MEDIAMATH USER POLICY
Your use of any services (“Services”) provided by MediaMath, Inc. (“MediaMath”, “we”, “us”) is subject to the following policies (“Policies”). We reserve the right to change or modify any portion of these Policies at any time without notice. Please periodically visit this page to review the current Policies so you are aware of any revisions to which you are bound.
- Your use of the Services must comply with all applicable laws, regulations, and self-regulatory group guidelines, including but not limited to, the Network Advertising Initiative (“NAI”) 2015 Code of Conduct, the NAI 2015 Mobile Code of Conduct, the Digital Advertising Alliance (“DAA”)’s Self-Regulatory Principles for Online Behavioral Advertising and Application of Self-Regulatory Principles to the Mobile Environment (“DAA Principles”), the DAA’s Application of the Self-Regulatory Principles of Transparency and Control to Data Used Across Devices, the Interactive Advertising Bureau (“IAB”) Europe EU Framework for Online Behavioral Advertising, the Australian Digital Advertising Alliance’s (“ADAA”) Best Practice Guideline for Online Behavioural Advertising, and the Asia-Pacific Economic Cooperation (“APEC”) Privacy Framework, regardless of your membership status with any of these organizations.
- Your use of the Services must comply with all applicable requirements and guidelines provided by the exchanges or media supply sources from which you purchase media inventory through the Services. For examples of such polices, please visit the Knowledge Base.
MediaMath Creative Policy
The following categories of Creative are prohibited when using the Services. “Creative” refers to ad units, landing pages, or any other content related to or used in connection with the serving of ads using the Services.
|Category||Description and Examples|
|Ad Fraud||Creative associated with any activity designed to sell advertising under fraudulent pretenses, including but not limited to non-human traffic, tag hijacking, hidden ads, domain spoofing, cookie stuffing, generating fake impressions or clicks, misrepresenting advertiser characteristics (such as the landing page URL, advertiser vertical, etc.), reselling of ads under false pretenses, (e.g., misrepresenting the publisher or the type of ad unit), etc.|
|Auto-audio||Creative that automatically initiates audio without the user’s explicit engagement or action|
|Auto-downloads||Creative that contains, or provides access to any files that execute or download software without intentional user interaction. Clicking on an ad must also not initiate a download of any type of file.|
|Auto-redirects||Creative that automatically redirects a user to other sites or applications, without the user’s explicit engagement or action.|
|Deceptive or Misleading||Creative that attempts to trick or deceive a user into taking some action (e.g., “click bait” Creative, Creative that resemble user interface elements, Creative that displays fake errors or warnings, such as warnings about viruses, missing codecs, or corrupt disks, etc.) or markets false or unrealistic promises such as extreme weight loss, anti-aging, etc.|
|Defamation||Creative that depicts, contains, or provides access to material that is damaging to the reputation of another.|
|Delayed Load||Creative consistently taking more than two seconds to initiate the user ad experience.|
|Government Forms or Services||Creative that depicts, contains, or provides access to offers that charge for government forms or services that are available for a lesser charge or free from the government.|
|Hate Speech||Creative that depicts, contains, or provides access to content that incites violence or prejudicial action towards a protected individual or group; or content that disparages or intimidates a protected individual or group.|
|Illegal||Creative that is, or that MediaMath reasonably believes is, likely to be in violation of any applicable law, regulation or court order.|
|Illegal Drugs||Creative featuring or promoting the sale of illegal drugs, pharmaceuticals, or drug paraphernalia. As marijuana remains illegal under United States federal law, this Creative Policy prohibits creative featuring or promoting the sale of marijuana even in those states where marijuana use is permitted under state law.|
|Implied Knowledge||Creative that implies knowledge of personally identifiable information or any of the following sensitive characteristics about the user to whom the Ad was targeted:
For example, an Ad may not state “Explore your Jewish heritage” because this implies knowledge of the user’s religion. An Ad stating “Learn about Judaism” would be allowed. Similarly, an Ad for coffee may be delivered when a consumer is near a coffee shop, but the Ad may not state “Coffee is just a few steps away” because this implies knowledge of the user’s precise location at that moment.
|Interferes with User Navigation||Creative that disrupts the user’s ability to navigate their experience, e.g., by preventing a user from leaving a page by opening modal dialogs or pop-up windows.|
|Interferes with Another Party’s Content||Creative that obscures, replaces, or modifies another party’s ads or content.|
|Invalid or Improper Classification||Creative that is improperly classified with respect to its characteristics, including:
|Lost Video Impression Opportunities||Video creatives where an auction is won but the impression does not serve / creative does not load (e.g., because the VAST is blank or the ad server opts out after winning the impression).|
|Malware||Creative that contains, installs, links to, or prompts the download of any malware, Trojan horse, virus, or any other malicious code.|
|Morally Reprehensible||Creative that MediaMath reasonably deems to be morally reprehensible or patently offensive, and without redeeming social value.|
|Phishing||Creative designed to obtain information from a user under false pretenses (e.g., attempting to extract financial information by posing as a legitimate company, etc.).|
|Piracy||Creative that MediaMath reasonably believes (a) contains content that does, or is likely to, infringe or misappropriate a copyright, trademark, trade secret, or patent of a third party or (b) promotes or induces infringement or misappropriation of a copyright, trademark, trade secret, or patent of a third party.|
|Pornography||Creative that depicts, contains or provides access to pornography, nudity, obscenity, and other adult or risqué material.|
|Reselling||Creative involved in any transaction in which the buyer of an impression triggers a subsequent external auction or creative where the original restrictions and constraints of the seller/publisher are not respected (e.g., buying a display creative and reselling as video creative).|
|Violence||Creative that depicts, contains, or provides access to violent content or content that glorifies human suffering, death, self-harm, violence against animals, or contains graphic or violent images.|
|Weapons||Creative that features the sale of, or instructions to create, bombs, guns, firearms, ammunition or other weapons.|
The following categories of Creative are restricted when using the Services:
|Downloads||Where Creative links directly or indirectly to a site that contain software, the software must:
MediaMath Pixeling Policy
The following policies apply to your placement of MediaMath pixels on digital properties, including on Web sites, in emails, and in mobile applications (“Digital Properties”).
|General Requirements||1. You may place MediaMath pixels only on those Digital Properties for which you have the necessary rights and authorizations to do so.
2. Where data is collected by a third party from your Digital Properties for Interest-Based Advertising (“IBA”), Cross-App Advertising (“CAA”), or Retargeting (“Retargeting”), you must provide notice of this data collection and the choices available to users. IBA refers to the collection of data across web domains owned and operated by different entities for the purpose of delivering Ads based on preferences or interests known or inferred from the data collected. CAA refers to the collection of data through applications owned or operated by different entities on a particular device for the purpose of delivering Ads based on preferences or interests known or inferred from the data collected. Retargeting is the practice of collecting data about a user’s activity on one Digital Property for the purpose of delivering an ad based on that data on a different, unaffiliated Digital Property.
3. Consistent with the DAA Principles, you may not place MediaMath pixels in toolbars or other locations such that data may be collected from all or substantially all URLs traversed by a web browser across Web sites or all or substantially all applications on a device for IBA, CAA, or Retargeting without MediaMath’s prior review and approval of your consent mechanism. Clients interested in having MediaMath review such a mechanism should reach out to their MediaMath account manager.
|Children||MediaMath pixels may not be placed on Digital Properties directed at Children (“Child-Directed Digital Properties”).|
|Sensitive Health Conditions||MediaMath pixels may not be placed on Digital Properties related to sensitive health conditions for IBA, CAA, or Retargeting purposes without the user’s specific opt-in consent. MediaMath must review and approve your consent mechanism before you may place MediaMath pixels for such purposes.
Clients may place MediaMath pixels on Digital Properties related to sensitive health conditions for other purposes, such as Ad Delivery and Reporting (“ADR”) without the user’s opt-in consent. ADR is separate and distinct from IBA, CAA, and Retargeting and refers to the collection of data from a computer or device to (i) facilitate the delivery of an ad, or (ii) provide advertising-related services that are not tied the end user’s known or inferred interests (e.g., frequency capping).
For more information on what constitutes a sensitive health condition, please see MediaMath’s Targeting Policy below.
MediaMath Targeting Policy
The following policies apply to your targeting of ad units (“Ads”) to users through the Services. The policies listed below apply whether you are targeting users based on data collected from Digital Properties (IBA, CAA, or Retargeting) or through data collected about the user offline (“User-Matched Ads”).
|General Requirements||1. You must provide notice of IBA, CAA, and Retargeting data collection and use practices, and the choices available to users, in or around Ads that are informed by IBA (“IBA Ads”), CAA (“CAA Ads”), or Retargeting (“Retargeting Ads”). You can meet your notice and choice obligations by placing the AdChoices Icon on each such Ad you serve using the Services. MediaMath will add the AdChoices icon on behalf of any client who does not opt out of this service and provide written confirmation of their compliance via an alternate mechanism. A small fee will apply.|
|Alcohol||Ads that promote alcohol or alcoholic beverages are restricted by region and may only be targeted to users that (i) reside in a jurisdiction where alcohol advertising is permitted, and (ii) are of the legal age to purchase alcohol within that jurisdiction. Alcohol-related Ads must not be designed, or appear to be designed, to appeal to underage purchasers.|
|Buying Power||You may not target Ads on the basis of negative aspects of that user’s financial status. Examples of prohibited practices include targeting:
You are also not permitted to use data collected from IBA, CAA, or Retargeting to determine a user’s credit eligibility.
|Children||In connection with your use of the Service, you may not:
|Criminal Actions||You may not target Ads on the basis of knowledge or inference of the user’s commission or alleged commission of any crime, such as information indicating that a user has a criminal record.|
|Gambling||For purposes of this Targeting Policy, a gambling-related Ad (“Gambling Ad”) means the following:
Gambling Ads may be targeted to users in jurisdictions where such Ads are not prohibited so long as you comply with the following requirements:
|Health||Health-related advertising (advertising health-related products and services or targeting advertisements based on health-related data) is highly regulated by government and industry. Given the large number of jurisdictions in which MediaMath operates and the myriad of health products and services that exist, it is beyond the scope of this Targeting Policy to define on a jurisdiction-by-jurisdiction basis what constitutes acceptable health advertising. Rather, the guidelines below should be considered a US baseline for use of the Services, with other jurisdictions generally being more restrictive. In particular, please note that under the IAB Europe EU Framework for Online Behavioral Advertising, a company “seeking to create or use such OBA segments relying on use of sensitive personal data as defined under Article 8.1 of Directive 95/46/EC will obtain a web user’s Explicit Consent, in accordance with applicable law, prior to engaging in OBA using that information.” As always, clients assume all responsibility for ensuring their advertising is legal in all jurisdictions and acceptable on all exchanges where they intend to advertise.
You may not target IBA, CAA, Retargeting, or User-Matched Ads to users on the basis of sensitive health information (“Sensitive Health Data”) without their specific opt-in consent. MediaMath must review and approve your consent mechanism before you may target such Ads to those users on the basis of Sensitive Health Data. Per the NAI Code, Sensitive Health Data includes: (i) information about any past, present, or potential future health or medical conditions or treatments, including genetic, genomic, and family medical history, based on, obtained, or derived from pharmaceutical prescriptions or medical records, or similar health or medical sources that provide actual knowledge of a condition or treatment (the source is sensitive) and (ii) information, including inferences, about sensitive health or medical conditions or treatments (the condition or treatment is sensitive regardless of the source). The relevant factors in determining whether a health condition is sensitive include:
Examples of sensitive health conditions include:
You may target IBA, CAA, Retargeting, or User-Matched Ads to users on the basis of their known or inferred interest in a non-sensitive health condition. Per the NAI Code, examples of non-sensitive health conditions include:
You may target IBA, CAA, Retargeting, or User-Matched Ads concerning all health conditions to users on the basis of demographic data (e.g., age, gender).
You may also serve Contextual Ads concerning all health conditions. Contextual Ads are Ads that are targeted on the basis of the content of the digital property the user is currently visiting.
If you are unsure of whether a particular health condition or treatment is sensitive, contact your MediaMath account representative before targeting users on the basis of their interest in that condition or treatment.
MediaMath clients may not serve ads in any jurisdictions where sanctions imposed by the US Office of Foreign Assets Control (OFAC) would prohibit such advertising. At the time of the publication of this Targeting Policy, that list, which OFAC may update from time to time, includes:
Consistent with the NAI Code, you are permitted to target Ads based on the precise location of the device at the time the Ad is served (“geofence”) so long as you do not store the precise location once the ad is served or delivered. Such geofencing may not target:
The above limitations do not apply to more general targeting that includes sensitive locations by nature of its breadth. For example, clients may target New York City, even though there are sensitive health facilities in New York City.
MediaMath reserves the right to require a client to broaden or discontinue its targeting if MediaMath in its sole discretion determines that the targeting may create a negative user experience or is otherwise inappropriate.
Targeting Ads Based on Historic Precise Location Data
For jurisdictions outside the US, you must contact your MediaMath representative before serving IBA, CAA, Retargeting, or User-Matched Ads on the basis of Precise Location Data.
|Political Affiliation or Beliefs||For the purposes of this Targeting Policy, Ads related to a user’s political affiliation or beliefs (“User-Targeted Political Ads”) shall include IBA, CAA, Retargeting, or User-Matched Ads that promote: (i) political figures, opinions, or issues, such as Digital Properties for political candidates, (ii) political groups, (iii) political cause awareness, (iv) advocacy groups, or (v) union memberships.
You may not target User-Targeted Political Ads to users that reside in the European Union. You must contact your MediaMath representative before serving User-Targeted Political Ads to users that reside in other non-US jurisdictions.
User-Targeted Political Ads are generally permissible in the US. MediaMath reserves the right to limit or prohibit User-Targeted Political Ads involving particularly sensitive issues (e.g., abortion, sexual orientation, etc.). MediaMath reserves the right to review, request modifications to, or reject any User-Targeted Political Ad at its sole discretion. However, such discretion will not be exercised with the intent to favor or disfavor any particular candidate or political party.
|Race & Ethnicity||In the US, you may serve IBA, CAA, Retargeting, or User-Matched Ads to users on the basis of their known or inferred race or ethnic origin.
In the European Union, you may not serve such Ads to users.
|Religion||In the US, you may serve IBA, CAA, Retargeting, or User-Matched Ads to users on the basis of their known or inferred religion or religious beliefs.
In the European Union, you may not serve such Ads to users.
|Sexual Orientation||You are not permitted to target IBA, CAA, Retargeting, or User-Matched Ads to users based on their known or inferred sexual orientation, including indirect inference (e.g., donation to LGBT advocacy groups), without their specific opt-in consent. MediaMath must review and approve your consent mechanism before you may target such Ads. Clients interested in having MediaMath review such a mechanism should reach out to their MediaMath account manager.|
Thank you for your interest in the MediaMath Beta Program. Participation in a Beta Program is voluntary and allows you to test and provide feedback on developing/pre-release features, products, and services which shall be designated as “beta” (the “Beta Services”). Participation in the Beta Program includes early access to beta product functionality, the opportunity to gain knowledge of performance impact and develop best practices ahead of others and the ability to influence the early development and direction of a product. By accessing or using Beta Services, you agree to be bound all of the terms and conditions described in this Beta Policy and to actively engage in the testing and feedback process.
NO OBLIGATIONS: You acknowledge and agree that a Beta Service may contain features that will be altered in the final release of the same or similar Service and that availability of any Beta Services during the course of a Beta Program shall not create any obligation for MediaMath to continue to develop, productize, support, repair, offer for sale or in any other way continue to provide or develop any Beta Service. While we may intend to release a final version of a certain Beta Service, we reserve the right to never make any particular Beta Service generally available. You further acknowledge the duration of the beta phase and any features and functions of a Beta Service are subject to change at any time at MediaMath’s discretion.
FEEDBACK: An essential function of the Beta Program is to gather feedback from participants. We value all input from all participants in the Beta Program. You agree that you will use reasonable commercial efforts to use the Beta Services, notify MediaMath of all errors and problems you identify through your use of any Beta Services and that you will attempt to ascertain steps leading to reproduction of any such errors. You also agree that you will communicate to MediaMath any suggestions or requests for enhancements relating to the operation or further development of a Beta Service and that by doing so you assign all right, title and interest in and to any resulting intellectual property based upon such suggestions or requests, including without limitation all patent, copyright, trade secret, trademark or other intellectual property rights. You acknowledge that MediaMath is not obligated to accept and implement any feedback provided by you and that the use of such feedback is solely in MediaMath’s discretion.
OWNERSHIP: Subject to the limited rights expressly granted hereunder, MediaMath reserves all rights, title and interest in and to the Beta Services and any anonymized aggregated data resulting from your use of the Beta Services, including all related intellectual property rights therein and thereto. No rights are granted to you other than the right to access and use the Beta Services for the purposes of testing and evaluation. You may not create any derivative works from the Beta Services or modify, reuse, disassemble, decompile, reverse engineer or otherwise translate any Beta Services or any portion thereof. You also may not access the Beta Services in order to build a competitive product or service.
MARKETING: You agree that MediaMath may use your name and associated marks in its marketing materials solely with respect to marketing Beta Services used by you, which shall include white papers, case studies and press releases.
PAYMENTS & PRICING: Certain Beta Services may incur a fee, which will be invoiced to you in accordance with your Master Services Agreement with MediaMath. You agree and acknowledge that you shall be liable for all fees incurred in connection with your use of a Beta Service even in the event of an error in the Beta Services affecting the performance of the Beta Service (other than a billing error), or Other than a billing error or tracking error resulting in an erroneous fee, you shall remain liable for all fees incurred with your usage of the Beta Service, including in the event of an error in the Beta Services that affects the performance or outcome of the Beta Service. Unless otherwise agreed to by you and MediaMath, fees for any Beta Service are subject to change during the beta period and after such beta period.
CONFIDENTIALITY: You agree to treat all Beta Services, as well as the nature and content of the Beta Program, as confidential information and will not without our express written authorization: (i) demonstrate, copy, market, sell or otherwise commercially exploit any features or functions of any Beta Services to any third party; (ii) publish or otherwise disclose information relating to performance or quality of any Beta Services to any third party; or (iii) remove or alter any trademark, logo, copyright or other proprietary notices, legends, symbols or labels in the Beta Services.
NO WARRANTY: THE BETA SERVICES BEING ACCESSED BY YOU CONSIST OF PRE-RELEASE CODE, MAY CONTAIN ERRORS, BUGS OR DEFECTS AFFECTING PROPER OPERATION OR FULL FUNCTIONALITY, MAY EXPERIENCE PERFORMANCE ISSUES, CRASHES, OR DATA LOSS, AND IS NOT AT THE LEVEL OF PERFORMANCE OF A GENERALLY AVAILABLE SERVICE. BY USING THE BETA SERVICES, YOU ACKNOWLEDGE YOUR UNDERSTANDING THAT A PRIMARY PURPOSE OF THIS BETA PROGRAM IS TO OBTAIN FEEDBACK ON PERFORMANCE AND IDENTIFY DEFECTS. YOU ARE ADVISED TO SAFEGUARD IMPORTANT DATA, AND NOT TO RELY IN ANY WAY ON THE CORRECT FUNCTIONING OR PERFORMANCE OF BETA SERVICES. BETA SERVICES ARE provided “AS IS” without warranty of any kind AND ANY WARRANTIES TO THE EXTENT AUTHORIZED BY LAW, WHETHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT OR FITNESS FOR A PARTICULAR PURPOSE. In no event shall MEDIAMATH be liable for any damage whatsoever arising out of the use of or inability to use THE BETA SERVICES, even if YOU HAVE been advised of the possibility of such damages.
GENERAL DATA PROTECTION REGULATION POLICY
This policy takes effect on the Effective Date below and shall be incorporated by reference into and form an integral part of your agreement with MediaMath, Inc. or any of its Affiliates (“MediaMath”) (the “Agreement”) unless a separate data processing agreement has been agreed between the parties. In the event of any conflict, ambiguity or inconsistency between the terms of this Policy including its Schedule A and the Agreement, Schedule A then this Policy then the Agreement shall take precedence with respect to the subject matter herein.
- Definitions: The following terms shall have the following meanings in this Policy:
“Ad(s)” means the advertising content, including text, graphics, rich media, video and/or audio material (and combination thereof), that is displayed on digital media inventory.
“Ad Tag” means software code (e.g., HTML5) or a web beacon (e.g., pixel tag, clear GIF) that (i) collects data regarding a user’s actions in or on a Site or a user’s interaction with an Ad or (ii) requests the delivery of an Ad to a Site.
“Advertiser Data” means Client Data.
“Affiliate” means, with respect to a party, an entity that directly or indirectly controls, is controlled by or is under common control with such party. “Control” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the economic or voting interest of an entity.
“Applicable Laws” means all laws and regulations which apply to each party in connection with the Agreement, the performance and receipt of the Services, the use of the Service Platform and the processing of Client Data, MediaMath Data and any related personal data, to include without limitation European Law, Section 5 of the FTC Act, and any applicable industry self-regulatory regulations, to include without limitation the NAI Code and the DAA Code.
“Client Data” means all electronic data which is provided to MediaMath by Client as part of the Services or which is provided or made available to Client by MediaMath or its Affiliates through Client’s use of the Services, including personal data contained therein (including any data which is specific to Client), but excluding the MediaMath Data.
“Controller Purposes” means Client Controller Purposes or MediaMath Controller Purposes as defined in Schedule A.
“DAA Code” means the set of Digital Advertising Alliance Self-Regulatory Principles for Multi-Site Data posted at http://www.aboutads.info/msdprinciples (or any successor site) and its applicable regional counterpart, if any.
“EEA” means the European Economic Area (which shall be deemed to include the United Kingdom throughout the term of the Agreement).
“Effective Date” means the 25 May 2018.
“European Law” means Regulation 2016/679 (GDPR); (iii) Directive 2002/58/EC (as amended or replaced from time to time) and applicable laws implementing that directive in Member States; and, (iv) any data protection and privacy laws in the United Kingdom from time to time. References in this Policy to “controller“, “data subject“, “personal data“, “process“/”processed“/processing“, “processor” and “special categories of personal data” shall have the meanings given in European Law.
“Licensee Data” means Client Data.
“MediaMath Data” means all data generated from Client’s use of the Services (and other clients and partners of MediaMath and its Affiliates) (including any MMUIDs) that does not specifically identify or relate to Client; any data made available by MediaMath for targeting users; the data relating to any error by, issue with, or enhancement to the operation of the Services and the data that MediaMath would have regardless of Client’s use of the Services.
“MediaMath Controller Purposes” means as defined in Schedule A.
“MMUID” means any unique identifier which is created, assigned or retained by MediaMath in respect of each user who interacts with a Site.
“NAI Code” means the Code of Conduct promulgated by the Network Advertising Initiative (“NAI”), located at the following website, or any successor website: https://www.networkadvertising.org/sites/default/files/nai_code2018.pdf, including any official guidance provided by the NAI such as the NAI 2015 Guidance on Determining Whether Location is Imprecise.
“PII” means information that identifies or could be used to identify a particular individual as compared to a particular device such as name, address, telephone number, email address, financial account number, government-issued identifier or date of birth.
“Processing Activities” means as defined in Schedule A.
“Security Incident” means in relation to Client Data or MediaMath Data a breach of security resulting in (i) accidental or unlawful destruction or loss, or (ii) unauthorized disclosure or access.
“Sensitive Information” means: (i) any information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; (ii) genetic data; (iii) biometric data for the purposes of uniquely identifying a natural person; (iv) data concerning sensitive health conditions; (v) data concerning a natural person’s sex life or sexual orientation; (vi) any personal data about a minor under the age of 13; (vii) any financial account numbers or insurance plan numbers that can be used to identify an individual; (viii) any government-issued identifiers; or (ix) characteristics deemed sensitive under the NAI Code. In Schedule A the definition of Sensitive Information shall be as above, except that it will also include any personal data about minors between the ages of 13 and 16.
“Service Platform” means MediaMath’s proprietary software known as TerminalOne® or any other software platform MediaMath may make available to Client.
“Services” means all services available on the Service Platform or otherwise agreed to by MediaMath pursuant to an applicable Order Form or SOW.
“Site” means a digital property that is accessible by users (including websites, mobile sites and software applications).
2. Client Security. Client shall be responsible for maintaining the confidentiality of any login credentials, of appropriately limiting dissemination of the login credentials to its employees, contractors or agents, and for using commercially reasonable efforts and appropriate technological and organizational measures to prevent unauthorized access to the Service Platform. Client shall maintain current records of all individuals to whom it allows access to the Service Platform and shall provide identifying information regarding such individuals to MediaMath upon request.
4. This Policy shall be governed, construed and enforced in accordance with the laws of the Agreement.
European Law Requirements
- Definitions. As used in this Schedule A, the following terms shall have the following meanings:
“Client Controller Purposes” means for the purposes of receiving the Services; and as is more particularly described at www.mediamath.com/legal/processingpurposes.
“MediaMath Controller Purposes” means improving and enhancing the Services, including identifying, blocking and removing data considered to be unlawful or fraudulent; the bidding process; and as is more particularly described at www.mediamath.com/legal/processingpurposes.
“Privacy Shield” means the EU-US Privacy Shield and the Swiss-US Privacy Shield as applicable.
“Processing Activities” means processing Ad Tags placed by or on behalf of Client and as more particularly described at www.mediamath.com/legal/processingpurposes.
- Scope. The rights and obligations in this Schedule A apply to the collection, processing and sharing of personal data originating in the EEA by and between MediaMath, Client and certain third parties (e.g. subprocessors including Affiliates of MediaMath). For the purposes of this Schedule A references to Client Data shall mean any personal data incorporated in Client Data and references to MediaMath Data shall mean any personal data incorporated in MediaMath Data.
- Agreements with MediaMath Germany GmbH. Where the Agreement was entered into with MediaMath Germany GmbH then for the purposes of this Schedule A, MediaMath shall refer to both MediaMath Germany GmbH and MediaMath, Inc. Where MediaMath processes Client Data as a controller, Client acknowledges that MediaMath Germany GmbH and MediaMath, Inc. will process such Client Data as joint controllers within the meaning of the GDPR. Where MediaMath processes Client Data as a Client’s processor, Client acknowledges that MediaMath Germany GmbH and MediaMath, Inc. will process such Client Data each as processors on behalf of Client.
- General Obligations.
- Both parties will comply with all applicable requirements of European Law.
- Client will ensure that it has all necessary and appropriate consents and notices in place to enable the lawful transfer of Client Data to MediaMath for the duration and purposes of the Agreement.
- Appointment of MediaMath as Client’s Processor.
- The parties acknowledge that for the purposes of European Law, Client is the data controller of Client Data and appoints MediaMath as its data processor for the Processing Activities.
- MediaMath shall, in relation to any Client Data processed for the Processing Activities in connection with the performance by MediaMath of its obligations under this Agreement:
- process that Client Data only in accordance with the Processing Activities (or as otherwise agreed in writing);
- ensure that all personnel who have access to and/or process Client Data are obliged to keep Client Data confidential;
- transfer Client Data out of the EEA in accordance with its Privacy Shield registration and notify Client if its Privacy Shield registration expires or terminates for any reason;
- assist Client, at Client’s cost, in responding to any request from a data subject and in ensuring compliance with its obligations under European Law with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
- notify Client without undue delay upon becoming aware of any confirmed Security Incident relating to Client Data;
- upon written request of Client, delete or return Client Data and copies thereof to Client on termination of the Agreement unless required by a judicial or other governmental order or by applicable law to retain some or all Client Data. This requirement shall not apply to Client Data MediaMath has archived on back-up systems; and
- maintain accurate records and information to demonstrate its compliance with this clause 4(b) of this Schedule A.
- Client consents to MediaMath appointing subprocessors to process Client Data, such subprocessors will be listed at www.mediamath.com/legal/subprocessors which MediaMath shall update with any details of any changes at least 10 days prior to the change. MediaMath confirms that it has entered or (as the case may be) will enter with the subprocessor into a written agreement requiring it to protect Client Data to the standard required by European Law. As between Client and MediaMath, MediaMath shall remain fully liable for all acts or omissions of any subprocessor appointed by it pursuant to this clause 4(c) of this Schedule A. Client may object to the replacement of a subprocessor provided such objection is on reasonable grounds. If Client objects to such appointment and is unable to select an alternative subprocessor then Client may terminate the applicable Services provided in the EEA without prejudice to Client’s obligations to pay any fees under the Agreement due up to the date of termination of such Services (or subsequent pro-rated fees).
- MediaMath uses external auditors to verify the adequacy of its security measures, including the security of the physical data centres from which the Services are provided. The audit: (a) will be performed at least annually; (b) will be performed according to SSAE 16 audit standard or such other alternative standard that is substantially equivalent to SSAE 16; (c) will be performed by independent third party security professionals at MediaMath’s selection and expense; and (d) will result in the generation of an audit report which will be MediaMath’s Confidential Information. MediaMath shall provide Client with a copy of the report upon written request.
- Sharing of Personal Data between Client and MediaMath as Controller.
Client shall disclose Client Data to MediaMath on an independent controller to controller basis for the MediaMath Controller Purposes.
MediaMath shall, in relation to any Client Data processed for MediaMath Controller Purposes:
- process Client Data only for the MediaMath Controller Purposes (or as otherwise agreed in writing) and transfer the same out of the EEA in accordance with MediaMath’s Privacy Shield registration;
- notify Client if its Privacy Shield registration expires or terminates for any reason;
- promptly inform Client of any request from a data subject, supervisory authority or regulator related to the processing of Client Data conducted by MediaMath and cooperate as necessary to respond to such correspondence and fulfil each parties’ respective obligations under European Law;
- notify Client without undue delay on becoming aware of any confirmed Security Incident relating to Client Data; and
- maintain accurate records and information to demonstrate its compliance with this clause 5(b) of this Schedule A.
- Sharing of Personal Data between MediaMath and Client as Controller.
- MediaMath will through performance of the Services make available MediaMath Data to Client on an independent controller to controller basis for Client Controller Purposes.
- Client shall, in relation to any MediaMath Data processed for Client Controller Purposes:
- process MediaMath Data only for Client Controller Purposes (or as otherwise agreed in writing) and in accordance with the level of protection required by the Privacy Shield Principles (and if Client fails to do so, it will promptly notify MediaMath in writing and remedy the breach or MediaMath will have the right to suspend the Services and/or terminate the Agreement);
- maintain appropriate technical and organizational measures and commercially reasonable and appropriate administrative and physical, measures for the security and confidentiality of MediaMath Data from a Security Incident;
- ensure that all personnel who have access to and/or process MediaMath Data are obliged to keep such MediaMath Data confidential;
- not process any MediaMath Data in a territory outside of the EEA unless it has taken such measures as are necessary to ensure the transfer is in compliance with European Law;
- promptly inform MediaMath of any request from a data subject, supervisory authority or regulator related to the processing conducted by Client and cooperate as necessary to respond to such correspondence and fulfil each parties’ respective obligations under European Law;
- notify MediaMath without undue delay on becoming aware of any confirmed Security Incident involving MediaMath Data; and
- maintain accurate records and information to demonstrate its compliance with this clause 6(b) of this Schedule A.
- Privacy Shield.
MediaMath shall be entitled to provide a copy of this Schedule A and any other provisions of the Agreement or this Policy to the US Department of Commerce, the Federal Trade Commission, any supervisory authority or regulator on their request (notwithstanding any other provision of the Agreement).
Last Revised: May 18, 2018