Dot Network Terms of Service
EFFECTIVE: MAY 25, 2018
These Terms of Service together with any applicable Insertion Order(s) and/or Product Addendum(s), (collectively, the “Agreement”) describe the terms and conditions under which you (“Client”) may access and use Dot Network’s Services.
BY CLICKING THE “I ACCEPT” BUTTON, COMPLETING THE ACCOUNT CREATION PROCESS, OR USING DOT NETWORK’S SERVICES, OR CONTINUING TO USE THIS WEBSITE, CLIENT AGREES TO BE BOUND BY THIS AGREEMENT.
IF CLIENT IS ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER ENTITY (FOR EXAMPLE, AS AN ADVERTISING AGENCY OR AUTHORISED RESELLER ON BEHALF OF A CLIENT), CLIENT REPRESENTS AND WARRANTS THAT CLIENT HAS THE AUTHORITY TO BIND SUCH ENTITY, AND THE TERM “CLIENT” WILL ALSO REFER TO SUCH ENTITY.
DOT NETWORK MAY MODIFY THE AGREEMENT FROM TIME TO TIME; CONTINUED USE AFTER NOTIFICATION OF AN UPDATE WILL CONSTITUTE ACCEPTANCE.
IMPORTANT: BY AGREEING TO THIS AGREEMENT, CLIENT AGREES TO RESOLVE DISPUTES WITH DOT NETWORK THROUGH BINDING ARBITRATION (AND, WITH VERY LIMITED EXCEPTIONS, NOT IN COURT), AND CLIENT WAIVES CERTAIN RIGHTS TO PARTICIPATE IN CLASS ACTIONS, AS DETAILED IN SECTION 15.
“Account” means a Client account for access to the Platform.
“Ad” means any display creative advertisement that is targeted to an end user through the Services.
“Dot Network API” means Dot Network’s application programming interfaces and the accompanying Documentation, code, and related materials.
“Dot Network Materials” means the Platform, Dot Network API, Technology, Documentation, visual interfaces, graphics, design, templates, compilation, computer code, and all other elements of the Service, including related modifications and derivative works.
“Agency” means an advertising agency acting on behalf of a Client.
“Applicable Law” means any applicable federal, state or foreign laws or regulations or any industry self-regulatory rules or guidelines (including the Interactive Advertising Bureau Guidelines, Standards & Best Practices, the NAI Code of Conduct, the DAA Self-Regulatory Principles for Online Behavioral Advertising, EU Directive 95/46/EC and EU Directive 2002/58/EC and the General Data Protection Regulation (“GDPR”) upon its effective date) that relate to a party’s obligations under this Agreement.
“Authorised Resellers” means resellers approved by Dot Network in its sole discretion.
“Campaign Data” means performance and measurement data made available through the Platform that relates to Client’s Ads and campaigns launched through the Services.
“Client Content” means all logos, Ads, background images, trademarks, fonts, hex codes, images, graphics, text, audio, video files, product feeds, and other content in any media and format provided by Client or obtained by Dot Network for use with the Services.
“Client CRM Data” means any email addresses or other CRM data about Client’s end users, customers or prospective customers provided by Client or obtained by Dot Network in connection with the Services
“Documentation” means reference documents, support service guidelines, policies, or technical material relating to the Services or Technology that are provided by Dot Network to Client.
“European Territories” mean the European Economic Area and Switzerland. For the purpose of this Agreement, the expression “European Territories” shall continue to include the United Kingdom, even after the United Kingdom leaves the European Economic Area following Brexit.
“Feedback” means information regarding the features and performance of the Services and Materials, including (without limitation) reports of failures, errors, bugs, or other malfunctions that Client encounters through its use of the Services.
“Insertion Order” or “Order Form” or “Proposal” means a document executed by both parties that specifies the type of Services to be provided to Client by Dot Network for campaigns, the duration of the Services, a budget, fees, and other specific details for the Services.
“Managed Account” means a Client account that Dot Network provides support to and meets minimum spend requirements that may be adjusted from time to time at Dot Network’s sole discretion.
“Network” means a group of publishers, ad networks, ad exchanges, and other ad inventory sources that Dot Network has partnered with to provide the Services.
“Platform” means the Dot Network website, dashboard, and tools that Client has access to through the Services to create, launch, monitor, pause, and stop an Ad or campaign.
“Product Addendum” means any Service specific terms and conditions.
“Services” means any Dot Network offering that Client agrees to receive, subject to this Agreement, any applicable Product Addendums, and, if applicable, Insertion Order(s).
“SDK” means Dot Network’s software development kit to support its mobile retargeting Ad Services.
“Service Data” means data (and each component of such data) that is collected by Dot Network from end users using a pixel (or other script or code) installed on Client’s website, an integrated mobile SDK, or other mutually agreed upon means, including any data obtained from third parties while providing the Services. Service Data does not include any Client CRM Data or Campaign Data. If Client has configured or agreed for Dot Network to implement the pixel (or other script or code) to send hashed end user email addresses from Client’s website to Dot Network or has Authorised Dot Network to collect and store hashed end user email addresses, these hashed end user email addresses will be Service Data.
“Technology” means the Dot Network proprietary technology that allows Dot Network to provide the Services, including the Dot Network pixel (or other script or code), the Dot Network API, the SDK, or other mutually agreed upon means.
- THE DOT NETWORK SERVICE
2.1 The Services. Client may choose to receive any combination of Services available by indicating the same through the Platform or, if applicable, in an Insertion Order or Product Addendum. If Client opts-in to cross-device, Client agrees: i) to allow Dot Network to collect and/or use hashed end-user email addresses from Client’s Sites and store it as a persistent part of our cross-device graph; ii) such collection and/or usage of hashed email addresses will be Service Data; and iii) Dot Network may combine such hashed emails with data or hashed emails of other participating customers in order to recognise users across devices.
2.2 Dot Network License Grant. Subject to Client’s payment of all applicable fees and the terms set forth in this Agreement, Dot Network grants to Client during the Term the following limited, worldwide, non-exclusive, non-transferable rights and licenses without the right of sublicense: (i) for applicable Services, to access and use the Platform and Documentation solely for Client’s internal business purposes, and solely on Client’s own behalf, in connection with its receipt of the Services; (ii) for web related Services, to integrate the pixel (or other script or code) into Client’s website for web-related Services; (iii) for mobile-related Services to integrate the Client’s MMP, and/or (iv) to integrate through other mutually agreed upon means (e.g., integration using the Dot Network API).
2.3 Client License Grant. Client grants Dot Network a non-exclusive, worldwide, royalty-free, sublicenseable and transferable, license to access, use, copy, distribute, reproduce, adapt, modify, perform, display, publish, transmit, format, store, and archive the Client Content for the purpose of providing the Services, supporting Client’s use of the Services, and in promotional materials related to the Services. For Clients requesting Dot Network’s dynamic creative advertisement services: i) Client agrees that Dot Network will retain ownership of any underlying techniques, know-how, templates, and design methods; and ii) Client acknowledges that Dot Network will connect to Client’s website to pull and download images at the explicit direction of Client for the purpose of providing Services.
2.4 Requirements. Client will comply with all requirements for use of the Services communicated by Dot Network to Client via Documentation, and acknowledges that absent such compliance, Dot Network may be unable to provide the Services to Client. Depending on the Services Client chooses to receive, technical requirements may include: (i) including tags, pixels, script, or code supplied by Dot Network on Client’s website; (ii) installing the SDK or integrating with Client’s MMP, into Client’s mobile or tablet applications; (iii) supplying appropriate Client Content necessary for Dot Network to provide the Service; and/or (iv) allowing access to data collected by Client’s mobile measurement partner. Dot Network will have no liability to Client for such inability to provide the Services, if such inability is a result of Client’s failure to comply with this Section 2.4.
2.5 Modifications. Dot Network will host the Services and may update the Services from time to time in accordance with this Agreement. If Dot Network provides Services updates to Client that require action on Client’s part, Client will integrate the updates within 30 days. Dot Network may make changes to the Services (including discontinuation of all or part of the Services) at any time. Dot Network will provide notice to Client of material changes in accordance with this Agreement. If Client does not wish to continue to use the modified Services, Client’s sole remedy is to terminate the Agreement by providing written notice to Dot Network.
2.6 Display of Ads. Client can request to work with Dot Network (including within the Platform where such functionality is available) to manage display preferences when and to the extent such controls are made available to Dot Network. Client acknowledges that Dot Network has limited control where and how often Ads will be displayed within the Network. Dot Network is committed to provide quality inventory, however, at times Ads may be displayed next to ads of Client’s competitors, or on websites or applications that are undesirable to Client unless Client excludes the website in accordance with applicable Documentation. If a Client raises written concern about a website that Ads are being served on, Dot Network will to the best of efforts remove the Client’s Ads from serving on this inventory. Dot Network will use commercially reasonable efforts not to display Ads on websites or applications that it determines to be pornographic, defamatory, obscene, or illegal in nature. If Client notifies Dot Network in writing that Ads are being displayed in this manner, Dot Network will use commercially reasonable efforts to prevent Ads from continuing to display on such inventory sources. Client Content must comply with Documentation and advertising policy requirements or Dot Network may be unable to provide the Services with respect to such Client Content. Dot Network retains the authority to remove any Client Content that it deems to be in violation of this Agreement or Documentation, in its sole discretion. Dot Network reserves the right to pause or terminate campaigns at any time that are no longer eligible to run in accordance with such policies or Documentation.
2.7 Third Party Terms. Certain parts of the Services require the creation of a user account with third parties to provide their products or services on the Dot Network Platform. Client is responsible for reviewing any applicable terms before participating in any part of the Services to which such terms apply. Client agrees that Dot Network may accept certain third-party terms and conditions as agent on Client’s behalf where necessary for Dot Network to perform Services requested by Client, for example, terms related to running campaigns on Facebook Website Custom Audiences. Links to or copies of any such terms will be provided upon request. Client hereby authorises Dot Network to accept such terms on Client’s behalf in order to carry out the Services and agrees and acknowledges that (i) Client will be subject to such additional terms and (ii) Dot Network shall have no responsibility nor liability in relation to such additional terms.
2.8 Promotions. Dot Network may offer promotions to Client, subject to any terms set out in the applicable Documentation or, if applicable, Insertion Order. If Client accepts the promotion, Client understands and agrees that after the promotion, the campaign will automatically continue as a paid campaign, unless Client pauses or completes the campaign as described in the applicable Documentation. Client is responsible for all campaign costs that occur beyond the parameters of the promotion described in the applicable Documentation.
2.9 Advertising Policy Guidelines. Client will adhere to the advertising guidelines as set out by Dot Network in accordance with the policies set by our Network, Applicable Law, or applicable Documentation. Client is responsible for ensuring that Client Content and Client Sites, as defined below, are compliant with these policies. Dot Network reserves the right to review campaigns and Ads at any given time. Our Network’s policies and self-regulatory bodies’ codes of conduct are constantly being reviewed and updated, and as such, active or approved campaigns may be reviewed, to ensure that they comply with current policies, codes, and legal requirements.
- AGENCY CLIENTS
3.1 Authority, Liability, and Direct Relationship. Where Client is an Agency or Authorised Reseller entering into Services on behalf of their Clients: (i) Agency or authorised Reseller represents that it has the authority to act on behalf of such clients with respect to all obligations and representations set forth in this Agreement; (ii) upon request, Agency/authorised Reseller will provide Dot Network with written confirmation of the relationship between Agency/authorised Reseller and its client (this confirmation should include their client’s acknowledgement that Agency is indeed its agent and is authorised to act on its behalf in connection with the Agreement); (iii) upon the request of Dot Network, Agency will provide Dot Network with written confirmation that Client has paid to Agency funds sufficient to make payments pursuant to the Agreement; (iv) Agency or authorised Reseller accepts responsibility for the actions of its Client Accounts and liability for all expenses incurred through the provision of Services to its Clients, and assumes responsibility for ensuring compliance with and breach of this Agreement by its Clients; (v) except as otherwise set forth hereunder, Agencies or authorised Resellers will ensure the performance of their respective Client’s obligations under this Agreement and will have joint and several liability in respect of Client’s breach of this Agreement; (vi) Agency or Authorised Reseller Clients may request at any time that their Account be migrated to another agency or to a direct Client Account with Dot Network and nothing in this Agreement will prevent Dot Network and a Client from entering into a direct relationship; (vii) Dot Network reserves the right to reasonably object to any Clients at Dot Network’s sole discretion.
3.2 Support and Marketing. Where Client is an Agency or Authorised Reseller: (i) Dot Network will provide commercially reasonable support during Dot Network’s normal business hours, but Agency or Authorised Reseller acknowledge that they will be solely responsible for providing support to their Clients in connection with such Clients’ use of the Services; (ii) Agency or Authorised Seller is solely responsible for marketing efforts related to the “go to market” lifecycle for Services; provided that any marketing materials prepared and/or used by Agency or Authorised Reseller are in compliance with Dot Network marketing requirements and other Documentation; and (iii) Dot Network reserves the right to request changes or removal of any Agency or Authorised Reseller materials used to market the Services.
- ACCOUNT AND CAMPAIGN SETUP
4.1 Campaign Set Up and Management. Dot Network is to set up the campaign budgets and other details, and to review performance. Campaign modifications made by client, budget adjustments, launch, suspend or stop a campaign need to be done in writing and a 48 hour turn-around time is to be expected.Charges incurred because of changes made using Client’s Account will be included in Client’s regular bill or invoice. Dot Network will use commercially reasonable efforts, in accordance with the Documentation, to comply with the budget specified by Client. When Client increases or decreases its budget it may take up to one week for the new Authorised budget to take effect.
4.3 Campaign Measurement and Tracking. Unless expressly agreed to in writing by Dot Network, service fees will be based on Dot Network’s measurements and tracking through its own servers using the number of impressions, clicks, and other indicators necessary for calculating the fees payable by Client.
4.4 Campaign Optimisation. Dot Network may optimise towards Client’s performance or goals by programmatically using Client Content to create new content (such as Ads and, if Client agrees to receive such Services, emails, or other necessary marketing materials upon receipt of quote) and inserting them into Client’s active campaigns, or create, change, or pause campaigns on the Client’s behalf, subject to Client’s budget. Dot Network will subsequently notify Client if Dot Network makes material changes to Client’s Campaigns or Ads. In addition to Dot Network’s optimisation services and features, Dot Network may offer Managed Account Services to Client.
- PAYMENT TERMS
5.1 Auto-Prepay Accounts. For prepay accounts, Client agrees to keep valid payment method information (for example, credit card or PayPal account information) on file in Client’s Account always and Dot Network will pre-charge Client weekly for each campaign budget amount as determined by Client on the Platform. Client authorises Dot Network to charge such amounts using the valid payment details provided by Client. Client understands that all funds transferred to Dot Network become the property of Dot Network upon transfer to compensate Dot Network for costs involved in delivering the Services, including creating and maintaining, and providing access to the Documentation, Network, Platform, Technology, and Campaign Data. If Client suspends a campaign or cancels Client’s Account, Client may request reimbursement in the amount of the prepaid funds not attributed to any completed campaign(s) within 180 days after the campaign is paused or this Agreement is terminated; provided that any such reimbursement is at Dot Network’s sole discretion. Requests for reimbursement made after 180 days after the campaign is paused or this Agreement is terminated may not be transacted.
5.2 Auto-Postpay Accounts. For recurring payment accounts, Client agrees to keep valid payment method information (for example, credit card or PayPal account information) on file in Client’s Account at all times. Client authorises Dot Network to charge recurring amounts due weekly using the valid payment details provided by Client. Dot Network reserves the right to discontinue the recurring payment services at any time for any reason upon notice. Claims relating to Account charges must be raised by Client within 30 days of receipt or will be barred.
5.3 Insertion Order Accounts. Dot Network may, in its sole discretion, allow Client to submit an Insertion Order requesting Services. Dot Network reserves the right to request a prepayment and/or prepaid retainer from Client at any time. Dot Network will send Client a monthly invoice via email reflecting the amount owed by Client to Dot Network 5 days before the beginning of the month. Client will pay the amount set out in each invoice, without set-off, within 30 days of its receipt of such invoice. Insertion orders cancelled or postponed, for whatever reason, are payable in full within 7 days of such cancellation or postponement. Dot Network may charge interest on overdue amounts, from the due date up to the date of actual payment, whether before or after any judgment, at a monthly rate of 1.5%, or the highest rate permitted by Applicable Law, whichever is less. Client will reimburse Dot Network for expenses and recovery costs incurred in collecting any past due amounts, including reasonable attorney’s fees. Claims relating to invoices or Account charges must be raised by Client within 30 days of receipt or will be barred.
5.4 General Payment Terms. Client agrees that Client has all necessary rights, power, and authority to authorise each such payment. For certain payment methods, the issuer of Client’s payment method may charge Client a foreign transaction fee or other charges. Client should check with the payment method service provider for details. If Client develops credit conditions (e.g., excessive credit card denials, chargebacks, return-to-maker payments due to insufficient funds, or increased risk of insolvency) or Dot Network otherwise designates Client as a credit risk, Dot Network reserves the right to require prepayment. Client agrees to maintain sufficient funds or credit availability in Client’s payment method to satisfy Client’s amounts due and that Dot Network will have no obligation to provide the Services if sufficient funds are not available at the time Client’s payment is submitted, and Dot Network reserves the right to suspend Client’s campaigns due to failed payments or insufficient balance.
5.5 Currency and Taxes. All payments to Dot Network will be made in United States Dollars, unless otherwise agreed to in an Insertion Order or offered through the Platform. Payments are quoted exclusive of any taxes. Client is responsible for all sales taxes, use taxes, value added taxes, withholding taxes, and any other similar taxes imposed by federal, state local or foreign governmental entities on the transactions contemplated by this Agreement, excluding taxes based solely upon Dot Network’s net income.
- INTELLECTUAL PROPERTY RIGHTS
6.1 Ownership. Dot Network Materials and Databases are the sole and exclusive property of Dot Network or its third-party licensors, as applicable, and are protected by Applicable Law. Client’s rights to the Dot Network Materials and Databases are limited to those rights expressly granted in this Agreement and do not include any other licenses. Client Content is the sole and exclusive property of Client or its third-party licensors as applicable and is protected by Applicable Law. Dot Network’s rights to the Client Content is limited to those rights expressly granted in this Agreement and do not include any other licenses.
6.2 Restrictions. Client will not (i) modify the Dot Network Materials or any related proprietary notices; (ii) reverse engineer, decompile, disassemble or interfere with any Dot Network Materials (except where and to the extent such prohibition is not permitted by law); (iii) sublicense, rent, sell, or lease access to the Dot Network Materials, or use the Dot Network Materials to create any other product, service or dataset; (iv) except with respect to Campaign Data, log, capture, or otherwise create any record of any data transmitted to or from the Dot Network Materials; (v) deliver or introduce any viruses, worms, time bombs, Trojan horses or other harmful or malicious code, files, scripts or agents into the Dot Network Materials; (vi) use the Platform for any illegal purposes or any purpose other than using the Services for its intended purpose, which does not include creating or supplementing end user profiles with targetable interests, end user movement profiles, site-specific retargeting, and product-interest information outside of the Services; (vii) make or publish any representations or warranties on behalf of Dot Network concerning the Services or Dot Network Materials without Dot Network’s prior written approval. When reproducing Dot Network Materials, Client will include proprietary rights notices contained on the Dot Network Materials.
6.3 Export Control Laws. Dot Network Materials may be subject to United States export control laws, including the U.S. Export Administration Act or other import or export regulations in other countries. Client must comply with all such regulations and is responsible for obtaining any related licenses.
6.4 Feedback. Feedback provided to Dot Network may be used to develop and improve the Service, Dot Network Materials, new products, and services. To the maximum extent permitted by law, Client grants Dot Network a nonexclusive, perpetual, irrevocable, royalty-free, worldwide right and license to use, reproduce, disclose, sublicense, distribute, modify, and otherwise exploit Feedback without restriction.
- DATA RIGHTS, RESTRICTIONS AND PRIVACY
7.1 Client CRM Data. Dot Network will only use Client CRM Data for the purpose of providing the Services and it shall be treated as Client Confidential Information. However, Dot Network may disclose Client CRM Data to third parties solely as required to provide Services to you in accordance with the Dot Network Data Processing Addendum. For the purposes of this Agreement and to assist with compliance with Applicable Law, Dot Network is a data processor and Client is the data controller of the Client CRM Data and Dot Network shall process such Client CRM Data only in accordance with the Dot Network Data Processing Addendum.
7.2 Service Data and Campaign Data. Dot Network is the sole owner of the Service Data and the Campaign Data and may use either for any purpose allowed by Applicable Law. Dot Network grants Client a nonexclusive, perpetual, irrevocable, royalty-free, fully paid, transferable, worldwide right and license to use, reproduce, disclose, sublicense, distribute, modify, and otherwise exploit the Campaign Data in any manner allowed under Applicable Law.
7.3 Dot Network Data Privacy Responsibilities. If and to the extent Service Data or Campaign Data contain any personal data of individuals located in European Territories, Dot Network will be the data controller of such data and will process this data in compliance with Applicable Law. Dot Network will use reasonable efforts to cooperate with Client in responding to regulatory or data subject inquiries received by Client about Dot Network’s collection and processing of the Service Data or CRM Data containing personal data from individuals located in European Territories.
7.4 Client Data Privacy Responsibilities. Client will comply with all Applicable Laws that relate to individual third-party privacy and publicity rights and will be solely responsible for the operation of all websites and applications owned or operated by Client when Client uses the Services. Client will include clear and conspicuous notice consistent with Applicable Law on its websites, mobile and tablet applications that (i) discloses (and, where legally required, obtains consent to) its practices with regard to cookies, targeting and online behavioral advertising, specifically addressing its data collection, use and disclosure practices (including that by visiting Client’s site third parties, including Dot Network, may place cookies on end user browsers for this purpose, the types of data that may be collected for targeted advertising, and that data collected may be used by third parties, including Dot Network to target advertising on other sites or applications based on the end users’ online activity); and (ii) informs end users how they may opt-out from receiving targeted advertisements which may include links to by visiting the NAI website opt-out page here: http://www.networkadvertising.org/choices/ or the DAA opt-out page here: http://www.aboutads.info/ or, for end users located in European Territories, the EDAA opt-out page here: http://youronlinechoices.eu/. Client will only send personally identifiable information or personal data to Dot Network through the pixel or otherwise consistent with Dot Network’s instructions or Documentation.
7.5 Client agrees that in order for Dot Network to comply with Applicable Law in providing the Services, Client may be required to host a notice and consent collection mechanism on its website that provides Dot Network and members of its Network with consent to the placing of cookies on end users’ browsers. If Client fails to implement this mechanism (either as a feature of the Dot Network Services or through its own similar mechanism, subject to Dot Network’s approval of any such Client provided mechanism) then Dot Network may not be able to perform the Services under this Agreement.
7.6 NOTWITHSTANDING ANYTHING TO THE CONTRARY, DOT NETWORK WILL HAVE NO LIABILITY IN CONNECTION WITH, AND CLIENT SHALL INDEMNIFY, DEFEND AND HOLD DOT NETWORK HARMLESS WITH RESPECT TO: (A) CLIENT’S FAILURE TO PROVIDE NOTICES TO, OR OBTAIN CONSENTS FROM, ITS END USERS REGARDING ITS PRIVACY PRACTICES OR THE SERVICES DESCRIBED HEREIN WHICH ARE REQUIRED BY APPLICABLE LAW, (B) THE COLLECTION, USE OR DISCLOSURE OF DATA AS CONTEMPLATED IN THIS AGREEMENT, OR (C) DATA SECURITY OR DATA USE IF DOT NETWORK ACTS IN ACCORDANCE WITH CLIENT’S INSTRUCTIONS.
8.1 By Client. Client represents and warrants to Dot Network that: (i) it has the right to enter into this Agreement, to grant all rights granted and to perform its obligations under this Agreement; (ii) the Client Content and the Client websites, mobile or tablet applications (“Client Sites”) do not include, and does not give access via hyperlinks to any property containing, materials that are obscene, defamatory or contrary to any Applicable Law; (iii) Client Content and Client Sites comply at all times with the Documentation (including, but not limited to, the Dot Network guidelines and policies) and Applicable Laws in all jurisdictions where Client Ads and Client Sites are viewed; (iv) Client Sites do not display, reference, link to, or endorse any content that violates this Agreement or the Documentation; (v) the Client Content does not infringe or misappropriate the rights of any third party; and (vi) the collection, transfer, use and disclosure of Service Data or Client CRM Data in accordance with this Agreement will not violate the rights of any third party (including any customer of Client) or any statements in its own posted privacy notice or similar privacy statement.
8.2 COPPA Compliance. In accordance with the Children’s Online Privacy Protection Rule (COPPA), Client represents and warrants that it will not place Dot Network’s pixel on any website that is directed (in whole or in part) to children under the age of thirteen (13), and that it will not knowingly send to Dot Network any information derived from children under the age of thirteen (13).
8.3 By Dot Network. Dot Network represents that: (i) it has the right to enter this Agreement, to grant all rights granted, and perform its obligations; and (ii) the Technology will perform substantially in accordance with the Documentation. For any breach of this Section 8.3(ii), Dot Network’s sole liability and Client’s sole remedy will be re-performance of the Services by Dot Network or Client’s termination rights under Section 11.
8.4 Disclaimer. EXCEPT FOR THE EXPRESS REPRESENTATIONS STATED IN THIS SECTION 8, AND TO THE MAXIMUM EXTENT PERMITTED BY LAW, DOT NETWORK EXPRESSLY DISCLAIMS AND MAKES NO REPRESENTATION, WARRANTY, CONDITION, OR OTHER CONTRACTUAL TERM (COLLECTIVELY, “PROMISES”) OF ANY KIND WHETHER EXPRESS, IMPLIED, ARISING BY STATUTE, COMMON LAW OR CUSTOM. THE SERVICES AND MATERIALS MADE AVAILABLE BY DOT NETWORK UNDER THIS AGREEMENT ARE PROVIDED “AS IS” WITHOUT ANY PROMISE WHATSOEVER. EXCEPT WHERE AND TO THE EXTENT SUCH DISCLAIMERS ARE PROHIBITED BY LAW: (A) DOT NETWORK EXPRESSLY DISCLAIMS ALL IMPLIED PROMISES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, SATISFACTORY QUALITY, ACCURACY, TITLE AND NON-INFRINGEMENT, (B) DOT NETWORK DOES NOT PROMISE NON-INTERFERENCE WITH THE ENJOYMENT OF THE SERVICES OR THAT THE SERVICES WILL BE ERROR-FREE, SECURE OR UNINTERRUPTED, AND (C) DOT NETWORK MAKES NO PROMISE REGARDING THE RESULTS CLIENT WILL OBTAIN THROUGH USE OF THE SERVICES.
9.1 Client indemnification. Client will defend, indemnify, and hold harmless Dot Network and its officers, directors, employees and subsidiaries from and against all liabilities, damages and costs (including settlement costs and reasonable attorneys’ fees) arising out of any claim by a third party regarding (i) Client’s breach of this Agreement; and (ii) any violation, infringement or misappropriation of any law or third-party right (including intellectual property, property, privacy or publicity rights) by Client, the Client Content or Client CRM Data.
9.2 Dot Network Indemnification. Dot Network will defend, indemnify and hold harmless Client and its officers, directors, employees, and subsidiaries from and against all liabilities, damages and costs (including settlement costs and reasonable attorneys’ fees) arising out of any claim by a third party regarding any violation, infringement or misappropriation of any copyright, trade secret, U.S. patent or trademark by the Dot Network Materials, but excluding any software incorporated into Dot Network’s software under an open source license. In no event, will Dot Network have any liability under this Section 9.2 arising from (a) unauthorised modifications made to the Technology; (b) the Client Content; or (c) the combination of the Dot Network Materials with any third-party software, process, or service not provided by Dot Network. Dot Network’s indemnification obligations in this Section 9.2 will be Dot Network’s sole liability and Client’s sole remedy for any claims that the Services or Materials violate, infringe, or misappropriate any intellectual property right.
9.3 Indemnification Process. The indemnified party will promptly notify the indemnifying party of the claim and cooperate with the indemnifying party in defending the claim. The indemnifying party will have full control and authority over the defense, except that: (i) any settlement requiring the indemnified party to admit liability or pay any amount (not covered by the indemnifying party) requires prior written consent of the indemnified party, not to be unreasonably withheld or delayed, and (ii) the indemnified party may join in the defense with its own counsel at its own expense.
- LIMITATIONS ON LIABILITY
10.1 Disclaimer of Indirect Damages. DOT NETWORK WILL NOT, UNDER ANY CIRCUMSTANCES, BE LIABLE TO CLIENT FOR ANY LOSS OF PROFITS, LOSS OF BUSINESS (WHETHER DIRECT OR INDIRECT) OR ANY INDIRECT, CONSEQUENTIAL, INCIDENTAL, PUNITIVE, SPECIAL, OR EXEMPLARY DAMAGES RELATED TO THIS AGREEMENT, EVEN IF DOT NETWORK IS APPRISED OF THE LIKELIHOOD OF SUCH DAMAGES OCCURRING.
10.2 Cap on Liability. UNDER NO CIRCUMSTANCES WILL DOT NETWORK’S COLLECTIVE TOTAL LIABILITY ARISING OUT THIS AGREEMENT EXCEED THE TOTAL AMOUNT PAID BY CLIENT TO DOT NETWORK UNDER THIS AGREEMENT IN THE SIX MONTHS IMMEDIATELY PRECEDING THE FIRST EVENT GIVING RISE TO THE CLAIM (DETERMINED AS OF THE DATE OF ANY FINAL JUDGMENT IN AN ACTION).
10.3 Basis of the Bargain. EACH PROVISION OF THIS AGREEMENT THAT PROVIDES FOR A LIMITATION OF LIABILITY, DISCLAIMER OF WARRANTIES, OR EXCLUSION OF DAMAGES ALLOCATES THE RISKS OF THIS AGREEMENT BETWEEN THE PARTIES, IS REFLECTED IN THE PRICING OFFERED TO CLIENT, AND AS SUCH IS AN ESSENTIAL ELEMENT OF THE BASIS OF THE BARGAIN BETWEEN THE PARTIES. THESE PROVISIONS ARE SEVERABLE AND INDEPENDENT OF ALL OTHER PROVISIONS OF THIS AGREEMENT. IF ANY LIMITATION OF LIABILITY IN THIS AGREEMENT IS FOUND UNENFORCEABLE, LIABILITY WILL BE LIMITED TO THE MAXIMUM EXTENT PERMITTED BY LAW. THE LIMITATIONS IN THIS SECTION 10 WILL APPLY EVEN IF A REMEDY FAILS OF ITS ESSENTIAL PURPOSE.
- TERM AND TERMINATION
11.1 Term and Termination. Unless otherwise terminated, this Agreement will remain in full force and effect while Client uses the Services and will terminate upon written notice of cancellation of Client’s Account by Dot Network or Client (“Term”), such termination to take effect 48 hours from receipt of such termination notice (or at such other designated time, at least 48 hours in advance).
11.2 Post-Termination Obligations. Upon termination of this Agreement (i) Dot Network will cease providing the Services and permitting access to the Platform to Client; (ii) Client will within thirty (30) days’ pay to Dot Network any fees that have accrued prior to the effective date of termination; and (iii) Client will remove the Dot Network pixel from its website and Dot Network will not be liable for any damages (or any benefit to Dot Network) resulting from Client’s failure to remove the pixel. Provided Client is not in breach of the Agreement, subject to Section 5, Dot Network may refund Client for any amounts prepaid for Services that were not performed prior to termination. The following Sections will survive expiration or termination of this Agreement: Sections 1, 6-10, 11.2, 12-13 and 15-16.
11.3 Insolvency. Dot Network may immediately terminate this Agreement and move Client to prepay pursuant to Section 5 in the event that (a) Client (i) fails to satisfy any enforceable, final and material judgment against it, (ii) fails to pay its fees as they become due or (iii) enters into or is the subject of an insolvency, receivership or bankruptcy proceeding or any other proceeding for the settlement of Client’s debts or (b) a court appoints, or Client makes an assignment of all or substantially all of its assets to, a custodian for Client or all or substantially all of its assets. Client acknowledges that Dot Network may set off any liability owed to Client against any liability for which Dot Network determines Client is liable to Dot Network related to Services under this Agreement. In the event that an Agency (but not the Agency’s applicable client) enters into or is the subject of an insolvency, receivership or bankruptcy proceeding or any other proceeding for the settlement of Client’s debts, Dot Network shall have the right to notify Client directly in effort to settle outstanding liabilities under this Agreement.
Each party retains all right, title, and interest to its own logos and trademarks. The Dot Network logos and names are trademarks of Dot Network, Inc. All other trademarks and product or company names mentioned in the Services or Dot Network Materials are the property of their respective owners and may not be used without the prior written permission of the owner. Reference to any products or services by name or otherwise does not imply endorsement by Dot Network. Notwithstanding the foregoing, Dot Network may use Client’s logos, name, and any trade names to (a) perform the Services and (b) indicate in promotional materials that Client is a client of the Dot Network Services. All goodwill derived from the use of any trademarks will inure to the benefit of the respective trademark owner.
Confidential Information includes all information disclosed by a party (the “Disclosing Party”) to the other party (the “Receiving Party”), whether of a technical, business, or other nature that the Receiving Party knows or has reason to know is the confidential, proprietary or trade secret information of the Disclosing Party. Confidential Information does not include information that: (i) was lawfully known to the Receiving Party prior to receiving the same from the Disclosing Party in connection with this Agreement; (ii) is independently developed by the Receiving Party without reference to the Confidential Information of the Disclosing Party; (iii) is lawfully acquired by the Receiving Party from another source without restriction as to use; or (iv) is or becomes part of the public domain through no act or omission of the Receiving Party. Each Receiving Party will (a) use the Disclosing Party’s Confidential Information solely for the purpose for which it is provided and as permitted under this Agreement; (b) not disclose the Disclosing Party’s Confidential Information to a third party unless the third party must access the Confidential Information to perform in accordance with this Agreement and the third party has executed a written agreement that contains terms that are substantially similar to the terms contained in this Section 13; and (c) maintain the secrecy of, and protect from unauthorised use and disclosure, the Disclosing Party’s Confidential Information to the same extent (but using no less than a reasonable degree of care) that it protects its own Confidential Information of a similar nature. If a Receiving Party is required by law to disclose the Confidential Information of the Disclosing Party, such Receiving Party must give prompt written notice (except where prohibited by law) of such requirement to the Disclosing Party before such disclosure and assist the Disclosing Party in obtaining an order protecting the Confidential Information from public disclosure. The obligations in this Section 13 will survive termination of this Agreement until the expiration of 3 years from the date of last disclosure. Notwithstanding the foregoing, with respect to a Disclosing Party’s trade secrets, the Receiving Party’s obligations under this Agreement remain in effect if the Confidential Information remains a trade secret under the United States Uniform Trade Secrets Act.
Client may assign this Agreement upon twenty (20) days written notice to Dot Network after the event of a merger, acquisition, corporate reorganisation, or sale of all or substantially all its assets. Any other attempt to transfer or assign is void. Dot Network retains the rights to assign this Agreement and delegate any or all its obligations hereunder. This Agreement will bind and inure to the benefit of the parties, their respective successors, and permitted assigns.
- RESOLVING DISPUTES: FORUM, ARBITRATION, CLASS ACTION WAIVER, GOVERNING LAW
PLEASE READ THIS SECTION CAREFULLY, AS IT INVOLVES A WAIVER OF CERTAIN RIGHTS TO BRING LEGAL PROCEEDINGS, INCLUDING AS A CLASS ACTION FOR RESIDENTS OF THE U.S.
15.1 Please contact Dot Network first! Dot Network wants to address Client’s concerns without resorting to formal legal proceedings. Before filing a claim, Client agrees to try to resolve the dispute informally by contacting Dot Network first through email@example.com or via their allocated Account Manager.
15.2 Judicial forum for disputes. Client and Dot Network agree that any judicial proceeding to resolve claims relating to this Agreement or the Services will be heard in Binding Arbitration in Johannesburg, South Africa and will be subject to the mandatory arbitration provisions below. Client and Dot Network consent to venue and personal jurisdiction in such courts.
15.3 Arbitration. Both Parties Agree to Arbitrate. Client and Dot Network agree to resolve any claims relating to this Agreement or the Services through final and binding arbitration, except as set forth under Exceptions to Agreement to Arbitrate below.
Arbitration Procedures. The The Arbitration Foundation of Southern Africa (AFSA) (http://www.arbitration.co.za/pages/default.aspx) will administer the arbitration. The arbitration will be held in the South Africa in accordance with the venue specified in Section 15.2.
Arbitration Fees and Incentives. The AFSA rules will govern payment of all arbitration fees. Dot Network will pay all arbitration fees for Client on a pre-pay plan. Dot Network will not seek its attorneys’ fees and costs in arbitration unless the arbitrator determines that Client’s claim is frivolous.
Exceptions to Agreement to Arbitrate. Either party may bring a lawsuit solely for injunctive relief to stop unauthorised use or abuse of the Services, or intellectual property infringement (for example, trademark, trade secret, copyright, or patent rights) without first engaging in arbitration or the informal dispute-resolution process described above. Arbitration will not be binding with regards to the Dot Network Materials at Dot Network’s sole discretion. If the agreement to arbitrate is found not to apply to Client or Client’s claim, Client agrees to the exclusive jurisdiction of the South African courts located in to resolve Client’s claim.
Opt-out of Agreement to Arbitrate. Client can decline this agreement to arbitrate by sending an email within 30 days of first accepting this Agreement to firstname.lastname@example.org clearly stating that Client wishes to opt out of arbitration with Dot Network and include Client’s first and last name, the company for which the account was created, and the email address associated with the account.
15.4 CLASS ACTION WAIVER. Both parties agree to resolve any disputes, claims, or controversies on an individual basis, and that any claims arising out of, relating to or in connection with this Agreement (such as with respect to their validity or enforceability), the Dot Network Materials, or any services provided by Dot Network will be brought in an individual capacity, and not on behalf of, or as part of, any purported class, consolidated, or representative proceeding.
15.5 Controlling Law. This Agreement is governed by the law of South Africa, unless otherwise required by a mandatory law of any other jurisdiction.
16.1 Amendments. Dot Network reserves the right to revise this Agreement, and Client’s rights and obligations are at all times subject to the Agreement then posted at www.dotnetwork.co. Client’s continued use of the Service constitutes acceptance. Dot Network will also endeavor to notify and give Client an opportunity to review and accept the revisions to the Agreement, which acceptance may be manifested in electronic form (such as through a click-through agreement). However, subject to applicable law, the inability to contact Clients through a valid email address regarding the revised Agreement and obtain express acceptance in no way limits the revised Agreement effectiveness and application.
16.2 Independent Parties. Dot Network is an independent contractor and not an agent of Client in the performance of this Agreement. This Agreement is not to be interpreted as evidence of an association, joint venture, partnership, or franchise between the parties. Nothing in this Agreement will be deemed to confer any third-party rights or benefits; there are no third-party beneficiaries (except the indemnitees referenced in Section 9).
16.3 Entire Agreement. This Agreement constitutes the entire agreement between the parties regarding use of the Services and will supersede all prior agreements between the parties whether, written or oral. No usage of trade or other regular practice or method of dealing between the parties will be used to modify, interpret, supplement, or alter the terms of this Agreement.
16.4 Force Majeure. Dot Network will not be liable for any delay or failure to perform as required by this Agreement because of any cause or condition beyond Dot Network’s reasonable control.
16.5 Use of Third Parties. Subject to Section 13, Dot Network may use third parties to perform its duties under this Agreement, including to serve advertisements on its behalf.
16.6 Severability. If any portion of this Agreement is held invalid or unenforceable, such invalidity or enforceability will not affect the other provisions of this Agreement, which will remain in full force and effect, and the invalid or unenforceable portion will be given effect to the greatest extent possible.
16.7 Waiver. The failure of a party to require performance of any provision will not affect that party’s right to require performance at any time thereafter, nor will a waiver of any breach or default of this Agreement or any provision of this Agreement constitute a waiver of any subsequent breach or default or a waiver of the provision itself.
16.9 Notice. All notices to Dot Network must be delivered in writing by courier, certified or registered mail (postage prepaid and return receipt requested), electronic mail, or as otherwise specified by Dot Network. Legal notices to Dot Network must be sent to email@example.com with a copy to Dot Network, 3rd floor, 1 Bompas Road, Dunkeld West, Johannesburg, South Africa, 2196 . Notices to Client will be sent to the Client Account email address on file and/or posted on the Platform dashboard and are deemed effective when sent or posted.
DATA PROCESSING ADDENDUM
Effective: May 25, 2018
This Data Processing Addendum is referred to in Section 7 of, and forms an integral part of, the Terms of Service and any applicable Product Addendum(s) (“Terms of Service”). It is effective upon acceptance of the Terms of Service.
Where Data processed under the Terms of Service is subject to Applicable Data Protection Law, Clients may enter into this Data Processing Addendum (which incorporates the European Commission’s Standard Contractual Clauses): (i) to protect the Data in accordance with the requirements of Applicable Data Protection Law; and (ii) to provide appropriate safeguards with respect to Data which may be processed outside of the European Territories.
This Data Processing Addendum reflects the Parties’ agreement with respect to the terms governing the processing of Data under the Terms of Service.
- “controller”, “processor”, “data subject”, “personal data”, “processing” (and “process”) and “special categories of personal data” shall have the meanings given in Applicable Data Protection Law; and
- “Applicable Data Protection Law” shall mean: (i) prior to May 25th 2018, the EU Data Protection Directive (Directive 95/46/EC); (ii) after May 25th 2018, the EU General Data Protection Regulation (Regulation 2016/679); (iii) the EU e-Privacy Directive (Directive 2002/58/EC); (iv) any national legislation made under or pursuant to any of (i), (ii) or (iii); and (v) any law that amends or supersedes (i), (ii), (iii) or (iv).
- Any other capitalised terms not defined in this Data Processing Addendum shall have the meaning given to them in the Terms of Service.
2. RELATIONSHIP OF THE PARTIES
The Client (the “Controller”) appoints Dot Network, as a processor to process the personal data described in Section 7.1 of the Terms of Service between the parties (the “Data”) for the purposes described the Terms of Service (or as otherwise agreed in writing by the parties) (the “Permitted Purpose”). Each party shall comply with the obligations that apply to it under Applicable Data Protection Law. If the Controller becomes aware that processing for the Permitted Purpose infringes Applicable Data Protection Law, it shall promptly inform Dot Network.
3. PROHIBITED DATA
The Controller shall not disclose (and shall not permit any data subject to disclose) any special categories of personal data to Dot Network for processing.
4. INTERNATIONAL TRANSERS
Dot Network shall not transfer the Data outside of the European Territories unless it has taken such measures as are necessary to ensure the transfer is in compliance with Applicable Data Protection Law. Such measures may include (without limitation) transferring the Data to a recipient in a country that the European Commission has decided provides adequate protection for personal data, to a recipient in the United States of America that maintains a valid and up-to-date EU-US Privacy Shield certification, to a recipient that has achieved binding corporate rules authorisation in accordance with Applicable Data Protection Law, or to a recipient that has executed standard contractual clauses adopted or approved by the European Commission.
5. STANDARD CONTRACTUAL CLAUSES
To ensure that appropriate safeguards are afforded to personal data transferred by the Controller to Dot Network, the parties hereby incorporate the Standard Contractual Clauses for data controller to data processor transfers approved by the European Commission in decision 2010/87/EU in their entirety, subject to the following requirements: (a) Appendices 1 and 2 of the Standard Contractual Clauses shall be as set out at Annex A to this Data Processing Addendum; (b) Dot Network shall be deemed to comply in full with the subprocessing requirements of Section 11 of the Standard Contractual Clauses if it complies with the requirements of Section 8 of this Data Processing Addendum; and (c) Dot Network shall be deemed to comply in full with the rights of audit Controller may have under Section 5(f) of the Standard Contractual Clauses if it complies with the requirements of Section 13 of this Data Processing Addendum.
6. CONFIDENTIALITY OF PROCESSING
Dot Network shall ensure that any person it authorises to process the Data shall protect the Data in accordance with the Controller’s confidentiality obligations under this addendum and the Terms of Service.
Dot Network shall implement appropriate technical and organisational measures as set out in Annex C to protect the Data (i) from accidental or unlawful destruction, and (ii) loss, alteration, unauthorised disclosure of, or access to the Data (a “Security Incident”).
The Controller consents to Dot Network engaging third party subprocessors to process the Data for the Permitted Purpose provided that: (i) Dot Network maintains an up-to-date list of its subprocessors to be provided to Controller upon request, which it shall update with details of any proposed change a reasonable time in advance of appointing or replacing a subprocessor; (ii) Dot Network imposes data protection terms on any subprocessor it appoints that require it to protect the Data to the standard required by Applicable Data Protection Law and this Data Processing Addendum; and (iii) Dot Network remains liable for any breach of this Clause that is caused by an act, error or omission of its subprocessor. A list of approved subprocessors is attached at Annex B. The Controller may object to Dot Network’s appointment or replacement of a subprocessor prior to its appointment or replacement, provided such objection is based on reasonable grounds relating to data protection. In such event, Dot Network will either not appoint or replace the subprocessor or, if this is not possible, the Controller may suspend or terminate the Terms of Service (without prejudice to any fees incurred by the Controller prior to suspension or termination).
9. COOPERATION AND DATA SUBJECTS’ RIGHTS
Dot Network shall provide reasonable and timely assistance to the Controller (at Controller’s expense) to enable the Controller to respond to: (i) any request from a data subject to exercise any of its rights under Applicable Data Protection Law (including its rights of access, correction, objection, erasure, restriction and data portability, as applicable); and (ii) any other correspondence, enquiry or complaint received from a data subject, regulator or other third party in connection with the processing of the Data. In the event that any such request, correspondence, enquiry or complaint is made directly to Dot Network, Dot Network shall promptly inform the Controller providing full details of the same.
10. DATA PROTECTION IMPACT ASSESSMENT
Dot Network shall provide reasonable cooperation to the Controller (at Controller’s expense) in connection with any data protection impact assessment that the Controller may be required under Applicable Data Protection Law.
11. SECURITY INCIDENTS
If it becomes aware of a confirmed Security Incident, Dot Network shall inform Controller without undue delay and shall provide reasonable information and cooperation to Controller so that Controller can fulfil any data breach reporting obligations it may have under (and in accordance with the timescales required by) Applicable Data Protection Law. Dot Network shall further take such any reasonably necessary measures and actions to remedy or mitigate the effects of the Security Incident and shall keep Controller informed of all material developments in connection with the Security Incident.
12. DELETION OR RETURN OF DATA
Upon termination or expiry of the Terms of Service, Dot Network shall (at Controller’s election) destroy or return to Controller all Data in its possession or control. This requirement shall not apply to the extent that Dot Network is required by Applicable Law to retain some or all of the Data, or to Data it has archived on back-up systems, in which event Dot Network shall securely isolate and protect from any further processing except to the extent required by such law.
Dot Network will make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in this Data Processing Addendum.
Controller agrees that it shall exercise any right of audit under Applicable Data Protection Law (or the Standard Contractual Clauses incorporated by reference in Section 5) by submitting written audit questions to Dot Network. Dot Network shall respond to such written audit questions submitted to it by Controller, provided that Controller shall not exercise this right more than once per year.
Appendix 1 to the Standard Contractual Clauses
This Appendix forms part of the Standard Contractual Clauses.
The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix.
The data exporter is (please specify briefly your activities relevant to the transfer):
- Client is the data exporter who is receiving Services under the Terms of Service.
The data importer is (please specify briefly activities relevant to the transfer):
- Dot Network is providing Services to the data exporter under the Terms of Service.
The personal data transferred concern the following categories of data subjects (please specify):
- Prospective and existing customers of the data exporter
Categories of data
The personal data transferred concern the following categories of data (please specify):
- Contact information including email address and any other affiliated contact information provided by the data exporter to the data importer to perform the Services (e.g. name, address, email, phone number, company name, job title).
Special categories of data (if appropriate)
The personal data transferred concern the following special categories of data (please specify):
The personal data transferred will be subject to the following basic processing activities (please specify):
- use in targeting and bidding for ads to be shown on publisher websites;
- aggregation and analysis for improving data importer’s services; and
- transfer and storage of personal data with data importer’s storage and data processing subprocessor, Amazon Web Services.
Appendix 2 to the Standard Contractual Clauses
This Appendix forms part of the Standard Contractual Clauses.
Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):
See Annex C.
Approved list of subprocessors
|Entity Name||Processing Activity||Location|
|Amazon Web Services||Storage||USA and Europe|
|Mailgun (only applicable where Client runs Dot Network Email Services||Sending emails||USA|
Dot Network Security Exhibit
Dot Network will commit to, at a minimum, the following security measures and may also adopt other security measures to ensure an appropriate level of security, including confidentiality, integrity, and availability, taking into account the state of the art and the costs of implementation in relation to the risks and the nature of the service the data that needs to be protected:
- Risk Management. Maintain a risk management program.
- Policies. Statements of intent on key areas of risk prevention.
- Operational Processes. Including:
- change control;
- incident response; and
- breach notification.
- Auditing. Centralised logging of security events to facilitate detection of and response to security events.
- Personnel Management. Management of human resources including background checks.
- Vendor Management. A program to manage risk created by use of third parties to manage systems and data.
- Access Control to Processing Areas. Processes to prevent unauthorised persons from gaining access to the data processing equipment where the sensitive Data is processed or used.
- Access Control to Data Processing Systems. Processes to prevent data processing systems from being used by unauthorised persons.
- Least Privilege Access. Measures to ensure that persons entitled to use data processing systems are only able to access the Data within the scope and to the extent covered by their respective access permission (authorisation) and that sensitive Data cannot be read, copied or modified or removed without authorisation.
- Transmission Control. Procedures to prevent Data from being read, copied, altered or deleted by unauthorised parties during the transmission thereof or during the transport of the data media and to ensure that it is possible to check and establish to which bodies the transfer of Data by means of data transmission facilities is envisaged.
- Storage Control. Controls when storing any sensitive Data.
- Input Control. Measures to ensure that it is possible to check and establish whether and by whom Data has been input into data processing systems or removed.
- Availability Control. Measures to ensure that Data are protected from accidental destruction or loss.
- Segregation of Processing. Procedures to ensure that Data collected for different purposes can be processed separately.
- Vulnerability Management. Systems are regularly checked for vulnerabilities and any detected are immediately remedied.
- Incident Management. Establishment of adequate and appropriate incident management.