Master Service Terms
Schedule E – General Data Protection Regulation
Last Updated: April 6, 2022
Schedule E
- Scope. This Schedule E applies to the Processing of Personal Data if (a) Client or Amobee is established in the European Union or (b) neither Client nor Amobee are established in the European Union but the Agreement covers the Processing of Personal Data of Data Subjects who are in the European Union. (The “European Union” includes Iceland, Liechtenstein, Norway and the United Kingdom for purposes of this Schedule E, unless otherwise specified.) In the event of conflict between this Schedule E and the remainder of the Agreement, this Schedule E will control.
- Standard Contractual Clauses. Implementing Decision (EU) 2021/914 (the “Standard Contractual Clauses”) is incorporated by reference. The choices made under the Standard Contractual Clauses are as follows:
- Amobee is the “data importer” and Client is the “data exporter.”
- For Section II, Clause 1, “Data protection safeguards,” Module Two, section 1.5, “Storage limitation and erasure or return of data,” the parties elect Option 1.
- For Section II, Clause 4, “Use of Subprocessors,” Module Two, section (a), the parties elect Option 2.
- For Section II, Clause 5, “Data subject rights,” Module Two, section (a), Client authorizes Amobee to respond to data subject requests according to the terms set forth in Module One of the same clause.
- For Section II, Clause 6, “Redress,” the parties elect to omit the optional text.
- For Section II, Clause 9, “Supervision,” the supervisory authority and member state are Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit and Germany, respectively.
- For Section III, Clause 2, “Governing law,” the parties elect Option 1 and the member state is Germany.
- For Section III, Clause 3, “Choice of forum and jurisdiction,” the member state is Germany.
- Annex I, II and III are provided at the end of this Schedule E.
- United Kingdom. Where activities are subject to the jurisdiction of the United Kingdom, the supervisory authority is the Information Commissioner’s Office, the governing law is that of England and Wales and the choice of forum and jurisdiction is the courts in London. Amobee EMEA Limited is registered under number ZA440458.
- Role of Amobee and Client. The roles of Amobee and Client under the Standard Contractual Clauses may be processor and controller, or independent controller and independent controller, depending on the situation.
- Processor Role. Amobee serves as processor in the situation where it processes Client Data. Module Two of the Standard Contractual Clauses applies in this instance.
- “Client Data” for this Schedule E, in principle, has the meaning in Schedule A or B if applicable to the services provided under the Agreement. Otherwise “Client Data” means personal data stored in the Platform by Client that Amobee and Client have agreed belongs to the Client, specifically including pixel targeting data, any data collected by Client outside the Platform and any data licensed by Client from a third party and specifically excluding other data regarding end users’ digital activity gathered through on by the Platform.
- Independent Controller. Otherwise Amobee serves as an independent controller and Module One of the Standard Contractual Clauses applies.
- Processor Role. Amobee serves as processor in the situation where it processes Client Data. Module Two of the Standard Contractual Clauses applies in this instance.
Annex I
A. List of Parties
Data exporters: The name, address, contact person, and signature are on the Pricing Sheet for this Agreement. The activities relevant to the data transferred under the Standard Contractual Clauses are: Amobee will provide the Services to Client in accordance with the Agreement.
Data importers: The name, address, contact person, and signature are on the Pricing Sheet for this Agreement. The activities relevant to the data transferred under the Standard Contractual Clauses are: Amobee will provide the Services to Client in accordance with the Agreement.
B. Description of the Transfer
Categories of data subjects whose personal data is transferred: Users of various Internet sites, mobile applications and connected TV sets.
Categories of personal data transferred: In each instance it consists of one or more pseudonymous Internet identifiers, demographic information (e.g., gender, age, education, household and ethnic background), commercial information (e.g., shopping history, shopping intention or affiliation with an advertiser), inferred interests (e.g., hobbies or professional) or other information reflecting the data subjects’ preferences, characteristics, predispositions, behavior or attitudes. The data could be based on real-world data that the Vendor matched to a pseudonymous identifier, or it could be based on inferences based on the data subjects’ behavior on the Internet.
Special categories of personal data transferred: None.
Purpose of the data transfer and further processing: The data is being transferred and processed in order to sort the data subjects into groups in order to show the data subjects Internet advertising of higher relevance, which will in some cases be advertising pertaining to the Client’s products and services.
Maximum data retention period: 13 months
The subject matter, nature and duration of the processing: Providing Internet advertisements and marketing services. The data may be processed for up to 13 months.
Annex II
Amobee may update or modify its security measures from time to time, provided that such updates and modifications do not result in the degradation of overall security.
- Data Center and Network Security.
(a) Data Centers.
Infrastructure. Amobee maintains or leases computers in geographically distributed data centers. Amobee stores all production data in physically secure data centers.
Redundancy. Infrastructure systems have been designed to eliminate single points of failure and minimize the impact of anticipated environmental risks. Dual circuits, switches, networks or other necessary devices help provide this redundancy. The Processor Services are designed to allow Amobee to perform certain types of preventative and corrective maintenance without interruption. All environmental equipment and facilities have documented preventative maintenance procedures that detail the process for and frequency of performance in accordance with the manufacturer’s or internal specifications. Preventative and corrective maintenance of the data center equipment is scheduled through a standard process according to documented procedures.
Power. The data center electrical power systems are designed to be redundant and maintainable without impact to continuous operations, 24 hours a day, and 7 days a week. In most cases, a primary as well as an alternate power source, each with equal capacity, is provided for critical infrastructure components in the data center. Backup power is provided by various mechanisms such as uninterruptible power supply batteries, which supply consistently reliable power protection during utility brownouts, blackouts, over voltage, under voltage, and out-of-tolerance frequency conditions. If utility power is interrupted, backup power is designed to provide transitory power to the data center, at full capacity, for up to 10 minutes until the diesel generator systems take over. The diesel generators are capable of automatically starting up within seconds to provide enough emergency electrical power to run the data center at full capacity typically for a period of days.
Server operating systems. Amobee servers use hardened operating systems which are customized for the unique server needs of the business. Data is stored using proprietary algorithms to augment data security and redundancy. Amobee employs a code review process to increase the security of the code used to provide the Processor Services and enhance the security products in production environments.
(b) Networks and Transmission.
Data Transmission. Data centers are typically connected via high-speed private links to provide secure and fast data transfer between data centers. This is designed to prevent data from being read, copied, altered or removed without authorization during electronic transfer or transport or while being recorded onto data storage media. Amobee transfers data via Internet standard protocols.
External attack surface. Amobee employs multiple layers of network devices and intrusion detection (depending on the system) to protect its external attack surface. Amobee considers potential attack vectors and incorporates appropriate purpose built technologies into external facing systems.
Intrusion prevention. Amobee’s intrusion prevention involves tightly controlling the size and make-up of Amobee’s attack surface through preventative measures.
Incident response. Amobee monitors a variety of communication channels for security incidents, and Amobee’s security personnel will react promptly to known incidents. Amobee has a written Security Incident Response Plan that has been reviewed by counsel.
Encryption technologies. Amobee makes HTTPS encryption (also referred to as SSL or TLS connection) available.
- Access and Site Controls
(a) Site Controls.
On-site data center security operation. Amobee’s data centers maintain an on-site security operation responsible for all physical data center security functions 24 hours a day, 7 days a week. (The security operation consists of non-Amobee staff.) The on-site security operation personnel monitor Closed Circuit TV (“CCTV”) cameras and all alarm systems. On-site security operation personnel perform internal and external patrols of the data center regularly.
Data center access procedures. Amobee maintains formal access procedures for allowing physical access to the data centers. The data centers are housed in facilities that require electronic card key access, with alarms that are linked to the on-site security operation. All entrants to the data center are required to identify themselves as well as show proof of identity to on-site security operations. Only authorized employees, contractors and visitors are allowed entry to the data centers. Only authorized employees and contractors are permitted to request electronic card key access to these facilities. Data center electronic card key access requests must be made in advance and in writing, and require the approval of the requestor’s manager and the data center director. All other entrants requiring temporary data center access must: (i) obtain approval in advance from the data center managers for the specific data center and internal areas they wish to visit; (ii) sign in at on-site security operations; and (iii) reference an approved data center access record identifying the individual as approved.
On-site data center security devices. The data centers that Amobee uses employ an electronic card key and biometric access control system that is linked to a system alarm. The access control system monitors and records each individual’s electronic card key and when they access perimeter doors, shipping and receiving, and other critical areas. Unauthorized activity and failed access attempts are logged by the access control system and investigated, as appropriate. Authorized access throughout the business operations and data centers is restricted based on zones and the individual’s job responsibilities. The fire doors at the data centers are alarmed. CCTV cameras are in operation both inside and outside the data centers. The positioning of the cameras has been designed to cover strategic areas including, among others, the perimeter, doors to the data center building, and shipping/receiving. On-site security operations personnel manage the CCTV monitoring, recording and control equipment. Secure cables throughout the data centers connect the CCTV equipment. Cameras record on-site via digital video recorders 24 hours a day, 7 days a week. The surveillance records are retained for at least 7 days based on activity.
(b) Access Control.
Infrastructure security personnel. Amobee has, and maintains, a security policy for its personnel, and requires security training as part of the training package for its personnel. Amobee’s security personnel are responsible for the ongoing monitoring of Amobee’s security infrastructure, the review of the Processor Services, and responding to security incidents.
Access control and privilege management. Client’s administrators and users must authenticate themselves via a central authentication system or via a single sign on system in order to use the Processor Services.
Internal data access processes and policies. Amobee’s internal data access processes and policies are designed to prevent unauthorized persons and/or systems from gaining access to systems used to process personal data. Amobee aims to design its systems to: (i) only allow authorized persons to access data they are authorized to access; and (ii) ensure that personal data cannot be read, copied, altered or removed without authorization during Processing, use and after recording. The systems are designed to detect any inappropriate access.
- Data
(a) Pseudonymization
In order to enhance user privacy, Amobee uses pseudonymous identifiers for end users. Amobee does not have the ability to deduce an end user’s name, physical address, e-mail address or telephone number from its records.
(b) Data Storage, Isolation & Authentication.
Amobee stores data in a multi-tenant environment on servers owned or leased by Amobee. Data, the Processor Services database and file system architecture are replicated between multiple geographically dispersed data centers. Amobee logically isolates each Client’s data.
(c) Decommissioned Disks and Disk Destruction Guidelines.
Certain disks containing data may experience performance issues, errors or hardware failure that lead them to be decommissioned. Every decommissioned disk is subject to a series of data destruction processes before leaving Amobee’s premises either for reuse or destruction.
- Personnel Security
Amobee personnel are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. Amobee conducts reasonably appropriate backgrounds checks to the extent legally permissible and in accordance with applicable local labor law and statutory regulations.
Personnel are required to execute a confidentiality agreement and must acknowledge receipt of, and compliance with, Amobee’s confidentiality and privacy policies. Personnel are provided with security training. Personnel handling Client Personal Data are required to complete additional requirements appropriate to their role. Personnel will not Process Client Personal Data without authorization and access to Client Personal Data is limited to those personnel who require such access to perform the Services.
- Subprocessor Security
Before onboarding subprocessors, Amobee conducts due diligence to ensure subprocessors provide a level of security and privacy appropriate to their access to data and the scope of the services they are engaged to provide. Once Amobee has assessed the risks presented by the subprocessor then the subprocessor is required to enter into appropriate security, confidentiality and privacy contract terms.
Annex III