Terms and Conditions <p>
<b>
<u>ADVERTISER
IO ADDENDUM TO STANDARD TERMS AND CONDITIONS FOR INTERNET ADVERTISING FOR MEDIA
BUYS ONE YEAR OR LESS</u>
</b>
</p>
<p>
<b>
<u> </u>
</b>
</p>
<p>The IAB/AAAA Standard Terms and
Conditions Version 3.0 (“IAB/AAAA Terms”) shall apply to the IO, except as set
forth in this Addendum. .
The specific subsections of the IAB/AAAA Terms
referenced below are replaced with the modified provisions contained below, and
the additional provisions contained below are added, where applicable.</p> III.  .
PAYMENT
AND PAYMENT LIABILITY d.  .
Return
Policy In order for any credit to be processed
by the Agency the Advertiser must supply, no later than seven (7) days upon
close of month any Deliverable that is considered non-viable as defined within
the IO.
All non-viable Deliverables submitted to the Agency must contain a
valid reason, as well as the associated subid, as defined within the Advertiser
IO.
Any Deliverables submitted to the Agency without a valid reason shall be
considered ineligible for a credit. .
With the exception of such non-viable leads,
all other leads/actions for which the postback has been fired by the
advertiser, must be paid for.
<b>V.  .
</b>
<b>CANCELLATION
AND TERMINATION</b> a.
 .
ii.  .
With two (2) business days’ prior
written notice to the Agency, without penalty, for any non-guaranteed
Deliverable, including, but not limited to, CPC Deliverables, CPL Deliverables,
or CPA Deliverables, as well as some non-guaranteed CPM Deliverables.
b.
 .
Either Media Company or Agency may
terminate an IO at any time if the other party is in material breach of its obligations hereunder, which breach is not
cured within 5 business days after receipt of written notice thereof from the
non-breaching party, except as otherwise stated in these Terms with regard to
specific breaches.
Additionally, if Agency or Advertiser breaches its
obligations by violating the same Policy three times (and such Policy was
provided to Agency or Advertiser) and receives timely notice of each such
breach, even if Agency or Advertiser cures such breaches, then Media Company
may terminate the IO or placements associated with such breach upon written
notice.
If Agency or Advertiser does not cure a violation of a Policy within
the applicable 5-day cure period after written notice, where such Policy had
been provided by Media Company to Agency, then Media Company may terminate the
IO and/or placements associated with such breach upon written notice.
 .
XIV.  .
MISCELLANEOUS d.  .
In the event of any
inconsistency between the terms of an IO and these Terms and Conditions, the
terms of the IO shall prevail.
Any dispute, claim or controversy arising out of
or relating to this IO (including these Terms and Conditions) or the breach,
termination, enforcement, interpretation or validity thereof, including the
determination of the scope or applicability of this agreement to arbitrate,
shall be determined by arbitration before a single arbitrator mutually agreed
upon by the parties, or ordered by a court of competent jurisdiction, if the
parties are unable to agree.
Judgment on the Award may be entered in any court
having jurisdiction.
This clause shall not preclude parties from seeking
provisional remedies in aid of arbitration from a court of appropriate
jurisdiction.
The arbitrator may, in the Award, allocate all or part of the
costs of the arbitration, including the fees of the arbitrator and the
reasonable attorneys’ fees of the prevailing party.
Each party agrees that it
may be served with process at its address set forth on the first page hereof.
All IOs shall be governed by the laws of the Province of Ontario, Canada.
If Advertiser
is the party initiating arbitration, the exclusive venue and jurisdiction shall
be Toronto, Ontario, Canada and the parties consent to the jurisdiction. .
If the
Agency (on behalf of itself and not Advertiser) or Media Company initiates arbitration
against the Advertiser the exclusive venue and jurisdiction shall be Toronto,
Ontario, Canada and the parties consent to the jurisdiction.
No modification of
these Terms and Conditions or any IO shall be binding unless in writing and
signed by both parties.
If any provision herein is held to be unenforceable,
the remaining provisions shall remain in full force and effect.
All rights and
remedies hereunder are cumulative.
<p> </p>
<p>XV.
 .
DATA
PROTECTION</p>
<p>For the
purposes of these terms ‘Applicable Data Protection Law’ shall mean: (a) any
applicable local implementing legislation of the Data Protection Directive.
(b)
from 25th May 2018, the General Data Protection Regulation ((EU) 2016/679
(“GDPR”), read in conjunction with and subject to any applicable UK national
legislation that provides for specifications or restrictions of the GDPR’s
rules.
(c) from the date of implementation, any applicable local legislation
that supersedes or replaces the GDPR in a country or territory or which applies
the operation of the GDPR as if the GDPR were part of any applicable local
legislation.
and (d) any other applicable data protection or privacy law of any
jurisdiction.
Advertiser and the Media Company agree to comply with the
relevant provisions of Applicable Data Protection Laws.
To the extent that any
party processes any personal data that is either Controlled (as defined in
Schedule 1) by another party in relation to this Agreement or Processed (as
defined in Schedule 1) by another party on behalf of a third party Controller,
it shall comply with the provisions contained in Schedule 1 of this Agreement.
Where relevant, both parties warrant and undertake that they have obtained and
shall obtain all necessary consents (in accordance with all applicable law,
including Applicable Data Protection Law) in relation to any Personal Data
Controlled by either party and Processed (each as defined in Schedule 1) in
accordance with this Agreement.</p>
<b>
<br>
</b>
<p>
<b> </b>
</p>
<p>
<b>SCHEDULE 1</b>
</p>
<p>
<b>  .
DATA
PROTECTION</b>
</p>
<p>
<b>  .
</b>
</p>
<p>1.1  .
In this Schedule the
following terms shall have the following meanings:</p>
<p>
<b>“Controller”</b> shall have the same meaning as set out in
Applicable Data Protection Law;</p>
<p>
<b>“Data Subject(s)”</b> shall have the same meaning as set out in
Applicable Data Protection Law;</p>
<p>
<b>“European Economic
Area, EEA” </b>means the member
states of the European Union from time to time plus additional states that are
party to the EEA Agreement from time to time;</p>
<p>
<b>“Personal Data”</b> shall have the same meaning as set out in
Applicable Data Protection Law;</p>
<p>
<b>“Personnel” </b>shall mean any staff (including temporary,
casual and unpaid workers) and sub-contractors employed or appointed by the
Processor;</p>
<p>
<b>“Processing”</b> shall have the same meaning as set out in
Applicable Data Protection Law and other parts of the verb “to process” shall
be construed accordingly;</p>
<p>
<b>“Processor”</b> shall have the same meaning as set out in
Applicable Data Protection Law.</p>
<p>1.2  .
For the purposes of this
Schedule the parties agree either Advertiser or Media Company may be the
Controller or the Processor under this Agreement.</p>
<p>1.3  .
Where the Processor Processes
Personal Data on behalf of the Controller, the Processor shall:</p>
<p>1.3.1  .
process the Personal Data
only in accordance with the documented instructions of the Controller;</p>
<p>1.3.2  .
implement appropriate
technical and organisational measures to protect the Personal Data against
unauthorised or unlawful Processing and against accidental loss, destruction,
damage, alteration or disclosure.
These measures shall be appropriate to the
harm and risk which might result from any unauthorised or unlawful Processing,
accidental loss, destruction or damage to the Personal Data and having regard
to the nature of the Personal Data which is to be protected;</p>
<p>1.3.3  .
only employ or appoint
Personnel to Process the Personal Data who have given binding undertakings of
confidentiality;</p>
<p>1.3.4  .
not transfer Personal Data
outside of the EEA without the prior written consent of the Controller and
(where the Controller consents to such transfer) covenant that the transfer
shall be made in such a way as to ensure that the level of protection offered
to natural persons by Applicable Data Protection Law is not undermined, which
may, at Controller’s election, involve the parties entering into standard
contractual clauses as approved pursuant to ‘Commission Decision of 5 February
2010 on standard contractual clauses for the transfer of personal data to
processors established in third countries’ (or any applicable superseding
clauses);</p>
<p>1.3.5  .
comply with any obligations
placed on it under Applicable Data Protection Law;</p>
<p>1.3.6  .
obtain prior written consent
from the Controller in order to transfer the Personal Data to any third parties
and where the Controller consents, the Processor shall:</p>
<p>(a)  .
ensure that the third
parties are subject to, and contractually bound by, at least the same
obligations as the Processor under this paragraph 1.3;</p>
<p>(b)  .
provide to the Controller
copies of any documentation to demonstrate compliance with the obligations
under this paragraph 1.3; and</p>
<p>(c)  .
remain fully liable to the
Controller for all acts and omissions of any .
third parties;</p>
<p>1.3.7  .
immediately alert and inform
the Controller of a Personal Data breach (including, but not limited to, any
unauthorised or unlawful Processing, loss of, damage to or destruction of the
Personal Data) suffered by the Processor or third parties to which Personal
Data has been transferred (“<b>Personal Data Breach</b>”) and provide all
necessary co-operation and assistance to enable the Controller to comply with
its obligations under Applicable Data Protection Law;</p>
<p>1.3.8  .
permit, or procure
permission for, the Controller (subject to reasonable and appropriate
confidentiality undertakings), to inspect and audit the Processor’s data
Processing activities (and/or those of its agents, sub-contractors, Affiliates
and third parties) and comply with all reasonable requests for information or
directions by the Controller to enable the Controller to verify and/or procure
that the Processor is in full compliance with its obligations under this
Agreement;</p>
<p>1.3.9  .
immediately notify the
Controller if it receives a request from or on behalf of a Data Subject to have
access to that person’s Personal Data or to exercise any of their other rights
under Applicable Data Protection Law (a “<b>Data Related Request</b>”);</p>
<p>1.3.10  .
not respond to any Data
Related Request without the prior written consent of the Controller and shall
provide the Controller with full co-operation and assistance in relation to a
Data Related Request, including by:</p>
<p>(a)  .
providing the Controller
with full details of the Data Related Request;</p>
<p>(b)  .
assisting the Controller to
comply with a Data Related Request (within any relevant timescales required by
applicable law, including Applicable Data Protection Law and in accordance with
the Controller’s instructions;</p>
<p>(c)  .
providing the Controller
with any Personal Data it holds in relation to an individual.
and</p>
<p>(d)  .
providing the Controller
with any other relevant information requested by the Controller;</p>
<p>1.3.11  .
unless applicable law
requires otherwise, upon termination of this Agreement:</p>
<p>(a)  .
at the option of the
Controller comply or procure the compliance with the following:</p>
<p>(i)  .
return to the Controller all
Personal Data and any other information provided by the Controller to the
Processor; and/or</p>
<p>(ii)  .
delete all Personal Data
provided by the Controller to the Processor permanently, safely and securely
and provide the Controller with a certificate of destruction.
and</p>
<p>(b)  .
cease to process the
Personal Data;</p>
<p>1.3.12  .
where the laws of the
country where the Processor is established require the Processor to transfer
the Personal Data to a third country or an international organisation, inform
the Controller as soon as reasonably possible of that legal requirement unless
that law prohibits such communication on important grounds of public interest.</p>
<p>1.4  .
The nature/purpose of the
Processing under this Agreement is: to enable the Controller to carry out its
obligations under the Agreement.</p>
<p>1.5  .
The duration of the
Processing under this Agreement will be for the term of this Agreement or as
otherwise required by applicable law.</p>
<p>1.6  .
The types of Personal Data
which may be subject to Processing under this Agreement may concern employees,
consultants, subcontractors or customers of each party.</p>
<p> </p>