Data Processing Agreement

This Monetizr Data Processing Agreement (“DPA”) reflects the parties´ agreement with respect to the processing of personal data by Monetizr on behalf of the partner/publisher in connection with the services offered by Monetizr to the partner/publisher.

This DPA has been entered into between

1) Monetization Solutions Inc (registration code 7254995), address Corporation Trust Center, 1209 Orange Street, Wilmington, New Castle, Zip Code 19801, Delaware, USA and its subsidiaries, namely SIA Monetization Solutions (registry code 40203021882) address at Rīga, Lāčplēša iela 24 - 49, LV-1011, hereinafter referred to as Monetizr


2) You hereinafter referred to as Partner.

Monetizr and Partner are referred to individually as “Party” and collectively as “Parties”.

1. Background and objective

(a) This DPA is an addendum to and forms an integral part of the agreements the Parties have entered and/or will enter to enable the Partner to use Monetizr´s services. In case of any conflict or inconsistency with the terms of any of the agreements or order forms signed, this DPA will take precedence over the terms of such agreements or order forms to the extent of such conflict or inconsistency.

(b) Monetizer’s liability for this DPA is limited to the period of the validity of the service provision agreement(s), i.e., the period during which Monetizr is contracted by the Partner for the provision of the services.

(c) To the extent that the provision of such services involves the processing of Partner Personal Data, the parties have agreed to enter into this DPA for the purposes of ensuring compliance with the applicable data protection legislation.

(d) The Parties agree that Monetizr processes Partner Personal Data under the instructions of the Partner and to the extent required by the Partner. The Parties agree that the Agreement (including all agreements signed by the Parties) together with the Partners use of Monetizr´s services in accordance with the Agreement constitute Partner´s complete instructions to Monetizr in relation to the processing of personal data.

2 . Definitions

The terms used in this DPA shall have the same meaning as assigned to them below and in the relevant Data Protection Legislation, which inter alia imply that:

(a) “Affiliate” means an entity that owns or controls, is owned or controlled by or is or under common control or ownership with a Party, where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise.

(b) “Agreement” means all the agreements, order forms and this DPA signed between the Parties including all future contracts and amendments to the existing agreements.

(c) “Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.

(d) "Data Privacy Framework" means the EU-U.S. Data Privacy Framework, the Swiss-U.S. Data Privacy Framework, and the UK Extension to the EU-U.S. Data Privacy Framework self-certification programs (as applicable) operated by the U.S. Department of Commerce; as may be amended, superseded, or replaced.

(e) “Data Privacy Framework Principles” means the Principles and Supplemental Principles contained in the relevant Data Privacy Framework; as may be amended, superseded, or replaced.

(f) “Data Protection Laws” means all applicable worldwide legislation relating to data protection and privacy which applies to the respective party in the role of Processing Personal Data in question under the Agreement, including without limitation European Union Data Protection Laws, Swiss Federal Act on Data Protection the CCPA and other applicable U.S. federal and state privacy laws.

(g) “Covered Countries” means USA, European Economic Area (EEA), the United Kingdom and Switzerland.

(h) “European Data Protection Laws” means the GDPR, the UK Data Protection Act 2018, the EU e-Privacy Directive (Directive 2002/58/EC), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as amended), the FADP, any applicable domestic legislation of each Covered Country that relates to data protection or privacy and any successor legislation and/or regulation implementing or made pursuant to the foregoing, or which amends, replaces, re-enacts or consolidates any of the foregoing;

(i) “Instructions” means the written, documented instructions issued by a Controller to a Processor, and directing the same to perform a specific or general action with regard to Personal Data (including, but not limited to, depersonalizing, blocking, deletion, making available).

(j) “GDPR” means, as applicable to the Processing: (i) the EU General Data Protection Regulation 2016/679 (“EU GDPR”); and/or (ii) the Retained Regulation (EU) 2016/679 as applicable as part of UK domestic law by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (as amended) (“UK GDPR”).

(k) “Personal data” means any information that, directly or indirectly, enables to identify a living natural person.

(l) “Partner Personal Data” means any Personal Data provided or made available by (or provided on behalf of) Partner and Processed by Monetizr or its Sub-processors for the performance of or in connection with the Agreement.

(m) “Processing” means any operation or set of operations performed with regard to personal data, whether or not performed by automated means, for example collection, recording, organisation, storage, adaptation or alteration, retrieval, gathering, use, disclosure by transmission, dissemination or otherwise making information available, alignment or combination, blocking, erasure or destruction.

(n) “Data controller” means anyone who alone or jointly with others determines the purposes and means of the processing of personal data.

(o) “Data processor” means anyone who processes personal data on behalf of the data controller.

(p) “Sub-processor” means a sub-contractor that is engaged by Processor. The sub-processor processes personal data on behalf of Controller in accordance with the sub-processor’s obligation to provide its services to Processor.

(q) “Standard data protection clauses adopted by the EU-Commission” means standard contractual clauses regulating the transfer of personal data to third countries and that have been adopted by the EU Commission in accordance with Commission Decision C (2010) 593 of 5 February 2010 or corresponding decision replacing such decision; and

(r) “SDK” means Monetizr’s software development kit for integrating Monetizr’s proprietary products into mobile applications.

(s) “Services” means the services and other activities to be supplied to or carried out by Monetizr and/or Monetizr´s Affiliates in connection with the Principal Agreement.

(t) “UK Addendum” means the International Data Transfer Addendum to the 2021 Standard Contractual Clauses, issued by the Information Commissioner, and laid before Parliament in accordance with s.119A of the Data Protection Act 2018 on 2 February 2022.

3. Partner obligations

(a) Partner undertakes to comply with all applicable statutory requirements to collecting and processing of personal data.

(b) Partner acknowledges and agrees that it is solely responsible for:

(i) The accuracy, quality and legality of the Partner Personal Data.

(iI) Complying with all necessary transparency and lawfulness requirements under applicable statutory requirements, including obtaining any and all necessary and informed consents and authorisations for all processing purposes.

(iii) Ensuring that you have the right to transfer or provide access to the personal data to Monetizr for processing purposes under the Agreement.

(iv) Ensuring that your instructions to Monetizr regarding the processing of Partner Personal Data are in accordance with applicable statutory requirements.

(c) Partner undertakes to implement and maintain up to date all appropriate technical and organisational measures necessary in order to ensure a level of security as required under the GDPR as well as under other relevant Data Protection Laws.

(d) Partner will inform Monetizr without undue delay of any and all difficulties in complying with any of the applicable statutory requirements or with the terms of the Agreement.

4. Monetizr obligations

(a) Monetizr undertakes to process the personal data that it has access to under the Agreement on behalf of Partner, for the purpose of fulfilling the Agreement and during the term of the Agreement. Monetizr further undertakes:

(b) To process the personal data in accordance with the Data Protection Legislation, the Agreement and any other documented instructions from Partner. Monetizr may, however, without instructions process personal data under applicable statutory requirements to which Monetizr is subject to, but shall inform Partner of such requirement prior to processing, provided that Monetizr is not prohibited to give such information with reference to important grounds of public interest or other relevant overriding legitimate interest;

(c) To keep the personal data confidential and not to disclose the personal data to any unauthorized third parties or in any other way use the personal data in contradiction with the Agreement and the DPA. Monetizr will ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

(d) To assist Partner, taking into account the nature of the processing, by implementing appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of Partner's obligation to respond to and to fulfil requests from data subjects exercising their rights laid down in Chapter III of the GDPR; and

(e) To assist Partner in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR (implement security measures, manage personal data breaches, conduct data privacy impact assessments and participate in prior consultations with the supervisory authority) taking into account the nature of the processing and the information available to Monetizr.

5. Sub-processors

(a) Partner agrees that Monetizr may engage sub-processors who may process personal data on behalf of Partner. Monetizr engages with sub-processors in three ways. First to assist with hosting and infrastructure. Second, Monetizr may engage with sub-processors and/or affiliates to support product features, provide advertising measurement, and advertising integrations. Third, Monetizr may engage with sub-processors and/or affiliates for services for creating, publishing, and optimizing advertisements.

(b) We maintain a list of all sub-processors and affiliates which Monetizr will provide to Partner upon request.

(c) Partner can object to the use of new sub-processors on reasonable grounds relating to the protection of personal data upon request. In case of an objection, the parties will discuss the concerns raised in good faith with the aim of reaching a commercially reasonable solution. In case no such an agreement can be reached, Monetizr can suspend or terminate rendering services to Partner in the affected part without any liability.

(d) When Monetizr engages with sub-processors, Monetizr imposes data protection terms on the sub-processor that provide at least the same level of protection for personal data as the terms in this DPA.

6. Data subject requests

(a) Monetizr will assist and help Partner when Partner is under the obligation to respond to data subject requests to the extent that Partner is unable to do so independently.

(b) If a data subject request or other communication regarding the processing of personal data under the Agreement is made directly to Monetizr concerning their processing of Partner data specifically, Monetizr will promptly inform the Partner and will advise the data subject to submit their request to Partner. Partner will be solely responsible for substantially responding to any such data subject requests or communications involving personal data as it pertains to Moentizr’s processing of Partner data specifically.

7. Transfer of personal data

(a) Partner acknowledges and agrees that Monetizr may access and process personal data on a global basis as is necessary to provide the services by Monetizr to the Partner. In particular, Partner Personal Data may be transferred and processed by Monetization Solutions Inc in the United States and by SIA Monetization Solutions in Latvia, in the European Union. Wherever Partner Personal Data is transferred outside of its country of origin each party will ensure such transfers are made in compliance with the applicable statutory requirements.

(b) Monetizr will not transfer personal data under the GDPR to any country or recipient not recognized as providing an adequate level of protection for safeguarding personal data unless Monetizr has applied all applicable and necessary measures to ensure the safe transfer of personal data as prescribed by the GDPR.

8. Information security

(a) Monetizr implements all appropriate technical and organisational measures necessary in order to ensure a level of security, as required pursuant to the Data Protection Laws, in particular the GDPR (Article 32 of the GDPR (32 § Data Protection Act (523/1999)) and other measures necessary in order to comply with the security requirements set out in the Agreement or that are otherwise required by Partner.

(b) Monetizr undertakes to inform Partner of the technical and organisational measures which it implements to protect the Partner Personal Data. In case Monetizr makes changes that could affect the protection of personal data, Monetizr shall inform Partner without undue delay before implementing such changes.

(c) In the event of data breach or any potential violation of information security, Monetizr will notify Partner promptly after becoming aware of the incident. Monetizr will include in such notification the following:

(i) a description of the nature of the incident of information security or a data breach, including the information of registered groups and estimated number of registered persons affected by the incident along with the information required by Data Protection Law

(ii) all necessary information under the statutory requirements

(iii) information regarding measures for preventing similar incidents in the future.

9. Audit

(a) At Partner’s expense, Monetizr will work in good faith with Partner to provide all information required in order to verify that the obligations set out in the DPA are complied with. Monetizr will facilitate and participate in audits, including inspections, carried out by Partner or a governmental authority or by a third party authorised by Partner. In case Partner uses a third party to carry out the audit, that third party shall not be a competitor of Monetizr and shall undertake full confidentiality in relation to Monetizr's information.

(b) Monetizr shall immediately inform Partner in the event that a supervisory authority initiates or takes any action in relation to Monetizr with regard to the processing of personal data under the Agreement or the DPA.

10. Damages and compensation

(a) Partner shall, without limitation, hold harmless and indemnify Monetizr in the event of damage that is attributable to Partner's processing of personal data in breach of the DPA or the Data Protection Laws.

(b) Monetizr shall, without limitation, hold harmless and indemnify Partner in the event of damage that is attributable to Monetizr's processing of personal data in breach of the DPA or the Data Protection Laws.

(c) For the avoidance of doubt, administrative fines are imposed on the Party in breach of its obligations and, in consequence, neither party will bear the other Party’s administrative fines.

11. Term

(a) The DPA is effective from its signing and for as long as Monetizr processes Partner´s Personal Data.

(b) When the Agreement expires or terminates, upon request, Monetizr shall delete or return all Partner Personal Data, or sufficiently anonymize data to the degree to which it no longer constitutes Personal Data, without any additional cost, in a manner acceptable to Partner, and delete existing copies unless storage of personal data is required pursuant to applicable statutory requirements

12. Governing law and Dispute resolution

(a) The DPA shall be governed by and construed in accordance with all applicable Data Protection Laws, with the exception of conflict of law rules.

(b) Disputes regarding interpretation and application of the DPA shall be settled in accordance with the provisions in the Agreement regarding dispute resolution.

(c) In the absence of provisions regarding dispute resolution in the Agreement, this section shall apply. Disputes arising in connection with the DPA shall be finally settled in arbitration in accordance with the International Chamber of Commerce (ICC) Arbitration Rules. The arbitration shall be held in New York City by one arbitrator, and the arbitral proceedings shall be conducted in the English language, with submissions and evidence provided and witnesses heard in English.

The DPA has become a part of the Agreement by signature of the Agreement with a reference of this contract.


Atlanta (HQ), Helsinki, Riga









© Monetizr.

All Rights Reserved.