Monetise Media Limited is committed to the correct processing of data and has created the following Data Processing Agreement in accordance to the applicable Data Protection Laws. Please be aware the following agreement will hear on be known as Schedule 1.




“Data Controller” Has the meaning given to ‘Data Controller’, or ‘Controller’ as appropriate, in the Data Protection Laws;


“Data Breach” Means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed;


“Data Processor” Has the meaning given to ‘Data Processor’, or ‘Processor’ as appropriate, in the Data Protection Laws;


Data Protection Laws” Means any and all laws, statutes, enactments, orders or regulations or other similar instruments of general application and any other rules, instruments or provisions in force from time to time relating to the processing of personal data and privacy applicable to the performance of this Agreement, including where applicable the Data Protection Act 1998, the Data Protection Bill, the Regulation of Investigatory Powers Act 2000, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2426/2003) and the GDPR (Regulation (EU) 2016/679), as amended or superseded;


“GDPR” Means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/EC as updated, superseded or repealed from the time to time;


“Personal Data” Has the meaning given in the Data Protection Laws.




2.1 The Parties shall each comply with their respective obligations under the applicable Data Protection Laws.




3.1 For the purposes of the applicable Data Protection Laws, the Advertiser is the Data Controller and Monetise is the Data Processor.

3.2 Monetise will, on behalf of the Advertiser and on the Advertiser’s instructions as embodied in this Agreement, process Personal Data including but not limited to IP addresses for the purposes of fraud detection and prevention.

3.3 As the Data Processor of Personal Data on behalf of the Advertiser, Monetise shall:

3.3.1 provide appropriate technical and organisational measures in such a manner as is designed to ensure the protection of the rights of the data subject and to ensure a level of security appropriate to the risk;

3.3.2 not engage any sub-processor, other than an Authorised Processor as set out in this Agreement without the prior specific or general written authorisation of the Advertiser (and in the case of general written authorisation; Monetise shall inform the Advertiser of any intended changes concerning the addition or replacement of other processors, thereby giving the Advertiser the opportunity to object to such changes);

3.3.3 remain fully liable to the Advertiser for the performance of that other processor’s obligations;

3.3.4 process that personal data only to perform its obligations under this Agreement or other documented instructions and for no other purpose save to the limited extent required by law;

3.3.5 on termination of this Agreement, at the Advertiser’s option either return or destroy the personal data (including all copies of it) immediately;

3.3.6 ensure that all persons authorised to access the personal data are subject to obligations of confidentiality;

3.3.7 make available to the Advertiser, at the Advertiser’s cost all information necessary to demonstrate compliance with the obligations laid out in Article 28 of GDPR and this Schedule and allow for and contribute to audits, including inspections, conducted by the Advertiser or another auditor mandated by the Advertiser; provided that, in respect of this provision the Data Processor shall immediately inform the Advertiser if, in its opinion, an instruction infringes Data Protection Laws;

3.3.8 taking into account the nature of the processing, at the Advertiser’s cost, provide assistance to the Advertiser, in connection with the fulfilment of the Advertiser’s obligation to respond to requests for the exercise of data subjects’ rights pursuant to Chapter III of the GDPR to the extent applicable;

3.3.9 at the Advertiser’s cost, provide the Advertiser with assistance in ensuring compliance with articles 32 to 36 (inclusive) of the GDPR (concerning security of processing, data breach notification, communication of a personal data breach to the data subject, data protection impact assessments, and prior consultation with supervisory authorities) to the extent applicable to the Advertiser, taking into account the nature of the processing and the information available to Monetise;

3.3.10 notify the Advertiser without undue delay on becoming aware of a security breach in respect of Personal Data that it processes on behalf of the Advertiser in writing if Monetise becomes aware of a Data Breach;

3.3.11 maintain a record of its processing activities in accordance with Article 30(1) of the GDPR;

3.3.12 allow the Advertiser (or its appointed third party auditor), at the Advertiser’s cost, to conduct an audit of compliance of this Schedule by Monetise pursuant to this Agreement no more frequently than once per year during the term and on at least 30 days’ notice to Monetise in advance (provided that Monetise shall be entitled to require that any third party auditor appointed to conduct such an audit enters into a confidentiality agreement with Monetise prior to such audit being conducted).




In respect of any Personal Data to be processed by Monetise as a Data Processor pursuant to this Agreement for which the Advertiser is a Data Controller, Monetise shall not transfer the Personal Data outside the EEA or to an international organisation without ensuring appropriate levels of protection, including any appropriate safeguards if required, are in place for the Personal Data in accordance with the Data Protection Laws.




Please request from Monetise Media Limited if you would like any information around the individual data controllers and the details of their processing activities.