AMENDMENT NO.1 TO THE DPA/AGREEMENT
This amendment No. 1 (this “Amendment”) amends and/or supplements the Data Processing Addendum (the “DPA”) incorporated within the commercial agreement (the “Agreement”) or signed separately between DT (as defined below) and the entity engaged with DT under the Agreement (the “Business”). If a DPA was not executed by the parties, this Amendment will amend and supersede the data processing provisions included in the Agreement that address Personal Information Processing in connection with the provision of the Services (as defined below) by DT.
This Amendment will become effective as of January 1, 2023 (the “Effective Date”). The Business’s continued use of the Services on and following the Effective Date without objection will indicate Business’s agreement to the terms of this Amendment.
If the Business does not agree to any of the provisions under this Amendment, the Business’s sole remedy is to discontinue the use of the service(s) described in the Agreement (the “Services”).
Each party to this Amendment may be referred to as a “party” and collectively as the “parties”. All capitalized terms not otherwise defined in this Amendment will have the meanings ascribed to them in the DPA, the Agreement, or Information Privacy Laws (as defined below), as applicable.
NOW THEREFORE, in consideration of the foregoing premises, and the terms and conditions set forth below, the sufficiency of which have been acknowledged by the Business and DT, the parties agree as follows:
1.1. “Business Personal Information” means as such term, or any similar term referring to Personal Information Processed by DT on the Business’s behalf, is defined under the DPA or the Agreement, and to the extent that the Agreement or DPA does not include such term – any Personal Information Processed by DT on behalf of the Business as a Service Provider or Processor in connection with the provision of the Services to the Business under the Agreement.
1.2. “Information Privacy Laws” means as such term or any similar term referring to privacy or data protection laws and regulations as defined under the Agreement, and to the extent that the Agreement does not include such term – all laws and regulations worldwide, which apply to the respective party’s Processing of Personal Information.
1.3. “DT” means the relevant entity engaged under the Agreement or DPA and may be one or more of the DT entities listed in APPENDIX A attached hereto.
1.4. “Other Processor” as such term, or any similar term referring to a third-party service provider engaged by DT for the purpose of Processing Personal Information on the Business’s behalf, is defined under the Agreement, and to the extent that the Agreement does not include such term – any third-party service provider engaged by DT for the purpose of Processing Business’s Personal Information on behalf of the Business.
1.5. “Individual” means as such term, or any similar term referring to a natural person who is the subject of the Business Personal Information as defined under the Agreement, and to the extent that the Agreement does not include such term – as such term or any similar term referring to such a person is defined under Information Privacy Laws.
1.6. “Personal Information” means as such term or any similar term referring to information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Individual or household, and to the extent that the Agreement does not include such term – as such term or any similar term referring to such information is defined under Information Privacy Laws.
2. Modifications to the DPA. To the extent required under Information Privacy Laws, the following provisions are added to the Agreement, and where a provision (or a substantially similar provision) already exists under the Agreement, the following provisions will replace it:
2.1. The Business and DT acknowledge that: (A) Business Personal Information is disclosed to DT only for the limited Business Purpose of DT providing the Services, as described here, to the Business (the “Purpose”); and (B) Business is not Selling the Business Personal Information to DT.
2.2. The Business will notify DT of any valid request received from an Individual pursuant to Information Privacy Laws that DT must comply with and will provide all information necessary for DT to comply with such a request.
The Business instructs DT to create and use De-identified Information for the provision of the Services (as good practice, and in line with data protection by design and by default principles, DT may de-identify the Business Personal Information prior to using such information to provide the Services to the Business). DT may further use such De-identified Information for DT’s legitimate Business Purposes, including for testing, development, controls, and operations of DT’s services.
For the purpose of this section, “De-identified Information” means the Business Personal Information that has been de-identified or aggregated by DT, so that it cannot reasonably be associated with, or be used to identify, a particular Individual or Household, and will include anonymized information (as defined under Information Privacy Laws); provided that DT: (A) has implemented commercially reasonable measures to ensure that the information cannot be associated with an Individual or Household to which such information may pertain; (B) maintains and uses the information in de-identified form and does not attempt to re-identify such information (other than for the purpose of determining whether DT’s de-identification processes satisfy applicable requirements under Information Privacy Laws); and, (C) uses commercially reasonable measures to contractually obligate all third-parties with whom DT shares such information to comply with all of DT’s commitments specified under sub-sections (A)-(C) above.
2.3. DT will: (A) comply with all provisions under Information Privacy Laws applicable to DT, including with respect to providing the same level of protection to the Business Personal Information as required under Information Privacy Laws; and, (B) notify the Business no later than within five (5) business days after determining that DT can no longer meet its obligations under Information Privacy Laws with respect to the Business Personal Information.
2.4. DT will not: (A) Sell the Business Personal Information; (B) Share (within the meaning thereof under Information Privacy Laws) the Business Personal Information other than with DT’s Other Processors in accordance with the Agreement; and, (C) unless otherwise permitted under Information Privacy Laws, retain, use, or disclose the Business Personal information: (i) for any purposes other than those specified under the Agreement; (ii) for any commercial purpose other than the Purpose, including in providing services to other customers of DT; or, (iii) outside the direct business relationship between the Business and DT.
2.5. The Business may: (A) take reasonable and appropriate steps to ensure that DT uses the Business Personal Information in a manner consistent with the Business’s obligations under Information Privacy Laws; and, (B) upon notice, take reasonable and appropriate steps to stop and remediate DT’s unauthorized use of the Business Personal Information.
2.6. Except as expressly provided herein, the terms and provisions of the Agreement or DPA, as applicable, shall remain in full force and effect.
Digital Turbine USA, Inc.
Inneractive Europe Ltd.
AdColony India Private Limited
Fyber Monetization Ltd.
Digital Turbine Media, Inc.
AdColony Holding AS
Inneractive USA, Inc.
Mobile Posse, Inc.
AdColony Holdings US, Inc.
Digital Turbine (EMEA) Ltd.
Digital Turbine Singapore Pte Ltd.
Fyber GmbH Triapodi Inc.
Mobilike Mobil Reklam Pazarlama ve Ticaret A.S.
AdColony Korea Ltd.
AdColony Japan LLC
Fyber Media GmbH
AdColony Singapore Pte. Ltd.
AdColony Ireland Ltd.
Fyber RTB GmbH
AdColony Poland sp.z.o.o
AdColony Ireland Ltd.