DATA PROCESSING AGREEMENT
Monetise Media Limited is committed to the correct processing of data and has created the following Data Processing Agreement in accordance to the applicable Data Protection Laws. Please be aware the following agreement will hear on be known as Schedule 1.
||Has the meaning given to ‘Data Controller’, or ‘Controller’ as appropriate, in the Data Protection Laws;
||Means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed;
||Has the meaning given to ‘Data Processor’, or ‘Processor’ as appropriate, in the Data Protection Laws;
|“Data Protection Laws”
||Means any and all laws, statutes, enactments, orders or regulations or other similar instruments of general application and any other rules, instruments or provisions in force from time to time relating to the processing of personal data and privacy applicable to the performance of this Agreement, including where applicable the Data Protection Act 1998, the Data Protection Bill, the Regulation of Investigatory Powers Act 2000, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2426/2003) and the GDPR (Regulation (EU) 2016/679), as amended or superseded;
||Means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/EC as updated, superseded or repealed from the time to time;
||Has the meaning given in the Data Protection Laws.
(2) DATA PROCESSING
2.1 The Party shall comply with its obligations as a Data Controller or Processor under the applicable Data Protection Laws.
(3) DATA PROCESSING OBLIGATIONS
3.1 For the purposes of the applicable Data Protection Laws, the Publisher is the Data Controller and Monetise is the Data Processor.
3.2 Monetise will, on behalf of the Publisher and on the Publisher’s instructions as embodied in this Agreement, process Personal Data including but not limited to IP addresses for the purposes of fraud detection and prevention.
3.3 As the Data Processor of Personal Data on behalf of the Publisher, Monetise shall:
3.3.1 provide appropriate technical and organisational measures in such a manner as is designed to ensure the protection of the rights of the data subject and to ensure a level of security appropriate to the risk;
The Data Controller authorises the Data Processor to engage and transfer personal data to sub-processors provided that such transfers are for the purposes of providing the services.
3.3.2 not engage any sub-processor, other than an Authorised Processor as set out in this Agreement without the prior specific or general written authorisation of the Publisher (and in the case of general written authorisation; Monetise shall inform the Publisher of any intended changes concerning the addition or replacement of other processors, thereby giving the Publisher the opportunity to object to such changes);
3.3.3 remain fully liable to the Publisher for the performance of sub-processors obligations;
3.3.4 process that personal data only to perform its obligations under this Agreement or other documented instructions and for no other purpose save to the limited extent required by law;
3.3.5 on termination of this Agreement, at the Publisher’s option either return or destroy the personal data (including all copies of it) immediately;
3.3.6 ensure that all persons authorised to access the personal data are subject to obligations of confidentiality;
3.3.7 make available to the Publisher, at the Publisher’s cost all information necessary to demonstrate compliance with the obligations laid out in Article 28 of GDPR and this Schedule and allow for and contribute to audits, including inspections, conducted by the Publisher or another auditor mandated by the Publisher; provided that, in respect of this provision the Data Processor shall immediately inform the Publisher if, in its opinion, an instruction infringes Data Protection Laws;
3.3.8 taking into account the nature of the processing, at the Publisher’s cost, provide assistance to the Publisher, in connection with the fulfilment of the Publisher’s obligation to respond to requests for the exercise of data subjects’ rights pursuant to Chapter III of the GDPR to the extent applicable;
3.3.9 at the Publisher’s cost, provide the Publisher with assistance in ensuring compliance with articles 32 to 36 (inclusive) of the GDPR (concerning security of processing, data breach notification, communication of a personal data breach to the data subject, data protection impact assessments, and prior consultation with supervisory authorities) to the extent applicable to the Publisher, taking into account the nature of the processing and the information available to Monetise;
3.3.10 notify the Publisher without undue delay on becoming aware of a security breach in respect of Personal Data that it processes on behalf of the Publisher in writing if Monetise becomes aware of a Data Breach;
3.3.11 maintain a record of its processing activities in accordance with Article 30(1) of the GDPR;
3.3.12 allow the Publisher (or its appointed third party auditor), at the Publisher’s cost, to conduct an audit of compliance of this Schedule by Monetise pursuant to this Agreement no more frequently than once per year during the term and on at least 30 days’ notice to Monetise in advance (provided that Monetise shall be entitled to require that any third party auditor appointed to conduct such an audit enters into a confidentiality agreement with Monetise prior to such audit being conducted.
(4) INTERNATIONAL DATA TRANSFERS
In respect of any Personal Data to be processed by Monetise as a Data Processor pursuant to this Agreement for which the Publisher is a Data Controller, Monetise shall not transfer the Personal Data outside the EEA or to an international organisation without ensuring appropriate levels of protection, including any appropriate safeguards if required, are in place for the Personal Data in accordance with the Data Protection Laws
(5) DETAILS OF PROCESSING ACTIVITIES
5.1. As required by Article 28 of the GDPR if at any point you will be processing data on behalf of the Data Processor, please specify this to the Data Processor and they will pass you the relevant pre due diligence questions before moving forward this this activity.