For the purposes of this section, “Data Protection Law” means all applicable EU laws relating to data protection and privacy including (without limitation) the EU General Data Protection Regulation (2016/679) (the “GDPR”), the EU Privacy and Electronic Communications Directive 2002/58/EC as implemented in any applicable EU member state, or any other local law, regulation or guidance from relevant regulators relating to the protection of Personal Data or the privacy of individuals, each as amended from time to time.
Each Party represents, warrants and undertakes to the other that, throughout the term of the SOW for RampID Mapping Files Services (hereafter the “SOW”), it shall comply with all applicable Data Protection Laws in addition to its contractual obligations as set forth herein and in the SOW.
To the extent that Partner Data provided by you comprises information that is considered personal data as defined by applicable Data Protection Law (“EU Personal Information”), then in relation to such data, Partner warrants and agrees that:
- The provision of the Partner Data to LiveRamp, and its subsequent use by LiveRamp for the purposes contemplated by the SOW will not violate Data Protection Law, or any agreements between Partner and any third parties;
- It will provide a valid notification to the data subjects of the Partner Data, in accordance with Article 13 of the GDPR, which explains (with the necessary level of detail) the sharing of the Partner Data with LiveRamp for the purpose of digital targeting;
- It will obtain the valid consent of the data subjects of the Partner Data (in accordance with the GDPR) for LiveRamp and Partner’s processing activities and purposes specified in the SOW;
- It will keep records that demonstrate that the Partner has obtained such valid consents, which it shall make available to LiveRamp upon written request; and
- Partner further agrees that it shall be responsible for dealing with and responding to all requests made by data subjects, which relate to the processing activities which are the subject of the SOW. In the event that LiveRamp receives a data subject request which relates specifically to Partner’s deployment of LiveRamp’s products, it shall forward that request to Partner without undue delay. Partner will have to respond to the requests of data subjects following the specific obligations set in Article 12 of GDPR.
In the Purpose of LiveRamp of RampID Mapping Files Services, LiveRamp and Partner act as Joint Controllers with the distribution of responsibilities set below as and when defined in the Data Protection Laws:
Roles on Shared obligations | LiveRamp | SSPs |
---|---|---|
Obligation to provide information to the Data Subjects for their respective cookies and related data involved in the processing | X | X |
Obligation to collect Cookies consent for their respective cookies involved in the processing | X | X |
Provision of contact points for the exercise of Data Subject's GDPR rights each for their part of the processing | X | X |
Response to requests to exercise the rights of the Data Subject each for their part of the processing | X | X |
Security of Data Subject’s Personal Data each for their part of the processing | X (when the data is processed on LiveRamp’s environment) | X (when the data is processed on SSP’s environment) |
Personal Data Breach - notification to the competent Supervisory Authority for their respective cookies and related data involved in the processing | X | X |