LastUpdatedonJanuary1,2021,GENERALDATAPROTECTIONREGULATIONADDENDUMTOTHEAGREEMENT,(IndependentController–DataSharingTerms),By using the Services, Supplier Technology, and/or entering into any Order Form, Company agrees to the ,Supplier General Data Protection Regulation Addendum to the Agreement (the “C2CDataSharing,Addendum”). Supplier and Company are each a “Party” and collectively the “Parties.”,This C2C Addendum is an integral part of the Agreement. Any words or terms nototherwise defined in ,this Addendum have the same meaning as in the Agreement. In the event of a conflict between ,definitions in the Agreement and this Addendum, the definitions within this Addendum control.,1)Definitions.,(a) “Personal Data,” “Process/Processing,” “Controller,” “Processor,” “Data Subject” and “Supervisory ,Authority” shall have the same meanings given to them in the Regulation.,(b) “Data Protection Law(s)” means the Directive, the Regulation, any successors thereto, and any other ,data protection law applicable to Personal Data under the Agreement or this Addendum. “Directive” ,means the Directive 95/46/EC of the European Parliament and of the Council (Personal Data Directive) ,and “Regulation” means Regulation (EU) 2016/679 of the European Parliament and the Council (General ,Data Protection Regulation).,(c) “European Territories” means together the European Economic Area (‘EEA”), United Kingdom ,(including its overseas territories and Crown dependencies where applicable following Brexit), and ,Switzerland.,(d) “Independent Controller Data” means Personal Data gathered, received, shared and used under the ,Agreement by each of the parties as separate and independent Controllers.,(e) “Supplier” means the following Rakuten Marketing entities: RakutenMarketing LLC dba Rakuten ,Advertising organized and existing under the laws of Delaware, USA successor to LinkShare Corporation ,(“RM United States”), Rakuten Marketing Europe Limited successor to LinkShare Limited (“RM Europe”), ,Rakuten Marketing Australia Pty Limited successor to LinkShare Australia Pty Ltd (“RM Australia”), or ,Rakuten Brazil Holdings, LLC successor to LinkShare Brazil Holdings, LLC (“RM Brazil”).,(f) “Supplier Group” means the international group of companies whose overall parent entity is Rakuten, ,Inc. registered at Rakuten Crimson House, 1-14-1 Tamagawa Setagaya-ku, Tokyo 158-0094, Japan.,2)RoleoftheParties.,The Parties agree that they are each independent Controllers of all Independent Controller Data. In no ,event shall the Partiesbe deemed joint Controllers. Details of the types of Personal Data, categories of ,Data Subjects, the nature and purposes of the Independent Controller Data are set forth on Schedule 1 of ,this C2C Addendum.,3)Obligations.,Each Party shall use the Independent Controller Data in accordance with the Data Protection Laws and ,will individually and separately fulfill all obligations that apply to it as a Controller under the Data ,Protection Laws.,a. Each Party’s obligations regarding the Independent Controller Data includes without limitation:,(i) implementing appropriate technical and organizational measures to protect Independent Controller ,Data and to ensure the processing of Independent Controller Data is in accordance with the Regulation;,(ii) identifying and establishing its independent and legal basis for processing the Independent Controller ,Data. and,(iii) fulfilling transparency requirements regarding its use of Independent Controller Data.,b. If either Party receives any correspondence, inquiry or complaint from a Data Subject or Supervisory ,Authority (“Inquiry”) related to the use of Personal Data under the Agreement or the processing of ,Personal Data by the other Party, it will promptly inform the other Party and provide full details of the ,Inquiry. The Parties shall cooperate in good faith to timely respond to the Inquiry in accordance with ,requirements under the applicable Data Protection Laws.,4)RequestingConsent:,The parties will work together in good faith, as independent Controllers of PersonalData in accordance ,with the principles of lawfulness, fairness and transparency in relation to the fundamental rights of Data ,Subjects. As Supplier does not have a direct relationship with any Data Subject visiting the Company ,Sites or viewing ads delivered through the Services, in order to be provided with and receive the ,Services, Company will: (i) implement and maintain lawfully compliant industry standard consent ,management technologies on the Company Sites to include opt-in and opt-out consent choicesto be ,provided to their end users (Data Subjects) either by (a) a Consent Management Platform (“CMP”) ,registered and listed athttps://iabeurope.eu/cmp-list/) in accordance with requirements of the Interactive ,Advertising Bureau EU Transparency and Consent Framework (iabeurope.eu), or (b) an alternative or ,complimentary consent solution. AND (ii) will send end users’ consent signals to Supplier, in a format that ,complies with technical guidelines to be made available to Company by Supplier. Supplier will provide ,reasonable assistance to Company to support Company’s efforts to comply with its consent gathering ,obligations under this section.,5)InternationalDataTransfers.,The Parties hereby acknowledge and agree that in providing the Services, conducting the Actions and ,otherwise fulfilling Order Forms, Personal Data may be transferred from European Territories to the ,United States or other territory(ies) whose level of protectionfor Personal Data differs from that of the ,European Territories. Supplier shall transfer Personal Data outside of the European Territories to the ,Supplier Group under its parent company’s Binding Corporate Rules which Supplier and the Supplier ,Group have adapted (“Supplier BCRs”).,6)Survival.,This C2C Addendum shall survive termination or expiration of the Agreement. Upon termination or ,expiration of the Agreement, Supplier may continue to process Independent Controller Data provided that ,such use complies the requirements of this C2C Addendum and under the Regulation.,SCHEDULE1,(IndependentController–DataSharingTerms),Thesubject-matterofthesharedpersonaldatainvolves the online and offline behaviourof end users ,as they interact with advertisements promoted through Supplier.,Thedurationofretentionofsharedpersonaldatawill be:,ForDisplay:twelve(12)monthsfromthelasttimeanenduserinteractswithourservices,and,For Affiliate: up to 49 months for reporting/tracking activities.,Thenatureandpurposeofsharedpersonaldatais for commercial purposes including: to trace end ,users from a Company’s Site to an advertiser platform to process commissions, to serve personalized ,advertisements to end users, to analyse and create online behavioural advertising, and to prevent fraud.,Thetypesofsharedpersonaldatainvolvedareonline identifiers from end users’ device(s), identifiers ,created by Supplier, Company’s and customers within the Supplier advertising ecosystem.,Thecategoriesofdatasubjectsareend users who visit Company’s, publishers’ and advertisers’ ,websites and other internet and mobile enabled platforms owned or controlled by Company, publishers ,and advertisers within the Supplier advertising ecosystem.





Comments:
On 2021-05-03 18:42:41 UTC, Agnes_de_Lion (20760) Staff wrote:

Document has been crawled
Old length: 0 CRC 0
New length: 7264 CRC 1615207485