Terms and Conditions

Match2One AB

Last updated: 2021-08-12

The following Terms & Conditions (the “Terms”) constitute a binding agreement between the company on which behalf the user is registering an account on the Website (the “Customer”) and Match2One AB (“Match2One”), a company incorporated under the laws of Sweden with Swedish company registration number 559036-6836. The Terms govern the use of the Service (as defined below) provided to the Customer by Match2One.

1.  Definitions

The following terms shall have the meaning ascribed to them below:

“Ad” means the ad created using the Service with the Content and published on a Third Party Website.

“Ad Campaign” means an advertising campaign created using the Service, containing optimized goals, targeting settings and advertising strategies.

“Aggregated Data” means data derived from Customer Data but is not considered personal data in Data Protection Legislation as this data does not directly or indirectly reveal a Customer’s or User’s identity.

“Banking day” means an ordinary, non-holiday, working day in Sweden.

“Content” means all texts, graphics, videos, pictures and all other information, such as the User generated ads, that the Customer, Users or anyone else uploads to and/or publishes or in other ways makes available via the Service.

“Customer Data” means all data provided to Match2One by the Customer via the Services or in connection thereto, which the parties recognize may contain personal data of the Customer and/or the User.

“Data Protection Legislation” or “DPL”: means all applicable laws, regulations, binding guidelines, and decisions as well as codes of conduct which relate to the protection of personal data and privacy.

“Features” means features within the Service, such as launching a new Ad Campaign and creating Ads by using a third-party application provided within the Service.

“Funds” means the funds transferred by the Customer to be used as payment for the Services.

“Intellectual Property Rights” means any and all patents, copyrights, moral rights, trademarks, trade secrets and any other form of intellectual property rights recognized in any jurisdiction whether existing now or acquired hereafter including any application or right to apply for registration of any of these rights.

“License” means the license to use the Service as described in section 3.

“Optimization Outcome” means the outcome of an optimization of the Ad Campaign. The Ad Campaign can be optimized by c per thousand views, cost per click or cost per acquisition of the Ad.

“Service” means the Service, as described in clause 2.1, directly provided on the Website by Match2One to the Customer including its Features available on the day of accepting the Terms.

“Website” means Match2One’s Website from which the Service is provided.

“Third Party Services” means any services within the Website not provided by Match2One.

“Third Party Websites” means any websites not provided by Match2One.

“User” means any by the Customer authorized user of the Service.

“User Account” means the account set up by the Customer giving the Customer access to the Service.

2. The Service

2.1 The Service is an online self-service real time bidding advertising application platform which allows the Customer to create Ads by uploading or creating Content and through an automated process buy ad spaces from third parties. The Ad is published on a Third-Party Website. In addition to this, the Service enables audience targeting, intelligent prospecting and interactive performance reporting of the Ad Campaigns. Products and services not directly provided to Customer by Match2One are not included in the Service. Match2One may at its discretion provide support to Customers in relation to the use of the Service, such support can be provided via the Website or via any other means deemed suitable by Match2One.

2.2 In the process of launching an Ad Campaign, the User will have to set a value regarding the preferred goal cost per Optimization Outcome. The Customer acknowledges and agrees that the set goal cost for the Optimization Outcome is an estimate and that Match2One takes no responsibility for that the goal will be achieved.

2.3 Should the Customer want to for example target visitors or track conversations, tracking scripts must be installed on the pages on the Customer’s website where the ad will lead to. The Customer acknowledges and agrees to that it is liable to ensure the legality of such tracking script for example based on DPL.

2.4 The Customer shall use the Website and the Service in accordance with the Terms, instructions from Match2One, applicable laws, rules and regulations. The Customer shall furthermore ensure that each of its Users accepts and complies with the Terms.

2.5 The Customer shall be responsible for obtaining and maintaining all hardware, software, communications equipment, and network infrastructures required to access and use the Website and the Service.

2.6. All new functionality, Features or services introduced to the Service will be subject to the Terms.

3. License

3.1 Match2One grants the Customer a worldwide non-exclusive, non-transferable and non-sublicensable License to use the Service, subject to all the terms and conditions set forth in the Terms. The License may consequently only be used for the specific Customer’s internal purposes and may not be shared, resold, distributed, lend, leased, transferred, sublicensed or otherwise made available to any third party. This does not include performance of services for the benefit of third parties, nor the use by the Customer’s affiliated companies. The License is valid as long as the Customer has access to a registered User Account according to the Terms.

3.2 However, Match2One will charge the Customer in accordance with the at each time applicable fees provided on the Website for the use of the Features.

3.3 Match2One reserves the right to modify, suspend, and/or discontinue the use of the Service at any time, with or without notice. Match2One will make reasonable efforts to keep the Service operational and fully functional during updates.

4. User accounts

4.1 In order to obtain a License to the Service by completing a User Account registration process, the Customer shall have read Match2One’s Privacy Policy.. Match2One does not accept any Customers or Users operating within the porn or weapons industry or who are doing advertising aimed for children (strictly under 13 years of age).

4.2 The Customer is solely responsible and liable for all access to, and all actions and activities conducted under its User Accounts, as well as for its Users’ use of the Service. The Customer shall immediately inform Match2One about any unauthorized use of its User Accounts.

4.3 Match2One reserves the right to suspend any User or terminate any User Account if activities occur which constitutes or may constitute a violation of the Terms, Match2One’s instructions as updated from time to time or of any applicable local or international laws, rules or regulations.

5. Use of data

Aggregated Data

5.1 The Customer acknowledges and agrees to that Match2One shall have the right to use and share Aggregated Data, including Content to compile statistics and other marketing information and finally to improve, develop and modify the Service. Aggregated data may also be used to optimize campaigns across the Service. The Customer can opt-out if sharing aggregated campaign data via the user interface.

Legal Status of the Parties

5.2 The parties acknowledge that for the purposes of Data Protection Legislation that Match2One shall be a data processor in respect of all Customer Data which it processes as part of providing the Service. Such processing is governed by a data processing agreement which constitutes an integral part of these Terms, the data processing agreement can be found in Appendix 1.

5.3 Match2One and the Customer are, however, independent data controllers in relation to personal data processed to act under these Terms. This will typically include contact information to each other’s representatives. The Customer, therefore, undertake to ensure that all its Users have read Match2One’s Privacy Policy, which is available https://www.match2one.com/privacy-policy-2/.

Creation and use of Aggregated Data

5.3 Match2One shall have exclusive control over the creation and use of Aggregated Data, as well as the purposes to which such datasets may be put. Match2One makes no warranty that any particular Customer Data will or will not be used for the purposes of creating Aggregated Data. The Customer agrees that Match2One may make such Aggregated Data publicly available, provided that it: 1) does not contain identifying information; and 2) is not compiled using a sample size small enough to make the underlying data identifiable. Match2One and/or its licensors own all right, title and interest in and to the Aggregated Data and all related software, technology, documentation, and content provided in connection with the Aggregated Data, including all Intellectual Property Rights in the foregoing.

Warranties and acknowledgements in relation to Customer Data

5.4 The Customer warrants to Match2One that it has and will maintain all necessary rights, licenses, consents and authorizations to transmit the Customer Data to Match2One and to permit it to be processed for the purposes contemplated by these Terms.

6. Payment & fees

6.1 The Customer pays for the Service through a monthly subscription fee and may choose between the following payment methods: i) invoice or ii) credit card.

6.2 The Customer hereby confirms that all funds transferred to the Match2One become the property of Match2One, to be used at our discretion to pay for any functions of the Service used by the Customer.

6.3 If invoice is chosen as payment method, the Customer shall pay all invoices within fifteen (15) days after the invoice date. Interest on overdue payment shall accrue according to the Swedish Interest Act (Sw. räntelag (1975:635)), and collection fees will be charged when applicable.

6.4 By choosing payment with a credit card,Match2One will charge the credit card with the agreed amount. The amount (the Funds) will then be available to be spent within the Service.

6.5 Match2One reserves the right to change their listed fees (at the Website) at any time. It is the Customer’s responsibility to stay informed of any price changes. The new fees will apply immediately after the change is posted on the Website.

6.6 The Funds will be available on the User Account on the same Banking day as the payment is received by Match2One. In case a User Account is terminated by Match2One or cancelled by the Customer and the User Account still holds Funds, there will be no refund of payment

7. Prohibited use of the service

7.1 The Customer shall use the Service for lawful purposes only. The Customer agrees not to use the Service for posting, transmitting or otherwise distributing illegal or other inappropriate material.

7.2 The Customer agrees to, within the scope of the Service and in relation to Match2One: not to defame, abuse, harass, threaten or otherwise violate the legal rights of others, including Match2One; not publish, post or in any other way express any topic, material or information that is inappropriate, defamatory, infringing, obscene, pornographic, racist, terrorist, politically slanted, indecent or unlawful; not contribute to destructive activities such as dissemination of viruses, spam or any other activity that might harm Match2One, the Service or Users in any way.

7.3 The Customer agrees to follow Match2One´s advertising and content policies and guidelines, as applicable from time to time. The Customer is aware that Match2One´s advertising and content policies and guidelines may vary from country to country or region to region and that it is the Customers responsibility to ensure full compliance for all their advertisements.

7.4 Advertising for cryptocurrencies and tobacco products, including electronic cigarettes and vape products, are strictly prohibited.

7.5 Advertising for iGaming, gambling, online or otherwise, and lotteries is restricted and conditional upon valid gambling licenses and, if applicable, permission in the relevant market(s) to advertise for iGaming and/or gambling.

7.6 Match2One reserves the right to either pause or stop advertisements that Match2One deem violates these Terms or any of Match2One´s advertising and content policies and guidelines, as applicable from time to time, without notice.

8. Content

8.1 The Service includes functions for uploading, posting, linking and communicating and otherwise making Content available for others. By uploading Content to the Service, the Customer warrants that it is either the owner of the Content or that it holds a valid permission to such Content from the appropriate right holder, meaning that the Costumer’s use of the Content in no way infringes a third party’s rights. Furthermore, the Customer warrants that the Content, or the Customer’s use thereof, is in no way a violation of any national or international legislation or any third-party rights.

8.2 Unless nothing else is agreed upon between the Customer and Match2One, Match2One undertakes to host all Content provided by the Costumer, meaning that Match2One undertakes to deliver the Ad Campaign from the Match2One server to a Third Party Website. In order for Match2One to do so, the Customer grants Match2One a worldwide, non-exclusive, royalty-free, transferable right to distribute and display all the Content, or any part of it, and the intellectual property rights therein.

8.3 Match2One makes no representation or warranty as to the accuracy, timeliness, quality, completeness, suitability or reliability of any information or data accessed on or through the Service. No information obtained from Match2One or the Service shall create any warranty if not expressly stated in the Terms. Match2One does not examine or take any responsibility with regards to the validity of information provided by the Users.

9. Intellectual property

9.1 The Service and its original content, Features, functionality and design elements are and will remain the exclusive property of either Match2One or the owner of a Third Party Service. The Customer’s use of the Website and the Service is limited to the rights granted to the Customer under the Terms. Match2One’s intellectual property may not be used in connection with any product or service without Match2One’s prior written consent.

9.2 The Website, the Service or any portion thereof may not be reproduced, duplicated, copied, sold, resold or otherwise exploited for any purpose inconsistent with the limited rights granted to the Customer under the Terms.

10. Indemnification

10.1 The Customer shall indemnify and hold Match2One harmless with respect to all direct and indirect liability, losses, damages, costs or expenses caused, arising out of, or in connection with (i) the Customer’s negligence, (ii) the Customer’s breach of the Terms, or (iii) the Customer’s misuse of the Service.

11. Disclaimer of warranty, limitation of liability and remedies

11.1 Match2One does not guarantee uninterrupted, secure or error-free operation of the Service. The Service is provided “as is” without warranties of any kind, whether expressed or implied, including, but not limited to, implied warranties of merchantability, fitness for a particular purpose, non-infringement or course of performance. Match2One is not responsible for neither technical, hardware or software malfunctions, nor lost or unavailable network connections, downtime or disconnections from User Accounts.

11.2 Match2One undertakes to follow the Viewable Ad Measurements 2.0 standards and guidelines, issued by the Interactive Advertising Bureau in Sweden, insofar that they are not contradictory to the Terms. Notwithstanding what is stated in the Terms or in the said standards and guidelines, Match2One takes no responsibility for any technical glitches that affects the viewability of the Ads on a Third Party Website. Furthermore, Match2One is not responsible for any unfair or in another way inappropriate actions by a third party that may affect the Ad Campaign. Such actions may include, but not be limited to, click frauds and ad frauds

11.3 The Customer is at all times responsible for the Content uploaded or otherwise made available by its Users. This means that Match2One is not responsible for the Content or the use thereof. Furthermore, Match2One assumes no responsibility for the content, advertising, goods or services, privacy policies or other practices of any Third Party Services that may be reached by links presented in the Service.

11.4 The Optimization Outcome that is counted per Ad Campaign will be counted with the counting tools provided by Match2One. Match2One takes no responsibility for any difference in the result between the count of a Match2One tool and a third party tool.

11.5 Any recommendations and/or instructions from Match2One or any of Match2One’s employees on how to use the Service shall not be considered as consultation or advice in each specific case. Match2One is therefore, not responsible for any outcome or result of such recommendations and/or instructions.

11.6 Match2One is not responsible for any damage, loss, or injury resulting from hacking, tampering, or other unauthorized access or use of the Service or User Accounts. To the maximum extent permitted by applicable law, in no event shall Match2One be liable for any, indirect, incidental, special, consequential or exemplary damages, however caused and under any theory of liability arising out of or in connection with the Terms. This shall include, but not be limited to, any loss of; profit, goodwill or business reputation, any loss of data suffered, cost of procurement of substitute goods or services, or other intangible loss.

11.7 In the event Match2One materially breaches the Terms, and such breach remains uncured for a period of more than ten (10) days after notice from the Customer (“Notice period”), the Customer shall be entitled to a refund equal to ten (10) percent of the cost spent on Ad Campaigns during the last thirty (30) days, for every day that the material breach remains uncured, however limited to a maximum of thirty (30) days or any shorter period left of the ongoing contract term. Such refund claim must be presented to Match2One in writing within fifteen (15) days from end of the Notice period.

11.8 If Match2One is found to be liable to the Customer for any damage or loss which arise out of or is any way connected to the use of the Service, Match2One’s liability shall in no event exceed the amount of the latest twelve (12) months’ worth of fees paid by the Customer.

11.9 The Customer has no further rights to compensation, outside of what is stated in this section 12.

12. Breach of the terms

12.1 Should the Customer, or any of its Users, use the Service in violation of the Terms, Match2One shall have the right to: i) delete any Content produced by the Customer, ii) suspend and/or terminate the Customers User Account iii) terminate the Terms, and iv) receive a reasonable compensation for its losses connected to the Customer’s violation.

13.2 Match2One reserves the right to directly limit the use of or access to the Service and to block, restrict or delete any Content at any time, for any reason and without liability, if such use, access or Content constitutes or may constitute i) a violation of the Terms in general or of any applicable local or international laws, rules or regulations, or ii) a risk of harming Match2One’s trademarks, goodwill or reputation.

14. Force majeure

14.1 The parties shall be relieved from any liability for any delay or failure to perform any obligation under the Terms during such period and to the extent that the due performance thereof by either of the parties is prevented by reason of any circumstance beyond the reasonable control of the party (“Force majeure”), such as war, warlike hostilities, labor disturbances, fire, flood, or other circumstances of similar importance.

14.2 The party desiring to invoke an event of Force majeure shall as soon as possible provide the other party with a written notice.

14.3 If the performance of these Terms is severely hindered for a longer period than three (3) months due to a Force majeure event, either party shall be entitled to terminate these Terms with immediate effect. Upon termination due to a Force majeure event, each party shall bear its own costs incurred by the termination.

15. Changes to & assignment of the terms

15.1 Match2One may, at any time and for any reason, update the Terms by publishing the updated Terms on the Website. The updated Terms shall automatically be effective upon publishing.

15.2 Neither the Terms nor any obligation or right hereunder may be assigned or transferred by the Customer without the prior written consent of Match2One.

16. Duration and cancellation

16.1 The Terms shall enter into force when the Customer signs up for a User Account and, as part hereof, accepts the Terms and shall remain in force until one of the following occur: (i) Match2One terminates the User Account in writing with one (1) months’ notice irrespective of reason hereto,  (ii)the Customer cancels the User Account at any given time, without regard to any period of notice, or (iii) the License or the User Account is otherwise terminated or suspended in accordance with the Terms, whichever occurs earlier. Please note that there will be no refund of Funds paid to Match2One.

17. Governing law and dispute resolution

17.1 The Terms shall be construed in accordance with, and governed by, Swedish law. Disputes arising in connection with the Terms shall be settled by arbitration administered by the Arbitration Institute of the Stockholm Chamber of Commerce (the “SCC”). The seat of arbitration shall be Stockholm. The language to be used in the arbitral proceeding shall be English.

17.2 The Rules for Expedited Arbitrations shall apply, unless the SCC in its discretion determines, taking into account the complexity of the case, the amount in dispute and other circumstances, that the Arbitration Rules shall apply. In the latter case, the SCC shall also decide whether the Arbitral Tribunal shall be composed of one or three arbitrators. The arbitral proceedings shall be confidential.

 

Appendix 1 – DATA PROCESSING AGREEMENT

This data processing agreement (”DPA”) is an inseparable part of the Terms between:
a) The Customer as defined in the Terms (the “Controller”); and
b) Match2One AB (the “Processor”), with registration number 559036-6836.
Herein referred collectively as “the Parties” and individually as “the Party”.

2 INTRODUCTION

2.1 The Parties have entered into an agreement regarding the Processor’s service under which the Processor will process the Controller’s personal data (“Personal Data”) on the Controller’s behalf. This DPA constitutes a written agreement in accordance with the EU General Data Protection Regulation (679/2016) (the “GDPR”) concerning the processing of Personal Data under the Terms. A description of the processing is attached in annex 1.
2.2 If the terms concerning the processing of Personal Data of the DPA and the Terms are in conflict, the Parties shall apply the terms of this DPA.

3 DEFINITIONS

1.1 In accordance with the EU General Data Protection Regulation, the terms below are defined as follows: ”Sub-processor” shall mean a third party appointed by the Processor to process Personal Data on behalf of the Controller. “Standard Contractual Clauses” shall mean the standard contractual clauses annexed to European Commission Decision 2021/914 of 4 June 2021 concerning the transfer of personal data outside the EU / EEA, or such approved clauses replacing or supplementing them. “Applicable Laws” shall mean the GDPR and laws implementing or supplementing the GDPR (including, when applicable, binding guidance, opinions and decisions published by supervisory authorities, court or other competent authority) applicable to the processing of Personal Data under this DPA, and as amended or supplemented during the term of this DPA.
Terms used but not defined herein, such as ”processing”, ”data subject”, ”personal data breach” and ”supervisory
authority”, shall have the same meanings as in the GDPR, and their cognate terms shall be construed accordingly.

4 DATA PROTECTION AND PROCESSING OF PERSONAL
DATA

1.1 The Parties undertake to abide by Applicable Laws.

1.2 The Processor shall only process the Personal Data and other data of the Controller in accordance with the Terms, this DPA and according to the written instructions of the Controller. The Processor shall notify the Controller if any conflict with Applicable Laws is detected in the instructions and in such a case, the Processor may immediately decline and stop applying the instructions of the Controller. However, the Processor shall not be obliged to verify whether any instruction given by the Controller complies with Applicable Laws, as the Controller is responsible for such compliance verification of its instructions.

1.3 The Processor may aggregate the personal data processed and create statistical information which may be used by the Processor. This information will not include any personal data once aggregated and made into statistics.

1.4 In the event that the Processor, in its opinion, lacks the necessary instructions in order to fulfil this DPA the
Processor shall, without undue delay, notify the Controller thereof and wait for new correct instructions. The Processor has the right to, without liability, cease the processing during the time the Processor awaits the new correct instructions.

1.5 The Controller is responsible for complying with its obligations under Applicable Laws, for example having
obtained the necessary consents for the processing of Personal Data. The Controller is responsible for drafting the
privacy policy and informing the data subjects. The Controller is responsible for ensuring that the Personal Data
delivered to the Processor is accurate and up to date.

1.6 The Controller shall define the purpose and methods of the processing of Personal Data.

1.7 The Processor shall maintain a record of processing activities, where it is required to do so according to article 30 of the GDPR.

5 SUB-PROCESSORS

1.1 The Processor shall have the right to use Sub-processors for the processing of Personal Data provided that the Sub-processors are bound by the same commitments and obligations toward the Controller as the Processor, in accordance with this DPA. The Processor is fully liable toward the Controller for the Sub-processor’s actions and any failure by the Sub-processor to adhere to its data protection obligations when processing the Controller’s Personal Data.

1.2 The Processor shall inform the Controller beforehand of new Sub-processors the Processor intends to use in
processing the Personal Data pursuant to the Terms and this DPA. The Controller has the right to object to the use of
a new Sub-processor. The Controller shall notify the Processor of such objection within thirty (30) days of the
Processor’s notice to the Controller. If the Controller does not object within thirty (30) days of the Processor’s notice to
the Controller, the Controller shall be deemed to having accepted the use of the new Sub-processor.

1.3 In the event that opposition to such Sub-processor, in the Processor’s opinion, prevents effective provision of Processor’s services in accordance with the Terms, the Processor may terminate the Terms without penalty or liability, with thirty (30) days’ notice.

1.4 A list of Sub-processors deemed approved when this DPA is concluded is attached in annex 2. The Processor shall,
upon the Controller’s request, provide a copy of relevant parts of sub-processing agreements between the Processor
and the Sub-processor needed for the Processor to show compliance with its obligations under this DPA.

6 PROCESSING OF PERSONAL DATA OUTSIDE THE
EU/EEA

1.1 The Processor and its Sub-Processors may process personal data outside the EU/EEA area, provided that the Processor ensures that the transfer: is based upon an adequacy decision published by the European Commission, that Standard Contractual Clauses will apply to the
processing or that the processing is otherwise allowed under Applicable Laws.

6.1 If the transfer mechanism used to comply with

5.1 would be declared invalid or illegal by the European Court of Justice, the European Commission or any other competent EU institution or national court or authority, the Processor shall ensure that all processing of Personal Data outside the EU/EEA is based on another permitted transfer mechanism under Applicable Laws.

1.2 If the Standard Contractual Clauses are used as a transfer mechanism it is the responsibility of the Processor to independently determine which parts of the Standard Contractual Clauses that are relevant in the current situation.

1.3 To the extent the Processor enters into Standard Contractual Clauses with a Sub-Processor as Processor to Processor according to Module three of the Standard Contractual Clauses the Processor is liable to perform a risk assessment as stipulated under clause 14 I the Standard
Contractual Clauses and entering into this DPA the Controller confirms that the assessment that has been performed or is performed is sufficient and that the supplementary measures in place are deemed to be sufficient.

7 PROCESSOR’S OBLIGATION TO PROVIDE
ASSISTANCE

1.1 The Processor is obligated to, taking into account the nature of the processing of Personal Data and the data available, insofar as this is possible, assist the Controller in ensuring that the Controller complies with its legal obligations. The Processor is obligated to assist the
Controller only to the extent that Applicable Laws obliges the Processor to provide such assistance.

1.2 The Processor shall, taking into account the nature of the processing, by appropriate technical and organizational measures, insofar as this is possible, assist the Controller with its obligations to respond to requests from Data Subjects exercising their rights under Applicable Laws.

1.3 The Processor shall forward all inquiries made by data subjects, supervisory authorities, other authorities or a third party to the Controller and shall await further instructions from the Controller. Unless otherwise agreed, the Processor is not authorized to represent the Controller or act on behalf
of the Controller in relation to data subjects, supervisory authorities, other authorities or a third party.

1.4 Unless otherwise agreed, the Processor is entitled to reasonable compensation for assistance pursuant to section 6.

8 AUDIT

1.1 The Controller or an auditor authorized by the Controller and accepted by the Processor shall have the right to, upon thirty (30) days’ advance written notice to the Processor, verify that the Processor complies with this DPA, through review of the Processor’s policies, procedures and
documentation, solely as they relate to compliance with this DPA.

1.2 Such review (i) must be conducted during the Processor’s regular business hours so as not to cause disruption to the Processor’s business; (ii) may only be conducted by a party who is subject to a confidentiality agreement with Processor; (iii) must be performed in accordance with
Processor’s security requirements, and (iiii) shall be carried out in a way that does not impede the obligations of the Processor or its Sub-processors with regard to third parties.

1.3 The Controller shall be responsible for all costs associated with the audit, including the Processor’s internal expenses, unless the audit reveals a material breach by the Processor of its obligations under this DPA.

1.4 Processor shall allow for and contribute to inspections that the competent supervisory authority may require to ensure proper processing of Personal Data, as well as comply with any decisions of the competent supervisory authority regarding measures to comply with the security requirements under Applicable Laws.

9 DATA SECURITY

1.1 The Processor shall, in accordance with article 32 of the GDPR, implement the appropriate technical and
organizational measures to protect the Personal Data of the Controller, taking into account all the risks of processing.
When organizing the security measures, the available technology and the cost of implementation shall be assessed in relation to the special risks of the processing at hand and the sensitivity of the Personal Data processed.

9.1 The Controller hereby confirm that the security measures taken by the Processor are deemed as adequate and sufficient.

9.2 The Controller shall be obligated to ensure that the Processor is informed of all the circumstances concerning the Personal Data the Controller has delivered which can affect the technical and organizational measures that the Processor shall implement pursuant to this DPA.

9.3 The Processor shall ensure that the personnel of the Processor and the Sub-Processors that have access to Personal Data shall abide by the appropriate non-disclosure commitments.

10 PERSONAL DATA BREACHES

1.1 The Processor must notify the Controller without undue delay after receiving information of a personal data breach.

10.1 The Processor shall furthermore give the Controller all relevant information concerning the personal data breach Provided that the information in question is available to the Processor, the Processor shall describe at least the following to the Controller:
a) the occurred personal data breach,
b) insofar as is possible, the categories and number of Data Subjects and Personal Data affected by the personal data breach,
c) a description of the likely consequences caused by the data breach, and
d) if applicable, a description of the corrective measures that the Processor has implemented or shall implement in order to minimize the potential harmful effects of the personal data breach.

10.2 The Controller shall be responsible for the necessary communication with and notifications to the supervisory authorities.

11 LIMITATION OF LIABILITY

e) The Processor shall compensate the Controller for all direct damages or costs incurred by the Controller, to the extent the Processor’s fault or gross negligence of its obligations under this DPA has contributed to such damages or costs. The Processor’s liability shall however be subject to the same liabilities as are stated in the Terms.

12 DELETION OR RETURN OF PERSONAL DATA

1.1 After the completion of the processing on behalf of the Controller, or upon the Controller’s request, the Processor
shall, at the choice of the Controller, return or delete the Personal Data.

12.1 If a return cannot be made, The Processor shall either delete all Personal Data of the Controller entirely from the medium in which they are stored in such a way that they cannot be restored or ensure that the Personal Data is anonymized in such a way that it is not possible to recreate or connect them to an individual.

12.2 This section 11 shall not apply if further processing is
needed to fulfil legal obligations.

13 OTHER CONDITIONS

1.1 The Parties agree to amend and supplement the DPA to the extent required to comply with Applicable Laws, or, where necessary, in view of forthcoming case law or guidelines from supervisory authorities.

1.2 Changes to the DPA may be executed as stipulated in the Terms.

1.3 This DPA shall remain in force as long as the Terms is in force or the Parties have obligations concerning personal data processing activities towards one another.

1.4 This DPA shall be governed by Swedish law. Any dispute, controversy or claim arising out of or in connection with this contract, or the breach, termination or invalidity thereof, shall be solved in accordance with the dispute resolution provision stated in the Terms.

 

ANNEX 1

PROCESSING SPECIFICATION FORM

This table specifies the processing assignment that the Processor performs on behalf of the Controller in the manner provided for in the Terms and this DPA.

The processing shall concern the following services

The Processor is providing the Controller the use of an online self-service programmatic advertising platform, together with audience targeting, intelligent prospecting and interactive performance reporting of the Controller’s ad campaigns.

Nature and Purpose of the processing

Processing for the purpose of providing the service in accordance with the Terms and in accordance with the Controller’s instructions.

Geographical Location of Personal Data

  • The Processor processes personal data within the EU/EEA
  • For Sub-processors’ locations, see the Sub-processor list.

Categories of Data Subjects

  • Visitors of the Controller’s website.
  • Viewers of the Controller’s published ad.
  • Users of the Service (i.e. representatives of the Customers)

Categories of Personal Data

  • Identifiers: IP Addresses, data that could be used for device fingerprinting
  • Demographic information: location, IP addresses
  • Behavioral data: website browsing information, transaction data (e.g. online purchases), website registrations, inference about interests including product interests
  • Information provided during a customer support matter.
  • Information provided by the Controller for the Processor to use in providing its services.

Special categories of Personal Data

  • N/A

Duration of the processing

Processing will take place during the duration of the Terms, and for a limited period thereafter under this DPA. The Processor will cooperate with the Controller to determine the retention periods for the Personal Data of the Controller.

ANNEX 2

SUB-PROCESSORS

The following Sub-processors is used by the Processor for the processing of the Controller’s Personal Data.

Name of Sub-processor

Description of the service

Location

Amazon AWS

Hosting of data

USA

Xandr

Facilitation of actual or attempted purchase of ad inventory, the serving of ads, and the processing of data related to ads for analysis.

USA

Adyen

Payment services

The Netherlands

HubSpot

Sales CRM

USA

Bannersnack

Online app for making banner ads (inserted into the app/UI)

USA

Intercom

Сustomer messaging platform

USA

Campaign Monitor

E-mail marketing and automation service

USA

Billecta

System solution that automates the entire invoice flow – from creation of invoice to reconciliation of incoming payments and accounting, including any requirement

Sweden

Cloudflare

CDN

USA

E-Hawk

API (Signup fraud detection through)

USA

JetBrains

YouTrack, TeamCity, Hub, IntelliJ IDEA CE: tools are targeted towards software developers and project managers

Czech