Authenticated Traffic Solution Country-Specific Terms

AUTHENTICATED TRAFFIC SOLUTION COUNTRY-SPECIFIC TERMS

Subject to the terms of your Authenticated Traffic Solution for Publishers Statement of Work (“SOW”) and provided the LiveRamp privacy team has approved the distribution of data from each of the Approved Geographies below, you may transfer Publisher Data from the following Approved Geographies. Unless otherwise defined in these terms, all capitalized terms used herein shall have the meanings given to them in the SOW or your Agreement.

LiveRamp may, in its sole discretion, change these terms, from time to time, and will provide notice to you in the event of a material change in the terms. You must monitor your compliance with these terms on a regular basis. If, at any time, you cannot meet these terms or if there is a significant risk that you will not be able to meet them, you must immediately notify us by sending an email to dataethics@liveramp.com and immediately either stop collecting and sharing Publisher Data or take reasonable and appropriate steps to restore an adequate level of protection.

COUNTRY SELECTION

  1. Australia
  2. Belgium
  3. Brazil
  4. France and the United Kingdom
  5. Germany
  6. Italy
  7. Japan
  8. The Netherlands
  9. New Zealand
  10. Singapore
  11. Spain

AUSTRALIA

Publisher will comply with applicable privacy laws, including the Privacy Act 1988 (Cth) and the Spam Act 2003 (Cth) and any other applicable analogous legislation (for purposes of this section, “Privacy Laws”).

To the extent that the Publisher Data provided by Publisher comprises information that is considered personal data as defined by the Privacy Laws (“Personal Information”), then in relation to such data Publisher represents and warrants: (a) comply with all applicable privacy, data security, and data protection laws, regulations, and rules, including but not limited to the Privacy Laws; and b) notify their users of the purpose of use of personal ID (i.e., individual identifiers, cookie ID, mobile ID, such as an AAID or IDFA, etc.) and any associated personal data; c) obtain explicit consent regarding its collection, use, and sharing of Personal Information as required under Privacy Laws, including through inclusion of a prominent link to its privacy policy and/or description of data collection and usage practices at the time and location of collection and through notice that Personal Information may be transferred overseas.

PROHIBITED DATA – AUSTRALIA

The following is considered Prohibited Data as defined in your Agreement: (i) any sensitive information (as that term is defined in the Privacy Laws); (ii) personally identifiable health information or any data that implicates or is governed by the Privacy Legislation related to health and medical research; or (iii) telephone numbers identified as unlisted or unpublished. 

BELGIUM

For the purposes of this section, European Data Protection Law” means all applicable European Union or Belgian laws relating to data protection and privacy including (without limitation) the EU General Data Protection Regulation (2016/679) (the “GDPR”), the EU Privacy and Electronic Communications Directive 2002/58/EC as implemented in any applicable EU member state, any such equivalent legislation applicable in the United Kingdom, and all amendments to or replacements of the above legislation. To the extent that Publisher Data provided by you comprises information that is considered personal data as defined by applicable European Data Protection Law (“EU Personal Information”), then in relation to such data Publisher warrants and agrees:

  1. the Data Ethics Review described in the SOW shall take into account rules set out in European Data Protection Law and Publisher shall make available to LiveRamp all information necessary to allow such Data Ethics Review and contribute to reasonable further reviews conducted by LiveRamp; 
  2. that the provision of the Publisher Data to LiveRamp, and its subsequent use by LiveRamp for the purposes contemplated by the SOW will not violate European Data Protection Law, or any agreements between Publisher and any third parties; 
  3. that it will provide a valid notification to the data subjects of the Publisher Data, in accordance with Article 13 of the GDPR, which explains (with the necessary level of detail) the sharing of the Publisher Data with LiveRamp (naming LiveRamp and linking to the LiveRamp privacy policy), the creation of the IdentityLink Envelope, the combination or matching of data, that the IdentityLink Envelope is associated with the Publisher’s first party storage, and that the first party storage and IdentityLink Envelope is used for the purpose of targeted advertising; 
  4. that it will obtain the valid consent of the data subjects of the Publisher Data (in accordance with the GDPR) for LiveRamp and Publisher’s processing activities and purposes specified in the SOW; 
  5. that it will keep records that demonstrate that the Publisher has obtained such valid consents, which it shall make available to LiveRamp upon written request; and
  6. in addition to any Prohibited Data restrictions set forth in your Agreement, it shall not provide to LiveRamp, or permit any third party to provide to LiveRamp on Publisher’s behalf, any special categories of data as defined in Article 9 of GDPR (“Prohibited Data”). If Publisher should transfer Prohibited Data to LiveRamp in violation of this section, Publisher shall immediately notify LiveRamp and inform LiveRamp of the date, time, and other pertinent information related to the transfer so LiveRamp may take the steps necessary to remove the Prohibited Data from its systems.

Provided Publisher is in compliance with the preceding warranties, LiveRamp warrants that it will comply with European Data Protection Law to the extent it is applicable to its activities which are the subject of the SOW. In accordance with the SOW, upon termination of the SOW LiveRamp shall not be required to destroy or cease use of any licensed Publisher Data but LiveRamp shall use Publisher Data in compliance with Article 5(1)(e) of the GDPR.

Publisher agrees that it shall be responsible for dealing with and responding to all requests made by data subjects under European Data Protection Law which relate to the processing activities which are the subject of the SOW. In the event that LiveRamp receives a data subject request which relates specifically to Publisher’s deployment of the Authenticated Traffic Solution, it shall forward that request to Publisher without undue delay.

BRAZIL

For the purposes of this section, “Brazilian Data Protection Law” means all applicable Brazilian laws relating to data protection and privacy including (without limitation) Brazilian Law No. 13709/18 (“LGPD”), as well as any other applicable laws and regulations relating to data protection and privacy and  Brazilian Law No. 12,965/14; as implemented, and all amendments to or replacements of the above legislation.

Each party represents, warrants and undertakes to the other that, throughout the term of this SOW, it shall comply with all applicable Data Protection Laws in addition to its contractual obligations as set forth herein. 

 To the extent that Publisher Data provided by you comprises information that is considered personal data as defined by applicable Brazilian Data Protection Law (“EU Personal Information”), then in relation to such data Publisher warrants and agrees:

  1. the Data Ethics Review described in the SOW shall take into account rules set out in Brazilian Data Protection Law and Publisher shall make available to LiveRamp all information necessary to allow such Data Ethics Review and contribute to reasonable further reviews conducted by LiveRamp; 
  2. that the provision of the Publisher Data to LiveRamp, and its subsequent use by LiveRamp for the purposes contemplated by the SOW will not violate Brazilian Data Protection Law, or any agreements between Publisher and any third parties; 
  3. that it will provide a valid notification to the data subjects of the Publisher Data, in accordance with Article 9 of the LGPD, which explains (with the necessary level of detail) the sharing of the Publisher Data with LiveRamp (naming LiveRamp and linking to the LiveRamp privacy policy), the creation of the IdentityLink Envelope, the combination or matching of data, that the IdentityLink Envelope is associated with the Publisher’s first party storage, and that the first party storage and IdentityLink Envelope is used for the purpose of targeted advertising; 
  4. that it will obtain the valid consent of the data subjects of the Publisher Data (in accordance with the LGPD) for LiveRamp and Publisher’s processing activities and purposes specified in the SOW; 
  5. that it will keep records that demonstrate that the Publisher has obtained such valid consents, which it shall make available to LiveRamp upon written request; and
  6. in addition to any Prohibited Data restrictions set forth in your Agreement, it shall not provide to LiveRamp, or permit any third party to provide to LiveRamp on Publisher’s behalf, any special categories of data as defined by the Brazilian regulator. If Publisher should transfer Prohibited Data to LiveRamp in violation of this section, Publisher shall immediately notify LiveRamp and inform LiveRamp of the date, time, and other pertinent information related to the transfer so LiveRamp may take the steps necessary to remove the Prohibited Data from its systems.

In accordance with the SOW, upon termination of the SOW LiveRamp shall not be required to destroy or cease use of any licensed Publisher Data but LiveRamp shall use Publisher Data in compliance with statistical and research & development exceptions to the extent it is applicable.

Publisher agrees that it shall be responsible for dealing with and responding to all requests made by data subjects under Brazilian Data Protection Law which relate to the processing activities which are the subject of the SOW. In the event that LiveRamp receives a data subject request which relates specifically to Publisher’s deployment of the Authenticated Traffic Solution, it shall forward that request to Publisher without undue delay.

FRANCE AND THE UNITED KINGDOM

For the purposes of this section, European Data Protection Law” means all applicable European Union or the United Kingdom’s laws relating to data protection and privacy including (without limitation) the EU General Data Protection Regulation (2016/679) (the “GDPR”), the EU Privacy and Electronic Communications Directive 2002/58/EC as implemented in any applicable EU member state, any such equivalent legislation applicable in the United Kingdom, and all amendments to or replacements of the above legislation. To the extent that Publisher Data provided by you comprises information that is considered personal data as defined by applicable European Data Protection Law (“EU Personal Information”), then in relation to such data Publisher warrants and agrees:

  1. the Data Ethics Review described in the SOW shall take into account rules set out in European Data Protection Law and Publisher shall make available to LiveRamp all information necessary to allow such Data Ethics Review and contribute to reasonable further reviews conducted by LiveRamp; 
  2. that the provision of the Publisher Data to LiveRamp, and its subsequent use by LiveRamp for the purposes contemplated by the SOW will not violate European Data Protection Law, or any agreements between Publisher and any third parties; 
  3. that it will provide a valid notification to the data subjects of the Publisher Data, in accordance with Article 13 of the GDPR, which explains (with the necessary level of detail) the sharing of the Publisher Data with LiveRamp (naming LiveRamp and linking to the LiveRamp privacy policy), the creation of the IdentityLink Envelope, the combination or matching of data, that the IdentityLink Envelope is associated with the Publisher’s first party storage, and that the first party storage and IdentityLink Envelope is used for the purpose of targeted advertising; 
  4. that it will obtain the valid consent of the data subjects of the Publisher Data (in accordance with the GDPR) for LiveRamp and Publisher’s processing activities and purposes specified in the SOW; 
  5. that it will keep records that demonstrate that the Publisher has obtained such valid consents, which it shall make available to LiveRamp upon written request; and
  6. in addition to any Prohibited Data restrictions set forth in your Agreement, it shall not provide to LiveRamp, or permit any third party to provide to LiveRamp on Publisher’s behalf, any special categories of data as defined in Article 9 of GDPR (“Prohibited Data”). If Publisher should transfer Prohibited Data to LiveRamp in violation of this section, Publisher shall immediately notify LiveRamp and inform LiveRamp of the date, time, and other pertinent information related to the transfer so LiveRamp may take the steps necessary to remove the Prohibited Data from its systems.

Provided Publisher is in compliance with the preceding warranties, LiveRamp warrants that it will comply with European Data Protection Law to the extent it is applicable to its activities which are the subject of the SOW. In accordance with the SOW, upon termination of the SOW LiveRamp shall not be required to destroy or cease use of any licensed Publisher Data but LiveRamp shall use Publisher Data in compliance with Article 5(1)(e) of the GDPR.

Publisher agrees that it shall be responsible for dealing with and responding to all requests made by data subjects under European Data Protection Law which relate to the processing activities which are the subject of the SOW. In the event that LiveRamp receives a data subject request which relates specifically to Publisher’s deployment of the Authenticated Traffic Solution, it shall forward that request to Publisher without undue delay.

GERMANY

For the purposes of this section, European Data Protection Law” means all applicable EU or German laws relating to data protection and privacy including (without limitation) the EU General Data Protection Regulation (2016/679) (the “GDPR”), the EU Privacy and Electronic Communications Directive 2002/58/EC as implemented in any applicable EU member state, any such equivalent legislation applicable in the United Kingdom, and all amendments to or replacements of the above legislation. To the extent that Publisher Data provided by you comprises information that is considered personal data as defined by applicable European Data Protection Law (“EU Personal Information”), then in relation to such data Publisher warrants and agrees:

  1. the Data Ethics Review described in the SOW shall take into account rules set out in European Data Protection Law and Publisher shall make available to LiveRamp all information necessary to allow such Data Ethics Review and contribute to reasonable further reviews conducted by LiveRamp; 
  2. that the provision of the Publisher Data to LiveRamp, and its subsequent use by LiveRamp for the purposes contemplated by the SOW will not violate European Data Protection Law, or any agreements between Publisher and any third parties; 
  3. that it will provide a valid notification to the data subjects of the Publisher Data, in accordance with Article 13 of the GDPR, which explains (with the necessary level of detail) the sharing of the Publisher Data with LiveRamp (naming LiveRamp and linking to the LiveRamp privacy policy), the creation of the IdentityLink Envelope, the combination or matching of data, that the IdentityLink Envelope is associated with the Publisher’s first party storage, and that the first party storage and IdentityLink Envelope is used for the purpose of targeted advertising; 
  4. that it will obtain the valid consent of the data subjects of the Publisher Data (in accordance with the GDPR) for LiveRamp and Publisher’s processing activities and purposes specified in the SOW; 
  5. that it will keep records that demonstrate that the Publisher has obtained such valid consents, which it shall make available to LiveRamp upon written request; and
  6. in addition to any Prohibited Data restrictions set forth in your Agreement, it shall not provide to LiveRamp, or permit any third party to provide to LiveRamp on Publisher’s behalf, any special categories of data as defined in Article 9 of GDPR (“Prohibited Data”). If Publisher should transfer Prohibited Data to LiveRamp in violation of this section, Publisher shall immediately notify LiveRamp and inform LiveRamp of the date, time, and other pertinent information related to the transfer so LiveRamp may take the steps necessary to remove the Prohibited Data from its systems.

Provided Publisher is in compliance with the preceding warranties, LiveRamp warrants that it will comply with European Data Protection Law to the extent it is applicable to its activities which are the subject of the SOW. In accordance with the SOW, upon termination of the SOW LiveRamp shall not be required to destroy or cease use of any licensed Publisher Data but LiveRamp shall use Publisher Data in compliance with Article 5(1)(e) of GDPR.

Publisher agrees that it shall be responsible for dealing with and responding to all requests made by data subjects under European Data Protection Law which relate to the processing activities which are the subject of the SOW. In the event that LiveRamp receives a data subject request which relates specifically to Publisher’s deployment of the Authenticated Traffic Solution, it shall forward that request to Publisher without undue delay.

ITALY

For the purposes of this section, the Italian Data Protection Regulatory Framework  shall mean, unless differently stated: i) Regulation (EU) 2016/679 (the “General Data Protection Regulation” or “GDPR”); ii)  Legislative Decree no. 196 of 30 June 2003, no.196, titled  “Italian Data Protection Code” (the “DPC”), emended by the Legislative Decree 101/2018;  and (iii) Resolutions of the Italian Data Protection Authority. To the extent that Publisher Data provided by you comprises information that is considered personal data as defined by applicable European Data Protection Law (“EU Personal Information”), then in relation to such data Publisher warrants and agrees:

  1. the Data Ethics Review described in the SOW shall take into account rules set out in the Italian Data Protection Regulatory  Framework and Publisher shall make available to LiveRamp all information necessary to allow such Data Ethics Review and contribute to reasonable further reviews conducted by LiveRamp; 
  2. that the provision of the Publisher Data to LiveRamp, and its subsequent use by LiveRamp for the purposes contemplated by the SOW will not violate the Data Protection Regulatory Framework, or any agreements between Publisher and any third parties; 
  3. that it will provide a valid notification to the data subjects of the Publisher Data, in accordance with Article 13 of the GDPR, which explains (with the necessary level of detail) the sharing of the Publisher Data with LiveRamp (naming LiveRamp and linking to the LiveRamp privacy policy), the creation of the IdentityLink Envelope, the combination or matching of data, that the IdentityLink Envelope is associated with the Publisher’s first party storage, and that the first party storage and IdentityLink Envelope is used for the purpose of targeted advertising and direct marketing; 
  4. that it will obtain the valid and informed consent of the data subjects of the Publisher Data (in accordance with the GDPR) for LiveRamp and Publisher’s processing activities and purposes specified in the SOW; 
  5. that it declares to be awarded that consent should not be regarded as freely given if the data subject has no genuine and/or free choice and/or is unable to refuse or withdraw consent without detriment; 
  6. that it will keep records that demonstrate that the Publisher has obtained such valid consents, which it shall make available to LiveRamp upon written request; 
  7. that it will comply with Article 33 of the GDPR, notifying with written notice LiveRamp on any personal data breach that the Publisher may occur without undue delay. The notification referred above shall at least: (a) describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned; (b) communicate the name and contact details of the data protection officer or other contact point where more information can be obtained; (c) describe the likely consequences of the personal data breach; (d) describe the measures taken or proposed to be taken by the Publisher to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects; and
  8. in addition to any Prohibited Data restrictions set forth in your Agreement, that it shall not provide to LiveRamp, or permit any third party to provide to LiveRamp on Publisher’s behalf, any special categories of data as defined in Article 9 of GDPR (“Prohibited Data”). If Publisher should transfer Prohibited Data to LiveRamp in violation of this section, Publisher shall immediately notify LiveRamp and inform LiveRamp of the date, time, and other pertinent information related to the transfer so LiveRamp may take the steps necessary to remove the Prohibited Data from its systems.

Provided Publisher is in compliance with the preceding warranties, LiveRamp warrants that it will comply with European Data Protection Law to the extent it is applicable to its activities which are the subject of the SOW. In accordance with the SOW, upon termination of the SOW LiveRamp shall not be required to destroy or cease use of any licensed Publisher Data but LiveRamp shall use Publisher Data in compliance with Article 5(1)(e) of the GDPR.

Publisher further agrees that it shall be responsible for dealing with and responding to all requests made by data subjects under Data Protection Regulatory Framework, which relate to the processing activities which are the subject of the SOW. In the event that LiveRamp receives a data subject request which relates specifically to Publisher’s deployment of the Authenticated Traffic Solution, it shall forward that request to Publisher without undue delay. The Publisher will have to respond to the requests of data subjects following the specific obligations set in Article 12 of GDPR.

JAPAN

Publisher will comply with privacy, data security, and data protection laws, regulations, and rules, including but not limited to Act on the Protection of Personal Information, including the Act on Protection of Personal Information of Japan and any other applicable analogous legislation (for purposes of this section, “Privacy Laws”).

To the extent that the Publisher Data provided by Publisher comprises information that is considered personal data as defined by Japan applicable Privacy Laws (“Personal Information”), then in relation to such data Publisher warrants and agrees: (a) to comply with the Privacy Laws; and b) notify their users of the purpose of use of personal ID (i.e., individual identifiers, cookie ID, mobile ID, such as an AAID or IDFA, etc.) and any associated personal data; c) obtain explicit consent regarding its collection, use, and sharing of Personal Information as required under the Privacy Laws, including through inclusion of a prominent link to its privacy policy and/or description of data collection and usage practices at the time and location of collection and through notice that Personal Information may be transferred overseas.

PROHIBITED DATA – JAPAN

The following is considered Prohibited Data as defined in your Agreement: (i) Resident Register (Jumin-hyo) Code; or (ii) any data associated with an individual’s status as a person under the age of twenty. 

THE NETHERLANDS

For the purposes of this section, European Data Protection Law” means all applicable European Union or Dutch laws relating to data protection and privacy including (without limitation) the EU General Data Protection Regulation (2016/679) (the “GDPR”), the EU Privacy and Electronic Communications Directive 2002/58/EC as implemented in any applicable EU member state, any such equivalent legislation applicable in the United Kingdom, and all amendments to or replacements of the above legislation. To the extent that Publisher Data provided by you comprises information that is considered personal data as defined by applicable European Data Protection Law (“EU Personal Information”), then in relation to such data Publisher warrants and agrees:

  1. the Data Ethics Review described in the SOW shall take into account rules set out in European Data Protection Law and Publisher shall make available to LiveRamp all information necessary to allow such Data Ethics Review and contribute to reasonable further reviews conducted by LiveRamp; 
  2. that the provision of the Publisher Data to LiveRamp, and its subsequent use by LiveRamp for the purposes contemplated by the SOW will not violate European Data Protection Law, or any agreements between Publisher and any third parties; 
  3. that it will provide a valid notification to the data subjects of the Publisher Data, in accordance with Article 13 of the GDPR, which explains (with the necessary level of detail) the sharing of the Publisher Data with LiveRamp (naming LiveRamp and linking to the LiveRamp privacy policy), the creation of the IdentityLink Envelope, the combination or matching of data, that the IdentityLink Envelope is associated with the Publisher’s first party storage, and that the first party storage and IdentityLink Envelope is used for the purpose of targeted advertising; 
  4. that it will obtain the valid consent of the data subjects of the Publisher Data (in accordance with the GDPR) for LiveRamp and Publisher’s processing activities and purposes specified in the SOW; 
  5. that it will keep records that demonstrate that the Publisher has obtained such valid consents, which it shall make available to LiveRamp upon written request; and
  6. in addition to any Prohibited Data restrictions set forth in your Agreement, it shall not provide to LiveRamp, or permit any third party to provide to LiveRamp on Publisher’s behalf, any special categories of data as defined in Article 9 of GDPR (“Prohibited Data”). If Publisher should transfer Prohibited Data to LiveRamp in violation of this section, Publisher shall immediately notify LiveRamp and inform LiveRamp of the date, time, and other pertinent information related to the transfer so LiveRamp may take the steps necessary to remove the Prohibited Data from its systems.

Provided Publisher is in compliance with the preceding warranties, LiveRamp warrants that it will comply with European Data Protection Law to the extent it is applicable to its activities which are the subject of the SOW. In accordance with the SOW, upon termination of the SOW LiveRamp shall not be required to destroy or cease use of any licensed Publisher Data but LiveRamp shall use Publisher Data in compliance with Article 5(1)(e) of the GDPR.

Publisher agrees that it shall be responsible for dealing with and responding to all requests made by data subjects under European Data Protection Law which relate to the processing activities which are the subject of the SOW. In the event that LiveRamp receives a data subject request which relates specifically to Publisher’s deployment of the Authenticated Traffic Solution, it shall forward that request to Publisher without undue delay.

NEW ZEALAND

Publisher will comply with applicable privacy laws, including the Privacy Act 2020 and the Information Privacy Principles under that Act, and the Unsolicited Electronic Messages Act 2007, and any other applicable analogous legislation, and all amendments to or replacements of the above legislation (for purposes of this section, “Privacy Laws”).

To the extent that the Publisher Data provided by Publisher comprises information that is considered personal information as defined by the Privacy Laws (“Personal Information”), then in relation to such data Publisher represents and warrants: a) that valid notification has been provided to their users for the purpose of use and share of personal information, including personal ID (i.e., individual identifiers, cookie ID, mobile ID, such as an AAID or IDFA, etc.) and any associated personal information; b) that it has ensured “comparable protection” to the standards set out in the Privacy Laws in connection with any Personal Information outside the country; and c) that it shall be responsible for dealing with and responding to all requests made by data subjects under Privacy Laws which relate to the processing activities that are the subject of the SOW. 

PROHIBITED DATA – New Zealand

The following is considered Prohibited Data as defined in your Agreement: (i) any special categories of data as defined in Privacy Laws or any other legislations of the country, like the health information and criminal records; and (ii) any information related to a person under the age of eighteen (18).

SINGAPORE

Publisher will comply with applicable privacy laws, including the Personal Data Protection Act of Singapore (“PDPA”), Cybersecurity Act, Data Protection Enforcement Cases (decisions), and any other applicable analogous legislation (for purposes of this section, “Privacy Laws”).

To the extent that the Publisher Data provided by Publisher comprises information that is considered personal data as defined by the Privacy Laws (“Personal Data”), Publisher represents and warrants to LiveRamp that it shall (i) comply with all applicable Privacy Laws; and (ii) get consent from the individual prior to the collection, use, or disclosure of the personal data (and such consent must not be a condition of providing a product or service, beyond what is reasonable to provide such product or service; and must not be obtained through the provision of false or misleading information or through deceptive or misleading practices), and that Publisher has also provided the relevant data protection notice (notifying purposes of collection, use and disclosure etc.) to the individual on or before collecting, using or disclosing the Personal Data.

In connection with any Personal Data outside of Singapore, Publisher represents and warrants to LiveRamp that it has ensured “comparable protection” to the standards set out in the Privacy Laws. The mechanisms to achieve this include but are not limited to: data transfer agreements; the individual has given consent (and provided required notices have been provided); in connection with performance of contracts between the transferring organization and the individual.

 Publisher agrees that it shall be responsible for dealing with and responding to all requests made by data subjects under the Privacy Laws which relate to the processing activities which are the subject of the SOW. In the event that LiveRamp receives a data subject request which relates specifically to Publisher’s deployment of the Authenticated Traffic Solution, it shall forward that request to Publisher without undue delay.

PROHIBITED DATA – SINGAPORE

The following is considered Prohibited Data as defined in your Agreement: (i) national identification (“National ID”) numbers and associated details in National ID documents, such as Singapore’s National Registration Identification Card (“NRIC”); (ii) Sensitive Information (as that term is defined in the Privacy Laws); or (iii) telephone numbers identified as unlisted or unpublished.

SPAIN

For the purposes of this section, “European Data Protection Law” means all applicable EU and Spanish laws relating to data protection and privacy including (without limitation) the EU General Data Protection Regulation (2016/679) (the “GDPR”), the Act 3/2018, on Data Protection and Digital Rights Guarantee and the Act 34/2002, on Information Society Services and eCommerce, implementing the EU Privacy and Electronic Communications Directive 2002/58/EC, and all amendments to or replacements of the above legislation. To the extent that Publisher Data provided by you comprises information that is considered personal data as defined by applicable European Data Protection Law (“EU Personal Information”), then in relation to such data Publisher warrants and agrees:

  1. the Data Ethics Review described in the SOW shall take into account rules set out in European Data Protection Law and Publisher shall make available to LiveRamp all information necessary to allow such Data Ethics Review and contribute to reasonable further reviews conducted by LiveRamp; 
  2. that the provision of the Publisher Data to LiveRamp, and its subsequent use by LiveRamp for the purposes contemplated by the SOW will not violate European Data Protection Law, or any agreements between Publisher and any third parties; 
  3. that it will provide a valid notification to the data subjects of the Publisher Data, in accordance with Article 13 of the GDPR, which explains (with the necessary level of detail) the sharing of the Publisher Data with LiveRamp (naming LiveRamp and linking to the LiveRamp privacy policy), the creation of the IdentityLink Envelope, the combination or matching of data, that the IdentityLink Envelope is associated with the Publisher’s first party storage, and that the first party storage and IdentityLink Envelope is used for the purpose of targeted advertising; 
  4. that it will obtain the valid consent of the data subjects of the Publisher Data (in accordance with the GDPR) for LiveRamp and Publisher’s processing activities and purposes specified in the SOW; 
  5. that it will keep records that demonstrate that the Publisher has obtained such valid consents, which it shall make available to LiveRamp upon written request; and
  6. in addition to any Prohibited Data restrictions set forth in your Agreement, it shall not provide to LiveRamp, or permit any third party to provide to LiveRamp on Publisher’s behalf, any special categories of data as defined in Article 9 of GDPR (“Prohibited Data”). If Publisher should transfer Prohibited Data to LiveRamp in violation of this section, Publisher shall immediately notify LiveRamp and inform LiveRamp of the date, time, and other pertinent information related to the transfer so LiveRamp may take the steps necessary to remove the Prohibited Data from its systems.

Provided Publisher is in compliance with the preceding warranties, LiveRamp warrants that it will comply with European Data Protection Law to the extent it is applicable to its activities which are the subject of the SOW. In accordance with the SOW, upon termination of the SOW LiveRamp shall not be required to destroy or cease use of any licensed Publisher Data but LiveRamp shall use Publisher Data in compliance with Article 5(1)(e) of the GDPR.

Publisher agrees that it shall be responsible for dealing with and responding to all requests made by data subjects under European Data Protection Law which relate to the processing activities which are the subject of the SOW. In the event that LiveRamp receives a data subject request which relates specifically to Publisher’s deployment of the Authenticated Traffic Solution, it shall forward that request to Publisher without undue delay.

Updated May 3, 2021