Data Processing Addendum - Agreement for the Processing of Zeotap Data by Client

The Parties, meaning Client and Zeotap (as defined in the Master Services Agreement (“MSA”)), agree to be bound by the below, should it be applicable to that Party(ies). The capitalized terms not specifically defined in the different Sections shall have the meaning set out in the MSA. The terms “Data Subject”, “Data Controller”, “Data Processor”, “EU Standard Contractual Clauses”, “Sub-processor”, “process”, “processes”, “processing” or “processed”, as used throughout the Sections, shall have the meaning as prescribed in Applicable Laws.


1. This Agreement for the Processing of Zeotap Data by Client (“Client Processing Agreement”) applies when Client processes Zeotap Data (including Output Data).


2. The Parties agree that where any Zeotap Data (including Output Data) is used under the MSA by Client, Client shall:


2.1 use such Zeotap Data only in accordance with the provisions of the MSA; Client acknowledges and agrees that if Client requests Zeotap to transfer such data to a Third Party Platform, Client is solely responsible and liable for this transfer and in any event, Client shall not act or omit to act in a way which places Zeotap in breach of any Applicable Laws; Client represents and warrants that it entered or will enter into agreements to authorise any data processing by such Third Party Platforms and to (i) appoint such Third Party Platforms as data processors/data controllers and, (ii) if applicable, enter into data processing agreements, EU Standard Contractual Clauses, including supplementary measures as required, and/or another mechanism to ensure compliance of any international transfers;


2.2 ensure that all personnel who uses Zeotap Data are obliged to keep it confidential;


2.3 assist Zeotap in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Applicable Laws with respect to, in particular, security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;


2.4 comply with its obligations to destroy or delete Zeotap Data as stipulated in the MSA;


2.5 maintain complete and accurate records and information to demonstrate its compliance with the MSA, this Client Processing Agreement and with the Client Use of Products and System Policy.; and


2.6 ensure that Zeotap Data is physically stored solely on servers owned or controlled by Client and located (i) within the European Economic Area (“EEA”) for Territories within the EEA; and (ii) within the Territory, in case a Territory is located outside of the EEA.