- “Ad” or “Advertisement” means a commercial notice, announcement or message made in a public medium to an advertiser’s customers or prospective customers to promote a person, entity, brand, product, service, or event.
- “Additional Terms and Conditions” means any additional terms and conditions specified by Zeta DSP from time to time for certain Services and attached to an applicable Order or made available to the Customer.
- “Ad Technologies” means, collectively, digital advertising technologies that include advertising tags (such as pixels, clear GIFs and similar methods), cookies, device identifiers or other identifiers and similar technologies.
- “Affiliate” of a party means an entity that, directly or indirectly through one or more entities, controls, is controlled by or is under common control with that party, where “control” means the possession, direct or indirect, of the power to direct the management and policies of such party, whether through the ownership of at least fifty percent (50%) of the voting interest of such party, through contractual provisions, or otherwise, and includes that entity’s officers, directors, agents, employees, successors and assigns.
- “Customer”, “you” and “your” means the individuals or organization(s) identified in the MSA and/or the applicable Order, that are responsible for payment to Zeta DSP pursuant to the Agreement.
- “Customer Data” means all campaign data collected by Zeta DSP hereunder on behalf of or received from Customer, its advertisers or the agencies representing Customer, including any data that Customer, its Affiliates, or any third party vendors or partners on Customer’s behalf may disclose or submit to Zeta DSP and any and all Customer Reports; provided however, Customer Data does not include Non-Proprietary Data, even if such data is identical to a portion of data comprising Customer Data. References to Customer Data include Customer Personal Data (as defined in Section 6.2) unless Customer Personal Data is specifically excluded from the MSA and/or Order.
- “Customer Material(s)” means any Advertisement, creative, content, data, information or material of any kind created, managed, or delivered by or on behalf of Customer or its Third Party Users using the Services, and includes, without limitation, any creative works, content, data, information, media plan or material of any kind referenced by or accessed via an Advertisement, such as by a URL or other method.
- “Customer Report” means any report or summary prepared for Customer in connection with the Services containing information about user activity or engagement with Advertisements.
- “Fees” means the fees or rates for the use of the Services as set forth in each Order.
- “Intellectual Property Rights” means all rights including future rights in inventions, patents, designs, copyrights, trademarks, service marks, databases and topography rights (whether or not any of those is registered and including applications for registration of the foregoing, renewals, extensions, continuations, divisions and reissues) together with all trade secrets, know-how and all rights or forms of protection of a similar nature or having equivalent or similar effect to any others which may subsist anywhere in the world.
- “MSA” means any Master Services Agreement or similar contractual agreement entered into between you and Zeta, including all schedules and attachments thereto, as amended from time to time.
- “Non-Proprietary Data” means data that is generated or obtained by Zeta DSP in connection with the Services that may include Personal Data as defined by applicable laws, and which Zeta DSP processes as a co-controller. Non-Proprietary Data includes data included in a HTTP header or HTTP response, such as user agent strings and time stamps; IP addresses; URLs not provided by or on behalf of Customer; and persistent and non-persistent identifiers, such as session IDs, cookie IDs, cache-based IDs, mobile advertising identifiers and device IDs.
- “Order” means an ordering document for Services that is signed by Customer or submitted to Zeta DSP by means of an online click-thru and is accepted by Zeta, which may include, without limitation, an order, statement of work, schedule, attachment, or insertion order, as amended from time to time.
- “Payment Terms” means the payment terms set forth in the MSA or the applicable Order.
- “Platform(s)” means any of the Zeta DSP service platforms accessible via the Internet for the provision and use of the Services, including any administration websites through which Zeta DSP provides access to such platforms and all software (including source and object code), updates, enhancements, documentation or other materials (excluding Customer Materials) in or related to the platforms that Zeta DSP makes available in the course of providing the Services.
- “Privacy Rules” means, to the extent each is applicable: (i) the requirements of any privacy and data protection laws, treaties, inter-governmental agreements, and regulations to which a party is subject in the conduct of its business; (ii) with respect to all processing of personal data relating to individuals in the European Economic Area by or on behalf of a party to this Agreement in, or transfer of personal data to, the United States of America, the EU Standard Contractual Clauses set forth below in Section 16; (iii) the following digital advertising industry rules to the extent applicable to the conduct of a party’s business in the territories where such rules apply: (a) all United States Federal Trade Commission (“FTC”) rules and guidelines regarding the collection, use and/or disclosure of information from or about a unique user of a website, application and/or mobile website and/or the device associated with such user; (b) the California Consumer Privacy Act (CCPA), as amended; (c) all enacting legislation of European Union member states of directives of the European Parliament and Council related to the processing of personal data or the storage of or access to information stored on an individual person’s computing equipment, including mobile devices; (d) the advertising industry self-regulatory codes and principles promulgated by the Digital Advertising Alliance (“DAA”), and the European Interactive Digital Advertising Alliance (“EDAA”), as each such rules, guidelines, codes or set of principles may be amended from time to time by the promulgating entity or any successor entity; (iv) any other relevant FTC, DAA, or EDAA code or principles relating to the collection and use of data obtained from individual persons for advertising purposes; and (v) any amendments, modifications, extensions, supplements or replacements of or to any of the foregoing. For the purposes of the descriptions in the Standard Contractual Clauses as between Zeta DSP and Customer, Zeta DSP agrees that it is a “data importer” and Customer is the “data exporter” under the Standard Contractual Clauses (notwithstanding that Customer may be located outside the EEA and may itself be a Processor acting on behalf of third party Controllers).
- “Services” means, collectively, the products and services specified in the MSA or the applicable Order, which may include, without limitation: (i) provision of digital advertising solutions or services in or through any Platform; (ii) professional, creative, media buying or selling and related trading services for agencies and their customers using Zeta DSP professional services, any Platform, or the technology and services of third party service providers and Zeta DSP alliances; and (iii) the data, products and services of third parties that Zeta DSP may make available to Customer from time to time.
- “Site(s) Content” means all materials, data, images, texts, sounds, information or other content contained in or around and/or linked to any Site (as defined in Section 6.9).
- “Zeta”, “we” and “us” means the Zeta Global Corp.
- “Term” has the meaning given to such term in the MSA or the applicable Order.
- “Territory of Domicile” means Customer’s territory of domicile as set forth in the MSA or the applicable Order.
- “Third Party User” means any third party contractor, client, advertiser, agency, or publisher, as applicable, that accesses and uses the Services through Customer’s Account (as defined in Section 3.1).
- Ordering and Use of Services.
- Subject to payment by Customer to Zeta DSP of the Fees as set forth in the MSA or the applicable Order and pursuant to Section 3, Zeta DSP will make the Services available to Customer (and its Third Party Users, as applicable) in accordance with the terms of this Agreement. Notwithstanding the foregoing, Customer acknowledges and agrees that certain Services, including, without limitation, professional, creative, media buying, trading or third party services, may be subject to Additional Terms and Conditions which will be provided or referenced in the applicable Order.
- Zeta DSP does not pay for any suggestions regarding the Services, or any improvement to processes, procedures, marketing or any other matter (collectively “Suggestions”). Any Suggestions that the Customer submits to Zeta DSP becomes the property of Zeta. Zeta DSP will not (i) compensate the Customer for any such Suggestion; (ii) have any obligation of confidentiality with respect to any such Suggestion; or (iii) be liable to the Customer for any use or disclosure of any such Suggestion. Customer grant Zeta DSP a royalty-free, irrevocable, unrestricted, non-exclusive, sub-licensable, assignable, worldwide license to use, modify, copy, sublicense, transmit, publish, create derivative works from, publicly perform and display any Suggestion for any purpose, commercial or otherwise, without compensation or liability to the Customer or to any third party.
- Access to Platform and Account.
- Customer may access certain Services through an administrative website or, subject to Section 3.5, an application programming interface (“API”) for the Platforms maintained and controlled by Zeta. For access to the Platforms, Zeta DSP will provide Customer with one or more logins and passwords for access to Customer’s account and corresponding administrative controls (“Customer’s Account”) by authorized personnel of Customer and/or Third Party Users (“Customer’s Representatives”). In order to use any Platform, Customer will, and will ensure that Customer’s Representatives represent, warrant and covenant that they will, provide Zeta DSP with accurate, truthful and complete registration information and agree to the terms of this Agreement and any other Additional Terms and Conditions applicable to each Platform that Zeta DSP may otherwise reasonably require. Upon acceptance of any application made by Customer, each of Customer’s Representatives will be assigned with a user name and password that will allow access to the applicable Platform, and will become a registered user. Customer will ensure that each of Customer’s Representatives that is provided registered user access to any Platform keeps its registration information accurate and up-to-date and does not share its password or registered user name with any third party except as otherwise set forth in this Agreement, and Customer agrees that any failure by any Customer Representative to do so will constitute a breach of this Agreement by Customer, which may result in immediate termination of Customer’s Account. Customer will immediately notify Zeta DSP in writing of any change in authorization, any unauthorized use of any Customer’s Account or any other account-related security breach of which it becomes aware. Upon termination of this Agreement for any reason, Zeta DSP will have the right to disable and delete each Customer Representative’s access to Customer’s Account immediately and to delete all Customer Data thirty (30) days after termination or expiration of this Agreement.
- Zeta DSP reserves the right to suspend or delete any account in its sole discretion for any reason. If Zeta DSP suspends or deletes Customer’s Account: (i) Zeta DSP is not obligated to provide the Customer with a reason for its actions; and, (ii) Zeta DSP will refund the full unused balance remaining in the Customer’s Account, if any, within 30 days of receiving written instructions from the Customer as to where to refund the balance. If Zeta DSP deletes Customer’s Account, the Customer’s right to access the Services and use any applicable Platform shall immediately terminate. Customer will not be permitted to open a new account. If Zeta DSP suspects that the Customer is operating, or associated with, another account (based on its analysis of subscriber data, account content and other information), Zeta DSP may suspend or delete such ‘related’ account as well.
- Zeta DSP will use commercially reasonable efforts to make the applicable Platform accessible to Customer 24 hours per day, 7 days per week, subject to any downtime for maintenance, updating and repair. Notwithstanding the foregoing, Customer acknowledges and agrees that Zeta DSP will have no responsibility for Customer’s inability to use the Services or access any Platform due to Internet or other network interruption, communications failure, server downtime or other force majeure event.
- The internet is an inherently insecure medium and the transmission of data over the internet (such as sending an email or logging onto a website) is subject to possible loss, interception or alteration while in transit. Accordingly, Zeta DSP does not assume any liability for any damage the Customer may experience or costs it may incur as a result of any loss, interception or alteration of transmissions over the internet.
- If Customer authorizes Zeta DSP to set up API access under Customer’s Account: (a) Customer’s use of the API is deemed to be a use of the applicable Platform and is subject to the terms of this Agreement and any Additional Terms and Conditions Zeta DSP may require regarding API use; (b) Zeta DSP will provide access to the API in accordance with Customer’s written instructions and any additional usage terms set forth in the Order; (c) Customer acknowledges and agrees that Zeta’s only obligations with respect to Customer and/or any Third Party User provided access to Zeta’s API (“3rd Party API User”) are those specifically undertaken by Zeta DSP in the Order and Zeta DSP otherwise has no responsibility or liability for Customer’s or any 3rd Party API User’s performance or obligations under any separate agreement that may exist among Customer, any of Customer’s clients and any 3rd Party API Users; (d) Customer is solely responsible for obtaining any 3rd Party API User’s written agreement to any Additional Terms and Conditions required for access to the API and returning a copy thereof to Zeta; and (e) Zeta DSP may suspend providing API access without liability to Customer or any 3rd Party API User, or any of their respective Affiliates or clients, if Zeta DSP believes, in its sole discretion, that the receipt or processing of any Customer Data via the API violates any Privacy Rules or otherwise may result in liability for Zeta DSP or any of its Affiliates or any of their respective customers.
- Limited Rights; Ownership.
- Zeta DSP hereby grants to Customer, and Customer hereby accepts, a non-exclusive, non-transferable (except as expressly provided in this Agreement), and limited right for Customer to access and use the Platform specified in the Order in accordance with this Agreement solely during the Term and for the sole purpose of using the Services for its internal business purposes. Except as expressly permitted by this Agreement, Customer may not, directly or indirectly or by itself or through any other person or entity, use, rent, lease, sell, transfer (by sublicense, assignment, operation of law, change in control or otherwise), time share, modify, reproduce, copy, make derivative works from, distribute, publish, use to provide service bureau services, or publicly display the applicable Platform. Moreover, Customer will not (and will ensure that Customer’s Representatives do not) reverse engineer, decompile, or otherwise attempt to discover the source code for the applicable Platform or any of the Services. All rights not expressly assigned or licensed in this Agreement are reserved by Zeta DSP in full.
- Except as expressly provided herein, Zeta DSP has and will have the sole and exclusive ownership of all right, title and interest in and to all the Platforms and all applicable Services and all Intellectual Property Rights in applicable Platform and Services, any enhancements thereto, any documentation or other materials regarding the use thereof and related thereto, any machine learning and the results and outputs of such machine learning that occur prior to, during, or after Customer’s use of the Services, and any Zeta DSP proprietary data provided to Customer by Zeta DSP in whatever form or media (collectively, “Zeta DSP Intellectual Property”). Neither this Agreement, nor anything contained herein, will be construed as a sale of any Platform or any of the Services or any Intellectual Property Right or any other Zeta DSP Intellectual Property or any proprietary right or title therein or thereto.
- If any deliverable to Customer produced by Zeta DSP’s Services includes Zeta DSP Intellectual Property, then Zeta DSP will remain the sole and exclusive owner of such included Zeta DSP Intellectual Property, and Zeta DSP grants Customer only a non-exclusive, perpetual, worldwide, royalty-free license to use such Zeta DSP Intellectual Property, for any purpose, including to sell, sublicense, disclose, publicly display, and create derivative works from such Zeta DSP Intellectual Property, but solely as incorporated into or embedded in such deliverables and not separately therefrom. Subject to the preceding sentence, Customer will own all right, title and interest in and to such deliverables, including the Intellectual Property Rights therein.
- As between Zeta DSP and Customer, Customer has and will have the sole and exclusive ownership of all right, title and interest in and to the Customer Materials, Customer Data, and the Site Content where applicable, and all Intellectual Property Rights in the same, except for any Zeta DSP Intellectual Property embedded therein.
- Customer grants Zeta DSP a non-exclusive license during the Term to use, copy, modify, process and distribute Customer Materials and Customer Data solely for the purpose of providing the Services in accordance with this Agreement and subject to its terms.
- Customer agrees that Zeta DSP may use and disclose certain data, including Customer Data and Non-Proprietary Data, derived from Customer’s use of the applicable Platform and Services (assuming no user opt-out of such use has been communicated to Zeta, including as provided in Section 6.7) to create aggregated data and statistics about the Services and its features, which Zeta DSP may provide to others, including Zeta’s customers, potential customers and the general public, provided that such aggregated data and statistics do not contain any Customer Personal Data (as defined in Section 6.2) or identify any living individual, Customer, Customer’s clients, or any of their respective products or brands. Customer further acknowledges that Zeta will cookie-match between rfihub cookies used by Zeta DSP and other cookies deployed by Zeta, in order to leverage online segment data for other marketing channels.
- Customer grants Zeta DSP a non-exclusive license during the Term to use its and its Third Party Users’, as applicable, name and trademarks in marketing materials, the customer ad showcase area of the applicable Platform, and customer lists; provided, that Customer has the right to notify Zeta DSP in writing if it does not agree to any of the foregoing uses of its name and trademarks.
- “Zeta”, “Zeta Global”, “ZetaGlobal.com,” ‘Zeta DSP” and Zeta’s logos are, and remain, trademarks of Zeta, its affiliated companies, and/or its licensors; you may not copy, imitate or use any of these without Zeta’s prior written consent.
- Confidential Information.
- Any information provided hereunder by either party which is clearly marked as “confidential” or designated to be confidential by the terms of this Agreement, including, in particular, the terms and Fees set forth in the MSA and any Orders (“Confidential Information”) will not be used, disclosed or reproduced by the other party without the express written consent of the party providing such information, other than for the performance of such party’s obligations under this Agreement. “Confidential Information” includes all information furnished by or on behalf of either party to the other party, whether furnished before or after the date of this Agreement and regardless of the form in which it is or was communicated or maintained, that is marked as “confidential” or that, from all of the circumstances, the receiving party knows or has reason to know or could reasonably be expected to believe that the disclosing party intended or expected the secrecy of such information to be maintained, that contains or otherwise reflects information concerning the disclosing party, including, without limitation, technical data, know-how, unpublished patent applications, research, product plans or proposals, product applications, inventions, experimental results, trade secrets, processes, designs, drawings, business plans or proposals, implementation strategies, methods of operation, standard operating procedures, marketing information, presentations, programs and strategies, pricing information, promotional information and techniques, analytical procedures, agreements with or information of third parties, financial information and conditions, and information relating to engineering, markets, suppliers or vendors, services, customers, personnel data and marketing, and any other confidential information concerning the business and affairs of the disclosing party, and will include all notes, studies, reports, memoranda and other documents prepared by the receiving party or its representatives that contain or reflect any Confidential Information. Confidential Information does not include information that: (a) is or becomes generally known or available to the public through no act or failure to act by the receiving party; (b) is lawfully in the possession of the receiving party at the time of disclosure, as demonstrated by the receiving party’s written records immediately prior to the time of disclosure; (c) is hereafter furnished to the receiving party by a third party, as a matter of right and without restriction on its disclosure; (d) is required to be disclosed by applicable law or regulation; provided, that the receiving party, to the extent legally permitted, will promptly notify the disclosing party of such request, furnish only the minimum portion of Confidential Information that the receiving party is advised by legal counsel is legally required to be furnished, and assist the disclosing party, if requested, in obtaining a protective order or other reliable assurance that confidential treatment will be accorded to such portion of the Confidential Information as is required to be disclosed.
- Data Protection and Privacy.
- Zeta DSP and Customer (and its Third Party Users) each represents and warrants that it will at all times comply with the requirements of any applicable Privacy Rules and will refrain from engaging in any behavior that is reasonably likely to render the other party in breach of the Privacy Rules.
- To the extent that Zeta DSP processes personal data about any natural person (“Personal Data”, which may also be referred to as “personally identifiable information” or “personal information” by applicable laws) supplied or collected by or on behalf of Customer (“Customer Personal Data”) in the course of providing the Services, it will do so as a processor acting on behalf of Customer (as data controller), however, Zeta DSP processes Non-Proprietary Data as a controller. To the extent that Non-Proprietary Data is disclosed by Customer to Zeta DSP, Zeta DSP processes such data as a co-controller. The terms “data processor,” “data controller,” “process” and their derivatives will have the meanings ascribed to them under the Privacy Rules enforceable in the geographic territories where such processing occurs, or if not defined in any territory, they will have their plain language meanings in that territory.
- Zeta DSP will have in place and maintain throughout the Term appropriate technical and organizational measures to prevent accidental or unauthorized destruction, loss, alteration or disclosure of Customer Data. Customer acknowledges that Zeta DSP shall have the right to delete Customer Data in accordance with Zeta’s data retention policies and to disclose, modify or delete Customer Personal Data in accordance with this Agreement or as required by Privacy Rules.
- Customer authorizes Zeta DSP to subcontract processing of Customer Data under this Agreement to one or more third parties provided that Zeta: (a) complies with the Privacy Rules; (b) flows down its obligations to protect the Customer Data to any subcontractor it appoints; and (c) will remain responsible for any failure to comply with the Privacy Rules by any subcontractor it appoints to process Customer Data.
- Customer will not append any third party tags to Zeta DSP’s tags, nor will Customer allow any third party tracking or tagging (collectively “Third Party Tags”) through the Platform unless any provider requesting to implement Third Party Tags is in full compliance with this Section 6 and the Privacy Rules, including, without limitation, by presenting users with notice and choice to opt-out of data collection and processing in connection with such Third Party Tags. Customer will provide Zeta DSP and any client it represents, where applicable, with notice of any Third Party Tags Customer wishes to implement in the Platform. Zeta DSP reserves the right to validate any Third Party Tags or provider thereof for compliance with this Section 6 and the Privacy Rules, and for authenticity, and is under no obligation to allow the implementation of Third Party Tags. Zeta DSP may create lists of providers of Third Party Tags who are certified to append Third Party Tags in the Platform, and reserves the right to block any providers who are not validated for compliance; and without derogating from the above, Customer will be solely responsible for any Third Party Tags implemented through the Platform by Customer or any provider or other person authorized to act on Customer’s behalf, including any damage, cost or claim resulting from appending such Third Party Tags.
- Customer Responsibilities.
- As between the parties, Customer is solely responsible for: (a) all aspects of any Customer Materials created, delivered, or managed through or processed or linked to the Services; (b) all campaign settings, including settings in the Platform designated as “Stop Serving”, as determined and inserted by or on behalf of Customer on the applicable Platform; and (c) all aspects of campaign management including data entry, ads, pricing, budget, maximum number of impressions, flight parameters, pacing, campaign set up and trafficking, targeting constraints, monitoring ad status, advertiser requirements and objectives, and campaign performance. Customer is solely responsible for any conditions, representations or warranties it makes to its advertisers regarding actual or expected campaign performance, and for any make-goods it may issue to advertisers. Customer will conduct (and ensure that its Third Party Users conduct) all of its marketing, business, and other activities related to the Customer Materials and its use of the Services in compliance with local, state, federal and international laws, rules, treaties, inter-governmental agreements and governmental orders, regulations and regulatory codes of practice applicable to its business.
- Customer represents and warrants that it will not (and will procure that its Third Party Users do not) use the Services in connection with, or to promote campaigns, Advertisements or other Customer Materials or Site Content containing: (a) content that is an invasion of privacy, degrading, defamatory, libelous, unlawful, profane, obscene, pornographic, hate material or discriminatory; (b) content that promotes any illegal or fraudulent activity, including, without limitation, the promotion of gambling where prohibited, illegal substances, software piracy or hacking, or invalid advertising traffic; (c) content that infringes the personal rights or Intellectual Property Rights of any third party; (d) content, links or codes that promote or reference software piracy and/or activities generally understood as Internet abuse, including the sending of unsolicited bulk messages or the distribution or use of spyware, Malware (as defined below), worms, Trojan horses, time bombs, cancelbots, bots or other code that generate fraudulent or invalid advertising traffic, corrupted files or similar software; or (e) content that it knows or reasonably should have known to be false, fraudulent or misleading, including content, links or codes that facilitate the creation or use of fraudulent or invalid advertising traffic. “Malware” means software or applications, or websites associated with software or applications, that (i) may be used to disrupt, damage, take control of, misuse, or otherwise use or disable a computer or computer system or operation; (ii) impermissibly views or collects information; (iii) access computer systems to display or distribute unwanted or illicit advertising, content or software; or (iv) violates the written policies of any advertising exchange or publisher that Customer may have access to through the applicable Platform, as such policies may be updated and published from time to time. Customer shall use a reputable third party Malware detection vendor to scan all ads that are served to websites in connection with Customer’s use of the Services. Without limiting any of its rights under this Agreement, Zeta DSP may immediately suspend or terminate Customer’s access to the Services without notice and may terminate this Agreement without any liability to Customer, if Customer fails to comply with this Section 7.
- Customer represents and warrants that: (a) it is a business, not a consumer, and has the rights, authority and any required permission and consent to enter into this Agreement, and, if applicable, that it is acting as an agent for a disclosed principal, its advertiser, and that as such, Customer has the authority as agent to incur the Fees charged by Zeta DSP for the Services requested on such advertiser’s behalf; (b) neither it nor its Third Party Users are currently the subject of any investigation or prosecution by any governmental or regulatory body or agency that may have a material detrimental effect on users of Customer’s products, services or advertising, or on Zeta, any of its Affiliates or any of their respective customers; or (c) if it or any of its Third Party Users becomes involved or is named in any investigation or prosecution by any governmental or regulatory body or agency that may have a material detrimental effect on Zeta DSP or users of Zeta’s products, services or advertising, then Customer will immediately provide notice to Zeta DSP of such action, investigation, complaint or other proceeding, in which event Zeta DSP may terminate this Agreement immediately.
- Customer represents and warrants that: (a) it and its Third Party Users have all the necessary rights, licenses, consents, waivers and permissions, including, without limitation, from advertisers, publishers, users and other third parties, to allow Zeta: (i) to store and deliver the Customer Materials and otherwise provide the Services and operate the Platforms on behalf of Customer; (ii) to make any technical or other modifications that it may deem necessary to facilitate the delivery of the Advertisements and related Customer Materials; provided, that Zeta DSP will not make any amendments to the creative content of any Advertisements or Customer Materials except as requested by Customer; (iii) to use any Customer Data provided to or collected by Zeta DSP in the provision of the Services for Customer and according to Customer’s or its Third Party Users’ instructions; and (iv) to receive, transfer and process any Customer Data from or to any third party according to Customer’s or its Third Party Users’ instructions, whether by API, FTP or other data transfer method; (b) neither Customer nor its Third Party Users, nor any of their respective users, will use the applicable Platform or any of the Services in a way or for any purpose that infringes or misappropriates any third party’s Intellectual Property Rights or personal or other proprietary rights or in order to harass, abuse, or harm another person; (c) it will ensure that the Customer Materials, the contents of such Customer Materials, the Site Content and any data provided by, or delivered on behalf of, Customer or any Third Party Users to Zeta, and Customer’s and its Third Party Users’ promotional and marketing materials and activities in connection with their use of the applicable Platform or Services, will not be in violation of any third party’s rights, including Intellectual Property Rights, and will not be defamatory, fraudulent, obscene, misleading or otherwise illegal; (d) it will notify Zeta DSP of any errors in any Customer Materials and any complaints or claims made in respect of any Customer Materials as soon as the same comes to its attention; and (e) if Zeta DSP considers, in its sole discretion, that any Customer Materials breaches any of the requirements set forth in this Section 7, or may subject Zeta DSP to material adverse risks, and Zeta DSP requests that such Customer Materials be removed or amended, then Customer will withdraw such Customer Materials from the applicable Platform or amend such Customer Materials to Zeta’s satisfaction.
- Customer will ensure that it and any Third Party Users comply with this Agreement. Zeta DSP may audit Customer’s use of the Services and observe all of Customer’s activity on the applicable Platform. Customer will promptly notify Zeta DSP of any suspected or alleged breach of this Agreement and will cooperate with Zeta DSP regarding: (a) any investigation by Zeta DSP of any suspected or alleged violation of this Agreement; and (b) any action by Zeta DSP to enforce the terms and conditions of this Agreement. Zeta DSP may suspend or terminate Customer’s or Third Party User’s access to the Services and/or applicable Platform upon notice to Customer if Zeta DSP determines in its reasonable discretion that Customer or Third Party User has breached this Agreement.
- Customer agrees to indemnify, defend, and hold harmless Zeta, its subsidiaries, Affiliates and related entities, and their respective officers, directors, employees and agents from and against any and all losses, costs, damages or liabilities, including, without limitation, reasonable legal fees, costs and expenses, arising out of any third party claim or action related to Customer’s or any Third Party User’s (i) breach of any of the obligations and warranties set forth in this Section 7, or any other representations, warranties, terms, conditions or obligations of Customer as provided in this Agreement; (ii) gross negligence, willful misconduct or fraudulent actions; and (iii) violation or otherwise misappropriation of the Intellectual Property Rights of such third party in violation of this Agreement. The foregoing obligations are conditioned on Zeta: (a) notifying Customer promptly in writing of such action; (b) giving Customer sole control of the defense thereof and any related settlement negotiations; and (c) reasonably cooperating with the Customer, at the Customer’s expense, in the defense of such claim; and (d) giving the Customer the right to control the defense and settlement of any such claim, except that the Customer shall not enter into any settlement that affects Zeta’s rights or interest without Zeta’s prior written approval. Zeta DSP reserves its right prior to and during the notice period to file any motion, answer or other pleading and to take any other action that Zeta DSP shall deem necessary or appropriate to protect its interests.
- Zeta DSP Responsibilities
- Zeta DSP represents and warrants that: (a) it is duly authorized to enter into this Agreement and provide the Services hereunder; (b) it will perform the Services in a diligent and workmanlike manner consistent with applicable industry standards; (c) the Services will perform substantially in accordance with the latest version of documentation as made generally available in the applicable Platform or in an Order; (d) its provision and operation of the Services is in compliance with all applicable local, state, federal and international laws, rules, treaties, inter-governmental agreements and governmental orders, regulations and regulatory codes of practice; and (e) there are no actions, suits or proceedings, pending or threatened, that could reasonably be expected to have a material adverse effect on Zeta’s ability to fulfill its obligations under this Agreement.
- Zeta DSP agrees to indemnify, defend, and hold harmless Customer, its subsidiaries, its Affiliates, and their respective officers, directors, employees and agents from and against any and all losses, costs, damages or liabilities, including reasonable legal fees, costs, and expenses, arising out of or related to any third party action to the extent it is based upon a claim that any Platform or Services, or use thereof by the Customer in accordance with and subject to the limitations set forth in this Agreement, infringes any Intellectual Property Right of a third party. The foregoing obligations are conditioned on Customer: (a) notifying Zeta DSP promptly in writing of such action; (b) giving Zeta DSP sole control of the defense thereof and any related settlement negotiations; and (c) reasonably cooperating with Zeta, at Zeta’s expense, in the defense of such claim; and (d) giving Zeta DSP the right to control the defense and settlement of any such claim, except that Zeta DSP shall not enter into any settlement that affects Customer’s rights or interest without Customer’s prior written approval. Customer shall have a right prior to and during the notice period to file any motion, answer or other pleading and to take any other action that Customer shall deem necessary or appropriate to protect its interests. If the applicable Platform or Services become, or in Zeta’s sole opinion are likely to become, the subject of an infringement claim, Zeta DSP may, at its option and expense: (i) procure for Customer the right to continue using the applicable Platform or Services; (ii) replace or modify the applicable Platform or Services so that they become non-infringing; or (iii) accept return of any deliverables provided as a result of the Services, terminate this Agreement, in whole or in part, as appropriate, upon written notice to Customer and refund Customer any Fees pre-paid in respect of the Services upon such termination. Notwithstanding the foregoing, Zeta DSP will be relieved of its obligation under this Section 8.2 to the extent that any third party action is based upon: (A) any Customer Materials; (B) any use of the Platform or Services not in accordance with this Agreement; (C) any use of the Services in combination with products, equipment, software, or data not supplied by Zeta DSP if such infringement would have been avoided if not for the combination with such products, equipment, software, or data; (D) any use of any release of the Platform or Services other than the most current release made available to Customer; or (E) any modification of the Platform or Services by Customer, its agents or subcontractors. THIS SECTION 8.2 STATES ZETA’S ENTIRE LIABILITY AND CUSTOMER’S EXCLUSIVE REMEDY FOR ANY THIRD PARTY CLAIMS OF INFRINGEMENT.
- All Fees payable under this Agreement by Customer will be made in accordance with the Payment Terms, and are exclusive of any applicable taxes (except for taxes on Zeta’s net income) payable in connection with the Services or the use of the applicable Platform, including, without limitation, VAT or any relevant local sales taxes, for which Customer will be responsible. Unless stated otherwise in the applicable Order, all Fees shall be due within 30 days of the invoice date. Non-payment of any Zeta DSP invoice in accordance with the Payment Terms and this Agreement will be a material breach of this Agreement. Unless otherwise stated in the applicable Order, all Fees will be charged in U.S. dollars. If Customer pays the Fees in currency other than U.S. dollars, the payment will be exchanged at the rate available to Zeta DSP at the time. Customer is responsible for confirming the accuracy of all information it provides for each payment (such as contact information, payment amounts, credit card numbers and expiry dates, and wire information, as applicable).
- With respect to ad serving services, Customer will be billed per the following scenarios with respect to Platform settings: (a) if the campaign is set to “Keep Serving as Usual,” then the Platform will keep serving even after the placement’s end date or volume goals are met; or (b) if the campaign is set to “Stop Serving” (based on: Volume Stop, Date Stop, soonest of Volume Stop/Date Stop or the latest of Volume Stop/Date Stop), then: (i) Out of Banner Formats (“OOB”) will stop serving on OOB Stop; and (ii) Banner Formats will continue to serve the designated Ad Format until the predefined stop event and afterwards continue to serve default images, and in this case, impressions served until the stop event will be billed at their applicable rate and any impression served afterwards will be billed at the default image rate. Notwithstanding any Stop Serving settings or termination of an Order by Customer, Customer will pay Zeta DSP at its standard rates for professional, creative, media buying and trading services rendered through the date of termination, cancellation or Stop Serving setting, regardless of the number of impressions served. If Customer uses any Services for which the Fees are not specified in an Order, then the Fees for such Services will be Zeta’s then applicable standard rates. Terms with initial capital letters in this Section 9.2 have the meanings ascribed to them within the Platform settings.
- If Customer fails to pay any amount payable by it under this Agreement in accordance with the Payment Terms, Zeta DSP may charge Customer interest on the overdue amount (payable by Customer immediately on demand) from the due date up to the date of actual payment, after as well as before judgment, at the rate of 1.5% per month or the highest rate allowed by law, whichever is less. Such interest will accrue on a daily basis and be compounded on a monthly basis. Customer will also be responsible for payment of all reasonable expenses (including attorneys’ fees and costs) incurred by Zeta DSP in collecting any overdue amounts from Customer.
- EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE PLATFORM, AND THE SERVICES ARE PROVIDED “AS IS” AND ON AN “AS AVAILABLE” BASIS AND ZETA DSP DOES NOT MAKE OR GIVE ANY REPRESENTATION, WARRANTY, CONDITION OR OTHER TERM (COLLECTIVELY, “PROMISES”) OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE WITH RESPECT TO THE PLATFORM OR THE SERVICES AND EXCEPT TO THE EXTENT PROHIBITED BY APPLICABLE LAW, ZETA DSP DISCLAIMS ALL IMPLIED PROMISES WITH RESPECT TO THE PLATFORM AND THE SERVICES, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED PROMISES OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT OR QUIET ENJOYMENT, AND ANY PROMISES ARISING OUT OF ANY COURSE OF DEALING, PERFORMANCE, OR TRADE USAGE.
- ZETA DSP WILL NOT BE HELD RESPONSIBLE FOR: (A) ANY ERRORS OR INACCURACIES IN ANY CUSTOMER MATERIALS OR SITE CONTENT; (B) SERVICE INTERRUPTIONS DUE TO FACTORS REPRESENTING INHERENT RISKS ASSOCIATED WITH THE USE OF ELECTRONIC COMMUNICATIONS, INCLUDING NETWORK INTERRUPTIONS (INCLUDING THE INTERNET), COMMUNICATIONS FAILURES, THIRD PARTY SERVER DOWNTIME, POWER OUTAGES OR SYSTEM FAILURES; OR (C) ANY UNAUTHORIZED ACCESS TO, USE OF, ALTERATION OF OR DELETION, DESTRUCTION, DAMAGE OR LOSS OF CUSTOMER’S OR ANY THIRD PARTY USER’S CUSTOMER MATERIALS, SITE CONTENT OR OTHER MATERIALS, DATA, IMAGES, SOUNDS, TEXT INFORMATION OR CONTENT.
- ZETA DSP MAY DISCONTINUE ANY ASPECT OF THE PLATFORM OR THE SERVICES, OR MAY CHANGE THE NATURE, FEATURES, FUNCTIONS, SCOPE OR OPERATION OF THE PLATFORM OR THE SERVICES, AT ANY TIME. ZETA DSP ALSO DOES NOT IN ANY WAY MAKE ANY PROMISES THAT THE PLATFORM OR THE SERVICES WILL BE PROVIDED IN AN UNINTERRUPTED MANNER, ERROR-FREE OR FREE FROM HARMFUL COMPONENTS. IN ADDITION, ZETA DSP MAKES NO PROMISES THAT THE PLATFORM OR THE SERVICES WILL MEET CUSTOMER’S REQUIREMENTS OR EXPECTATIONS OR THAT CUSTOMER WILL ACHIEVE ANY PARTICULAR RESULT FROM USING THE PLATFORM OR THE SERVICES.
- CUSTOMER ACKNOWLEDGES AND AGREES THAT NEITHER CUSTOMER NOR ITS THIRD PARTY USERS HAVE ENTERED INTO THIS AGREEMENT IN RELIANCE ON ANY PROMISES (WHETHER INNOCENT OR NEGLIGENT) EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT.
- Limitation of Liability.
- EXCEPT AS EXPRESSLY SET FORTH IN SECTION 11.3, IN NO EVENT WILL EITHER PARTY BE LIABLE TO THE OTHER PARTY (OR ANY THIRD PARTY) FOR ANY SPECIAL, INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY KIND WHATSOEVER (INCLUDING LOSS OF PROFITS, LOSS OF BUSINESS OPPORTUNITIES, COSTS OF SUBSTITUTES, LEGAL FEES AND COURT COSTS), EVEN IF SUCH DAMAGES ARE REASONABLY FORESEEABLE.
- EXCEPT AS EXPRESSLY SET FORTH IN SECTION 11.3, IN NO EVENT WILL EITHER PARTY’S LIABILITY UNDER THIS AGREEMENT, WHETHER ARISING IN CONTRACT, TORT (INCLUDING NEGLIGENCE) OR OTHERWISE, EXCEED THE TOTAL AMOUNT ACTUALLY PAID TO ZETA DSP BY CUSTOMER UNDER THIS AGREEMENT DURING THE SIX (6) MONTHS IMMEDIATELY PRECEDING THE DATE ON WHICH THE FIRST OF ANY CLAIMS IS MADE IN CONNECTION WITH THIS AGREEMENT.
- THE EXCLUSIONS AND LIMITATIONS SET FORTH IN THIS SECTION 11 AND ELSEWHERE IN THIS AGREEMENT WILL APPLY TO THE FULLEST EXTENT PERMISSABLE AT LAW, BUT NEITHER PARTY WILL EXCLUDE OR LIMIT LIABILITY FOR: (A) DEATH OR PERSONAL INJURY CAUSED BY ITS NEGLIGENCE OR THAT OF ITS OFFICERS, EMPLOYEES, CONTRACTORS OR AGENTS ACTING IN THE COURSE OF THEIR DUTIES; (B) FRAUD OR FRAUDULENT MISREPRESENTATION; (C) BREACH OF SECTION 4, 6 OR 7 BY CUSTOMER OR THE BREACH OF SECTION 5 BY EITHER PARTY; (D) INDEMNIFICATION SET FORTH IN SECTION 7.6 AND 8.2; OR (E) ANY OTHER LIABILITY WHICH MAY NOT BE EXCLUDED OR LIMITED BY LAW.
- Force Majeure.
- Neither party will be responsible for delay or failure in performing obligations under this Agreement resulting from the occurrence of an event beyond the control of such party. Such force majeure events include, but not limited to, acts of God, acts of any government, war or other hostility, civil disorder, the elements, fire, flood, earthquake, explosion, embargo, acts of terrorism, power failure, equipment failure, industrial or labor disputes or controversies, acts of any third party data provider(s) or other third party information provider(s), third party software, or communication method interruptions.
- Any party that wishes to invoke an event as set forth above will promptly notify the other party of the occurrence of the force majeure event. Should the force majeure event continue for more than thirty (30) days, the party claiming the force majeure event will have the right to terminate this Agreement with immediate effect by giving written notice to the other party.
- In the event that Customer exercises its right to terminate this Agreement under this Section 13, it will immediately pay to Zeta DSP all Fees incurred, due and payable to Zeta DSP under the terms of this Agreement up to the effective date of such termination.
- Zeta DSP may provide notices to Customer, at Zeta’s option, by email to the email address provided by Customer to Zeta, by mail to the postal address provided by Customer to Zeta, or by posting on the applicable Platform or any Zeta DSP website to which Customer has access in connection with this Agreement. It is Customer’s responsibility to ensure that the email address and any other contact information it provides to Zeta DSP is updated and correct at all times during the Term. Changes to Customer’s contact information should be sent to Customer’s designated Zeta DSP service representative.
- Customer and Zeta DSP are independent contractors and nothing in this Agreement will give Customer the right, power or authority to create any obligation or responsibility on behalf of Zeta. Except as otherwise set forth in this Agreement, neither Customer nor Zeta DSP will have any right, power, or authority to create any obligation or responsibility on behalf of the other and this Agreement is not intended to benefit, nor will it be deemed to give rise to any rights in, any third party. Notwithstanding the foregoing, Customer acknowledges and agrees that Zeta’s Affiliates will be third party beneficiaries of this Agreement and will be entitled to directly enforce, and rely upon, any provision in this Agreement that confers a benefit on, or rights in favor of, Zeta DSP or any of its Affiliates.
- Customer may not assign, sublicense, or transfer this Agreement or any right or duty under this Agreement. Any assignment, transfer, or attempted assignment or transfer in violation of this Section 14 will be void and of no force or effect. Zeta DSP and its subsequent assignees may assign, delegate, sublicense, or otherwise transfer from time to time this Agreement, or the rights or obligations hereunder, in whole or in part, to any person or entity, such as to Zeta DSP Affiliates.
- No waiver of any right, power, condition or remedy is effective unless given in writing and signed by the party waiving such right or condition. No failure or delay on the part of a party in exercising any right, power, condition or remedy under this Agreement will operate as a waiver, nor will any single or partial exercise of any such right, power, condition or remedy preclude any other or further exercise or the exercise of any other right, power, condition or remedy.
- Any provision of this Agreement that is prohibited or unenforceable in any jurisdiction will, as to such jurisdiction, be ineffective only to the minimum extent necessary without invalidating the remaining provisions of this Agreement or affecting the validity or enforceability of any provision in any other jurisdiction.
- Any claim against Zeta DSP and/or its Affiliates will be adjudicated on an individual basis and will not be consolidated in any proceeding with any claim or controversy of any other party.
- Zeta DSP may be subpoenaed by governmental entities or others to provide information relative to your account. Zeta DSP has no obligation to inform you of any subpoena or response to any subpoena, and you agree that Zeta DSP will have no liability to you for disclosing information in response to a subpoena.
- This Agreement and every part of this Agreement is controlled by the English language and if the terms of this Agreement or any part thereof are translated into any language, for convenience or any other reason, the English language version will control and the English language interpretation will prevail with respect to any conflicts of interpretation.
- Zeta DSP Entity You Are Contracting With in Your Territory of Domicile, Governing Laws, Jurisdiction, Venue, Notices.
- This Agreement shall be governed by the laws of the State of New York, United States without regard to conflict of laws rules or principles. All parties agree that any claim, legal proceeding or litigation arising in connection with this Agreement will be brought solely in the United States District Court for the Southern District of New York (Manhattan) or, if federal jurisdiction is not available, in a court of competent jurisdiction in the County and State of New York. You and Zeta DSP consent to personal jurisdiction and venue of such courts and each party hereby expressly waives any objection or defense thereto.
- THE PARTIES ACKNOWLEDGE AND AGREE THAT ANY CONTROVERSY WHICH MAY ARISE UNDER THIS AGREEMENT, ANY OTHER AGREEMENT RELATED HERETO OR WITH RESPECT TO THE TRANSACTIONS CONTEMPLATED HEREBY OR THEREBY WOULD BE BASED UPON DIFFICULT AND COMPLEX ISSUES, AND THEREFORE, THE PARTIES AGREE THAT ANY COURT PROCEEDING ARISING OUT OF ANY SUCH CONTROVERSY WILL BE TRIED IN A COURT OF COMPETENT JURISDICTION BY A JUDGE SITTING WITHOUT A JURY.
- All notices to Zeta DSP will be made in writing to Zeta Global Corp., ATTN: Legal Department, 3 Park Avenue. 33rd Fl. New York, NY 10016, USA, with a copy via email to email@example.com. Notices should be sent by certified first-class mail, return receipt requested, or a nationally recognized delivery service. Notices will be deemed received based on the delivery date shown on the written delivery confirmation notice.
- EU Standard Contractual Clauses.
The parties agree that to the extent that Customer transfers or makes available to Zeta DSP Personal Data relating to a resident of the European Economic Area the following terms will apply. Where Zeta DSP acts as a Processor for Customer Personal Data it will act as a processor and not as a controller with respect to such data, however, transfers of Non-Proprietary Data by Customer to Zeta DSP represent controller-to-controller transfers and so this form of the EU Standard Contractual Clauses has been used.
Last Modified: July 29, 2019
Standard contractual clauses for the transfer of personal data from the Community to third countries (controller to controller transfers)
Data transfer agreement
Between Customer hereinafter “data exporter”) and Zeta DSP hereinafter “data importer,” each a “party”; together “the parties”.
For the purposes of the clauses:
- “personal data”, “special categories of data/sensitive data”, “process/processing”, “controller”, “processor”, “data subject” and “supervisory authority/authority” shall have the same meaning as in Directive 95/46/EC of 24 October 1995 (whereby “the authority” shall mean the competent data protection authority in the territory in which the data exporter is established);
- “the data exporter” shall mean the controller who transfers the personal data;
- “the data importer” shall mean the controller who agrees to receive from the data exporter personal data for further processing in accordance with the terms of these clauses and who is not subject to a third country’s system ensuring adequate protection;
- “clauses” shall mean these contractual clauses, which are a free-standing document that does not incorporate commercial business terms established by the parties under separate commercial arrangements.
The details of the transfer (as well as the personal data covered) are specified in Annex B, which forms an integral part of the clauses.
I. Obligations of the data exporter
The data exporter warrants and undertakes that:
- The personal data have been collected, processed and transferred in accordance with the laws applicable to the data exporter.
- It has used reasonable efforts to determine that the data importer is able to satisfy its legal obligations under these clauses.
- It will provide the data importer, when so requested, with copies of relevant data protection laws or references to them (where relevant, and not including legal advice) of the country in which the data exporter is established.
- It will respond to enquiries from data subjects and the authority concerning processing of the personal data by the data importer, unless the parties have agreed that the data importer will so respond, in which case the data exporter will still respond to the extent reasonably possible and with the information reasonably available to it if the data importer is unwilling or unable to respond. Responses will be made within a reasonable time.
- It will make available, upon request, a copy of the clauses to data subjects who are third party beneficiaries under clause III, unless the clauses contain confidential information, in which case it may remove such information. Where information is removed, the data exporter shall inform data subjects in writing of the reason for removal and of their right to draw the removal to the attention of the authority. However, the data exporter shall abide by a decision of the authority regarding access to the full text of the clauses by data subjects, as long as data subjects have agreed to respect the confidentiality of the confidential information removed. The data exporter shall also provide a copy of the clauses to the authority where required.
II. Obligations of the data importer
The data importer warrants and undertakes that:
- It will have in place appropriate technical and organisational measures to protect the personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and which provide a level of security appropriate to the risk represented by the processing and the nature of the data to be protected.
- It will have in place procedures so that any third party it authorises to have access to the personal data, including processors, will respect and maintain the confidentiality and security of the personal data. Any person acting under the authority of the data importer, including a data processor, shall be obligated to process the personal data only on instructions from the data importer. This provision does not apply to persons authorised or required by law or regulation to have access to the personal data.
- It has no reason to believe, at the time of entering into these clauses, in the existence of any local laws that would have a substantial adverse effect on the guarantees provided for under these clauses, and it will inform the data exporter (which will pass such notification on to the authority where required) if it becomes aware of any such laws.
- It will process the personal data for purposes described in Annex B, and has the legal authority to give the warranties and fulfil the undertakings set out in these clauses.
- It will identify to the data exporter a contact point within its organisation authorised to respond to enquiries concerning processing of the personal data, and will cooperate in good faith with the data exporter, the data subject and the authority concerning all such enquiries within a reasonable time. In case of legal dissolution of the data exporter, or if the parties have so agreed, the data importer will assume responsibility for compliance with the provisions of clause I(e).
- At the request of the data exporter, it will provide the data exporter with evidence of financial resources sufficient to fulfil its responsibilities under clause III (which may include insurance coverage).
- Upon reasonable request of the data exporter, it will submit its data processing facilities, data files and documentation needed for processing to reviewing, auditing and/or certifying by the data exporter (or any independent or impartial inspection agents or auditors, selected by the data exporter and not reasonably objected to by the data importer) to ascertain compliance with the warranties and undertakings in these clauses, with reasonable notice and during regular business hours. The request will be subject to any necessary consent or approval from a regulatory or supervisory authority within the country of the data importer, which consent or approval the data importer will attempt to obtain in a timely fashion.
- It will process the personal data, at its option, in accordance with:
- the data protection laws of the country in which the data exporter is established, or
- the relevant provisions (1) of any Commission decision pursuant to Article 25(6) of Directive 95/46/EC, where the data importer complies with the relevant provisions of such an authorisation or decision and is based in a country to which such an authorisation or decision pertains, but is not covered by such authorisation or decision for the purposes of the transfer(s) of the personal data (2), or
- the data processing principles set forth in Annex A.
Data importer to indicate which option it selects:
Initials of data importer:_;
- It will not disclose or transfer the personal data to a third party data controller located outside the European Economic Area (EEA) unless it notifies the data exporter about the transfer and
- the third party data controller processes the personal data in accordance with a Commission decision finding that a third country provides adequate protection, or
- the third party data controller becomes a signatory to these clauses or another data transfer agreement approved by a competent authority in the EU, or
- data subjects have been given the opportunity to object, after having been informed of the purposes of the transfer, the categories of recipients and the fact that the countries to which data is exported may have different data protection standards, or
- with regard to onward transfers of sensitive data, data subjects have given their unambiguous consent to the onward transfer
III. Liability and third party rights
- Each party shall be liable to the other parties for damages it causes by any breach of these clauses. Liability as between the parties is limited to actual damage suffered. Punitive damages (i.e. damages intended to punish a party for its outrageous conduct) are specifically excluded. Each party shall be liable to data subjects for damages it causes by any breach of third party rights under these clauses. This does not affect the liability of the data exporter under its data protection law.
- The parties agree that a data subject shall have the right to enforce as a third party beneficiary this clause and clauses I(b), I(d), I(e), II(a), II(c), II(d), II(e), II(h), II(i), III(a), V, VI(d) and VII against the data importer or the data exporter, for their respective breach of their contractual obligations, with regard to his personal data, and accept jurisdiction for this purpose in the data exporter’s country of establishment. In cases involving allegations of breach by the data importer, the data subject must first request the data exporter to take appropriate action to enforce his rights against the data importer; if the data exporter does not take such action within a reasonable period (which under normal circumstances would be one month), the data subject may then enforce his rights against the data importer directly. A data subject is entitled to proceed directly against a data exporter that has failed to use reasonable efforts to determine that the data importer is able to satisfy its legal obligations under these clauses (the data exporter shall have the burden to prove that it took reasonable efforts).
IV. Law applicable to the clauses
These clauses shall be governed by the law of the country in which the data exporter is established, with the exception of the laws and regulations relating to processing of the personal data by the data importer under clause II(h), which shall apply only if so selected by the data importer under that clause.
V. Resolution of disputes with data subjects or the authority
- In the event of a dispute or claim brought by a data subject or the authority concerning the processing of the personal data against either or both of the parties, the parties will inform each other about any such disputes or claims, and will cooperate with a view to settling them amicably in a timely fashion.
- The parties agree to respond to any generally available non-binding mediation procedure initiated by a data subject or by the authority. If they do participate in the proceedings, the parties may elect to do so remotely (such as by telephone or other electronic means). The parties also agree to consider participating in any other arbitration, mediation or other dispute resolution proceedings developed for data protection disputes.
- Each party shall abide by a decision of a competent court of the data exporter’s country of establishment or of the authority which is final and against which no further appeal is possible.
- In the event that the data importer is in breach of its obligations under these clauses, then the data exporter may temporarily suspend the transfer of personal data to the data importer until the breach is repaired or the contract is terminated.
- In the event that:
- the transfer of personal data to the data importer has been temporarily suspended by the data exporter for longer than one month pursuant to paragraph (a);
- compliance by the data importer with these clauses would put it in breach of its legal or regulatory obligations in the country of import;
- the data importer is in substantial or persistent breach of any warranties or undertakings given by it under these clauses;
- a final decision against which no further appeal is possible of a competent court of the data exporter’s country of establishment or of the authority rules that there has been a breach of the clauses by the data importer or the data exporter; or
- a petition is presented for the administration or winding up of the data importer, whether in its personal or business capacity, which petition is not dismissed within the applicable period for such dismissal under applicable law; a winding up order is made; a receiver is appointed over any of its assets; a trustee in bankruptcy is appointed, if the data importer is an individual; a company voluntary arrangement is commenced by it; or any equivalent event in any jurisdiction occurs then the data exporter, without prejudice to any other rights which it may have against the data importer, shall be entitled to terminate these clauses, in which case the authority shall be informed where required. In cases covered by (i), (ii), or (iv) above the data importer may also terminate these clauses.
- Either party may terminate these clauses if (i) any Commission positive adequacy decision under Article 25(6) of Directive 95/46/EC (or any superseding text) is issued in relation to the country (or a sector thereof) to which the data is transferred and processed by the data importer, or (ii) Directive 95/46/EC (or any superseding text) becomes directly applicable in such country.
- The parties agree that the termination of these clauses at any time, in any circumstances and for whatever reason (except for termination under clause VI(c)) does not exempt them from the obligations and/or conditions under the clauses as regards the processing of the personal data transferred.
VII. Variation of these clauses
The parties may not modify these clauses except to update any information in Annex B, in which case they will inform the authority where required. This does not preclude the parties from adding additional commercial clauses where required.
VIII. Description of the Transfer
The details of the transfer and of the personal data are specified in Annex B. The parties agree that Annex B may contain confidential business information which they will not disclose to third parties, except as required by law or in response to a competent regulatory or government agency, or as required under clause I(e). The parties may execute additional annexes to cover additional transfers, which will be submitted to the authority where required. Annex B may, in the alternative, be drafted to cover multiple transfers.
Dated: _these Standard Contractual Clauses are incorporated into the MSA, and have its effective dates.
DATA PROCESSING PRINCIPLES
- Purpose limitation: Personal data may be processed and subsequently used or further communicated only for purposes described in Annex B or subsequently authorised by the data subject.
- Data quality and proportionality: Personal data must be accurate and, where necessary, kept up to date. The personal data must be adequate, relevant and not excessive in relation to the purposes for which they are transferred and further processed.
- Transparency: Data subjects must be provided with information necessary to ensure fair processing (such as information about the purposes of processing and about the transfer), unless such information has already been given by the data exporter.
- Security and confidentiality: Technical and organisational security measures must be taken by the data controller that are appropriate to the risks, such as against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, presented by the processing. Any person acting under the authority of the data controller, including a processor, must not process the data except on instructions from the data controller.
- Rights of access, rectification, deletion and objection: As provided in Article 12 of Directive 95/46/EC, data subjects must, whether directly or via a third party, be provided with the personal information about them that an organisation holds, except for requests which are manifestly abusive, based on unreasonable intervals or their number or repetitive or systematic nature, or for which access need not be granted under the law of the country of the data exporter. Provided that the authority has given its prior approval, access need also not be granted when doing so would be likely to seriously harm the interests of the data importer or other organisations dealing with the data importer and such interests are not overridden by the interests for fundamental rights and freedoms of the data subject. The sources of the personal data need not be identified when this is not possible by reasonable efforts, or where the rights of persons other than the individual would be violated. Data subjects must be able to have the personal information about them rectified, amended, or deleted where it is inaccurate or processed against these principles. If there are compelling grounds to doubt the legitimacy of the request, the organisation may require further justifications before proceeding to rectification, amendment or deletion. Notification of any rectification, amendment or deletion to third parties to whom the data have been disclosed need not be made when this involves a disproportionate effort. A data subject must also be able to object to the processing of the personal data relating to him if there are compelling legitimate grounds relating to his particular situation. The burden of proof for any refusal rests on the data importer, and the data subject may always challenge a refusal before the authority.
- Sensitive data: The data importer shall take such additional measures (e.g. relating to security) as are necessary to protect such sensitive data in accordance with its obligations under clause II.
- Data used for marketing purposes: Where data are processed for the purposes of direct marketing, effective procedures should exist allowing the data subject at any time to “opt-out” from having his data used for such purposes.
- Automated decisions: For purposes hereof “automated decision” shall mean a decision by the data exporter or the data importer which produces legal effects concerning a data subject or significantly affects a data subject and which is based solely on automated processing of personal data intended to evaluate certain personal aspects relating to him, such as his performance at work, creditworthiness, reliability, conduct, etc. The data importer shall not make any automated decisions concerning data subjects, except when:
- (i) such decisions are made by the data importer in entering into or performing a contract with the data subject, and
- (ii) (the data subject is given an opportunity to discuss the results of a relevant automated decision with a representative of the parties making such decision or otherwise to make representations to that parties.
- (b) where otherwise provided by the law of the data exporter.
DESCRIPTION OF THE TRANSFER
The personal data transferred concern the following categories of data subjects: users of websites and mobile applications who are evaluated for or shown advertisements on Internet-connected devices.
Purpose(s) of the transfer:
The transfer is made for the following purposes: to enable performance of ZETA DSP services using technology based in the United States or India.
Categories of data:
The personal data transferred concern the following categories of data: bid request data; data indicating the data subject’s interests, purchase intents or behaviors, or demographic categories (collectively “Segments”); other data related to the likelihood or propensity of a data subject to respond to a particular advertisement.
The personal data transferred may be disclosed only to the following recipients or categories of recipients: Zeta DSP service providers who act as Processors and who are subject to appropriate contractual terms; as required by law to respond to duly issued warrants, subpoenas, or court orders; and to programmatic platforms, publishers, or third parties as needed to place and deliver addressable advertising.
The personal data transferred concern the following categories of sensitive data: sensitive data should not be provided by Customer to Zeta DSP unless Customer has duly obtained GDPR-compliant consent for the processing and transfer to Zeta DSP with respect to such data.
Data protection registration information for exporter:
Contact point for data protection inquiries (importer): firstname.lastname@example.org