DATA PROTECTION ADDENDUM
This Addendum will be effective and replace any previously applicable terms relating to their subject matter, as of the Agreement affective date.
If you are accepting this Addendum on behalf of Customer, you warrant that: (a) you have full legal authority to bind Customer to this Addendum; (b) you have read and understand this Addendum; and (c) you agree, on behalf of Customer, to this Addendum. If you do not have the legal authority to bind Customer, please do not accept this Addendum.
1.1 In this Addendum, the following terms shall have the meanings set out below and cognate terms shall be construed accordingly:
1.1.1 “Applicable Laws” means (a) European Union or Member State laws with respect to any Company Personal Data; and (b) any other applicable law with respect to any Company Personal Data;
1.1.2 “Company Personal Data” means any Personal Data Processed by a Contracted Processor on behalf of Company pursuant to or in connection with the Principal Agreement;
1.1.3 “Customer Personal Data” means any Personal Data Processed by a Contracted Processor on behalf of Customer pursuant to or in connection with the Principal Agreement;
1.1.4 “Contracted Processor” means Company, Customer or a Subprocessor;
1.1.5 “Subprocessor” means any third-party processor appointed by or on behalf of the parties (or by any other Subprocessor appointed by the parties) to Process Personal Data on behalf of either the Company and/or Customer in connection with the Principal Agreement.
1.1.6 “Data Protection Laws” means EU Data Protection Laws and, to the extent applicable, the data protection or privacy laws of any other country;
1.1.7 “EEA” means the European Economic Area;
1.1.8 “EU Data Protection Laws” means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR;
1.1.9 “GDPR” means EU General Data Protection Regulation 2016/679;
1.1.10 “Restricted Transfer” means:
184.108.40.206 a transfer of Company Personal Data from Company to a Contracted Processor; or
220.127.116.11 an onward transfer of Company Personal Data from a Contracted Processor to a Contracted Processor, or between two establishments of a Contracted Processor,
in each case, where such transfer would be prohibited by Data Protection Laws (or by the terms of data transfer agreements put in place to address the data transfer restrictions of Data Protection Laws) in the absence of a mechanism as approved by the European Commission to ensure adequate safeguards for Personal Data transferred from the EU to countries which the European Commission has not found to offer adequate protection for personal data;
1.1.11 “Services” means the services and other activities to be supplied to or carried out by or on behalf both the Customer and Company pursuant to the Principal Agreement;
1.2 The terms, “Commission”, “Controller”, “Data Subject”, “Member State”, “Personal Data”, “Personal Data Breach”, “Processing” and “Supervisory Authority” shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly.
1.3 The word “include” shall be construed to mean include without limitation, and cognate terms shall be construed accordingly.
2.1 This DPA reflect the parties’ agreement on the processing of Personal Data in connection with the Data Protection Laws.
2.2 Any ambiguity in this DPA shall be resolved to permit the parties to comply with all Data Protection Laws.
2.3 In the event and to the extent that the Data Protection Laws impose stricter obligations on the parties than under this DPA, the Data Protection Laws shall prevail.
3. Application of this DPA
3.1 This DPA will only apply to the extent all of the following conditions are met:
3.1.1 Company (or a Subprocessor on its behalf) processes Personal Data that is made available by the Customer in connection with the Principal Agreement.
3.1.2 Customer (or a Subprocessor on its behalf) processes Personal Data that is made available by the Company in connection with the Principal Agreement.
3.1.3 The Data Protection Laws applies to the processing of Personal Data.
3.1.4 This DPA will only apply to the Services for which the parties agreed to in the Agreement, which incorporates the DPA by reference.
4. Processing of Personal Data
4.1 Independent Controllers. Each party:
4.1.1 may act as an independent Controller of Personal Data under the Data Protection Laws and as such, will individually determine the purposes and means of its processing of Personal Data; and
4.1.2 will comply with the obligations applicable to it under the Data Protection Laws with respect to the processing of Personal Data.
4.1.3 instruct the Contracted Processor (and authorise it to instruct each Subprocessor) with respect to the processing of its Personal Data and/or the transfer of Personal Data to any country or territory, as reasonably necessary for the provision of the Services and consistent with the Principal Agreement.
4.2 Contracted Processors. Each Party shall:
4.2.1 comply with all applicable Data Protection Laws in the Processing of each other’s Personal Data; and
4.2.2 not Process each other’s Personal Data other than on documented instructions unless Processing is required by Applicable Laws to which the relevant Contracted is subject, in which case it shall, to the extent permitted by Applicable Laws, inform the other Party of that legal requirement before the relevant Processing of that Personal Data.
4.3 Sharing of Personal Data. In performing its obligations under the Principle Agreement, a Party may provide Personal Data to the other Party. Each party shall process Personal Data only for (i) the purposes set forth in the Principle Agreement or as (ii) otherwise agreed to in writing by the parties, provided such processing strictly complies with (iii) Data Protection Laws, (ii) Relevant Privacy Requirements and (iii) its obligations under this DPA (the “Permitted Purposes”). Each Party shall not knowingly share any Personal Data with the other Party (i) that allows Data Subjects to be directly identified (for example by reference to their name and e-mail address); (ii) that contains Personal Data relating to children under 13 years.
4.5 Data Subject Rights. It is agreed that where either party receives a request from a Data Subject in respect of Personal Data controlled by such Party, then such Party shall be responsible to exercise the request, in accordance with Data Protection Laws.
5. Personal Data Transfers
5.1 Transfers of Personal Data Out of the European Economic Area. Either party may transfer Personal Data outside the European Economic Area if it complies with the provisions on the transfer of Personal Data to third countries in the Data Protection Laws (such as through the use model clauses or transfer of Personal Data to jurisdictions as may be approved as having adequate legal protections for data by the European Commission).
6. Security and Protection of Personal Data
6.1 The parties will provide a level of protection for Personal Data that is at least equivalent to that required under Data Protection Laws. Both parties shall implement appropriate technical and organizational measures to protect the Personal Data. In the event that a party suffers a confirmed Security Incident, each party shall notify the other party without undue delay and the parties shall cooperate in good faith to agree and action such measures as may be necessary to mitigate or remedy the effects of the Security Incident.
7.1 Company authorises Customer (as a Contracted Processor) to appoint (and permit each Subprocessor appointed in accordance with this section to appoint) Subprocessors in accordance with this section and any restrictions in the Principal Agreement.
7.2 Customer may continue to use those Subprocessors already engaged by Customer as of the date of this Addendum, subject to Customer in each case as soon as practicable meeting relevant the obligations set out in this Addendum.
7.3 Customer shall give Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within 30 days of receipt of that notice, Company notifies Customer in writing of any objections (on reasonable grounds) to the proposed appointment, Customer will not appoint (nor disclose any Company Personal Data to) the proposed Subprocessor except with the prior written consent of Company.
7.4 With respect to each Subprocessor, Customer shall:
7.4.1 before the Subprocessor first Processes Company Personal Data, carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Company Personal Data required by the Principal Agreement;
7.4.2 ensure that the arrangement between on the one hand (a) Customer, or (b) the relevant intermediate Subprocessor; and on the other hand, the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Company Personal Data as those set out in this Addendum and meet the requirements of article 28(3) of the GDPR;
7.4.3 if that arrangement involves a Restricted Transfer, ensure the use of an approved mechanism for achieving adequacy, and
7.4.4 provide to Company for review such copies of the Contracted Processors’ agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Company may request from time to time.
8. Data Protection Impact Assessment and Prior Consultation
8.1 Customer shall provide reasonable assistance to Company with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which Company reasonably considers to be required by article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of Company Personal Data by, and taking into account the nature of the Processing and information available to, the Contracted Processors.
9. Deletion or return of Company Personal Data
9.1 Subject to sections 9.2 and 9.3 Customer shall promptly delete and procure the deletion of all copies of Company Personal Data upon cessation of any Services involving the Processing of Company Personal Data.
9.2 Each Contracted Processor may retain Company Personal Data to the extent required by Applicable Laws and only to the extent and for such period as required by Applicable Laws and always provided that Customer shall ensure the confidentiality of all such Company Personal Data and shall ensure that such Company Personal Data is only Processed as necessary for the purpose(s) specified in the Applicable Laws requiring its storage and for no other purpose.
9.3 Customer shall provide written certification to Company that it has fully complied with this section 10.
10.1 Notwithstanding anything else in the Agreement, the total liability of either party towards the other party under or in connection with this DPA will be limited to the maximum monetary or payment-based amount at which that party’s liability is capped under the Agreement (for clarity, any exclusion of indemnification claims from the Agreement’s limitation of liability will not apply to indemnification claims under the Agreement relating to the Data Protection Laws).
11. General Terms
Governing law and jurisdiction
11.1.1 the parties to this Addendum hereby submit to the choice of jurisdiction stipulated in the Principal Agreement with respect to any disputes or claims howsoever arising under this Addendum, including disputes regarding its existence, validity or termination or the consequences of its nullity; and
11.1.2 this Addendum and all non-contractual or other obligations arising out of or in connection with it are governed by the laws of the country or territory stipulated for this purpose in the Principal Agreement.
Order of precedence
11.2 Nothing in this Addendum reduces Customer’s obligations under the Principal Agreement in relation to the protection of Personal Data or permits Customer to Process (or permit the Processing of) Personal Data in a manner which is prohibited by the Principal Agreement. In the event of inconsistencies between the provisions of this Addendum and any other agreements between the parties, including the Principal Agreement and including (except where explicitly agreed otherwise in writing, signed on behalf of the parties) agreements entered into or purported to be entered into after the date of this Addendum, the provisions of this Addendum shall prevail.
Changes in Data Protection Laws
11.3 Company may propose any variations to this Addendum which Company reasonably considers to be necessary to address the requirements of any Data Protection Law.
11.4 If Company gives notice under section 11.4, the parties shall promptly discuss the proposed variations and negotiate in good faith with a view to agreeing and implementing those or alternative variations designed to address the requirements identified in Company’s notice as soon as is reasonably practicable.
11.5 Should any provision of this Addendum be invalid or unenforceable, then the remainder of this Addendum shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability while preserving the parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.
If you would like to go directly to “Your Privacy Rights, Choice and Access”, please click here. If you would like to go directly to “Managing Cookies (“Opt-Out”) or Unsubscribing”, please click here.
The Service is offered by Intango Ltd. and its subsidiaries and affiliated companies (collectively, “Revenue Hits” or ‘Intango” or “we “, “us”,“our”).
QUICK GUIDE TO CONTENT
* Information we collect * Cookies
* How we use the Information we collect
* Sharing of Information
* Online Behavioral Advertising
* Your Privacy Rights, Choice and Access
* Managing Cookies (“Opt-Out”) or Unsubscribing
* Data Retention and Deletion
* Security of your Information
* Other Sites
* Consent to Processing and Transfer of Information
* Contact Us
1) Information we collect
Whenever you visit or interact with the Service or Site, we, as well as similar third-party vendors and/or service providers alike, may use a variety of technologies that automatically or passively collect information about how the Service is accessed and used (“Usage Information”).
Usage Information may include, in part, browser type, operating system, device type, an estimation of your geographic location associated with your IP address, the page served, the time, referring URLs and other information normally transmitted in HTTP requests.
This statistical data provides us with information about the use of the Service, such as how many visitors visit a specific web-page on which the Service is used, how long they stay on that page, the type of content on that page.
We may also automatically collect the internet protocol (“IP“) address or other identifier (“Device Identifier“) for each computer, mobile device, technology or other device (collectively, “Device“) you use to access the Service.
Our Service uses several different technologies to collect Usage Information, including Device Identifiers. These may include, without limitation:
Cookies are small text files placed on a Device when the Device is used to visit the Service or the Site. We may place cookies or similar files on your Device for security purposes, to facilitate site navigation and to personalize your experience while using the Service, such as showing you specific offer(s) that we think will be of interest to you.
If you would prefer not to accept cookies, you can do this by activating the settings on your browser that allows you to refuse the setting of all or some cookies.
However, if you use your browser settings to block all cookies, please be aware that some functions and features of the Service may not work properly because we may not be able to recognize and associate you with your account.
As is true of most web sites, we may gather certain information automatically and store it in log files. This information may include IP addresses, browser type, internet service provider, referring/exit pages, operating system, date/time stamp and clickstream data.
We use this information, which does not identify individual users, to analyze trends, to detect fraud, administer the site, to track users’ actions around the Site and to gather demographic information about our user base as a whole.
A pixel tag is a transparent graphic image, sometimes called a web beacon or tracking beacon, placed on a web page or in an e-mail, which indicates that a page or e-mail has been viewed. We do link Personal Information provided to us through the Service to Personal Information. In addition, a pixel tag may tell your browser to get content from another server.
Information you provide to us
In addition to the information we collect automatically, we may ask you to provide Personal Information when you sign up for the Service or otherwise communicate or interact with us.
We may also ask you to provide other information about yourself, such as name, e-mail address and phone number. If you apply to become a customer, we may request additional information from you via application forms, insertion orders and/or other forms.
If you do not want your Personal Information collected, please do not submit it.
2) How we use the Information we collect
We use the information we collect about and from you for a variety of business purposes, including for example: to respond to your questions and requests; to provide you with access to certain functions and features of the Service; to provide and maintain your platform account(s); to verify your identity; to communicate with you about your account and activities using the Service and, in our sole discretion for marketing or solicitation purposes, to communicate changes to one of our policies; to tailor content or offer(s) we serve you; to improve the Service for internal business purposes; to process applications and transactions; and for other lawful purposes we may disclose at the time you provide your Personal Information or to which you otherwise consent.
3) Sharing of Information
We may disclose Personal Information as follows:
* To any current or future affiliates, parent companies, or subsidiaries.
* To vendors, service providers, agents, contractors, or others who perform functions (e.g., maintenance, data analysis, customer relationship management, email marketing, surveys, credit card processing, data hosting, or fraud detection) on our behalf.
* To Customers. For example, we may provide advertisers with information to inform them about conversion rates for analytics purposes.
We may also disclose Personal Information when legally required to do so, to cooperate with law enforcement investigations or other legal proceedings, to protect against misuse or unauthorized use of the Website, to limit our legal liability and protect our rights or to protect the rights, property or safety of users of this Site, the Service or the public.
In addition, we may share non-Personal Information, such as aggregate user statistics, demographic information and Usage Information with third parties.We may combine your Usage Information with those of other users of the Service in order to share trend information with third parties, in aggregated and anonymized form.
4) Online Behavioral Advertising
5) Your Privacy Rights and Choices
Your Privacy Rights and Choices We will provide reasonable opportunity for individuals to access, update, or delete Personal Information about them that we have in our possession. We will not use Personal Information provided to us for purposes incompatible with the purpose for which it was provided without obtaining authorization from the subject of the information.
Individuals’ principal rights under data protection law are:
(a) the right to access;
(b) the right to rectification;
(c) the right to erasure;
(d) the right to restrict processing;
(e) the right to object to processing;
(f) the right to data portability;
(g) the right to complain to a supervisory authority; and
(h) the right to withdraw consent.
You have the right to confirmation as to whether or not we process your Personal Information and, where we do, access to the Personal Information, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of Personal Information concerned and the recipients of the Personal Information. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your Personal Information. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
Right to Erasure – In some circumstances you have the right to the erasure of your Personal Information. Those circumstances include: The Personal Information is no longer necessary in relation to the purposes for which it was collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed.
There are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims.
In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defense of legal claims; and you have objected to processing, pending the verification of that objection.
Where processing has been restricted on this basis, we may continue to store your Personal Information. However, we will only otherwise process it: with your consent; for the establishment, exercise or defense of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
You have the right to object to our processing of your Personal Information for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
To the extent that the legal basis for our processing of your personal data is:
(a) consent; or
(b) that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, and such processing is carried out by automated means, you have the right to receive your Personal Information from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection.
To the extent that the legal basis for our processing of your Personal Information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
***You may exercise any of your rights in relation to your Personal Information or send us an inquiry regarding your Privacy Rights and Choices by written notice to us at
Please note that –
i. It may take time to process email requests consistent with applicable law (but no longer than 30 days after receipt of a request); and
ii. You cannot “opt-out” of transactional or relationship messages sent to registered users of the Service or those who have engaged in transactions with us (e.g., account notifications).
In accordance with our routine record keeping, we may delete certain records that contain Personal Information you have submitted through the Service. We are under no obligation to store such Personal Information indefinitely and disclaim any liability arising out of, or related to, the destruction of such Personal Information.
In addition, you should be aware that it is not always possible to completely remove or delete all of your information from our databases without some residual data because of backups and other reasons.
6) Managing Cookies (“Opt-Out”) or Unsubscribing
https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
(e) https://support.apple.com/kb/PH21411 (Safari); and
https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).Blocking all cookies will have a negative impact upon the usability of many websites.If you block cookies, you might not be able to use all the features on our websites.You may unsubscribe from our marketing communications by sending us email us at
firstname.lastname@example.org. Please note that Customers cannot opt out of receiving transactional emails related to their account with us or the subscription Service.
7) Data Retention and Deletion
We will not retain data longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations.We retain identifiable data, which is directly collected for purposes of providing our service to Customers or serving content to end-users, for twenty-four (24) months from the end-user’s last interaction with our Service, after which time we will either de-identify the data by removing unique identifiers or aggregating the data, or simple delete it.We may retain aggregated data, which cannot identify an individual or device and is used for purposes of reporting and analysis, for as long as
The Service is not directed to children under 13. We do not knowingly collect Personal Information from anyone under 13 years of age. If we determine upon collection that a user is under 13, we will not use or maintain his/her Personal Information without the parent/guardian’s consent. If we become aware that we have unknowingly collected Personal Information from a child under the age of 13, we will make reasonable efforts to delete such information from our records.If you’re a kid, please don’t register to any of our Services or Platform’s.
9) Security of Your Information
We maintain tight controls over all the data we collect, retaining it in secured databases with limited and controlled access rights, to ensure it is secure.Where we have given you (or where you have chosen) a password that enables you to access certain features of the Service, you are responsible for keeping this password confidential.Please remember that unfortunately, the transmission of information via the internet is not completely secure, so although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted via the Service; any transmission is at your own risk.Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
10) Other Sites
The Service may contain links to other sites that we do not own or operate. This includes links from customers, sponsors and partners We do not control, recommend or endorse and are not responsible for these sites or their content, products, services or privacy policies or practices. These other web sites may send their own cookies to your Device, they may independently collect data or solicit Personal Information and may or may not have their own published privacy policies. You should also independently assess the authenticity of any site that appears or claims that it is a part of the Service.
11) Consent to Processing and Transfer of Information
Given that we are an international business, our use of your information may involve the transmission of data on an international basis. If you are located in the European Union, please be aware that information we collect may be transferred to and processed outside the European Union. By using the Service, or providing us with any information, you consent to the collection, processing, maintenance and transfer of such information in and to the United States and other applicable territories in which the privacy laws may not be as comprehensive as or equivalent to those in the country where you reside and/or are a citizen.
13) Contact Us