Terms of Marketing Agreement – Seriously Ltd.
1. Definitions
Capitalized terms used but not otherwise defined in these Terms of Marketing Agreement are defined in the Insertion Order, attached hereto and incorporated herein by reference (these Terms of Agreement together with the Insertion Order collectively, the “Agreement”). In addition to any other terms defined herein, for purposes of this Agreement, the following terms shall have the meaning ascribed to them below:
- “Action” means any action linked to an Ad, including without limitation a registration to the Application, form submission, offer response, impressions, view of a video Ad, click on an Ad, purchase of coins, installation or downloading of the Application.
- “Ad” means material that (i) promotes a brand, product or service, and (ii) is provided by Seriously to Publisher for display on or in connection with the Applications, and shall include without limitation ad banners, badges, buttons, links and other interactive or promotional features.
- “Application” means any application, widget, game, and owned and/or operated by Seriously.
- “Confidential Information” means (i) the Ads and creative assets of Seriously, prior to publication; (ii) the terms and conditions of this Agreement; (iii) any statistics or other data relating to the Application; and (iv) any information provided by one party to the other party that is identified as confidential or can reasonably be regarded as confidential.
- “CPA” means cost per action and refers to the amount paid by Seriously for each specific Action that will be defined by Seriously. In target CPA campaigns Publisher shall not divert from the agreed target, any deviation of more than 10% of the agreed target, shall not be paid by Seriously.
- “CPC” means cost per click and refers to the amount paid by Seriously for each click on an Ad.
- “CPCV” means cost per completed view and refers to the amount paid by Seriously for each completed view of a video Ad.
- “CPE” means cost per engagement and refers to the amount paid by Seriously for each specific ‘engagement’, as shall be defined by Seriously. For example, ‘engagement’ shall mean purchase of in-app virtual goods, such as virtual coins. In this case, if any chargebacks or refunds are made by a User, Seriously shall not pay Publisher for such engagement.
- “CPI” means cost per install and refers to the amount paid by Seriously for each install of the Application followed by registration to the Application and playing the game in the Application. If any of the above actions is not made by a User, Seriously shall not pay to Publisher for such install. In target CPI campaigns Publisher shall not divert from the agreed target, any deviation of more than 10% of the agreed target, shall not be paid by Seriously.
- “CPM” means cost per mille and refers to the amount paid by Seriously for one thousand (1,000) impressions of an Ad. It is agreed that the Publisher shall guarantee the number of impressions set forth in the Insertion Order or otherwise agreed by the parties.
- “End Date” means the date set forth in the Insertion Order.
- “Data Protection Laws” means the General Data Protection Regulation (EU 2016/679) (“GDPR”) and any legislation which amends, re-enacts or replaces it in an EEA member state; and at all times, any other data protection laws and regulations applicable.
- “Data Subjects” shall have the meanings given to this term in the Data Protection Laws.
- “EEA” means the European Economic Area.
- “Personal Data” shall have the meanings given to those terms in the Data Protection Laws.
- “Personally Identifiable Information” shall mean any data or other information that can be used to identify, contact or locate a natural person, including but not limited to a natural person’s name, address, telephone number, e-mail address, or social security number.
- “Seriously” also refers to its affiliates, which shall mean subsidiaries, parent companies, joint ventures and other corporate entities under common ownership.
- “Start Date” means the date set forth in the Insertion Order.
- “Tag” means any HTML code known as an action tag, web beacon, pixel or cookie provided to Publisher by Seriously for use in delivering Ads hereunder.
- “Users” means Internet or mobile or wireless device users who made a session in an Application.
- “User’s Data” means any and all information and data regarding Seriously’s Users which may be generated and available as a result of the Agreement or any campaign hereunder, including without limitation, UDIDs (unique device identifiers), MAC addresses, OpenUDIDs, IDFA, GAID, Advertising ID, AIS, IP addresses (and all related location data collected from an IP address), social network or third party service user identification number, profile picture, state, country, city, postal code, email addresses, physical addresses, telephone number, names, gender, date of birth, age, demographic data, location data, GPS data, behavioural data, IMEI, device data (e.g., OS version, type of device), inventory, and other application usage, viewership, game history, purchase history, monetary and engagement data, any conversion, tracking, targeting, installations and technical related information regarding actions of Users on the Application(s).
- “$” shall mean United States currency.
2. Scope of Services
- Publisher Access to the Ads. Pursuant to the terms and conditions contained in this Agreement, Seriously agrees to provide Publisher all the required Ad materials.
- Publisher Access to Reporting Information. Seriously will provide Publisher, upon Publisher’s request, with summary report of number of completed Actions performed by Users (including without limitation, such as clicks, and installations information which is required to calculate payments to Publisher in accordance with the Insertion Order) and other activity as Seriously may determine from time to time. If any additional information and parameters are requested by Publisher from Seriously’s reporting system, Publisher shall notify Seriously accordingly, and shall not request such information directly from Seriously’s reporting system. The provision of any such additional information shall be subject to Seriously’s prior written consent, which consent shall be within Seriously sole and absolute discretion. The Publisher acknowledges that the reports are estimated and may be updated prior to actual payment to Publisher. This report shall be deemed accurate and acceptable by Publisher and shall prevail over any other report in case of discrepancy. In case of possible discrepancy, it will be mutually resolved. The final payment paid to Publisher will be based on the report and shall be conclusive.
- Services. Seriously reserves the right to improve, modify, remove, suspend, or discontinue, temporarily or permanently, in whole or in part, the Ads or any data, information, content, software, technology, or features appearing on and/or offered through the Application at its sole discretion at any time. In the event that Publisher breaches any of its obligations set forth in Section 3 of these Terms of Agreement or any of its representations and warranties in this Agreement, Seriously may suspend or cancel all or any part of the services provided to Publisher under this Agreement.
3. Publisher Obligations and Materials
- As of the approved Start Date as indicated in the Insertion Order, Publisher shall commence advertising Ads in accordance with the terms of this Agreement and any placement requirements and reasonable technical specifications provided by Seriously to Publisher in writing in the Insertion Order or in the correspondence between the parties. Publisher may receive access to Seriously’s FTP servers for obtaining Seriously’s Ad material and creative assets if Seriously determines to afford such access. Otherwise, Seriously shall determine an alternate means of provision. Publisher shall not allow access to Seriously’s servers and shall not use Seriously’s Ad material and creative assets for any other purpose other than as set forth herein, without Seriously’s prior written consent. Publisher shall not modify the display, order, look and feel, or other attributes of the Ads. Creation of new Ads by Publisher and/or any change made by the Publisher in the Ads provided by us must be approved by Seriously, in advance, and in writing prior to launching of the campaign, and any such changes and creative shall be the sole property of Seriously and all rights, title and interest, including all intellectual property rights therein will remain with Seriously. Without limiting the generality of the foregoing, Publisher shall use the Tags provided by Seriously to deliver all Ads hereunder. In addition, Publisher shall be responsible and shall bear the costs related to the proper display of the Ads on its app(s) and/or website(s) according to Seriously’s display instructions, including but not limited to any costs required for the implementation of such display instructions (if any).
- Publisher shall cooperate with Seriously in good faith, on an ongoing basis, to display Ads.
- Publisher understands and agrees that if Ads are not correctly displayed and/or display in offensive sites or are not displayed by by Publisher as contemplated herein, Publisher shall be responsible for any such errors.
- Publisher agrees that any content displayed on or in connection with the Applications by Publisher (if any) shall not be false, deceptive, misleading, obscene, libelous, defamatory, illegal, violent, bigoted, hate-oriented or unethical, and shall not contain any viruses, trojan horses, worms, time bombs, cancel bots or other computer code or programming routines that are intended to damage, disable, interfere with, permit unauthorized access to, surreptitiously intercept or expropriate any system, data, software or personal information.
- Publisher shall comply with all applicable laws, rules and regulations, inter alia, any publicity or privacy laws, data protection laws, false advertising laws, propriety laws, intellectual property laws and all laws and regulations that may apply to Internet advertising, including, but not limited to the Children’s Online Privacy Protection Act, the Can-Spam Act of 2003, the Federal Trade Commission Act and the Digital Millennium Copyright Act., including by posting a privacy policy on its app(s) or website(s). Such privacy policy shall: (1) comply with all laws and regulations regarding the privacy of its users’ private information; and (2) fully and accurately disclose its policy regarding the collection, use and disclosure of users’ private information.
- Publisher undertakes to provide Seriously with written daily reports, detailing the accurate spend data of each campaign and breakdown of daily spend per platform, or shall make such information available to Seriously by providing Seriously access to Publisher’s dashboard or via AppsFlyer link. Delivery of such reports and information or provision of access to such information by Publisher shall be a condition to payment to Publisher.
- Publisher may not re-broker traffic and/or subcontract its services and obligations hereunder to any third party without the prior written consent of Seriously. Publisher hereby undertakes and represents that in case it uses any third party as sub-contractor for the provision of the services hereunder, subject to Seriously’s prior written consent, Publisher’s sub-contractors/affiliates shall be bound by similar undertakings as the Publisher, and the Publisher shall inform them of their obligations under this Agreement. Publisher shall be solely liable for all the obligations to Seriously under this Agreement and Seriously shall have no liability of any kind vis a vis Publisher’s sub-contractors/affiliates.
- Publisher shall not, and shall not authorize, allow or encourage any third party to:
- edit, modify, filter, re-order, or change the order of the content or information contained in any Ad or Tag, or remove, obscure or minimize any Ad in any way;
- redirect a User away from any Seriously’s Application, provide a version of Seriously’s Application that is different from the Application a User would access by going directly to Seriously’s Application, intersperse any content between the Ad and Seriously’s Application, or otherwise provide anything other than a direct link from an Ad to Seriously’s Application;
- directly or indirectly access, launch, and/or activate Ads through or from, or otherwise incorporate the Ads in, any software application, Application, or other means other than on or in connection with the Applications, and then only to the extent expressly permitted by this Agreement;
- run “robots”, “crawl,” “spiders,” index or in any non-transitory manner store or cache information obtained from any Ads or Actions, or any part, copy, or derivative thereto;
- use any means to increase artificially the number of views, engagements, installs, impressions or clicks available including, but not limited to, encouraging Users to click on Ads with offers of cash, prizes or anything else of value in exchange for services;
- send spam or unsolicited emails, notifications, invites or use any other broadcasting mechanism mentioning or promoting an Ad. Publisher acknowledges that any violation or attempted violation of any of the foregoing is a material breach of this Agreement;
- breach of any applicable terms, guidelines, agreements and/or any policies of the advertising platforms of Facebook, Apple, Google Android and Amazon Android with respect to Publisher’s performance under this Agreement, all with respect to both mobile and internet;
- directly or indirectly mislead or falsely encourage Users to complete Actions, using incentives which were not previously approved by Seriously or mislead Users to think the Application is a different kind of game or Application other than that which it is, e.g., false claims that the Application offers redemption or cash out for “real world” money, goods, or any other item of monetary value from Seriously;
- advertise or link the Application to any apps, websites or content containing any copyright infringements, firearm, drugs, alcohol, tobacco, pornography, gambling, hate speech or any other content which Seriously reasonably deems objectionable or promote illegal goods, services or activities or or link to any of the foregoing;
- transfer any of Seriously’s Confidential information to any third party, including without limitation, Seriously’s competitors, except to the extent disclosure of Confidential Information is permitted under this Agreement.
- use Seriously’s name or logo for marketing, promotional or any other purposes of Publisher without Seriously’s prior written consent.
- collect, use, disclose, share, analyze or store any of the User’s Data for any purpose, other than for the performance of its obligations under the Agreement and only during the term of this Agreement.
- exceed the budget set forth in each Insertion Order without the prior written authorization of Seriously. Any unauthorized deviation from the agreed budget shall not be paid by Seriously. The budget shall be paced evenly during the campaign period set forth in each Insertion Order unless otherwise agreed in an IO.
- market, publish or advertise the Application in apps or websites designated to minors. Ads should reach a demographic base where the majority is expected to be over the age of 13. All creative materials used by the Publisher for advertising the Applications shall not contain any themes that have primary appeal to those under 13, or use any actors in the ads under the age of 21.
Publisher shall be responsible to comply with all the above mentioned restrictions and any breach shall be deemed a material breach of this Agreement which shall result in termination of the Agreement, non-payment to the Publisher and remedies for any such breach shall include, but not be limited to, reimbursement to Seriously of any damages caused to Seriously resulting directly or indirectly therefrom and any other remedy by law which Seriously may exercise in its sole discretion.
4. Proprietary Rights
- Subject to the terms and conditions of this Agreement, Seriously hereby grants Publisher a limited, personal, non-exclusive, revocable, non-sublicensable, non-transferable, non-perpetual license during the term of this Agreement to display Ads on or in connection with the Applications. Publisher will not copy (except for any copying inherent in, or required to conduct, the permitted display activities hereunder which limited copying is included in the license to display hereunder), modify, create derivative works of, distribute, or otherwise provide or re-syndicate the Ads.
- As between Seriously and Publisher, Seriously, its licensors, as applicable, own and retain all rights, title, and interest in and to the Application and the Ads. Publisher acknowledges that the Application is copyrighted by Seriously and a trade secret of Seriously. Except as expressly stated herein, Seriously does not grant to Publisher any license, express or implied, to the Application or any other right, title, or interest to any intellectual property. Any rights not expressly granted herein are deemed withheld. Publisher agrees not to copy, alter, modify, or create derivative works of the Ads in any way that violates the terms and conditions of this Agreement.
5. Payment
In consideration for providing its services and performing all its other obligations under the Agreement (including without limitation, in case of pre-paid or fixed price campaigns, completion of all agreed terms and conditions by Publisher, subject to Seriously’s full satisfaction), Seriously shall pay the Publisher the agreed consideration detailed in the Insertion Order. The Publisher shall provide Seriously an invoice showing the amounts owed to Publisher based on the applicable payment terms in the Insertion Order and the applicable data for such month. Each invoice shall include the applicable name of application and/or Seriously’s studio, the name of applicable platform and breakdown of entire activity per platform in such month. In the event that Publisher provides its services to multiple studios of Seriously, Publisher shall deliver a separate invoice to each studio for its applicable activity. Publisher shall deliver the invoice to Publisher’s direct account manager in Seriously and to Seriously’s financial contact person, pursuant to the email addresses detailed in the Insertion Order, on the first week of each month for the amounts due for the previous month. Seriously shall pay Publisher the payments within forty-five (45) days following the end of every calendar month. Seriously shall not be responsible for any delays in payments caused by non-receipt of invoice by Seriously, incorrect banking information or other incorrect information supplied by Publisher which affects processing. Delay in delivery of invoice will cause delay in payment of such invoice by Seriously. If any of Publisher’s invoices are not received by Seriously within six (6) months of the end of the calendar month when due, Seriously will no longer have any obligation to honor those invoices and Seriously will be released and discharged from any liability in connection therewith, unless Publisher can show that failure to submit an invoice timely was due to an isolated billing error. In the event that the payment is made in different currency than set forth in the IO, the exchange rate shall be according to the representative exchange rate of the Helsingin OP Pankii Oyj bank on the last day of the calendar month in which the services were provided to Seriously.
Leads, sales, campaign costs and Actions shall be counted via Seriously’s reporting system. In the event of discrepancy of more than 10% between Seriously’s reporting system and Seriously’s database, such Actions will be counted and based on Seriously’s database. Notwithstanding anything else to the contrary set forth in this Agreement, Seriously shall have no obligation to pay Publisher any payments with respect to (i) amounts generated based on Publisher’s breach of this Agreement, (ii) amounts generated based on Publisher’s breach of any terms, guidelines, agreements and/or any policies of the advertising platforms of Facebook, Apple, Goggle Android and Amazon Android, all with respect to both mobile and internet, (iii) any duplicate postbacks originated from any technical errors in Publisher and/or any third party’s database, (iv) any fraudulent payments from Users or any fraudulent or invalid Actions or any fraudulent or invalid clicks or impressions on any Ads generated by any person, either, bot, automated program or similar device in connection with any Ads provided by Seriously, as reasonably determined by Seriously, including, without limitation, any Actions, clicks or impressions (A) originating from Publisher’s IP addresses or computers under Publisher’s control, (B) solicited by payment of money, the exchange of goods or services, false representation, or request or incentive for Users to click on Ads, or any illegal or otherwise invalid request for Users to complete Actions, (C) pursuant to which Users were directly or indirectly misled or falsely encouraged to complete Actions, including without limitation making it seem that a User is completing an Action other than the Action actually being offered or requesting chargeback or refund immediately following performance of an in-app purchase, (D) pursuant to which a User provided false or misleading personal data or Facebook account, (E) pursuant to unqualified traffic which was purchased from a third party by the Publisher. Seriously may withhold a relevant portion of any Payment from Publisher to offset any portion of any Payment previously received by Publisher in respect of any matter under Section 5(b) above. Publisher understands that this may reduce the Payment owed to Publisher.
Publisher understands and agrees that Seriously may offset from any Payment any amount owed by Publisher, or any parent, subsidiary, or affiliate of Publisher, to Seriously or any parent or subsidiary company of Seriously.
Payments under this Agreement shall be made in U.S. Dollars.
All payments due to Publisher under the Agreement are exclusive of taxes and other governmental charges including but not limited to VAT (if applicable) that Seriously is required to pay, collect or withhold (the “Taxes”). Publisher shall be responsible for payment of all Taxes and any related interest and penalties (if any) resulting from payments made hereunder to Publisher (excluding Taxes based on Seriously’s income) and Seriously shall be entitled to withhold such amounts if required under applicable law.
6. Compliance with Laws
Both parties shall comply with all applicable local, state, national and international laws, rules and regulations relating to their performance of this Agreement, including without limitation with respect to Publisher any laws regarding the transmission of technical data exported from Publisher’s country of residence and any relevant data protection or privacy laws.
7. Term & Termination
- This Agreement commences on the Start Date and continues until the End Date, or, if no such Start Date and End Date are specified on the Insertion Order, this Agreement shall commence on the date of execution of the Insertion Order and continue for a period of one (1) month thereafter (the “Term”), unless terminated earlier pursuant to the terms hereof or unless either party provides the other with written notice of cancellation which must be received by the other party at least twenty-four (24) hours prior to the end of the Term (and this Agreement and any applicable campaign shall terminate twenty-four hours after the delivery of any such notice of cancellation, regardless if the other party has responded to the termination notice). It is hereby clarified that Seriously shall not be obligated to pay for any installs made following the termination notice, even if the reporting system continues to count such new installs.
- Termination for Breach. If either party is in material breach of any provision of this Agreement and such breach is not cured within one (1) hour after written notice is given to the breaching party, or, with respect to those breaches that cannot reasonably be cured, the non-breaching party may, by giving written notice thereof to the breaching party, terminate this Agreement immediately upon notice to the breaching party.
- Other Termination. Either party may suspend performance of and/or terminate this Agreement if the other party becomes insolvent, bankrupt, enters into liquidation, whether voluntary or involuntary, or makes any assignment for the benefit of creditors or similar transfer evidencing insolvency.
- Effect of Termination. The terms and conditions of Sections 1, 4(b), 5(b), 5(c), 5(d), 7(d), and 8 through 13 of these Terms of Agreement shall survive any termination or expiration of this Agreement.
8. Confidentiality
Neither party will use or disclose any Confidential Information of the other party except as specifically contemplated herein. Each party shall maintain the confidentiality of the Confidential Information of the other party and shall take precautions to prevent the unauthorized disclosure or use of the Confidential Information of the other party, except to its employees with a need to know such information for the purposes of the performance of any campaign hereunder, and provided that they are bound by similar confidentiality undertakings and Publisher shall inform them of their obligations under this Agreement with respect to the Confidential Information. The obligations of this clause shall not apply to: (a) any information required to be disclosed pursuant to an order of a court of competent jurisdiction or by applicable law or regulation, provided however: that (i) such disclosure is made only to the extent and solely to the recipient legally required; and (ii) the receiving party provides the disclosing party with adequate prior written notice of such legal requirement and with the opportunity to oppose the disclosure or obtain a protective order, (b) to information that is now or subsequently becomes generally available through no act of omission of the receiving party, (c) to information that is known to the receiving party at the time of disclosure without obligation to maintain its confidentiality, as evidenced by written documents or records, (d) to information provided to the receiving party by a third party without restriction as to its use or disclosure, or (e) to information independently developed by the receiving party, its officers, employees, agents, or contractors, as evidenced by written documents or records. Publisher agrees and acknowledges that Seriously Confidential Information includes, but is not limited to, User’s Data, marketing and sale strategy, plans and methods, prices, pricing methods, payments, Insertion Order details, performance data, User’s Action, information regarding any campaign and information gathered as a result of the campaign, any and all reports provided to Seriously, and reports provided by Seriously or any third party on its behalf. Publisher’s obligations of confidentiality under the Agreement shall not expire and shall survive the termination of the Agreement or of any campaign hereunder. Notwithstanding anything to the contrary herein, Seriously may use, analyze, store, transfer, disclose and share with third parties and parties under common control User’s Data it receives, collects, infers, derives or obtains from Publisher for purposes of calculating conversions, targeting, repurposing, redirecting, analyzing, creating profiles, and other internal business purposes of Seriously.
9. Representations and Warranties
- Publisher hereby represents and warrants to Seriously that Publisher: (i) shall not at any time , disclose or use any Personally Identifiable Information or any other information or data if the provision or use of such information or data violates any applicable law or regulation or the privacy policy of Seriously, Publisher or any third party; (ii) do not violate any applicable terms, guidelines, agreements or policies of applicable advertising platforms, of Facebook, Google Android or Seriously’s own privacy policies; and (iii) has obtained and shall maintain throughout the term of this Agreement all necessary licenses, authorizations, approvals and consents to enter into and perform its obligations hereunder in compliance with all applicable laws, rules and regulations.
- Publisher hereby represents, warrants and undertakes to Seriously that it shall: (i) only process Personal Data according to the provisions set out in the Data Processing Addendum attached hereto in Schedule 9.b.(i), and only as necessary to provide the services or otherwise in accordance with Seriously’s documented instructions, (ii) take all necessary actions and provide all reasonable assistance necessary for Seriously to comply with its obligations under the Data Protection Laws in relation to Data Subjects’ rights, (iii) transfer Personal Data to such third party subcontractor(s) only for purpose which is directly linked to the purposes the Services, and only under the obligations of this Agreement, (iv) not use any illegal ways or databases to collect or process Personal Data, and (v) Comply with the security standards requirements of Seriously set forth in Schedule 9.b.(v).
- Seriously hereby represents and warrants to Publisher that to the best of its knowledge that: (i) the Ads and other materials or information provided by Seriously to Publisher hereunder (A) are not false, deceptive, obscene, defamatory, pornographic or violent (B) do not contain any viruses, malware, Trojan horses, worms or similar harmful items, and (C) do not violate any applicable terms, guidelines, agreements or policies of applicable advertising platforms, of Facebook, Google Android or Seriously’s own privacy policies; and (ii) Seriously shall make best efforts to obtain throughout the term of this Agreement all necessary licenses, authorizations, approvals and consents to enter into and perform its obligations hereunder in compliance with all applicable laws, rules and regulations.
- Each of Publisher and Seriously hereby represents and warrants to the other that: (i) it has the full right, power, legal capacity, and authority to enter into, deliver and fully perform under this Agreement, and (ii) neither the execution, delivery, nor performance of this Agreement will result in a violation or breach of any contract, agreement, order, judgment, decree, rule, regulation or law to which it is bound.
- Without derogating from the above, Publishers that run their app or website on/through Facebook Platform (the “Facebook Publishers”) hereby represent and warrants that they strictly comply and shall strictly comply with all applicable Facebook rules, polices, programs and guidelines for developers, as may be amended by Facebook from time to time, inter alia: (i) Facebook Platform Polices set forth at https://developers.facebook.com/policy; (i) Facebook policies regarding the transfer and/or use of any data received from Facebook, including through use of the Facebook Platform (API, Social Plugins, etc.), whether aggregate, anonymous or derivative data and including user data or Facebook User IDs (the “Facebook Data”). Any Facebook Data (i.e. Unique User ID’s) that is transferred to Seriously by a Facebook Publisher must be encrypted/hashed according to Facebook requirements; and (ii) Facebook Polices Regarding methods for rewarding users with virtual currency or virtual goods as set forth https://www.facebook.com/help/212590022095343. Seriously shall have no responsibility for the Facebook Publishers’ compliance with the foregoing polices.
- Without derogating from the above, Publishers that run their app or website on/through Google Platform (the “Android Publishers”) hereby represent and warrants that they strictly comply and shall strictly comply with all applicable Google rules, polices and guidelines, as may be amended by Google from time to time, inter alia, Google Platform Polices set forth at https://developer.android.com/legal.html, including without limitations, developer program, content, advertising, distribution through Google Play, data use policies and policies regarding the rewarding of users with virtual currency or virtual goods or in app purchases. Seriously shall have no responsibility for the Android Publishers’ compliance with the foregoing polices.
- Without derogating from the above, Publishers that run their app or website on/through Apple Platform (the “Apple Publishers”) hereby represent and warrants that they strictly comply and shall strictly comply with all applicable Apple’s rules, polices, programs and guidelines, as may be amended by Apple from time to time, inter alia, Apple’s developer program policy and license, content policies, advertising policies, distribution through Apple store policies, data use policies and policies regarding the rewarding of users with virtual currency or virtual goods or In App purchases. Seriously shall have no responsibility for the Apple Publishers’ compliance with the foregoing polices.
- Without derogating from the above, Publishers that run their app or website on/through Amazon Platform (the “Amazon Publishers”) hereby represent and warrants that they strictly comply and shall strictly comply with all applicable Amazon’s rules, polices, programs and guidelines, as may be amended by Amazon from time to time, inter alia, Amazon’s developer program policy and license, content policies, advertising policies, distribution through Amazon store policies, data use policies and policies regarding the rewarding of users with virtual currency or virtual goods or In App purchases. Seriously shall have no responsibility for the Amazon Publishers’ compliance with the foregoing polices.
- Without derogating from the above, Publishers that run their app or website on/through Windows Platform (the “Windows Publishers”) hereby represent and warrants that they strictly comply and shall strictly comply with all applicable Windows’ rules, polices, programs and guidelines, as may be amended by Windows from time to time, inter alia, Windows’ developer program policy and license, content policies, advertising policies, distribution through Windows store policies, data use policies and policies regarding the rewarding of users with virtual currency or virtual goods or In App purchases. Seriously shall have no responsibility for the Windows Publishers’ compliance with the foregoing polices.
- Without derogating from the above, Publishers that run their app or website on/through Yahoo Platform (the “Yahoo Publishers”) hereby represent and warrants that they strictly comply and shall strictly comply with all applicable Yahoo’s rules, polices, programs and guidelines, as may be amended by Yahoo from time to time, inter alia, Yahoo’s developer program policy and license, content policies, advertising policies, distribution through Yahoo store policies, data use policies and policies regarding the rewarding of users with virtual currency or virtual goods or In App purchases. Seriously shall have no responsibility for the Yahoo Publishers’ compliance with the foregoing polices.
10. Indemnification
Publisher shall indemnify, defend, and hold harmless Seriously, its parent and subsidiary companies (including representatives, successors and permitted assigns thereof) from and against any and all third party claims, losses, expenses, damages, liabilities and costs, including reasonable attorneys’ fees, arising out of or relating to (i) the violation of any patent, copyright, trademark, trade secret or other intellectual property or proprietary right of a third party; (ii) any slander, libel, or defamation contained on or within the advertising channels; (iii) violation of any applicable laws, rules and regulations by the Publisher; (iv) any breach of a representation, warranty or covenant of Publisher contained in this Agreement; and (v) Publisher’s use of the Ads, in a manner not contemplated by this Agreement.
At the request of Publisher, Seriously will defend (or settle), indemnify and hold Publisher, its affiliates, officers, directors and employees harmless, from and against any liabilities, losses, damages and expenses, including court costs and reasonable attorneys’ fees, finally awarded against Publisher by a court of competent jurisdiction or as part of a settlement for the benefit of a third party, arising out of or in connection with any claim that Ad materials provided by Seriously and used by Publisher in a manner approved by Seriously in accordance with the terms of this Agreement violate the intellectual property rights of a third party; provided that (i) Seriously is given prompt notice of any such claim; (ii) Publisher provides reasonable cooperation to Seriously in the defense and settlement of such claim, at Seriously’s expense; and (iii) Seriously is given sole authority to defend or settle the claim; (iv) Publisher may not adjust, settle or compromise any claim brought against the Publisher for which the indemnity set forth herein is sought without the prior written consent of Seriously.
11. Disclaimer
EXCEPT AS MAY BE EXPRESSLY STATED IN THIS AGREEMENT, NEITHER PARTY MAKES ANY, AND HEREBY DISCLAIMS ALL, WARRANTIES OF ANY KIND, (INCLUDING WITHOUT LIMITATION WITH RESPECT TO THE SERVICES PROVIDED OR THE APPLICATION), WHETHER EXPRESS OR IMPLIED, ORAL OR WRITTEN, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR TITLE AND ANY WARRANTY OR CONDITION ARISING FROM ANY COURSE OF DEALING, COURSE OF PERFORMANCE, OR USAGE IN THE INDUSTRY. NEITHER PARTY MAKES ANY GUARANTEE REGARDING THE VOLUME NOR TIMING OF ACTIONS IN CONNECTION WITH THE SERVICES PROVIDED UNDER THIS AGREEMENT OR THE APPLICATION. NEITHER PARTY WARRANTS THE RESULTS OF THE SERVICES PROVIDED UNDER THIS AGREEMENT OR THE APPLICATION, INCLUDING, WITHOUT LIMITATION, THE RESULTS OF ANY AD CAMPAIGN, THE NUMBER, TIMING OR COMPLETION OF INSTALLS, ACTIONS, CLICKS OR IMPRESSIONS, OR THE TOTAL AMOUNT OF ANY PAYMENT TO BE MADE TO PUBLISHER UNDER THIS AGREEMENT. NEITHER PARTY WARRANTS THAT ITS APPLICATION OR SERVICES PROVIDED BY SUCH PARTY OR APPLICATION(S) ARE ERROR-FREE OR THAT THE OTHER PARTY OR ANYONE ELSE WILL BE ABLE TO OPERATE THE APPLICATIONS OR RECEIVE THE SERVICES WITHOUT PROBLEMS OR INTERRUPTIONS.
12. Limitation of Liability
- PUBLISHER ACKNOWLEDGES AND AGREES THAT ADS MAY APPEAR IN THIRD PARTY APPLICATIONS OR SERIOUSLY’S APPLICATIONS MAY INCLUDE ADS OF THIRD PARTIES AND THAT SERIOUSLY HAS NO CONTROL OVER (AND IS MERELY A PASSIVE CONDUIT WITH RESPECT TO) THIRD PARTY APPLICATIONS OR ADS AND RESOURCES. SERIOUSLY IS NOT RESPONSIBLE FOR THE AVAILABILITY OF SUCH THIRD PARTY APPLICATIONS OR RESOURCES AND DOES NOT ENDORSE AND IS NOT RESPONSIBLE OR LIABLE FOR ANY CONTENT, ADVERTISING, PRODUCTS, OR OTHER MATERIALS ON OR AVAILABLE FROM SUCH THIRD PARTY APPLICATIONS OR RESOURCES. PUBLISHER ACKNOWLEDGES AND AGREES THAT SERIOUSLY SHALL HAVE NO RESPONSIBILITY OR LIABILITY WHATSOEVER FOR ANY DAMAGE OR LOSS CAUSED OR ALLEGED TO BE CAUSED BY OR IN CONNECTION WITH USE OF OR RELIANCE ON ANY THIRD PARTY CONTENT, GOODS OR SERVICES AVAILABLE ON OR THROUGH ANY SUCH THIRD PARTY APPLICATION OR RESOURCE. PUBLISHER SHALL BE LIABLE AND SHALL NOT ADVERTISE IN ANY APPLICATION THAT IT KNOWS TO BE FALSE, DECEPTIVE, MISLEADING, UNLAWFUL OR FRAUDULENT, OR THAT WOULD BE CONSIDERED TO BE DEFAMATORY, HATE SPEECH, HARASSING, ABUSIVE OR OBSCENE USING A REASONABLE PERSON STANDARD.
- EXCEPT FOR A PARTY’S INDEMNIFICATION OBLIGATIONS WITH RESPECT TO THIRD PARTY CLAIMS UNDER SECTION 10 ABOVE OR A PARTY’S BREACH OF ITS CONFIDENTIALITY OBLIGATIONS UNDER SECTION 8 ABOVE, IN NO EVENT SHALL EITHER SERIOUSLY OR PUBLISHER, THEIR AFFILIATES, OR THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES OR AGENTS, OR PUBLISHERS BE LIABLE TO THE OTHER FOR ANY SPECIAL, INDIRECT, RELIANCE, INCIDENTAL, PUNITIVE OR CONSEQUENTIAL DAMAGES OF ANY KIND, LOST PROFITS OR LOST REVENUE, WHETHER ARISING IN CONTRACT, TORT (INCLUDING NEGLIGENCE) OR OTHERWISE, EVEN IF SUCH DAMAGES ARE FORESEEABLE OR SERIOUSLY, THEIR AFFILIATES, OR THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES OR AGENTS, OR PUBLISHERS HAVE BEEN NOTIFIED OR HAVE CONSTRUCTIVE KNOWLEDGE OF THE POSSIBILITY OF THEREOF.
- IN THE EVENT THAT A PARTY IS HELD LIABLE FOR ANY REASON UNDER THIS AGREEMENT, THE AGGREGATE LIABILITY OF EITHER SERIOUSLY OR PUBLISHER, THEIR AFFILIATES, AND THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES AND AGENTS, FOR ALL CLAIMS ARISING UNDER THIS AGREEMENT (WHEN AGGREGATED WITH SUCH PARTY’S LIABILITY FOR OTHER CLAIMS ARISING OUT OF THIS AGREEMENT, BUT EXCLUDING – AND THE LIMITS IN THIS SUBSECTION (c) SHALL NOT APPLY TO — INDEMNIFICATION OBLIGATIONS WITH RESPECT TO THIRD PARTY CLAIMS UNDER SECTION 10 OR CONFIDENTIALITY OBLIGATIONS UNDER SECTION 8 OF THIS AGREEMENT SHALL BE LIMITED TO SUCH PARTY’S PAYMENT DERIVED FROM THE APPLICATIONS UNDER THIS AGREEMENT, AS WELL AS ANY PAYMENTS DUE OR PAYABLE TO PUBLISHER UNDER SECTION 5 ABOVE, DURING THE SIX (6) MONTH PERIOD PRECEDING THE EVENT OR CIRCUMSTANCES GIVING RISE TO SUCH LIABILITY.
- NOTWITHSTANDING THE FOREGOING, THE EXCLUSIONS AND LIMITATIONS OF LIABILITY OF THIS SECTION 12 SHALL NOT APPLY TO PUBLISHER’S BREACH OF SECTION 3(E) OF THIS AGREEMENT.
13. General Provisions
- Notices. All notices under this Agreement shall be in writing and shall be properly addressed to the parties at the addresses set forth in the Insertion Order or at such other addresses as either party may later designate in writing. All notices shall be given by personal delivery, facsimile with a written confirmation mailed on the same day, United States [or other Governmental] first class mail, postage prepaid, return receipt requested, or overnight courier. Any such notice shall be deemed delivered upon the earlier of actual receipt or three (3) days after deposit of such notice. In the case of notice to Seriously, a copy shall be sent to the attention of Legal Department at Seriously Digital Entertainment, Inc., 1351 Fourth Street, Santa Monica, CA 90401
- Force Majeure. Neither party will be liable to the other for any failure of performance under this Agreement (other than the obligation to make payments under this Agreement) due to acts of God; acts of the public enemy; strikes, lockouts, or other industrial disturbances; fires, floods, storms, droughts, or weather conditions; war, riots or terrorist acts; or, without limitation by enumeration, any other cause beyond the reasonable control of such party; provided, however, that such party shall promptly and diligently take such action as may be necessary and practicable under the then-existing circumstances to remove the cause of failure and resume performance at the earliest reasonable time and shall further give notice of such circumstance to the other party as soon as practicable. If any event of force majeure continues for more than sixty (60) consecutive days, the party not affected by such event of force majeure shall have the option to terminate this Agreement upon ten (10) days written notice to the other party.
- Relationship of the Parties. Seriously and Publisher enter into this Agreement as independent contractors, and neither Seriously nor Publisher shall be or construed to be a partner, joint venture or employee of the other. Successors and Assigns. This Agreement shall be binding upon the successors and assigns of the parties, provided that neither party may not assign this Agreement without the prior written consent of the other party, which will not be unreasonably withheld. Notwithstanding the foregoing, either party may assign this Agreement without consent (i) to a parent or a majority-owned subsidiary company of such party, or (ii) pursuant to a merger, acquisition, amalgamation, consolidation or other corporate reorganization, or the sale of all or substantially all of its business or assets. Any assignment or attempted assignment in contravention of this provision shall be null and void.
- Jurisdiction and Venue; Enforcement. This Agreement shall be construed under the laws of the state of California, United States, without regard to its conflict of laws rules, and each party agrees that any judicial proceeding brought to enforce any provision of this Agreement or to recover damages for its breach shall be brought exclusively in the Los Angeles County courts and the parties respectively waive any objections to jurisdiction or venue of such court. The defending party shall be entitled to all reasonable attorneys’ fees and costs in connection with enforcing this Agreement.
- No Waiver; Amendment. No waiver by either party of one or more breaches or defaults by the other in the performance of any provision of this Agreement shall operate or be construed as a waiver of any other or further breach or default whether of a like or different character. This Agreement shall not be modified or amended except by a written instrument specifically referencing this Agreement which has been executed by the parties hereto.
- Severability. In the event any provision of this Agreement is declared to be void or unenforceable in whole or part, the other provisions of this Agreement and the remainder of the affected provisions shall continue to be valid; provided, however, that a court having jurisdiction may revise such provision to the extent necessary to make such provision valid and enforceable consistent with the intention of the parties.
- Entire Agreement. This Agreement supersedes and excludes any prior agreements, representations, warranties or contracts between the parties relating to the subject matter hereof and contains all of the agreements of the parties with respect to the subject matter hereof. Any and all prior agreements, representations, statements, warranties or contracts relating to such subject matter shall be deemed conclusively to have been merged herein. In case of any conflict between the Insertion Order, these Terms of Agreement and any Exhibits and Schedules, the order of priority for interpretation shall be the Insertion Order, followed by these Terms of Agreement followed by the Exhibits and Schedules. Upon the signing of this Agreement by the parties hereto, any and all prior verbal or written agreements relating to the subject matter hereof, including but not limited to any amendments thereto, are terminated and of no further force and effect, and Seriously is hereby forever released from any liability or obligation arising from or relating to such.
- Counterparts. This Agreement may be executed in counterparts, including facsimile or scanned counterparts, each of which shall be deemed an original and all of which when taken together will constitute one and the same instrument.
- Section Headings. Section headings are purely for ease of reference and do not form part of or affect the interpretation of this Agreement.
Schedule 9.b.
Data Processing Agreement
In addition to our undertaking under Section 9.b of the Terms of Marketing Agreement (the “Agreement”), we, the Publisher (as defined in the Insertion Order) (the “Processor”) hereby acknowledge, confirm and undertake towards Seriously, as defined in the Agreement (the “Company” or “Controller”) as follows:
- Definitions
- “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control” for purposes of this definition means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity;
-
- “Applicable Laws” means (a) European Union or Member State laws with respect to any Company Personal Data in respect of which any Company Group Member is subject to EU Data Protection Laws; and (b) any other applicable law with respect to any Company Personal Data in respect of which any Company Group Member is subject to any other Data Protection Laws, including without limitation the California Consumer Privacy Act;
-
- “Controller Personal Data” means any Personal Data Processed by Processor on behalf of Controller pursuant to or in connection with the Agreement;
-
- “EU Data Protection Laws” means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR;
-
- “GDPR” means EU General Data Protection Regulation 2016/679;
-
- “Restricted Transfer” means (i) a transfer of Controller Personal Data from Controller to Processor; or (ii) an onward transfer of Controller Personal Data from a Processor to a Sub Processor, or between two establishments of Processor, in each case, where such transfer would be prohibited by Data Protection Laws (or by the terms of data transfer agreements put in place to address the data transfer restrictions of Data Protection Laws);
-
- “Sub-processor” means any person (including any third party and any Processor Affiliate, but excluding an employee of Processor or any of its sub-contractors) appointed by or on behalf of Processor or any Processor Affiliate to Process Personal Data on behalf of any Company Group Member in connection with the Principal Agreement;
-
- “Standard Contractual Clauses” means the agreement executed by and between Customer and salesforce.com, inc. and attached hereto as Annex 1 pursuant to the European Commission’s decision (C(2010)593) of 5 February 2010 on Standard Contractual Clauses for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection; and
-
- The terms, “Commission“, “Controller“, “Data Subject“, “Member State“, Personal Data“, “Personal Data Breach“, “Processing” and “Supervisory Authority” shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly.
- Subject matter of this Data Processing Agreement
-
- This Data Processing Addendum (“DPA”) applies to the processing of personal data in the scope of the Agreement between the parties for the services defined in the Agreement and/or Insertion Order (the “Services”)..
-
- Insofar as the Processor will be processing Controller Personal Data on behalf of the Controller in the course of the performance of the Service Agreement, the terms of this DPA shall apply. An overview of the categories of Personal Data, the types of Data Subjects, and purposes for which the Personal Data are being processed is provided in Annex 2 hereto.
-
- The Controller will determine the scope, purposes, and manner by which the Personal Data may be accessed or processed by the Processor. The Processor will process the Personal Data only as set forth in Controller’s written instructions.
-
- Processor shall not Process Controller Personal Data other than on the Controller’s documented reasonable and customary instructions as specified in the Agreement or this DPA, unless such Processing is required by Applicable Laws to which the Processor is subject.
-
- Controller warrants that it has all necessary rights to provide the Personal Data to Processor for the Processing to be performed in relation to the Services. To the extent required by Applicable Data Protection Law, Controller is responsible for ensuring that any necessary data subject consents to this Processing are obtained, and for ensuring that a record of such consents is maintained. Should such a consent be revoked by the data subject, Controller is responsible for communicating the fact of such revocation to the Processor, and Processor remains responsible for implementing any Controller instruction with respect to the further processing of that Personal Data.
- Confidentiality
-
- Without prejudice to any existing contractual arrangements between the Parties, the Processor shall treat all Personal Data as strictly confidential and it shall inform all its employees, agents and/or approved sub-processors engaged in processing the Personal Data of the confidential nature of the Personal Data. The Processor shall ensure that all such persons or parties have signed an appropriate confidentiality agreement, are otherwise bound to a duty of confidentiality, or are under an appropriate statutory obligation of confidentiality.
- Security
-
- Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of, varying likelihood and severity for the rights and freedoms of natural persons, Processor and each Processor Affiliate shall in relation to the Company Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.
-
- In assessing the appropriate level of security, Processor and each Processor Affiliate shall take account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach.
- Improvements to Security
-
- The Parties acknowledge that security requirements are constantly changing and that effective security requires frequent evaluation and regular improvements of outdated security measures. The Processor will therefore evaluate the measures as implemented in accordance with Article 4 on an on-going basis and will tighten, supplement and improve these measures in order to maintain compliance with the requirements set out in Article 4. The Parties will negotiate in good faith the cost, if any, to implement material changes required by specific updated security requirements set forth in applicable data protection law or by data protection authorities of competent jurisdiction.
-
- Where an amendment to the Service Agreement is necessary in order to execute a Controller instruction to the Processor to improve security measures as may be required by changes in applicable data protection law from time to time, the Parties shall negotiate an amendment to the Service Agreement in good faith.
- Data Transfers
-
- The Standard Contractual Clauses and the additional terms specified in Annex 1 shall apply to (i) legal entity that is not incorporated under one of the countries recognized by The European Commission as a country that offers an adequate level of data protection, on the basis of article 45 of Regulation (EU) 2016/679 and, (ii) Processor which is not certified under the EU-US Privacy Shield framework; and (iii) all Affiliates of such Processor, the aforementioned entities shall be deemed “data exporters”.
-
- This DPA and the Agreement are Controller’s complete and final documented instructions at the time of signature of the Agreement for the Processing of Personal Data. Any additional or alternate instructions must be agreed upon separately in writing. For the purposes of Clause 5(a) of the Standard Contractual Clauses, the following is deemed an instruction by the Company to process Personal Data: (a) Processing in accordance with the Service Agreement and applicable Order Form(s); (b) Processing initiated by Users and (c) Processing to comply with other reasonable documented instructions provided by company (e.g., via email) where such instructions are consistent with the terms of the Service Agreement.
-
- The Processor shall immediately notify the Controller of any (planned) permanent or temporary transfers of Personal Data which is not in accordance to section 6.1 above.
- Information Obligations and Incident Management
-
- When the Processor becomes aware of an incident that impacts the Processing of the Personal Data that is the subject of the Agreement, it shall promptly notify the Controller about the incident, shall at all times cooperate with the Controller, and shall follow the Controller’s instructions with regard to such incidents, in order to enable the Controller to perform a thorough investigation into the incident, to formulate a correct response, and to take suitable further steps in respect of the incident.
-
- The term “incident” used in Article 7.1 shall be understood to mean in any case:
(a) a complaint or a request with respect to the exercise of a data subject’s rights under EU Data Protection Law;
(b) an investigation into or seizure of the Personal Data by government officials, or a specific indication that such an investigation or seizure is imminent;
(c) any unauthorized or accidental access, processing, deletion, loss or any form of unlawful processing of the Personal Data;
(d) any breach of the security and/or confidentiality as set out in Articles 3 and 4 of this DPA leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, the Personal Data, or any indication of such breach having taken place or being about to take place;
(e) where, in the opinion of the Processor, implementing an instruction received from the Controller would violate applicable laws to which the Controller or the Processor are subject.
-
- The Processor shall at all times have in place written procedures which enable it to promptly respond to the Controller about an incident. Where the incident is reasonably likely to require a data breach notification by the Controller under applicable EU Data Protection Law, the Processor shall implement its written procedures in such a way that it is in a position to notify the Controller no later than 24 hours of having become aware of such an incident.
-
- Any notifications made to the Controller pursuant to this Article 7 shall be addressed to the employee of the Controller whose contact details are provided in any IO, and shall contain:
(a) a description of the nature of the incident, including where possible the categories and approximate number of data subjects concerned and the categories and approximate number of Personal Data records concerned;
(b) the name and contact details of the Processor’s data protection officer or another contact point where more information can be obtained;
(c) a description of the likely consequences of the incident; and
(d) a description of the measures taken or proposed to be taken
by the Processor to address the incident including, where appropriate, measures to mitigate its possible adverse effects.
- Contracting with Sub-Processors
-
- The Processor is not authorized to subcontract any of its Service-related activities consisting (partly) of the processing of the Personal Data or requiring Personal Data to be processed by any third party without the prior written authorization of the Controller provided that the Processor shall remain fully and primarily liable vis-à-vis the Controller for the performance of any such sub-processor that fails to fulfil its data protection obligations.
-
- The consent of the Controller pursuant to Article 8.1 shall not alter the fact that consent is required under section 6.3 for the engagement of sub-processors in a country outside the European Economic Area without a suitable level of protection.
-
- The Processor shall ensure that the sub-processor is bound by the same data protection obligations of the Processor under this DPA, shall supervise compliance thereof, and must in particular impose on its sub-processors the obligation to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of EU Data Protection Law.
-
- The Controller may request that the Processor audit a Third Party Sub-processor or provide confirmation that such an audit has occurred (or, where available, obtain or assist customer in obtaining a third-party audit report concerning the Third Party Sub-processor’s operations) to ensure compliance with its obligations imposed by the Processor in conformity with this Agreement.
- Returning or Destruction of Personal Data
-
- Upon termination of this DPA, upon the Controller’s written request, or upon fulfillment of all purposes agreed in the context of the Services whereby no further processing is required, the Processor shall, at the discretion of the Controller, either delete, destroy or return all Personal Data to the Controller and destroy or return any existing copies.
-
- The Processor shall notify all third parties supporting its own processing of the Personal Data of the termination of the DPA and shall ensure that all such third parties shall either destroy the Personal Data or return the Personal Data to the Controller, at the discretion of the Controller.
- Assistance to Controller
-
- The Processor shall assist the Controller by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Controller’s obligation to respond to requests for exercising the data subject’s rights under the GDPR.
-
- The Processor shall assist the Controller in ensuring compliance with the obligations pursuant to Section 4 (Security) and prior consultations with supervisory authorities required under Article 36 of the GDPR taking into account the nature of processing and the information available to the Processor.
-
- The Processor shall make available to the Controller all information necessary to demonstrate compliance with the Processor’s obligations and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller.
- Liability and Indemnity
-
- The Processor indemnifies the Controller and holds the Controller harmless against all claims, actions, third party claims, losses, damages and expenses incurred by the Controller and arising directly or indirectly out of or in connection with a breach of this DPA and/or the Applicable Data Protection Law by the Processor. The Controller indemnifies the Processor and holds the Data Process harmless against all claims, actions, third party claims, losses, damages and expenses incurred by the Processor and arising directly or indirectly out of or in connection with a breach of this DPA and/or the Applicable Data Law by the Controller.
- Duration and Termination
-
- This DPA shall come into effect on the later of: (i) effective date in accordance with the Agreement; or (ii) commencement of the relevant Restricted Transfer.
-
- Termination or expiration of this DPA shall not discharge the Processor from its confidentiality obligations pursuant to Article 3.
-
- The Processor shall process Personal Data until the date of termination of the agreement, unless instructed otherwise by the Controller, or until such data is returned or destroyed on instruction of the Controller.
- Miscellaneous
-
- Inconsistency. In the event of any inconsistency between the provisions of this DPA and the provisions of the Service Agreement, the provisions of this DPA shall prevail.
-
- Governing Law and Jurisdiction. (i) The Parties to this DPA hereby submit to the choice of jurisdiction stipulated in the Service Agreement with respect to any disputes or claims howsoever arising under this DPA, including disputes regarding its existence, validity or termination or the consequences of its nullity; and (ii) This DPA and all non-contractual or other obligations arising out of or in connection with it are governed by the laws of the country or territory stipulated for this purpose in the Service Agreement.
- Severance. Should any provision of this DPA be invalid or unenforceable, then the remainder of this DPA shall remain valid and in force. The invalid or unenforceable provision shall either be (i) amended as necessary to ensure its validity and enforceability, while preserving the Parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.
Annex 1
Standard Contractual Clauses (processors)
Clause 1
Definitions
For the purposes of the Clauses:
(a) ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data; [If these Clauses are governed by a law which extends the protection of data protection laws to corporate persons, the words “except that, if these Clauses govern a transfer of data relating to identified or identifiable corporate (as well as natural) persons, the definition of “personal data” is expanded to include those data” are added.]
(b) ‘the data exporter’ means the controller who transfers the personal data;
(c) ‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC; [If these Clauses are not governed by the law of a Member State, the words “and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC” are deleted.]
(d) ‘the sub-processor’ means any processor engaged by the data importer or by any other sub-processor of the data importer who agrees to receive from the data importer or from any other sub-processor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
(e) ‘the applicable data protection law‘ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
(f) ‘technical and organizational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
Clause 2
Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.
Clause 3
Third-party beneficiary clause
1. The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
2. The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
3. The data subject can enforce against the sub-processor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.
4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.
Clause 4
Obligations of the data exporter
The data exporter agrees and warrants:
(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
(b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;
(c) that the data importer will provide sufficient guarantees in respect of the technical and organizational security measures specified in Appendix 2 to this contract;
(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
(e) that it will ensure compliance with the security measures;
(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC; [If these Clauses are not governed by the law of a Member State, the words “within the meaning of Directive 95/46/EC” are deleted.]
(g) to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
(i) that, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
(j) that it will ensure compliance with Clause 4(a) to (i).
Clause 5
Obligations of the data importer
The data importer agrees and warrants:
(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;
(d) that it will promptly notify the data exporter about:
(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
(ii) any accidental or unauthorized access, and
(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorized to do so;
(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
(f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
(h) that, in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent;
(i) that the processing services by the sub-processor will be carried out in accordance with Clause 11;
(j) to send promptly a copy of any sub -processor agreement it concludes under the Clauses to the data exporter.
Clause 6
Liability
1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered.
2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his sub-processor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.
The data importer may not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities.
3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the sub-processor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the data sub-processor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the sub-processor shall be limited to its own processing operations under the Clauses.
Clause 7
Mediation and jurisdiction
1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
(b) to refer the dispute to the courts in the Member State in which the data exporter is established.
2. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
Clause 8
Cooperation with supervisory authorities
1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any sub-processor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any sub-processor preventing the conduct of an audit of the data importer, or any sub-processor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b).
Clause 9
Governing Law
The Clauses shall be governed by the law of the Member State in which the data exporter is established, namely Romanian law.
Clause 10
Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
Clause 11
Sub-processing
1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the sub-processor which imposes the same obligations on the sub-processor as are imposed on the data importer under the Clauses. Where the sub-processor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the sub-processor’s obligations under such agreement.
2. The prior written contract between the data importer and the sub-processor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.
3. The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
4. The data exporter shall keep a list of sub-processing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.
Clause 12
Obligation after the termination of personal data processing services
1. The parties agree that on the termination of the provision of data processing services, the data importer and the sub-processor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
2. The data importer and the sub-processor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.
Annex 2
Personal data that will be processed in the scope of the Service Agreement and the purposes for which these data will be processed
Duration of the Processing of Company Personal Data
Personal Data shall only be processed until the End Date (as such term is defined in the Agreement), or if no End Date is specified on the Insertion Order, until the expiry of the Term (as such terms is defined in the Agreement).
The nature and purpose of the Processing of Company Personal Data
Personal Data shall be processed solely to the extent necessary for Publisher to provide the Services pursuant to the Insertion Order and this Agreement.
The types of Company Personal Data to be Processed
The types of Personal Data to be processed may include User’s Data (as such term is defined in the Agreement).
The categories of Data Subject to whom the Company Personal Data relates
Personal Data shall be processed in relation to Seriously’s potential and existing Users.
Schedule 9.b.(v)
Information Security Standards
1. The Publisher shall:
1.1 Implement appropriate environmental and physical security measure to prevent unauthorized physical access to restricted information and the systems managing it.
1.2 Manage and restrict access to only the resources necessary for users (application, database, network, and system administrators) to perform authorized functions. The Publisher should document all the user types and their related permissions.
1.3 Require strong authentication and encryption that meet security standards for any remote access to Confidential Information and Seriously’s network.
1.4 Use a secure method for securing authentication information (User name and password) by acceptable security standards.
1.5 Separate Seriously’s information from any other customer or supplier’s own applications and information, including but not limited to the public internet or any system used by the Publisher. Information shall be protected using appropriate tools and measures, including but not limited to access control, firewall, anti-virus applications.
1.6 Do not transfer and store Seriously’s information on removable devices, laptops, smartphones, tablets, etc., unless agreed upon in advance with Seriously in writing. The Publisher shall implement security measures such as using encryption to protect all of Seriously’s information stored on mobile devices.
1.7 Regularly install the most recent system and security updates to systems that used to access, process, manage, or store Seriously’s information.
1.8 Conduct risk assessment processes and surveys to regularly assess information security risks; the Publisher shall inform these risks to Seriously and remediate such risks as soon as possible.
1.9 Employ appropriate measures of identification and access controls to any of the Publisher’s systems and Seriously’s information. The Publisher should save log files of all access to Seriously’s information.
1.10 Use only the mutually agreed upon facilities and connection methodologies to remotely connect to Seriously’s network. Any connection to Seriously’s information sources using a remote connection are conditioned on prior approval.
1.11 Transfer of Confidential Information between Seriously and the Publisher will be implemented by using secure file transfer platform.
1.12 The Publisher shall ensure that all personnel, subcontractors or representatives performing work under this Agreement, are in compliance with these measures. Without derogating from the Publisher’s obligation to supervise his personnel and implement the security demands.
1.13 The Publisher shall provide an appropriate level of periodical training concerning the organizational security measures and privacy issues, to the personnel who has access to Seriously’s Confidential Information.
1.14 The Publisher shall permit Seriously to conduct audits or assessments of the Publisher’s activity and compliance with its obligations arising out of this Agreement and according to the law, including access to facilities and relevant IT systems at reasonable working hours, and outside out of normal working hours with advance notice.
1.15 The Publisher shall immediately notify Seriously whenever there is any suspected or confirmed security breach, such as: intrusion to the IT systems, unauthorized access to information, data loss, or other incident regarding Seriously’s information, systems, or other resources. The Publisher shall notify Seriously of actions that has been taken to resolve such incident.
1.16 For clarification, Seriously reserves the right to change said demands in its sole discretion, based on its needs and according to technological developments, and according to any applicable law.