This Mistplay Master Services Agreement (“Agreement”) is entered by and between Mistplay Inc., a Canadian corporation, and its Affiliates (collectively, “Mistplay”), and the client or advertiser identified on the Insertion Order for Mistplay Services (“Client” or “you” and its variants) (each a “Party” and together the “Parties”). This Agreement is effective as of the date of the applicable Order for Mistplay Services, or if none, then upon the last date of signature or adoption of this Agreement by both Parties (“Effective Date”).
THESE TERMS APPLY BY DEFAULT TO THE EXTENT YOU RECEIVE SERVICES IN THE ABSENCE OF AN ORDER OR IF YOU CONTINUE TO RECEIVE SERVICES AFTER AN ORDER HAS EXPIRED. If you do not agree with the foregoing, then do not accept or receive Services from Mistplay. By continuing to accept Services in the absence of a valid Order executed by authorized representatives of both parties, you agree to be bound to these terms and hereby adopt this Agreement as of the first date you receive such Services
a. Mistplay provides advertising, user acquisition, and user retention services to you via a loyalty reward program on web or mobile platforms operated and controlled by Mistplay (in each case, the “Mistplay Platform”), where End Users may discover, install, and engage with your applications or mobile games (collectively, the “Services”).
b. By entering into an Order, you engage the Services under the terms of this Agreement. Mistplay will make commercially reasonable efforts to provide you with the Services pursuant to the Order.
a. The parameters for Campaign Services can be agreed in the Order or otherwise in a writing agreed between both parties. You may supply your Applications and Ad creatives (e.g., videos, end cards, playable, or other creative assets (e.g., art, text, screenshots) for Mistplay to use in the Campaign Services. Mistplay will use commercially reasonable efforts to comply with the agreed Campaign Information and endeavor to deliver inventory for submitted campaign order(s), subject to inventory availability. Mistplay may (i) determine the size, placement, and positioning of your Applications and Ads on the Mistplay Platform; (ii) crop or resize Ads; (iii) modify Ad components (e.g., calls-to-action, end cards, text placement) in order to optimize campaign performance; and (iv) where requested by you, use creative content made available by you to create Ads and insert such Ads into your campaigns.
b. Mistplay reserves the right, in its sole discretion, to determine the mechanics of the Campaign Services. Mistplay makes no guarantee regarding the amount or level of Application installations. Mistplay does not guarantee that Applications or Ads will appear in any particular position or rank. Actual budgets, scheduling, bid prices, cost-per-install or other delivery targets or performance metrics, are not guaranteed, and you may be charged for inventory delivered in excess of your budgets. You may request to modify your Campaign Information from time to time by contacting your account manager, provided you acknowledge that it may take up to two (2) business days for a response.
c. You are responsible for (i) for all content contained within the Applications and Ads provided by you; (ii) all ad trafficking or targeting decisions made by you; (iii) all Applications, content and properties to which your Ads direct or redirect any user.
a. Experimental Services. From time to time, Mistplay may provide Services in experimental, “alpha,” “beta,” or any other in-development release form, including “preview packages” (collectively, the “Experimental Services”). You agree and acknowledge that: (i) any Experimental Services are still in development, unfinished, and may have bugs, and that such Experimental Services may not work as intended or at all; (ii) Mistplay may but has no obligation to provide any support in connection with the Experimental Services, nor any patches. Mistplay may discontinue Experimental Services at any time in its sole discretion.
b. Disclaimer. Notwithstanding anything to the contrary herein, Experimental Services are provided AS-IS, without any warranty, whether implied, expressed, or statutory. You agree that Mistplay shall not be liable for any damages or loss related to your use of the Experimental Services and that you elect to use such Services solely at your own option and risk.
a. Fees. You agree to pay all amounts due to Mistplay in accordance with the applicable Order and Campaign Information. All payments will be made in U.S. Dollars, unless otherwise set forth in the Order. Mistplay will send you the invoice at the beginning of the month for the previous month’s activity, for which payment is due thirty (30) days from the invoice date. Any Fee Dispute that is not submitted to Mistplay in writing within sixty (60) days of your receipt of the invoice is hereby deemed waived.
b. Attribution. For Fees based on CPI, all attributed installs will be reported based on the tracking records of the Attribution Partner agreed by the parties (the “Controlling Measurement”). If the difference between the Controlling Measurement and Mistplay’s measurement exceeds ten (10) percent over the applicable invoice period, then either party may request an investigation of the issue and work together in good faith to resolve the discrepant measurements.
c. Invalid Activity. Mistplay may adjust the Fees due to Invalid Activity, as evaluated and determined by Mistplay in its reasonable discretion. For evaluation of Invalid Activity, you must be able to provide evidence of Invalid Activity from a reputable third-party fraud detection supplier within thirty (10) days from the end of month that is being billed.
d. Late Fees; Overdue Payments. You acknowledge and agree that Mistplay reserves the right to suspend or cancel your campaign if your payment is late. Mistplay may charge interest on overdue amounts at the lesser of 1.5% per month or the maximum rate allowed under applicable law. You will reimburse Mistplay for all costs incurred in connection with the collection of amounts payable and past due.
e. Taxes. Fees do not include and may not be reduced to account for any taxes including any local, state, federal or foreign taxes, levies, duties or similar governmental assessments of any nature, including value-added, use or withholding taxes (collectively, “Taxes”). You are responsible for paying all Taxes associated with the services hereunder (excluding taxes based on Mistplay’s net income or property), unless you provide Mistplay with a valid tax exemption certificate authorized by the appropriate taxing authority.
b. You are solely responsible for the development, operation and maintenance of your Applications, including properly configuring your Applications for the Services in accordance with the then-current Documentation, ensuring system compatibility with the Service Assets, and resolving any customer support or claims related to your Applications.
c. To the extent your Application(s) are in the web version of the Mistplay Platform, Mistplay may need to rely on you to track the End User’s engagement with your Application(s) in order to issue rewards to such End User. Where applicable, you agree to update to the most recent version of the Service SDKs within ninety (90) days of the version's release date from Mistplay.
d. You will not and will not authorize or otherwise permit any third party to: (i) use or access the Mistplay Platform or Service Assets for any purpose other than receiving and verifying the Services under this Agreement; (ii) market, sell, lease, rent, sublicense, distribute, syndicate, transfer or otherwise make available to any third party any part of the Services or Service Assets; (iii) copy, modify, duplicate, decompile, reverse engineer, disassemble or create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Services or any of the Service Assets; (iv) remove, alter or obscure any proprietary notices (including copyright and trademark notices) on any of the Services or Service Assets; (v) access, store, distribute, introduce, or transmit any viruses, worms, defects, malware, spyware, adware, Trojan horse or any item of destructive nature through use of any of the Services, Service Assets, or any of your Applications, or fail to use reasonable commercial efforts to maintain an up to date virus-scanning program; (vi) access, store, distribute, introduce, or transmit any material into the Services which is false, deceptive, misleading, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive, facilitates illegal activity, depicts sexually explicit images, promotes unlawful violence, is discriminatory based on race, gender, colour, religious belief, sexual orientation, disability, or is otherwise illegal or causes damage or injury to any person or property; (vii) provide Ads or any materials to Mistplay that contain gambling content as defined by a platform provider (e.g., Google, Apple) and by applicable law and regulations; (viii) use any automated means or form of scraping or data extraction to access, query or otherwise collect information via the Service Assets or the Mistplay Platform, with the exception of reputable fraud detection suppliers; (ix) take any actions that interfere with, disrupt or interact in an unauthorized manner with any systems used for calculating conversions; (x) log, capture, or otherwise create any record of any data transmitted to or from the Service Assets.
d. You shall not launch into the Services any Application that is directed at children under age thirteen (13), and you shall flag or inform Mistplay in writing prior to launching any of such Applications. You shall not pass to Mistplay any (a) personal information of children under 13 as defined under COPPA or similar legislation, as applicable or (b) personal information of a consumer (as defined under the CCPA) under age sixteen (16), where applicable, unless such consumer has given consent.
e. Each party shall implement appropriate technical and organizational measures to protect the personal data (i) from accidental or unlawful destruction, and (ii) loss, alteration, unauthorized disclosure of, or access to the personal data (a "Security Incident"). In the event that a party suffers a confirmed Security Incident, it shall notify the other party without undue delay and both parties shall cooperate in good faith to agree and action such measures as may be necessary to mitigate or remedy the effects of the Security Incident. Nothing herein prohibits either party from moving forward to notify regulatory authorities as may be required by law prior to notification of the other party so long as the notifying party provides notification to the other party without undue delay.
f. The EU Data Processing Addendum for Mistplay Services (“EU Addendum”) attached hereto is an integral part of this Agreement. The terms of the Addendum are only applicable to the extent Mistplay receives or processes data that is regulated by EU Data Protection Law, as defined in the Addendum.
a. You own all rights, title and interest in and to (a) your Applications and Your Data; and (b) Deliverables, including Ad creatives, that Mistplay develops specifically for you and which have been accepted and separately paid for by you. For the avoidance of doubt, creatives provided by Mistplay that are not separately paid for by you are not Deliverables; rather, they are Service Assets can only be used within the Services. To the extent Deliverables contain Mistplay Materials, Mistplay hereby grants to you a perpetual, worldwide, royalty-free, non-exclusive license to the Mistplay Materials as incorporated into or embedded in the Deliverables. You hereby grant to Mistplay a worldwide, royalty-free license to use and display the Deliverables in performing the Services for you.
b. Mistplay owns all right, title, and interest in and to the Mistplay Platform, Mistplay Data, Services and Service Assets, including all derivatives and modifications thereto. All rights not expressly granted are reserved by Mistplay.
c. You are not required to provide feedback to Mistplay. To the extent you provide any feedback, suggestions, or recommendations to Mistplay, you hereby grant an irrevocable, royalty free, fully paid up, worldwide license to any such ideas, concepts, modifications, suggestions, improvements, enhancements and information arising out of or related to your use of the Services or Service Assets.
d. Subject to your compliance with the terms of this Agreement, Mistplay grants you a worldwide, royalty-free, limited, revocable, non-exclusive,
non-transferable, non-sublicensable license during the Term to (i) access and use the Services and Service Assets in accordance with this Agreement and the applicable Documentation and Policies; and (ii) use and integrate the Service SDKs or Service APIs in your Applications in accordance with the applicable Documentation and Policies.
e. The Services may include advertising of your Applications on the Mistplay Platform to End Users. You hereby grant to Mistplay a worldwide, non-exclusive, royalty-free license to: (a) access, display, and permit installation by an End User of your Application on the Mistplay Platform; (b) reproduce, display, distribute and use your Applications, including their associated content, logos, name, and any trade names, in advertising, sales, marketing, promotional materials or communications related to the Services, by Mistplay or any of its Affiliates; (c) use, reproduce, and display the Deliverables, including Ad creatives, as part of the Services; and (d) to collect, use, and share Your Data in connection with the Services, for reporting purposes, and in response to a legal demand or process.
Each party shall maintain in strict confidence all Confidential Information of the other party and only use the other party’s Confidential Information for the Services and enhancement thereof. Each party shall not, without the express prior written consent of such other party, disclose such Confidential Information or use such Confidential Information other than in furtherance of its obligations hereunder. Confidential Information includes all information that is designated as confidential or that given the circumstances a reasonable person would conclude to be confidential. Confidential Information shall not include information which: (a) is or becomes publicly known through no wrongful act or omission of the Receiving Party; (b) was rightfully known by the Receiving Party without restriction on use and disclosure, before receipt from the Disclosing Party; (c) becomes rightfully known to the Receiving Party without confidential or proprietary restriction from a source other than the Disclosing Party that does not owe a duty of confidentiality to the Disclosing Party with respect to such Confidential Information; or (d) is independently developed by the Receiving Party without use of or reference to the Confidential Information of the Disclosing Party. Each party agrees to use at least the same degree of care to prevent unauthorized use and disclosure of Confidential Information as such party uses with respect to its own confidential information of like importance (but in no event less than a reasonable degree of care). Any party that discloses of Confidential Information of the other party hereunder must require the recipient to be bound in writing by restrictions regarding disclosure and use of such information comparable to and no less restrictive than those set forth herein.
a. Term. This Agreement will begin upon the Effective Date and remain in effect for twelve (12) months (“Initial Term”). At the end of the Initial Term, this Agreement shall automatically renew for consecutive twelve-month periods (each a “Renewal Term”) until there are no outstanding Order(s) between the parties or until you no longer receive Services from Mistplay, whichever is later.
b. Termination. Either party may terminate this Agreement with immediate effect upon giving written notice to the other party if: (i) the other party commits a material breach of this Agreement which breach is irremediable or, in the event of a remediable breach, the other party has failed to remedy that breach within a period of ten (10) days after being notified in writing to do so; or (ii) the other party becomes the subject of a voluntary or involuntary proceeding concerning insolvency, receivership, liquidation, or composition for the benefit of creditors. In addition, Mistplay may terminate this Agreement and any Order for convenience by providing at least forty-eight (48) hours prior written notice to you.
c. Effect of Termination. Upon termination of this Agreement for any reason: (i) you shall immediately cease using the Services; (ii) promptly return or destroy Mistplay Confidential Information in your possession; and (iii) pay to Mistplay all outstanding unpaid invoices. Mistplay will be entitled to deduct any outstanding charges from your billing account.
a. Mutual Representations and Warranties. Each Party represents and warrants to the other Party that: (i) it has the full power and authority to enter into this Agreement; (ii) the execution of this Agreement and performance of its obligations under this Agreement do not and will not violate any other agreement to which it is a party; and (iii) any and all activities it undertakes in connection with this Agreement will be performed in compliance in all material respects with applicable laws, rules and regulations.
c. International Compliance. You represent and warrant that you: (i) are not located in, under the control of, or a national or resident of any country to that is embargoed under Sanctions Laws; (ii) have not violated, will not violate, and will not cause Mistplay or any of its directors, officers, employees agents or representatives to violate any Sanctions Laws; (iii) will not use the Services to target Ads to, countries, entities, or individuals subject to U.S. trade sanctions or other U.S. export control; (iv) will not use the Services to engage, involve or include, directly or indirectly, any person or in any other manner benefit any person that is on any Sanctions List or is otherwise targeted, designated, listed, denied or in any other manner is the subject of Sanctions Laws; and (v) will not access or use the Services if any applicable laws prohibit you from doing so in accordance with this Agreement. If Mistplay, in its reasonable good faith judgement determines that this Agreement should be terminated immediately to avoid Mistplay being in violation of Sanctions Laws or any of its directors, officers, employees, agents or representatives or any of its assets or interest being subject to any fines, penalties, confiscation, incarceration or similar liability or action under any Sanction Laws including by virtue of you being a Sanctioned Person or situated in a territory, region or country that is embargoed under Sanctions Laws, Mistplay shall be entitled to immediately terminate this Agreement upon written notice to you with no liability whatsoever.
a. Indemnification by Mistplay. Mistplay will indemnify, defend, and hold you harmless from and against third party claims, demands, suits, or proceedings based on allegations that the Mistplay Platform or Service Assets infringes such third party’s valid patent, copyright, or trademark. The foregoing indemnification obligation will not apply if the infringement claim arises from: (a) modification of the Services by any party other than Mistplay; (b) combination of the Services with your Applications, your Ads, or any materials that you provide to Mistplay; (c) your use of the Services violation of, or for purposes not intended by, this Agreement; or (d) claims due to any third party applications. Mistplay may, in its sole discretion, use commercially reasonable efforts to (i) procure for you the ability to continue using the Services; (ii) replace the Services with other non-infringing services of substantially equivalent functions; (iii) modify the applicable Services or Service Assets so that there is no longer any infringement; or (iv) terminate this Agreement. THIS PARAGRAPH SETS FORTH MISTPLAY’S SOLE LIABILITY AND YOUR SOLE AND EXCLUSIVE REMEDY WITH RESPECT TO ANY THIRD PARTY CLAIM OF INTELLECTUAL PROPERTY INFRINGEMENT BY MISTPLAY.
b. Indemnification by You. You will indemnify, defend and hold harmless Mistplay and its Affiliates and each of the foregoing’s respective officers, directors, employees, agents on demand from and against any third party claims, suits, actions or allegations, losses, costs, liabilities, damages, penalties, settlements, judgments, fees and expenses (including reasonable attorneys’ fees and expenses) arising out of or related to: (a) breach by you of any part of this Agreement, including any of your obligations, representations, and warranties; (b) claim that any of your Applications, Ads, or any content, materials, information, data or items you provide to Mistplay infringe upon, violate or misappropriate any third party’s intellectual property rights, privacy rights, rights of publicity or other rights; (c) Mistplay’s use of any content or materials that you request Mistplay to use; and (d) violation or failure by you or your
third-party business partners to comply with any laws or regulations in connection with your Applications, collection of data, or use of the Services.
c. General Indemnity Provisions. In all cases in which a party seeks indemnification and/or defense hereunder, the indemnitee shall provide the indemnitor with prompt written notice of such Claim, reasonable cooperation and assistance to the indemnitor in connection with such Claims, and full control and authority to investigate, defend and settle such Claims, subject to prior approval by the indemnitee. The indemnification obligations of each party do not apply to the extent that a claim arises out of the other party’s violation of this Agreement.
This Agreement and the relationship between the parties will be governed by and construed in accordance with the laws of the State of New York, United States of America, without regard to or application of conflict of laws rules or principles. The United Nations Convention on Contracts for the International Sale of Goods will not apply. The parties agree to submit to the exclusive jurisdiction of the state and federal courts in the City and State of New York, United States of America, and hereby waive any and all jurisdictional and venue defenses otherwise available. YOU AND MISTPLAY AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR ITS INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING. Notwithstanding the foregoing, either party may bring an action in any court to enforce its intellectual property or other proprietary rights (including to seek injunctive relief) or otherwise to seek temporary, preliminary or other expedited or provisional injunctive relief.
EXCEPT FOR THE WARRANTIES EXPRESSLY STATED HEREIN, MISTPLAY AND ITS AFFILIATES DISCLAIM ANY AND ALL OTHER WARRANTIES (EXPRESS, IMPLIED, STATUTORY OR OTHERWISE), INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. ALL SERVICES, CONTENT, MATERIALS, INFORMATION, AND DATA FROM MISTPLAY ARE PROVIDED “AS-IS” AND WITHOUT WARRANTIES OF ANY KIND. THERE IS NO WARRANTY THAT THE SERVICES, MATERIALS, DELIVERABLES, DATA, OR INFORMATION FROM MISTPLAY ARE ACCURATE, COMPLETE, RELIABLE OR CURRENT OR THAT THE OPERATION OF THE SERVICES OR THE MISTPLAY PLATFORM WILL PERFORM UNINTERRUPTED OR ERROR FREE. MISTPLAY SPECIFICALLY DISCLAIMS ANY WARRANTY THAT YOU WILL EARN ANY PARTICULAR AMOUNTS (OR ANY AMOUNTS AT ALL), THAT MISTPLAY WILL OPTIMIZE ANY KEY PERFORMANCE INDICATOR, OR ANY OTHER PARTICULAR BENEFITS WILL BE OBTAINED THROUGH THE USE OF THE SERVICES, THE MISTPLAY PLATFORM, OR SERVICES ASSETS.
NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY, WHETHER IN CONTRACT OR TORT, FOR INDIRECT, INCIDENTAL, PUNITIVE, SPECIAL OR CONSEQUENTIAL DAMAGES, LOST INCOME, REVENUE OR PROFITS, LOST OR DAMAGED DATA, COST OF PROCURING SUBSTITUTE PRODUCTS OR SERVICES, OR LOSS OF GOODWILL RELATING TO THIS AGREEMENT, EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR EVEN IF SUCH DAMAGES ARE FORESEEABLE. EACH PARTY’S TOTAL AGGREGATE LIABILITY RELATING TO THIS AGREEMENT SHALL NOT EXCEED THE GREATER OF (A) THE AMOUNT PAID OR PAYABLE BY YOU TO MISTPLAY IN THE TWELVE (12) MONTH PERIOD PRIOR TO THE EVENT GIVING RISE TO THE CLAIM OR (B) ONE-HUNDRED THOUSAND U.S. DOLLARS ($100,000.00). THE FOREGOING EXCLUSIONS AND LIMITATIONS DO NOT APPLY TO YOUR PAYMENT OBLIGATIONS OR A PARTY’S INDEMNIFICATION OBLIGATIONS IN SECTION 11, MISAPPROPRIATION OR DISCLOSURE IN BREACH OF CONFIDENTIALITY OBLIGATIONS IN SECTION 8, OR GROSS NEGLIGENCE OR WILFUL MISCONDUCT.
Notices to you will be sent by email to the address you provide Mistplay. Notices to Mistplay will be sent by email at email@example.com; provided, however, that any notice to Mistplay concerning contract breach, indemnification or any other legal concern (collectively, the “Legal Notices”) will also be made in writing and delivered by hand delivery, or by internationally recognized overnight courier service, or by prepaid, certified mail return receipt requested to 481 Viger Ave W, 3rd Floor, Montreal (QC) H2Z 1G6, Canada, Attn: Legal Department. Notices will be effective upon receipt; provided that notices sent by email will be effective as of the email date absent receipt by the sender of a bounce back or error message, and provided, further, that Legal Notices to Mistplay will be effective only if made and delivered in the manner expressly set forth above.
This Agreement, together with the applicable Order, set forth the entire agreement between you and Mistplay relating in any way to the Services and Services Assets and supersede any and all prior terms and agreements (whether written or oral) with respect to that subject matter. In the event of a conflict between this Agreement and any Order, the terms and conditions of the Order will prevail. All sections that by their nature apply after this Agreement ends will survive any termination or cancellation of this Agreement.
Neither party shall be responsible for failure to perform any obligations hereunder (other than the obligation to pay amounts due) due to a cause beyond its reasonable control, including, without limitation, terrorism, fire, civil disturbance, war, rebellion, earthquake, flood and similar occurrences, provided that performance shall resume as soon as possible after the cause no longer prevents performance.
Mistplay and you are independent contractors, and neither Mistplay nor you is an agent, representative or partner of the other. You agree that any claim arising from or related to this Agreement must be filed within one (1) year after the claim arose; otherwise, the claim will be permanently barred where permitted by applicable law. If any provision of this Agreement is determined to be invalid, illegal, or unenforceable in any respect under any applicable law, then such provision will be severed and replaced with a new provision that most closely reflects the original intention of the parties, and the remaining provisions will remain in full force and effect. This Agreement, and any rights and licenses granted hereunder, may not be transferred or assigned by you, except in the case of a merger, acquisition, or sale of substantially all of your assets. All remedies available to either Party for breach of this Agreement under this Agreement, at law, or in equity, are cumulative and nonexclusive. Nothing in this Agreement shall be deemed or interpreted to create any third party beneficiaries, or confer any rights in any third parties.
By executing an Order incorporating these terms, or by using the Mistplay Services in the absence of a signed Order, Mistplay and Client has agreed to the terms of this Agreement, effective as of the same date of the Order or the start of the Services, whichever is earlier.
This EU Data Processing Addendum for Mistplay Services (“EU Addendum”) to the Mistplay Master Services Agreement is applicable only to the extent You export to Mistplay personal data that is protected or otherwise regulated by European Data Protection Law (defined below). Capitalized terms used in this Addendum shall have the meaning given to them in the main body of the Mistplay Master Services Agreement unless otherwise defined in this EU Addendum.
2.1 "controller", "processor", "data subject", "personal data", “personal data breach”, and "processing" (and "process") have the meanings given in applicable EU Data Protection Law.
2.2 "EU Data Protection Law" means as applicable to a party in its Processing of Data: (i) Regulation 2016/679 (the European General Data Protection Regulation (“GDPR”); (ii) the EU e-Privacy Directive (Directive 2002/58/EC) (“e-Privacy Directive”); (iii) all national implementations of (i) and (ii); (iv) the Swiss Federal Data Protection Act of 19 June 1992 and its corresponding ordinances (“Swiss DPA“); and (v) in respect of the United Kingdom, GDPR as it forms part of United Kingdom law pursuant to Section 3 of the European Union (Withdrawal) Act 2018 and the Data Protection Act 2018 the (together, “UK Privacy Law“); in each case, as may be amended, superseded or replaced from time to time.
2.3 “GDPR” means the EU General Data Protection Regulation 2016/679, as amended or updated.
2.4 “Restricted Transfer” means: (i) where the GDPR applies, a transfer of Personal Data from the European Economic Area to a country outside of the European Economic Area which is not subject to an adequacy determination by the European Commission; (ii) where the UK Privacy Law applies, a transfer of Personal Data from the United Kingdom to any other country which is not based on adequacy regulations pursuant to section 17A of the United Kingdom Data Protection Act 2018; and (iii) where the Swiss DPA applies, a transfer of Personal Data to a country outside of Switzerland which is not included on the list of adequate jurisdictions published by the Swiss Federal Data Protection and Information Commissioner.
2.5 “Standard Contractual Clauses” or “SCCs” means Module 1 (Controller to Controller) of the contractual clauses annexed to the European Commission’s Implementing Decision 2021/914 of 4 June 2021 located at https://ec.europa.eu/info/system/files/1_en_annexe_acte_autonome_cp_part1_v5_0.pdf.
2.6 “UK Addendum” means the International Data Transfer Addendum (version B1.0) to the EU Commission Standard Contractual Clauses issued by UK Information Commissioners Office under S.119(A) of the UK Data Protection Act 2018, as amended, superseded or replaced from time to time.
3.1 Control/Application of the EU Addendum. In the event of any conflict or discrepancy among the SCCs, the Order, the Agreement, and the terms and conditions of this EU Addendum, the following order of precedence will apply: (a) the SCCs (where applicable), (b) this EU Addendum (where applicable), (c) the Order, and (d) the remainder of the Agreement.
3.2 Governing Law. This EU Addendum will be governed by the laws of the applicable jurisdiction. In all other cases, this EU Addendum will be governed by the laws of the jurisdiction set forth in the Agreement.
3.3 Relationship of the Parties. The parties acknowledge and agree in connection with the processing of personal data, each party (a) is an independent controller of the personal data under EU Data Protection Law; (b) will individually determine the purposes and means of its processing of personal data; and (c) will comply with the obligations applicable to it under EU Data Protection Law with respect to the personal data.
3.5 Prohibited Data Sharing. Client shall not include or launch any Application on to the Mistplay Platform or into the Services such Application is directed at any data subject that is deemed a child under applicable privacy or consumer protection laws of the country in which the child resides. Client shall not pass to Mistplay any Personal Data of any data subject that is deemed a child under such laws.
3.6 Co-operation; Data Subject Rights. The parties shall, on request, provide each other with all reasonable and timely assistance (at their own expense) and co-operation to enable the other party to comply with its obligations under EU Data Protection Law, including cooperation in order to enable the other party to respond to: (i) any request from a data subject to exercise any of its rights under European Data Protection Law (including its rights of access, correction, objection, erasure and data portability, as applicable) in relation to the Data; and (ii) any other correspondence, enquiry or complaint received from a data subject, regulator or other third party in connection with the processing of the Data (“Correspondence”). Each party shall promptly inform the other if it receives any Correspondence directly from a data subject in relation to the Data. Subject to obligations of confidentiality and polices on disclosure of information, where a party has a concern that the other party has not complied with this EU Addendum, the parties agree to exchange information to ascertain the cause of such non-compliance and take reasonable steps to remediate.
3.7 Noncompliance. If Client is unable to comply with its consent and notice obligations under the Agreement (including this EU Addendum) in respect of the Data, Client shall promptly notify Mistplay.
3.8 Transfers of Personal Data.
4.1 Mistplay may update the terms of this EU Addendum from time to time, as may be required to comply with EU Data Protection Law, applicable regulation, court order, or regulatory guidance. If Client objects to any such change, Client may terminate the Agreement by giving thirty (30) days prior written notice to Mistplay.
By executing an Order incorporating the Agreement, or by using the Mistplay Services in the absence of a signed Order, Mistplay and Client has agreed to the terms of this Agreement, effective as of the same date of the Order or the start of the Services, whichever is earlier.
A. LIST OF PARTIES
Data exporter(s): See Order
Address: See Order
Contact person’s name, position and contact details: See Addendum
Activities relevant to the data transferred under these Clauses: Storing and analyzing data to carry out the purposes of the data transfer
Date: See Order
Signature: See Order
Role (controller/processor): Controller
Data importer(s): Mistplay Inc.,
Address: 481 Ave Viger West, Suite 300, Montreal (QC) H2Z 1G6, Canada
Contact person’s name, position and contact details:
Activities relevant to the data transferred under these Clauses:
Date: See Order
Signature:_ See Order
Role (controller)/processor): Controller
B. DESCRIPTION OF TRANSFER
Categories of data subjects whose personal data is transferred
Categories of personal data transferred
Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.
The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).
Nature of the processing
Purpose(s) of the data transfer and further processing
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period
Mistplay retains personal data for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law. The criteria used to determine our retention periods include:
For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing
C. COMPETENT SUPERVISORY AUTHORITY
The competent supervisory authority will be (i) for Personal Data protected by the GDPR, determined in accordance with Clause 13 of the Standard Contractual Clauses; (ii) for Personal Data protected by the Swiss DPA, the Federal Data Protection and Information Commissioner (“FDPIC”); and (iii) for Personal Data protection by UK Privacy Law, the Information Commissioners Office (the “ICO”).
List of sub-processors available inside of your account settings page, or upon request to firstname.lastname@example.org
The technical and organizational measures implemented by data importer (including any relevant certifications) to maintain an appropriate level of security taking into account the nature, scope, context and purposes of the processing, and the risks for the rights and freedoms of natural persons, are as follows:
1. Inventory of Authorized and Unauthorized Devices.
Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.
2. Inventory of Authorized and Unauthorized Software.
Actively manage (inventory, track, and correct) all software on the network so that only authorized software is installed and can execute, and unauthorized and unmanaged software is detected and removed.
3. Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers.
Establish, implement, and actively manage (track, report on, and correct) the security configuration of laptops, servers, and workstations using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings.
4. Continuous Vulnerability Assessment and Remediation.
Continuously acquire, assess, and act on new information in order to identify vulnerabilities, and to remediate and minimize the window of opportunity for attackers.
5. Controlled Use of Administrative Privileges.
Track, control, prevent, and correct the use, assignment, and configuration of administrative privileges on computers, networks, and applications.
6. Maintenance, Monitoring, and Analysis of Audit Logs.
Collect, manage, and analyze audit logs of events that could help detect, understand, or recover from an attack. Verify logs periodically to propose remediation efforts, if necessary, in accordance with good industry practice.
7. Email and Web Browser Protections.
Minimize the attack surface and the opportunities for attackers to manipulate human behavior through their interaction with web browsers and e-mail systems.
8. Malware Defenses.
Control the installation, spread, and execution of malicious code at multiple points in the enterprise, while optimizing the use of automation to enable rapid updating of defense, data gathering, and corrective action.
9. Limitation and Control of Network Ports, Protocols, and Services.
Manage (track, control, and correct) the ongoing operational use of ports, protocols, and services on networked devices in order to minimize windows of vulnerability available to attackers.
10. Data Recovery Capability.
Properly back up critical information with a proven methodology for timely recovery of Data in the event of a physical or technical incident. Maintain emergency and contingency plans for the facilities and systems that process Data.
11. Secure Configurations for Network Devices such as Firewalls, Routers, and Switches.
Establish, implement, and actively manage (track, report on, and correct) the security configuration of network infrastructure devices using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings.
12. Boundary Defense.
Detect, prevent, and correct the flow of information transferring networks of different trust levels with a focus on security-damaging data.
13. Data Protection.
Prevent data exfiltration, mitigate the effects of exfiltrated data, and ensure the privacy and integrity of Personal Data or other sensitive information.
14. Controlled Access Based on the Need to Know.
Track, control, prevent, correct, and secure access to critical assets (e.g., information, resources, systems) according to the formal determination of which persons, computers, and applications have a need and right to access these critical assets based on an approved classification. Pseudonymise personal data where possible.
15. Wireless Access Control.
Track, control, prevent, and correct the security use of wireless local area networks (LANS), access points, and wireless client systems.
16. Account Monitoring and Control: User identification and authorisation.
Actively manage the lifecycle of system and application accounts – their creation, use, dormancy, deletion – in order to minimize opportunities for attackers to leverage them.
17. Security Skills Assessment and Appropriate Training.
Identify the specific knowledge, skills, and abilities needed to support defense of the enterprise; develop and execute an integrated plan to assess, identify and remediate gaps, through policy, organizational planning, training, and awareness programs for all functional roles in the organization.
18. Application Software Security.
Manage the security lifecycle of all in-house developed and acquired software in order to prevent, detect, and correct security weaknesses.
19. Incident Response and Management.
Protect the Data, by developing and implementing an incident response infrastructure (e.g., plans, defined roles, training, communications, management oversight). Maintains a record of incidents with a description of the breach, the time period, the consequences of the breach, the name of the reporter, and to whom the breach was reported, and the procedure for recovering data.
20. Processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures in order to ensure the security of the processing, including Penetration Tests and Red Team Exercises.
Test the overall strength of an organization’s defences (technology, processes, and people) by simulating the objectives and actions of an attacker. Undertake penetration tests at appropriate intervals to ensure the integrity and confidentiality of the relevant systems.
21. Measures for allowing data portability and ensuring erasure/data retention.
Embed the knowledge and capabilities to ensure that the data subject rights can be fully complied with in a timely manner. Ensure that data can be fully and irreversibly deleted where required.
22. Encryption or functionally equivalent technology and authentication controls.
Implement and maintain encryption or functionally equivalent technology in accordance with good industry practice to protect Data. This includes measures for the protection of data during transmission and storage. Ensure strong authentication mechanisms, such as two-factor authentication or industry standard password protection practices. Store passwords in a way that makes them unintelligible while they are in force and renew passwords regularly.
23. Confidentiality, integrity, availability and resilience.
Implement, maintain and continually evaluate at regular intervals, reasonable and appropriate physical, technical and organizational measures to ensure the ongoing integrity, confidentiality and availability of Data, and the resilience of systems and services Processing Data, as appropriate to the nature and scope of Partner’s business. This includes ensuring data minimisation and data quality.
24. Governance and Accountability.
Ensure that relevant teams, including IT, IS and cybersecurity, have implemented a security program with effective governance and management structures to protect Data. This shall include senior management oversight and up to date policies and frameworks which can demonstrate accountability. This may include relevant certifications or assurances.
25. Physical security.
Protect any physical locations where Data may be stored, including by staff training, physical barriers, access control validation (e.g. access cards), CCTV, logs, security personnel and other acceptable physical security mechanisms.