LnData GDPR Data Processing Terms

   LnData and the counterparty agreeing to these terms ('Customer') have entered into an agreement for the provision of the Processor Services (as amended from time to time, the ('Agreement').

1. Introduction

   These Data Processing Terms reflect the parties' agreement on the terms governing the processing and security of Customer Personal Data in connection with the Data Protection Legislation.

2. Definitions and Interpretation
   1. 'LnData' LnData, Inc. ('LnData', 'we', 'us' or 'our' ,'Processor') means the LnData Entity that is party to the Agreement.
   2. 'LnData customers' means the LnData customers who have a direct contract with LnData and accept the LnData Data Processing Terms.
   3. 'EEA' means the European Economic Area.
   4. 'GDPR' means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
   5. 'ISO 27001 Certification' means ISO/IEC 27001:2013 certification or a comparable certification for the Processor Services.
   6. 'Data Protection Legislation' means, as applicable: (a) the GDPR; and/or (b) the Federal Data Protection Act of 19 June 1992 (Switzerland).
   7. 'Customer Personal Data' means personal data that is collected and/or processed by LnData on behalf of Customer in LnData’s provision of the Processor Services.
   8. 'Data Breach' means a breach of Lndata’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Customer Personal Data on systems managed by or otherwise controlled by Lndata.
   9. `Visitors' Data` means information collected from LnData services, which can include: the IP addresses or domain names of the computers utilized by the Users who use this Application, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.
   10. 'Cookies' means Small sets of data stored in the User's device.
3. Our Services, and What types of Data collected

   3.1 LnData products and services help our customers measure audiences and consumer behavior across media platforms, while also providing a validation of advertising delivery and its effectiveness.

   3.2 Our products and services are organized around two major offerings:

   (a) Digital Audience Measurement: provides the size, behavior and characteristics of online audiences across multiple digital platforms including computers, tablets, smartphones, game consoles and other connected devices.

   (b) Advertising Measurement: provides end-to end solutions for planning, optimization and evaluation of advertising campaigns.

   3.3 Among the types of Personal Data that this Application collects, by itself or through third parties, there are: Cookies and Visitors' Data.

4. Duration of these Data Processing Terms

   These Data Processing Terms will take effect on 25 May 2018 if the customer entered into Lndata Terms of Service before or on such date, or the date on which the customer entered into Lndata Terms of Service after 25 May 2018. These Data Processing Terms will, notwithstanding expiry of the Term, remain in effect until, and automatically expire upon, deletion of all Customer Personal Data by LnData as described in these Data Processing Terms.

5. Application of these Data Processing Terms

   5.1 These Data Processing Terms will only apply to the extent that the Data Protection Legislation applies to the processing of Customer Personal Data, including if:

   (a) the processing is in the context of the activities of an establishment of Customer in the EEA; and/or

   (b) Customer Personal Data is personal data relating to data subjects who are in the EEA and the processing relates to the offering to them of goods or services or the monitoring of their behaviour in the EEA.

   5.2 Application to Processor Services. These Data Processing Terms will only apply to the Processor Services for which the parties agreed to these Data Processing Terms ( i.e. (a) the Processor Services for which Customer clicked to accept these Data Processing Terms; or (b) the Processor Services that are the subject of the Lndata Terms of Service, which incorporates these Data Processing Terms by reference).

6. Data Deletion

   6.1 Deletion During Term.

   6.1.1 Processor Services With Deletion Functionality. During the Term, if:

   (a) the functionality of the Processor Services includes the option for Customer to delete Customer Personal Data;

   (b) Customer uses the Processor Services to delete certain Customer Personal Data; and

   (c) the deleted Customer Personal Data cannot be recovered by Customer (for example, from the 'trash'),

   then LnData will delete such Customer Personal Data from its systems as soon as reasonably practicable and within a maximum period of 180 days, unless EU or EU Member State law requires storage.

   6.1.2 Processor Services Without Deletion Functionality. During the Term, if the functionality of the Processor Services does not include the option for Customer to delete Customer Personal Data, then LnData will comply with:

   (a) any reasonable request from Customer to facilitate such deletion, insofar as this is possible taking into account the nature and functionality of the Processor Services and unless EU or EU Member State law requires storage; and

   (b) clear browser cookie method.

   6.2 Deletion on Term Expiry. On expiry of the Term, Customer instructs LnData to delete all Customer Personal Data (including existing copies) from LnData's systems in accordance with applicable law. LnData will comply with this instruction as soon as reasonably practicable and within a maximum period of 180 days, unless EU or EU Member State law requires storage.

   6.3 If we collect and process your personal data to fulfill products and services you request or to meet contractual terms, we may not be able to fulfill your request or our contractual commitments without such personal data. Where you seek to exercise a right, we may request additional information from you to help us verify you and to help us respond to your request.

7. Data Security

   7.1 LnData's Security Measures and Assistance.

   7.1.1 LnData's Security Measures. LnData had implement and maintain technical and organisational measures to protect Customer Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. The Security Measures include measures: (a) to encrypt personal data; (b) to help ensure the ongoing confidentiality, integrity, availability and resilience of LnData's systems and services; (c) to help restore timely access to personal data following an incident; and (d) for regular testing of effectiveness. LnData may update or modify the Security Measures from time to time, provided that such updates and modifications do not result in the degradation of the overall security of the Processor Services.

   7.1.2 Security Compliance by LnData Staff. LnData will take appropriate steps to ensure compliance with the Security Measures by its employees, contractors and Subprocessors to the extent applicable to their scope of performance, including ensuring that all persons authorised to process Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

   7.1.3 Personnel Security Lndata personnel are required to conduct themselves in a manner consistent with the company's guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. Lndata conducts reasonably appropriate backgrounds checks to the extent legally permissible and in accordance with applicable local labor law and statutory regulations.

   7.2 Data Breach.

   7.2.1 Breach Notification. If LnData becomes aware of a Data Breach, LnData will: (a) notify Customer of the Data Breachpromptly and without undue delay; and (b) promptly take reasonable steps to minimise harm and secure Customer Personal Data.

   7.2.2 Details of Data Breach. Notifications made under Section 7.2.1 (BreachNotification) will describe, to the extent possible, details of the DataBreach, including steps taken to mitigate the potential risks and steps LnData recommends Customer take to address the DataBreach.

   7.2.3 Delivery of Notification. LnData will deliver its notification of any Data Breachto the Notification Email Address or, at LnData's discretion (including if Customer has not provided a Notification Email Address), by other direct communication (for example, by phone call or an in-person meeting). Customer is solely responsible for providing the Notification Email Address and ensuring that the Notification Email Address is current and valid.

   7.2.4 Third Party Notifications. Customer is solely responsible for complying with breach notification laws applicable to Customer and fulfilling any third party notification obligations related to any Data Breach.

   7.2.5 No Acknowledgement of Fault by LnData. LnData's notification of or response to a Data Breach under this Section 7.2 (Data Breach) will not be construed as an acknowledgement by LnData of any fault or liability with respect to the Data Breach.

8. Contacting Lndata; Processing Records

   8.1 Contacting Lndata. Customer may contact LnData in relation to the exercise of its rights under these Data Processing Terms via email: gdpr@lndata.com.

   8.2 LnData's Processing Records. Customer acknowledges that LnData is required under the GDPR to: (a) collect and maintain records of certain information, including the name and contact details of each processor on behalf of which LnData is acting and (if applicable) of such processor's local representative and data protection officer; and (b) make such information available to the supervisory authorities. Accordingly, Customer will, where requested and as applicable to Customer, provide such information to Lndata via the user interface of the Processor Services or via such other means as may be provided by Lndata, and will use such user interface or other means to ensure that all information provided is kept accurate and up-to-date.

Last updated 03/2023