AdCellerant Data Privacy Terms

The following data protection terms and conditions (“Data Privacy Terms”), form an integral part of the underlying Master Services Agreement (“Agreement”) between AdCellerant LLC, a Colorado limited liability company (“Company”), and the client (“Client”) (each, a “Party” or together, the “Parties”) with respect to the Processing of Personal Data in the course of performing work and services on behalf of the Client (“Services”). The Parties agree that these Data Privacy Terms replace or supersede any existing Data Privacy Terms or similar documents that the Parties may have previously entered into with regard to the Processing of Personal Data in connection with the Services. In the event of any conflict or inconsistency between the Agreement and these Data Privacy Terms and any Attachments hereto, the Data Privacy Terms and/or any applicable Attachments shall govern, except where the terms of the Agreement expressly state otherwise.

1. DEFINITIONS

Unless otherwise defined herein, all capitalized terms are as defined in the Agreement. The following definitions shall apply to the Data Privacy Terms and the Agreement:

“Applicable Privacy Laws” means all applicable federal and state privacy, data security and breach notification laws, including, without limitation, the California Consumer Privacy Act of 2018, Cal. Civ. Code Section 1798.100, et seq., as may be amended from time to time (including but not limited to those amendments enacted by the California Privacy Rights Act of 2020) (“CCPA”); Canada’s Personal Information Protection and Electronic Documents Act, the Colorado Privacy Act; the Connecticut Data Privacy Act; the Utah Consumer Privacy Act; the Virginia Consumer Data Protection Act; as well as any other analogous federal, state, or local privacy, data security, information security, and breach notification laws, regulations, or directives applicable to the Processing of Personal Data.
“Consumer” means an identified or identifiable natural person to whom the Personal Data relates.
“Controller” means the business, organization, operator, or natural or legal person which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data. For the avoidance of doubt, the term “Controller” shall also mean “business” as defined under the CCPA.
“Client Personal Data” means Personal Data Processed by Company on behalf of Client in connection with the Services including but not limited to Personal Data provided and/or disclosed by Client’s Advertisers to Client in connection with the Services.
“Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed.
“Personal Data” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or is linked or reasonably linkable, directly or indirectly, to an identified or identifiable individual or household. “Personal Data” does not mean aggregate information, deidentified information, or any information that is no longer considered Personal Data, including by application of deidentification or aggregation techniques that meet the requirements of the Applicable Privacy Laws.
“Processing” (and the related terms “Process” “Processes,” and “Processed”) means any operation or set of operations performed upon Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Processor” means the service provider, data processor, third party, vendor, or other natural or legal person engaged to Process Personal Data on behalf of the Controller. For the avoidance of doubt, the term “Processor” shall also mean “service provider” as defined under the CCPA.
“Sensitive Personal Data” shall take the same meaning as the analogous term is defined under Applicable Privacy Laws, including, but not limited to Personal Data, revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, data concerning health or sex life and sexual orientation, genetic data or biometric data. Sensitive Personal Data do not include data relating to criminal offences and convictions are addressed separately.
“Subprocessor” means any Processor engaged by and contracted with Company for purposes of Processing Client Personal Data.
“Regulator” means any governmental authority that regulates Applicable Privacy Laws.

2. ROLES OF THE PARTIES

The Parties acknowledge that for purposes of Applicable Privacy Laws, Client is the “controller,” “business,” or any similar term provided under Applicable Privacy Laws, and Company is the “service provider,” “processor,” “contractor,” “third party,” or any similar term provided under Applicable Privacy Laws.

3. DETAILS OF THE PROCESSING

These Data Privacy Terms apply only when, and to the extent that, Client Personal Data is subject to Applicable Privacy Laws and Processed in connection with the following:

Nature and purpose of the Processing: To provide the Services described in the orders initiated by the Client from time to time under the Agreement, including:
1. Performing services on behalf of the Business, such as maintaining and servicing Client accounts, processing or fulfilling Client’s orders and other transactions; verifying Client’s information; and providing analytic services to Client.
2. Providing advertising and marketing services, such as providing a platform for advertising inventory management; and offering services to optimize advertising performance.
3. Auditing related to counting, verifying, and quality control of ad impressions.
4. Debugging to identify and repair errors that impair intended functionality.
Types of Personal Data subject to the Processing: Home address, email, first and last name, phone number.
Duration of the Processing: For the term of the Agreement.

4. GENERAL OBLIGATIONS

Client shall:
1. Comply with its obligations under Applicable Privacy Laws and all Client Personal Data has been lawfully collected and shall ensure that any instructions that it issues to Company shall comply with Applicable Privacy Laws. The Parties agree that the Agreement constitutes Client’s instructions regarding the Processing of Personal Data.
2. Ensure that it and its Advertisers have obtained any and all necessary and legally required consents from any individual, provided any and all necessary and legally required notices to consumers in order to collect, process, share or use such consumer data in connection with Services, and implemented any legally required consent withdrawal or opt out mechanisms (whether by applicable publishers, industry initiatives, Client, or otherwise) so as to enable Company to obtain and Process Client Personal Data lawfully in accordance with Applicable Privacy Laws in connection with the Services.
3. Not disclose or transfer to Company any personal information of any individual located or residing outside of the United States of America or Canada.
Each Party shall:
1. Put in place industry-standard technical and organizational measures to ensure a level of security and confidentiality for Personal Data appropriate to the risks of the Processing, including to protect against unauthorized or unlawful Processing and accidental loss, destruction, or damage.
2. When required by Applicable Privacy Laws, timely notify the other Party after becoming aware of a Data Breach, in which case the Party that has suffered the Data Breach shall provide reasonable assistance in relation to remediating the Data Breach and complying with related obligations under Applicable Privacy Laws.
3. When required by Applicable Privacy Laws, provide reasonable assistance to another Party in the event of any complaint, request, or communication from a Regulator or Consumer alleging non-compliance with Applicable Privacy Laws or these Data Privacy Terms as a result of the Processing carried out under the Agreement.
4. When required by Applicable Privacy Laws, perform all legally required data protection impact assessments and/or privacy impact assessments.
5. Limit access to those personnel and Subprocessors performing the Services and related business operations.

5. RESPONSIBILITIES OF COMPANY

In addition to any obligations in the Agreement, where Company acts as a Processor, Company will, when required by Applicable Privacy Laws:

Will only Process Client Personal Data in accordance with the reasonable written instructions of Client (unless required by law to act without such instructions or such instructions are contrary to relevant laws or regulations) for the Services.
Ensure that people in Company’s employment with access to Client Personal Data or otherwise Processing Client Personal Data are subject to appropriate confidentiality obligations.
Provide Client with reasonable assistance in relation to Client’s obligations under Applicable Privacy Laws, including in relation to responding to requests from Consumers to exercise privacy rights, carrying out data protection impact assessments or similar privacy assessments, and consulting with Regulators, unless Client’s requested action is impossible or involves disproportionate effort. If processing a request is impossible or requires disproportionate effort, Company will provide Client with a written explanation describing the impossibility of the request or disproportionate effort required.
At Client’s request, delete or return, to the extent possible, with respect to Client Personal Data maintained by Company, and notify relevant Subprocessors to take corresponding actions, unless Client’s requested action is impossible or involves disproportionate effort. If processing a request is impossible or requires disproportionate effort, Company will provide Client with a written explanation describing the impossibility of the request or disproportionate effort required.
Not sell, retain, use, or disclose Client Personal Data for any purpose other than to provide the Services.
Only engage Subprocessors in accordance with the following provisions:
1. Company may use its own affiliates and other Subprocessors to process Client Personal Data to provide Services on its behalf.
2. All processing by Subprocessors is subject to a written agreement with Subprocessors that contains any terms required by Applicable Privacy Laws and imposes on each Subprocessor the same obligations with respect to Client Personal Data applicable to Company under these Data Privacy Terms.
3. Company may engage Subprocessors to process Client Personal Data on its behalf after providing Client with notice and an opportunity to object to the engagement of the Subprocessor when required by Applicable Privacy Laws. At Company’s choice, Company may notify Client of new Subprocessors by adding the Subprocessors to a list of Subprocessors maintained on Company’s platform located here. Following the addition of a new Subprocessor to such list, Client shall have ten days to object to Company’s use of such Subprocessor.
Upon written request by Client, make available to Client appropriate information reasonably necessary for demonstrating Company’s compliance with its obligations under the Applicable Privacy Laws. In the event that the information or documentation provided by Company reveals any unauthorized use of the Personal Data, Client and Company shall promptly work together in good faith to agree upon reasonable and appropriate steps to stop and remediate the unauthorized use.
Where required by Applicable Privacy Laws, at reasonable intervals during the term of the Agreement, not to exceed more than once in a given twelve (12) month period, Company shall, upon written request by Client, allow for, and cooperate with, reasonable assessments, by Client or Client’s designated auditor at Client’s expense, of Company’s systems to solely confirm compliance with these Data Privacy Terms or Applicable Privacy Laws with respect to the Services, including through measures such as ongoing manual reviews, automated scans, and regular assessments, audits or other technical and operational testing.. Client shall give Company reasonable prior written notice of any such audits or inspection and shall, to the extent allowable by law, be responsible for all reasonable costs incurred by Company in participating in such an audit, calculated on a time and materials basis.
Securely delete all Client Personal Data (and not previously deleted in accordance with Company’s standard data deletion schedules) at the termination of the Processing described in the Agreement, unless Client requests in writing that Client Personal Data be returned to Client.

6. CCPA

This Section sets forth additional responsibilities of Company and Client with respect to the Processing of Personal Information subject to the CCPA, and that is processed in the course of Client’s use of the Services and applies only to the extent the CCPA is applicable, such as when the Client Personal Data Processed for the Services is in scope for the CCPA. For purposes of this CCPA Supplement, the terms “Aggregate Consumer Information,” “Business,” “Business Purpose,” “Deidentified,” “Personal Information,” “Sell,” “Service Provider,” “Share,” and “Third Party” shall have the same meaning as in the CCPA. For clarity, the provisions of this section do not apply to Aggregate Consumer Information, Deidentified Personal Information, or any information that is no longer considered Personal Information, including by application of deidentification or aggregation techniques that meet the requirements of the CCPA. Company will notify Client if Company determines that it can no longer meet its obligations under this CCPA Supplement or the CCPA.

OBLIGATIONS ON COMPANY WHERE COMPANY ACTS AS A SERVICE PROVIDER. Company and Client agree that, as to Processing of Personal Information collected as part of providing the Services, as described in the Agreement, and the Data Privacy Terms, Company is a Service Provider and Client is the Business. Accordingly, except as otherwise permitted by the CCPA, Company shall not:
1. Sell or Share the Personal Information.
2. Retain, use, or disclose the Personal Information for any purpose other than for the Business Purposes as set forth in this section, including retaining, using, or disclosing the Personal Information for a commercial purpose other than providing the Company Services.
3. Retain, use, or disclose the Personal Information outside of the direct business relationship between Company and Client.
4. Combine Personal Information collected pursuant to the Agreement with Client with Personal Information received from any other source or collected from Company’s own interaction with a Consumer, except as expressly permitted under the CCPA.
OBLIGATIONS OF COMPANY WHEN COMPANY ACTS AS A THIRD PARTY. In addition to the purposes set forth in this section, Client may make Personal Information available to Company for Services that require Processing Personal Information for Cross-Contextual Behavioral Advertising and/or combining Personal Information with data from other sources. When Processing Personal Information in this way, Company and any Subprocessor will be deemed a Third Party within the meaning of the CCPA and subject to the obligations on Third Parties specified in the CCPA. Company shall not use Personal Information provided by Client under this clause outside these limited and specified purposes.

7. CHANGES TO DATA PRIVACY TERMS

Company may need to update these Data Privacy Terms from time to time, including to accurately reflect or comply with Applicable Privacy Laws and other applicable laws to the parties. Company may change these Data Privacy Terms if the change:

Is permitted by these Data Privacy Terms;
Reflects a change in the name or form of a legal entity;
Is necessary to comply with Applicable Privacy Laws, or a binding regulatory or court order; or
Does not: (i) result in a degradation of the overall security of the Services; (ii) expand the scope of, or remove any restrictions on, either party’s right to use or otherwise Process Client Personal Data for the Services; and (iii) otherwise have a material adverse impact on the Parties’ rights under these Data Privacy Terms, as reasonably determined by Company.

Company shall use commercial reasonable efforts to provide notice to Client of any material updates or changes to these Data Privacy Terms including posting a revised version of these Data Protections Terms available here. By instructing the Processing of Personal Data under the Agreement, Client agrees to review and comply with the latest version of these Data Privacy Terms, and Client waives any objection to the means and manner of Client’s acceptance of these Data Privacy Terms that may be specified in or required by the Agreement.

See how we make
digital advertising easy

Better campaigns. Greater experiences. More revenue. It’s all within your grasp.

Acquire Knowledge

View Resource Hub

Integrations