This Data Protection Agreement (“Agreement“) is made between Jeeng’s counterparty (“Partner“) and PowerInbox Inc. (d/b/a “Jeeng“) (each a “Party” and together the “Parties“) as may be required under Data Privacy Laws. This Agreement is hereby annexed to the Terms by and between the Parties and governs matters of data protection between the Parties and will remain in force for the duration of the Terms.
- “Data Privacy Laws” mean any applicable laws protecting the privacy of individual persons with respect to the processing of their Personal Data, including, but not limited to, Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (Cal. Civ. Code §1798, as amended) (“CCPA”).
- “Personal Data” means any information relating to an identified or identifiable natural person, including without limitation any data which is defined under the Data Privacy Laws as personal or private, provided by Partner.
- “User” means the individual whose Personal data is being processed, as part of the data sharing between the Parties.
- Role of Parties:
In the provision of services outlined under the Controller column in Section 9 below, each Party is an independent Controller, as defined in GDPR and a “Business” as defined in CCPA, of the User’s Personal Data, and is solely responsible for complying with any applicable Data Privacy Laws, including but not limited to the duties of transparency, providing information, privacy notice and third-party sharing disclosures, User’s rights, breach reporting etc.
2.1. When Partner uses the services as outlined in Section 9 below under Processor column, Jeeng will process personal data on behalf of Partner and will be a Processor under GDPR and a Service Provider under CCPA. In this context, Partner will be a Controller under GDPR and a Business under CCPA. In this case sections 2.1-2.8 shall apply: Processor processes personal data on behalf of Controller. Processor will process Personal Data only pursuant to the Terms and to fulfill it, and in accordance with Controller’s documented instructions in the Terms or otherwise, unless processing is required by law to which it is subject.
2.2. Processor’s personnel engaged in processing Personal Data are and will remain contractually committed to confidentiality, will Process Controller’s data only as instructed and according to the Terms, and will preserve the security of the data as described herein. Parties take industry appropriate technical and organizational measures to ensure the security of Processing. Processor will only engage sub-processors with a written contract at least as protective of Controller’s data as this Agreement.
2.3. Processor will reasonably assist Controller in responding to requests for exercising Data Subjects’ rights. Processor will likewise reasonably endeavor to assist Controller with its obligations pursuant to articles 32-36 of GDPR, including data security, data protection impact assessments, and breach notifications. Processor will immediately inform Controller and Controller’s DPO if it is asked to do something infringing the GDPR or other data protection law.
2.4. Processor will delete or return, at Controller’s choice, any Personal Data where so instructed by Controller, unless retention is required by Applicable Laws.
2.5. Processor will make available all information necessary, and reasonably available to demonstrate compliance with GDPR obligations under section 28 and 32. Processor will allow for and contribute at Controller’s expense to audits and inspection in this regard. Audits will be at times agreed between the parties, without interfering with Processor’s day to day business, and not more than once per annum.
2.6. Processor may process the following types and categories of Personal Data for Controller:
a. Types of data: IP addresses and email addresses.
b. Categories of data subjects: Users and subscribers of Controller.
2.7. In the event that CCPA applies to one or both parties, capitalized terms in this paragraph, unless defined above, will have the meaning defined in the CCPA.
c. The Business discloses consumers’ personal information for a business purpose of fulfilling the Terms and this Data Protection Agreement (the “Purpose”).
d. The Service Provider agrees that: (i) it will not sell the personal information; and (ii) it will not retain, use, or disclose the personal information for any purpose other than the Purpose; and (iii) it will not retain, use or disclose the information outside of the direct business relationship between the Service Provider and the Business.
e. In the event that the Business receives a verifiable consumer request from a consumer to delete the consumer’s personal information, the Business shall direct the Service Provider to delete the consumer’s personal information from their records and the Service Provider hereby agrees to do so.
f. The Service Provider acknowledges and warrants that it understands the rules, restrictions, requirements and definitions of the CCPA and agrees to refrain from taking any action that would cause any transfers of personal information to or from the Service Provider, or to or from any of the Service Provider’s Personnel or Sub-Processors, to qualify as selling or sharing personal information under the CCPA.
2.8 Obligations of Controller: Controller shall implement appropriate technical and organizational measures to ensure, and to be able to demonstrate, that processing is performed in accordance with GDPR and/or CCPA.
- Lawful Basis: Partner represents that (a) it has the legal right, including as applicable – the consent required or other legal basis under Data Protection Laws, as well as all federal and state laws, regulations and rules to permit Jeeng to process the Personal Data freely as contemplated herein and (b) that it has obtained the Users consent and/or has provided notice to the Users, as required under applicable law, that their Personal Data will be disclosed to and processed by Jeeng as a separate and independent Controller.
- Without derogating from the generality of the aforementioned, to the extent Partner sends any type of notifications, emails or other communications to a user (“User Communication”), Partner hereby represents that it will meet all relevant federal and state laws, regulations and rules including, but not limited to the CAN-SPAM Act of 2003, as amended and the Children’s Online Privacy Protection Act of 1998 (collectively, “CAN-SPAM”). Each Party shall maintain a suppression list containing the email addresses of individuals and/or entities that have opted-out from receiving subsequent email marketing from that party, as required by CAN-SPAM. In this respect, the following shall also apply to User Communication:
- Partner shall not falsify header and transmission information (including, without limitation, source, destination and routing information).
- Partner shall not use any “Subject” or “From” line that is false or misleading, including, but not limited to, claims falsely suggesting a prior relationship or that a recipient has “won” something.
- Partner shall not seek or obtain unauthorized access to computers for the purpose of sending any commercial email or utilize open relays in any way.
- Partner shall include within all communications: (a) such Partner’s correct point-of-origin, transmission information and routing information; (b) clear, prominent opt-out instructions in the first line of the text, if required by applicable law; (c) a toll-free telephone number or valid email address at which recipient may contact such Partner to file complaints and/or opt-out; (d) Partner’s physical address and/or Partner-designate opt-out information; and (e) a functioning “unsubscribe” link which, when activated by user, actually and permanently removes the user from such Partner’s database. All opt-out requests must be honored.
Partner hereby authorizes Jeeng to engage in Repurposing using Collected Personal Data, as those terms are defined in IAB Terms. The parties hereby change Section XII d. i. of the IAB 3.0 in accordance to this Agreement.
At Jeeng’ request Partner shall describe with signed attestations how Partner gave notice to the Data Subject in accordance with applicable Data Protection Laws and include an example of such notice.
- The portion of the Personal Data supplied to Jeeng will not knowingly be (i) sensitive Personal Data or special categories of data as defined under Data Privacy Laws; or (ii) inaccurate or outdated. In addition: (iii) the portion of the Personal Data supplied to Jeeng will not contain any email address for which Partner has received an opt-out or unsubscribe request; (iv) the Personal Data supplied to Jeeng will have been obtained, collected and compiled without employing email address harvesting, dictionary attacks and/or any other unfair, deceptive or illegal act and/or practice; and (v) Partner has not previously and will not hereafter grant any rights to any third party that are in conflict with any of the rights granted to Jeeng. In any case in which Partner collects Personal Data from a mobile application, it will comply with industry standard practices and all applicable laws and will comply with applicable mobile advertising opt-outs
- Data Subject Rights: Partner is solely responsible for executing User’s rights under applicable Data Privacy Laws. Jeeng will be responsible for executing data subject requests by allowing: opt-out of personalization, access or deletion. Each Party is committed reasonably assist each other, as relevant, in responding to requests for exercising Data Subjects’ rights pursuant to any applicable Data Privacy Laws.
- Confidentiality: Parties’ personnel engaged in processing Personal Data are and will remain committed to confidentiality, including by signing on confidentiality undertakings.
- Data Security: Parties take industry appropriate technical and organizational measures to ensure the security of Processing. Partner will provide annual confirmation of the validity of its undertakings hereunder, including also with respect to data security.
- Partner shall provide its Data Protection Officer information (if applicable) upon request from Jeeng.
- Jeeng’s data protection officer is available at: email@example.com.
|Jeeng acts as a Controller||Jeeng acts as a Processor|
|AdFill (except for Apple News)||AdServe|
|AdFill for Apple News|