This Data Processing Agreement ( DPA) is between Partner and Monetizus (as defined under the Terms and Conditions) and forms an integral part of Terms and Conditions available at https://www.monetizus.com / . Partner and Monetizus are hereinafter jointly referred to as the “Parties”. In the event of any conflict between this DPA and the Terms and Conditions, the terms of this DPA shall prevail. This Agreement only applies to the extent that the EU Data Protection Law applies to the Processing of Personal Data under this Agreement, including if (a) the Processing is carried out in the context of the activities of an establishment of either Party in the European Economic Area (“EEA”), and/or (b) the Personal Data relates to Data Subjects who are in the EEA and the Processing relates to the offering to them of goods or services or the monitoring of their behavior in the EEA.
- DEFINITIONS: “Controller” or “Data Controller” means the entity that determines the purposes and means of the Processing of Personal Data.“Processor” or “Data Processor” means the entity which Processes Personal Data on behalf of the Data Controller.“Data Subject” means the individual to whom Personal Data relates, including End Users.“End User” means the end user of an internet connected device, such as a visitor to a web page, a user of a mobile app, or a user of an IoT device, or a visitor on advertisement or campaign webpage.“GDPR” means Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (also known as “General Data Protection Regulation”).“Personal Data” means any information relating to an identified or identifiable person as defined in Article 4.1 of the GDPR.“Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction (“Process”, “Processes” and “Processed” shall have the same meaning).“Sub-Processor” means any Data Processor engaged by the Processor.“Services” means services provided by the Yeesshh in accordance with the general legal terms mentioned above.
- RIGHTS OF DATA SUBJECTS: Monetizus shall notify Partner via e-mail if he receives a request from a Data Subject in the subject of access to, correction, amendment, deletion of or objection to the processing of that Data Subject’s Personal Data. Monetizus shall not respond to any such Data Subject request without Partner’s prior written consent, except in order to confirm that the request relates to the Partner.To the extent that Partner responds to any such Data Subject request, Monetizus shall provide Partner, to the extent required by law, with commercially reasonable cooperation and assistance in relation to handling of a Data Subject’s request, to the extent legally permitted.Monetizus reserves the right to charge additional fees in relation to the cooperation with the Partner in regard to this DPA.Monetizus’s staff: Monetizus shall ensure that its personnel engaged in the Processing of Personal Data is informed of the confidential nature of the Personal Data, has received appropriate training on their responsibilities and is subject to obligations of confidentiality. Such obligations shall survive the termination of that individual’s engagement with the Monetizus.Monetizus shall ensure that access to Personal Data is limited only to those members of personnel who require that access in order to fulfil Monetizus obligations under the Terms and Conditions.
- SECURITY: Pursuant to Article 28, Section 3(c) of the General Data Protection Regulation, the Monetizus shall take the measures required by the Article 32 of the GDPR.Monetizus shall provide sufficient guarantees of implementation of the appropriate technical and organizational measures in a manner that the processing will meet the requirements of the GDPR and ensure the protection of the rights of the Data Subject.Monetizus imposes appropriate contractual obligations upon its personnel that engages in the Processing of Personal Data, including relevant obligations regarding confidentiality, data protection and data security. Monetizus ensures that its applicable personnel has been properly informed of the confidential nature of the Personal Data, has received appropriate training and has executed written confidentiality agreements. Monetizus will further ensure that such confidentiality agreements will survive the termination of employment or another form of engagement of its personnel.
- AUDIT RIGHTTo the extent that the applicable law requires Partner to be in a position to monitor the adequate Processing of Personal Data, Partner as the Partner have the right to request an audit from Monetizus to the extent necessary to review whether Monetizus and our Sub-Processors are compliant with the following regulations: (i) any provisions of the Law, (ii) the terms of this DPA, and (iii) Partner’s instructions.Monetizus may provide Partner with a copy of its most recent third-party audits or certifications issued by an independent, third-party auditor, as applicable, or any summaries thereof in order to fulfil Partnerr audit rights. If an audit is required by law and where its requirements cannot be fulfilled by the provision of such certification, Partner may conduct, either by Partnerrself or through a third party independent contractor selected by Partner at Partnerr expense, an on-site audit of the Monetizus. Such audit may be conducted subject to the following terms: (i) the audit will be pre-scheduled in writing with Monetizus at least 30 days in advance and will be performed once a year at most; (ii) if applicable, all of Partners personnel performing the audit, whether employed or contracted by Partner, will execute a Monetizus standard non-disclosure agreement prior to the initiation of the audit, and a third party auditor will in addition execute a non-competition undertaking; (iii) Partner will undertake all necessary measures to ensure and verify that the auditors do not access, disclose or compromise the confidentiality and security of Personal Data other than Partnerr Personal Data on Monetizus’s information and network systems; (iv) Partner will take all necessary measures to prevent any damage or interference with Monetizus or its service providers’ information and network systems; (v) Partner will bear all costs and assume responsibility and liability for the audit and for any failures or damage caused as a result thereof; and (vi) any audit activities on Monetizus third-party service providers’ information systems will be pre-scheduled and agreed on with the applicable providers; (vii) Partner will keep the audit results in strict confidentiality, use them solely for the specific purposes of the audit under this Section 6 and the GDPR will not use the results for any other purpose, or share them with any third party, without the Monetizus’s prior explicit written confirmation; (viii) If Partner are required to disclose the audit results to a competent authority, Partner will provide the Monetizus with a prior written notice, explaining the details and necessity of the disclosure, as well as provide all further necessary assistance to prevent such disclosure.
- SECURITY BREACH MANAGEMENT AND NOTIFICATIONIf Monetizus becomes aware of any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to any Personal Data transmitted, stored, or otherwise Processed on Monetizus equipment or in Monetizus facilities (“Security Breach”), Monetizus will promptly: (i) notify the Partner of the Security Breach; (ii) investigate the Security Breach and provide Partner with all relevant information about the Security Breach; and (iii) take all commercially reasonable steps to mitigate the effects and minimize any damage resulting from the Security Breach.
- SUBPROCESSING AND TRANSBORDER DATA TRANSFERSPartner authorizes Monetizus to appoint Sub-Processors in order to provide the Services. Monetizus may continue to use the Sub-Processors already engaged by the Monetizus according to this DPA.Monetizus may integrate the Partner’s services with external service providers’ platforms for the purpose of providing its Services, on Partner’s behalf and for the purposes of serving the Partner’s interests, where such external service providers may be Sub-Processors, which Partner hereby agrees to. A full list of such Sub-Processors is available upon the Partner’s written request directed to the Monetizus. Notwithstanding the provisions above, Partner hereby authorize Monetizus to subcontract the Processing to the Sub-Processors based outside of the European Economic Area (EEA) to the extent necessary to duly perform the Service(s), under the condition that the Sub-Processors will provide sufficient guarantees in relation to the required level of data protection, e.g. through a Privacy Shield certification according to the EU Commission Decision 2016/1250, or a subcontracting agreement based on the standard contractual clauses launched by virtue of the EU Commission Decision on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC or GDPR (the “Model Contract Clauses”), or based on other applicable transborder data transfer mechanisms.
- OTHERSTerm: This Agreement shall become effective as of May 25, 2018. Partner authorizes Monetizus to retain Personal Data for a period of 3 months from the date of its collection on Partner’s behalf and for the purpose of serving its interests, including for fraud prevention, ad security services, reporting services, complaints or chargebacks handling. This data may be deleted from Monetizus servers after this retention period and/or after the termination of Agreement or earlier, at Partner written request.Notices: If Partner wish to make any inquiries about this Agreement, please contact [email protected]. Liability: Partner shall indemnify and hold Monetizus, its officers, directors, employees, contractors, and agents harmless from and against all claims, liabilities, administrative fines, suits, judgments, actions, investigations, settlements, penalties, fines, damages and losses, demands, costs, expenses, and fees including reasonable attorneys’ fees and expenses, arising out of or in connection with any claims, demands, investigations, proceedings, or actions brought by data subjects, legal persons (e.g., corporations and organizations), or supervisory authorities under the data protection laws that apply to Monetizus in respect of processing of Personal Data on behalf of Partner through Services.The liability of each party under this Agreement shall be subject to the exclusions and limitations of liability set out in the legal terms.Governing law:This Agreement shall be governed by, and is construed in accordance with, the laws of Hong Kong, without giving any effect to any choice of law and provisions thereof that would cause the application of the laws of any other jurisdiction.