Glispa GmbH (company no HRB 114678 B) whose registered office is at Sonnenburger Str.73, 10437 Berlin, Germany (“Glispa”) and the legal entity who signed up to the Glispa Connect Platform (“Publisher”) in accordance with Glispa Connect Terms and Conditions on Relations with Publishers (the “Initial Agreement”) agree to supplement the terms of the Initial Agreement by this Glispa Connect Data Protection Addendum (“Addendum”).

DEFINITIONS

In this Addendum:

  • “Controller” shall have the meaning given to that term in the Data Protection Laws.
  • “Data Protection Laws” means (a) the EU General Data Protection Regulation (2016/679); and (b) the EU ePrivacy Directive (2002/58/EC), in each case as supplemented or amended from time to time in a member state of the European Union, or in England and Wales.
  • “Data Subject” shall have the meaning given to that term in the Data Protection Laws.
  • “End Publisher” means, where the Publisher acts as an agent on behalf of third parties, the publisher that originally collects Personal Data from an End User.
  • “End User” means an individual user of a mobile device to whom Shared Data relates.
  • “End User Request” means a request by an end user to exercise their rights in relation to Personal Data under the Data Protection Laws.
  • “Personal Data” means any data relating to an identified or identifiable individual that are within the scope of protection as “personal data” under the Data Protection Laws.
  • “Relevant Privacy Requirements” mean all (i) applicable laws, governmental regulations and court or government agency orders and decrees relating in any manner to the collection, use or dissemination of information from or about users, user traffic or otherwise relating to privacy rights or with respect to the sending of marketing and advertising communications; (ii) posted privacy policies; and (iii) for mobile applications, the terms of service for the applicable mobile operating system.
  • “Standard Contractual Clauses” means standard contractual clauses for the transfer of Personal Data to third countries approved by the European Commission Decision C(2004) 5271

 

DATA SHARING

  • The Parties acknowledge they shall each be independent Controllers of Personal Data that is shared under the terms of this Addendum or the Initial Agreement (the “Shared Data”). Where the Publisher acts as an intermediary on behalf of any End Publisher, the Parties acknowledge that the End Publisher shall also be a Controller of the Shared Data originating from the End Publisher.
  • Each Party shall process Shared Data only for (a) the purposes set forth in the Initial Agreement or as (b) otherwise agreed in writing by the Parties, provided such processing strictly complies with (i) Data Protection Laws, (ii) Relevant Privacy Requirements and (iii) its obligations under this Initial Agreement.
  • The Parties acknowledge that the Shared Data shall include those categories set out in the Schedule. Neither Party shall share with the other any Personal Data that (a) may be considered to be a “sensitive category of personal data” under the Data Protection Laws; (b) relates to an End User under the age of 16 years; or (c) contains direct identifiers such as an End User’s name.

COMPLIANCE WITH DATA PROTECTION LAWS

  • Each Party shall comply with the obligations of a Controller under the Data Protection Laws in connection with its processing of the Shared Data, including by making available a privacy notice that satisfies the transparency requirements under the Data Protection Laws.
  • The Publisher warrants and represents that in respect of the Shared Data transferred to Glispa (a) it has provided End Users (or ensured the End Publishers have so provided) with appropriate transparency information regarding data collection and use, and (b) where consent is required to be collected from End Users under the Data Protection Laws, it has collected a valid consent (or ensured the End Publishers have done so) in accordance with the Data Protection Laws.
  • Glispa shall direct any End User Request that it receives to the Publisher in order for the Publisher to respond directly to the End User Request.
  • The Publisher shall procure that End Publishers are required to comply with obligations substantially similar to those in this Clause 3 (Compliance with Data Protection Laws ).

 

INTERNATIONAL DATA TRANSFERS

  • Neither Party shall transfer any Shared Data (nor permit any Shared Data to be transferred) to a territory outside of the European Economic Area (“EEA”) unless it has taken such measures as are necessary to ensure the transfer is in compliance with Data Protection Laws. Such measures may include (without limitation) transferring Shared Data (i) to a recipient in a country that the European Commission has decided provides adequate protection for personal data, (ii) to a recipient in the United States that has certified compliance with the EU-US Privacy Shield framework.
  • Except with regard to the Shared Data transferred from one Party to the other Party in reliance on the appropriate transfer mechanism specified in Section 4.1. above, the Standard Contractual Clauses shall apply to the recipient’s processing of Shared Data in countries outside the EEA that do not provide an adequate level of data protection. To the extent that the Parties transfer Shared Data in reliance on the Standard Contractual clauses, the Standard Contractual Clauses shall be deemed completed and signed by the Parties by the execution of this Addendum. At the reasonable request of a Party, including in order to evidence compliance with the Data Protection Laws, the Parties agree to execute the Standard Contractual Clauses separately.

MISCELLANEOUS

This Addendum shall be governed by the law stipulated in the Initial Agreement.

 

Schedule

Data Subjects
The Shared Data may concern the following minimum categories of Data Subjects:

  • Mobile Users

Categories of Personal Data

  • IP Address
  • Identifier for advertiser (e.g. Google Advertiser ID or Apple Advertiser ID)
  • Device identifier