This Data Processing Addendum (“DPA”) is incorporated by reference into the Terms and Conditions of the Publisher Program (“T&Cs”) and all current and future amendments and related orders by and between you (“Publisher” or “Controller”) and Mobidea (“Company” or “Processor”), and collectively constitute the “Agreement”. This DPA is supplemental to the Agreement and sets out the terms governing the processing of Personal Data by Company on behalf of Publisher under the Agreement.
The purpose of this DPA is to ensure such processing is conducted in accordance with applicable laws, including the Data Protection Laws, and with due respect for the rights and freedoms of individuals whose Personal Data are processed. The term of this DPA shall follow the term of the Agreement.
1.1 Capitalized terms used but not otherwise defined herein shall have the same meaning as set forth in the Agreement.
1.2 “Data Protection Laws” means the General Data Protection Regulation (“GDPR”) (EU 2016/679) and all applicable legislation relating to data protection and privacy, including without limitation all local laws, regulations and secondary legislation, together with any national implementing laws, as amended or updated from time to time.
1.3 The terms “Controller”, “Data Subject”, “Personal Data”, “Processor” and “Processing” as used in this DPA have the meanings given in the GDPR.
2.1 Compliance with Data Protection Laws. Both parties will comply with all applicable requirements of the Data Protection Laws.
2.2 Details of the Processing. The subject matter and duration of processing, nature and purpose of processing, specific types of Personal Data that Company will process and categories of Data Subjects whose Personal Data will be processed are set forth in Schedule 1 (Details of the Processing).
2.3 Roles of the Parties. The parties acknowledge that, under the Data Protection Laws, Company is the data processor and Publisher is the data controller or processor, as applicable, of Personal Data.
2.4 Authorisation by Third Party Controller. If Publisher is a processor, Publisher warrants to Company that Publisher’s instructions and actions with respect to Personal Data, including its appointment of Company as another processor, have been authorised by the relevant controller.
2.5 Publisher Instructions. Publisher instructs Company to process Personal Data:
2.6 Company’s Compliance with the Instructions. Company shall collect, process and use Personal Data only within the scope of Publisher’s instructions. Company may process Personal Data other than on the instructions of Publisher if it is required under applicable law to which Company is subject. Where Company is relying on applicable law as the basis for processing Personal Data, Company shall promptly notify Publisher of this before performing the processing required by the applicable law unless such applicable law prohibits Company from so notifying Publisher. If Company believes or becomes aware that any of Publisher’s instructions conflict with any Data Protection Laws, Company shall inform Publisher promptly and cease all processing (other than merely storing and maintaining the security of the affected Personal Data) until such time as Publisher issues new instructions with which Company is able to comply. If this provision is invoked, Company will not be liable to Publisher under the Agreement for any failure to perform the Services until such time as the Publisher issues new instructions in regard to the processing.
5.1 Consent to Subprocessor Engagement. Company shall be entitled to engage third-party processors (“Subprocessors”) to fulfil its obligations defined in the Agreement only with Publisher’s written consent. Publisher hereby consents to Company appointing the third parties and affiliated companies listed at mobidea.com/lp as Subprocessors of Personal Data under this DPA.
5.2 Requirements for Subprocessor Engagement. Company will execute contracts imposing data protection obligations on its Subprocessors that are at least equivalent to those data protection obligations imposed on Company under this DPA. As between Publisher and Company, Company shall remain fully liable for all acts or omissions of any Subprocessor appointed by it pursuant to this Section 5.2.
5.3 Objection to New Subprocessors. If Company engages a new Subprocessor, Company will notify Publisher by updating its list of Subprocessors located on its website and informing Publisher of the change via email or the use of Company Platform. Publisher has the right to object to the engagement of new Subprocessors within 30 days after being notified, provided that the objection is based on reasonable grounds. If Publisher and Company are unable to resolve such objection, the parties will work together to find a mutually agreeable solution.
6.1 Except as stated in this DPA, the Agreement will remain in full force and effect. If there is a conflict between the Agreement and this DPA, the terms of this DPA will control as it relates to processing of Personal Data.
6.2 Where individual provisions of this DPA are invalid or unenforceable, the validity and enforceability of the other provisions of this DPA shall not be affected.
6.3 The party agreeing to this DPA as Publisher represents that it is authorized to agree to and enter into this DPA for, and is agreeing to this DPA solely on behalf of, the Publisher.
6.4 Any claims brought under this DPA shall be subject to the Terms and Conditions of the Publisher Program, including but not limited to, the exclusion and limitations set forth in the Agreement.
1 Subject Matter: The subject matter of the data processing under this DPA is the provision of the Services and any related technical support to Publisher.
2 Duration: Personal Data will be processed for the duration of the Agreement, in accordance with its terms, except as otherwise required by applicable law.
3. Purpose: The purpose of the processing of Personal Data under this DPA is the provision of the Services and any related technical support to Publisher and the performance of Company’s obligations under the Agreement and any applicable order, or as otherwise agreed by the parties in mutually executed written form.
4. Nature of the Processing: Company provides the Services as described in the Agreement, which involve processing Personal Data upon the instruction of the Publisher in accordance with the terms of the Agreement and any applicable order.
5. Categories of Data Subjects: Personal Data relates to the following categories of data subjects:
6. Types of Personal Data: Identification and contact information, including name and email address, the extent of which is determined and controlled by the Publisher in its sole discretion; financial information; other Personal Data such as navigational data (including website usage information), system usage data, application integration data; and other information about Publisher’s end users, such as online identifiers, including IP address, cookie identifier, device identifier, and advertising identifier.
7. Sensitive and Special Categories of Personal Data: Publisher shall not send Company any Sensitive or Special Categories of Personal Data, as defined in the Data Protection Laws.