By virtue of this Agreement, OrkaTV may collect Agreement Personal Data and share it with the Publisher.   Details regarding such transfers of Agreement Personal Data are specified in Annexure 1 of the Order Form. The Parties acknowledge that in respect of the Agreement Personal Data the Parties are separate Controllers or Businesses.

Each party will determine the purposes and means of Processing of Agreement Personal Data thereby independently. Accordingly, the Parties will neither Process Agreement Personal Data as joint controllers (as this term is referred to in the GDPR), nor as Controller and Processor, Business and Service Provider or Business and Third Party, under the Applicable Privacy Laws.

Each party will be responsible to comply with its respective obligations under Applicable Privacy Laws in the Processing of Agreement Personal Data.

Without limiting the generality of the above, Publisher will maintain a publicly-accessible privacy policy that satisfies all applicable transparency and notice requirements set forth in any Applicable Privacy Law with respect to the Processing of Agreement Personal Data. Publisher will Process Agreement Personal Data only for the purposes set out in such privacy policy, provided that such Processing strictly complies with all Applicable Privacy Laws and Publisher’s obligations under this Agreement.

In any event where a party receives correspondence, inquiry or a complaint from a third party that relates to the Processing of Agreement Personal Data by the other party, the following provisions will apply: (a) the party receiving such correspondence, inquiry or a complaint will promptly notify the other party of such correspondence, inquiry or a complaint, providing it with all details related to such correspondence, inquiry or a complaint; and (b) the Parties will cooperate in good faith in order to respond to the correspondence, inquiry or a complaint in accordance with the requirements of the Applicable Privacy Laws.

The Parties hereby enter into the Standard Contractual Clauses that are incorporated into this Agreement by reference. In the event of any conflict or inconsistency between this Agreement and the Standard Contractual Clauses, the Standard Contractual Clauses will prevail.

The Standard Contractual Clauses entered into by and between the Parties pursuant to the above paragraph, will apply to any Restricted Processing that will be carried out hereunder. In addition, the following provisions will apply to any such Restricted Processing: (i) Annex B to this Agreement will apply as Annex B of the Standard Contractual Clauses entered into by and between the Parties pursuant to the above; and (ii) the content owner, in its capacity as a data importer in respect of any Restricted Processing, will Process Agreement Personal Data in accordance with the data processing principles set forth in Annex A of the Standard Contractual Clauses entered into by and between the Parties pursuant to the above.

Should a change in, or a decision of a competent authority under, an Applicable Privacy Law, require changes to the Standard Contractual Clauses in order to validate Restricted Processing under Applicable Privacy Laws, each party will cooperate in good faith with the other party to renegotiate the terms of the Standard Contractual Clauses in light of such change or decision, to ensure compliance with any Applicable Privacy Laws.

For the purposes of this Exhibit A, the following words and phrases will have the meanings set out beside them:

“Agreement Personal Data” will mean Personal Data regarding End Users Processed by any party pursuant to or in connection with the Agreement.

“Applicable Privacy Laws” will mean EU Privacy Laws, the CCPA, and, to the extent applicable, the data protection or privacy laws of any other country.

“CCPA” means the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq., and its implementing regulations.

“EEA” means the European Economic Area.

“EU Privacy Laws” means EU Directive 95/46/EC, as transposed into domestic legislation of each EU member state and as amended, replaced or superseded from time to time, including by the GDPR and laws, rules and guidelines implementing or supplementing the GDPR.

“GDPR” will mean Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

“Controller“, “Processor“, “Processing” and “International Organization” will have the meanings ascribed to them in the GDPR.

“Business“, “Consumer“, “Service Provider” and “Third Party” will have the meanings ascribed to them in the CCPA.

“Personal Data” means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with an identified or identifiable natural person or a Consumer.

“Restricted Processing” will mean (1) the transferring of Agreement Personal Data outside the EEA or to an International Organization, and (2) any Processing of Agreement Personal Data that was transferred to any country outside the EEA or to an International Organization; in each case, where such transferring or Processing of Agreement Personal Data would be prohibited by Applicable Privacy Laws in the absence of Standard Contractual Clauses.

“Standard Contractual Clauses” will mean the standard contractual clauses pursuant to the European Commission’s decision 2004/915/EC, dated 27 December 2004 on standard contractual clauses for the transfer of personal data to controllers established in third countries under Directive 95/46/EC of the European Parliament and of the Council notified under document number C(2004) 5271).

Annexure 1

DESCRIPTION OF THE DATA TRANSFER

Data subjects

The personal data transferred concern the following categories of data subjects: users of the content distributed by the data exporter by virtue of the Agreement.

Purposes of the transfer(s)

The transfer is made for the following purposes:

For the delivery of data exporter’s services pursuant to the Agreement.

Categories of data

The personal data transferred concern the following categories of data:IP address

Identifier for advertiser (e.g., Google AAID / Apple IDFA)

USER_AGENT

Device information (e.g., UID, brand, model, network, provider)

Ad context (e.g., app/web page meta-data, domain, category)

Contact information (company, email address, etc.)

Viewability, Content, duration

Recipients

The personal data transferred may be disclosed only to the following recipients or categories of recipients  as disclosed in data importer’s privacy policy.

Sensitive data (if appropriate)

The personal data transferred concern the following categories of sensitive data: not applicable.

Data protection registration information of data exporter (where applicable): not applicable.

By virtue of this Agreement, OrkaTV may collect Agreement Personal Data and share it with the Publisher.   Details regarding such transfers of Agreement Personal Data are specified in Annexure 1 of the Order Form. The Parties acknowledge that in respect of the Agreement Personal Data the Parties are separate Controllers or Businesses.

Each party will determine the purposes and means of Processing of Agreement Personal Data thereby independently. Accordingly, the Parties will neither Process Agreement Personal Data as joint controllers (as this term is referred to in the GDPR), nor as Controller and Processor, Business and Service Provider or Business and Third Party, under the Applicable Privacy Laws.

Each party will be responsible to comply with its respective obligations under Applicable Privacy Laws in the Processing of Agreement Personal Data.

Without limiting the generality of the above, Publisher will maintain a publicly-accessible privacy policy that satisfies all applicable transparency and notice requirements set forth in any Applicable Privacy Law with respect to the Processing of Agreement Personal Data. Publisher will Process Agreement Personal Data only for the purposes set out in such privacy policy, provided that such Processing strictly complies with all Applicable Privacy Laws and Publisher’s obligations under this Agreement.

In any event where a party receives correspondence, inquiry or a complaint from a third party that relates to the Processing of Agreement Personal Data by the other party, the following provisions will apply: (a) the party receiving such correspondence, inquiry or a complaint will promptly notify the other party of such correspondence, inquiry or a complaint, providing it with all details related to such correspondence, inquiry or a complaint; and (b) the Parties will cooperate in good faith in order to respond to the correspondence, inquiry or a complaint in accordance with the requirements of the Applicable Privacy Laws.

The Parties hereby enter into the Standard Contractual Clauses that are incorporated into this Agreement by reference. In the event of any conflict or inconsistency between this Agreement and the Standard Contractual Clauses, the Standard Contractual Clauses will prevail.

The Standard Contractual Clauses entered into by and between the Parties pursuant to the above paragraph, will apply to any Restricted Processing that will be carried out hereunder. In addition, the following provisions will apply to any such Restricted Processing: (i) Annex B to this Agreement will apply as Annex B of the Standard Contractual Clauses entered into by and between the Parties pursuant to the above; and (ii) the content owner, in its capacity as a data importer in respect of any Restricted Processing, will Process Agreement Personal Data in accordance with the data processing principles set forth in Annex A of the Standard Contractual Clauses entered into by and between the Parties pursuant to the above.

Should a change in, or a decision of a competent authority under, an Applicable Privacy Law, require changes to the Standard Contractual Clauses in order to validate Restricted Processing under Applicable Privacy Laws, each party will cooperate in good faith with the other party to renegotiate the terms of the Standard Contractual Clauses in light of such change or decision, to ensure compliance with any Applicable Privacy Laws.

For the purposes of this Exhibit A, the following words and phrases will have the meanings set out beside them:

“Agreement Personal Data” will mean Personal Data regarding End Users Processed by any party pursuant to or in connection with the Agreement.

“Applicable Privacy Laws” will mean EU Privacy Laws, the CCPA, and, to the extent applicable, the data protection or privacy laws of any other country.

“CCPA” means the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq., and its implementing regulations.

“EEA” means the European Economic Area.

“EU Privacy Laws” means EU Directive 95/46/EC, as transposed into domestic legislation of each EU member state and as amended, replaced or superseded from time to time, including by the GDPR and laws, rules and guidelines implementing or supplementing the GDPR.

“GDPR” will mean Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

“Controller“, “Processor“, “Processing” and “International Organization” will have the meanings ascribed to them in the GDPR.

“Business“, “Consumer“, “Service Provider” and “Third Party” will have the meanings ascribed to them in the CCPA.

“Personal Data” means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with an identified or identifiable natural person or a Consumer.

“Restricted Processing” will mean (1) the transferring of Agreement Personal Data outside the EEA or to an International Organization, and (2) any Processing of Agreement Personal Data that was transferred to any country outside the EEA or to an International Organization; in each case, where such transferring or Processing of Agreement Personal Data would be prohibited by Applicable Privacy Laws in the absence of Standard Contractual Clauses.

“Standard Contractual Clauses” will mean the standard contractual clauses pursuant to the European Commission’s decision 2004/915/EC, dated 27 December 2004 on standard contractual clauses for the transfer of personal data to controllers established in third countries under Directive 95/46/EC of the European Parliament and of the Council notified under document number C(2004) 5271).

Annexure 1

DESCRIPTION OF THE DATA TRANSFER

Data subjects

The personal data transferred concern the following categories of data subjects: users of the content distributed by the data exporter by virtue of the Agreement.

Purposes of the transfer(s)

The transfer is made for the following purposes:

For the delivery of data exporter’s services pursuant to the Agreement.

Categories of data

The personal data transferred concern the following categories of data:IP address

Identifier for advertiser (e.g., Google AAID / Apple IDFA)

USER_AGENT

Device information (e.g., UID, brand, model, network, provider)

Ad context (e.g., app/web page meta-data, domain, category)

Contact information (company, email address, etc.)

Viewability, Content, duration

Recipients

The personal data transferred may be disclosed only to the following recipients or categories of recipients  as disclosed in data importer’s privacy policy.

Sensitive data (if appropriate)

The personal data transferred concern the following categories of sensitive data: not applicable.

Data protection registration information of data exporter (where applicable): not applicable.

Additional useful information (storage limits and other relevant information): not applicable.