AppLovin Data Processing Agreement

Similar documents
DATA PROCESSING AGREEMENT (GDPR, Privacy Shield, and Standard Contractual Clauses)

DATA PROCESSING ADDENDUM

ON24 DATA PROCESSING ADDENDUM

CLOUDINARY DATA PROCESSING ADDENDUM

GDPR DATA PROCESSING ADDENDUM INSTRUCTIONS FOR JOSTLE CUSTOMERS

DATA PROCESSING AGREEMENT

Customer GDPR Data Processing Agreement

DATA PROCESSING ADDENDUM

Data Processing Appendix

Customer GDPR Data Processing Agreement

Data Processing Addendum

HOW TO EXECUTE THIS DPA:

DATA PROCESSING ADDENDUM

DATA PROCESSING AGREEMENT

Broadbean Technology Limited - Data Processing Agreement (25th May 2018)

Data Processing Addendum

CLIENT DATA PROCESSING AGREEMENT

ROSETTA STONE LTD. PROCESSING ADDENDUM

Moxtra, Inc. DATA PROCESSING ADDENDUM

DATA PROCESSING ADDENDUM FOR CUSTOMERS AND USER OF AEROHIVE PRODUCTS AND SERVICES. Version May 2018

Data Processing Addendum

EU Data Processing Addendum

DATA PROCESSING AGREEMENT/ADDENDUM

GDPR : We protect your data

Lifesize, Inc. Data Processing Addendum

CUSTOMER DATA PROCESSING ADDENDUM

DATA PROCESSING ADDENDUM (INCLUDING EU STANDARD CONTRACTUAL CLAUSES)

URBAN AIRSHIP DATA PROCESSING ADDENDUM with EU Standard Contractual Clauses. (Revised September 2017)

DATA PROCESSING TERMS AND CONDITIONS

DATA PROTECTION ADDENDUM

DATA PROCESSING ADDENDUM

DATA PROCESSING ADENDUM

DATA PROCESSING ADDENDUM

DATA HANDLING AGREEMENT

RECIPROCAL BUSINESS ASSOCIATE AND DATA USE AGREEMENT BETWEEN THE PARTICIPATING PHYSICIAN ORGANIZATION AND MILLIMAN, INC.

DATA PROCESSING ADDENDUM

DATA PROCESSING ADDENDUM

HIPAA and ProAssurance

HIPAA BUSINESS ASSOCIATE ADDENDUM

Business Associate Agreement RECITALS AGREEMENT

IDEXX - DATA PROTECTION AGREEMENT

Microsoft Online Subscription Agreement/Open Program License Agreement Amendment for HIPAA and HITECH Act Amendment ID MOS13

BUSINESS ASSOCIATE AGREEMENT

Data Processing Appendix

MNsure Certified Application Counselor Services Agreement with Tribal Nation Attachment A State of Minnesota

AWS GDPR DATA PROCESSING ADDENDUM

DATA PROCESSING ANNEX

DATA PROCESSING ADDENDUM (GDPR and EU Standard Contractual Clauses)

PERSONAL DATA PROCESSOR AGREEMENT

Data Processing Addendum

Amgen Binding Corporate Rules (BCRs) Public Document

Data Processing Agreement and Privacy Policy (EU) Classification: PUBLIC March 2018

JOTFORM HIPAA BUSINESS ASSOCIATE AGREEMENT

GDPR Data Processing Addendum (DPA) Instructions for Area 1 Security Customers

DATA PROCESSING ADDENDUM (GDPR, Salesforce Processor Binding Corporate Rules, Privacy Shield, and Standard Contractual Clauses) (Revision April 2018)

TRAVELTOKENS SALE PRIVACY POLICY Last updated:

Appropriate Policy Document

Rigor, Inc. GDPR Data Processing Addendum

RECITALS. In consideration of the mutual promises below and the exchange of information pursuant to this BAA, the Parties agree as follows:

Twilio Data Protection Addendum ( DPA ) (GDPR, Binding Corporate Rules, Privacy Shield, and Standard Contractual Clauses) (Revision June 2018)

HOW TO COMPLETE A BUSINESS ASSOCIATE AGREEMENT (BAA)

MentorcliQ Data Processing Agreement

DATA PROCESSING ADDENDUM

Member Circular March Implementation of the EU General Data Protection Regulation 2016/679 General Guidance to Members

HIPAA BUSINESS ASSOCIATE AGREEMENT

Cyber ERM Proposal Form

The Controller and Processor Data Protection Binding Corporate Rules of BMC Software

DATA PROCESSING TERMS DEFINITIONS

Data Protection Agreement

GROUP PRIVACY POLICY. Adopted June 20th, 2017 by each of the Boards of Carnegie Holding AB and Carnegie Investment Bank AB (publ).

DATA HANDLING AGREEMENT

GDPR Data Processing Addendum

ADDSECURES WAY OF PROCESSING PERSONAL DATA

The Allied Group Privacy Shield Policy

MEMORANDUM OF UNDERSTANDING for DATA SHARING BETWEEN DISTRICT AND SCCOE

BUSINESS ASSOCIATE AGREEMENT Between THE NORTH CENTRAL TEXAS COUNCIL OF GOVERNMENTS and

IRIS Group of Companies Customer Data Processing Terms

EMPLOYEE NOTICE OF DATA PRIVACY POLICIES AND PROCEDURES

DATA PROCESSING ADDENDUM (v1.0)

SUMMARY OF BINDING CORPORATE RULES

Privacy Policy. This privacy policy shall be valid even if you have reserved your transfers through the other sales partners of Plus Group Kft.

EMPLOYEE NOTICE OF DATA PRIVACY POLICIES AND PROCEDURES

Privacy Shield Notice

The Guild for Exceptional Children HIPAA Breach Notification Policy and Procedure

BUSINESS ASSOCIATE AGREEMENT (for use when there is no written agreement with the business associate)

DATA PROCESSING AGREEMENT ( AGREEMENT )

Data Processing Agreement

RBI GDPR DATA PROCESSING ADDENDUM

EU GDPR DATA PROCESSING ADDENDUM INSTRUCTIONS FOR CLOUDFLARE CUSTOMERS

TEREX CORPORATION DATA PROTECTION POLICY

HOW TO REGISTER ON THE OECD ESOURCING PORTAL

TERMS OF USE. Unless otherwise noted, all tickets, goods, and services sold on the TicketBiscuit platform adhere to a NO REFUNDS, NO EXCHANGES policy.

THE UNIVERSITY, CAMBRIDGE IN AMERICA AND THE COLLEGES DATA SHARING PROTOCOL

Personal Data. Protection Policy

HIPAA Information. Who does HIPAA apply to? What are Sync.com s responsibilities? What is a Business Associate?

H 7789 S T A T E O F R H O D E I S L A N D

NA Data Privacy Policy

RECITALS. WHEREAS, this Amendment incorporates the various amendments, technical and conforming changes to HIPAA implemented by the Final Rule; and

THE CITY OF EDMONTON PROJECT AGREEMENT VALLEY LINE LRT STAGE 1. Schedule 18. Freedom of Information and Protection of Privacy

BINDING CORPORATE RULES

Transcription:

AppLovin Data Processing Agreement This AppLovin Data Processing Agreement ( DPA ) is incorporated into and is subject to the AppLovin Terms of Use Agreement available at https://www.applovin.com/terms (the Agreement ) entered into by and between User and AppLovin (as those terms are defined in the Agreement). This DPA reflects the parties agreement with regard to the Processing of Personal Data. User and AppLovin are hereinafter jointly referred to as the Parties and individually as a Party. This DPA shall apply to the Agreement to the extent User is established within the European Union ( EU ) or Switzerland and/or to the extent AppLovin processes Personal Data of Data Subjects located in the EU or Switzerland on behalf of User. User enters into this DPA on behalf of itself, and to the extent required under applicable Data Protection Laws, in the name and on behalf of its authorized Affiliates, if and to the extent AppLovin processes Personal Data for which such authorized Affiliate qualifies as the Data Controller. In the course of providing the Services to User pursuant to the Agreement, AppLovin may process Personal Data on behalf of User and the Parties agree to comply with the following provisions with respect to any Personal Data, each acting reasonably and in good faith. References to the Agreement will be construed as including this DPA. Any capitalized terms not defined herein shall have the respective meanings given to them in the Agreement. 1. DEFINITIONS In this DPA, the following terms shall have the meanings set out below: Affiliate means any entity which is controlled by, controls or is in common control with a Party. Control, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity. Data Controller means the entity which determines the purposes and means of the Processing of Personal Data. Data Processor means the entity which Processes Personal Data on behalf of the Data Controller. Data Protection Laws means the laws and regulations of the European Union which are applicable to the Processing of Personal Data under the Agreement. Data Subject means the individual to whom Personal Data relates. Personal Data means any information relating to an identified or identifiable person. Privacy Shield means the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce. Processing means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction ( Process, Processes and Processed shall have the same meaning). Security Breach has the meaning set forth in Section 7 of this DPA.

Services means AppLovin s ad network enabling the purchase and sale of mobile advertising. Sub-processor means any Data Processor engaged by Processor. 2. PROCESSING OF USER PERSONAL DATA 2.1 The Parties agree that with regard to the Processing of Personal Data, User is the Data Controller and AppLovin is the Data Processor. 2.2 User shall, in its use or receipt of the Services, process Personal Data in accordance with the requirements of the Data Protection Laws and User will ensure that its instructions for the Processing of Personal Data comply with the Data Protection Laws. User shall ensure that it has received valid consent from Data Subjects as required by Data Protection Laws and, upon AppLovin s request, will provide AppLovin with written evidence of such consent, including without limitation, the date of the consent and the consent language presented to the Data Subject. User shall have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which User obtained the Personal Data. 2.3 During the term of the Agreement, AppLovin shall only Process Personal Data on behalf of and in accordance with the Agreement and User s instructions. User instructs AppLovin to Process Personal Data for the following purposes: (i) Processing in accordance with the Agreement; and (ii) Processing to comply with other reasonable instructions provided by User where such instructions are consistent with the terms of the Agreement. 2.4 The subject matter of the Processing is the performance of the Services and the Processing shall be carried out for the duration of the Agreement. The types of Personal Data and categories of Data Subjects Processed under this DPA may include the following: - Types of Personal Data: (a) end-user information consisting of identifier for advertisers (IDFA) and IP address; and (b) contact and billing-related information consisting of first and last name; billing address; telephone number; instant messenger username; VAT number; bank account number; and email address used for PayPal. - Categories of Data Subjects: - individuals who are end-users of User s mobile application(s). - individuals who are employees, agents or representatives of User in AppLovin s online platform. 3. RIGHTS OF DATA SUBJECTS 3.1 To the extent User, in its use or receipt of the Services, does not have the ability to correct, amend, restrict, block or delete Personal Data, as required by Data Protection Laws, AppLovin will use commercially reasonable efforts to comply with reasonable requests by User to facilitate such actions to the extent AppLovin is legally permitted to do so. 3.2 AppLovin shall, to the extent legally permitted, promptly notify User if it receives a request from a Data Subject for access to, correction, amendment, deletion of or objection to the processing of that person s Personal Data. AppLovin shall not respond to any such Data Subject request without User s prior written 2

consent except to confirm that the request relates to User. AppLovin shall provide User with commercially reasonable cooperation and assistance in relation to the handling of a Data Subject s request, to the extent legally permitted and to the extent User does not have access to such Personal Data through its use or receipt of the Services. 4. PROCESSOR PERSONNEL 4.1 AppLovin shall ensure that its personnel engaged in the Processing of Personal Data are informed of the confidential nature of the Personal Data and are subject to obligations of confidentiality. 4.2 AppLovin shall ensure that access to Personal Data is limited to those personnel who require such access to perform the Services. 4.3 AppLovin will appoint a data protection officer where such appointment is required by Data Protection Laws. 5. SUB-PROCESSORS 5.1 User acknowledges and agrees that (i) AppLovin Affiliates may be retained as Sub-processors; and (ii) AppLovin may engage third-party Sub-processors in connection with the Services. Any such Sub-processors will be permitted to obtain Personal Data only to deliver the services AppLovin has retained them to provide, and are prohibited from using Personal Data for any other purpose. AppLovin agrees that any agreement with a Sub-processor will include substantially the same data protection obligations as set out in this DPA. 5.2 AppLovin may continue to use those Sub-processors already engaged by AppLovin or any AppLovin Affiliate as at the date of this DPA. 5.3 AppLovin shall give User notice of the appointment of any new Sub-processor via AppLovin s platform, via email or as otherwise generally made available to AppLovin s advertisers and publishers, including applicable details of the Processing to be undertaken by the Sub-processor. If, within 10 days of receipt of that notice, User notifies AppLovin in writing of any objections (on reasonable grounds) to the proposed appointment, AppLovin shall not appoint that proposed Sub-processor until reasonable steps have been taken to address the objections raised by the User and the User has been provided with a reasonable written explanation of the steps taken. 6. SECURITY; AUDIT RIGHTS; PRIVACY IMPACT ASSESSMENTS 6.1 AppLovin shall maintain administrative, physical and technical safeguards for protection of the security, confidentiality and integrity of Personal Data. 6.2 No more than once per year, User may engage a mutually agreed upon third-party to audit AppLovin solely for the purposes of meeting its audit requirements pursuant to the Data Protection Laws. To request an audit, User must submit a detailed audit plan at least four (4) weeks in advance of the proposed audit date describing the proposed scope, duration, and start date of the audit. Audit requests must be sent to legal@applovin.com with a copy to dataprotection@applovin.com. The audit must be conducted during regular business hours, subject to obligations of confidentiality and AppLovin s policies, and may not unreasonably interfere with AppLovin s business activities. Any audits are at the User's expense. 6.3 Any request for AppLovin to provide assistance with an audit is considered a separate service if such audit assistance requires the use of resources different from or in addition to those required by law. User shall reimburse AppLovin for any time spent for any such audit at the rates agreed to by the Parties. Before the 3

commencement of any such audit, User and AppLovin shall mutually agree upon the scope, timing, and duration of the audit in addition to the reimbursement rate for which User shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by AppLovin. User shall promptly notify AppLovin with information regarding any non-compliance discovered during the course of an audit. 6.4 AppLovin will reasonably cooperate with User, at User s expense, where User is conducting a privacy impact assessment. 7. SECURITY BREACH MANAGEMENT AND NOTIFICATION 7.1 If AppLovin becomes aware of any unlawful access to any Personal Data stored on AppLovin s equipment or in AppLovin s facilities, or unauthorized access to such equipment or facilities resulting in material loss, disclosure, or alteration of Personal Data ( Security Breach ), AppLovin will promptly: (i) notify User of the Security Breach; (ii) investigate the Security Breach and provide User with information about the Security Breach; and (iii) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Security Breach. 7.2. User agrees that an unsuccessful Security Breach attempt will not be subject to this Section. An unsuccessful Security Breach attempt is one that results in no unauthorized access to Personal Data or to any of AppLovin s equipment or facilities storing Personal Data, and may include, without limitation, pings and other broadcast attacks on firewalls or edge servers, port scans, unsuccessful log-on attempts, denial of service attacks, or similar incidents. 7.3. Notification(s) of Security Breaches, if any, will be delivered to one or more of User s business, technical or administrative contacts by any means AppLovin selects, including via email. It is User s sole responsibility to ensure it maintains accurate contact information on AppLovin s support systems at all times. 8. RETURN AND DELETION OF PERSONAL DATA AppLovin shall return Personal Data to User, to the extent possible, and/or delete Personal Data in accordance with AppLovin s data retention policies which adhere to requirements of Data Protection Laws, and in a manner consistent with the terms of the Agreement. 9. PRIVACY SHIELD AppLovin is self-certified to and complies with the Privacy Shield, and AppLovin shall maintain its selfcertification to and compliance with the Privacy Shield with respect to the Processing of Personal Data that is transferred from the European Economic Area to the United States. 10. LIMITATION OF LIABILITY Each Party s and all of its Affiliates liability in the aggregate arising out of or relating to this DPA, whether in contract, tort, or under any other theory of liability is subject to the Limitation of Liability section of the Agreement, and any reference in such section to the liability of a Party means the aggregate liability of that Party and all of its Affiliates under the Agreement and all DPAs together. 11. PARTIES TO THIS DPA Nothing in this DPA shall confer any benefits or rights on any person or entity other than the Parties to this DPA. 4

12. TERMINATION This DPA shall terminate automatically upon termination of the Agreement. 5

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback