General Data Protection Regulation (GDPR) in the EU
Effective: Dec 04, 2019
This Publisher Data Protection Addendum (“Addendum“) is entered into by and between Markpoint (“Markpoint“) and you (“Publisher”), and forms part of all agreements between the parties relating to the subject matter of this Addendum (each, an “Agreement”).
The terms in this Addendum shall only apply to the extent Markpoint collects or otherwise processes Data (including Personal Data) protected or otherwise regulated by EU Data Protection Law. Capitalized terms used in this Addendum shall have the meaning given to them in the main body of the Agreement unless otherwise defined in this Addendum.
means the entity that determines the purposes and means of the processing of Personal Data.
has the meaning given to it in Section 2 of this Addendum.
means Markpoint’s media buying clients, including but not limited to demand side platforms, ad exchanges, agencies, agency trading desks and ad networks.
means for the purposes of this Addendum, the European Economic Area which will be deemed to include Switzerland and the United Kingdom;
EU Data Protection Law:
means (i) the EU General Data Protection Regulation (Regulation 2016/679); (ii) the EU e-Privacy Directive (Directive 2002/58/EC); and (iii) any national laws made under or pursuant to (i) or (ii) (in each case, as superseded, amended or replaced).
means any information relating to an identified or identifiable natural person to the extent that such information is protected as personal data under applicable EU Data Protection Law.
means all applicable international, federal, national and state data protection and privacy laws, regulations, and industry self-regulatory rules, codes and guidelines that apply to the processing of Data (including Personal Data) that is protected by EU Data Protection Law, as applicable to Publisher, Markpoint and its Demand Partners, including without limitation: (i) the rules, codes and guidelines of the European Interactive Digital Advertising Alliance (EDAA) and the Network Advertising Initiative (NAI); and (iii) EU Data Protection Law (in each case, as amended, superseded or replaced).
means the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Framework self-certification program operated by the U.S. Department of Commerce and approved by the European Commission pursuant to Decision C(2016)4176 of 12 July 2016 and by the Swiss Federal Council on January 11, 2017, respectively.
Privacy Shield Principles:
means the Privacy Shield Framework Principles (as supplemented by the Supplemental Principles) contained in Annex II to the European Commission Decision C(2016)4176 of July 12, 2016 (as may be amended, superseded or replaced).
has the meaning given to it in the Agreement or, if not set forth in the Agreement, means the websites, mobile applications and/or other digital media properties owned or operated by the Publisher and accessible through the Markpoint Services or via which Personal Data used in connection with the Markpoint Services is collected.
has the meaning given to it in the Agreement or if not set forth in the Agreement, means the ad services provided by Markpoint to Publisher in accordance with and as described in the Agreement.
means technologies used to store or gain access to data stored on a user’s device, including (as applicable), cookies, mobile SDKs, browser cache, unique identifiers, web beacons, pixels and/or similar tracking technologies.
Data subject, Processing and Process:
shall have the meanings given to them in EU Data Protection Law.
Scope of processing
Relationship of the parties
The parties acknowledge that to the extent the Data contains Personal Data, each party shall process such data as a separate and independent Controller and in Markpoint’s case, only for the Permitted Purposes.
Neither Markpoint nor its Demand Partners has a direct relationship with any data subject visiting the Publisher Properties or viewing ads delivered to the Publisher Properties through the Markpoint Services. Accordingly, in each case where consent is the lawful basis for processing Personal Data and/or required for use of Tracking Technologies pursuant to the Privacy Requirements, Publisher agrees that it shall be responsible for obtaining all necessary consents from the relevant data subjects on behalf of Markpoint and applicable Demand Partners to lawfully permit Markpoint and all applicable Demand Partners to: (i) collect, process and share Data via the Markpoint Services for Permitted Purposes; and (ii) use Tracking Technologies in order to collect Data in connection with the performance of the Markpoint Services. Publisher represents and warrants that it shall, at all times maintain and make operational on Publisher Properties a mechanism for obtaining and recording such consent and that enables such consent to be withdrawn, in accordance with applicable Privacy Requirements. For users located in the EEA, Markpoint is registered with and supports the IAB Transparency and Consent Framework (“Industry Framework”).
Prohibited Data Sharing
Publisher shall not include or launch any Publisher Property on any of the Markpoint Services if such Publisher Property is directed at or likely to be accessed by any data subject that is deemed a child under applicable Privacy Requirements of the country in which the child resides, and Publisher shall flag within the Markpoint Services or inform Markpoint in writing prior to launching any of such Publisher Properties on any of the Markpoint Services; and/or pass to Markpoint or its Demand Partners any Personal Data of any data subject that is deemed a child under applicable EU Data Protection Law.
If Publisher is unable to comply with its consent and notice obligations under the Agreement (including this Addendum) in respect of the Data, Publisher shall promptly notify Markpoint.
Co-operation and Data Subject Rights
The parties shall, on request, provide each other with all reasonable and timely assistance (at their own expense) and co-operation to enable the other party to comply with its obligations under the Privacy Requirements, including in order to enable the other party to respond to: (i) any request from a data subject to exercise any of its rights under EU Data Protection Law (including its rights of access, correction, objection, erasure and data portability, as applicable) in relation to the Data; and (ii) any other correspondence, enquiry or complaint received from a data subject, regulator or other third party in connection with the processing of the Data (“Correspondence”). Each party shall promptly inform the other if it receives any Correspondence directly from a data subject in relation to the Data. Subject to obligations of confidentiality and polices on disclosure of information, where a party has a concern that the other party has not complied with this Addendum, the parties agree to exchange information to ascertain the cause of such non-compliance and take reasonable steps to remediate.
To the extent that Markpoint processes (or causes to be processed) any Personal Data protected by EU Data Protection Law and/or originating from the EEA (including the United Kingdom) and/or Switzerland (“EEA Personal Data”) in a country outside of the EEA and/or Switzerland (as applicable), it shall first take all such measures as are necessary to ensure an adequate level of protection for such EEA Personal Data in accordance with the requirements of EU Data Protection Law. For these purposes, the parties acknowledge and agree that Markpoint shall provide adequate protection for any EEA Personal Data by virtue of Markpoint having self-certified its compliance with the Privacy Shield Framework. Markpoint agrees to protect EEA Personal Data in accordance with the requirements of the Privacy Shield Principles. In the event Markpoint’s Privacy Shield certification lapses or is deemed invalid, the parties shall promptly, and in any event as soon as is possible, work together in good faith to put in place an alternative transfer mechanism to ensure appropriate safeguards for the EEA Personal Data in accordance with the Privacy Requirements.
Both parties shall implement appropriate technical and organizational measures to protect the copy of the Data in their possession or control (i) from accidental or unlawful destruction, and (ii) loss, alteration, unauthorised disclosure of, or access to the Data.
Except for the changes made by this Addendum, the Agreement remain unchanged and in full force and effect. If there is any conflict between any provision in this Addendum and any provision in the Agreement, this Addendum controls and takes precedence. With effect from the effective date, this Addendum is part of, and incorporated into the Agreement. To the extent there are any prior agreements with regard to the subject matter of this Addendum, this Addendum supersedes and replaces such prior agreements. This Addendum shall survive termination or expiry of the Agreement. Upon termination or expiry of the Agreement Markpoint may continue to process the Data provided that such processing complies with the requirements of this Addendum and the Privacy Requirements. This Addendum may be executed in counterparts, each of which shall be deemed to be an original, but all of which, taken together, shall constitute one and the same agreement. This Addendum may be executed via a recognized electronic signature service or delivered by facsimile transmission, or may be signed, scanned and emailed, and any such signatures shall be treated as original signatures for all applicable purposes.