessary to perform the Agreement will be maintained in good working order in accordance with commercially reasonable standards throughout the Term pursuant to hardware maintenance support available from trusted, reputable maintenance organizations.
(h) Disposal. 吸湿视频 will ensure that computer storage devices containing user information are not disposed of unless all such information has been or is to be completely obliterated or destroyed.
2. Security of Physical Premises. 吸湿视频 will limit access to its facilities related to its obligations under the Agreement throughout the Term to 吸湿视频鈥檚 employees, employee-accompanied visitors, and contractors using reasonable standard physical security methods. At a minimum, such methods will include restricted access key cards for 吸湿视频鈥檚 employees, limited access to server rooms and archival backups, and security cameras at key entry points.
3. Background Checks and Security Training. 吸湿视频 will conduct security background checks and verifications of employment, educational background, and references for all 吸湿视频 individuals and contractors involved who have access to personally identifiable information and/or Customer鈥檚 facilities/servers.
吸湿视频 will ensure ongoing awareness in information security and in the protection of information resources for all personnel of 吸湿视频 whose duties bring such 吸湿视频 personnel into contact with critical or sensitive information of the Customer or of end users, including 吸湿视频 IDs and passwords and Client IDs and passwords.
4. Confidentiality Agreements; Use of Subcontractors. Prior to commencing work for Customer, all individuals (employees, contractors, subcontractors, agents, etc.) performing work on behalf of 吸湿视频 pursuant to the Agreement will be required to agree to be bound by confidentiality agreements.
The parties acknowledge that security requirements change continuously and that effective security demands frequent evaluation and regular improvements of outdated security measures. 吸湿视频 will therefore continuously evaluate the security measures and update, supplement, and improve them as required.