Personal Data Processing Addendum on Behalf of a Controller/Business.
Customer and AdsWizz Inc. and its subsidiaries, collectively hereinafter referred to as “AdsWizz” (AdsWizz and Customer are collectively referred to herein as the “Parties”).
The Parties hereby agree as follows:
1. Subject Matter of the Addendum
1.1 This Data Processing Addendum (“Addendum”) governs the collection and processing of Personal Data/Personal Information by AdsWizz as Processor/Service Provider for and on behalf of Customer as the Controller/Business. AdsWizz’s collection and processing of Personal Data/Personal Information is based on Customer’s instructions relating to the products and services provided by AdsWizz to Customer pursuant to the Integrated Advertising Inventory Agreement, AudioMax Publisher Agreement, and/or Integrated Advertising Platform Agreement, as applicable (the “Principal Agreement(s)”). Additional details on the collection and processing of Personal Data/Personal Information are described in Exhibit A, “Data Processing Instructions”, attached to this Addendum and incorporated herein by
1.2 To the extent that the AdsWizz subsidiary, Audio Ventures Inc. d/b/a Simplecast, processes Personal Data in the provision of Simplecast services under the Principal Agreement to Customer’s end users located in the European Economic Area, the Simplecast Data Protection Addendum (“Simplecast DPA”), located at simplecast.com/dpa, shall apply to such processing in addition to this Addendum and is hereby incorporated by reference. In the event of a conflict between the Simplecast DPA and this Addendum, the terms of the Simplecast DPA shall govern solely with respect to the subject matter therein.
1.3 This Addendum is made and entered into as of the date of the last signature below and is part of the Principal Agreement. Any term in this Addendum regarding the Parties’ respective obligations under CCPA applies only to the extent that CCPA applies to any Personal Information being processed by AdsWizz on Customer’s behalf under the Principal Agreement.
1.4 The terms used in this Addendum shall have the meanings set forth in this Addendum. Capitalized terms not otherwise defined herein shall have the meaning given to them in the Principal Agreement, followed by the GDPR or CCPA as applicable.
1.5 Except as modified by this Addendum, the terms of the Principal Agreement shall remain in full force and effect.
2. Definitions and Interpretation
“AdsWizz Cookie” means a cookie, pixel tag or similar technology provided by AdsWizz to Customer, including through the implementation of a code snippet or script provided by AdsWizz.
“AdsWizz Platform Interface” means the interface to any information system made available to Customer in order to benefit from the Services.
“Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with a Party. For the purposes of AdsWizz, “Affiliates” shall be construed solely as AdsWizz Affiliates.
“AdsWizz Affiliates” means AdsWizz Inc.’s wholly-owned subsidiaries.
“Anonymized Data” means Customer Personal Data/Personal Information that has been rendered anonymous, as defined by GDPR or CCPA, as applicable, in a manner to prevent it from being attributable to, or able to be reassociated with, an identified or identifiable person.
“Applicable Laws” means the federal, national, international and state laws, rules and regulations applicable to the Parties, in the performance of their respective duties and obligations under the Principal Agreement, including without limitation, GDPR and CCPA.
“Authorized Independent Controllers” means entities that process Customer Personal Data in order to enable AdsWizz to provide the Services to Customer under the Principal Agreement, but do not agree to process Personal Data as a Sub-Processor subject to Exhibit A.
“Business” is as defined in the CCPA.
“Business Purpose” is as defined in the CCPA.
“California Consumer Privacy Act of 2018” or “CCPA” means the California Consumer Privacy Act at Cal. Civ. Code Section 1798.100-1798.199 and any subsequent legislation including any amendments or regulations.
“Commission” is as defined in the GDPR.
“Consumer” is as defined in the CCPA.
“Controller” is as defined in the GDPR.
“Customer” means the individual or legal entity that has executed the Principal Agreement and this Addendum.
“Data Protection Laws” means Applicable Laws governing data protection and privacy.
“Data Subject” means (i) an identified or identifiable natural person who is in the EEA or whose rights are protected by the GDPR; or (ii) a “Consumer” as the term is defined in the CCPA.
“Data Subject Rights” means the rights of Data Subjects identified in the GDPR and/or the CCPA.
“European Economic Area or EEA” means the European Union’s member countries and Iceland, Lichtenstein and Norway.
“GDPR” means the General Data Protection Regulation no. 2016/679.
“Member State” is as defined in the GDPR.
“Personal Data” is as defined in the GDPR.
“Personal Data Breach” is as defined in the GDPR.
“Personal Information” is as defined in the CCPA.
“Processing” is as defined in the GDPR and shall be read to include that term as it is defined in the CCPA, as applicable.
“Processor” is as defined in the GDPR. “Sell” is as defined in the CCPA.
“Service Provider” is as defined in the CCPA.
“Services” means the services and products provided by AdsWizz in connection with the Principal Agreement or any other services provided by AdsWizz during the term of the Principal Agreement in order to enable the delivery of the services.
“Sub-Processor” means a party (including any third party of AdsWizz subject to Section 5.1, and excluding Authorized Independent Controllers and Third Parties) appointed by AdsWizz to Process Personal Data on behalf of Customer in connection with the Services and the Principal Agreement. For purposes of this Addendum, Service Providers engaged by AdsWizz to Process Personal Information will be deemed Sub-Processors.
“Supervisory Authority” means either (as applicable): (i) an independent public authority which is established by an EU Member State under Article 51 of the GDPR; or (ii) the California Attorney General.
“Third Party” and its cognates is as defined in the CCPA.
3. Purpose of Processing
Customer acknowledges and agrees that: (i) Customer (or an Affiliate on whose behalf Customer is authorized to provide instructions to AdsWizz) is the Controller of the Data Subjects, Personal Data Processed by AdsWizz in AdsWizz’s performance of the Services; and (ii) AdsWizz shall act as Customer’s Processor in AdsWizz’s performance of the Services. For the purposes of the CCPA, Customer acknowledges and agrees that AdsWizz is a Service Provider and Customer is a Business in relation to Personal Information that AdsWizz Processes on Customer’s behalf under the Principal Agreement. Unless otherwise required under Applicable Laws, the Controller shall provide AdsWizz with access to the Customer Personal Data and AdsWizz shall Process any Personal Data in AdsWizz’s capacity as a Processor in accordance with Customer’s reasonable written instructions and/or as described in the Data Processing Instructions attached as Exhibit A.
If AdsWizz is required by Applicable Laws to Process Customer Personal Data, then AdsWizz shall, to the extent permitted by Applicable Laws, inform Customer of such legal requirement before Processing such Customer Personal Data.
For purposes of CCPA, Customer (as a Business) directs AdsWizz to collect, retain, use disclose, and/or otherwise process Personal Information: (a) for the fulfillment of AdsWizz’s obligations to perform the Services pursuant to the terms of the Principal Agreement; (b) the fulfillment of AdsWizz’s obligations set forth in this Addendum; (c) a Business Purpose described in the Principal Agreement and/or this Addendum; and/or (d) as otherwise directed by Customer in writing.
Customer acknowledges and agrees that AdsWizz may collect, retain, use, disclose and otherwise Process Personal Information to: (a) collect, use, retain or share Personal Information that has been aggregated or de- identified; (b) comply with Applicable Laws; (c) comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state or local authorities; (d) detect data security incidents or protect against fraudulent or illegal activity; (e) cooperate with law enforcement agencies concerning conduct or activity that Customer, AdsWizz or a third party reasonably and in good faith believes may violate federal, state, or local law; and/or (f) exercise or defend legal claims.
AdsWizz shall not process Personal Data/Personal Information for any purpose other than for the purposes set forth in Exhibit A and this Section. AdsWizz agrees that it will not: (i) Sell Personal Information; or (ii) retain, use, or disclose Personal Information for any commercial purpose other than for the specific purposes set forth herein, unless instructed to do so in writing by Customer; or (b) outside of the direct business relationship between AdsWizz and Customer, except to the extent that the activity creates utility across several Publishers who are AdsWizz Customers and is necessary to carry out certain operational Business Purposes for Customers (e.g. frequency capping and unique identification of AdWave users) provided such activity constitutes a Business Purpose and is not used to build or modify household or consumer profiles to use in providing services to another business, or to correct or augment data acquired from another source.
The Parties acknowledge and agree that they do not intend to engage in the Processing of any special categories of Personal Data (as defined in Articles 9 and 10 of the GDPR) under the Principal Agreement. Customer shall take all necessary measures to prevent any such sensitive Personal Data from being provided or made available to AdsWizz. If such transfer occurs, it shall be Customer’s sole responsibility to comply with the conditions relating to the processing of such special categories of data under the GDPR, including, without limitation, Article 9.
4. Legality of processing
Customer represents, warrants, and covenants that it is solely responsible for assessing the lawfulness of Processing and meeting all the legal requirements regarding the Processing and sharing of Data Subjects’ Personal Data/Personal Information (as applicable) with AdsWizz and AdsWizz’s Sub-Processors according to Data Protection Laws. Customer represents and warrants that whenever acting in its capacity as controller: (a) it has collected all Personal Data/Personal Information in accordance with applicable Data Protection Laws; (b) the Processing of Personal Data/Personal Information by AdsWizz including by its Sub-Processors or Authorized Independent Controllers in accordance with this Addendum will not violate applicable Data Protection Laws; and (c) Customer will take all steps necessary to ensure it achieves the foregoing, including without limitation, by providing Data Subjects with appropriate privacy notices, obtaining required consent, and ensuring that there is a legal basis for Processing Personal Data.
Customer further represents and warrants that it (i) has gathered, as applicable, the explicit consent of the Data Subject for the Processing of Data Subject’s Personal Data under GDPR and/or posted a “Do not sell my personal information” link on its websites, (ii) shall communicate, in either case, the Data Subject’s consent/opt-out to AdsWizz; and (iii) shall honor access, deletion, opt-in and opt-out rights and requests.
Customer further acknowledges and agrees that it shall: (x) be solely responsible for any information Customer provides to AdsWizz, including the legality of such information, and ensure that Customer has all necessary rights and permissions to provide such information to AdsWizz and for AdsWizz to collect, retain, use, disclose, or otherwise process Personal Data/Personal Information, and (y) notify AdsWizz of a Data Subject’s withdrawal of consent under GDPR or a Consumer’s opt-out of the sale of Personal Information under CCPA, provide AdsWizz with updates on any modifications to the Data Subject’s Personal Data and Data Subject’s exercise of rights under Applicable Law, and provide such information in an interoperable format and in a manner reasonably acceptable to AdsWizz. AdsWizz shall not be liable for any Processing contrary to a Data Subject’s choice if Customer fails to comply with such requirements.
5. Sub-processors; Authorized Independent Controllers/Third Parties
- 1 Sub-processors
(a) AdsWizz will, and will require any Sub-Processors to, only Process Customer Personal Data/Personal Information according to instructions which are reasonably equivalent to Customer’s documented instructions as set forth in Exhibit A of this Addendum and the Principal Agreement, or as otherwise required by Applicable Law. Customer instructs and authorizes AdsWizz and each AdsWizz Affiliate to instruct its Sub-Processors to: (i) process Personal Data/Personal Information, including, but not limited to, engaging other Sub-Processors to Process Customer Personal Data/Personal Information in order to provide the Services, including, without limitation, enabling and optimizing the Services; and (ii) engage any Sub-Processor on behalf and for the benefit of Customer. Customer represents and warrants that it is, and will at all times during the term of the Principal Agreement be, permitted to authorize such instruction. AdsWizz may continue to use Sub-Processors already engaged by AdsWizz as of the date of this Addendum. AdsWizz’s current Sub-Processors are listed in Exhibit B to this Addendum. AdsWizz shall have the right to update the list of Sub-Processors any time by publishing an updated list of Sub-Processors on the AdsWizz Platform Interface.
(b) AdsWizz shall, to the extent required by Data Protection Laws and as applicable with respect to Customer Personal Data, enter into a written agreement with Sub-Processors that includes terms substantially equivalent to those set out in this Addendum as it pertains to such Personal Data.
(c) Sub-Processors shall have the right to process Customer Personal Data/Personal Information based on such Sub-Processor’s technical and organizational measures provided such technical and organizational measures ensure a level of security appropriate to the risk taking into account the circumstances of the Processing.
5.2 Authorized Independent Controllers and Third Parties
- Customer acknowledges and agrees that Authorized Independent Controllers/Third Parties may Process Personal Data/Personal Information in a manner that is inconsistent with or different from the Data Processing Instructions set forth in Exhibit A. AdsWizz does not take responsibility for any Processing by Authorized Independent Controllers/Third Parties of Customer Personal Data/Personal Information that does not comply with Data Protection Laws or contrary to any agreement such parties have with AdsWizz relative to the Services.
- Customer shall authorize AdsWizz to use Authorized Independent Controllers/Third Parties by providing instructions to AdsWizz either in writing or through the AdsWizz Platform Interface.
- If Customer wishes to amend the Authorized Independent Controllers/Third Parties which Customer has authorized AdsWizz to use to Process Customer Personal Information/Personal Data, Customer shall be responsible for assessing the impact on the Processing of Personal Information/Personal Data, and for its own compliance with all Data Protection Laws, including, but not limited to, changes to such Authorized Independent Controllers/Third Parties privacy policy, privacy notice, records of processing, and/or lawfulness of A list of current Authorized Independent Controllers/Third Parties is available in Exhibit C to this Addendum.
6. Authorization to Share Customer Personal Data/Personal Information
Customer acknowledges and agrees that AdsWizz may Process and share Customer Personal Data/ Personal Information with the following: (a) Sub-processors; (b) Independent Controllers; (c) where AdsWizz is required to disclose Personal Data/Personal Information by law or regulation e.g. on the basis of a court order, subpoena, or other request by a governmental authority and such law or regulation is not in conflict with Applicable Laws; and (d) as reasonably necessary for the provision of the Services and consistent with the Principal Agreement.
7. Transfer of Personal Data outside of the EEA
If the Customer is subject to GDPR, AdsWizz shall not transfer Customer Personal Data to, or Process such Customer Personal Data in, a location outside of the EEA (in each case referred to hereafter as a “Transfer”) without Customer’s prior written consent, which consent shall not be unreasonably withheld, conditioned or delayed. Customer hereby consents to any transfer of Customer Personal Data from or to AdsWizz from or to an Affiliate of AdsWizz, conditional upon compliance by AdsWizz and the relevant Affiliate with the terms of this Addendum.
Customer hereby consents to Transfers outside of the EEA where: (i) AdsWizz or its Sub-Processor (as the case may be) has entered into standard contractual clauses or the equivalent thereof for the transfer of Personal Data to Processors established in third countries, as approved by the European Commission, with Customer (or a Customer Affiliate) as the data exporter; (ii) AdsWizz or its Sub-Processor (as the case may be) is certified under a legally approved data transfer framework where certification or compliance with such framework allows cross-border transfer of Customer Personal Data; (iii) where such Transfer is subject to an adequacy decision by the European Commission; or (iv) where the Transfer otherwise complies with Data Protection Law.
8. Security of Processing
AdsWizz shall implement technical and organizational measures for the processing of Customer Personal Data/Personal Information that it deems appropriate, including, as appropriate, the measures referred to in Article 32(1) of the GDPR and the measures referred to in CCPA.
In assessing the appropriate level of security, AdsWizz shall take into account the risks that are presented by such Processing, in particular risks related to Personal Data Breaches.
Customer acknowledges that it (not AdsWizz): (i) controls the nature and contents of the Personal Data/ Personal Information and implements its own technical and organizational measures appropriate to the risk of Processing; and (ii) acts as its own system administrator and controls users’ Personal Data/Personal Information.
Subject to the terms of the Principal Agreement, Customer shall indemnify and hold harmless AdsWizz and its Sub-Processors against all losses, fines, and regulatory sanctions arising from any claim by a third party (including a Supervisory Authority) arising out of Customer’s negligence, willful misconduct, and/or any breach of this Addendum by Customer.
9. Security Incidents and Notices to Third Parties
AdsWizz will notify Customer promptly if AdsWizz becomes aware of a Personal Data Breach affecting Customer Personal Data/Personal Information. AdsWizz’s notification of or response to a Personal Data Breach shall not be construed as an acknowledgment by AdsWizz of any fault or liability with respect to the Personal Data Breach. AdsWizz shall reasonably cooperate with Customer and provide commercially reasonable assistance as may be required to comply with any reporting obligations under GDPR and CCPA due to such Personal Data Breach. Any such assistance required by AdsWizz shall be at Customer’s expense.
10. Assistance
AdsWizz shall implement appropriate technical and organizational measures to assist Customer with Customer’s obligations regarding Data Subjects’ rights requests under Chapter III of GDPR, CCPA, and other Data Protection Laws. Customer acknowledges and agrees that any assistance required by AdsWizz beyond the requirements of Applicable Laws shall be at Customer’s expense. For purposes of the CCPA, Customer shall be solely responsible for responding to requests to exercise Data Subjects’ rights requests and that AdsWizz shall have no responsibility to respond directly to an individual on Customer’s behalf, absent written instructions from Customer.
11. Deletion or return of Customer Personal Data
AdsWizz shall retain copies of any Customer Personal Data for a period of at least ninety (90) days (the “Retention Period”) from the date of termination of any Services involving the Processing of Customer Personal Data (the “Termination Date”). On expiry of the Retention Period, Customer may direct AdsWizz to promptly delete and procure the deletion of all copies of such Customer Personal Data at Customer’s request.
During the Retention Period, Customer may, in its sole discretion, provide written notice to AdsWizz requiring AdsWizz to: (a) return a complete copy of all Customer Personal Data to Customer by secure file transfer in such format as is reasonably disclosed to Customer by AdsWizz; and (b) save (as otherwise set forth in this Section), delete and procure the confirmation of deletion of all other copies of Customer Personal Data Processed by AdsWizz or an AdsWizz Sub-Processor.
AdsWizz and each Sub-Processor may retain Customer Personal Data/Personal Information to the extent required by Applicable Laws for such period of time required by Applicable Laws; provided, however, that AdsWizz ensures the confidentiality of all such Customer Personal Data/Personal Information and that such Customer Personal Data/Personal Information is only Processed as is necessary for the purpose(s) specified in the Applicable Laws requiring the storage of Personal Data/Personal Information and for no other purpose.
AdsWizz shall, at the request of the Customer, provide written certification to Customer that AdsWizz has fully complied with this Section within thirty (30) days of the expiry of the Retention Period.
12. Right to Assess
Upon at least sixty (60) days’ prior written notice by Customer, AdsWizz shall, where required by Data Protection Laws, grant Customer (or a mutually acceptable independent auditor) permission to perform, at Customer’s expense, an assessment, audit, examination or review (an “Assessment”) of all relevant controls in AdsWizz’s organizational, technical environment relating to the Customer Personal Data Processed pursuant to the Principal Agreement. Such Assessment shall be carried out no more than once per year. AdsWizz shall cooperate with such Assessment by providing reasonable access to knowledgeable personnel, physical premises, documentation, infrastructure and application software that Processes, stores or transfers Customer Personal Data pursuant to the Principal Agreement, demonstrating how AdsWizz complies with its obligations related to privacy and data security under the Principal Agreement (including this Addendum). In addition, upon Customer’s prior written request, AdsWizz shall provide Customer with the results of any audit performed by or on behalf of AdsWizz that assesses the effectiveness of AdsWizz’s information security program as relevant to the security and confidentiality of Customer Personal Data AdsWizz Processes on Customer’s behalf during the course of the Principal Agreement. AdsWizz acknowledges and agrees that Supervisory Authorities may request information from AdsWizz and carry out investigations in the form of data protection audits of AdsWizz, in accordance with Applicable Laws (“Authority Assessments”). Any information or documentation provided by AdsWizz to Customer under this Section shall be considered AdsWizz Confidential Information and subject to the confidentiality provisions in the Principal Agreement To the extent legally permissible, AdsWizz shall notify Customer promptly, providing full details of any AdsWizz concerns, if AdsWizz believes any request by Customer under this Section would infringe Applicable Laws.
13. Anonymization
Customer agrees that AdsWizz shall be permitted to Process the Customer Personal Data/Personal Information in order to create Anonymized Data, which AdsWizz is entitled to retain and use for its own purposes. Customer further agrees that in the event that it requires AdsWizz to delete Customer Personal Data/ Personal Information, the deletion of the Customer Personal Data/Personal Information may be effectuated and deemed complete through an anonymization process resulting in Anonymized Data.
14. Cookies
Customer shall not place, or cause to be placed, an AdsWizz Cookie on a user’s computer, mobile phone or other terminal device unless it has collected such user’s consent which consent complies with the requirements of applicable Data Protection Laws (a “Cookie Consent”). Customer shall maintain records of Cookie Consents that it collects and shall provide AdsWizz with evidence of any Cookies Consent as requested by AdsWizz from time to time. Customer acknowledges that servers owned and operated by third parties may be used in connection with Advertisement targeting, delivery, measurement and reporting hereunder, including as may be required by Advertisers, and that AdsWizz and such third parties use cookies, beacons and other technologies in connection with the foregoing. Customer shall disclose in the privacy policies of each Property that technologies such as cookies and web beacons may be used on such Property by third party advertising companies to determine end user interests and characteristics, and deliver advertising based on those interests and characteristics, and that users may visit http://www.aboutads.info and http://www.networkadvertising.org (or other industry standard organization as approved by AdsWizz) for more information about such practices, and how to opt-out from the use of such technologies. Customer shall observe any AdsWizz requests to comply with any laws, rules, regulations, industry self-regulatory efforts or best practices relating to end user privacy.
15. Miscellaneous
- Conflicts
In the event of any conflict between this Addendum and the Principal Agreement between the Parties, unless otherwise expressly indicated here, the terms of this Addendum will govern solely with respect to the subject matter hereof.
15.2. Changes in Data Protection Laws
AdsWizz may notify the Customer in writing from time to time of any amendments to this Addendum resulting from a change in Data Protection Laws, including, without limitation, to the generality of the foregoing, any variations which are: (i) required as a result of any changes to UK Data Protection Laws following any exit of the UK from the EU; or (ii) required to take account of any new data transfer mechanism. Any such amendments shall take effect thirty (30) calendar days after written notice is sent by AdsWizz.
15.3. Governing Law
This Addendum and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of Romania for Customers that are legally incorporated in the EEA and in accordance with the laws of New York for Businesses that are legally incorporated elsewhere.
15.4. Severability
If any provision, or portion thereof, of this Addendum is determined by a court of competent jurisdiction to be invalid, illegal or unenforceable, such determination will: (i) not impair or affect the validity, legality, or enforceability of the remaining provisions of this Addendum, and each provision, or portion thereof, is hereby declared to be separate, severable, and distinct and (ii) amended as necessary to ensure its validity and enforceability, while preserving the intentions of the Parties as closely as possible.
15.5. Integration
This Addendum constitutes the entire understanding between AdsWizz and Customer relating to the subject matter hereof and supersedes and cancels all prior written and oral agreements and understandings with respect to the subject matter of this Addendum.
EXHIBIT A – Data Processing Instructions
In accordance with the Principal Agreement by and between Customer and AdsWizz, AdsWizz Processes Personal Data/Personal Information for the purposes of providing Customer advertising and/or audience analytics solutions and complying with other reasonable written instructions provided by the Customer, where such instructions are consistent with the terms of the Principal Agreement.
These Data Processing Instructions describe Customer’s instructions relating to the data processing activities to be carried out by AdsWizz under the Principal Agreement. Any capitalized terms used herein shall have the meaning set out in the Principal Agreement and/or in the Addendum.
1. Subject matter
The subject matter of the data processing includes the Services described in the Principal Agreement, in particular AdsWizz’s provision of the advertising and/or audience analytics solutions for digital audio to Customer.
2. Duration
AdsWizz shall Process Personal Information/Personal Data during the term of the Principal Agreement.
3. Authorized Processing Activities
Customer instructs and authorizes AdsWizz to Process Personal Information/Personal Data for the purposes of providing Customer the advertising and/or audience analytics solutions pursuant to the Principal Agreement, in particular:
- ensuring that the Data Subject is not exposed to the same advertisement too often or up to a specified amount of occurrences (i.e., frequency capping);
- ensuring that and/or evaluating whether the Data Subject is exposed to advertisements in the most appropriate language;
- ensuring that and/or evaluating whether the Data Subject is exposed to advertisements most relevant to the approximate location where the Data Subject is – or believed to be – located;
- ensuring that and/or evaluating whether Data Subject is exposed to advertisements most relevant to the Data Subject propensity segments to which the Data Subject is believed to belong;
- auditing and/or validating that the Data Subject is a natural person instead of a robot or a fraudulent system and whether the Data Subject is effectively exposed to one or more advertisements;
- analyzing, auditing, measuring the exposure, efficacy and effectiveness of the advertisements to which the Data Subject is exposed and consequently selecting more relevant advertisements for the Data Subject;
- assessing the type of device in use, and adapting the formats and contents of advertisements to the capabilities of the device;
- undertaking internal research for technological development and demonstration; and/or
- generally, improving the Services AdsWizz provides, including, but not limited to, diagnosing service issues and providing
4. Authorized Data and Data Categories
Except when instructed otherwise by the Customer, AdsWizz is authorized to process the following data:
- User IP Address
If User accesses a web browser and/or HTTP-connected device in order to use Customer’s music/ podcasting site/services, AdsWizz may process the following data:
- User Device Operating System and Language
- User Device type (aka “User-Agent”)
- User AdsWizz Cookies OAID, OAGEO, SessionID
- User AdsWizz Listener ID
If Data Subject makes uses a mobile device or mobile application in order to use the Customer’s music/ podcasting services, AdsWizz may process the following data:
- User-resettable Advertising ID (g., IDFA, AAID, MAID)
- User Device GPS coordinates
- User AdsWizz Listener ID
If the Data Subject uses a device equipped with AdsWizz Ad Insertion SDK in order to use the Customer music/podcasting services, AdsWizz may process the following data:
- User Device listening mode and listening volume, e.g. “headset on”
- User Device accelerometer data and other User Device operating parameters
5. Authorized Sub-Processing and Categories of Sub-Processors
Customer authorizes AdsWizz to engage any Sub-Processor to carry out the processing of Personal Information/Personal Data as necessary for AdsWizz to provide the Services.
Customer authorizes AdsWizz to engage the following categories of Sub-Processors for the following purposes:
- When Customer enters into an “AudioMax Publisher Agreement” or an “Integrated Advertising Inventory agreement” with AdsWizz: third party advertising platforms, Demand-Side Platforms (“DSPs”), and Media Buying Platforms are used for the purpose of receiving bids to buy Customer’s media inventory and delivering the most relevant advertisements to the Data Subject, and the Data Subject propensity segments to which the Data Subject is believed to
- When Customer uses “Sonar”, “Sonar Demo”, “Sonar Behavioral”, “Sonar First”, “AudioGraph” or any other data-related features of any the AdsWizz Products or enters into an “AudioMax Publisher Agreement” or an “Integrated Advertising Inventory Agreement” with AdsWizz: Data Management Platforms and Cross-Device Resolution Platforms are used to confirm that the Data Subject is exposed to advertisements most relevant to the user propensity segments to which the Data Subject is believed to belong and/or for assessing which devices the Data Subject is believed to be using and subsequently adapting the formats and contents of advertisements according to the capabilities of the
- When Customer uses “Second Screen” and/or “Retargeting” features of any the AdsWizz Products or enters into an “AudioMax Publisher Agreement” or an “Integrated Advertising Inventory Agreement” with AdsWizz: Media Exchanges are used for the purpose of exposing the Data Subject to targeted advertisements on properties that may not be owned and/or operated by the Customer
- When Customer uses “Attribution Performance Analysis” and/or “Conversion Analysis” features any the AdsWizz Products or enters into an “AudioMax Publisher Agreement” or an “Integrated Advertising Inventory Agreement” with AdsWizz: Attribution Measurement platforms are used to analyze, audit, and measure the exposure, efficacy, and/or effectiveness of the advertisements to which the Data Subject is exposed and consequently selecting more effective advertisements for the Data
- When Customer uses the “third party tracking” and/or “brand safety” features of any of the AdsWizz products or enters into an “AudioMax Publisher Agreement” or an “Integrated Advertising Inventory agreement” with AdsWizz: third party ad-impression, viewability, brand safety and/or exposure tracking providers are used for the purpose of auditing, validating that the Data Subject is a natural person that has been or will be exposed to advertisements and is therefore not a robot or a fraudulent system, and/or counting the times the Data Subject is exposed to a particular
6. Prohibited Processing Activities for Customer
Customer shall not pass Personal Information/Personal Data to AdsWizz other than as listed in Section 4 of this Exhibit A, “Authorized Data and Data Categories” without prior agreement in writing from AdsWizz. Customer shall not pass to AdsWizz any directly identifiable data, including, without limitation, Data Subject email address, actual address of residence/domicile, legal name, and/or marital status.
If Customer collects and processes additional Personal Information/Personal Data first-party data about Data Subjects/Consumers, which are not listed in provision 4 “Authorized Data and Data Categories” and AdsWizz authorizes Customer to share such “Authorized First-Party Customer Data” with AdsWizz , Customer shall, along with other legally required disclosures, specify in the Customer’s explicit notice or privacy statement the following information:
- the nature of the additional First-Party Customer Data collected;
- the purpose of sending such additional First-Party Customer Data to AdsWizz;
- any link between the purposes for which the Personal Information/Personal Data have been collected and the purposes of the intended further processing by AdsWizz and its sub-contractors;
- the possible consequences of the intended further processing for data subjects; and
- the existence of the appropriate safeguards compatible to the purpose of
7. Prohibited Categories of Data
Both Customer and AdsWizz are prohibited from collecting and/or processing Personal Information/Personal Data of Data Subjects located in the European Union that contains: (i) racial or ethnic origin; (ii) political opinions; (iii) religious or philosophical beliefs; (iv) trade union membership; (v) genetic data; (vi) biometric data for the purpose of uniquely identifying a natural person; (vii) data concerning health; and/or (viii) data concerning a natural person’s sex life or sexual orientation.
In particular, both Customer and AdsWizz are prohibited from creating and/or using Ad-Delivery platform audience segments which enable Data Subjects located in the European Union to be targeted using such Personal Information/Personal Data and/or categories of Personal Information/Personal Data.
8. Tracking Providers of Customer’s own Choosing
When Customer elects to send Personal Data/Personal Information to entities of the Customer’s own choosing, which provide tracking services complementing the Services which AdsWizz provides (such entities are hereafter named “Tracking Providers”), such as but not limited to “3rd Party Tracking Providers”, “Brand Safety Providers”, “Attribution Performance Analysis Providers”, “Conversion Analysis Providers”, “Advertising Efficacy Auditors”, “Impression Tracking Providers”, “Viewability Analysis Providers”, “Auditability Analysis Providers”, either directly through the Customer’s own systems (“Client- Side Tracking”) or indirectly via AdsWizz’ systems (“Server-Side Tracking”), such Tracking Providers shall not be deemed Sub-Processors to AdsWizz but rather contractors to Customer acting on the Customer’s instructions. In particular, Customer shall be responsible for transmitting Consents of Data Subjects as well as Do Not Sell My Data/Opt-Out requests from Consumers to Tracking Providers, regardless of whether or not such Consents or Do Not Sell My Data/Opt-Out requests have already been transmitted to AdsWizz.
EXHIBIT B – Sub-Processors/Service Providers
- BeeswaxIO Corporation, 572 Grand Street, G1301, New York, 10002, United States
- TAPAD UK LIMITED, 40 Bernard St, London, WC1N 1LE, Great Britain
- TabMo SAS, 2 rue de Clichy, Paris, France
- Adobe Systems Incorporated, PO BOX 1670, San Jose, CA 95109-1670, United States
- Adsquare GmbH, Saarbrücker Straße 36, 10405 Berlin
- Lotame Solutions, Inc, 8850 Stanford Blvd Suite 4000 Columbia
- AdsWizz Belgium SPRL: Avenue du Port 86C, boîte 204 B-1000 Bruxelles
- AdsWizz RO SRL: 246C Calea Floreasca, SkyTower- 18, 20 & 35 floors, Bucharest, 1st district, Romania
- AdsWizz Limited: One Fetter Lane London EC4A1BR United Kingdom
EXHIBIT C – Customer Authorized Independent Controllers and/or Third Parties
- Amobee, Inc, 10121 Wateridge Circle, Suite 400, San Diego, CA 92121, United States
- MediaMath, Inc, Four World Trade Center, 150 Greenwich , New York, NY United States
- Google, Mountain View, California, United States
- Verizon Media, Los Angeles 13031 W Jefferson Blvd. Building 900, CA 90094 United States
- RTBIQ, Inc, 2081 Center St, Berkeley, CA 94704 United States
- The Trade Desk, Inc, 731 Sansome St 5th Floor San Francisco, CA, 94111, United States
- Appnexus, Inc, 28 W. 23rd Street, New York, New York, 10010 United States
- Amazon, Inc, Seattle, Washington, United States
- Adelphic LLC, 2722 Michelson Drive #100, Irvine, CA 92612 United States
- Conversant LLC, 101 N. Wacker Dr., 23rd Floor, Chicago, Illinois 60606 United States
- Cadreon LLC, 100 West 33rd Street, New York, NY 10001 United States
- Rubicon, The Rubicon Project, Inc., 12181 Bluff Creek Drive, 4th Floor, Los Angeles, CA 90094 United States
- Targetspot, Inc, 33 East 33rd Street, Ste 801 New York, 10016 United States
- AC Nielsen Company Limited, AC Nielsen House, London Road, Headington, Oxford, OX3 9RX United Kingdom
- Adobe Systems Incorporated, 345 Park Ave. San Jose, CA 95110-2704 United States
- Active Agent AG, Schwarzwaldstr. 78B, 79117 Frelburg, Germany
- AD, Markgrafenstraße 11, staircase B, floor 2, 10969 Berlin, Germany
- Akamai Technologies SARL, 94 Gulledelle, Brussels, 1200 Belgium
- Ando Media, LLC, P.O. Box 31001-2289 Pasadena, CA 91110-2289 United States
- DataXu, Inc, 281 Summer Street, Boston, MA 02110 United States
- LiveRamp, Inc. 225 Bush Street, 17th Floor, San Francisco, 94104 United States
- io, Inc., 150 Fayetteville Street Suite 1400 Raleigh, NC 27601 United States