This agreement is between
Data Processor or MobiAds: mobiads.dailymails.org, an online product registered in India
Data Controller or Publisher: a person or company that controls the personal data processed using MobiAds Services.
Website: mobiads.dailymails.org and any of its subdomains.
Service or Services: all content, services and products available at, or through the Website, including, but not limited to, advertising using MobiAds advertising platform or API. API: Automated application programming interface to connect MobiAds Services with other websites, servers or applications. Personal Data: any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. Data Subject: an individual to whom Personal Data relates. Data Processing: processing of data on behalf of the Data Controller.
GDPR: General Data Protection Regulation (EU) 2016/679
Roles of the Parties.The parties acknowledge and agree that with regard to the Processing of Personal Data, Publisher is the Controller and MobiAds is the Data Processor.
Publisher’s Processing of Personal Data.Publisher shall, in its use of the Services and provision of instructions, Process Personal Data in accordance with the requirements of applicable Data Protection Law. Publisher shall have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which Publisher acquired Personal Data. If MobiAds believes or becomes aware that any of Publisher’s instructions conflicts with any Data Protection Laws, MobiAds shall inform Publisher. Publisher shall have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which Publisher obtained the Personal Data.
MobiAds Processing of Personal DataAs Publisher’s Processor, MobiAds shall only Process Personal Data for the following purposes: (i) Processing required to provide the Services in accordance with the Agreement; and (ii) Processing to comply with other reasonable instructions provided by Publisher that are consistent with the terms of the Agreement. MobiAds acts on behalf of and on the instructions of Publisher in carrying out all Processor responsibilities. MobiAds shall process Personal Data in accordance with the requirements of the Data Protection Laws and Publisher will ensure that its instructions for the Processing of Personal Data shall comply with the Data Protection Laws.
It is agreed that by signing this Data Protection Agreement any previous Data Protection Agreements between the Data Controller and Data Processor are terminated with immediate effect. Nothing within this contract relieves the Data Processor nor the Data Controller of its own direct responsibilities and liabilities under the GDPR.
The Data Processor processes large amount of Personal Data, therefor it has appointed data protection officer: Mr Kamta Prasad Singh (contact DPO: email@example.com).
The Data Processor provides the Data Controller with whatever information it needs to ensure they both meet the obligations under GDPR. The Data Controller is responsible for maintaining Data Subjects’ rights. The Data Processor assists the Data Controller allowing Data Subjects to exercise their rights.
The Data Processor ensures that people accessing the Personal Data are subject to a duty of confidence. The Data Processor may not use sub-processors without the prior written authorisation of the Data Controller.
The Data Processor will keep all Personal Data confidential and not disclose such data to third parties unless it has been authorised by the Data Controller or is required by law.
The Data Controller must have a lawful basis before beginning processing and should document it. The Data Processor reserves the right to ask the Data Controller for their documented lawful basis for processing. If requested the Data Controller must present their documented lawful basis for processing immediately but not later than 7 days.
The Data Processor stores and processes Personal Data on its servers in the India only.
Data Subject Requests.MobiAds shall, to the extent legally permitted and as may reasonably be expected, promptly notify Publisher if it receives any requests from a Data Subject to exercise the following Data Subject rights: access, rectification, restriction of Processing, erasure (“right to be forgotten”), data portability, objection to the Processing, or to not be subject to an automated individual decision making (each, a “Data Subject Request”). To the extent Publisher, in its use or receipt of the Services, does not have the ability to action on a Data Subject Request, as required by Data Protection Laws, MobiAds shall promptly comply, if in a position to do so, with all reasonable requests by Publisher to facilitate such actions to the extent MobiAds is legally permitted and reasonably able to do so. To the extent legally permitted, Publisher shall be responsible for any costs arising from MobiAds provision of such assistance, including any fees associated with provision of additional functionality.
The data is processed automatically on the Data Processor’s servers, without human interaction. If the Data Controller requests, or in certain cases when Data Processor wishes to review user activities, the Data Processor’s colleagues have the right to review files uploaded and result files provided on the Data Processor’s Website. In case the Data Processor need to investigate a complaint, the Data Processor might process or re-process data through its system. The Data Processor makes sure the colleagues are vetted and trained before allowing them to complete any review. This review happens in a safe environment, all files are deleted after review.
From time to time the Data Processor might use contractors to develop its Services. These contractors must specifically agree not to use data other than specifically requested by the Data Processor. All employees and contractors of the Data Processor accessing Personal Data are required to sign a non-disclosure agreement. The Data Processor completes data protection impact assessments at least once a year and takes necessary actions to improve data security if any improvement areas are found.
The Data Processor stores original and results files for up to 2 months only, after this period all files are automatically and permanently deleted.
Data Controller may delete their files at any time.
The Data Processor will notify the Data Controller about any Personal Data breaches – including but not limited to accidental or unlawful access or disclosure - within 72 hours of becoming aware of the breach.
The Data Processor shall not be liable for any of the Data Controller’s claims, damages, losses, expenses, costs or other liability in the event of Personal Data breach or loss under any circumstances.
The Data Processor agrees to coordinate with supervisory authorities.
Either party may terminate this agreement by giving each other 1 weeks notice in writing. If both parties agree to a new Data Protection Agreement, it is effective immediately after signature.
This agreement, and any dispute or claim arising out of or in connection with it shall be governed by the law of India.