Authenticated Traffic Solution Country-Specific Terms

Subject to the terms of your Authenticated Traffic Solution for Publishers Statement of Work (“SOW”) and provided the LiveRamp privacy team has approved the distribution of data from each of the Approved Geographies below, you may transfer Publisher Data from the following Approved Geographies. Unless otherwise defined in these terms, all capitalized terms used herein shall have the meanings given to them in the SOW or your Agreement.

LiveRamp may, in its sole discretion, change these terms, from time to time, and will provide notice to you in the event of a material change in the terms. You must monitor your compliance with these terms on a regular basis. If, at any time, you cannot meet these terms or if there is a significant risk that you will not be able to meet them, you must immediately notify us by sending an email to dataethics@liveramp.com and immediately either stop collecting and sharing Publisher Data or take reasonable and appropriate steps to restore an adequate level of protection.

COUNTRY SELECTION

  1. Argentina
  2. Australia
  3. Brazil
  4. Canada
  5. EU/UK
  6. Japan
  7. Mexico
  8. New Zealand
  9. Singapore
  10. Taiwan

To the extent that the Publisher Data provided by Publisher comprises information that is considered personal data as defined by the Privacy Laws (“Personal Information”), then in relation to such data Publisher represents and warrants: (a) comply with all applicable privacy, data security, and data protection laws, regulations, and rules, including but not limited to the Privacy Laws; and b) notify their users of the purpose of use of personal ID (i.e., individual identifiers, cookie ID, mobile ID, such as an AAID or IDFA, etc.) and any associated personal data; c) obtain explicit consent regarding its collection, use, and sharing of Personal Information as required under Privacy Laws, including through inclusion of a prominent link to its privacy policy and/or description of data collection and usage practices at the time and location of collection and through notice that Personal Information may be transferred overseas.

ARGENTINA

For the purposes of this section, “Argentinian Data Protection Law” means all applicable Argentinian laws relating to data protection and privacy including (without limitation) (without limitation) Personal Data Protection Law No. 25,326 (“PDPL”),the Decree No. 1558/2001 and its related regulations issued by the enforcement local authority (Agencia de Acceso a la Información Pública and Direccón Nacional de Protección de Datos Personales), as well as any other applicable laws and regulations relating to data protection and privacy as implemented, and all amendments to or replacements of the above legislation.

Each party represents, warrants and undertakes to the other that, throughout the term of this SOW, it shall comply with all applicable Data Protection Laws in addition to its contractual obligations as set forth herein.


To the extent that Publisher Data provided by you comprises information that is considered personal data as defined by applicable Argentinian Data Protection Law (“ Argentinian Personal Information”), then in relation to such data Publisher warrants and agrees:

  1. the Data Ethics Review described in the SOW shall take into account rules set out in Argentinian Data Protection Law and Publisher shall make available to LiveRamp all information necessary to allow such Data Ethics Review and contribute to reasonable further reviews conducted by LiveRamp;
  2. that the provision of the Publisher Data to LiveRamp, and its subsequent use by LiveRamp for the purposes contemplated by the SOW will not violate Argentinian Data Protection Law, or any agreements between Publisher and any third parties;
  3. that it will provide a valid notification to the data subjects of the Publisher Data, in accordance with Section 6 of the PDPL, which explains (with the necessary level of detail) the sharing of the Publisher Data with LiveRamp (naming LiveRamp and linking to the LiveRamp privacy policy), the creation of the envelope, the combination or matching of data, that the envelope is associated with the Publisher’s first party storage, and that the first party storage and envelope is used for the purpose of targeted advertising;
  4. that it will obtain the valid consent of the data subjects of the Publisher Data (in accordance with the Section 6 of the PDPL) for LiveRamp and Publisher’s processing activities and purposes specified in the SOW;
  5. that it will keep records that demonstrate that the Publisher has obtained such valid consents, which it shall make available to LiveRamp upon written request; and
  6. in addition to any Prohibited Data restrictions set forth in your Agreement, it shall not provide to LiveRamp, or permit any third party to provide to LiveRamp on Publisher’s behalf, any special categories of data as defined by the Argentinian regulator. If Publisher should transfer Prohibited Data to LiveRamp in violation of this section, Publisher shall immediately notify LiveRamp and inform LiveRamp of the date, time, and other pertinent information related to the transfer so LiveRamp may take the steps necessary to remove the Prohibited Data from its systems.

In accordance with the SOW, upon termination of the SOW LiveRamp shall not be required to destroy or cease use of any licensed Publisher Data but LiveRamp shall use Publisher Data in compliance with statistical and research & development exceptions to the extent it is applicable.

Publisher agrees that it shall be responsible for dealing with and responding to all requests made by data subjects under Argentinian Data Protection Law which relate to the processing activities which are the subject of the SOW. In the event that LiveRamp receives a data subject request which relates specifically to Publisher’s deployment of the Authenticated Traffic Solution, it shall forward that request to Publisher without undue delay.

AUSTRALIA

Publisher will comply with applicable privacy laws, including the Privacy Act 1988 (Cth) and the Spam Act 2003 (Cth) and any other applicable analogous legislation (for purposes of this section, “Privacy Laws”).

To the extent that the Publisher Data provided by Publisher comprises information that is considered personal data as defined by the Privacy Laws (“Personal Information”), then in relation to such data Publisher represents and warrants: (a) comply with all applicable privacy, data security, and data protection laws, regulations, and rules, including but not limited to the Privacy Laws; and b) notify their users of the purpose of use of personal ID (i.e., individual identifiers, cookie ID, mobile ID, such as an AAID or IDFA, etc.) and any associated personal data; c) obtain explicit consent regarding its collection, use, and sharing of Personal Information as required under Privacy Laws, including through inclusion of a prominent link to its privacy policy and/or description of data collection and usage practices at the time and location of collection and through notice that Personal Information may be transferred overseas.

PROHIBITED DATA – AUSTRALIA

The following is considered Prohibited Data as defined in your Agreement: (i) any sensitive information (as that term is defined in the Privacy Laws); (ii) personally identifiable health information or any data that implicates or is governed by the Privacy Legislation related to health and medical research; or (iii) telephone numbers identified as unlisted or unpublished. 

BRAZIL

For the purposes of this section, “Brazilian Data Protection Law” means all applicable Brazilian laws relating to data protection and privacy including (without limitation) Brazilian Law No. 13709/18 (“LGPD”), as well as any other applicable laws and regulations relating to data protection and privacy and  Brazilian Law No. 12,965/14; as implemented, and all amendments to or replacements of the above legislation.

Each party represents, warrants and undertakes to the other that, throughout the term of this SOW, it shall comply with all applicable Data Protection Laws in addition to its contractual obligations as set forth herein. 

 To the extent that Publisher Data provided by you comprises information that is considered personal data as defined by applicable Brazilian Data Protection Law (“EU Personal Information”), then in relation to such data Publisher warrants and agrees:

  1. the Data Ethics Review described in the SOW shall take into account rules set out in Brazilian Data Protection Law and Publisher shall make available to LiveRamp all information necessary to allow such Data Ethics Review and contribute to reasonable further reviews conducted by LiveRamp; 
  2. that the provision of the Publisher Data to LiveRamp, and its subsequent use by LiveRamp for the purposes contemplated by the SOW will not violate Brazilian Data Protection Law, or any agreements between Publisher and any third parties; 
  3. that it will provide a valid notification to the data subjects of the Publisher Data, in accordance with Article 9 of the LGPD, which explains (with the necessary level of detail) the sharing of the Publisher Data with LiveRamp (naming LiveRamp and linking to the LiveRamp privacy policy), the creation of the envelope, the combination or matching of data, that the envelope is associated with the Publisher’s first party storage, and that the first party storage and envelope is used for the purpose of targeted advertising; 
  4. that it will obtain the valid consent of the data subjects of the Publisher Data (in accordance with the LGPD) for LiveRamp and Publisher’s processing activities and purposes specified in the SOW; 
  5. that it will keep records that demonstrate that the Publisher has obtained such valid consents, which it shall make available to LiveRamp upon written request; and
  6. in addition to any Prohibited Data restrictions set forth in your Agreement, it shall not provide to LiveRamp, or permit any third party to provide to LiveRamp on Publisher’s behalf, any special categories of data as defined by the Brazilian regulator. If Publisher should transfer Prohibited Data to LiveRamp in violation of this section, Publisher shall immediately notify LiveRamp and inform LiveRamp of the date, time, and other pertinent information related to the transfer so LiveRamp may take the steps necessary to remove the Prohibited Data from its systems.

In accordance with the SOW, upon termination of the SOW LiveRamp shall not be required to destroy or cease use of any licensed Publisher Data but LiveRamp shall use Publisher Data in compliance with statistical and research & development exceptions to the extent it is applicable.

Publisher agrees that it shall be responsible for dealing with and responding to all requests made by data subjects under Brazilian Data Protection Law which relate to the processing activities which are the subject of the SOW. In the event that LiveRamp receives a data subject request which relates specifically to Publisher’s deployment of the Authenticated Traffic Solution, it shall forward that request to Publisher without undue delay. Click here to view the Brazilian Contractual Clauses.

 

CANADA

Publisher will comply with applicable privacy laws, including the Personal Information Protection and Electronic Documents Act (Canada) (PIPEDA) and all substantially similar provincial privacy laws in Canada, as well as the Canada’s Anti-Spam Law (CASL) (for purposes of this section, “Privacy Laws”).

To the extent that the Publisher Data provided by Publisher comprises information that is considered personal information as defined by the Privacy Laws (“Personal Information”), Publisher represents and warrants to LiveRamp that it shall (i) comply with all applicable Privacy Laws; and (ii) get consent from the individual prior to the collection, use, or disclosure of the personal information (and such consent must not be a condition of providing a product or service, beyond what is reasonable to provide such product or service; and must not be obtained through the provision of false or misleading information or through deceptive or misleading practices), and that Publisher has also provided the relevant data protection notice (notifying purposes of collection, use and disclosure etc.) to the individual on or before collecting, using or disclosing the Personal Information.

In connection with any Personal Information to be transferred outside of Canada, Publisher represents and warrants to LiveRamp that it has ensured “comparable protection” to the standards set out in the Privacy Laws. The mechanisms to achieve this include but are not limited to: data transfer agreements; the individual has given consent (and provided required notices have been provided); in connection with performance of contracts between the transferring organization and the individual.

Publisher agrees that it shall be responsible for dealing with and responding to all requests made by data subjects under the Privacy Laws which relate to the processing activities which are the subject of the SOW. In the event that LiveRamp receives a data subject request which relates specifically to Publisher’s deployment of the Authenticated Traffic Solution, it shall forward that request to Publisher without undue delay.

EU/UK

For the purposes of this section, “Data Protection Law” means all applicable EU or UK laws relating to data protection and privacy including (without limitation) the EU General Data Protection Regulation (2016/679) (the “GDPR”), the EU Privacy and Electronic Communications Directive 2002/58/EC as implemented in any applicable EU member state, the UK General Data Protection Regulation (UK GDPR) or any such equivalent legislation applicable in the United Kingdom, any other local law, regulation or guidance from relevant regulators relating to the protection of Personal Data or the privacy of individuals, each as amended from time to time.

Publisher and LiveRamp represents, warrants and undertakes to the other that, throughout the term of the SOW, it shall comply with all applicable Data Protection Laws in addition to its contractual obligations as set forth herein and in the SOW.

To the extent that Publisher Data provided by you comprises information that is considered personal data as defined by applicable Data Protection Law (“EU Personal Information”), then in relation to such data Publisher warrants and agrees:

  1. the Data Ethics Review described in the SOW shall take into account rules set out in Data Protection Law and Publisher shall make available to LiveRamp all information necessary to allow such Data Ethics Review and contribute to reasonable further reviews conducted by LiveRamp; 
  2. that the provision of the Publisher Data to LiveRamp, and its subsequent use by LiveRamp for the purposes contemplated by the SOW will not violate Data Protection Law, or any agreements between Publisher and any third parties; 
  3. that it will provide a valid notification to the data subjects of the Publisher Data, in accordance with Article 13 of the GDPR, which explains (with the necessary level of detail) the sharing of the Publisher Data with LiveRamp (naming LiveRamp and linking to the LiveRamp privacy policy), the creation of the envelope, the combination or matching of data, that the envelope is associated with the Publisher’s first party storage, and that the first party storage and envelope is used for the purpose of targeted advertising; 
  4. that it will obtain the valid consent of the data subjects of the Publisher Data (in accordance with the GDPR) for LiveRamp and Publisher’s processing activities and purposes specified in the SOW; 
  5. that it will keep records that demonstrate that the Publisher has obtained such valid consents, which it shall make available to LiveRamp upon written request; and
  6. In the EEA countries and in the UK, given the nature of the requirements outlined above and the guidance of the regulators, the Publisher warrants to implement a Consent Management Platform allowing such features, including the IAB Transparency and Consent Framework without undue delay. 
  7. in addition to any Prohibited Data restrictions set forth in your SOW, it shall not provide to LiveRamp, or permit any third party to provide to LiveRamp on Publisher’s behalf, any special categories of data as defined in Article 9 of GDPR (“Prohibited Data”). If Publisher should transfer Prohibited Data to LiveRamp in violation of this section, Publisher shall immediately notify LiveRamp and inform LiveRamp of the date, time, and other pertinent information related to the transfer so LiveRamp may take the steps necessary to remove the Prohibited Data from its systems.
  8. Publisher further agrees that it shall be responsible for dealing with and responding to all requests made by data subjects under Data Protection Regulatory Framework, which relate to the processing activities which are the subject of the SOW. In the event that LiveRamp receives a data subject request which relates specifically to Publisher’s deployment of the Authenticated Traffic Solution, it shall forward that request to Publisher without undue delay. The Publisher will have to respond to the requests of data subjects following the specific obligations set in Article 12 of GDPR.

In the Purpose of the Authenticated Traffic Solution, LiveRamp and the Publisher act as Joint Controllers with the distribution of responsibilities set HERE as and when defined in the Data Protection Law.

JAPAN

Publisher will comply with privacy, data security, and data protection laws, regulations, and rules, including but not limited to Act on the Protection of Personal Information, including the Act on Protection of Personal Information of Japan and any other applicable analogous legislation (for purposes of this section, “Privacy Laws”).

To the extent that the Publisher Data provided by Publisher comprises information that is considered personal data as defined by Japan applicable Privacy Laws (“Personal Information”), then in relation to such data Publisher warrants and agrees: (a) to comply with the Privacy Laws; and b) notify their users of the purpose of use of personal ID (i.e., individual identifiers, cookie ID, mobile ID, such as an AAID or IDFA, etc.) and any associated personal data; c) obtain explicit consent regarding its collection, use, and sharing of Personal Information as required under the Privacy Laws, including through inclusion of a prominent link to its privacy policy and/or description of data collection and usage practices at the time and location of collection and through notice that Personal Information may be transferred overseas.

PROHIBITED DATA – JAPAN

The following is considered Prohibited Data as defined in your Agreement: (i) Resident Register (Jumin-hyo) Code; or (ii) any data associated with an individual’s status as a person under the age of twenty. 

MEXICO

For the purposes of this section, “Mexican Data Protection Law” means all applicable Mexican laws relating to data protection and privacy including (without limitation) the Federal Law for the Protection of Personal Data in Possession of Private Parties and its regulations (“FDPL”), as well as any other applicable laws and regulations relating to data protection and privacy as implemented, and all amendments to or replacements of the above legislation.
You agree and acknowledge that you act as the data controller for the Publisher Data and that you will duly comply with the obligations established by the FDPL. Also, you agree that within the framework of the SOW, you shall carry out the necessary procedures to ensure that any data transferred to LiveRamp cannot be associated with the data subject or allow, by its structure, content or degree of disaggregation, the identification of the same.  Or, as the case may be, you undertake to implement the required technologies to ensure that LiveRamp only receives dissociated data, which do not constitute personal data in terms of the FDPL.

To the extent that Publisher Data provided by you comprises information that is considered personal data or sensitive personal data as defined by the Mexican Data Protection Law, then in relation to such data, Publisher warrants and agrees:

  1. the Data Ethics Review described in the SOW shall take into account rules set out in the Mexican Data Protection Law and Publisher shall make available to LiveRamp all information necessary to allow such Data Ethics Review and contribute to reasonable further reviews conducted by LiveRamp;
  2. that the provision of the Publisher Data to LiveRamp, and its subsequent use by LiveRamp for the purposes contemplated by the SOW will not violate Mexican Data Protection Law, or any agreements between Publisher and any third parties;
  3. that it will provide a valid notification to the data subjects of the Publisher Data, in accordance with Articles 15 and 16 of the FDPL, which explains (with the necessary level of detail) the sharing of the Publisher Data with LiveRamp, the creation of the envelope, the combination or matching of data, that the envelope is associated with the Publisher’s first party storage, and that the first party storage and envelope is used for the purpose of targeted advertising;
  4. that it will obtain the valid consent of the data subjects of the Publisher Data (in accordance with Article 10 of the FDPL) for the Publisher’s processing activities and purposes specified in the SOW;
  5. that it will keep records that demonstrate that the Publisher has obtained such valid consents, which it shall make available to LiveRamp upon written request; and
  6. in addition to any Prohibited Data restrictions set forth in the Agreement, it shall not provide to LiveRamp, or permit any third party to provide to LiveRamp on Publisher’s behalf, any special categories of data as defined by the FDPL. If Publisher should transfer Prohibited Data to LiveRamp in violation of this section, Publisher shall immediately notify LiveRamp and inform LiveRamp of the date, time, and other pertinent information related to the transfer so LiveRamp may take the steps necessary to remove the Prohibited Data from its systems.
  7. You will promptly notify LiveRamp that you have provided personal data to LiveRamp so that LiveRamp may take actions in order to dissociate such data so that it remains dissociated in compliance with Mexican Data Protection Laws.

In accordance with the SOW, upon termination of the SOW LiveRamp shall not be required to destroy or cease use of any licensed Publisher Data but LiveRamp shall use Publisher Data in compliance with statistical and research & development exceptions to the extent it is applicable.
Publisher agrees that it shall be responsible for dealing with and responding to all requests made by data subjects under Mexican Data Protection Law which relate to the processing activities which are the subject of the SOW.

NEW ZEALAND

Publisher will comply with applicable privacy laws, including the Privacy Act 2020 and the Information Privacy Principles under that Act, and the Unsolicited Electronic Messages Act 2007, and any other applicable analogous legislation, and all amendments to or replacements of the above legislation (for purposes of this section, “Privacy Laws”).

To the extent that the Publisher Data provided by Publisher comprises information that is considered personal information as defined by the Privacy Laws (“Personal Information”), then in relation to such data Publisher represents and warrants: a) that valid notification has been provided to their users for the purpose of use and share of personal information, including personal ID (i.e., individual identifiers, cookie ID, mobile ID, such as an AAID or IDFA, etc.) and any associated personal information; b) that it has ensured “comparable protection” to the standards set out in the Privacy Laws in connection with any Personal Information outside the country; and c) that it shall be responsible for dealing with and responding to all requests made by data subjects under Privacy Laws which relate to the processing activities that are the subject of the SOW.

PROHIBITED DATA – New Zealand

The following is considered Prohibited Data as defined in your Agreement: (i) any special categories of data as defined in Privacy Laws or any other legislations of the country, like the health information and criminal records; and (ii) any information related to a person under the age of eighteen (18).

SINGAPORE

Publisher will comply with applicable privacy laws, including the Personal Data Protection Act of Singapore (“PDPA”), Cybersecurity Act, Data Protection Enforcement Cases (decisions), and any other applicable analogous legislation (for purposes of this section, “Privacy Laws”).

To the extent that the Publisher Data provided by Publisher comprises information that is considered personal data as defined by the Privacy Laws (“Personal Data”), Publisher represents and warrants to LiveRamp that it shall (i) comply with all applicable Privacy Laws; and (ii) get consent from the individual prior to the collection, use, or disclosure of the personal data (and such consent must not be a condition of providing a product or service, beyond what is reasonable to provide such product or service; and must not be obtained through the provision of false or misleading information or through deceptive or misleading practices), and that Publisher has also provided the relevant data protection notice (notifying purposes of collection, use and disclosure etc.) to the individual on or before collecting, using or disclosing the Personal Data.

In connection with any Personal Data outside of Singapore, Publisher represents and warrants to LiveRamp that it has ensured “comparable protection” to the standards set out in the Privacy Laws. The mechanisms to achieve this include but are not limited to: data transfer agreements; the individual has given consent (and provided required notices have been provided); in connection with performance of contracts between the transferring organization and the individual.

 Publisher agrees that it shall be responsible for dealing with and responding to all requests made by data subjects under the Privacy Laws which relate to the processing activities which are the subject of the SOW. In the event that LiveRamp receives a data subject request which relates specifically to Publisher’s deployment of the Authenticated Traffic Solution, it shall forward that request to Publisher without undue delay.

PROHIBITED DATA – SINGAPORE

The following is considered Prohibited Data as defined in your Agreement: (i) national identification (“National ID”) numbers and associated details in National ID documents, such as Singapore’s National Registration Identification Card (“NRIC”); (ii) Sensitive Information (as that term is defined in the Privacy Laws); or (iii) telephone numbers identified as unlisted or unpublished.

TAIWAN

Publisher will comply with all applicable privacy, data security, and data protection laws, directives, regulations, and rules, as may be amended from time to time and/or any successor legislation of Taiwan (for the purpose of this section, “Privacy Laws”).

To the extent that the Publisher Data provided by Publisher comprises information that is considered personal information as defined by the Privacy Laws (“Personal Information”), then in relation to such data Publisher represents and warrants that: (a) it shall obtain the valid consent from the data subject, if required by the Privacy Laws, for your and LiveRamp’s processing activities and purposes specified in the SOW; (b) it shall provided local consumers with a channel to exercise their consumer rights as granted by the Privacy Laws, and shall pass the requests wherever necessary to LiveRamp; and (c) shall not provide to LiveRamp or cause LiveRamp to use any Prohibited Data described herein.

PROHIBITED DATA – TAIWAN

The following is considered Prohibited Data as defined in your Agreement: (i) sensitive personal information as defined in the Privacy Laws, including without limitation to medical records, passport numbers, etc.,(ii) any information related to a person under the age of twenty (20).

Updated April 4, 2022