DSPs, and DMPs RampID Services Country-Specific Terms

Subject to the terms of your LiveRampStatement of Work for LiveRamp Services for Real Time Bidding (“SOW”), DSPs/DMPs may use the LiveRamp Services (as defined in the respective SOW) in the Approved Geographies. Unless otherwise defined in these terms, all capitalized terms used herein shall have the meanings given to them in the SOW or your Agreement.

LiveRamp may, in its sole discretion, change these terms, from time to time, and will provide notice to you in the event of a material change in the terms. You must monitor your compliance with these terms on a regular basis. If, at any time, you cannot meet these terms or if there is a significant risk that you will not be able to meet them, you must immediately notify us by sending an email to dataethics@liveramp.com and immediately take reasonable and appropriate steps to restore an adequate level of protection.

For the purpose of this country – specific terms:

Client” shall mean either DSP or DMP, as applicable.

Client Data” shall mean either DSP’s or DMP’s Data, as applicable.

COUNTRY/MARKET SELECTION

To the extent that the Client Data provided by Client comprises information that is considered personal data as defined by the Privacy Laws (“Personal Information”), then in relation to such data, Client represents and warrants: (a) comply with all applicable privacy, data security, and data protection laws, regulations, and rules, including but not limited to the Privacy Laws; and b) notify their users of the purpose of use of personal ID (i.e., individual identifiers, cookie ID, mobile ID, such as an AAID or IDFA, etc.) and any associated personal data; c) obtain explicit consent regarding its collection, use, and sharing of Personal Information as required under Privacy Laws, including through inclusion of a prominent link to its privacy policy and/or description of data collection and usage practices at the time and location of collection and through notice that Personal Information may be transferred overseas.

United States

Client will comply with applicable privacy laws, including the California Consumer Privacy Act of 2018 (“CCPA”) and all similar privacy laws in the United States.

Where the Services are used in order to activate data from a joint customer (the “Advertiser”) of both LiveRamp and Client (the “Advertiser”), both Parties acknowledge and agree that each of them is acting as a direct service provider of the Advertiser and shall have an agreement in place with the Advertiser in order to cover such data processing. None of the Parties shall be responsible for the processing of Advertiser’s data by the other Party. 

As between LiveRamp and Client, LiveRamp shall Process Client Personal Information only as a processor or sub-processor (i.e., Service Provider under CCPA) acting on behalf of Client.

LiveRamp shall not, and shall not authorize any third party to, process, retain, use, sell, transfer, disclose, or otherwise share Client Personal Data for any Purposes other than for the specific purpose of performing the Services. LiveRamp may, however, disclose the Personal Information to its own processors and service providers where LiveRamp has carried out adequate due diligence on each such service provider and included obligations in the contract between LiveRamp and such service provider that are equivalent to those to which LiveRamp has agreed.

Client agrees that it shall be responsible for dealing with and responding to all rights requests made by data subjects under applicable privacy laws which relate to the processing activities which are the subject of the SOW, including requests to access, delete, or opt out of the collection, use, or disclosure of Personal Information pertaining to them. Where necessary and required by law, LiveRamp shall promptly and in good faith take such actions and provide such information and assistance as Client may reasonably request to enable Client to honor requests of individuals to exercise their rights under applicable privacy laws.

ARGENTINA

For the purposes of this section, “Argentinian Data Protection Law” means all applicable Argentinian laws relating to data protection and privacy including (without limitation) (without limitation) Personal Data Protection Law No. 25,326 (“PDPL”),the Decree No. 1558/2001 and its related regulations issued by the enforcement local authority (Agencia de Acceso a la Información Pública and Direccón Nacional de Protección de Datos Personales), as well as any other applicable laws and regulations relating to data protection and privacy as implemented, and all amendments to or replacements of the above legislation.

Each party represents, warrants and undertakes to the other that, throughout the term of this SOW, it shall comply with all applicable Data Protection Laws in addition to its contractual obligations as set forth herein.

Where the Services are used in order to activate data from a joint customer (the “Advertiser”) of both LiveRamp and Client (, both Parties acknowledge and agree that each of them is acting as a direct data processor of the Advertiser and shall have an agreement in place with the Advertiser in order to cover such data processing. None of the Parties shall be responsible for the processing of Advertiser’s data by the other Party.

To the extent that Client Data includes information that is considered personal data as defined by applicable Argentinian Data Protection Law (“ Argentinian Personal Information”), then in relation to such data Publisher warrants and agrees:

  • that the provision of the Client Data to LiveRamp, and its subsequent use by LiveRamp for the purposes contemplated by the SOW will not violate Argentinian Data Protection Law, or any agreements between Client and any third parties;
  • that it will provide a valid notification to the data subjects of the Publisher Data, in accordance with Section 6 of the PDPL, which explains (with the necessary level of detail) the sharing of the Publisher Data with LiveRamp;
  • that it will obtain the valid consent of the data subjects of the Publisher Data (in accordance with the Section 6 of the PDPL) for LiveRamp and Publisher’s processing activities and purposes specified in the SOW;
  • that it will keep records that demonstrate that the Publisher has obtained such valid consents, which it shall make available to LiveRamp upon written request; and
  • It shall be responsible for dealing with and responding to all requests made by data subjects under Data Protection Law which relate to the processing activities which are the subject of the SOW. In the event that LiveRamp receives a data subject request which relates specifically to Client’s use of LiveRamp’s RampID Services for Platforms, it shall forward that request to Client without undue delay.

Change in Law. The Parties acknowledge that: (i) the state of the law with respect to privacy, including without limitation, behavioral advertising, contextual advertising, cookies, personal information, and informational privacy is unsettled; and (ii) subsequent to the SOW Effective Date, new or changes in existing applicable local, state, federal, and international laws, rules, and regulations (a “Change in Law”) may limit or prohibit the delivery of the Services as contemplated under this SOW. Neither Party makes any representations or warranties with respect to such Changes in Law; moreover, each Party hereby expressly disclaims any representations, warranties, guarantees, covenants, or obligations relating thereto. In the event that a Change in Law frustrates the purpose of this SOW, either Party may immediately terminate this SOW with written notice, without incurring any liability to the other Party as a result thereof.

BRAZIL

For the purposes of this section, “Brazilian Data Protection Law” means all applicable Brazilian laws relating to data protection and privacy including (without limitation) Brazilian Law No. 13709/18 (“LGPD”), as well as any other applicable laws and regulations relating to data protection and privacy and  Brazilian Law No. 12,965/14; as implemented, and all amendments to or replacements of the above legislation.

Each party represents, warrants and undertakes to the other that, throughout the term of this SOW, it shall comply with all applicable Data Protection Laws in addition to its contractual obligations as set forth herein. 

Where the Services are used in order to activate data from a joint customer (the “Advertiser”) of both LiveRamp and Client , both Parties acknowledge and agree that each of them is acting as a direct data processor of the Advertiser and shall have an agreement in place with the Advertiser in order to cover such data processing. None of the Parties shall be responsible for the processing of Advertiser’s data by the other Party.

To the extent that Client Data provided includes information that is considered personal data as defined by applicable Brazilian Data Protection Law (“EU Personal Information”), then in relation to such data Client warrants and agrees:

  • that the provision of the Client Data to LiveRamp, and its subsequent use by LiveRamp for the purposes contemplated by the SOW will not violate Brazilian Data Protection Law, or any agreements between Client and any third parties; 
  • that it will provide a valid notification to the data subjects of the Publisher Data, in accordance with Article 9 of the LGPD, which explains (with the necessary level of detail) the sharing of the Publisher Data with LiveRamp; 
  • that it will obtain the valid consent of the data subjects of the Client Data (in accordance with the LGPD) for LiveRamp and Client’s processing activities and purposes specified in the SOW; 
  • that it will keep records that demonstrate that the Publisher has obtained such valid consents, which it shall make available to LiveRamp upon written request; and
  • It shall be responsible for dealing with and responding to all requests made by data subjects under Data Protection Law which relate to the processing activities which are the subject of the SOW. In the event that LiveRamp receives a data subject request which relates specifically to Client’s use of LiveRamp’s RampID Services for Platforms, it shall forward that request to Client without undue delay.

Change in Law. The Parties acknowledge that: (i) the state of the law with respect to privacy, including without limitation, behavioral advertising, contextual advertising, cookies, personal information, and informational privacy is unsettled; and (ii) subsequent to the SOW Effective Date, new or changes in existing applicable local, state, federal, and international laws, rules, and regulations (a “Change in Law”) may limit or prohibit the delivery of the Services as contemplated under this SOW. Neither Party makes any representations or warranties with respect to such Changes in Law; moreover, each Party hereby expressly disclaims any representations, warranties, guarantees, covenants, or obligations relating thereto. In the event that a Change in Law frustrates the purpose of this SOW, either Party may immediately terminate this SOW with written notice, without incurring any liability to the other Party as a result thereof.

CANADA

Client will comply with applicable privacy laws, including the Personal Information Protection and Electronic Documents Act (Canada) (PIPEDA) and all substantially similar provincial privacy laws in Canada, as well as the Canada’s Anti-Spam Law (CASL) (for purposes of this section, “Privacy Laws”).

Where the Services are used in order to activate data from a joint customer (the “Advertiser”) of both LiveRamp and Client , both Parties acknowledge and agree that each of them is acting as a direct service provider of the Advertiser and shall have an agreement in place with the Advertiser in order to cover such data processing. None of the Parties shall be responsible for the processing of Advertiser’s data by the other Party.

To the extent that the Client Data includes information that is considered personal information as defined by the Privacy Laws (“Personal Information”), Client represents and warrants to LiveRamp that it shall (i) comply with all applicable Privacy Laws; and (ii) get consent from the individual prior to the collection, use, or disclosure of the personal information (and such consent must not be a condition of providing a product or service, beyond what is reasonable to provide such product or service; and must not be obtained through the provision of false or misleading information or through deceptive or misleading practices), and that Client has also provided the relevant data protection notice (notifying purposes of collection, use and disclosure etc.) to the individual on or before collecting, using or disclosing the Personal Information.

In connection with any Personal Information to be transferred outside of Canada, Client represents and warrants to LiveRamp that it has ensured “comparable protection” to the standards set out in the Privacy Laws. The mechanisms to achieve this include but are not limited to: data transfer agreements; the individual has given consent (and provided required notices have been provided); in connection with performance of contracts between the transferring organization and the individual.

Client agrees that it shall be responsible for dealing with and responding to all requests made by data subjects under the Privacy Laws which relate to the processing activities which are the subject of the SOW. In the event that LiveRamp receives a data subject request which relates specifically to Client’s use of the Services, it shall forward that request to Client without undue delay.

EU/UK

For the purposes of this section, “Data Protection Law” means all applicable EU or UK laws relating to data protection and privacy including (without limitation) the EU General Data Protection Regulation (2016/679) (the “GDPR”), the EU Privacy and Electronic Communications Directive 2002/58/EC as implemented in any applicable EU member state, the UK General Data Protection Regulation (UK GDPR) or any such equivalent legislation applicable in the United Kingdom, any other local law, regulation or guidance from relevant regulators relating to the protection of Personal Data or the privacy of individuals, each as amended from time to time.

Each Party represents, warrants and undertakes to the other that, throughout the term of the SOW, it shall comply with all applicable Data Protection Laws in addition to its contractual obligations as set forth herein and in the SOW.

Where the Services are used in order to activate data from a joint customer (the “Advertiser”) of both LiveRamp and Client , both Parties acknowledge and agree that each of them is acting as a direct data processor of the Advertiser and shall have an agreement in place with the Advertiser in order to cover such data processing. None of the Parties shall be responsible for the processing of Advertiser’s data by the other Party.

To the extent that Client Data provided by you comprises information that is considered personal data as defined by applicable Data Protection Law (“EU Personal Information”), then in relation to such data, Client warrants and agrees:

  • that the provision of the Client Data to LiveRamp, and its subsequent use by LiveRamp for the purposes contemplated by the SOW will not violate Data Protection Law, or any agreements between Publisher and any third parties; 
  • that it will provide a valid notification to the data subjects of the Client Data, in accordance with Article 13 of the GDPR, which explains (with the necessary level of detail) the sharing of the Publisher Data with LiveRamp; 
  • that it will obtain the valid consent of the data subjects of the Publisher Data (in accordance with the GDPR) for LiveRamp and Publisher’s processing activities and purposes specified in the SOW; 
  • that it will keep records that demonstrate that the Publisher has obtained such valid consents, which it shall make available to LiveRamp upon written request; and
  • In the EEA countries and in the UK, given the nature of the requirements outlined above and the guidance of the regulators, the Publisher warrants to implement a Consent Management Platform allowing such features, including the IAB Transparency and Consent Framework without undue delay. 
  • It shall be responsible for dealing with and responding to all requests made by data subjects under Data Protection Law which relate to the processing activities which are the subject of the SOW. In the event that LiveRamp receives a data subject request which relates specifically to Client’s use of LiveRamp’s RampID Services for Platforms, it shall forward that request to Client without undue delay.

Change in Law. The Parties acknowledge that: (i) the state of the law with respect to privacy, including without limitation, behavioral advertising, contextual advertising, cookies, personal information, and informational privacy is unsettled; and (ii) subsequent to the SOW Effective Date, new or changes in existing applicable local, state, federal, and international laws, rules, and regulations (a “Change in Law”) may limit or prohibit the delivery of the Services as contemplated under this SOW. Neither Party makes any representations or warranties with respect to such Changes in Law; moreover, each Party hereby expressly disclaims any representations, warranties, guarantees, covenants, or obligations relating thereto. In the event that a Change in Law frustrates the purpose of this SOW, either Party may immediately terminate this SOW with written notice, without incurring any liability to the other Party as a result thereof.

MEXICO

For the purposes of this section, “Mexican Data Protection Law” means all applicable Mexican laws relating to data protection and privacy including (without limitation) the Federal Law for the Protection of Personal Data in Possession of Private Parties and its regulations (“FDPL”), as well as any other applicable laws and regulations relating to data protection and privacy as implemented, and all amendments to or replacements of the above legislation.

Where the Services are used in order to activate data from a joint customer (the “Advertiser”) of both LiveRamp and Client , both Parties acknowledge and agree that each of them is acting as a direct data processor of the Advertiser and shall have an agreement in place with the Advertiser in order to cover such data processing. None of the Parties shall be responsible for the processing of Advertiser’s data by the other Party.

Client agrees and acknowledges that it acts as the data controller for the Client Data and that it will duly comply with the obligations established by the FDPL. Client agrees that within the framework of the SOW, it shall carry out the necessary procedures to ensure that any data transferred to LiveRamp cannot be associated with the data subject or allow, by its structure, content or degree of disaggregation, the identification of the same.  Or, as the case may be, you undertake to implement the required technologies to ensure that LiveRamp only receives dissociated data, which do not constitute personal data in terms of the FDPL.

To the extent that Client Data provided includes information that is considered personal data or sensitive personal data as defined by the Mexican Data Protection Law, then in relation to such data, Client warrants and agrees:

  • that the provision of the Client Data to LiveRamp, and its subsequent use by LiveRamp for the purposes contemplated by the SOW will not violate Mexican Data Protection Law, or any agreements between Publisher and any third parties;
  • that it will provide a valid notification to the data subjects of the Publisher Data, in accordance with Articles 15 and 16 of the FDPL, which explains (with the necessary level of detail) the sharing of the Publisher Data with LiveRamp;
  • that it will obtain the valid consent of the data subjects of the Client Data (in accordance with Article 10 of the FDPL) for the Client’s processing activities and purposes specified in the SOW;
  • that it will keep records that demonstrate that the Client has obtained such valid consents, which it shall make available to LiveRamp upon written request; and
  • It shall be responsible for dealing with and responding to all requests made by data subjects under Data Protection Law which relate to the processing activities which are the subject of the SOW. In the event that LiveRamp receives a data subject request which relates specifically to Client’s use of LiveRamp’s RampID Services for Platforms, it shall forward that request to Client without undue delay.
  • Client will promptly notify LiveRamp that Client has provided personal data to LiveRamp so that LiveRamp may take actions in order to dissociate such data so that it remains dissociated in compliance with Mexican Data Protection Laws.

Change in Law. The Parties acknowledge that: (i) the state of the law with respect to privacy, including without limitation, behavioral advertising, contextual advertising, cookies, personal information, and informational privacy is unsettled; and (ii) subsequent to the SOW Effective Date, new or changes in existing applicable local, state, federal, and international laws, rules, and regulations (a “Change in Law”) may limit or prohibit the delivery of the Services as contemplated under this SOW. Neither Party makes any representations or warranties with respect to such Changes in Law; moreover, each Party hereby expressly disclaims any representations, warranties, guarantees, covenants, or obligations relating thereto. In the event that a Change in Law frustrates the purpose of this SOW, either Party may immediately terminate this SOW with written notice, without incurring any liability to the other Party as a result thereof.

APAC:

  1. DMP RampID Services is currently not available for APAC.
  2. The use of DSP RampID Services (available in Australia, New Zealand, Japan, Singapore, Taiwan) is subject to the following:

DSP shall comply with all Data Protection Legislation applicable to APAC markets, including: (A) Australia: the Privacy Act 1988 (Cth) and the Spam Act 2003 (Cth); (B) Japan: The Act on the Protection of Personal Information (Act No. 57 of 2003 as amended in 2015 and 2020); and (C) Singapore: the Personal Data Protection Act of Singapore, Cybersecurity Act, and Data Protection Enforcement Cases (decisions); (D) New Zealand: the Privacy Act 2020 and the Information Privacy Principles under that Act, and the Unsolicited Electronic Messages Act 2007; (E) Taiwan: All applicable privacy, data security, and data protection laws, directives, regulations, and rules, as may be amended from time to time and/or any successor legislation of Taiwan.

 

Updated April 26, 2022