Publisher Privacy and Data Protection Addendum

This Publisher Privacy and Data Protection Addendum (“Addendum“) forms part of the Publisher Terms and Conditions, or any other written Agreement between the Parties (“Principal Agreement“), between: publisher (“Publisher“) acting on your own behalf and as agent for each Publisher Affiliate; and (ii), Inc. (“Company“). Except as modified below, the terms of the Principal Agreement shall remain in full force and effect.

Whereas, Publisher collects, stores, and transfers Personal Data (defined below), and the Parties desire to set forth their respective obligations regarding the European Union General Data Protection Regulation 2016/679 (“GDPR”), both Parties agree to the following provisions:

In consideration of the mutual obligations between Company and Publisher regarding GDPR, which creates various data privacy and protection obligations on entities’ handling of Personal Data, the Parties hereby agree that the terms and conditions set out below shall be added as an Addendum to the Principal Agreement.

    1. Definitions

In this Addendum, the following terms shall have the meanings set out below:

    1. Affiliate Publisher Websites” means any third party entity (including any Publisher Affiliate) appointed by or on behalf of Publisher or any Publisher Affiliate, to process Personal Data on behalf of Company in connection with the Principal Agreement; and
    2. Applicable Laws” means (a) European Union or Member State laws with respect to any Personal Data in respect of which Publisher and Company are subject to EU Data Protection Laws; and (b) any other applicable law with respect to any Personal Data in respect of which any Company Group Member is subject to any other Data Protection Laws;
    3. Controller” means the entity which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, as defined in GDPR.
    4. Data Protection Laws” means EU Data Protection Laws and, to the extent applicable, the data protection or privacy laws of any other country;
    5. Data Subject” means an individual who is the subject of Personal Data.
    6. EU Data Protection Laws” means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR.
    7. Personal Data” means means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
    8. Processor” means Company.
    9. Publisher Affiliate” means an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Vendor, where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise.
    10. Publisher Websites” means any website or property owned or licensed by Publisher, which is subject to the provisions of the Principal Agreement.
  1. Publisher Data Obligations. With respect to any Personal Data or other data regarding Publisher or Publisher’s end users, which Publisher provides to in connection with this Agreement, Publisher hereby consents to the use and disclosure of the Personal Data in accordance with Company’s privacy policy. With respect to any Personal Data provided by Publisher to Company, Publisher shall ensure it has, and each Publisher Affiliate has, and will continue to, comply with all applicable Data Protection Laws, including but not limited to, GDPR. Publisher shall ensure Publisher has, and each Publisher Affiliate has, properly informed its end users regarding their data’s usage, storage, and transfer of information. Publisher shall ensure Company that it has obtained all necessary rights, consents, and authorizations from any Data Subjects for which the data relates in connection with the Principal Agreement to allow Company to process the Personal Data outside the Data Subject’s country of residence. Any Personal Data sent to Company will be processed in the United States, or any other country where Company, or its contractors maintain data storage or processing facilities, and by using the Services, Publisher hereby consents to such processing and storing of the Data.
  2. Cooperation for Regulatory Compliance. Publisher shall provide reasonable assistance to Company immediately upon request to enable Company to respond to requests from Data Subject(s) seeking to exercise their rights under GDPR, or similar applicable data protection laws, rules, or regulations.
  3. Prohibited Data. In no event shall Publisher send Company any data that is generally considered highly sensitive or falls under the “special categories of personal data” under the GDPR. This includes, but is not limited to, personal data revealing racial or ethnic origin, religious beliefs, genetic data, data concerning a person’s health, a person’s sexual orientation, trade union membership, or biometric data.
  4. Privacy Policy. Publisher shall ensure at all times that it maintain a posted privacy policy and cookie statement accessible by direct link from Publisher’s website’s homepage that complies with all applicable laws and regulations, and shall abide by such privacy policy. Such privacy policy shall: (i) disclose that Publisher serves advertising via the Publisher Network and Publisher Product; (ii) disclose the type of information collected by Publisher, (iii) provide a clear and conspicuous link to an opt-out process, and (iv) post a clear and conspicuous link to the NAI opt-out page which is currently located at
  5. Publisher’s Separate Controller Status. Publisher hereby acknowledges and agrees it is the Controller of the Personal Data it sends to Company for the provision of Company’s services. Publisher is solely responsible for complying with Controller’s obligations under GDPR. In no event shall Publisher and Company be considered joint Controllers in regards to Personal Data that is sent to Company as part of its services.
  6. Protection of Personal Data. Publisher shall comply with all applicable Data Protection Laws. Publisher represents and warrants that Publisher and Publisher Affiliates are fully compliant with all applicable Data Protection Laws.
  7. Security. Publisher represents and warrants it has implemented appropriate technical and organizational measures to ensure a level of security appropriate to comply with, and maintain compliance with, Data Protection Laws.
  8. Data Breach Obligation. Publisher shall notify Company within twenty-four (24) hours after Publisher or any Publisher Affiliate becomes aware of a data breach affecting Personal Data, and shall provide Company with sufficient information to allow Company to meet any obligations to report or inform Data Subjects of the Personal Data breach under the Data Protection Laws:
    At a minimum, the notification shall provide each of the following:

    1. Describe the nature of the Personal Data breach, the categories and numbers of Data Subjects concerned, and the categories and numbers of personal data records concerned;
    2. Communicate the name and contact details of Publisher’s data protection officer or other relevant contact from whom more information may be obtained;
    3. Describe the likely consequences of the personal data breach; and
    4. Describe the measures taken or proposed to be taken to address the Personal Data breach; and
    5. Describe the measures taken or proposed to be taken to address the Personal Data breach, including, where appropriate, measures to mitigate its possible adverse effects.
    6. Publisher shall co-operate with Company and take such reasonable commercial steps as are directed by Company to assist in the investigation, mitigation and remediation of each such Personal Data breach.