Dated: March 23, 2021
Subject to Service Order:
This Agreement, effective as of the Effective Date provided in the Service Order, is entered into by and between PubMatic and the Client listed on such Service Order.
1. LICENSE.
1.1. License Grant. Client hereby grants to PubMatic a non-exclusive, worldwide, sublicensable license during the Term to use, host, publicly display, create algorithms based on, and modify the Audience Data (a) to create, deliver, analyze, model, plan, optimize, and report on advertising campaigns, audiences and segments within PubMatic Services and/or PubMatic’s publisher inventory; and (b) provide the PubMatic Services for Client’s benefit. For the avoidance of doubt, PubMatic will not otherwise sell Audience Data.
1.2. Required Consents. Client shall be solely responsible at no cost to PubMatic for procuring and maintaining during the Term all necessary and applicable rights, consents, licenses, and clearances with respect to the Audience Data as necessary for PubMatic and the PubMatic’s customers to exercise the rights and licenses granted by Client herein.
1.3. Restrictions. PubMatic shall not make the Audience Data available to any third party in raw and an unmodified form. PubMatic shall implement administrative, physical and technical safeguards to protect the Audience Data from unauthorized access, loss or disclosure that are no less rigorous than accepted industry standards and using reasonable care. PubMatic shall notify Client promptly in the event PubMatic learns of any unauthorized access, loss or disclosure of any Audience Data, and will reasonably cooperate with Client in any proceeding against any third parties necessary to protect Client’s rights with respect to the Audience Data. PubMatic shall retain the right to discontinue offering any of the Audience Data at any time in the event that Audience Data violates the terms of this Agreement or does not generate any Data Revenue.
1.4. Data Protection Addendum. To the extent applicable, the EU Data Protection Addendum attached hereto as Exhibit B shall form part of this Agreement and its terms are hereby incorporated in the Agreement by reference.
2. CLIENT OBLIGATIONS.
2.1. Client will perform its obligations under this Agreement, including with respect to the collection and provision of Audience Data as contemplated hereby, in compliance with all applicable laws, rules and regulations.
2.2. Client shall ensure that the Client Properties and each of the sources of Audience Data: (i) contain a privacy policy that clearly and conspicuously discloses the collection, provision and use (including, without limitation, the use contemplated by this Agreement) of Audience Data, including descriptions of data collection for interest-based advertising, as applicable, (ii) provide a conspicuous mechanism by which End Users may opt out of interest-based advertising, as applicable and/or required by law, rule, or regulation, and (iii) to the extent required by applicable law, rule or regulation, obtain, with respect to Client’s services, End Users’ prior and informed consent to the use, collection and sharing of the Audience Data as contemplated by this Agreement.
2.3. Client will not pass or make available to PubMatic as part of Audience Data: (i) Personal Directory Data or (ii) Sensitive Personal Data.
2.4. Client will not pass or make available to PubMatic, or will immediately inform PubMatic if it previously provided, any data relating to an End User in the event that Client knows that such End User has opted out of interest-based or cross-app advertising, the uses of Audience Data contemplated by this Agreement, or the services provided by Client.
3. TERM; TERMINATION.
3.1. Term. The term of this Agreement will commence on the Effective Date and continue for a period of one (1) year (the “Initial Term”). This Agreement will automatically renew for additional sequential one (1) year terms if neither Party provides written notice of termination to the other Party at least sixty (60) days before the expiration of the Agreement (each, a “Renewal Term”).
3.2. Convenience. Either party may terminate this Agreement, for convenience, effective immediately, upon thirty (30) days written notice to Client.
3.3. Material Breach. Either party may terminate this Agreement effective immediately, if the other party is in material breach of any obligation, representation, or warranty hereunder and fails to cure that material breach (if capable of cure) within thirty (30) days after receiving written notice of the material breach from the non-breaching party stating its intent to terminate.
3.4. Bankruptcy. Either party may terminate this Agreement effective immediately upon written notice if: (i) the other party files a petition for bankruptcy or is adjudicated as bankrupt; (ii) a petition in bankruptcy is filed against the other party and such petition is not removed or resolved within thirty (30) days; (iii) the other party makes an assignment for the benefit of its creditors or an arrangement for its creditors pursuant to bankruptcy law; (iv) the other party discontinues its business; (v) a receiver is appointed over all or substantially all of the other party’s assets or business; or (vi) the other party is dissolved or liquidated.
3.5. Effect of Termination. Upon termination of this Agreement, the following sections will survive: 3, 4, 5, and 7 through 10. Client shall continue to provide the Audience Data during the Wind-Down Period. During the Wind-Down Period, Client will continue receiving payments from PubMatic in accordance with Section 3.2 above.
4. CONFIDENTIALITY; PROTECTION OF CONFIDENTIAL INFORMATION AND PRESS RELEASES.
4.1. “Confidential Information” means (i) technical innovations, know-how, business practices, consumer acquisition practices, patents, ideas, inventions, processes, financial records, prices, trade secrets, applications, source code, reporting, data, and Intellectual Property; (ii) any and all information that is disclosed by either party to the other party, either directly or indirectly, in writing, orally or by inspection of tangible objects, which if disclosed in writing or tangible form is marked as “Confidential,” or with some similar designation, or if disclosed orally or by inspection or observation, is identified as being proprietary and/or confidential at the time of disclosure, (iii) by the nature of the circumstances surrounding the disclosure should reasonably be treated as proprietary and/or confidential, or (iv) any information which is or reasonably should be considered to be proprietary and/or confidential.
4.2. Exclusions. Confidential Information does not include information that: (i) is or becomes generally known to the public through no fault of or breach of this Agreement by the receiving party; (ii) is rightfully known by the receiving party at the time of disclosure without an obligation of confidentiality, as evidenced by the receiving party’s tangible (including written or electronic) records; (iii) is independently developed or obtained by the receiving party without use of the disclosing party’s Confidential Information, as evidenced by the receiving party’s tangible (including written or electronic) records; (iv) the receiving party rightfully obtains from a third party, who does not have a known obligation of confidentiality, without restriction on its use or disclosure; or (v) Audience Data.
4.3. Use and Disclosure Restrictions. Neither party may use the other party’s Confidential Information, except as necessary for the performance of this Agreement nor may either party disclose Confidential Information of the other party to any third party or individual, except to those of its employees or subcontractors that need to know such Confidential Information for the purpose of performing this Agreement; provided, that each such employee or subcontractor is subject to a written agreement that includes binding use and disclosure restrictions that are at least as protective of Confidential Information as those set forth herein. Each party must use all reasonable efforts to maintain the confidentiality of all Confidential Information of the other party in its possession or control, but in no event less than the efforts that party ordinarily uses with respect to its own proprietary information of similar nature and importance. The foregoing obligations will not restrict either party from disclosing Confidential Information of the other party: (i) pursuant to the order or requirement of a court, administrative agency, or other governmental body, provided that the party required to make such a disclosure gives reasonable notice to the other party in order that the disclosing party may act to prevent or restrict the ordered disclosure; (ii) on a confidential basis to its legal or financial advisors; or (iii) on a confidential basis to present or future providers of venture capital and/or potential private investors in or acquirers of such party. Upon the written request of the disclosing party, all copies of Confidential Information shall be promptly returned or destroyed by the receiving party, except for any automatically generated electronic backup copies that may reside on a party’s computer systems or be stored offsite, and that shall be used for no purpose and remain subject to the confidentiality obligations contained herein.
5. REPRESENTATIONS AND WARRANTIES.
5.1. Mutual Representations and Warranties. Each of the parties represents and warrants that (i) it has the full power and authority to enter into this Agreement; (ii) the execution of this Agreement and performance of its obligations under this Agreement do not and will not violate any other agreements to which it is a party; and (iii) this Agreement constitutes a legal, valid and binding obligation of it when executed and delivered.
5.2. Client Representations and Warranties. Client represents and warrants that (i) the Audience Data does not, and will not, infringe, violate, or misappropriate the Intellectual Property rights of any third party; (ii) it has all required consents described in Section 1.3; (iii) the Audience Data will meet the requirements of Section 2; (iv) it will comply with all applicable laws, rules, and regulations, including privacy laws and regulations, in its collection, storage, sharing and use of the Audience Data; and (v) the collection, provision and use of Audience Data as contemplated hereby do not, and will not, (a) violate the terms of any privacy policy or other disclosure made at the time of collection, or (b) violate the terms of service of any operating system or platform (including, without limitation, iOS or Android), web site, application or other source of Audience Data.
6. DISCLAIMERS; LIMITATION OF LIABILITY.
6.1. Disclaimers. EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER PARTY MAKES ANY WARRANTIES, EXPRESS OR IMPLIED, WITH RESPECT TO THE SUBJECT MATTER OF THIS AGREEMENT, AND EACH PARTY EXPRESSLY DISCLAIMS THE IMPLIED WARRANTIES OF PERFORMANCE, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE, AND IMPLIED WARRANTIES ARISING FROM COURSE OF DEALING OR PERFORMANCE WITH RESPECT TO ITS PRODUCTS AND/OR SERVICES. THE PUBMATIC SERVICES WILL NOT PROVIDE SPECIFIC VOLUMES OF TRAFFIC, RESULTS, SALES OBJECTIVES OR ANY LEVEL OF PROFIT OR BUSINESS.
6.2. LIMITATION OF LIABILITY. EXCEPT FOR A PARTY’S INDEMNITY OBLIGATIONS UNDER SECTION 7, IN NO EVENT WILL EITHER PARTY BE LIABLE TO THE OTHER FOR ANY PUNITIVE, INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL, RELIANCE OR CONSEQUENTIAL DAMAGES ARISING FROM OR RELATING TO THIS AGREEMENT, INCLUDING LOST DATA, BUSINESS, REVENUE, OR ANTICIPATED PROFITS, WHETHER BASED ON BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, AND WHETHER OR NOT THE APPLICABLE PARTY WAS ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES. PUBMATIC SHALL HAVE NO LIABILITY FOR THE ACTS OR OMISSIONS OF THIRD PARTIES. IN NO EVENT WILL THE AGGREGATE LIABILITY OF PUBMATIC UNDER THIS AGREEMENT EXCEED THE LESSER OF THE FEES PAYABLE TO CLIENT BY PUBMATIC UNDER THIS AGREEMENT DURING THE SIX (6) MONTHS IMMEDIATELY PRECEDING THE DATE OF THE CLAIM AND TEN THOUSAND DOLLARS ($10,000). THE PARTIES AGREE THAT THE LIMITATIONS OF LIABILITY SET FORTH IN THIS SECTION WILL SURVIVE ANY TERMINATION OR EXPIRATION OF THIS AGREEMENT, AND WILL APPLY EVEN IF ANY LIMITED REMEDY SPECIFIED IN THIS AGREEMENT IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.
7. INDEMNIFICATION.
7.1. PubMatic Indemnification. PubMatic agrees to indemnify, defend, and hold Client and its directors, officers, shareholders, employees, affiliates, and agents harmless from and against any liabilities, damages, losses, or expenses (including reasonable attorneys’ fees) arising out of any claim, demand, action, or proceeding initiated by a third party that is based upon, arises out of, or relates to the alleged or actual breach of any of PubMatic’s representations and warranties set forth in Section 5.1 (Mutual Representations and Warranties) hereof; provided, however, that Client: (i) promptly notifies PubMatic in writing of the claim, except that any failure to provide this notice promptly only relieves PubMatic of its responsibility pursuant to this Section to the extent its defense is materially prejudiced by the delay; (ii) grants PubMatic sole control of the defense and/or settlement of the claim; provided PubMatic uses legal counsel reasonably acceptable to Client and (iii) provides PubMatic, at PubMatic’s expense, with all assistance, information and authority reasonably required for the defense and/or settlement of the claim. PubMatic shall not settle any claim in a manner that adversely affects the rights of Client without Client’s prior written consent, which consent shall not be unreasonably withheld or delayed. Client may participate in and observe the proceedings at its own cost and expense with legal counsel of its own choosing.
7.2. Client Indemnification. Client agrees to indemnify, defend, and hold PubMatic and its directors, officers, shareholders, employees, affiliates, and agents harmless from and against any liabilities, damages, losses, or expenses (including reasonable attorneys’ fees) arising out of any claim, demand, action, or proceeding initiated by a third party that is based upon, arises out of, or relates to the alleged or actual breach of any of Client’s representations and warranties set forth in Sections 5.1 (Mutual Representations and Warranties) and 5.2 (Client Representations and Warranties) hereof, and the use by PubMatic or the PubMatic Customers of the Audience Data as contemplated in this Agreement; provided, however, that PubMatic: (i) promptly notifies Client in writing of the claim, except that any failure to provide this notice promptly only relieves Client of its responsibility pursuant to this Section to the extent its defense is materially prejudiced by the delay; (ii) grants Client sole control of the defense and/or settlement of the claim; provided Client uses legal counsel reasonably acceptable to PubMatic; and (iii) provides Client, at Client’s expense, with all assistance, information and authority reasonably required for the defense and/or settlement of the claim. Client shall not settle any claim in a manner that adversely affects the rights of PubMatic without PubMatic’s prior written consent, which consent shall not be unreasonably withheld or delayed. PubMatic may participate in and observe the proceedings at its own cost and expense with legal counsel of its own choosing.
8. MISCELLANEOUS.
8.1. Relationship of the parties. The relationship of PubMatic and Client established by this Agreement is that of independent contractors, and nothing contained in this Agreement will create or be construed to constitute a partnership, joint venture, agency, or employment relationship between the parties. Neither party shall have any right to obligate or bind the other party hereto in any manner whatsoever, and nothing herein contained shall give, or is intended to give, any rights of any kind to any third parties.
8.2. Governing Law; Jurisdiction. This Agreement shall be governed by, and construed and enforced in accordance with, the laws of the State of California, without reference to conflicts of laws principles. The parties agree that the federal and state courts located in Santa Clara County, California will have exclusive jurisdiction and venue under this Agreement, and the parties hereby agree to submit to such jurisdiction exclusively.
8.3. Assignment. Client may not assign any of its rights or obligations under this Agreement without the prior written consent of PubMatic, except that Client may assign this Agreement without consent but with prior written notice to PubMatic in connection with any merger, consolidation, reorganization, or sale of all or substantially all of its assets related to this Agreement, by operation of law or otherwise. This Agreement inures to the benefit of and is binding upon the parties’ permitted assignees, transferees and successors.
8.4. Amendments. Except as otherwise set forth herein, all amendments to this Agreement must be in writing and executed by both parties hereto.
8.5. Waiver. A waiver of any provision of this Agreement will only be valid if provided in writing and will only be applicable to the specific incident and occurrence so waived. The failure by either party to insist upon the strict performance of this Agreement, or to exercise any term hereof, will not act as a waiver of any right, promise or term, which will continue in full force and effect.
8.6. Severability. If any provision, or portion thereof, of this Agreement is determined by a court of competent jurisdiction to be invalid, illegal or unenforceable, such determination will not impair or affect the validity, legality, or enforceability of the remaining provisions of this Agreement.
8.7. Notices. All notices under the terms of this Agreement must be given in writing and sent by United States registered or certified mail, express courier, facsimile transmission, email, or must be delivered by hand to the following addresses (or such other address as may be specified by a party in writing):
PUBMATIC
Attention: General Counsel
Address: 3 Lagoon Drive, Suite 180
Address: Redwood City, CA, 94065
Email Address: legal@pubmatic.com
All notices will be presumed to have been received when hand delivered, one (1) day after being sent via express courier, within five (5) business days after being placed in the United States mail, postage prepaid, certified or registered mail, or upon confirmation of delivery after being received via facsimile transmission or email. A courtesy copy of all notices to PubMatic shall be sent to legal@pubmatic.com.
8.8. Force Majeure. Neither party will be responsible for any failure or delay in its performance under this Agreement due to causes beyond its reasonable control, including labor disputes, strikes, lockouts, carrier gateway provider service failures, internet or telecommunications failures, shortages of or inability to obtain labor, energy, or supplies, war, terrorism, riot, acts of God or governmental action, and such performance shall be excused to the extent that it is prevented or delayed by reason of any of the foregoing.
8.9. Entire Agreement. This Agreement and any exhibits, addendums and schedules attached hereto set forth the entire agreement and understanding of the parties with respect to the subject matter hereof and supersede all prior and contemporaneous agreements or understandings (whether oral or written) between Client and PubMatic regarding the subject matter. All exhibits and schedules attached to this Agreement are incorporated herein.
8.10. Headings. Section or paragraph headings used in this Agreement are for reference purposes only, and should not be used in the interpretation hereof. No provision of this Agreement will be construed against either party as the drafter thereof.
8.11. Counterparts. This Agreement may be signed in one or more counterparts, which may be in an electronically delivered format. Each of them is an original, and all of them constitute one agreement.
9. DEFINITIONS.
9.1. “Audience Data” means any data owned or licensed by Client that is delivered or otherwise made available to PubMatic pursuant to this Agreement.
9.2. “End User” means a specific natural person who uses the Client Properties.
9.3. “Intellectual Property” includes trade secrets, copyrights, trademarks, patents, logos, service marks, inventions, technology, Confidential Information, and other proprietary materials.
9.4. “Personal Data” shall have the meaning of this term or any similar term (such as “personal information” or “personally identifiable information”) under the relevant applicable privacy or data protection laws, or where no such laws apply, shall mean any information that by itself or when combined with other information (such as name, address, telephone number, e-mail address, precise geo location, financial account number, and government-issued identification number) can be used to identify a specific natural person.
9.5. “Personal Directory Data” means calendar, address book, phone/text log, or photo/video file data (including any associated metadata), or similar data created by a user that is stored on or accessed through a device.
9.6. “Client Properties” means Client owned, operated and/or controlled web or mobile properties or other sources of data for Client.
9.7. “PubMatic Customer” means any PubMatic customer, publisher, demand partner, agency, or advertiser that receives Audience Data from PubMatic.
9.8. “PubMatic Services” means the online advertising services owned, operated, or provided by PubMatic through which Audience Data shall be utilized in accordance with the rights and licenses granted herein.
9.9. “Sensitive Personal Data” shall have the meaning relating to this term or any similar term (such as “sensitive personal information”) under relevant privacy or data protection laws, or where no such laws apply, shall mean, with respect to a specific natural person, medical or health information (including information about health conditions or treatments), financial information (including financial account information and number), sexual orientation, social security number or other government-issued identifiers, and personal information of children protected under any applicable child protection laws (such as the personal information defined under the United States Children’s Online Privacy Protection Act of 1998 (“COPPA”).
9.10. “Term” means the Initial Term and any Renewal Terms.
9.11. “Wind-Down Period” is defined as a 90 day period after the termination date of this Agreement during which Client will continue to provide Audience Data to PubMatic and the PubMatic Customers, at PubMatic’s option.
EXHIBIT B
PubMatic – EU Data Processing Addendum for Audience Data Match
This Data Processing Addendum (“Addendum“) is entered into by and between PubMatic, Inc. (“PubMatic“) and the party identified in the signature block below (“Client”), and forms part of the Audience Data Match Services Agreement (the “Agreement”) between the parties relating to the subject matter of this Addendum.
The terms in this Addendum shall only apply to the extent PubMatic collects or otherwise processes Data (including Personal Data) protected or otherwise regulated by EU Data Protection Law. Capitalized terms used in this Addendum shall have the meaning given to them in the main body of the Agreement unless otherwise defined in this Addendum.
IT IS AGREED:
1. Definitions
“Client Property” has the meaning given to it in the Agreement or, if not set forth in the Agreement, means the websites, mobile applications and/or other digital media properties owned or operated by the Client or any sources via which Personal Data used in connection with the PubMatic Services is collected.
“Data” has the meaning given to it in Section 2 of this Addendum.
“Demand Partners” means PubMatic’s media buying clients, including but not limited to demand side platforms, ad exchanges, agencies, agency trading desks and ad networks and PubMatic customers.
“EEA” means for the purposes of this Addendum, the European Economic Area which will be deemed to include Switzerland and the United Kingdom;
“EU Data Protection Law” means (i) the EU General Data Protection Regulation (Regulation 2016/679); (ii) the EU e-Privacy Directive (Directive 2002/58/EC); and (iii) any national laws made under or pursuant to (i) or (ii) (in each case, as superseded, amended or replaced).
“Personal Data” means any information relating to an identified or identifiable natural person to the extent that such information is protected as personal data under applicable EU Data Protection Law.
“Privacy Requirements” means all applicable international, federal, national and state data protection and privacy laws, regulations, and industry self-regulatory rules, codes and guidelines that apply to the processing of Data (including Personal Data) that is protected by EU Data Protection Law, as applicable to Client, PubMatic and its Demand Partners , including without limitation: (i) the rules, codes and guidelines of the European Interactive Digital Advertising Alliance (EDAA) and the Network Advertising Initiative (NAI); and (iii) EU Data Protection Law (in each case, as amended, superseded or replaced).
“Privacy Shield” means the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Framework self-certification program operated by the U.S. Department of Commerce and approved by the European Commission pursuant to Decision C(2016)4176 of 12 July 2016 and by the Swiss Federal Council on January 11, 2017, respectively.
“PubMatic Services” has the meaning given to it in the Agreement.
“PubMatic Privacy Policy” means the PubMatic privacy policy available on PubMatic’s public facing website, the most current version of which is available at www.pubmatic.com/privacy-policy (as updated or amended from time to time).
“Standard Contractual Clauses” means the standard contractual clauses for controllers (2004) as approved by the European Commission pursuant to the European Commission’s decision C(2004) 5271 of 27 December 2004 (as updated, amended or replaced from time to time).
“Tracking Technologies” means technologies used to store or gain access to data stored on a user’s device, including (as applicable), cookies, mobile SDKs, browser cache, unique identifiers, web beacons, pixels and/or similar tracking technologies.
“Controller”, “data subject”, “processing” (and “process”), and “Processor” shall have the meanings given to them in EU Data Protection Law.
2. Scope of processing: Parties agree that unless otherwise agreed between the parties: (i) in connection with the PubMatic Services, PubMatic may receive data (including Personal Data) about or related to end users of the Client Properties as such data is more particularly described in the PubMatic Privacy Policy (collectively, “Data”); and (ii) PubMatic and its Demand Partners may use Tracking Technologies in order to collect certain Data. The parties agree that PubMatic (and its Demand Partners) may process the Data for the purposes contemplated by the Agreement and for any other purposes described in the PubMatic Privacy Policy (“Permitted Purposes”).
3. Relationship of the parties: The parties acknowledge that to the extent the Data contains Personal Data, PubMatic shall process Personal Data under the Agreement as a Processor acting behalf of Client (whether acting as a Controller or a Processor on behalf of third party Controllers) only for the Permitted Purposes.
4. Requesting Consent: Neither PubMatic nor its Demand Partners has a direct relationship with any data subject visiting the Client Properties. Accordingly, in each case where consent is the lawful basis for processing Personal Data and/or required for use of Tracking Technologies pursuant to the Privacy Requirements, Client agrees that it shall be responsible for obtaining all necessary consents from the relevant data subjects on behalf of PubMatic and applicable Demand Partners to lawfully permit PubMatic and all applicable Demand Partners to: (i) collect, process and share Data via the PubMatic Services for Permitted Purposes; and (ii) use Tracking Technologies in order to collect Data in connection with the performance of the PubMatic Services. Client represents and warrants that it shall, at all times maintain and make operational on Client Properties a mechanism for obtaining and recording such consent and that enables such consent to be withdrawn, in accordance with applicable Privacy Requirements.
5. Notice Requirements: Client agrees that it is responsible for ensuring that all data subjects are appropriately notified about the data collection and use practices taking place on the Client Properties through the PubMatic Services. Client represents and warrants that it shall conspicuously post, maintain and abide by a publicly accessible privacy notice within all Client Properties from which the Data is collected that satisfies the requirements of the Privacy Requirements and the Agreement (including this Addendum). Without prejudice to the generality of the foregoing, such notice shall at a minimum include the following information: (i) a statement that data may be collected for advertising purposes; (ii) a description of the type of Personal Data collected by PubMatic and its Demand Partners and the purposes of processing thereof, including for delivering ads across the Client Properties over time; (iii) a description of the categories of individuals who will have access to the Personal Data; (iv) a conspicuous link to or description of how to access a relevant choice mechanism; and/or (v) any other information required to comply with the information and transparency requirements of applicable Privacy Requirements.
6. Prohibited Data Sharing: Client shall not include Personal Data obtained from any Client Property that is directed at or likely to be accessed by any data subject that is deemed a child under applicable Privacy Requirements of the country in which the child resides; and/or pass to PubMatic or its Demand Partners any Personal Data of any data subject that is deemed a child under applicable EU Data Protection Law.
7. Noncompliance: If Client is unable to comply with its consent and notice obligations under the Agreement (including this Addendum) in respect of the Data, Client shall promptly notify PubMatic.
8. Co-operation and Data Subject Rights: The parties shall, on request, provide each other with all reasonable and timely assistance (at their own expense) and co-operation to enable the other party to comply with its obligations under the Privacy Requirements, including in order to enable the other party to respond to: (i) any request from a data subject to exercise any of its rights under EU Data Protection Law (including its rights of access, correction, objection, erasure and data portability, as applicable) in relation to the Data; and (ii) any other correspondence, enquiry or complaint received from a data subject, regulator or other third party in connection with the processing of the Data (“Correspondence”). Each party shall promptly inform the other if it receives any Correspondence directly from a data subject in relation to the Data. Subject to obligations of confidentiality and polices on disclosure of information, where a party has a concern that the other party has not complied with this Addendum, the parties agree to exchange information to ascertain the cause of such non-compliance and take reasonable steps to remediate.
9. Standard Contractual Clauses:
(a) PubMatic agrees to abide by and process Data in accordance with the Standard Contractual Clauses, which shall be incorporated into and form an integral part of this Addendum. The terms of the Standard Contractual Clauses will apply where and to the extent (a) the applicable transfer of Data is not subject to the laws of a jurisdiction recognized as providing an adequate level of protection for Personal Data (as described in applicable European Data Protection Law); or (b) PubMatic and the applicable transfer of Data is not covered by a suitable framework or other legally adequate transfer mechanism recognized by the relevant authorities or courts as providing an adequate level of protection or appropriate safeguards for Personal Data, including but not limited to the Privacy Shield (an “Adequacy Mechanism”). Where an Adequacy Mechanism applies, PubMatic shall process the Data in compliance with the Adequacy Mechanism, including (where applicable) the Privacy Shield Principles.
(a) For the purposes of the Standard Contractual Clauses, (i) PubMatic shall be deemed the “data importer” and Client shall be deemed the “data exporter”; (ii) Annex A of this Addendum shall replace Annex B of the Standard Contractual Clauses; and (iii) the data importer selects option (iii) for the purposes of Clause 2(h) of the Standard Contractual Clause. It is not the intention of either party to contradict or restrict any of the provisions set forth in the Standard Contractual Clauses. Accordingly, if and to the extent the Standard Contractual Clauses conflict with any provision of the Agreement, including this Addendum, the Standard Contractual Clauses shall prevail to the extent of such conflict.
10. Security: PubMatic shall implement appropriate technical and organizational measures to protect the copy of the Data in their possession or control (i) from accidental or unlawful destruction, and (ii) loss, alteration, unauthorised disclosure of, or access to the Data.
11. General: Except for the changes made by this Addendum, the Agreement remain unchanged and in full force and effect. If there is any conflict between any provision in this Addendum and any provision in the Agreement, this Addendum controls and takes precedence. With effect from the effective date, this Addendum is part of, and incorporated into the Agreement. To the extent there are any prior agreements with regard to the subject matter of this Addendum, this Addendum supersedes and replaces such prior agreements. This Addendum shall survive termination or expiry of the Agreement. Upon termination or expiry of the Agreement PubMatic may continue to process the Data provided that such processing complies with the requirements of this Addendum and the Privacy Requirements. This Addendum may be executed in counterparts, each of which shall be deemed to be an original, but all of which, taken together, shall constitute one and the same agreement. This Addendum may be executed via a recognized electronic signature service or delivered by facsimile transmission, or may be signed, scanned and emailed, and any such signatures shall be treated as original signatures for all applicable purposes.
Annex A
Description of the Transfer
Defined terms are as set out in the Data Processing Addendum agreed between the parties.
Data Subjects: Consumer end users to which Client intends to provide targeted advertising
Purposes of transfer: To enable the target audience data to be matched to inventory
Categories of data: Proprietary identifier or a combination of identifiers that are used to manage certain audience segments.
Recipients: PubMatic
Sensitive data: N/A
Contact points for data protection enquiries: As set forth in the Agreement