Fyber Master Service Agreement for Demand Partners

Preamble

This Master Service Agreement for Demand Partners (“MSA”) is incorporated in and forms an integral part of the applicable Service Order entered between the Fyber entity that provides the applicable Service (“Fyber”, “we”) and the entity that uses such service, all as set forth in the applicable Service Order (“Demand Partner”, “you”) that was entered between the parties (each a “Party” and together the “Parties”).

The following documents are included in this MSA as appendixes and form an integral part hereof, which together with the Service Order, form the agreement between Demand Partner and Fyber with respect to the Service provided by Fyber to Demand Partner under and in accordance with the terms of the applicable Service Order (the “Agreement”):

  • The Data Protection Addendum (“DPA”) attached hereto as Appendix B.
  • The Local Addenda to this MSA attached hereto as Appendix C.
  • Any guidelines, including content policies and/or guidelines referenced hereto.

This MSA contains provisions that apply to ALL of Fyber’s services. However, the provisions in this MSA that apply to you are only those that relate to the Service(s) utilized by you under and in accordance with the terms of your Service Order with Fyber.

By using and/or accessing the service that is described in your Service Order with Fyber (“Service”), you hereby agree and accept the Agreement in full. We recommend that you print out or save a local copy of the Agreement for your records. Capitalized terms used but not defined elsewhere in the Agreement will have the meaning ascribed to them in Appendix A attached hereto.

If you do not accept this Agreement in its entirety, you may not access or use any Service. if you are an individual who consents to this Agreement on behalf of a business, you represent and warrant that you have the authority to bind that business to this Agreement and your consent to this Agreement will be treated as the consent of the business. In that event, “business”, “you” or “your” will refer and apply to that business. You also consent to the use of: (a) electronic means to consent to and complete this agreement and to provide you with any notices given pursuant to this Agreement; and (b) electronic records to store information related to this Agreement and your use of any Service.

From time to time we may change this MSA. Fyber will make reasonable commercial efforts to notify you of any updates to this MSA by making such updates available on the Fyber website and/or the respective Fyber dashboard. notwithstanding the foregoing, your continued use of any Service will be deemed acceptance to any amended or updated MSA.

1. General

1.1. Scope. Subject to the terms and conditions of the Agreement (including Demand Partner’s payment obligations under Section 5 below), Fyber will provide to Demand Partner the Service(s) described in the applicable Service Order.

1.2. Conflict resolution clause. In the event of a conflict between a provision of this MSA and a provision of the applicable Service Order, the provision of the Service Order shall prevail.

2. Registration & Set Up

2.1. Account Registration. Where applicable under the respective Service Order, in order to access the Service, Demand Partner shall be required to register for an Account. In registering an Account with Fyber, whether directly or via a third party’s dashboard provided on behalf of Fyber, Demand Partner shall: (i) provide accurate, truthful, current and complete information; (ii) maintain and promptly update its Account information; (iii) maintain the security of its Account by not sharing Account access data, including any log-ins and passwords, and restricting access to its Accounts and devices; (iv) promptly notify Fyber if it discovers or otherwise suspects any security breaches related to the Account, including if its Account information or access data has been compromised; and (v) take sole responsibility for all activities that occur under its Account and accept all risks of unauthorized access. In the event of a breach, Fyber reserves the right to close Demand Partner’s existing Account and require Demand Partner to create a new Account and agree to all then-current Fyber terms and policies in place.

2.2. Business Credit Score Check. At any time, prior to or after the commencement of the Service, Fyber may run a business credit score check on Demand Partner to ensure its financial stability. Further to the result of such check, Fyber will have the right to require Demand Partner to prepay Fyber for its usage of the Service or to suspend Demand Partner’s Account until such prepayment is made.

2.3. Login Data. Demand Partner agrees to keep access information, such as user names and other login data, passwords, and other information required in order to access the Service(s) and the Account, strictly confidential, and will not disclose such information to any Third Party without Fyber’s prior written (email suffices) approval or as otherwise agreed in the Agreement. Demand Partner must inform Fyber immediately upon becoming aware that any unauthorized Third Party has gained access to any such information or to Demand Partner’s technology, systems, equipment, and/or property. Fyber reserves the right at its sole discretion to either change the access information or to block any Account at Fyber’s own discretion and without prior notification. In such cases, Fyber will inform the Demand Partner without undue delay and will provide any such new access information upon request within a reasonable time.

3. Licenses and proprietary rights

3.1. License to use the Service. During the Term Fyber will provide Demand Partner with a limited, non-exclusive, royalty-free (except as may be set forth otherwise in the respective Service Order), non-transferable, non-sub-licensable, revocable license to (a) buy Ad Inventory of the App via the Service, (ii) serve and deliver, or enable Fyber to serve and deliver on Demand Partner’s behalf (as applicable to the specific Service), Ads on the App via the Service; and (b) access and use the Fyber dashboard, or third party’s dashboard provided by or on behalf of Fyber (as applicable for the specific Service), for the purpose of viewing Demand Partner’s activity/performance on/via the Service.

3.2. Demand Partner License to Fyber. During the Term Demand Partner hereby grants to Fyber and its Affiliates a non-exclusive, revocable, worldwide and royalty-free right and license to: (a) enable the serving of, performing, displaying, and distributing Demand Partner’s Ads (including any Content and Intellectual Property Rights therein) via the Service on Fyber’s publishers-customers’ Apps; and (b) use the Demand Partner Data for providing the Service, including without limitations to (i) make technical modifications (including resizing) as necessary to conform the Ads to Fyber’s technical specifications and requirements, (ii) address troubleshooting and improve the Service, and (iii) provide, reporting, analytics, and/or billing in connection with Demand Partner’s use of the Service.

3.3. Fyber will have no right to use, access, reproduce, display or distribute the Demand Partner Data, API, Tag or any other technology that is being used to integrate and connect Demand Partner with or to the Service and any related documentation for any other purpose. Demand Partner will not seek to impose any terms and conditions with respect to any such access or use by Fyber, other than as set forth in the Agreement. Any such terms and conditions imposed by Demand Partner will have no force or effect.

3.4. License limitation. Nothing contained in this Section 3 or otherwise in the Agreement shall transfer any right, title, or interest in or to any Service to Demand Partner. Except as expressly stated in Section 3.1 above, as between Fyber and Demand Partner: Fyber and its Affiliates retain all right, title, and interest in and to the Service and Demand Partner retains all rights and interest in and to the Demand Partner Data. Except as expressly permitted under this Agreement, either Party will not access, use, reproduce, reverse-engineer, modify, lend, distribute or otherwise make available or exploit the Services or Demand Partner Data, as applicable.

3.5. No Implied License. Except as expressly provided herein, nothing in this Agreement will be construed to confer any ownership interest, license, sale or other rights upon Demand Partner or Fyber (as applicable) by implication, estoppel or otherwise as to any Intellectual Property Rights of the other Party or any Third Party.

3.6. Open Source Software.

3.6.1. The Service may include open source software (“OSS”). To the extent so provided by the license that governs each OSS (“OSS License”), the applicable OSS is subject to its respective OSS License, not this Agreement. If, and solely to the extent, an OSS License requires that this Agreement effectively impose, or incorporate by reference, certain disclaimers, provisions, prohibitions or restrictions, then such disclaimers, provisions, prohibitions or restrictions shall be deemed to be imposed, or incorporated by reference into this Agreement, as required, and shall supersede any conflicting provision of this Agreement, solely with respect to the corresponding OSS which is governed by such OSS License. Fyber OSS attribution list is available at https://www.fyber.com/legal/opensource.

3.6.2. Notwithstanding anything in the Agreement to the contrary, Fyber does not make any representation or warranty with respect to any OSS or free software that may be included in or accompany the Service. Fyber hereby disclaims any and all liability to Demand Partner or any third party related to any such software that may be included in or accompany the Service.

4. Representations and Warranties

4.1. Mutual Representations and Warranties. Each Party represents and warrants that: (a) it has all requisite power and authority to execute and enter into the Agreement and perform its obligations therein and hereunder and that the Agreement is a valid and binding agreement by such Party; and (b) the execution of the Agreement, and its performance under it, will not constitute a breach or default of, or otherwise violate any agreement to which it is a party or violate any right of any third parties arising therefrom.

4.2. Demand Partner Representation and Warranties. Demand Partner represents and warrants that: (a) the Ads provided by it via the Service do not and will not infringe upon or violate any Intellectual Property Right, right of publicity, privacy right or are otherwise illegal; (b) its use of the Service and all Bid Responses provided by it will be in full compliant with this Agreement; (c) the Ads provided by Demand Partner will not contain Prohibited Content, violate applicable law, and/or otherwise fail to adhere to the Content Guidelines (available at www.fyber.com/legal/demand-content-guidelines) as updated by Fyber from time to time; and (d) Demand Partner’s performance under the Agreement will not violate any applicable law or regulation, including where applicable, but not limited to, the U.S. Children’s Online Privacy Protection Act of 1998 and its rules, as amended from time to time (“COPPA”), the General Data Protection Regulation (“GDPR”) and its rules, as amended from time to time, the California Consumer Privacy Act (“CCPA”) and its rules, as amended from time to time, Geral de Proteção de Dados (“LGPD”) and its rules, as amended from time to time, and any other data protection law that may enter into effect in the future, or cause Fyber to be in violation of any applicable law or any applicable terms of any mobile application store.

4.3. Fyber representation and warranty. Fyber represents and warrants that: (a) the Service shall, in all material aspects, operate as set out in its respective Service description set forth in the applicable Service Order; and (b) the Service shall be and is in compliance with any applicable laws and does not infringe any third-party Intellectual Property Rights.

5. Payment Terms

5.1. Payment. Unless otherwise specified in the applicable Service Order, Fyber will issue invoices to Demand Partner on a calendar-month basis, based upon the Ad Impressions count reported by Fyber or as otherwise agreed between the Parties in the Service Order. . The Invoice shall be produced at the end of the calendar month at GMT (UTC) time zone.

5.1.1. If Demand Partner Seat is in China, then with respect to the Fyber Direct Service only, the fee payable by Demand Partner to Fyber for such service shall be referred to as advertisement fee.

5.1.2. If Demand Partner Seat is in China, then with respect to the Fyber Marketplace Service only, the fee payable by Demand Partner to Fyber for such service shall be referred to as a service fee.

5.2. Payment Terms. Unless otherwise specified in the applicable Service Order, Demand Partner will pay to Fyber the amounts specified in the invoice provided by Fyber within thirty (30) days as of the end of the calendar month.

5.3. Dispute resolution. Unless otherwise specified in the applicable Service Order, if Demand Partner does not dispute Fyber’s invoice, by written notice, within thirty (30) days from receipt of the invoice, such invoice shall be deemed accepted by Demand Partner. The Parties shall cooperate in good faith to resolve any invoicing dispute prior to commencing any action in connection with such dispute hereunder. In addition, in the event such invoice dispute is based on Demand Partner challenging Fyber’s Tracking as a result of Fraud, Demand Partner will provide Fyber with sufficient evidence of such Fraud together with its notice of dispute.

5.4. Late payment. Any undisputed late payment shall bear interest at a monthly interest rate of 1.5% until payment date.

5.5. Currency. Unless otherwise specified in the applicable Service Order, all payments hereunder shall be made in US Dollars via wire transfer to Fyber’s bank account, as specified in the Service Order.

5.6. Fyber’s Tracking. Fyber’s tracking and reporting regarding Ad Impressions and other payable events (if applicable) under the Service Order shall constitute the basis to calculate the Ad Impressions or other payable events (as applicable) for the invoice issued by Fyber, if not otherwise agreed between the Parties in the Service Order. Demand Partner shall duly examine the invoice and the amounts due when provided by Fyber and shall notify Fyber, in writing (email suffices) and without undue delay (but in no event later than thirty (30) days upon receipt of the applicable invoice from Fyber) of any inaccuracy of the amounts due to Fyber that could be reasonably identified in such examination. If Demand Partner fails to notify Fyber of any such identifiable inaccuracy within such time – period, the invoice and the amounts due to Fyber shall be deemed correct regarding such identifiable inaccuracy. Demand Partner further agrees and acknowledges that the determinations of Fyber with respect its reporting and invoices are final where the difference between the evidence provided by Demand Partner and the Account data is less than ten percent (10%), which is considered a deviation in tracking customary in trade and therefore reasonably acceptable by both Parties. If the deviation is 10% or more, the Parties will negotiate in good faith to find an amiable solution prior to commencing any action hereunder. Alternatively, if the parties agree to use tracking information obtained by Demand Partner (or a third party acting on its behalf) (“Demand Partner Tracking”) in the Service Order, then Demand Partner shall make advertising tracking information available to Fyber no later than five (5) days after the end of the billing period (“Demand Partner Report”). Fyber reserves the right to challenge the accuracy of a Demand Partner Report within thirty (30) calendar days of its receipt or of the time in which Fyber becomes aware of the inaccuracy, whichever occurs later.

5.7. Taxes and Expenses. Unless expressly provided hereunder, each Party will bear its costs and expenses incurred by such Party in connection with the performance of its obligations under this Agreement. In addition, each Party shall bear its own taxes under applicable law. If the Fyber Service is subject to value-added tax (“VAT”) in the meaning of the European VAT Directive or to any other similar non-European tax under the applicable tax jurisdiction, VAT in the amount applicable under statutory law at the time of payment shall be added and paid on the agreed fees by the Demand Partner, provided that Fyber is the tax debtor of such VAT amounts.

5.8. Audit. Fyber and its accountants, representatives and agents shall have the right to inspect, examine, audit and verify Demand Partner’s records related to the use of the Service to determine the accuracy of the Demand Partner payment obligations under the Agreement and any amounts due to Fyber hereunder. Demand Partner shall actively cooperate in all such reviews, audits or inspections. Fyber shall pay the cost of any audit it performs; provided, however, that if an audit reveals that Demand Partner has underpaid Fyber by more than ten percent (10%), Demand Partner shall pay for the reasonable cost of the audit.

5.9. While Fyber is under no obligation to do so, without limiting any other terms of this Agreement, Fyber reserves the right to remove any Ad’s content, and suspend Demand Partner access to the Service, without notice, in the event that any Ad that Fyber has reasonable basis to suspect is in violation of this Agreement.

6. Modification of Service

The Service, by its nature, may be updated and developed continuously over time. Fyber may modify the Service without prior notice but only with effect for the future (i.e., not retroactively) and provided that the modification is reasonable for the Demand Partner considering its interests. A modification is reasonable for the Demand Partner if it is necessary to adapt the Services to changed circumstances regarding technological developments, market requirements, and any changes of applicable law, and in case of any new features, functions, or services added to the Services. Accordingly, Demand Partner’s right to use the Services under this Agreement is limited to the then-current version of the Services. If a modification of a Service is not reasonably acceptable for Demand Partner, Demand Partner has the right to terminate the Agreement with respect to such Service effective immediately upon notice. Demand Partner shall have no other claims against Fyber due to changes in and to the Services.

7. Disclaimers; Limitation of Liability

7.1. Service Disclaimer. Fyber provides the Service, the Fyber dashboard, Ad Inventory and/or App’s content “as is” and “as available” without representations and warranties of any kind, express or implied, including, without limitation, implied warranties of merchantability, title and non-infringement, fitness for a particular purpose, reasonable care and skill or any warranties arising out of a course of dealing or course of performance. Without limiting the foregoing, Fyber does not warrant that Demand Partner’s use of the Service and/or any Fyber dashboard will be uninterrupted, error-free, or virus-free, nor does Fyber make any warranty as to any results that may be obtained by use of the Service and/or any Fyber dashboard. Further, Demand Partner acknowledges that Ad Inventory is provided by Supply Partners and that Fyber does not endorse nor make any representation or warranty regarding the accuracy, truth, quality, availability, suitability or reliability of any promise, claim or statement contained in any Ad Inventory and/or Bid Request (as applicable) or App that is available via the Service. Fyber is not responsible for any errors, omissions, or inaccuracies contained in any Ad Inventory and/or Bid Request (as applicable) or in any App that is offering such Ad Inventory for sale. Demand Partner acknowledges that it has received no assurances from Fyber that it will receive or earn any particular value or amount of money by using the Service or that it will recoup any expenditure made in fulfillment of its obligations under this Agreement. Fyber is under no obligation to monitor Supply Partners compliance, and Demand Partner shall have no claim against Fyber for any Supply Partner’s breach of, any terms and conditions or anti-fraud rules applicable to a Supply Partner. Fyber makes no warranty and/or assurances in respect of Users’ response to the Ads. Fyber does not provides any warranty or guarantee that Ads will be displayed in a quantity, manner or reach performance satisfactory to Demand Partner.

7.2. Limitation of Liability. Except for breach of confidentiality, willful misconduct, and/or gross negligence, to the maximum extent permitted by applicable law, neither Party will be liable for indirect, special, incidental, punitive, or consequential damages arising out of or related to this agreement, however caused, and under whatever cause of action or theory of liability, even if a Party has been advised of the possibility of such damages. Except in connection with Demand Partner’s obligation to pay Fyber in accordance with the terms of the applicable Service Order, for all claims related to this Agreement neither Party’s total aggregate liability shall exceed the amount of ten thousand us dollars (US$10,000). Notwithstanding the foregoing, nothing in this agreement shall limit the liability for breaches of each party’s obligations under sections 8, 9, and Appendix B.

8. Indemnification

8.1. By Demand Partner. Demand Partner (for purposes of this Section 8.1, the “Indemnifying Party”), shall indemnify, defend and hold harmless Fyber, and its directors, officers and employees, and its Affiliates and suppliers and their directors, officers and employees (collectively, the “Fyber Indemnified Parties”) against any liability, damage, loss or expense, fines, penalties and interests (including reasonable attorneys’ fees and costs) incurred by the Fyber Indemnified Parties as a result of any third-party claim, suit or other proceeding (collectively, “Claims”) brought or made against any of the Fyber Indemnified Parties alleging (a) that any Ad provided by or through Demand Partner to the Service infringes any Intellectual Property Right of any third party or is otherwise illegal; and/or (b) a breach by Demand Partner of any of its representations or warranties under Section 4 of this MSA.

8.2. By Fyber. Fyber (for the purpose of this Section 8.2 the “Indemnifying Party”), shall indemnify, defend and hold harmless Demand Partner, and its directors, officers and employees, and its Affiliates and their directors, officers and employees (collectively, the “Demand Partner Indemnified Parties” and together with the Fyber Indemnified Parties, each shall be referred to hereunder as an “Indemnified Party”) against any liability, damage, loss or expense, fines, penalties and interests (including reasonable attorneys’ fees and costs) incurred by the Demand Partner Indemnified Parties as a result of any Claims alleging (a) that the Service as provided by Fyber to Demand Partner under the Agreement infringes any Intellectual Property Right of any third party or is otherwise illegal; and/or (b) a breach by Fyber of any of its representations or warranties under Section 4 of this MSA. In the event of any such threatened or actual Claim, in addition to its indemnification obligations herein, Fyber will have the right, in its discretion, to either (i) replace or modify the infringing or allegedly infringing components of the Service, or (ii) immediately terminate this Agreement upon written notice to Demand Partner.

8.3. Indemnification Process: The Indemnified Party shall: (a) give the Indemnifying Party prompt written notice of the relevant Claim; (b) provide the Indemnifying Party, at the Indemnifying Party’s expense, with reasonable information, assistance and cooperation in the defense of such Claim; and (c) give the Indemnifying Party the right to control the defense and settlement of any such Claim, except that the Indemnifying Party will not enter into any settlement that affects the Indemnified Party’s rights or interest without the Indemnified Party’s prior written approval, which shall not be unreasonably withheld or delayed, and provided further that the Indemnified Party shall not be required to allow the Indemnifying Party to assume the control of the defense of a Claim to the extent that the Indemnified Party determines (i) any relief other than monetary damages is sought against the Indemnified Party, (ii) there may be a conflict of interest between the Indemnifying Party and Indemnified Party in the conduct of the defense, or (iii) settlement of, or an adverse judgment with respect to, such claim could reasonably be expected to establish a precedential custom or practice materially adverse to the continuing business interests of the Indemnified Party, and in such events the costs of defense will be considered “Claims” as defined above. The Indemnified Party will have the right to participate in the defense of such Claim with counsel of its choice at its own expense.

9. Confidentiality

9.1. Confidentiality. Except as provided herein, neither Party shall disclose Confidential Information of the other Party, including, but not limited, to the terms or conditions of the Agreement (which shall be deemed the Confidential Information of each Party), to any Third Party, except as permitted by the Agreement. Notwithstanding anything to the contrary stated in the Agreement, Fyber may communicate the general nature of the Agreement and identify or announce Demand Partner as a customer of Fyber to Third Parties by name and logo, including in communications to existing and potential customers.

9.2. Handling Confidential Information. The receiving Party of any Confidential Information from the disclosing Party will use the same degree of care to protect the disclosing Party’s Confidential Information as it uses for its own Confidential Information of similar nature, but in no event less than a reasonable degree of care, and will use such Confidential Information only for the purpose of exercising its rights or fulfilling its obligations under this Agreement. The receiving Party will promptly return or destroy the disclosing Party’s Confidential Information upon request of the disclosing Party or upon termination of this Agreement (whichever occurs earlier), provided that the receiving Party shall have the right to retain a copy of the Confidential Information if and to the extent required (i) by applicable mandatory law for the required record retention period, or (ii) for the enforcement of any claims against the other Party that may arise under this Agreement until such claims become time-barred. In this event, the receiving Party shall return, destroy, or delete (as applicable) such copy upon the expiration of the applicable record retention or limitation period. Except as otherwise provided for in the Agreement, the receiving Party shall not disclose any Confidential Information to any person or entity other than to its employees, professional advisors and auditors and its Affiliates and their employees, professional advisors and auditors who have a strict business need to access such Confidential Information and who are bound by non-disclosure obligations as restrictive as the confidentiality obligations in the Agreement regarding the protection, use, and confidentiality of such Confidential Information.

9.3. Confidentiality Exception. Notwithstanding the obligations set forth in Section 9.1, each Party may disclose the other Party’s Confidential Information to the extent that such disclosure is required pursuant to a duly authorized subpoena, court order, or government authority order, provided that the receiving Party shall (where reasonably practicable and without breaching statutory or regulatory requirements) provide prompt written notice to the disclosing Party prior to such disclosure, so that the disclosing Party may seek a protective order or other appropriate remedy.

9.4. Injunctive Relief. The Parties acknowledge that any breach of a Party’s obligations arising under this Section 9 may give rise to irreparable harm to the other Party and that such breach may be inadequately compensable in monetary compensation. Accordingly, either Party may seek and obtain injunctive relief or other equitable remedies against such breach or threatened breach, in addition to any other legal remedies that may be available. The Parties acknowledge and agree that the covenants contained herein are necessary for the protection of legitimate business interests of the owners of the Confidential Information and are reasonable in scope and content.

10. Term & Termination

10.1. Term. The Agreement will enter into effect either upon (i) Fyber accepting Demand Partner’s Account registration, where applicable (whereby such registration includes the acceptance of the Agreement by Demand Partner; or (ii) the signing of a Service Order between the Parties, which shall incorporate this MSA (the “Effective Date”). The Agreement shall continue in force thereafter, until terminated as provided herein (the “Term”).

10.2. Termination for Convenience. Unless otherwise agreed in the applicable Service Order, either Party may terminate the Agreement at any time for any reason and without liability upon thirty (30) days prior written notice of termination (email shall suffice) to the other Party.

10.3. Termination for Cause. Fyber may suspend Demand Partner’s access to and use of all or any part of the Service immediately, with or without notice, if Fyber believes in good faith that Demand Partner materially breached any part of this Agreement. Fyber may terminate this Agreement (a) for any curable breach, if Demand Partner fails to cure such breach within five (5) business days after receiving written (email sufficing) notice of such breach; and (b) for any incurable breach, immediately upon written (email sufficing) notice to Demand Partner. Demand Partner may terminate the Agreement for cause with immediate effect upon written notice to Fyber if Fyber is in breach of one of its material obligations under the Agreement, provided that Fyber has not cured such breach within five (5) business days after receipt of a written (email suffices) notice of the breach from Demand Partner.

10.4. Effect of Termination. Upon termination of this Agreement, all rights and licenses granted to Demand Partner under the Agreement shall immediately terminate, and Demand Partner will promptly pay to Fyber any amounts due under the Agreement. Demand Partner shall discontinue all access to and use of the Service and shall have no rights in or to any Account data, which shall, as between Demand Partner and Fyber, be the exclusive property of Fyber and must be deleted by Demand Partner after settling any open amounts payable to Fyber. Termination of the Agreement will not release the Parties of any obligation accruing prior to such termination or amounts due to Fyber for Ads delivered up to the termination date in accordance with the terms of any applicable Service Order.

10.5. Surviving Provisions. The rights and duties of the Parties under Sections 3.6, 5.2, 5.3, 7- 9, 10.4, 10.5, 11 and all Appendixes of this MSA will survive the termination of the Agreement.

11. Miscellaneous

11.1. Entire Agreement; Amendment; Severability. The Agreement supersedes all previous agreements between the Parties relating to the subject matter hereof. No provision of the Agreement will be deemed amended by either Party, unless such amendment or modification is made in writing and signed by both Parties. If any provision of the Agreement is found by a competent authority to be unenforceable or invalid under the applicable law, the enforceability and validity of the remaining provisions will not be affected. Such provision will be interpreted and enforced to best accomplish the objectives of the Parties within the limits of applicable law, including applicable court decisions.

11.2. No Waiver. Fyber’s failure to act with respect to a breach by Demand Partner does not waive Fyber’s right to act with respect to that breach or subsequent or similar breaches. No consent or waiver by Fyber under the Agreement shall be deemed effective unless delivered in writing and signed by a duly appointed representative of Fyber.

11.3. Counterparts. This Agreement may be executed in any number of counterparts, each of which will be deemed an original and all of which taken together will constitute one signed agreement between the Parties. Signatures may be transmitted by facsimile or electronic mail in PDF or another similar format and will be deemed original.

11.4. Assignment. Demand Partner will not assign or otherwise transfer this Agreement or any right or interest thereunder to any Third Party without the prior written consent of Fyber, except if such assignment occurs (a) pursuant to a merger, sale or transfer of all or substantially all its assets or capital stock; or (b) to any successor or assignee of all or substantially all its business. Subject to the foregoing terms and restriction on assignments, the Agreement will be fully binding upon, inure to the benefit of, and be enforceable by, the Parties and their respective successors and assigns. Except as permitted by the foregoing, any attempted assignment, delegation or other transfer will be null, void and of no effect. Notwithstanding anything in this section to the contrary, Fyber may assign or otherwise transfer this Agreement without consent.

11.5. Force Majeure. Neither Party will be liable to the other Party for failure or delay in performing its obligations due to causes beyond its reasonable control, including without limitation acts of God, terrorism, war, riots, fire, earthquake, flood or degradation or failure of third-party networks or communications infrastructure.

11.6. Marketing. Demand Partner agrees that Fyber may identify Demand Partner, including by using Demand Partner’s name(s) and logo(s), as a customer of Fyber, including in Fyber’s website(s), newsletters, case studies, emails or promotional posts in social media; in the event that Demand Partner wishes to be excluded from a specific promotion/publication of Fyber, Demand Partner may notify Fyber in writing and Fyber will cease using Demand Partner’s name(s) and logo(s) in such publication, on a going-forward basis, provided that Fyber will not be required to cease such use in any printed material that has already been printed or ordered. Unless otherwise agreed by the Parties, Demand Partner will not be entitled to any compensation as a result of any such publication.

11.7. Arbitration. The Parties agree to arbitrate any dispute arising out of or relating to this Agreement or any Service, except that the arbitration provision does not prevent a Party from seeking equitable relief relating to unlawful use of Intellectual Property Rights from a court of competent jurisdiction. THE PARTIES AGREE THAT THIS ARBITRATION PROVISION PREVENTS SUITS IN COURT OR A JURY TRIAL. Fyber and Demand Partner agree: (a) to notify each other, in writing, of any dispute within thirty (30) days of when it arises; (b) to attempt informal resolution prior to any demand for arbitration; (c) that any arbitration will occur in New York County, New York State, USA; and (d) that arbitration will be conducted confidentially by a single arbitrator in accordance with the Rules of JAMS. The state or federal courts in New York County, New York State, have exclusive jurisdiction over any appeals of an arbitration award. Other than with respect to class procedures and remedies as discussed below, the arbitrator has the authority to grant any remedy that would otherwise be available in court. Any dispute between the Parties will be governed by this Agreement and the laws of the State of New York and applicable United States law, without giving effect to any conflict of laws principles that may provide for the application of the law of another jurisdiction. WHETHER THE DISPUTE IS HEARD IN ARBITRATION OR IN COURT, THE PARTIES WILL NOT COMMENCE AGAINST THE OTHER OR PARTICIPATE IN ANY CLASS ACTION, CLASS ARBITRATION OR OTHER REPRESENTATIVE ACTION OR PROCEEDING.

11.8. Governing Law and Jurisdiction; Local Addenda. Unless otherwise stated in Sections 11.8.1 to 11.8.3 or otherwise agreed to by the Parties, this Agreement is governed by the laws of the State of New York, USA, excluding its conflict of laws principles, and the laws of the United States (including the Federal Arbitration Act). To the extent the arbitration provision in Section 11.7 does not apply, Demand Partner and Fyber agree that the courts located in New York County, New York State, USA shall have exclusive jurisdiction over any dispute between the Parties arising out of or relating to this Agreement, and the Parties hereby consent to the personal jurisdiction and venue of these courts.

11.8.1. Germany. If Demand Partner has its Seat in the Federal Republic of Germany, the following shall apply:

(a) The Agreement and any non-contractual obligations arising out of or in connection with it shall be governed by, and construed in accordance with, the laws of the Federal Republic of Germany, without regards to their conflict of laws rules. To the extent the arbitration provision in Section 11.7 does not apply, Demand Partner and Fyber agree that the courts located in Berlin, Germany shall have exclusive jurisdiction over any dispute between the Parties arising out of or relating to the Agreement, or any non-contractual obligations arising out of or in connection with it, and the Parties hereby consent to the personal jurisdiction and venue of these courts.

(b) The terms and conditions of the Local Addendum to the Master Service Agreement for Demand Partners – Germany in Appendix C shall be effective as an integral part of the Agreement and shall replace and supersede any conflicting provisions, except for conflicting terms individually agreed upon between the Parties in the applicable Service Order, which shall take precedence over the terms thereof.

11.8.2. Europe. If Demand Partner has its Seat in the European Economic Area (other than the Federal Republic of Germany) or otherwise within Europe (including Armenia, Cyprus, Greenland, and the entire territory of Azerbaijan, Georgia, Kazakhstan, Russia, and Turkey), the following shall apply:

(a) The Agreement and any non-contractual obligations arising out of or in connection with it shall be governed by, and construed in accordance with, the laws of England and Wales, without regards to its conflict of laws rules. To the extent the arbitration provision in Section 11.7 does not apply, Demand Partner and Fyber agree that the courts in England shall have exclusive jurisdiction over any dispute between the Parties arising out of or relating to the Agreement, or any non-contractual obligations arising out of or in connection with it, and the Parties hereby consent to the personal jurisdiction and venue of these courts.

(b) The terms and conditions of the Local Addendum to the Master Service Agreement for Demand Partners – Europe in Appendix C shall be effective as an integral part of the Agreement and shall replace and supersede any conflicting provisions, except for conflicting terms individually agreed upon between the Parties in the applicable Service Order, which shall take precedence over the terms thereof.

11.8.3. Asia. If Demand Partner has its Seat in Mainland China, Hong Kong, Macau, Taiwan, Indonesia or Singapore the following shall apply:

(a) The Agreement and any non-contractual obligations arising out of or in connection with it shall be governed by, and construed in accordance with, State of New York, USA, excluding its conflict of laws principles, and the laws of the United States (including the Federal Arbitration Act).

(b) The terms and conditions of the Local Addendum to the Master Service Agreement for Demand Partners – Asia in Appendix C shall be effective as an integral part of the Agreement and shall replace and supersede any conflicting provisions, except for conflicting terms individually agreed upon between the Parties in the applicable Service Order, which shall take precedence over the terms thereof.

11.9. Independent Contractors. The Parties hereto are and shall remain independent contractors, and nothing herein shall be deemed to create any agency, partnership or joint-venture relationship between the Parties. Neither Party shall be deemed to be an employee or legal representative of the other, nor shall either Party have any right or authority to create any obligation on behalf of the other Party.

11.10. Third-Party Beneficiaries. It is not the intention of this Agreement to create any Third-Party beneficiary rights in any Third-Party individual or entity that is not a party to this Agreement and no such rights will be deemed to have been created.

11.11. Notice. Unless otherwise agreed herein, notices must be in writing and will be deemed given when (a) delivered personally, (b) delivered by recognized overnight courier (established by written verification of personal, certified or registered delivery from a courier or the postal service), (c) sent by fax (established by a transmission report), or (d) sent by email to the recipient at the most up-to-date email address provided by the other Party, provided that (i) the sending Party can confirm that the email was apparently sent successfully according to its ordinary technical records and that the Party did not receive an error notice and (ii) the email includes in the subject line “LEGAL NOTICE”. If sent by email from Demand Partner to Fyber, the following address must be copied: [email protected]. Notices to a Party shall be sent to the postal and electronic mail addresses set forth in this Agreement, or such different address as a Party may designate in writing to the other Party during the Term from time to time.

Appendix A

Definitions

“Ad” means promotional content and creatives, including text, graphics, video or rich media provided by Demand Partner to Fyber or to the Service for placement on the Ad Inventory via the Service, and any landing page of such promotional content and creatives.

“Account” means an online, password-protected account provided by Fyber, or third-party on behalf of Fyber, allowing Demand Partner to access and use the Service in accordance with the terms of the Agreement.

“Ad Impression” means when an Ad is fetched from its source and is countable.

“Ad Inventory” means the Ad space(s) made available via the Service for sale by a Supply Partner on its App for the placement of Ads.

“Affiliates” means, with respect to a Party, all entities which, directly or indirectly, control, are being controlled by, or are under common control with such Party.

“API” means application programming interface that specifies patterns of interaction between certain software components.

“App” (previously referred as “Property”) means any mobile application owned, controlled and/or developed by a Supply Partner.

“Bid” or “Bid Response” means all data transmitted by Demand Partner to Fyber via the Service in response to a Bid Request, including the price offer for a specific Ad Impression, the Ad creative, identity and category of Advertiser, identity and category of Demand Partner, and any websites, app, or other endpoint linked to or made available via the Ad excluding any Bid Request Data and/or any Personal Information of a User.

“Bid Request” means an electronic request or notification of the availability of Ad Inventory, sent to Demand Partner or made available to it through the Service including information about the App and its Users.

“Confidential Information” means any proprietary, confidential and/or trade secret information of disclosing Party and/or its Affiliates and/or others possessed by disclosing Party, whether furnished before or after the Effective Date of any Service Order entered by and between Fyber and Demand Partner, regardless of the way it is furnished. Such information includes, without limitation, the following: (a) any information, artwork, designs, ideas, concepts, know-how, data, products, services, processes, techniques, drawings, programs, code, inventions, computer program, formulae or test data, work in progress, engineering, manufacturing, marketing, financial, sales, suppliers, customers, investors and/or business information, whether in oral, written, graphic, or electronic form; (b) any document, diagram, drawing, computer program and/or code or other communication; and/or (c) the conditions of the Agreement. Any information disclosed by the disclosing Party whether it is conspicuously marked “confidential”, is known or if it should have been reasonably known by the receiving Party to be confidential in nature, shall be considered as Confidential Information. For purposes of this Agreement, Confidential Information shall not include any information that: (a) is, or subsequently becomes, publicly available without receiving Party’s breach of any obligation owed to disclosing Party; (b) became known to receiving Party prior to disclosing Party’s disclosure of such information to receiving Party; (c) became known to receiving Party from a source other than disclosing Party by means other than by a breach of an obligation of confidentiality owed to disclosing Party; or (d) is independently developed by receiving Party without the use of any of disclosing Party’s Confidential Information. If a portion or aspect of the Confidential Information becomes subject to any of the foregoing exceptions, all other portions or aspects of such information shall remain subject to all the provisions of this Agreement.

“Demand Partner Data” means all data owned by Demand Partner that was provided and/or transmitted via the Service, including without limitations, data that is collected by Demand Partner independently of Fyber following the delivery of an Ad by Demand Partner, excluding personal identifiable information/personal data and the Bid Request.

“Fraud” includes, among others and without limitations, (a) any action taken by any person that is intended to inflate, either directly or indirectly, the payment due to a Supply Partner for a certain Ad Inventory; and/or (b) the generation of User activities by a mechanism not approved or acceptable by Fyber, including but not limited to (i) applying automatic redirecting of Users, blind text, or misleading links, forced and/or artificial clicks, bots, or any other automatic process or method that generates a User activity without a conscious and willful action of a User; (ii) creating fake impressions, clicks, views, or installs generated by a person, a robot, an automated program, or any equivalent or similar mechanism having an equivalent or similar effect; (iii) operation of or linking to Ad Inventory on the App that display no content for the sole purpose of generating User activities; (iv) implementation of 1×1 pixels to deliver invisible advertisement; or (v) impersonating or misappropriating the identity of a Supply Partner and/or any other Third Party.

“Fyber API” means Fyber’s application programming interface that specifies patterns of interaction between certain software components.

“Intellectual Property Rights” means any patent, copyright, neighboring right to copyright, including database right, right to trademarks, right to trade and business secrets, right to trade dresses, right to domain names, right to mask works, right to moral rights of authors of copyright protected works, right to publicity, right to privacy, and any other personal right, right of attribution, or integrity, or any other intellectual or industrial property right anywhere in the world, whether under statutory law, common law, or otherwise.

“Prohibited Content” means any content or other material that (a) violates any applicable law or regulation, including the criminal code, data protection, consumer law and children protection laws, or infringes any Third Party rights, including Intellectual Property Rights; (b) is obscene, sexually explicit or defamatory, or related to sex trafficking; (c) encourages violence or is threatening or harassing; (d) contains viruses, spyware, adware, pirated software, digital rights protection circumvention or hacking tools, spamming tools or any other harmful code or activity that could, in an impermissible manner, access or use, impair or injure any data, devices, computer systems, or software; (e) is false, misleading or deceptive; (f) includes references to gambling, alcohol, tobacco, drugs, or firearms, including without limitation ammunitions, fireworks and explosives; (g) endorses or encourages violence, hatred, revenge, racism, sexism, victimization, or discrimination of any kind; (h) results in consumer fraud, product liability, or breach of contract to which Demand Partner is a party, or causes injury to any Third Party; or (i) promotes any products and services that fall within any of the foregoing categories (a) to (h), or promotes any company, organization, person or brand that engages in or is associated with any of the conduct described in the foregoing categories (a) to (h).

“Seat” means the address provided for Demand Partner in the applicable Service Order. If no address is provided in the applicable Service Order then the Seat will be deemed to be in New York City, New York, USA, for the purposes of this agreement.

“Supply Partners” means Third Parties that have entered into a contract with Fyber to sell their App’s Ad Inventory via the Service to certain demand partners of Fyber and to enable Fyber to serve Ads, on behalf of such demand partners on their App. Such Supply Partners may be publishers, ad networks or supply side platforms (SSPs).

“Third Party” means any natural person or legal entity other than a Party or authorized agent of a Party.

“User” means a human end-user accessing an App.

 

Appendix B

Fyber Global Data Protection Addendum for Demand Partners

This Data Protection Addendum (“Addendum”) supplements, supersedes, and forms part of any existing and currently valid agreement (“Agreement“), either previously or concurrently, entered by and between Fyber Media GmbH and/or Fyber Monetization Ltd. (as applicable) (each, “Fyber“) and the company or business that has been using the Service provided by Fyber (“Demand Partner”) under the applicable Agreement. Each party to this Addendum will also be referred to as a “Party” and together – the “Parties”. This Addendum reflects the Parties’ agreement on the Processing of Personal Data in connection with the Service. This Addendum takes effect as of the Effective Date of the Agreement entered between Demand Partner and Fyber. In case of any conflict between a provision of this Addendum and the Agreement, or any previous data protection agreement entered between the Parties, the provisions of this Addendum will prevail. Capitalized terms used herein and not defined herein will have the meaning set forth in the Agreement, or under applicable Data Protection Laws.

Fyber’s provision of the Service to Demand Partner entails the transmission of data retrieved, sent, and received by and from Fyber’s Publishers and depending on the type of service, by and from Demand Partners as well. Certain transmitted data may constitute Personal Data.

A description of Fyber’s Services and the dataflow within each Service is available at: https://www.fyber.com/wp-content/uploads/2019/08/Explanatory-Notes-to-Fyber-Demand-Partners-CCPA-Addendum-FINAL.pdf (“Services’ Data Flow”).

1.          Definitions

1.1.    “Affiliates” means with respect to a party, all entities which, directly or indirectly, control, are being controlled by, or are under common control with such party.

1.2.    “Controller” means the entity which determines the purposes and means of the Processing of Personal Data and including similar terms under Data Protection Laws. In the context of this Addendum the term means Publishers.

1.3.    “Data Protection Laws” mean all laws and regulations worldwide, which apply to the respective Party’s Processing of Personal Data under the Agreement and this Addendum.

1.4.    “Data Subject” means an identified or identifiable natural person, a household consisting of natural persons, or a device associated with a natural person, to whom the Personal Data relates, including any similar terms under applicable Data Protection Laws.

1.5.    “Demand Partner Data Subjects” – mean Data Subjects who engage directly with Demand Partner as Controller.

1.6.    “Demand Partner’s Personal Data” – mean Personal Data related to Demand Partner’s Data Subjects.

1.7.    “Personal Data” means any information where such information is protected under Data Protection Laws and including any similar terms under Data Protection Laws.

1.8.    “Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed and including any similar terms under Data Protection Laws.

1.9.    “Personal Data Transfer” means: (i) transfer of Personal Data from Demand Partner to Fyber, and from Fyber to Demand Partner; or (ii) an onward transfer of Personal Data by a Party to a Sub-Processor, in each case, where such transfer outside of the jurisdiction of a transferring Party would be regulated by Data Protection Laws including through (a) an Adequacy Decision, (b) Statutory Data Transfer Agreements, or (c) in accordance with the terms of other applicable lawful data transfer measures or derogations.

1.10.  “Personnel” means persons authorized by a Party to Process Personal Data.

1.11.  “Process” or “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, and including the terms “using”, “collecting” and any similar terms under Data Protection Laws.

1.12.  “Processor” means the entity which Processes Personal Data on behalf of the Controller and including similar terms under Data Protection Laws. Fyber is the Processor of the Publishers who are responsible for the accuracy, quality, and legality of the Personal Data, and for the means by which they acquired such Personal Data.

1.13.  “Publishers” mean Fyber’s supply-side customers (e.g., mobile application developers, owners, distributors).

1.14.  “Publishers’ Data Subjects” – mean Data Subjects who interact with Publishers’ mobile application(s).

1.15.  “Publishers’ Personal Data” – mean Personal Data related to Publishers’ Data Subjects.

1.16.  “Statutory Data Transfer Agreement” means statutory provisions enacted pursuant to Data Protection Laws, which establish binding terms for cross-border transfer of Personal Data from one jurisdiction to another, including where applicable under Data Protection Laws, through access to Personal Data from the non-transferring territory, which can be executed between the transferring and the recipient parties to facilitate the lawful cross-border transfer of Personal Data.

1.17.  “Sub-Processor” means any third party, including an Affiliate of a Party, appointed by or on behalf of a Party to undertake Processing in connection with the Agreement.

1.18.  “Supervising Authority” means an independent public authority which is established in a jurisdiction under Data Protection Laws with competence in matters pertaining to the protection of Personal Data.

  1. Processing of Demand Partner’s Personal Data by Fyber

2.1.    As described in the Services’ Data Flow, where Fyber provides Demand Partner with the Offer Wall Edge service (“OFW”), Fyber Processes Demand Partner’s Personal Data as a Processor.

2.2.    Whenever Fyber Processes Demand Partner’s Personal Data provided to it by Demand Partner through OFW, Fyber will: (i) ensure that its third-party service providers acting as its Processors that Fyber shares Demand Partner’s Personal Data with, will Process such data in accordance with Fyber’s obligations under this Addendum; (ii) be fully liable for performance of Fyber’s third-party service providers in connection with their Processing of Demand Partner’s Personal Data that was shared or transmitted to Fyber by Demand Partner as part of Demand Partner’s use of the OFW.

2.3.    If Fyber receives from Demand Partner any inquiries, correspondence, exercise of rights requests or complaints (“Demand Partner’s Correspondence”) originated from Demand Partner’s customers, Data Subjects or from any Supervising Authority or regulator, in relation to the Processing of Demand Partner’s Personal Data by Fyber, Fyber will promptly cooperate in good faith as necessary and reasonable to respond to such Demand Partner’s Correspondence.

2.4.    To the extent that Demand Partner operates as a Processor on behalf of its customers, Fyber acknowledges that Demand Partner is prohibited from: (i) selling Demand Partner’s Personal Data; and (ii) retaining, using, or disclosing Demand Partner’s Personal Data for any commercial purpose other than for the specific purpose of performing its services to its customers or outside of the direct business relationship between Demand Partner and its customers, unless permitted under applicable laws.

  1. Processing of Publishers’ Personal Data by Demand Partner

3.1.    For the purposes of this Addendum and the Agreement, the Parties agree and acknowledge that Demand Partner uses the Service on behalf of its advertisers-customers or on Demand Partner’s own behalf.

3.2.    Nothing in this Addendum will limit Demand Partner from Processing Personal Data that was shared or transmitted to it by Fyber subject to Demand Partner’s independent lawful ground to Process such data as a Controller. Otherwise, Demand Partner may Process Personal Data shared or transmitted to it by Fyber, including without limitation Publishers’ click data, as a Processor, only as necessary to purchase Inventory on mobile applications and deliver Ads to such mobile application’s users via the Service (together, the “Permitted Purpose”).

3.3.    Except as part of Demand Partner’s independent lawful ground to Process Personal Data transmitted to it by Fyber as part of the Service, or as necessary for the Permitted Purpose, any Processing of Personal Data by Demand Partner, its Affiliates, agents, vendors, customers, partners and/or other third party, is strictly prohibited.

3.4.    Demand Partner acknowledges that:

3.4.1.         Publishers share Publishers’ Personal Data with Fyber, Fyber collects and shares Publishers’ Personal Data with Demand Partners on behalf of Publishers in its capacity as a Processor of the Publishers.

3.4.2.         Demand Partner shares Demand Partner’s Personal Data with Fyber, strictly and as necessary to facilitate Fyber’s provision of the Service to Demand Partner, or to the extent applicable, to strictly and as necessary to facilitate Demand Partner’s provisions of Demand Partner’s services to Demand Partner’s advertisers’ customers and on their behalf.

3.5.    Whenever Demand Partner Process Publishers’ Personal Data, it will Process such data in accordance with Demand Partner’s obligations under this Addendum; (ii) not make any attempts and ensure that such third-party advertisers-customers and/or partners will not make any attempt to re-identify any data that was shared or transmitted by Fyber when provided with a signal by Fyber that indicates that the Publishers’ Data Subject declined consent under Data Protection Laws; (iii) be fully liable for the performance of its third-party advertisers-customers and/or partners in connection with their Processing such data that was shared or transmitted to Demand Partner by Fyber as part of Demand Partner’s use of the Service.

3.6.    If Demand Partner receives from Fyber any inquiries, correspondence, exercise of rights requests or complaints (“Fyber Correspondence”) originated from Publishers or from any competent authority or regulator, in relation to the Processing of Publishers’ Personal Data conducted by Demand Partner or any of its advertisers-customers or partners, Demand Partner will promptly cooperate in good faith as necessary and reasonable to respond to such Fyber Correspondence.

3.7.    Demand Partner acknowledges that Fyber, as a Processor on behalf of its Publishers, is prohibited from: (i) selling Publishers’ Personal Data; and (ii) retaining, using, or disclosing Publishers’ Personal Data for any commercial purpose other than for the specific purpose of performing the ad monetization services it provides to its Publishers or outside of the direct business relationship between Fyber and Publishers, unless permitted under applicable laws…

4.          Processing Personal Data

4.1.    Each Party will ensure that its access to Personal Data transmitted to it by the other Party is being Processed only by those Personnel who require such access to fulfill each Party’s obligations under the Agreement and this Addendum. Each Party will impose appropriate contractual obligations upon its Personnel engaged in the Processing of such data including relevant obligations regarding confidentiality, data protection and appropriate data security. Each Party will ensure that its Personnel engaged in the Processing of such data are informed of the confidential nature of such data, have received appropriate training of their responsibilities, and have executed written confidentiality agreements.

4.2.    The Parties acknowledge that Demand Partner pays Fyber, in accordance with the terms of the Agreement, for the ad inventory purchased by Demand Partner via the Service on Publishers’ mobile applications. Neither Party receives from the other Party any monetary or other valuable consideration for Processing Personal Data and/or for sharing Personal Data with the other Party.

4.3.    The nature of Processing by the Parties, categories of Data Subjects, types of Personal Data are indicated in Annex I to Exhibits A and B respectively, and serves as an integral part of this Addendum, whether Exhibits A and B apply in their entirety, or not.

4.4.    The Parties will respect Data Subjects’ choice not to be tracked for the purpose of targeted advertising and will not attempt to circumvent the Data Subject’s choice as presented through the operating system of the Data Subject’s device.

4.5.    Each Party engages and authorizes the other Party to engage Sub-Processors to perform certain Processing in connection with the Agreement. The lists of Sub-Processors of each Party are referred to from Annex III of Exhibits A and B respectively, and serve as an integral part of this Addendum, whether Exhibits A and B apply in their entirety, or not. Prior to an engagement with a Sub-Processor, each Party: (i) carries out reviews and requires or receives adequate assurances that the Sub-Processor complies with obligations substantially similar to the obligations as set out in this Addendum; and (ii) ensures that a Statutory Data Transfer Agreement or such other appropriate methods of Personal Data transfer are at all relevant times incorporated into the agreement executed between the Party and its Sub-Processor, if the engagement with the Sub-Processor involves a Personal Data Transfer. Each Party may object to the Processing of such Party’s Personal Data by a new Sub-Processor of the other Party, for reasonable and explained grounds, within five (5) business days following the other Party’s written notice to the objecting Party of the intended Processing of Personal Data by the new Sub-Processor. If the objecting Party timely sends the other Party a written objection notice, the Parties will make a good-faith effort to resolve the objection. In the absence of a resolution, the other Party will make commercially reasonable efforts to provide the objecting Party with the same level of service, without using the new Sub-Processor to Process the objecting Party’s Personal Data.

5.2.      PERSONAL DATA TRANSFER

4.6.    This Section 5 applies to Personal Data Transfers, as required by the Parties to perform their obligations under the Agreement, including the export of Personal Data by Demand Partner to Fyber and the export of Publishers’ Personal Data by Fyber to Demand Partner.

4.7.    As applicable under Data Protection Laws for the lawful transfer of Personal Data, if a Party imports Personal Data to, or accesses Personal Data from, a country that is not subject to an Adequacy Decision, and the Data Protection Laws mandate a Personal Data Transfer measure to facilitate the lawful Personal Data Transfer, Demand Partner and Fyber hereby agree that the applicable Statutory Data Transfer Agreement will apply in respect of any such Personal Data Transfer from one Party to another.

4.8.    Each Party agrees to execute the applicable Statutory Data Transfer Agreement upon request of the other Party and further agrees that absent of execution, the terms, and conditions of the Statutory Data Transfer Agreement, will in any event apply to any relevant Personal Data.

4.9.    Transfer of Personal Data which is governed by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data and repealing Directive 95/46/EC (“GDPR”) to a country outside of the European Economic Area and that is not subject to an Adequacy Decision (“Third Country”), is made in accordance with the EU Standard Contractual Clauses (“EU SCCs”), pursuant to EU Commission Decision C(2021)3972, in the module specified in Exhibit A, for Personal Data Transfer by Demand Partner to Fyber, and in Exhibit B, for  Personal Data Transfer from Fyber to Demand Partner, which are attached and incorporated by reference to this Addendum, or, as required, in accordance with any successor thereof or an alternative lawful data transfer mechanism, and each Demand Partner further acknowledges that Fyber engages Demand partner, under the first module of the EU SCCs, on behalf of its Publishers, including, without limitation, by designating the applicable Supervisory Authority therein on their behalf, for the purposes of facilitating the lawful transfer of Personal Data, as part of Fyber’s ad monetization services to its Publishers.

4.10.  In accordance with Article 46 of the GDPR and the EU SCCs, and without prejudice to any provisions of this Addendum, each Party undertakes the following additional safeguards to secure Personal Data transferred by it based on the EU SCCs to Third Countries:

4.10.1.      Each Party will implement and maintain technical and organizational measures, such as encryption, access controls, or similar technologies, as applicable, with a purpose to protect the transferred Personal Data against any processing for national security or other government purposes that goes beyond what is necessary and proportionate in a democratic society, considering the type of processing activities under the Agreement and relevant circumstances;

4.10.2.      For the purposes of safeguarding the transferred Personal Data when any government or regulatory authority requests access to such data, and unless required by a valid court order or if otherwise the Party that receives the request (“Requested Party”) may face criminal charges for failing to comply with orders or demands to disclose or otherwise provide access to the transferred Personal Data, or where the access is requested in the event of imminent threat to lives, the Requested Party will:

4.10.2.1.   not purposefully create back doors or similar programming that could be used to access the transferred Personal Data;

4.10.2.2.   not provide the source code or encryption keys to any government agency for the purpose of accessing the transferred Personal Data; and,

4.10.2.3.   upon the other Party’s written request, provide reasonable available information about the requests of access to Personal Data by government agencies that the Requested Party has received in the 6 months preceding to the other Party’s request.

4.10.3.      When a Requested Party receives a request by a government agency to access the transferred Personal Data, the Requested Party will notify the other Party of such request to enable the other Party to take necessary actions, to communicate directly with the relevant authority and to respond to such request. If the Requested Party is prohibited by law to notify the other Party of such request, the Requested Party will make reasonable efforts to challenge such prohibition through judicial action or other means, at the other Party’s expense, and, to the extent possible, will provide only the minimum amount of information necessary.

5.          Data Security

5.1.    Each Party Processing Personal Data transmitted to it by the other Party will maintain appropriate administrative, physical, organizational and technical safeguards aimed at maintaining an appropriate level of security, confidentiality and integrity of the Personal Data in accordance with official guidelines as provided by Supervising Authorities, good industry practice and Annex II of Exhibits A and B to this Addendum, as applicable to the Parties, which serves as an integral part of this Addendum, whether Exhibits A and B apply in their entirety, or not. 

5.2.    Each Party undertakes to regularly monitor compliance with these safeguards and will not materially decrease the overall security controls during the term of this Addendum.

5.3.    Each Party will not transfer Personal Data to third parties except under written contracts that guarantee at least a level of data protection and information security as provided herein and will assume responsibility for the acts and omissions of said third parties, in relation to the Processing of Personal Data.

6.          Personal Data Breach

Each Party Processing Personal Data transmitted to it by the other Party will maintain security incident management policies and procedures and will, notify the other Party of any actual or reasonably suspected Personal Data Breach without undue delay after becoming aware of such breach. To the extent that the Personal Data Breach occurred on the information systems of a Party, or on the information systems of any third party acting on such Party’s behalf, such Party will make all reasonable efforts to promptly identify and remediate the cause of the breach and will inform the other Party accordingly.

7.          Assistance

7.1.    Each Party when Processing Personal Data transmitted to it by the other Party will provide the other Party with all reasonably necessary assistance, in connection with any inquiries received from, or prior consultation with any Supervising Authority, exercise of such Party’s Data Subjects rights, and conducting impact assessments, as required under applicable Data Protection Laws.

7.2.    Demand Partner acknowledges and agrees that, except for the permitted purposes under the Data Protection Laws it will cease Processing Publisher’s Personal Data transmitted to it by Fyber via the Service and is related to an opted-out Publishers’ Data Subjects, whenever Demand Partner is aware of such opt-out signal.

7.3.    Fyber acknowledges and agrees that, except for the permitted purposes under the Data Protection Laws, upon Demand Partner’s transmission of an opt-out signal to Fyber, Fyber will cease any Processing of Demand Partner’s Personal Data related to the opted-out Demand Partner Data Subjects.

7.4.    For the purpose of establishing the opt-out flagging mechanism, the Parties will cooperate in good faith with each other to be able to receive such flags from each other.

7.5.    For the purpose of this Addendum, it is the sole responsibility and liability of the Party who is transmitting Personal Data to the other Party under this Addendum to decide if the out-out option in relation to such Personal Data is required, pursuant to applicable Data Protection Laws and to instruct the other Party accordingly.

8.          Audit

The Party Processing Personal Data that was transmitted to it by the other Party in connection with the Service will make available to the other Party all information reasonably necessary to demonstrate its compliance with this Addendum and will permit and contribute to any data audits reasonably required by the other party upon the other party’s prior written request and advanced notice, subject to appropriate confidentiality, operational and financial arrangements in relation to such audits.

9.          Retention and Destruction

9.1.    Except as part of Demand Partner’s independent lawful ground to Process Publishers’ Personal Data transmitted to it by Fyber as part of the Service, Demand Partner may retain such data for not more than 30 days and may save such data for a longer period for invoicing, reporting, discrepancy reasons and to prevent fraud, but in any case, for no longer than 90 days from receiving such data from Fyber. Notwithstanding the foregoing, upon Fyber’s written request, Demand Partner will return all such Personal Data and copies thereof to Fyber or will destroy all such Personal Data and certify in writing to the Fyber that it has done so.

9.2.    As required under applicable Data Protection Laws and without limiting the aforesaid, at the choice of a Party (the “Requesting Party”), the other Party (the “Responding Party”) will delete or return all Requesting Party’s Personal Data to the Requesting Party after the end of the provision of Services relating to Processing of the Requesting Party’s Personal Data and delete existing copies unless otherwise required or permitted under applicable Data Protection Laws.

10.        Term

This Addendum will commence upon the execution hereof and will continue until the later of: (i) the expiration or termination of the Agreement, pursuant to the terms therein, or (ii) as long as either Party has possession of Personal Data received by, from or through the Service. Either Party may terminate this Addendum, by a written notice to the other Party with immediate effect, if a Party breach any of the provisions under this Addendum. Such termination will not limit the terminating Party’s rights and remedies under the Agreement and the applicable law.

11.        Limitation of Liability

Each Party’s and all its Affiliates’ liability, taken together in the aggregate, arising out of or related to this Addendum, whether in contract, tort or under any other theory of liability, is subject to the ‘Limitation of Liability’ section of the Agreement, except that each Party’s limit on liability for breaching the Party’s obligations under this Addendum will be the amount charged by Fyber from the Demand Partner in the twelve (12) months preceding the occurrence of the breach. Any reference in such liability section under the Agreement to the liability of a Party means the aggregate liability of that Party and all of its Affiliates under the Agreement.

12.        Miscellaneous.

12.1.  To the extent that Processing relates to Personal Data originating from a jurisdiction or in a jurisdiction which has any mandatory requirements in addition to those in this Addendum, both Parties may agree to any additional measures required to ensure compliance with applicable Data Protection Laws and any such additional measures agreed to by the parties will be documented in a duly executed written addendum or amendment to this Addendum.

12.2.  Any alteration or modification of this Addendum is not valid unless made in writing and executed by duly authorized Personnel of both Parties.

12.3.  Invalidation of one or more of the provisions under Addendum will not affect the remaining provisions. Invalid provisions will be replaced to the extent possible by those valid provisions which achieve essentially the same objectives.

12.4.  Each Party acknowledges that the other party and/or its Affiliates may disclose this Addendum and any relevant privacy provisions in the Agreement to any Supervising Authority to the extent required under the applicable law. Such disclosure will not constitute a breach of such Party’s confidentiality obligation under the Agreement.

IN WITNESS WHEREOF, the Parties have executed this Addendum with their respective signatures:

Fyber Monetization Ltd. Demand Partner
By: By:
Name: Name:
Title: Title:
Date: Date:

 

 

Fyber Media GmbH
By:
Name:
Title:
Date:

 

 

 

EXHIBIT A

STANDARD CONTRACTUAL CLAUSES

FOR PERSONAL DATA TRANSFERS FROM DEMAND PARTNER TO FYBER

 

ANNEX to the COMMISSION IMPLEMENTING DECISION on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council:

 

☐ MODULE ONE: Transfer controller to controller

✓ MODULE TWO: Transfer controller to processor

☐ MODULE THREE: Transfer processor to processor

☐ MODULE FOUR: Transfer processor to controller

 

https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN

 

ANNEX I

PROCESSING OF DEMAND PARTNER’S PERSONAL DATA BY FYBER

 

  1. LIST OF PARTIES

 

Data exporter(s): Demand Partner’s information as stated in the Agreement.

 

Data importer(s):

 

Entity’s full legal Name: Fyber Monetization Ltd. for the Fyber Marketplace and Fyber FairBid or Fyber Media GmbH for Offer Wall (each, the “Service”).

Address: Fyber Monetization Ltd: 4 Hapsagot Street, Petah Tikva 4951447 | Israel, Fyber GmbH: Wallstraße 9-13 10179 Berlin | Germany

Contact person’s name & title: Fyber’s legal team, email: [email protected].

Activities relevant to the data transferred under these Clauses: ad targeting, ad monetization, optimization, reporting, fraud detection, billing.

Role (controller/processor): Processor

Data Protection Officer name: Michael Panienka, email: [email protected]

  1. DESCRIPTION OF TRANSFER

 

Categories of data subjects whose personal data is transferred: Mobile application users

 

Categories of personal data transferred by Demand Partner: IP Address and advertising ID.

 

Sensitive data is NOT transferred.

 

The frequency of the transfer (e.g., whether the data is transferred on a one-off or continuous basis): On frequent and continuous basis whenever a user uses a mobile application.

 

Nature of the processing: All operations such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination (solely with non-personal data of exporter), restriction, erasure, or destruction of data (whether by automated means), anonymization, etc.

 

Purpose(s) of the data transfer and further processing: suppression list and invoicing.

 

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period: up to 13 months for fraud related issues only or for longer if an to the extent required under applicable law.

 

For transfers to (sub-) processors, also specify subject matter, nature, and duration of the processing: The subject matter of the processing is Demand Partner’s Personal Data, the nature of the Processing is the performance of the Service under the Agreement and as detailed above and the duration of the Processing is the term of the Agreement.

 

  1. COMPETENT SUPERVISORY AUTHORITY

 

The Identity the competent supervisory authority in accordance with Clause 13 of the New SCC is:

 

Where the data exporter is established in an EU Member State – the supervisory authority of such EU Member State shall act as competent supervisory authority. Where the data exporter is not established in an EU Member State but falls within the territorial scope of the GDPR in accordance with its Article 3(2) and has appointed a representative pursuant to Article 27(1) – the supervisory authority of the Member State in which the representative is established shall act as competent supervisory authority. Where the data exporter is not established in an EU Member State but falls within the territorial scope of the GDPR in accordance with its Article 3(2) without however having to appoint a representative pursuant to Article 27(2) – the supervisory authority of one of the Member States in which the data subjects whose personal data is transferred under these Clauses, shall act as competent supervisory authority.

ANNEX II

TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE PERSONAL DATA

 

The Processor has implemented the measures as described in this exhibit insofar as the respective measure contributes or can contribute directly or indirectly to the protection of the Personal Data under the DPA entered between the Parties.

 

These measures are commercially reasonable, are aligned with industry standard technical and organizational measures, to protect Personal Data. These measures are consistent with applicable laws and meet the standard of protection appropriate to the risk of processing Personal Data while providing the Processor’s services. The Processor will regularly carry out, test, review and update all such measures.

 

These measures will be subject to technical progress and future developments of Processor’s services. As such, the Processor will be permitted to implement alternative adequate measures. In such event, the security level may not be lower than the measures memorialized here. Material changes are to be coordinated with the Controller and documented.

 

Measures for ensuring physical security of locations at which Personal Data are processed

The Processor has implemented the following entry control measures insofar as Personal Data are processed in the Processor’s premises or access to such data from these premises cannot be precluded:

  • Unauthorized persons are to be denied entry to the data processing facilities in which Personal Data are processed or used.
  • Entry authorizations to office buildings, computer centers, and server rooms are restricted to the necessary minimum.
  • Use of effective entry authorization controls through an adequate locking system (e.g., security key with documented key management, electronic locking systems with documented authorizations management).
  • Documented and comprehensible processes for obtaining, changing, and rescinding entry authorizations, including routine and documented review whether the granted entry authorizations are up to date.
  • Reasonable prophylactic and detection measures regarding unauthorized entry and entry attempts (e.g., routine checks of burglary security system for doors, gates, and windows, burglar alarm, video monitoring, guard service, security patrol).
  • Written rules for employees and visitors for dealing with technical entry security measures.

 

Measure for user identification, authorization and for ensuring events logging

Potential use of data processing systems by unauthorized persons is to be prevented. The Processor has implemented the following access control measures for systems and networks, in which Personal Data are processed or through which access to Personal Data is possible, insofar as the Processor is responsible for the Personal Data access authorizations:

  • Persons authorized to use a data processing system will be able to access only the data underlying their access authorization and that Personal Data will be incapable of being read, copied, changed, or removed without authorization during the processing and use of the data and after the data have been stored.
  • Access authorizations to Personal Data is restricted to the necessary minimum.
  • Access authorizations to Demand Partners systems and non-public networks are restricted to the necessary minimum.
  • Use of effective access authorization controls through personalized and unambiguous user identification and a secure authentication process.
  • Recording of access, even by administrators.
  • For password authentications:
    • Specifications are to be made that ensure continuous password quality of at least twelve (12) characters, four (4) degrees of complexity (upper case, lower case, numbers, special characters), and a change cycle of a maximum of ninety (90) days.
    • Technical test procedures are to be used to ensure password quality.
  • If asymmetric key procedures (e.g., certificates, private-public-key-method) are used for authentication, it is to be assured that secret (private) keys are at all times protected by a password (passphrase).
  • Implementation of documented and comprehensible processes for obtaining, changing, and rescinding access authorizations, including routine and documented review whether the granted access authorizations are up to date.
  • Implementation of reasonable measures for securing network infrastructure (e.g., intrusion detection systems, use of 2-factor authentication for remote access, separation of networks, encrypted network protocols, and so forth).
  • Written rules for employees for dealing with the security measures above and the secure use of passwords.
  • Use of input controls – there is a possibility to subsequently review and determine whether and by whom Personal Data was entered, altered in, or removed from data processing systems. The Processor has implemented the following input control measures on its systems, which are used for processing the Personal Data or which enable or convey access to such systems:
    • Creation and audit-proof storage of processing protocols.
    • Securing log files against manipulation.
    • Recording and evaluating unauthorized and failed login attempts.
    • Ensuring that no group accounts (including administrators or root) are used.

 

Measures for ensuring system configuration, including default configuration and encryption of Personal Data

  • Ensuring that critical or material security updates/patches will be installed according to the Processor’s internal Patch Management Policy: a. in client operating systems; b. in server operating systems reachable via public networks (e.g., webservers); c. in application programs (incl. browser, plugins, PDF-reader, etc.); d. in security infrastructure (virus scanner, firewalls, IDS-systems, content filters, routers, and so forth.); and e. in server operating systems of internal servers.
  • Reasonable measures are used for the protection of end-devices, servers, and other infrastructure elements against unauthorized access (such as multi-level virus protection concept, content filters, application firewall, intrusion detection systems, desktop firewalls, system hardening, content encryption).
  • The Processor has implemented the following sharing control measures insofar as Personal Data will be received, transferred, or transported by the Processor:
    • Reasonable measures for securing network infrastructure (e.g., intrusion detection systems, use of 2-factor authentication for remote access, separation of networks, encrypted network protocols, and so forth.)
    • Encryption – Processor implements encryption technology which commensurate with the state-of-the-art to be prescribed so that Personal Data will be incapable of being read, copied, changed, or removed during electronic transmission or during transport for storage on data carriers, such as RSA 2048.
      • Data carrier encryption with – state of the art – algorithms and protocols to be classified as secure (e.g., TLSbased protocols) for the protection of mobile devices (notebooks, tablet PCs, smartphones, etc.) and data carriers (external hard drives, USB sticks, memory cards, and so forth).
    • Implementation of technical security measures for export and import interfaces (hardware and application related).

Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services and the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident

Personal Data will be protected against accidental destruction or loss. The Processor has implemented the following availability control measures insofar as the processing is required for maintaining productive services:

  • Operation and routine maintenance of fire alarms in server rooms, computer centers, and material infrastructure rooms.
  • Creating sufficient backups
  • Ensuring backup storage in a separate fire compartment.
  • Routine backup integrity reviews.
  • Systems and data restoration processes and documentation.

An incident would receive immediate attention from all relevant personnel. Once identified and validated, incidents will be reported according to the Processor’s security and privacy policies.

Processor’s development processes follow secure software development industry-standard practices, which include formal design reviews, threat modeling, and completion of a risk assessment.

Processor uses hash function to de-identify the Personal Data prior to any use.

 

Measures for ensuring data quality and allowing data portability and processes for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures in order to ensure the security of the processing

Personal Data collected for different purposes will be capable of being processed separately. The Processor has implemented the following separation measures insofar as such is within its area of responsibility:

  • Logical and/or physical separation of test, development, and production systems.
  • Separation of Controller’s Personal Data from other data sets including, but not limited to, its own, within the processing systems, and at interfaces.
  • Ensuring that Personal Data are constantly identifiable on account of suitable labels; if such are processed for different purposes, including information specifying the respective purpose.

 

Measures for ensuring limited Personal Data retention

Personal Data is to be deleted, if it is processed for purposes as soon as the knowledge thereof is no longer necessary for the fulfillment of the purpose of the saving in accordance with Fyber’s data retention policy.

The Processor has implemented the following measures ensuring data deletion insofar as such is within its area of responsibility:

  • Ensuring that the Personal Data are capable of being deleted at any time upon request of the Controller.
  • Implementation of processes, tools, and documentation for secure deletion in a manner, such that recovery of the data is not possible given today’s state of technology (e.g., through overwriting).
  • Providing the employees with specifications regarding how and when data are to be deleted.

 

Measures for internal IT and IT security governance and management and for ensuring accountability

The Processor has in place internal policies containing formal instructions for data processing procedures; Contractors are being carefully vetted regarding data security; The Processor personnel is being trained periodically to maintain awareness regarding data protection and security requirements.

 

 

 

 

ANNEX III

LIST OF SUB-PROCESSORS

[not applicable to Modules One and Four]

 

This Annex must be completed for Modules Two and Three, in case of the specific authorization of sub-processors (Clause 9(a), Option 1).

 

The Controller has authorized the use of the following sub-processors by Processor: http://www.fyber.com/subprocessors

 

 

 

EXHIBIT B

STANDARD CONTRACTUAL CLAUSES

FOR PERSONAL DATA TRANSFERS FROM FYBER (ON BEHALF OF PUBLISHERS) TO DEMAND PARTNER

 

ANNEX to the COMMISSION IMPLEMENTING DECISION on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council:

 

✓ MODULE ONE: Transfer controller to controller

☐ MODULE TWO: Transfer controller to processor

☐ MODULE THREE: Transfer processor to processor

☐ MODULE FOUR: Transfer processor to controller

 

https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN

 

 

 

ANNEX I

PROCESSING OF PUBLISHERS’ PERSONAL DATA BY DEMAND PARTNER

 

  1. LIST OF PARTIES

 

Data exporter(s): Fyber Media GmbH, acting on behalf of its Publishers for when providing them with the Offer Wall service and/or the Fyber Marketplace service and/or the Fyber FairBid service (each, the “Service”).

Address: Wallstraße 9-13 10179 Berlin | Germany

Contact person’s name & title: Fyber’s legal team, email: [email protected].

Data Protection Officer name: Michael Panienka, email: [email protected]

 

Data importer(s): Demand Partner’s name and contact details, as stated in the Agreement.

 

Activities relevant to the data transferred under these Clauses: ad targeting and delivery of ads to mobile application’s users, optimization, reporting, fraud detection, billing.

 

  1. DESCRIPTION OF TRANSFER

 

Categories of data subjects whose personal data is transferred: Mobile application users

 

Categories of personal data transferred: In the Offer Wall service: IP Address and Advertising ID. In the Fyber Marketplace service and/or Fyber FairBid service: IP Address, Advertising ID, IDFV, App user ID, and the data parameters described here: https://developer.fyber.com/hc/en-us/articles/360010959798-Contextual-App-Targeting-for-the-Post-IDFA-Era.

 

Sensitive data is NOT transferred.

 

The frequency of the transfer (e.g., whether the data is transferred on a one-off or continuous basis):

On frequent and continuous basis whenever a user chooses to use the Offer Wall on his/her mobile application and clicks on an offer of his/her choice, or whenever the user engages with the mobile app that monetizes via the Fyber Marketplace service and/or Fyber Fairbid service.

 

Nature of the processing: All operations such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination (solely with non-personal data of exporter), restriction, erasure, or destruction of data (whether by automated means), anonymization, etc.

 

Purpose(s) of the data transfer and further processing: In the Offer Wall service: to monitor the completion of an offer by the user, for billing and invoicing purposes, for dealing with fraud claims and to provide reporting. In the Fyber Marketplace service and/or Fyber FairBid service: to enable ad targeting, ad delivery, optimization, reporting, fraud detection, ad quality etc.

 

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period: up to 30 days from the personal data transfer.

 

For transfers to (sub-) processors, also specify subject matter, nature, and duration of the processing: The subject matter of the processing is publishers’ Personal Data, the nature of the Processing is the performance of the Service under the Agreement and as detailed above and the duration of the Processing is the term of the Agreement.

 

  1. COMPETENT SUPERVISORY AUTHORITY

 

The Identity the competent supervisory authority in accordance with Clause 13 of the New SCC is:

 

Where the data exporter is established in an EU Member State – the supervisory authority of such EU Member State shall act as competent supervisory authority. Where the data exporter is not established in an EU Member State but falls within the territorial scope of the GDPR in accordance with its Article 3(2) and has appointed a representative pursuant to Article 27(1) – the supervisory authority of the Member State in which the representative is established shall act as competent supervisory authority. Where the data exporter is not established in an EU Member State but falls within the territorial scope of the GDPR in accordance with its Article 3(2) without however having to appoint a representative pursuant to Article 27(2) – the supervisory authority of one of the Member States in which the data subjects whose personal data is transferred under these Clauses, shall act as competent supervisory authority.

ANNEX II

TECHNICAL AND ORGANIZATIONAL MEASURES INCLUDING TECHNICAL AND ORGANIZATIONAL MEASURES TO ENSURE THE SECURITY OF THE PERSONAL DATA

 

Demand Partner hereby represents and warrants that it has implemented the technical and organizational measures (including any relevant certifications) to ensure an appropriate level of security, considering the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons as described in its internal Technical and Organizational Measures Policy, a copy of which will be provided to Data Exporter upon written request.

 

 

 

 

ANNEX III

LIST OF SUB-PROCESSORS

[not applicable to Modules One and Four]

 

This Annex must be completed for Modules Two and Three, in case of the specific authorization of sub-processors (Clause 9(a), Option 1).

 

The Controller has authorized the use of the following sub-processors by Processor: [Demand partner to include a URL to the list of sub-processors]

 

 

Appendix C

Local Addenda to the Master Service Agreement for Demand Partners

Local Addendum – Germany

This Local Addendum to the Master Service Agreement for Demand Partners (“Addendum”) shall only become effective as an integral part of the Agreement between Fyber and Demand Partner (i) to the extent the Parties explicitly agree upon its applicability in the applicable Service Order or (ii) if Demand Partner has its Seat in the Federal Republic of Germany, as stated in Section 11.8.1 of the MSA. In either case the provisions of this Addendum shall replace and supersede any conflicting provisions in the remaining Agreement, except for conflicting terms individually agreed upon between the Parties in the applicable Service Order, which shall take precedence over the terms of this Addendum.

Capitalized terms used in this Addendum will have the meaning ascribed to them in the MSA unless otherwise defined herein.

1. Interpretation of “Warranty”

For the avoidance of doubt, the Parties agree that the words “to represent/representation”, “to warrant/warranty” shall be understood as referring to an ordinary German law contractual representation (Zusicherung) and not to a German law guarantee with strict liability (Garantie).

2. Tax and VAT

Any legally owed German VAT for services supplied by Demand Partner in Germany shall be added to the due amounts in the respective statutory amount.

3. Late Payment

Section 5.4 of the MSA shall be deleted and replaced with the following:

“5.4 Late Payment. Without prejudice to any other rights Fyber may have in case of late payment under applicable law, any undisputed late payment shall bear interest at an annual rate of 9 percentage points above the then-current ECB rate, such interest beginning thirty (30) days after the receipt of the respective invoice by Demand Partner and ending on payment date.”

4. Disclaimers; Limitation of Liability

4.1 Section 7.1 of the MSA shall be deleted and replaced with the following:

“7.1 Quality; Availability of Service(s).

7.1.1 Fyber provides the Service(s) in accordance with the recognized state of the art and the care of a prudent service provider.

7.1.2 If Fyber cannot supply the Service(s) to Demand Partner for reasons beyond the control of Fyber (“Non-availability of Service”), Fyber will inform Demand Partner without undue delay, at the same time indicating – if possible – when Fyber will be able to continue the supply of the Service(s). If the Non-availability of Service has continued for two (2) weeks, Fyber may terminate the Agreement upon written notice to Demand Partner with immediate effect. It is also deemed a case of Non availability of Service within the meaning of the above sentence in case the timely provision of the Service(s) is prevented through force majeure, i.e., events which cannot be reasonably foreseen and averted by taking reasonable precautions by Fyber, such as war, acts of terrorism, internal unrest, forces of nature, sabotage, and attacks by third parties, strikes in areas for the functioning of which Fyber is not responsible and failure of communications networks or systems of a third party for which Fyber is not responsible (this also applies when such a case of force majeure occurs at one of Fyber’s subcontractors or suppliers). Statutory rights of termination of each Party in the case of such Non-availability of Service remain unaffected.

4.2 Section 7.2 of the MSA shall be deleted and replaced with the following:

“7.2 Limitation of Liability.

7.2.1 Subject to Section 7.2.2, Fyber shall be liable for damages and futile expenses caused to or incurred by Demand Partner (collectively the “Damages”) pursuant to applicable statutory law.

7.2.2 Fyber’s liability for Damages of Demand Partner (irrespective of the legal nature of the claim, whether under contract, tort, or otherwise)

(a) caused by (i) a breach of material contractual obligations of Fyber under the Agreement with ordinary negligence (einfache Fahrlässigkeit), or (ii) a breach of non-material obligations by employees or vicarious agents of Fyber who are not legal representatives or executive officers (leitende Angestellte) of Fyber with gross negligence (grobe Fahrlässigkeit), shall be limited to those Damages foreseeable at the time of conclusion of the Agreement that typically arise in transactions of this nature;

(b) caused by a breach of non-material obligations under the Agreement with ordinary negligence shall be excluded; and

(c) caused by a defect of the Service(s) that already existed at the conclusion of the Agreement shall be excluded, provided that such Damages were not caused with negligence or willful intent of Fyber or a person for whose behavior Fyber is vicariously liable.

7.2.3 A material contractual obligation of Fyber according to the meaning of the foregoing Section 7.2.2 is an obligation, the fulfilment of which is a prerequisite for enabling the proper fulfilment of the Agreement in the first place and on which the Demand Partner regularly relies and may rely.

7.2.4 Notwithstanding Section 7.2.2, nothing in the Agreement shall limit Fyber’s liability for Damages arising from death or personal injury, from breach of a contractual guarantee as to the quality of goods or services or, in case of any other liability pursuant to applicable mandatory law, where such liability cannot be excluded or limited by agreement between the Parties in advance (e.g., under sec. 1 of the German Product Liability Act).

7.2.5 The above limitations to liability also apply to the liability of employees, executive officers, legal representatives and vicarious agents of Fyber.”

5. Modifications to the MSA

5.1 Fyber reserves the right to change or amend the MSA at any time effective prospectively. Any change or amendment will be notified to Demand Partner in a suitable manner (including but not limited to by email or by display of the notice in the Account) at least four (4) weeks prior to its effective date

5.2 Demand Partner has the right to object to any change or amendment of the MSA within two (2) weeks after the date of the notification of the intended change or amendment. In case of a timely objection, each Party shall be entitled to terminate the Agreement for cause upon notice to the other Party, such termination to become effective upon the date that the intended change or amendment was to take effect. If Demand Partner does not object within two (2) weeks after the date of the notification, the change or amendment shall be deemed accepted by Demand Partner and become an integral part of the Agreement.

5.3 In its notification, Fyber will inform Demand Partner of Demand Partner’s right to object within two (2) weeks, each Party’s right to terminate the Agreement in case of objection, and the legal consequences of non-objection.

6. Arbitration

Section 11.7 of the MSA shall be deleted and replaced with the following:

“11.7 Arbitration. All disputes between the Parties arising out of or relating to the Agreement, including any non-contractual obligations arising out of or in connection with it, shall be finally settled in accordance with the Arbitration Rules of the German Institution of Arbitration (DIS) without recourse to the ordinary courts of law. The place of arbitration shall be Berlin, Germany. The arbitral proceedings shall be held in the English language.”

7. Governing Law and Dispute Resolution

7.1 Governing Law. The Agreement and any non-contractual obligations arising out of or in connection with it shall be governed by, and construed in accordance with, the laws of the Federal Republic of Germany, without regards to their conflict of laws rules.

7.2 Jurisdiction. To the extent the arbitration provision in Section 11.7 of the MSA (as modified by Section 6 of this Addendum) does not apply, Demand Partner and Fyber agree that the courts in Berlin, Germany shall have exclusive jurisdiction over any dispute between the Parties arising out of or relating to this Addendum, the Agreement, or any non-contractual obligations arising out of or in connection with them, and the Parties hereby consent to the personal jurisdiction and venue of these courts.

Local Addendum – Europe

This Local Addendum to the Master Service Agreement for Demand Partners (“Addendum”) shall only become effective as an integral part of the Agreement between Fyber and Demand Partner (i) to the extent the Parties explicitly agree upon its applicability in the applicable Service Order or (ii) if Demand Partner has its Seat in European Economic Area (other than the Federal Republic of Germany) or otherwise within Europe (including Armenia, Cyprus, Greenland, and the entire territory of Azerbaijan, Georgia, Kazakhstan, Russia, and Turkey), as stated in Section 11.8.2 of the MSA. In either case the provisions of this Addendum shall replace and supersede any conflicting provisions in the remaining Agreement, except for conflicting terms individually agreed upon between the Parties in the applicable Service Order, which shall take precedence over the terms of this Addendum.

Capitalized terms used in this Addendum will have the meaning ascribed to them in the MSA unless otherwise defined herein.

1. Disclaimers; Limitation of Liability

1.1 Section 7.1 of the MSA shall be deleted and replaced with the following:

“7.1 Service Disclaimer. Except as otherwise expressly provided in the Agreement and except for any implied warranties or conditions or terms that cannot be excluded as a matter of law, Fyber does not make any representations, covenants, conditions or warranties to the Demand Partner, whether express or implied, including warranties of title or implied warranties of merchantability, satisfactory quality or fitness for a particular purpose, non-infringement, accuracy, availability, or error or malware-free or uninterrupted operation.”

1.2 Section 7.2 of the MSA shall be deleted and replaced with the following:

“7.2 Limitation of Liability.

7.2.1 Neither Party excludes or limits its liability to the other Party pursuant to the indemnities detailed in Section 8 or in respect of (i) death or personal injury arising as a result of a Party’s negligence or that of its employees, agents or sub-contractors (as applicable), (ii) fraudulent misrepresentation by Fyber, or (iii) any other liability that cannot be excluded or limited as a matter of law.

7.2.2 In respect of losses not covered by Section 7.2.1 and subject to Section 7.2.3, to the extent permitted by law, each Party’s aggregate liability to the other Party, whether arising in contract, tort (including negligence), misrepresentation (other than fraudulent misrepresentation), breach of statutory duty, contribution or otherwise pursuant to this Agreement in respect of all claims, losses, or damages suffered by the non-liable Party, shall not exceed an amount equal to €2,500.

7.2.3 To the extent permitted by law, Fyber shall not be liable to the Demand Partner for the following loss and damage (including costs and expenses relating to or arising out of such loss and damage) whether arising from contract, tort (including negligence), breach of statutory duty, contribution or otherwise:

a. indirect loss, incidental loss, collateral loss or consequential loss;

b. exemplary, punitive or special damages;

c. lost revenue, profits, contracts or business;

d. lost anticipated savings;

e. lost goodwill or reputation;

f. loss of or damages to, and restitution of, records or data; and/or

g. lost management time,

even if Demand Partner has been advised of the possibility of such damages or loss. Fyber shall be excused from the performance of, and shall not be held liable for, any failure or delay in performing any of its obligations under the Agreement to the extent that such non-performance or delay is caused by any acts and omissions of Demand Partner or any party acting for or on behalf of Demand Partner.”

2. Rights of Third Parties

Section 11.8 of the MSA shall be deleted and replaced with the following:

“11.8 No Third Party Rights. It is not the intention of this Agreement to create any third-party beneficiary rights in any third-party individual or entity that is not a party to this Agreement, and no such rights will be deemed to have been created.

11.8.1 A person who is not a party to the Agreement has no right under the Contracts (Rights of Third Parties) Act 1999 to enforce any part of the Agreement. This shall not affect any right or remedy of a third party which exists or is available apart from that Act.

11.8.2 The right of the Parties to terminate, rescind or agree any variation, waiver or settlement relating to the Agreement is not subject to the consent of any person that is not a party to the Agreement.”

3. Governing Law and Dispute Resolution

3.1 Governing Law. This Addendum, the Agreement, and any non-contractual obligations arising out of or in connection with them shall be governed by, and construed in accordance with, the laws of England and Wales, without regards to their conflict of laws rules.

3.2 Jurisdiction. To the extent the arbitration provision in Section 11.7 of the MSA does not apply, Demand Partner and Fyber agree that the courts in England shall have exclusive jurisdiction over any dispute between the Parties arising out of or relating to this Addendum, the Agreement, or any non-contractual obligations arising out of or in connection with them, and the Parties hereby consent to the personal jurisdiction and venue of these courts.

Local Addendum – Asia

This Local Addendum to the Master Service Agreement for Demand Partners (“Addendum”) shall only become effective as an integral part of the Agreement between Fyber and Demand Partner (i) to the extent the Parties explicitly agree upon its applicability in the applicable Service Order or (ii) if Demand Partner has its Seat in Mainland China, Hong Kong, Macau, Taiwan, Indonesia or Singapore as stated in Section 11.8.3 of the MSA. In either case the provisions of this Addendum shall replace and supersede any conflicting provisions in the remaining Agreement, except for conflicting terms individually agreed upon between the Parties in the applicable Service Order, which shall take precedence over the terms of this Addendum.

Capitalized terms used in this Addendum will have the meaning ascribed to them the MSA unless otherwise defined herein.

1. Arbitration

Section 11.7 of the MSA shall be deleted and replaced with the following:

“11.7 Arbitration. Any dispute, controversy or claim arising out of or relating to the Agreement, including the existence, validity, interpretation, performance, breach or termination thereof or any dispute regarding non-contractual obligations arising out of or relating to it shall be referred to and finally resolved by arbitration administered by the Hong Kong International Arbitration Centre (“HKIAC”) under the HKIAC Administered Arbitration rules in force when the a Notice of Arbitration is submitted. The seat of arbitration shall be Hong Kong. The arbitration proceedings shall be conducted in English. The arbitral award made by HKIAC shall be final and binding upon the Parties.

The arbitration tribunal shall consist of three (3) arbitrators. The claimant shall select one arbitrator, and the respondent shall select one arbitrator. The third arbitrator, who shall be the presiding arbitrator, shall be jointly appointed by the claimant and the respondent. If either the claimant or the respondent fails to select an arbitrator or the Parties fail to agree on the choice of the third arbitrator, HKIAC shall make the appointment on their behalf.

Notwithstanding this Section 11.7, any Party may apply for a preservation order or seek other interim relief in any court of competent jurisdiction.”

2. Governing Law and Dispute Resolution

2.1 Governing Law. This Addendum, the Agreement, and any non-contractual obligations arising out of or in connection with them shall be governed by, and construed in accordance with, New York law, without regards to its conflict of laws rules.

2.2 Jurisdiction. The second sentence of Section 11.8 of the MSA shall not apply.

 

Download PDF

 

Last Updated on January 10, 2022

We use cookies to operate our site and for marketing purposes. View our Privacy Policy or Do Not Sell My Personal Information Policy for more details.
ACCEPT
REFUSE