These Permission Ads Terms and Conditions (these “Terms and Conditions,” and together with any terms set forth in Exhibits and Insertion Orders executed by the parties, the “Agreement”) are entered into by and between Permission.io, Inc., a Delaware corporation (“Permission”) and the undersigned entity (“Client”). These Terms and the applicable Insertion Order (“IO”) constitute the full Agreement between the Parties. In the event of any conflict or inconsistency between any IO and these Terms and Conditions, these Terms and Conditions shall control, except to the extent such IO expressly supersedes or amends a specifically referenced section of these Terms and Conditions.

  1. DEFINITIONS
    1. Definitions. The definitions for some of the defined terms used in this Agreement are set forth below. The definitions for other defined terms are set forth elsewhere in this Agreement.
    2. “Advertisement” or “Ads” means materials or messages in any format, including, without limitation, banner ads, sponsored links, textual, interactive, and audio or video messages that promote the Advertiser’s listings, content, products, or services.
    3. “Advertiser” means the entity using the Permission Platform (and/or any entity or successor entity, agency, or network acting on its behalf). For purposes of clarity, the Advertiser may be the Client.

    4. “Site” or “Sites” means the website(s), Internet-enabled applications, and other online environments that Permission has been authorized by Client to display Advertisements or install Permission technology.
    5. “Affiliate” means, with respect to any entity, directly or indirectly, through one or more intermediaries, is controlled by, or is under common control with, such entity. The term “control” means the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through the ownership of voting securities, by contract, or otherwise.
    6. “Insertion Order” means each Insertion Order referencing this Agreement. Each Insertion Order will be incorporated into this agreement upon mutual execution by the parties.
    7. “Service” means the service described in the applicable Insertion Order.
    8. “Output” means any reports or other output of the Service.
    9. “Applicable Laws” means any applicable national, federal, foreign, state, and local laws, rules, and regulations and/or self-regulatory guidelines, including, without limitation, those relating to advertising, the Internet, privacy, telemarketing, and unfair business practices and which shall include for the avoidance of doubt the European Union General Data Protection Regulation 2016/679 (“GDPR”) and its respective national implementing legislations; the California Consumer Privacy Act of 2018 (“CCPA”); the Swiss Federal Act on Data Protection; the United Kingdom General Data Protection Regulation; and the United Kingdom Data Protection Act 2018 (in each case, as amended, adopted, or superseded from time to time).
    10. “Permission Data” means: (i) the data collected by Permission through the Permission Platform that is not specific to Client or any of its Advertisers and has been aggregated with other proprietary data collected by Permission; and (ii) any data Permission receives or derives from Inventory Sources or Third Party Vendors.
    11. “Permission Platform” means the proprietary Permission Demand-Side Bidding Platform, its technology, components and materials, used to provide the Service described in the applicable Insertion Order.
    12. “Client Data” means: (i) End User Data; (ii) Transaction Data; and (iii) any data uploaded or provisioned by Client to Permission or within the Permission Platform.
    13. “End User” means an individual who is exposed to the Advertisements purchased through the Permission Platform as well as any individuals the Client or Advertiser interacts with in other contexts.
    14. “End User Data” means all data collected through the Permission Platform from and about End Users.
    15. “Fees” means the total fees payable by Client to Permission for the Services provided by Permission, which includes the amount owed to Permission by such Client to execute campaigns or other transactions as set forth in any Insertion Order.
    16. “Personal Information” means data that can be used to identify, contact, or locate a natural person, which may include but is not limited to, name, address, telephone number, e-mail address, online contact information (including, without limitation, an instant messaging user identifier or a screen name that reveals an individual’s email address), account numbers (financial and otherwise), government-issued identifier (including, but not limited to, social security number) and any other data considered personal information under Applicable Laws (including, in some jurisdictions, IP addresses, and where applicable cookie information and mobile identifiers).
    17. “Campaign” means a DSP-enabled media initiative that may consist of a frontend display, video creative, custom landing page, or other specified creative. Campaigns are executed based on a signed Insertion Order between both Client and Permission.
    18. “Media Plan” means the detailed plan of how a campaign will be broken down into targeted groupings (line items) with cost and volume estimations based upon budgets; the media plan is directly translated into the Insertion Order.
  2. SERVICES; RESTRICTIONS ON USE; CONTENTS OF ADS
    1. Provision of Services. Permission will perform implementation, technical and/or strategic marketing services (“Services”) to Client pursuant to the terms and conditions of this Agreement and any Insertion Order that the Parties may execute from time to time. Each Insertion Order shall be deemed incorporated into this Agreement upon execution by the Parties. In the event of any conflict between this Agreement and an Insertion Order, the Insertion Order shall govern and control.
    2. Effective Date and Modification. The effective date of each IO will be the earlier of: (a) execution thereof by both Permission and Client; or (b) the display of the first Client Ad impression specified in an IO executed by Client. Modifications to any existing IO will not be binding unless made in a writing signed by both parties.
    3. License Grant to Advertisements. Client hereby grants Permission: (i) a non-exclusive, worldwide, royalty-free license to reproduce, distribute, publicly display, and modify Client’s Advertisements during the Term for the purpose of displaying Client’s Advertisements on the Sites via the Platform; and (ii) all rights and licenses in and to the Advertisements, including all content therein, necessary for Permission to perform its obligations under this Agreement.
    4. Restrictions on Use. Client shall not: (i) reverse engineer, decompile, disassemble, or otherwise attempt to discern the underlying structures, algorithms, ideas, know-how or any other information of or related to the Permission Platform; (ii) modify, translate, adapt or create derivative works based on the Permission Platform; (iii) make any copies of the Permission Platform; (iv) resell, distribute, or sublicense the Permission Platform (vi) remove or modify any proprietary marking or restrictive legends placed on the Permission Platform; (vii) use the Permission Platform or the Permission Data for any purpose not expressly permitted in this Agreement or in violation of Applicable Law; (viii) introduce into the Permission Platform any software, virus, worm, “back door,” Trojan Horse, or similar harmful code; (ix) use the Permission Platform in connection with any Ads that do not comply with Section 2.4 “Content of Ads”; (x) attempt in any way to alter, modify, eliminate, conceal, or otherwise render inoperable or ineffective the website tags, source codes, links, pixels, modules or other data provided by or obtained from Permission that allows Permission to measure ad performance and provide the Services; (xi) use the Permission Platform to target Ads to children under the age of 13 years or use the Permission Platform in a manner that could violate the Children’s Online Privacy Protection Act (“COPPA”) or similar Applicable Laws in other jurisdictions, (xii) use the Permission Platform to target Ads to users generally accepted as “sensitive” pursuant to Internet advertising industry guidelines unless pursuant to an opt-in policy. If Client violates this Section 2, Permission reserves the right, in its sole discretion, to remove the Ads from the Permission Platform.
    5. Content of Ads. Ads may not: (i) facilitate or promote illegal activity; (ii) contain content that is deceptive, misleading, defamatory, obscene, distasteful, racially or ethnically offensive, harassing, or that is discriminatory based upon race, gender, color, creed, age, sexual orientation, or disability; (iii) contain sexually suggestive, explicit, or pornographic content; (iv) infringe upon or violate any right of any third party, including, without limitation, any intellectual property, privacy, or publicity rights; (v) spawn additional windows or messages beyond the original Ad; (vi) distribute adware, spyware, or viruses; (vii) auto-forward users’ browsers; (viii) resemble system dialogue boxes or error messages; (ix) intentionally obscure or falsify the source of the inventory or artificially inflate the volume of such inventory in any way; or (x) violate any Applicable Laws or Site policies.
    6. Campaign Deliverables. In the event that the campaign does not deliver in full, Permission will first work with Client to extend the campaign, if possible, to fully deliver the campaign. If campaign extension is not feasible, Client is entitled to request a refund of the unused media fees, provided Client does so within 30 days from the initial end date of the campaign.
  3. FEES; INVOICING AND PAYMENT
    1. Fees. Client shall pay Permission the Fees as set forth in this Agreement and any IOs. Client acknowledges that it is wholly responsible for payment of Fees for any Services provided by Permission, regardless of the payment terms, including, without limitation, the timing of such payments, between Client, and if applicable, Client’s Advertisers.
    2. Pricing:
      1. Client’s Fees are priced based upon impressions, as described in the media plan then in effect and incorporated into these Terms, and the CPM (Cost per million) associated with such plan. Once Permission has received a confirmed IO from Client, Client is responsible for payment on all delivered impressions associated with that campaign. Permission bills based upon its internal reporting metrics associated with the actual impressions delivered per the media plan. Permission will provide such reporting to Client, as needed, and will invoice accordingly. Such reporting will govern any disputes involving the invoice unless Permission, in its sole discretion, agrees to an adjustment.
      2. Minimum Fee: Included in the Insertion Order is a minimum, non-refundable fee, to cover the costs of creative and development resources, if applicable, expended prior to campaign launch, including, but without limitation, landing pages, ads, and any other creative asset.
    3. Payment.
      1. Client will pay Permission Fees in U.S. Dollars within thirty (30) days of Client’s receipt of an undisputed invoice, unless otherwise specified in an IO.
      2. If Client believes that Permission has billed Client incorrectly, Client must contact Permission no later than 30 days after receipt of the invoice in order to receive an adjustment or credit.
      3. Unpaid amounts not disputed subject to section 3.2 are subject to a finance charge of 1.5% per month on any outstanding balance, or the maximum permitted by Applicable Laws, whichever is lower, plus all expenses of collection.
      4. Permission may restrict the credit available to Client for providing the Services and may disable the Services if invoices have not been paid for thirty (30) days or if there is other evidence of Client’s inability to pay.
      5. Permission, at its sole discretion, can require a comprehensive credit check to assess eligibility for credit in advance of executing any campaign.
      6. Client is responsible for determining what, if any, taxes apply to Client’s use of the Services, and for withholding, collecting, reporting and remitting the correct taxes, if any, to the appropriate tax authorities. Permission is not responsible for withholding, collecting, reporting, or remitting any tax arising from Client’s use of the Services.
      7. Pre-payment terms can be established on an IO basis and may allow for discounts up to 2%.
  4. CONFIDENTIALITY
    1. “Confidential Information” means: (i) with respect to Permission: the Permission Platform and any and all code and protocols relating thereto; the terms of this Agreement; the Permission Data; pricing and fees relating to Services as set forth in any IO and any other non-public information or material regarding Permission’s legal or business affairs, financing, properties, or data, and (ii) with respect to Client: the Client Data and Output; and any other non-public information or material regarding Client’s legal or business affairs, financing, Clients, properties, or data. Confidential Information does not include information which: (a) is or becomes public knowledge without any action by, or involvement of, the Party to which the Confidential Information is disclosed (the “Receiving Party”); (b) is documented as being known to the Receiving Party prior to its disclosure by the other Party (the “Disclosing Party”); (c) is independently developed by the Receiving Party without reference or access to the Confidential Information of the Disclosing Party and is so documented; or (d) is obtained by the Receiving Party without restrictions on use or disclosure from a third person who does not owe a duty of confidentiality to the Disclosing Party.
    2. Use and Disclosure of Confidential Information. The Receiving Party shall, with respect to any Confidential Information of the Disclosing Party: (i) use such Confidential Information only in connection with the Receiving Party’s performance of its obligations and exercise of its rights under this Agreement; (ii) subject to Section 4.4 below and without limiting Client’s right to make disclosures necessary to perform its obligations, restrict disclosure of such Confidential Information within the Receiving Party’s organization to only those employees or consultants of the Receiving Party who have a need to know such Confidential Information in connection with the Receiving Party’s performance of this Agreement; and (iii) except as expressly contemplated under the preceding clause (ii), not disclose such Confidential Information to any third party unless authorized in writing by the Disclosing Party to do so.
    3. Protection of Confidential Information. The Receiving Party will protect the confidentiality of any Confidential Information disclosed by the Disclosing Party using at least the degree of care that it uses to protect its own confidential information (but no less than a reasonable degree of care).
    4. Compliance by Personnel. The Receiving Party will, prior to providing any employee or consultant access to any Confidential Information of the Disclosing Party, inform such employee or consultant of the confidential nature of such Confidential Information and require such employee or consultant to comply with the Receiving Party’s obligations hereunder with respect to such Confidential Information. The Receiving Party will be responsible to the Disclosing Party for any violation of this Section 4 by any such employee or consultant.
    5. Required Disclosures. In the event the Receiving Party becomes or may become legally compelled to disclose any Confidential Information, the Receiving Party shall provide to the Disclosing Party prompt prior written notice of such requirement so that the Disclosing Party may seek a protective order or other appropriate remedy and/or waive compliance with the terms of this Section 4. In the event that such protective order or other remedy is not obtained, or that the Disclosing Party waives compliance with the provisions hereof, the Receiving Party shall furnish only that portion of the Confidential Information which it is advised by counsel is legally required to be disclosed, and shall use its best efforts to ensure that confidential treatment shall be afforded such disclosed portion of the Confidential Information.
  5. INTELLECTUAL PROPERTY.

    1. As between the Parties, and with the exception of any open-source and/or other licensed-in components contained or incorporated therein, Permission is and shall remain the sole and exclusive owner of all right, title, and interest in and to the Permission Platform (other than Third Party Services), and the Permission Data, including all source code, object code, operating instructions, and all interfaces developed for or relating to the same, together with all modifications, enhancements, revisions, changes, copies, partial copies, translations, compilations, improvements, and derivative works thereof, including all intellectual property rights therein (collectively, “Permission Intellectual Property”). As between the Parties, Client is and shall remain the sole and exclusive owner of all right, title, and interest in, the Ads and the Client Data, including all intellectual property rights therein (collectively, “Client Intellectual Property”). Permission has and shall have no rights with respect to the Client Intellectual Property other than those expressly granted pursuant to this Agreement.
  6. DATA AND PRIVACY.
    1. End User Data. Both Permission and Client commit to abide by Data Protection Laws concerning the Processing of End User Data, including, but not limited to, Covered Personal Data (as defined by the Data Processing Addendum to this agreement). Client shall ensure that prior to any collection and processing of End User Data, all applicable End Users have consented to such collection and processing in compliance with Applicable Laws. With respect to End User Data collected by Client through the Permission Platform, Client may only use and disclose such aggregate data if such use is permissible under: (i) the DPA; (ii)  Applicable Laws; and (iii) its privacy policy. The Personal Information and other data processed by Permission regarding End Users shall be governed by the Permission Privacy Policy.
    2. Limited License to Client Data. Client hereby grants to Permission the right to use and disclose Client Data (other than End User Data) to the extent necessary to provide the Services to Client and solely: (i) as anonymized, aggregate Permission Platform statistics, which cannot directly be associated with Client or any End User, (ii) to provide, operate, manage, maintain, and enhance the Permission Platform (it being understood and agreed that, without limiting the generality of the foregoing, Permission may disclose certain Client Data, necessary for the operation of the Permission Platform); (iii) to subcontractors and other third-party service providers (e.g., auditors and counsel) of Permission who need to know it and who are obligated to keep it confidential, subject to the terms and conditions hereof; (iv) to enforce its rights under this Agreement; (v) if and as required by any court order, law, or governmental or regulatory agency (after, if permitted, giving reasonable notice to Client and using commercially reasonable efforts to provide Client with the opportunity to seek a protective order or the equivalent (at Client’s expense)); and (vi) to Third Party Vendors which Client opts to utilize, who are obligated to keep it confidential, subject to the terms and conditions hereof; and (vii) as may otherwise be elected by Client; and (viii) in compliance with Applicable Laws.
    3. Privacy. Client will ensure that each of its digital properties (websites, mobile applications, etc.) contains a privacy policy that (a) discloses (i) the usage of third-party technology; and (ii) the data collection and usage resulting from the Services provided to Client through the use of the Permission Platform, it being understood that this clause (a) will not be deemed to require those privacy policies to expressly identify Permission or the Permission Platform (unless otherwise required by Applicable Laws); (b) contains a conspicuous live hyperlink to an opt-out website that provides the End User the ability to opt out of interest-based advertising; (c) complies with all Applicable Laws; and (d) to the extent required by Applicable Laws, a mechanism to obtain, with respect to the use of the Permission Platform, End Users’ informed consent to the usage of third-party technology (reasonable evidence of such consent to be maintained to the extent so required).
    4. Client Data Processing. For the purposes of this clause, the terms “controller”, “data subjects”, “personal data”, “processor”, “processing”, and “supervisory authority” shall have the meaning given to them by the GDPR. With respect to the use by Permission of any Client Personal Information related to Client’s employees, agents, contractors, or designees, in order to provide the Service, Permission shall comply with all applicable laws relating to privacy and data protection as well as any specific Client instructions regarding Personal Data. With respect to any Client Personal Information that is subject to EU Data Protection Directive 95/46/EC (or any superseding legislation) (the “Directive”), Permission shall (i) process any such data transferred to or collected by Permission only as a data processor (as such term is defined in the Directive) on behalf of Client, (ii) implement appropriate technical and organizational security measures to protect such data from unauthorized access, use, loss, damage or destruction, (iii) where such data is transferred from the EU to a non-EU country, execute standard contractual clauses that provide an adequate level of protection to such data in order to comply with the Directive, unless Client directs otherwise, and (iv) enter into written agreements with sub-processors that use such data in order to assist with the provision of the Service on terms no less restrictive than the terms in this Agreement (including the requirement to execute standard contractual clauses if appropriate).
  7. TERM AND TERMINATION.
    1. Term. This Agreement is effective as of the date last signed in the applicable IO.  Either Party may terminate this Agreement at any time and for any reason, upon written notice to the other Party.
    2. Effect of Termination. In the event of any termination or expiration of this Agreement, Client shall pay Permission for all undisputed amounts payable hereunder as of the effective date of termination or expiration, including the Minimum Fee, if applicable, as described in Section 3.2.2.
  8. ADDITIONAL REPRESENTATIONS AND WARRANTIES; DISCLAIMER.
    1. Mutual Representations and Warranties. Each Party represents, warrants and covenants that: (i) it has the full right, power, and authority to enter into this Agreement, to discharge its obligations hereunder, and to grant the licenses granted hereunder; and (ii) it (and, with respect to Client) shall comply with all Applicable Laws in the conduct of its business and in the performance of its obligations under this Agreement (including all applicable privacy and data protection laws).
    2. Additional Representations and Warranties of Client. Client further represents, warrants and covenants to Permission that (i) it has the rights to use the Advertisements as contemplated by this Agreement; (ii) Client, if Client is not the Advertiser, is authorized to act on behalf of the Advertiser; (iii) Client shall employ commercially reasonable methodologies, technologies, and other means reasonably necessary to keep Permission Confidential Information secure and (iv) Client shall use the Permission Platform in compliance with Permission’s Policies and all applicable laws, rules, and regulations.
    3. Additional Representations and Warranties of Permission. Permission further represents, warrants and covenants to Client that it shall use reasonable efforts consistent with prevailing industry standards to maintain the Permission Platform in a manner which minimizes errors and interruptions and shall perform the services hereunder in a professional and workmanlike manner.
    4. Disclaimer. EXCEPT FOR ANY EXPRESS REPRESENTATIONS OR WARRANTIES CONTAINED IN THIS AGREEMENT, PERMISSION HEREBY DISCLAIMS ALL WARRANTIES WITH RESPECT TO THE PERMISSION PLATFORM, ITS TECHNOLOGY COMPONENTS, AND ALL OTHER MATERIALS PROVIDED HEREUNDER, WHETHER EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR ANY PARTICULAR PURPOSE AND ALL WARRANTIES ARISING FROM ANY COURSE OF DEALING, COURSE OF PERFORMANCE OR USAGE OF TRADE. PERMISSION DOES NOT WARRANT THAT THE PERMISSION TECHNOLOGY WILL OPERATE UNINTERRUPTED OR ERROR-FREE, AND IT IS POSSIBLE THAT THE PERMISSION TECHNOLOGY MAY BE INACCESSIBLE, UNAVAILABLE, OR INOPERABLE FROM TIME TO TIME. PERMISSION MAKES NO REPRESENTATION OR WARRANTY ABOUT THE RESULT CLIENT WILL OBTAIN THROUGH THE PERMISSION PLATFORM INCLUDING THE LEVEL OF ADS SERVED OR CLICKS ON ANY AD OR THE TIMING OF DELIVERY OF SUCH IMPRESSIONS AND/OR CLICKS UNDER THIS AGREEMENT.
  9. INDEMNITY.
    1. Client will defend, indemnify, and hold harmless Permission and its respective past, present and future employees, officers, directors, contractors, consultants, equity holders, suppliers, vendors, service providers, parent companies, subsidiaries, affiliates, agents, representatives, predecessors, successors and assigns  (the “Permission Indemnitees”) from any and all liabilities, costs, and expenses (including reasonable attorneys’ fees) incurred by such Permission Indemnitees in connection with any third-party claim, action, or proceeding arising from: (i) the Content of Advertisements; (ii) Client’s breach of its representations, warranties and covenants set forth in this Agreement; or (iii) Client’s violation of any rights of any other person or entity. Client will not be responsible for any settlement it does not approve in writing. Permission will give Client prompt written notice of any Claim and will cooperate in relation to the Claim at Client’s expense. Client will have the exclusive right to control and settle any Claim, except that Client may not settle a Claim without Permission’s prior written consent (not to be unreasonably withheld) if the settlement requires Permission to admit any liability or take any action or refrain from taking any action (other than ceasing use of infringing materials). Permission may participate in the defense of any Claim at its expense.
    2. Permission will defend, indemnify, and hold harmless Client and its officers, directors, managers, and employees (the “Client Indemnitees”) from any and all liabilities, costs, and expenses (including reasonable attorneys’ fees) (“Claims”) incurred by such Client Indemnitees in connection with any third-party claim, action, or demands  arising from (i) any infringement or alleged infringement by Permission in connection with provision of the Services of any third-party intellectual property right, (ii) any failure to comply with Applicable Laws or a breach of Section 6.2 (Client Data), or (iii) any personal injury or property damage caused by the negligence or willful misconduct of Permission (including its employees, agents, and subcontractors). Permission will not be responsible for any settlement it does not approve in writing. Client will give Permission prompt written notice of any Claim and will cooperate in relation to the Claim at Permission’s expense. Permission will have the exclusive right to control and settle any Claim, except that Permission may not settle a Claim without Client’s prior written consent (not to be unreasonably withheld) if the settlement requires Client to admit any liability or take any action or refrain from taking any action (other than ceasing use of infringing materials). Client may participate in the defense of any Claim at its expense.
  10. LIMITATION OF LIABILITY.
    1. Liability Exclusion. TO THE MAXIMUM EXTENT PERMITTED BY LAW, NEITHER PARTY WILL BE LIABLE TO THE OTHER PARTY (NOR TO ANY PERSON CLAIMING RIGHTS DERIVED FROM SUCH OTHER PARTY’S RIGHTS) FOR CONSEQUENTIAL, INCIDENTAL, INDIRECT, PUNITIVE, OR EXEMPLARY DAMAGES OF ANY KIND (INCLUDING WITHOUT LIMITATION LOST REVENUES OR PROFITS, OR LOSS OF GOODWILL OR REPUTATION) WITH RESPECT TO ANY CLAIMS BASED ON CONTRACT, TORT OR OTHERWISE (INCLUDING NEGLIGENCE AND STRICT LIABILITY) ARISING OUT OF OR RELATING TO THIS AGREEMENT, REGARDLESS OF WHETHER THE PARTY LIABLE OR ALLEGEDLY LIABLE WAS ADVISED, HAD OTHER REASON TO KNOW, OR IN FACT KNEW OF THE POSSIBILITY THEREOF.
    2. Limitation of Damages. TO THE MAXIMUM EXTENT PERMITTED BY LAW, EACH PARTY’S AGGREGATE LIABILITY UNDER THIS AGREEMENT, FOR WHATEVER CAUSE, WHETHER IN AN ACTION, IN CONTRACT, IN TORT, OR OTHERWISE, WILL BE LIMITED TO GENERAL MONEY DAMAGES AND SHALL NOT EXCEED AN AMOUNT EQUAL TO THE AGGREGATE FEES ACTUALLY PAID TO PERMISSION UNDER THIS AGREEMENT.  NOTWITHSTANDING THE FOREGOING, NOTHING IN THIS SECTION SHALL LIMIT EITHER PARTY’S LIABILITY FOR FRAUD OR FRAUDULENT MISREPRESENTATION, GROSS NEGLIGENCE, DEATH OR PERSONAL INJURY, OR INDEMNIFICATION (AS PROVIDED IN SECTION 9).
  11. COMPLIANCE.
    1. Each Party warrants that neither it nor any of its affiliates, officers, directors, employees, and agents is the subject of any sanctions administered by the Office of Foreign Assets Control of the U.S. Department of the Treasury, the European Union, or any other applicable sanctions authority. Each Party agrees to perform its obligations hereunder in compliance with all embargoes, sanctions and export control regulations of the US, France, the United Kingdom, and any applicable jurisdiction, as well as with all applicable anti-corruption laws, anti-terrorist financing legislation, and anti-money laundering laws.
  12. MISCELLANEOUS.
    1. Assignment. Neither Party may assign or otherwise transfer any of its rights or obligations under this Agreement without the prior, written consent of the other Party; provided, however, that a Party may, upon written notice to the other Party and without the consent of the other Party, assign or otherwise transfer this Agreement: (i) to any of its Affiliates; or (ii) in connection with a change of control transaction (whether by merger, consolidation, sale of equity interests, sale of all or substantially all assets, or otherwise), provided that in all cases, the assignee agrees in writing to be bound by the terms and conditions of this Agreement. Any assignment or other transfer in violation of this Section 12.1 will be null and void. Subject to the foregoing, this Agreement will be binding upon and inure to the benefit of the Parties hereto and their permitted successors and assigns.
    2. Publicity. During the Term, Permission may refer to Client as a Client and user of the Permission Platform. In connection therewith, Permission may use Client’s corporate logo.
    3. Waiver. No failure or delay by either Party in exercising any right or remedy under this Agreement shall operate or be deemed as a waiver of any such right or remedy.
    4. Governing Law. This Agreement shall be governed by and construed in accordance with the laws of the State of California, without regard for choice of law provisions thereof.
    5. Exclusive Forum. The Parties hereby consent and agree to the exclusive jurisdiction of the state and federal courts located in the State of California, County of San Francisco, for all suits, actions, or proceedings directly or indirectly arising out of or relating to this Agreement, and waive any and all objections to such courts, including but not limited to, objections based on improper venue or inconvenient forum, and each Party hereby irrevocably submits to the exclusive jurisdiction of such courts in any suits, actions, or proceedings arising out of or relating to this Agreement.
    6. Notices. All notices required under this Agreement (other than routine operational communications) must be in writing to the physical or email addresses set forth herein. Notices shall be effective upon: (i) actual delivery to the other Party, if delivered in person, or by national overnight courier; (ii) five (5) business days after being mailed via U.S. postal service; or (iii) if by email, upon confirmation by the other party of receipt.
    7. Independent Contractors. The Parties are independent contractors. Neither Party shall be deemed to be an employee, agent, partner, joint venturer, or legal representative of the other for any purpose, and neither shall have any right, power, or authority to create any obligation or responsibility on behalf of the other.
    8. Severability. If any provision of this Agreement is found invalid or unenforceable by a court of competent jurisdiction, that provision shall be amended to achieve as nearly as possible the same economic effect as the original provision, and the remainder of this Agreement shall remain in full force and effect. Any provision of this Agreement that is unenforceable in any jurisdiction shall be ineffective only as to that jurisdiction, and only to the extent of such unenforceability, without invalidating the remaining provisions hereof.
    9. Force Majeure. Except for Client’s obligations to pay Fees, neither Party shall be deemed to be in breach of this Agreement and be liable to the other Party for any failure or delay in performance to the extent caused by reasons beyond its reasonable control, including, but not limited to, acts of God, Internet disturbances, earthquakes, strikes, government action or regulations, or shortages of materials or resources.
    10. Survival. Provisions of this Agreement relating to confidentiality, indemnification, and any other provisions which by their nature should survive termination or expiration of this Agreement, shall so survive.
    11. Complete Understanding. This Agreement constitutes the final and complete agreement between the Parties regarding the subject matter hereof, and supersedes any prior or contemporaneous communications, representations, or agreements between the Parties, whether oral or written.
    12. Counterparts. This Agreement may be executed in counterparts, each of which shall be deemed to be an original, and all of which will constitute one and the same instrument.

Exhibit A – Data Processing Addendum

This Data Processing Addendum (including its Attachments) (“Addendum”) forms part of and is subject to the terms and conditions of the Agreement by and between Client (“Client”) and Permission.io, Inc. (“Permission.io”).

  1. Subject Matter and Effective Date. This Addendum reflects the parties’ commitment to abide by Data Protection Laws concerning the Processing of Covered Personal Data under the terms of the Agreement. All capitalized terms that are not expressly defined in this Addendum will have the meanings given to them in the Agreement. If and to the extent language in this Addendum or any of its Attachments conflicts with the Agreement, this Addendum shall control. This Addendum will become legally binding upon the effective date of the Agreement or upon the date that the parties sign this Addendum if it is completed after the effective date of the Agreement.
  2. Definitions. For the purposes of this Addendum, the following terms and those defined within the body of this Addendum apply.
    a) “Covered Personal Data” means Personal Data (or equivalent term) as such is defined in Data Protection Laws, that relates to End Users, and that Permission.io or Client processes, or that Client otherwise causes Permission to process, in relation to the Services. Covered Personal Data includes, without limitation, Personal Data that Client provides into the Services directly, Personal Data that Client receives or has access to in connection with purchased media using the Services, and/or Personal Data collected by Permission from a visitor of a Digital Property under the Agreement.
    b) “Data Protection Laws” means all applicable data privacy, data protection, and cybersecurity laws, rules and regulations to which the Covered Personal Data are subject. “Data Protection Laws” may include, but are not limited to, the California Consumer Privacy Act of 2018 (“CCPA”); the EU General Data Protection Regulation 2016/679 (“GDPR”) and its respective national implementing legislations; the Swiss Federal Act on Data Protection; the United Kingdom General Data Protection Regulation; and the United Kingdom Data Protection Act 2018 (in each case, as amended, adopted, or superseded from time to time).
    c) “Digital Property” means a landing page hosted by Permission.io that a visitor arrives at after clicking a Client advertisement served by or on behalf of Permission.io under the Agreement, a page on the Permission.io domain or in the Permission.io mobile app.
    d) “Personal Data” has the meaning assigned to the terms “personal data” or “personal information” under applicable Data Protection Laws, and will, at a minimum, mean any information relating to an identified or identifiable natural person.
    e) “Process” or “Processing” means any operation or set of operations which is performed on Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
    f) “Security Incident(s)” means the breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Covered Personal Data in a party’s possession or control.
    g) “Services” means the services provided by Permission to Client under the Agreement.
  3. Processing Terms for Covered Personal Data.
    a) Permission.io’s Sharing of Covered Personal Data. Permission.io may share Covered Personal Data with Client that Client provides into the Services directly, Personal Data that Client receives or has access to in connection with purchased media using the Services, and/or Personal Data collected by Permission from a visitor of a Digital Property under the Agreement.
    b) Each Party’s Role under Data Protection Laws. Each party is a “Business” and/or independent “Controller” (as such terms are defined by Data Protection Laws) of the Covered Personal Data it Processes. Under no circumstances shall the parties be considered joint “Controllers” under Data Protection Laws.
    c) Compliance with Laws. Each party shall comply with Data Protection Laws.
    d) Each Party’s Processing of Covered Personal Data. Each party may Process Covered Personal Data for the purposes contemplated by the Agreement and in accordance with such party’s privacy notice or privacy policy. If Client is in the business of a data aggregator, Client shall not be allowed to directly sell such data to a commercial or private data marketplace.
    e) Information Security. Each party shall implement and maintain reasonable administrative, technical, and physical safeguards designed to protect the Covered Personal Data that it Processes.
    f) Security Incidents. Upon becoming aware of a Security Incident, each party (“Notifying Party”) agrees to provide written notice to the other party without undue delay. The Notifying Party shall be solely responsible for remediating the Security Incident, including the provision of any legally required notice to affected individuals required under Data Protection Laws. Notwithstanding the foregoing, if a Security Incident affects both parties, the parties agree to coordinate with respect to any communications or notifications that are sent to government authorities and/or data subjects regarding such Security Incident.
    g) EEA, Swiss, and UK Standard Contractual Clauses. If Covered Personal Data originating in the European Economic Area, Switzerland, and/or the United Kingdom is transferred by Permission.io to Client in a country that has not been found to provide an adequate level of protection under applicable Data Protection Laws, the parties agree that the transfer shall be governed by Module One’s obligations in the Annex to the Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (“Standard Contractual Clauses”) as supplemented by Attachment 1 attached hereto, the terms of which are incorporated herein by reference. Each party’s signature to the Agreement shall be considered a signature to the Standard Contractual Clauses to the extent that the Standard Contractual Clauses apply hereunder.
  4. Third-Party Services. Certain features and functionalities within the Services may allow Client, or Permission.io acting on Client’s behalf, to interface or interact with, access, use, and/or share Covered Personal Data with compatible third-party services, products, technology and content (collectively, “Third-Party Services”) through the Services. Permission.io does not provide any aspect of the Third-Party Services and is not responsible for any compatibility issues, errors or bugs in the Services or Third-Party Services caused in whole or in part by the Third-Party Services or any update or upgrade thereto. Client is solely responsible for maintaining the Third-Party Services and obtaining any associated licenses and consents necessary for Client to use the Third-Party Services in connection with the Services.

  5. Cooperation and Assistance. Client will cooperate in providing accurate set-up and configuration data for the Services and, if applicable, implementation, in accordance with Permission.io’s instructions as provided in any documentation and the terms of the Agreement and/or any applicable order. Client will at all times provide, and Permission.io’s performance of Services and implementation shall be conditioned upon, Client providing Permission.io with good faith cooperation and assistance and make available such information, access, data, and Client personnel as may be reasonably required by Permission.io in order to provide the Services and implementation. As it relates to the Services, the parties will provide reasonable assistance and cooperate with each other to assist in each party’s compliance with Data Protection Laws.

  6. Contact. Each of Permission.io and Client agree to notify each other of an individual within its organization authorized to respond from time to time to inquiries regarding the Covered Personal Data and each of Permission.io and Client will handle such inquiries promptly. Permission.io’s data protection officer (DPO) can be reached via Email at: dpo@permission.io; Address: 888 Prospect Street, Suite 200, La Jolla, CA 92037.

  7. Claims and Disputes. In the event of a dispute or claim brought by a data subject or any government authority concerning the Processing of Covered Personal Data against either or both parties, the parties will inform each other about any such disputes or claims, and will cooperate with a view to resolving them within a reasonable time.

Attachment 1 to the Data Processing Addendum

This Attachment 1 forms part of the Addendum and supplements the Standard Contractual Clauses. Capitalized terms not defined in this Attachment 1 have the meaning set forth in the Addendum or the Agreement.

The parties agree that the following terms shall supplement the Standard Contractual Clauses:

  1. Supplemental Terms. The parties agree that: (i) a new Clause 1(e) is added the Standard Contractual Clauses which shall read: “To the extent applicable hereunder, these Clauses also apply mutatis mutandis to the Parties’ processing of personal data that is subject to the applicable data protection laws of Switzerland. Where applicable, references to EU Member State law or EU supervisory authorities shall be modified to include the appropriate reference under Swiss law as it relates to transfers of personal data that are subject to such laws.”; (ii) a new Clause 1(f) is added to the Standard Contractual Clauses which shall read: “To the extent applicable hereunder, these Clauses, as supplemented by Annex III, also apply mutatis mutandis to the Parties’ processing of personal data that is subject to UK Data Protection Laws (as defined in Annex III).”; (iii) the optional text in Clause 7 is deleted; (iv) the optional text in Clause 11 is deleted; and (v) in Clauses 17 and 18, the governing law and the competent courts are those of Ireland (for EEA transfers), Switzerland (for Swiss transfers), or England and Wales (for UK transfers).
  2. Annex I. Annex I to the Standard Contractual Clauses shall read as follows:
    A.  List of PartiesData Exporter: Permission.io.  Address: As set forth in the Notices section of the Agreement.Contact person’s name, position, and contact details: As set forth in the Notices section of the Agreement.Activities relevant to the data transferred under these Clauses: As set forth in the Addendum. Role: Controller. Data Importer: Client; Permission.ioAddress: As set forth in the Notices section of the Agreement.Contact person’s name, position, and contact details: As set forth in the Notices section of the Agreement.Activities relevant to the data transferred under these Clauses: As set forth in the Addendum.
    Role: Controller.

    Categories of data subjects whose personal data is transferred: End users whose data is transmitted to data importer through the use of Permission.io’s Services and End Users that visit Permission.io’s Digital Properties and provide their consent for data exporter to share personal data with data importer.

    Categories of personal data transferred: Personal data that is transferred under the Clauses including, but not limited to, name and email address.

    Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialized training), keeping a record of access to the data, restrictions for onward transfers or additional security measures: To the parties’ knowledge, no sensitive data is transferred.

    The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis): Covered Personal Data is transferred on a continuous basis and in accordance with the standard functionality of the data exporter’s services, or as otherwise agreed upon by the parties.

    Nature of the processing: As set forth in the Addendum.

    Purpose(s) of the data transfer and further processing: To facilitate advertising of information to End Users and for the performance of the rights and obligations under the Agreement (and any activities that are reasonably necessary or incidental thereto).

    The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period: Data importer will retain Covered Personal Data for as long as it’s necessary to fulfill the purposes for which  it is processed in accordance with the Agreement and its applicable privacy notice or privacy policy.

    C.  Competent Supervisory Authority: The supervisory authority mandated by Clause 13. If no supervisory authority is mandated by Clause 13, then the Irish Data Protection Commission (DPC), and if this is not possible, then as otherwise agreed by the parties consistent with the conditions set forth in Clause 13.

    D.  Additional Data Transfer Impact Assessment: 
    The personal data that is transferred under the Clauses will be stored in or accessed from the United States, unless otherwise specified in the Agreement.
    To data importer’s knowledge, data importer will not process any personal data that is transferred to the United States under the Clauses about a non-United States person that could reasonably be considered “foreign intelligence information” as defined by 50 U.S.C. § 1801(e).
    As of the effective date of the Addendum, no court has found data importer to be eligible to receive process issued under the laws of any country outside of the European Economic Area, Switzerland, and/or the United Kingdom where personal data is stored or accessed from that would interfere with data importer fulfilling its obligations under the Clauses, including FISA Section 702, and no such court action is pending.
    Data importer has never received a request from public authorities for information pursuant to the laws of the European Economic Area, Switzerland, and/or the United Kingdom.
    Data importer has never received a request from public authorities for personal data of individuals located in the European Economic Area, Switzerland, and/or the United Kingdom.

    E. Data Transfer Impact Assessment Outcome: Taking into account the information and obligations set forth in the Addendum and, as may be the case for a party, such party’s independent research, to the parties’ knowledge, the personal data originating in the European Economic Area, Switzerland, and/or the United Kingdom that is transferred pursuant to the Clauses to a country that has not been found to provide an adequate level of protection under applicable data protection laws is afforded a level of protection that is essentially equivalent to that guaranteed by applicable data protection laws.

  3. Annex II. Annex II of the Standard Contractual Clauses shall read as follows:
    Data importer shall implement and maintain reasonable administrative, technical, and physical safeguards designed to protect the personal data that it processes.
  4. Annex III. A new Annex III shall be added to the Standard Contractual Clauses and shall read as follows:
    Standard Data Protection Clauses to be issued by the Commissioner under S119A(1) Data Protection Act 2018
    UK Addendum to the EU Commission Standard Contractual Clauses
    Date of this Addendum:

    1. The Clauses are dated as of the same date as the Addendum.
    Background:
    2. The Information Commissioner considers this Addendum provides appropriate safeguards for the purposes of transfers of personal data to a third country or an international organization in reliance on Articles 46 of the UK GDPR and, with respect to data transfers from controllers to processors and/or processors to processors. This Addendum forms part of and supplements the Clauses to which it is attached. If personal data originating in the United Kingdom is transferred by data exporter to data importer in a country that has not been found to provide an adequate level of protection under UK Data Protection Laws, the Parties agree that the transfer shall be governed by the Clauses as supplemented by this Addendum.
    Interpretation of this Addendum
    3. Where this Addendum uses terms that are defined in the Annex those terms shall have the same meaning as in the Annex. In addition, the following terms have the following meanings:

    This Addendum  This Addendum to the Clauses
    The Annex  The Standard Contractual Clauses set out in the Annex of Commission Implementing Decision (EU) 2021/914 of 4 June 2021
    UK Data Protection Laws All laws relating to data protection, the processing of personal data, privacy and/or electronic communications in force from time to time in the UK, including the UK GDPR and the Data Protection Act 2018.
    UK GDPR  The United Kingdom General Data Protection Regulation, as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018.
    UK  The United Kingdom of Great Britain and Northern Ireland

    4. This Addendum shall be read and interpreted in the light of the provisions of UK Data Protection Laws, and so that it fulfills the intention for it to provide the appropriate safeguards as required by Article 46 UK GDPR.
    5. This Addendum shall not be interpreted in a way that conflicts with rights and obligations provided for in UK Data Protection Laws.
    6. Any references to legislation (or specific provisions of legislation) means that legislation (or specific provision) as it may change over time. This includes where that legislation (or specific provision) has been consolidated, re-enacted and/or replaced after this Addendum has been entered into.
    Hierarchy
    7. In the event of a conflict or inconsistency between this Addendum and the provisions of the Clauses or other related agreements between the Parties, existing at the time this Addendum is agreed or entered into thereafter, the provisions which provide the most protection to data subjects shall prevail.
    Incorporation of the Clauses
    8. This Addendum incorporates the Clauses which are deemed to be amended to the extent necessary so they operate:
    a. for transfers made by the data exporter to the data importer, to the extent that UK Data Protection Laws apply to the data exporter’s processing when making that transfer; and
    b. to provide appropriate safeguards for the transfers in accordance with Articles 46 of the UK GDPR Laws.
    9. The amendments required by Section 8 above, include (without limitation):
    a. References to the “Clauses” means this Addendum as it incorporates the Clauses
    b. Clause 6 Description of the transfer(s) is replaced with:
    “The details of the transfers(s) and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred) are those specified in Annex I.B where UK Data Protection Laws apply to the data exporter’s processing when making that transfer.”
    c. References to “Regulation (EU) 2016/679” or “that Regulation” are replaced by “UK Data Protection Laws” and references to specific Article(s) of “Regulation (EU) 2016/679” are replaced with the equivalent Article or Section of UK Data Protection Laws.
    d. References to Regulation (EU) 2018/1725 are removed.
    e. References to the “Union”, “EU” and “EU Member State” are all replaced with the “UK”
    f. Clause 13(a) and Part C of Annex II are not used; the “competent supervisory authority” is the Information Commissioner;
    g. Clause 17 is replaced to state “These Clauses are governed by the laws of England and Wales”.
    h. Clause 18 is replaced to state:
    “Any dispute arising from these Clauses shall be resolved by the courts of England and Wales. A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts of any country in the UK. The Parties agree to submit themselves to the jurisdiction of such courts.”
    10. Clarifying Terms. The parties agree that the termination right contemplated by Clause 14(f) and Clause 16(c) of the Standard Contractual Clauses will be limited to the termination of the Standard Contractual Clauses.