MEDIAMATH USER POLICY

 

Your use of any services (“Services”) provided by MediaMath, Inc. (“MediaMath”, “we”, “us”) is subject to the following policies (“Policies”). We reserve the right to change or modify any portion of these Policies at any time without notice. Please periodically visit this page to review the current Policies so you are aware of any revisions to which you are bound.

 

General Requirements

  1. Your use of the Services must comply with all applicable laws, regulations, and self-regulatory group guidelines, including but not limited to, the Network Advertising Initiative (“NAI”) Code of Conduct, the Digital Advertising Alliance (“DAA”)’s Self-Regulatory Principles for Online Behavioral Advertising and Application of Self-Regulatory Principles to the Mobile Environment (“DAA Principles”), the DAA’s Application of the Self-Regulatory Principles of Transparency and Control to Data Used Across Devices, the DAA’s Application of the Self-Regulatory Principles of Transparency & Accountability to Political Advertising, the Digital Advertising Alliance of Canada (DAAC) Self-Regulatory Principle of Transparency for Political Advertising, the Interactive Advertising Bureau (“IAB”) Europe EU Framework for Online Behavioral Advertising, the Australian Digital Advertising Alliance’s (“ADAA”) Best Practice Guideline for Online Behavioural Advertising, and the Asia-Pacific Economic Cooperation (“APEC”) Privacy Framework, regardless of your membership status with any of these organizations.
  1. Your use of the Services must comply with all applicable requirements and guidelines provided by the exchanges or media supply sources from which you purchase media inventory through the Services. For examples of such polices, please visit the Knowledge Base.

 

MediaMath Creative Policy

The following categories of Creative are prohibited when using the Services. “Creative” refers to ad units, landing pages, or any other content related to or used in connection with the serving of ads using the Services.

Category Description and Examples
Ad Fraud Creative associated with any activity designed to sell advertising under fraudulent pretenses, including but not limited to non-human traffic, tag hijacking, hidden ads, domain spoofing, cookie stuffing, generating fake impressions or clicks, misrepresenting advertiser characteristics (such as the landing page URL, advertiser vertical, etc.), reselling of ads under false pretenses, (e.g., misrepresenting the publisher or the type of ad unit), etc.
Auto-audio Creative that automatically initiates audio without the user’s explicit engagement or action
Auto-downloads Creative that contains, or provides access to any files that execute or download software without intentional user interaction. Clicking on an ad must also not initiate a download of any type of file.
Auto-redirects Creative that automatically redirects a user to other sites or applications, without the user’s explicit engagement or action.
Deceptive or Misleading Creative that attempts to trick or deceive a user into taking some action (e.g., “click bait” Creative, Creative that resemble user interface elements, Creative that displays fake errors or warnings, such as warnings about viruses, missing codecs, or corrupt disks, etc.) or markets false or unrealistic promises such as extreme weight loss, anti-aging, etc.
Defamation Creative that depicts, contains, or provides access to material that is damaging to the reputation of another.
Delayed Load Creative consistently taking more than two seconds to initiate the user ad experience.
False Claims Creative that makes a demonstrably false claim is strictly prohibited.
Government Forms or Services Creative that depicts, contains, or provides access to offers that charge for government forms or services that are available for a lesser charge or free from the government.
Hate Speech Creative that depicts, contains, or provides access to content that incites violence or prejudicial action towards a protected individual or group; or content that disparages or intimidates a protected individual or group.
Illegal Creative that is, or that MediaMath reasonably believes is, likely to be in violation of any applicable law, regulation or court order.
Illegal Drugs Creative featuring or promoting the sale of illegal drugs, pharmaceuticals, or drug paraphernalia. As marijuana remains illegal under United States federal law, this Creative Policy prohibits creative featuring or promoting the sale of marijuana even in those states where marijuana use is permitted under state law.
Implied Knowledge Creative that implies knowledge of personally identifiable information or any of the following sensitive characteristics about the user to whom the Ad was targeted:

  • Adult activities (including alcohol, gambling, adult dating, etc.)
  • Commission or alleged commission of any crime
  • Divorce or marital separation
  • Health or medical information
  • Negative financial status or situation
  • Political affiliation (other than the public registration information of United States voters)
  • Precise location of the user at that moment or at any time in the past
  • Racial or ethnic information
  • Religion or religious belief
  • Sexual behavior or orientation
  • Status as a child (“Child) under the age defined in that jurisdiction. For example, in the US, Children are defined by COPPA as those under the age of 13.
  • Trade union membership or affiliation

For example, an Ad may not state “Explore your Jewish heritage” because this implies knowledge of the user’s religion. An Ad stating “Learn about Judaism” would be allowed. Similarly, an Ad for coffee may be delivered when a consumer is near a coffee shop, but the Ad may not state “Coffee is just a few steps away” because this implies knowledge of the user’s precise location at that moment.

Interferes with User Navigation Creative that disrupts the user’s ability to navigate their experience, e.g., by preventing a user from leaving a page by opening modal dialogs or pop-up windows.
Interferes with Another Party’s Content Creative that obscures, replaces, or modifies another party’s ads or content.
Invalid or Improper Classification Creative that is improperly classified with respect to its characteristics, including:

  • Improper classification of Creative that cycles through multiple advertisers
  • Improper classification of Creative running in-banner video (i.e., video ads running within standard display units)
  • Improper classification of a Creative’s landing page URL
  • Improper classification of Creative that auto-plays (i.e., Creative that initiates video play without the user’s explicit engagement or action)
  • Improper classification of Creative action, such as expandable or pop-up action
  • Improper classification of Creative descriptors, such as the advertiser vertical, language, etc.
Lost Video Impression Opportunities Video creatives where an auction is won but the impression does not serve / creative does not load (e.g., because the VAST is blank or the ad server opts out after winning the impression).
Malware Creative that contains, installs, links to, or prompts the download of any malware, Trojan horse, virus, or any other malicious code.
Morally Reprehensible Creative that MediaMath reasonably deems to be morally reprehensible or patently offensive, and without redeeming social value.
Phishing Creative designed to obtain information from a user under false pretenses (e.g., attempting to extract financial information by posing as a legitimate company, etc.).
Piracy Creative that MediaMath reasonably believes (a) contains content that does, or is likely to, infringe or misappropriate a copyright, trademark, trade secret, or patent of a third party or (b) promotes or induces infringement or misappropriation of a copyright, trademark, trade secret, or patent of a third party.
Pornography Creative that depicts, contains or provides access to pornography, nudity, obscenity, and other adult or risqué material.
Reselling Creative involved in any transaction in which the buyer of an impression triggers a subsequent external auction or creative where the original restrictions and constraints of the seller/publisher are not respected (e.g., buying a display creative and reselling as video creative).
Violence Creative that depicts, contains, or provides access to violent content or content that glorifies human suffering, death, self-harm, violence against animals, or contains graphic or violent images.
Weapons Creative that features the sale of, or instructions to create, bombs, guns, firearms, ammunition or other weapons.

 

The following categories of Creative are restricted when using the Services:

Downloads Where Creative links directly or indirectly to a site that contain software, the software must:

  • – Not contain malware;
  • – Provide the user with clear and conspicuous notice about all material functionality;
  • – Obtain informed consent from the user prior to download or installation;
  • – Provide an easy-to-use uninstall to the user; and
  • – Allow the user to maintain control over his or her computing environment.
Political For the purpose of this Policy, Political Ads shall include any paid-for communications that promote or oppose a political party, a candidate at any level of government for public office, or a ballot initiative, or that attempt to influence political opinion or actions including advertising that takes a position on an issue associated with a registered party or candidate, even if the name of that party, candidate, or initiative is not explicitly mentioned.

The following requirements apply to Clients using the Services to run Political Ads:

  1. Clients running Political Ads must do so in T1 advertiser and campaign entities dedicated to political advertising and separate from any nonpolitical advertising. No T1 advertiser or campaign should contain both political and nonpolitical ads.
  2. Clients must flag as political all T1 advertiser and campaign entities via which Political Ads are run.
    • Advertisers must be flagged as political by enabling the “Political Advertiser” toggle on the Admin > New/Edit Advertiser screen.
    • Campaigns must be flagged as political by checking the “Political Campaign” checkbox on the New/Edit Campaign screen under Advanced Settings.
  3. As noted above, clients may not run Creative (political or nonpolitical) that makes a demonstrably false claim. Given the importance of a robust political dialogue to democracy and given the challenges in evaluating the truth of every political claim, we expect to enforce this requirement in a very limited number of instances and for very clear violations. Examples of such violations include but are not limited to creative:
    • That indicates or implies that people should vote on the wrong day or by text message, that or a candidate has died
    • That makes misleading claims about the census process
    • That includes doctored media (“deep fakes”)
    • That otherwise makes demonstrably false claims that could significantly undermine voter participation or trust in an electoral or democratic process
  4. Clients running Political Ads in the United States must adhere to the DAA’s Application of the Self-Regulatory Principles of Transparency & Accountability to Political Advertising. Clients are responsible for inserting the purple Political Ads icon into their Creative. MediaMath does not provide this service.
  5. Clients running Political Ads in Canada must adhere to the DAAC Self-Regulatory Principle of Transparency for Political Advertising. Clients are responsible for inserting the purple Political Ads icon into their Creative. MediaMath does not provide this service.

 

MediaMath Pixeling Policy

The following policies apply to your placement of MediaMath pixels on digital properties, including on Web sites, in emails, and in mobile applications (“Digital Properties”).

General Requirements 1. You may place MediaMath pixels only on those Digital Properties for which you have the necessary rights and authorizations to do so.

2. Where data is collected by a third party from your Digital Properties for Interest-Based Advertising (“IBA”), Cross-App Advertising (“CAA”), or Retargeting (“Retargeting”), you must provide notice of this data collection and the choices available to users. IBA refers to the collection of data across web domains owned and operated by different entities for the purpose of delivering Ads based on preferences or interests known or inferred from the data collected. CAA refers to the collection of data through applications owned or operated by different entities on a particular device for the purpose of delivering Ads based on preferences or interests known or inferred from the data collected. Retargeting is the practice of collecting data about a user’s activity on one Digital Property for the purpose of delivering an ad based on that data on a different, unaffiliated Digital Property.

3. Consistent with the DAA Principles, you may not place MediaMath pixels in toolbars or other locations such that data may be collected from all or substantially all URLs traversed by a web browser across Web sites or all or substantially all applications on a device for IBA, CAA, or Retargeting without MediaMath’s prior review and approval of your consent mechanism. Clients interested in having MediaMath review such a mechanism should reach out to their MediaMath account manager.

Children MediaMath pixels may not be placed on Digital Properties directed at Children (“Child-Directed Digital Properties”).
Sensitive Health Conditions MediaMath pixels may not be placed on Digital Properties related to sensitive health conditions for IBA, CAA, or Retargeting purposes without the user’s specific opt-in consent. MediaMath must review and approve your consent mechanism before you may place MediaMath pixels for such purposes.

Clients may place MediaMath pixels on Digital Properties related to sensitive health conditions for other purposes, such as Ad Delivery and Reporting (“ADR”) without the user’s opt-in consent. ADR is separate and distinct from IBA, CAA, and Retargeting and refers to the collection of data from a computer or device to (i) facilitate the delivery of an ad, or (ii) provide advertising-related services that are not tied the end user’s known or inferred interests (e.g., frequency capping).

For more information on what constitutes a sensitive health condition, please see MediaMath’s Targeting Policy below.

 

MediaMath Targeting Policy

The following policies apply to your targeting of ad units (“Ads”) to users through the Services. The policies listed below apply whether you are targeting users based on data collected from Digital Properties (IBA, CAA, or Retargeting) or through data collected about the user offline (“User-Matched Ads”).

General Requirements 1.     You must provide notice of IBA, CAA, and Retargeting data collection and use practices, and the choices available to users, in or around Ads that are informed by IBA (“IBA Ads”), CAA (“CAA Ads”), or Retargeting (“Retargeting Ads”). You can meet your notice and choice obligations by placing the AdChoices Icon on each such Ad you serve using the Services. MediaMath will add the AdChoices icon on behalf of any client who does not opt out of this service and provide written confirmation of their compliance via an alternate mechanism. A small fee will apply.
Alcohol Ads that promote alcohol or alcoholic beverages are restricted by region and may only be targeted to users that (i) reside in a jurisdiction where alcohol advertising is permitted, and (ii) are of the legal age to purchase alcohol within that jurisdiction.  Alcohol-related Ads must not be designed, or appear to be designed, to appeal to underage purchasers.
Buying Power You may not target Ads on the basis of negative aspects of that user’s financial status. Examples of prohibited practices include targeting:

  • Credit card Ads to users on the basis of their low credit ratings
  • Debt consolidation services Ads to users with high debt loads
  • Legal service Ads to users on the basis of financial information showing that they are at a higher risk of bankruptcy

You are also not permitted to use data collected from IBA, CAA, or Retargeting to determine a user’s credit eligibility.

Children In connection with your use of the Service, you may not:

  • Serve ads on Child-Directed Digital Properties
  • Target an Ad based on the prior online activity of a user of Child-Directed Digital Properties
  • Create segments that target or are intended to target Children
Criminal Actions You may not target Ads on the basis of knowledge or inference of the user’s commission or alleged commission of any crime, such as information indicating that a user has a criminal record.
Gambling For purposes of this Targeting Policy, a gambling-related Ad (“Gambling Ad”) means the following:

  • Any Ad that promotes, directly or indirectly, online (Web or mobile) and offline (land-based or “brick and mortar” casinos, betting shops, card rooms or other gambling establishments) gambling, gaming, betting or wagering of any kind, whether for cash prizes or other things of value, including but not limited to casino games, poker, sports betting (whether individual or parlay wagering), pari-mutuel wagering or “betting pools” (including horse racing, dog racing, and jai alai), lotteries, raffles, sweepstakes, penny auctions, and fantasy sports.
  • Any Ad that otherwise relates in any way to the foregoing activities, including Ads for promotional products, services or materials, including education, “learn to play,” “practice” and other free simulation Digital Properties affiliated with online or offline gambling or wagering sites or facilities.

Gambling Ads may be targeted to users in jurisdictions where such Ads are not prohibited so long as you comply with the following requirements:

  • You and, if you are an advertising agency, the end advertiser currently hold all required licenses, permits, registrations, waivers, consents or other governmental approvals (collectively, “Licenses”) to operate in the jurisdictions in which the Gambling Ad is served and in any other jurisdictions in which you and the advertiser operate.
  • You and, if you are an advertising agency, the end advertiser are in compliance with and agree to remain in compliance with all applicable laws and the terms of all applicable Licenses.
  • You and, if you are an advertising agency, the end advertiser agree not to serve Gambling Ads in any jurisdiction specifically prohibited by this Targeting Policy, as such may be updated from time to time.
Health Health-related advertising (advertising health-related products and services or targeting advertisements based on health-related data) is highly regulated by government and industry. Given the large number of jurisdictions in which MediaMath operates and the myriad of health products and services that exist, it is beyond the scope of this Targeting Policy to define on a jurisdiction-by-jurisdiction basis what constitutes acceptable health advertising. Rather, the guidelines below should be considered a US baseline for use of the Services, with other jurisdictions generally being more restrictive. In particular, please note that under the IAB Europe EU Framework for Online Behavioral Advertising, a company “seeking to create or use such OBA segments relying on use of sensitive personal data as defined under Article 8.1 of Directive 95/46/EC will obtain a web user’s Explicit Consent, in accordance with applicable law, prior to engaging in OBA using that information.” As always, clients assume all responsibility for ensuring their advertising is legal in all jurisdictions and acceptable on all exchanges where they intend to advertise.

You may not target IBA, CAA, Retargeting, or User-Matched Ads to users on the basis of sensitive health information (“Sensitive Health Data”) without their specific opt-in consent. MediaMath must review and approve your consent mechanism before you may target such Ads to those users on the basis of Sensitive Health Data.  Per the NAI Code, Sensitive Health Data includes: (i) information about any past, present, or potential future health or medical conditions or treatments, including genetic, genomic, and family medical history, based on, obtained, or derived from pharmaceutical prescriptions or medical records, or similar health or medical sources that provide actual knowledge of a condition or treatment (the source is sensitive) and (ii) information, including inferences, about sensitive health or medical conditions or treatments (the condition or treatment is sensitive regardless of the source).  The relevant factors in determining whether a health condition is sensitive include:

  • The seriousness of the condition
  • How narrowly the condition is defined
  • Its prevalence
  • Whether it is something that an average person would consider to be particularly private in nature
  • Whether it is treated by over-the-counter or prescription medications
  • Whether it can be treated by modifications in lifestyle as opposed to medical intervention

Examples of sensitive health conditions include:

  • Cancer
  • Drug addiction
  • Menopause
  • Mental health related conditions, including:
    • Alzheimer’s
    • Anorexia/bulimia
    • Depression
    • Generalized anxiety disorder
    • Schizophrenia
  • Pregnancy termination
  • Sexual dysfunction
  • Sexually transmitted diseases

You may target IBA, CAA, Retargeting, or User-Matched Ads to users on the basis of their known or inferred interest in a non-sensitive health condition.  Per the NAI Code, examples of non-sensitive health conditions include:

  • Acne
  • Allergies
  • Back pain
  • Beauty
  • Cholesterol management
  • Cold and flu
  • Dental
  • Diet
  • Exercise
  • First aid
  • General interest segments, including:
    • Men’s health
    • Women’s health
    • Senior health needs
    • Children’s health
  • Hair removal
  • Headache
  • Health and fitness
  • Heartburn
  • High blood pressure
  • Nutrition
  • Sinus
  • Sore throat
  • Vision
  • Vitamins and supplements

You may target IBA, CAA, Retargeting, or User-Matched Ads concerning all health conditions to users on the basis of demographic data (e.g., age, gender).

You may also serve Contextual Ads concerning all health conditions. Contextual Ads are Ads that are targeted on the basis of the content of the digital property the user is currently visiting.  

If you are unsure of whether a particular health condition or treatment is sensitive, contact your MediaMath account representative before targeting users on the basis of their interest in that condition or treatment.

Location Sanctioned Jurisdictions
MediaMath clients may not serve ads in any jurisdictions where sanctions imposed by the US Office of Foreign Assets Control (OFAC) would prohibit such advertising. At the time of the publication of this Targeting Policy, that list, which OFAC may update from time to time, includes:

  • Crimea
  • Cuba
  • Iran
  • North Korea
  • Sudan
  • Syria

Precise Location
Precise Location Data (“Precise Location Data”) is information that describes the precise geographic location of a device derived through any technology that is capable of determining with reasonable specificity the actual physical location of a person or device. Examples of Precise Location Data include:

  • A user’s GPS-level latitude/longitude coordinates (often based on information received from a user’s mobile device)
  • Location-based Wi-Fi triangulation
  • A user’s presence at a specific location or shop (e.g., received from a Bluetooth beacon associated with a specific location)
Geofencing
Consistent with the NAI Code, you are permitted to target Ads based on the precise location of the device at the time the Ad is served (“geofence”) so long as you do not store the precise location once the ad is served or delivered. Such geofencing may not target:

  • A geographic area smaller than 785,398 meters² (the area of a circle with a radius of 500 meters). For example, you may not place a 100-meter circular geofence around one individual coffee shop. However, you may geofence all coffee shops in New York City, because the total area geofenced would be greater than 785,398 meters².
    • Exception: You may target a smaller geographic area provided the location is a very high-density venue. For example, you may target a 100-meter radius around Yankee Stadium during a game because the stadium has a seating capacity of over 50,000.
  • A personal address. Only business addresses (e.g., Disneyworld, or 4 World Trade Center) or public locations (e.g., Central Park) may be used as the locations around which ads are targeted.
  • Locations designed for children, including locations such as:
    • Day care centers
    • Playgrounds
    • Schools below the college level (preschools, primary schools, and secondary schools)
    • Tutoring and educational services
    • Youth organizations
  • Locations designed for survivors of abuse, including locations such as:
    • Rape crisis centers
    • Women’s shelters
  • Locations associated with pregnancy, sexual health, sexual orientation, or sensitive health conditions, such as:
    • Abortion clinics
    • Alcohol and drug services
    • Healthcare or other facilities with an emphasis on pregnancy, sexual health, or sensitive health conditions. Clients may geofence locations such as primary care and other facilities which are beyond a shadow of a doubt “general” and which would contain patients or consumers representing a wide variety of health conditions.
    • LGBT centers and venues
  • In the EU: Any locations which reveal information about health or sex life
  • Locations that imply negative financial status, such as check cashing facilities
  • Locations that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, such as:
    • Churches
    • Trade union offices

The above limitations do not apply to more general targeting that includes sensitive locations by nature of its breadth. For example, clients may target New York City, even though there are sensitive health facilities in New York City.

MediaMath reserves the right to require a client to broaden or discontinue its targeting if MediaMath in its sole discretion determines that the targeting may create a negative user experience or is otherwise inappropriate.

Targeting Ads Based on Historic Precise Location Data
You may not serve Ads based on knowledge of the device or user’s precise location in the past or over time without obtaining the user’s opt-in consent.

For jurisdictions outside the US, you must contact your MediaMath representative before serving IBA, CAA, Retargeting, or User-Matched Ads on the basis of Precise Location Data.

Political Affiliation or Beliefs Political Ads in the United States may not be targeted at audiences smaller than the following number of devices according to the scope of the applicable candidate or initiative:

  • National (e.g., general presidential elections) – 500,000
  • State-level (e.g., presidential primaries, the election of federal senators or state governors, and state ballot initiatives) – 500,000 or 10% of the state population, whichever is lower
  • Local-level (e.g., the election of state senators or local officials, local ballot initiatives) – 10,000
  • Notwithstanding the foregoing, targeting based on geographic location down to and including ZIP code-level targeting (but not ZIP+4 or radius around a location) is allowed even though the target population may be considerably less than the above.
  • Exceptions to any of the above may be requested via your account manager and must be approved in advance by MediaMath’s Data Policy & Governance team.

Political Ads in other countries must not be targeted at audiences smaller than comparably sized audiences relative to the population.

For the purposes of this Targeting Policy, Ads related to a user’s political affiliation or beliefs (“User-Targeted Political Ads”) shall include IBA, CAA, Retargeting, or User-Matched Ads that promote: (i) political figures, opinions, or issues, such as Digital Properties for political candidates, (ii) political groups, (iii) political cause awareness, (iv) advocacy groups, or (v) union memberships.

You may not target User-Targeted Political Ads to users that reside in the European Union.  You must contact your MediaMath representative before serving User-Targeted Political Ads to users that reside in other non-US jurisdictions.

User-Targeted Political Ads are generally permissible in the US. MediaMath reserves the right to limit or prohibit User-Targeted Political Ads involving particularly sensitive issues (e.g., abortion, sexual orientation, etc.). MediaMath reserves the right to review, request modifications to, or reject any User-Targeted Political Ad at its sole discretion. However, such discretion will not be exercised with the intent to favor or disfavor any particular candidate or political party.

Race & Ethnicity In the US, you may serve IBA, CAA, Retargeting, or User-Matched Ads to users on the basis of their known or inferred race or ethnic origin.

In the European Union, you may not serve such Ads to users.

Religion In the US, you may serve IBA, CAA, Retargeting, or User-Matched Ads to users on the basis of their known or inferred religion or religious beliefs.

In the European Union, you may not serve such Ads to users.

Sexual Orientation You are not permitted to target IBA, CAA, Retargeting, or User-Matched Ads to users based on their known or inferred sexual orientation, including indirect inference (e.g., donation to LGBT advocacy groups), without their specific opt-in consent. MediaMath must review and approve your consent mechanism before you may target such Ads. Clients interested in having MediaMath review such a mechanism should reach out to their MediaMath account manager.

 

MediaMath Beta Policy and Terms of Use

Thank you for your interest in the MediaMath Beta Program.  Participation in a Beta Program is voluntary and allows you to test and provide feedback on developing/pre-release features, products, and services which shall be designated as “beta” (the “Beta Services”). Participation in the Beta Program includes early access to beta product functionality, the opportunity to gain knowledge of performance impact and develop best practices ahead of others and the ability to influence the early development and direction of a product. By accessing or using Beta Services, you agree to be bound all of the terms and conditions described in this Beta Policy and to actively engage in the testing and feedback process.

NO OBLIGATIONS: You acknowledge and agree that a Beta Service may contain features that will be altered in the final release of the same or similar Service and that availability of any Beta Services during the course of a Beta Program shall not create any obligation for MediaMath to continue to develop, productize, support, repair, offer for sale or in any other way continue to provide or develop any Beta Service.  While we may intend to release a final version of a certain Beta Service, we reserve the right to never make any particular Beta Service generally available. You further acknowledge the duration of the beta phase and any features and functions of a Beta Service are subject to change at any time at MediaMath’s discretion.

FEEDBACK:  An essential function of the Beta Program is to gather feedback from participants.  We value all input from all participants in the Beta Program.  You agree that you will use reasonable commercial efforts to use the Beta Services, notify MediaMath of all errors and problems you identify through your use of any Beta Services and that you will attempt to ascertain steps leading to reproduction of any such errors.  You also agree that you will communicate to MediaMath any suggestions or requests for enhancements relating to the operation or further development of a Beta Service and that by doing so you assign all right, title and interest in and to any resulting intellectual property based upon such suggestions or requests, including without limitation all patent, copyright, trade secret, trademark or other intellectual property rights. You acknowledge that MediaMath is not obligated to accept and implement any feedback provided by you and that the use of such feedback is solely in MediaMath’s discretion.

OWNERSHIP:  Subject to the limited rights expressly granted hereunder, MediaMath reserves all rights, title and interest in and to the Beta Services and any anonymized aggregated data resulting from your use of the Beta Services, including all related intellectual property rights therein and thereto.  No rights are granted to you other than the right to access and use the Beta Services for the purposes of testing and evaluation.  You may not create any derivative works from the Beta Services or modify, reuse, disassemble, decompile, reverse engineer or otherwise translate any Beta Services or any portion thereof.  You also may not access the Beta Services in order to build a competitive product or service.

MARKETING: You agree that MediaMath may use your name and associated marks in its marketing materials solely with respect to marketing Beta Services used by you, which shall include white papers, case studies and press releases.

PAYMENTS & PRICING: Certain Beta Services may incur a fee, which will be invoiced to you in accordance with your Master Services Agreement with MediaMath. You agree and acknowledge that you shall be liable for all fees incurred in connection with your use of a Beta Service even in the event of an error in the Beta Services affecting the performance of the Beta Service (other than a billing error), or Other than a billing error or tracking error resulting in an erroneous fee, you shall remain liable for all fees incurred with your usage of the Beta Service, including in the event of an error in the Beta Services that affects the performance or outcome of the Beta Service. Unless otherwise agreed to by you and MediaMath, fees for any Beta Service are subject to change during the beta period and after such beta period.

CONFIDENTIALITY: You agree to treat all Beta Services, as well as the nature and content of the Beta Program, as confidential information and will not without our express written authorization: (i) demonstrate, copy, market, sell or otherwise commercially exploit any features or functions of any Beta Services to any third party; (ii) publish or otherwise disclose information relating to performance or quality of any Beta Services to any third party; or (iii) remove or alter any trademark, logo, copyright or other proprietary notices, legends, symbols or labels in the Beta Services.

NO WARRANTY:  THE BETA SERVICES BEING ACCESSED BY YOU CONSIST OF PRE-RELEASE CODE, MAY CONTAIN ERRORS, BUGS OR DEFECTS AFFECTING PROPER OPERATION OR FULL FUNCTIONALITY, MAY EXPERIENCE PERFORMANCE ISSUES, CRASHES, OR DATA LOSS, AND IS NOT AT THE LEVEL OF PERFORMANCE OF A GENERALLY AVAILABLE SERVICE.  BY USING THE BETA SERVICES, YOU ACKNOWLEDGE YOUR UNDERSTANDING THAT A PRIMARY PURPOSE OF THIS BETA PROGRAM IS TO OBTAIN FEEDBACK ON PERFORMANCE AND IDENTIFY DEFECTS.  YOU ARE ADVISED TO SAFEGUARD IMPORTANT DATA, AND NOT TO RELY IN ANY WAY ON THE CORRECT FUNCTIONING OR PERFORMANCE OF BETA SERVICES.  BETA SERVICES ARE provided “AS IS” without warranty of any kind AND ANY WARRANTIES TO THE EXTENT AUTHORIZED BY LAW, WHETHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT OR FITNESS FOR A PARTICULAR PURPOSE.  In no event shall MEDIAMATH be liable for any damage whatsoever arising out of the use of or inability to use THE BETA SERVICES, even if YOU HAVE been advised of the possibility of such damages.

 

 

GENERAL DATA PROTECTION REGULATION POLICY

This policy takes effect on the Effective Date below and shall be incorporated by reference into and form an integral part of your agreement with MediaMath, Inc. or any of its Affiliates (“MediaMath”) (the “Agreement”) unless a separate data processing agreement has been agreed between the parties. In the event of any conflict, ambiguity or inconsistency between the terms of this Policy including its Schedule A and the Agreement, Schedule A then this Policy then the Agreement shall take precedence with respect to the subject matter herein.

 

  1. Definitions: The following terms shall have the following meanings in this Policy:

 

“Ad(s)” means the advertising content, including text, graphics, rich media, video and/or audio material (and combination thereof), that is displayed on digital media inventory.

“Ad Tag” means software code (e.g., HTML5) or a web beacon (e.g., pixel tag, clear GIF) that (i) collects data regarding a user’s actions in or on a Site or a user’s interaction with an Ad or (ii) requests the delivery of an Ad to a Site.

“Advertiser Data” means Client Data.

“Affiliate” means, with respect to a party, an entity that directly or indirectly controls, is controlled by or is under common control with such party. “Control” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the economic or voting interest of an entity.

 “Applicable Laws” means all laws and regulations which apply to each party in connection with the Agreement, the performance and receipt of the Services, the use of the Service Platform and the processing of Client Data, MediaMath Data and any related personal data, to include without limitation European Law, Section 5 of the FTC Act, and any applicable industry self-regulatory regulations, to include without limitation the NAI Code and the DAA Code.

 “Client Data” means all electronic data which is provided to MediaMath by Client as part of the Services or which is provided or made available to Client by MediaMath or its Affiliates through Client’s use of the Services, including personal data contained therein (including any data which is specific to Client), but excluding the MediaMath Data.

“Controller Purposes” means Client Controller Purposes or MediaMath Controller Purposes as defined in Schedule A.

“DAA Code” means the set of Digital Advertising Alliance Self-Regulatory Principles for Multi-Site Data posted at http://www.aboutads.info/msdprinciples (or any successor site) such as the Application of the Self-Regulatory Principles of Transparency and Control to Data Used Across Devices, and its applicable regional counterpart, if any.

“Deletion Request” means a request received by MediaMath from an individual requesting deletion of their personal data held by MediaMath.

“EEA” means the European Economic Area (which shall be deemed to include the United Kingdom throughout the term of the Agreement).

“Effective Date” means the 25 May 2018.

“European Law” means Regulation 2016/679 (GDPR); (iii) Directive 2002/58/EC (as amended or replaced from time to time) and applicable laws implementing that directive in Member States; and, (iv) any data protection and privacy laws in the United Kingdom from time to time. References in this Policy to “controller“, “data subject“, “personal data“, “process“/”processed“/processing“, “processor” and “special categories of personal data” shall have the meanings given in European Law.

“Licensee Data” means Client Data.

“MediaMath Data” means all data generated from Client’s use of the Services (and other clients and partners of MediaMath and its Affiliates) (including any MMUIDs) that does not specifically identify or relate to Client; any data made available by MediaMath for targeting users; the data relating to any error by, issue with, or enhancement to the operation of the Services and the data that MediaMath would have regardless of Client’s use of the Services.

“MediaMath Controller Purposes” means as defined in Schedule A.

“MMUID” means any unique identifier which is created, assigned or retained by MediaMath in respect of each user who interacts with a Site.

“NAI Code” means the Code of Conduct promulgated by the Network Advertising Initiative (“NAI”), located at the following website, or any successor website: https://www.networkadvertising.org/sites/default/files/nai_code2018.pdf, including any official guidance provided by the NAI such as the NAI 2015 Guidance on Determining Whether Location is Imprecise.

“PII” means information that identifies or could be used to identify a particular individual as compared to a particular device such as name, address, telephone number, email address, financial account number, government-issued identifier or date of birth.

“Processing Activities” means as defined in Schedule A.

“SAR” means a request received by MediaMath which does not specifically refer to Client from an individual for a copy of their personal data held by MediaMath.

“Security Incident” means in relation to Client Data or MediaMath Data a breach of security resulting in (i) accidental or unlawful destruction or loss, or (ii) unauthorized disclosure or access.

“Sensitive Information” means: (i) any information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; (ii) genetic data; (iii) biometric data for the purposes of uniquely identifying a natural person; (iv) data concerning sensitive health conditions; (v) data concerning a natural person’s sex life or sexual orientation; (vi) any personal data about a minor under the age of 13; (vii) any financial account numbers or insurance plan numbers that can be used to identify an individual; (viii) any government-issued identifiers;  or (ix) characteristics deemed sensitive under the NAI Code. In Schedule A the definition of Sensitive Information shall be as above, except that it will also include any personal data about minors between the ages of 13 and 16.

“Service Platform” means MediaMath’s proprietary software known as TerminalOne® or any other software platform MediaMath may make available to Client.

“Services” means all services available on the Service Platform or otherwise agreed to by MediaMath pursuant to an applicable Order Form or SOW.

“Site” means a digital property that is accessible by users (including websites, mobile sites and software applications).

 

2. Client Security. Client shall be responsible for maintaining the confidentiality of any login credentials, of appropriately limiting dissemination of the login credentials to its employees, contractors or agents, and for using commercially reasonable efforts and appropriate technological and organizational measures to prevent unauthorized access to the Service Platform. Client shall maintain current records of all individuals to whom it allows access to the Service Platform and shall provide identifying information regarding such individuals to MediaMath upon request.

3. Privacy. MediaMath shall maintain appropriate technical and organizational measures and commercially reasonable and appropriate administrative and physical measures designed to protect Client Data from a Security Incident. MediaMath shall respond directly to SARs or Deletion Requests it receives from individuals. MediaMath may disclose personal data forming part of Client Data in response to a SAR. At all times, in accordance with Applicable Laws, Client shall: (i) post a conspicuous privacy policy on the Site(s) owned and operated by it which provides information to users, including without limitation a description of the types of personal data that are collected, an explanation of how and for which purpose(s) personal data will be used or transferred to third parties (including for the Processing Activities and Controller Purposes), any disclosures of personal data that have been made, and if requested by MediaMath, identifying MediaMath by name and providing a link to MediaMath’s privacy notice, and (ii) secure specific consent to the use of cookies (including MediaMath cookies) and other tracking or similar technologies that store or access information stored on user devices (and provide users with a means to opt-out from advertising cookies and such tracking technologies). In the event that Client intends to provide Client Data to MediaMath that constitutes PII, Client is responsible for encrypting such data in a manner which prevents it from being disassembled or reverse engineered in order to identify the individual to which it pertains prior to providing it to MediaMath, and such encrypted data shall then no longer be PII. To the extent that Client Data or MediaMath Data processed by Client or MediaMath or its Affiliates pursuant to this Policy contains any personal data which originates in the EEA, Schedule A shall additionally apply.

4. This Policy shall be governed, construed and enforced in accordance with the laws of the Agreement.

 

 

 

Schedule A

European Law Requirements

  1. Definitions. As used in this Schedule A, the following terms shall have the following meanings:

Client Controller Purposes” means for the purposes of receiving the Services; and as is more particularly described at www.mediamath.com/legal/processingpurposes.

MediaMath Controller Purposes” means improving and enhancing the Services, including identifying, blocking and removing data considered to be unlawful or fraudulent; the bidding process; and as is more particularly described at www.mediamath.com/legal/processingpurposes.

Privacy Shield” means the EU-US Privacy Shield and the Swiss-US Privacy Shield as applicable.

Processing Activities” means processing Ad Tags placed by or on behalf of Client and as more particularly described at www.mediamath.com/legal/processingpurposes.

 

  1. Scope. The rights and obligations in this Schedule A apply to the collection, processing and sharing of personal data originating in the EEA by and between MediaMath, Client and certain third parties (e.g. subprocessors including Affiliates of MediaMath). For the purposes of this Schedule A references to Client Data shall mean any personal data incorporated in Client Data and references to MediaMath Data shall mean any personal data incorporated in MediaMath Data.

 

  1. Agreements with MediaMath Germany GmbH. Where the Agreement was entered into with MediaMath Germany GmbH then for the purposes of this Schedule A, MediaMath shall refer to both MediaMath Germany GmbH and MediaMath, Inc. Where MediaMath processes Client Data as a controller, Client acknowledges that MediaMath Germany GmbH and MediaMath, Inc. will process such Client Data as joint controllers within the meaning of the GDPR. Where MediaMath processes Client Data as a Client’s processor, Client acknowledges that MediaMath Germany GmbH and MediaMath, Inc. will process such Client Data each as processors on behalf of Client.

 

  1. General Obligations.
    1. Both parties will comply with all applicable requirements of European Law.
    2. Client will ensure that it has all necessary and appropriate consents and notices in place to enable the lawful transfer of Client Data to MediaMath for the duration and purposes of the Agreement.

 

  1. Appointment of MediaMath as Client’s Processor.
    1. The parties acknowledge that for the purposes of European Law, Client is the data controller of Client Data and appoints MediaMath as its data processor for the Processing Activities.
    2. MediaMath shall, in relation to any Client Data processed for the Processing Activities in connection with the performance by MediaMath of its obligations under this Agreement:
      1. process that Client Data only in accordance with the Processing Activities (or as otherwise agreed in writing);
      2. ensure that all personnel who have access to and/or process Client Data are obliged to keep Client Data confidential;
      3. process Client Data transferred out of the EEA in accordance with the Privacy Shield principles;
      4. assist Client, at Client’s cost, in responding to any request from a data subject received directly by the Client or received by MediaMath which explicitly refers to the Client and in ensuring compliance with its obligations under European Law with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
      5. notify Client without undue delay upon becoming aware of any confirmed Security Incident relating to Client Data;
      6. upon written request of Client, delete or return Client Data and copies thereof to Client on termination of the Agreement unless required by a judicial or other governmental order or by applicable law to retain some or all Client Data. This requirement shall not apply to Client Data MediaMath has archived on back-up systems; and
      7. maintain accurate records and information to demonstrate its compliance with this clause 4(b) of this Schedule A.
    3. Client consents to MediaMath appointing subprocessors to process Client Data, such subprocessors will be listed at www.mediamath.com/legal/subprocessors which MediaMath shall update with any details of any changes at least 10 days prior to the change. MediaMath confirms that it has entered or (as the case may be) will enter with the subprocessor into a written agreement requiring it to protect Client Data to the standard required by European Law. As between Client and MediaMath, MediaMath shall remain fully liable for all acts or omissions of any subprocessor appointed by it pursuant to this clause 4(c) of this Schedule A. Client may object to the replacement of a subprocessor provided such objection is on reasonable grounds. If Client objects to such appointment and is unable to select an alternative subprocessor then Client may terminate the applicable Services provided in the EEA without prejudice to Client’s obligations to pay any fees under the Agreement due up to the date of termination of such Services (or subsequent pro-rated fees).
    4. MediaMath uses external auditors to verify the adequacy of its security measures, including the security of the physical data centres from which the Services are provided. The audit: (a) will be performed at least annually; (b) will be performed according to SSAE 16 audit standard or such other alternative standard that is substantially equivalent to SSAE 16; (c) will be performed by independent third party security professionals at MediaMath’s selection and expense; and (d) will result in the generation of an audit report which will be MediaMath’s Confidential Information. MediaMath shall provide Client with a copy of the report upon written request.
    5. Notwithstanding the commitment provided by MediaMath in clause 5(b)(iii) above, MediaMath and Client agree that for the purposes of any transfer of Client Data out of the EEA and/or (after EU law ceases to apply to the UK) the UK, to MediaMath to process for the Processing Activities:
      1. the European Commission’s 2010 Standard Contractual Clauses for the transfer of personal data to processors established in third countries which do not ensure an adequate level of protection (“C2P Model Clauses”) shall be incorporated into this Schedule A between them;
      2. any optional clauses in the C2P Model Clauses are hereby deleted;
      3. after EU law ceases to apply to the UK, MediaMath shall be entitled to use any mechanism permissible from time to time under UK law to facilitate data protection in respect of transfers of personal data from the UK to a country outside the EEA; and
      4. the C2P Model Clauses shall be interpreted in accordance with the details provided in the Annex to this Schedule A.

 

  1. Sharing of Personal Data between Client and MediaMath as Controller.

a. Client shall disclose Client Data to MediaMath on an independent controller to controller basis for the MediaMath Controller Purposes.

b. MediaMath shall, in relation to any Client Data processed for MediaMath Controller Purposes:

      1. process Client Data only for the MediaMath Controller Purposes (or as otherwise agreed in writing) and in respect of any Client Data transferred out of the EEA in accordance with the Privacy Shield principles;
      2. ensure that all personnel who have access to and/or process Client Data are obliged to keep Client Data confidential;
      3. notify Client if its Privacy Shield registration expires or terminates for any reason;
      4. promptly inform Client of any request from a data subject, supervisory authority or regulator related to the processing of Client Data conducted by MediaMath and cooperate as necessary to respond to such correspondence and fulfil each parties’ respective obligations under European Law;
      5. notify Client without undue delay on becoming aware of any confirmed Security Incident relating to Client Data; and
      6. maintain accurate records and information to demonstrate its compliance with this clause 5(b) of this Schedule A.
    1. c. Notwithstanding the commitment provided by MediaMath in clause 6(b)(i) above, MediaMath and Client agree that for the purposes of the transfer of Client Data outside of the EEA and/or (after EU law ceases to apply to the UK) the UK, to MediaMath to process for the MediaMath Controller Purposes:

      i. the European Commission’s 2010 Standard Contractual Clauses for controller to controller transfers, (“C2C Model Clauses”) shall be incorporated into this Schedule A between them;

      ii. any optional clauses in the C2C Model Clauses are hereby deleted;

      iii. after EU law ceases to apply to the UK, MediaMath shall be entitled to use any mechanism permissible from time to time under UK law to facilitate data protection in respect of transfers of personal data from the UK to a country outside the EEA; and

      a. the C2C Model Clauses shall be interpreted in accordance with the details provided in the Annex to this Schedule A.

  1. Sharing of Personal Data between MediaMath and Client as Controller.
    1. MediaMath will through performance of the Services make available MediaMath Data to Client on an independent controller to controller basis for Client Controller Purposes.
    2. Client shall, in relation to any MediaMath Data processed for Client Controller Purposes:
      1. process MediaMath Data only for Client Controller Purposes (or as otherwise agreed in writing) and in accordance with the level of protection required by the Privacy Shield principles (and if Client fails to do so, it will promptly notify MediaMath in writing and remedy the breach or MediaMath will have the right to suspend the Services and/or terminate the Agreement);
      2. maintain appropriate technical and organizational measures and commercially reasonable and appropriate administrative and physical, measures for the security and confidentiality of MediaMath Data from a Security Incident;
      3. ensure that all personnel who have access to and/or process MediaMath Data are obliged to keep such MediaMath Data confidential;
      4. not process any MediaMath Data in a territory outside of the EEA unless it has taken such measures as are necessary to ensure the transfer is in compliance with European Law;
      5. promptly inform MediaMath of any request from a data subject, supervisory authority or regulator related to the processing conducted by Client and cooperate as necessary to respond to such correspondence and fulfil each parties’ respective obligations under European Law;
      6. notify MediaMath without undue delay on becoming aware of any confirmed Security Incident involving MediaMath Data; and
      7. maintain accurate records and information to demonstrate its compliance with this clause 6(b) of this Schedule A.

      c. MediaMath and Client agree that for the purposes of any processing of MediaMath Data outside of the EEA and/or (after EU law ceases to apply to the UK) the UK, by Client for Client Controller Purposes:

      1. the C2C Model Clauses shall be incorporated into this Schedule A between them;
      2. any optional clauses in the C2C Model Clauses are hereby deleted;
      3. after EU law ceases to apply to the UK, MediaMath shall be entitled to use any mechanism permissible from time to time under UK law to facilitate data protection in respect of transfers of personal data from the UK to a country outside the EEA; and
      4. the C2C Model Clauses shall be interpreted in accordance with the details provided in the Annex to this Schedule A.

 

  1. Privacy Shield.

MediaMath shall be entitled to provide a copy of this Schedule A and any other provisions of the Agreement or this Policy to the US Department of Commerce, the Federal Trade Commission, any supervisory authority or regulator on their request (notwithstanding any other provision of the Agreement).

 

 

Annex – Interpretation of Model Clauses

  1. This Annex sets out the parties agreed interpretation of their respective obligations under the applicable C2C and C2P Model Clauses incorporated between them by Schedule A (together the “Model Clauses”).
  2. In the event that a competent supervisory authority or court of competent jurisdiction determines that any provision of this Annex conflicts with the requirements of the applicable Model Clauses, then the terms of the applicable Model Clauses shall prevail.
  3. As between MediaMath and Client, any claims brought under the applicable Model Clauses or pursuant to the General Data Protection Regulation Policy shall be subject to the terms of the Agreement, including but not limited to, the exclusions and limitations set forth in the Agreement. In no event shall either MediaMath or Client limit or exclude its liability with respect to any data subject rights under the applicable Model Clauses.
  4. The parties agree that for the purposes of transfers of Client Data to MediaMath under the C2P Model Clauses in accordance with Clause 5(e) of Schedule A:
    1. the following details shall be deemed to apply to Appendix 1 of the C2P Model Clauses:

      1. Data Exporter and Data Importer: Client is the “data exporter” for the purposes of the Model Clauses and the “data importer” is MediaMath, Inc, 4 World Trade Center, New York, New York 10007, USA. The parties’ respective contact(s) are: (a) MediaMath: DPO. Tel.: +1 646-840-4200; Email: privacy@mediamath.com; and (b) Client: As set out in the Agreement.
      2. Data subjects: The personal data transferred concerns the following categories of data subjects: Individuals who visit the data exporter’s digital properties (websites or mobile advertising platforms) or are served with digital advertising on behalf of the data exporter through the use of the data importer’s advertising technology platform.
      3. Categories of data transferred: As described in Column 3 of the data importer’s “processing purposes table” (no special category data is transferred).
      4. Processing operations: The processing activities undertaken by the data importer on behalf of the data exporter are set out in column 4 of the “processing purposes table”;
    2. for the purposes of Appendix 2 to the C2P Model Clauses, a description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) are set out at https://www.mediamath.com/legal/terms/information-security/ (which are deemed incorporated into the Schedule as if included within the C2P Model Clauses).

2. The parties agree that for the purposes of transfers of Client Data to MediaMath under the C2C Model Clauses in accordance with Clause 6 (c) of Schedule A the following details shall be deemed to apply for Annex B of the C2C Model Clauses:

i) Data Exporter and Data Importer: Client is the “data exporter” and the “data importer” is MediaMath, Inc, 4 World Trade Center, New York, New York 10007, USA. The parties’ respective contact(s) are: (a) MediaMath: DPO. Tel.: +1 646-840-4200; Email: privacy@mediamath.com; and (b) Client: As set out in the Agreement.

ii) Data subjects: The personal data transferred concerns the following categories of data subjects: Individuals who visit the data exporter’s digital properties (websites or mobile advertising platforms) or are served with digital advertising on behalf of the data exporter through the use of the data importer’s advertising technology platform.

iii) Categories of data transferred: As described in Column 3 of the data importer’s “processing purposes table” (no special category data is transferred).

iv) Purposes of the transfer(s): To enable the data importer to process the relevant personal data as an independent controller for certain MediaMath Controller Purposes (as defined in Schedule A) in connection with providing its digital advertising services, as more particularly described in column 5 of the data importer’s “processing purposes table”.

v) Recipients: The personal data transferred may be disclosed only to the following recipients or categories of recipients: The data importer, its affiliates, its processors who are engaged by the data importer to support its digital advertising services in accordance with Article 28of the EU General Data Protection Regulation and its partners where necessary in connection with its digital advertising services.

vi) Additional useful information: The data importer’s processing of the data exporter’s personal data shall take place in accordance with its privacy policy and shall be subject to the security measures as set out at https://www.mediamath.com/legal/terms/information-security/ (which are deemed incorporated into the Schedule A as if included within the C2C Model Clauses).

3. The parties agree that for the purposes of transfers of MediaMath Data under the C2C Model Clauses in accordance with Clause 7(c) of Schedule A, the following details shall be deemed to apply for Annex B of the C2C Model Clauses:

i) Data Exporter and Data Importer: MediaMath is the “data exporter” for the purposes of the Model Clauses and the “data importer” is Client. The parties’ respective contact(s) are: (a) MediaMath: DPO. Tel.: +1 646-840-4200; Email: privacy@mediamath.com; and (b) Client: As set out in the Agreement.

ii) Data subjects: The personal data transferred concerns the following categories of data subjects: Individuals who visit the digital properties (websites or mobile advertising platforms) of data exporter’s clients or served ads through the data exporter’s advertising technology platform.

iii) Categories of data transferred: As described in Column 6 of the data exporter’s “processing purposes table” (no special category data is transferred).

iv) Purposes of the transfer(s): To enable the data importer to process the relevant personal data as an independent controller for certain Client Controller Purposes (as defined in the Schedule) in connection with providing its digital advertising services, as more particularly described in column 7 of the data exporter’s “processing purposes table”.

v) Recipients: The personal data transferred may be disclosed only to the following recipients or categories of recipients: The data importer, its affiliates, its processors who are engaged by the data importer to support its digital advertising services in accordance with Article 28of the EU General Data Protection Regulation and its partners where necessary in connection with its digital advertising services.

vi) Additional useful information: The data importer’s processing of the MediaMath Data shall take place in accordance with its privacy policy and shall be subject to appropriate technical and organisational security measures to ensure the adequate protection of MediaMath Data.

 

C2P Model Clauses

4. Governing Law: The C2P Model Clauses shall be governed by: the law of the EU Member State in which the Client is established unless the Client is established in the UK, in which case the C2P Model Clauses shall be governed by English law after EU law ceases to apply to the UK (including the data protection aspects of any sub-processor contract entered into under the C2P Model Clauses).

5. Confidentiality: The C2P Model Clauses shall be treated as Confidential Information for the purposes of the confidentiality provisions of the Agreement, and may not be disclosed by MediaMath or Client to any third party except where and to the extent permitted by the Agreement. This shall not prevent disclosure of the Model Clauses to a data subject pursuant to Clause 4(h) of the C2P Model Clauses or to a supervisory authority pursuant to Clause 8 of the C2P Model Clauses.

6. Termination: In the event that Client wishes to terminate the C2P Model Clauses in accordance with Clause 5(a) or 5(b) of the C2P Model Clauses, then Client shall endeavour to provide notice to MediaMath and provide MediaMath with thirty (30) days to cure the non-compliance (“Cure Period“). If after the Cure Period, MediaMath has not or cannot cure the non-compliance, then Client may terminate the Agreement immediately in accordance with the termination provisions of the Agreement. Client shall not be required to provide such notice in circumstances where it considers there is a material risk of harm to data subjects or their personal data.

7. Audit: The provisions of the Schedule A, governing audit rights (“Audit Provisions“), shall also govern audit rights under the C2P Model Clauses. In the event that Client wishes to exercise its audit rights under Clause 5(f) of the C2P Model Clauses, then the Audit Provisions will exclusively govern Clients’ and MediaMath’s obligations with respect to such audits.

8. Sub-contracting: The provisions of the User Policy, governing subcontracting rights (“Sub-Contracting Provisions“), shall govern subcontracting rights under the C2P Model Clauses. In the event that MediaMath wishes to engage a sub-processor under the C2P Model Clauses then, provided that MediaMath complies with the requirements of the Sub-Contracting Provisions, Client shall deem MediaMath to have complied with its sub-processing obligations under Clauses 5(h) and (i) and Clause 11 of the C2P Model Clauses.

9. Onward sub-processing agreements: MediaMath shall be deemed to have complied with the obligation in Clause 5(j) of the C2P Model Clauses to the extent that it shall (on a confidential basis), if requested by Client, provide to Client all information it reasonably can in connection with any onward sub-processing agreement it concludes under the C2P Model Clauses.

10. SARs: MediaMath and Client acknowledge that MediaMath shall respond directly to SARs and Deletion Requests as defined in Schedule A. Therefore, in cases where MediaMath is acting as a processor, then for the purposes of Clause 5(d)(iii) of the C2P Model Clauses, Client hereby authorises MediaMath to respond directly to SARs and Deletion Requests which do not explicitly refer to the Client and/or deletion of Personal Data held by the Client.

11. Archives: For the purposes of Clause 12(1) of the C2P Model Clauses, the parties acknowledge that Client Data may be archived by MediaMath on back-up systems for security and business continuity purposes. Deletion of such archived Client Data shall be in accordance with MediaMath’s standard archival procedures, provided that MediaMath warrants that it will guarantee the confidentiality of the relevant Client Data and will not actively process it anymore.

 

C2C Model Clauses

12. Data Processing Principles: The parties select the option set out in Clause 2(h)(iii) of the C2C Model Clauses, namely that the applicable importer shall process personal data in accordance with the data processing principles set forth in Annex A of the C2C Model Clauses.

13. Confidentiality: The C2C Model Clauses shall be treated as Confidential Information for the purposes of the confidentiality provisions of the Agreement, and may not be disclosed by MediaMath or Client to any third party except where and to the extent permitted by the Agreement.

14. Audit: The Audit Provisions shall also govern audit rights under the C2C Model Clauses. In the event that Client wishes to exercise its audit rights under the Clause 2(g) of the C2C Model Clauses then the Audit Provisions will exclusively govern Clients’ and MediaMath’s obligations with respect to such audits.

 

 

Last Revised:  August 10, 2020