AD NETWORK AND OPERATION AGREEMENT

General Terms and Conditions for the Publisher 

These General Terms and Conditions (“General Conditions“), including all special conditions set out in the Annexes (“Special Conditions“) govern the relationship between Adapex and the Partner as identified in the Purchase Order. Adapex and the Partner are referred to individually as the “Party” and jointly as the “Parties“. These General Terms and Conditions, the Purchase Order and the Special Terms and Conditions together constitute the “Agreement.” This Agreement applies to the provision of the Adapex Services, as defined below, made available through the Platform.  By clicking on accept or signing the contract, the Partner accepts all the terms of these Special Conditions included in this Agreement. If the Partner does not intend to accept the terms of this Agreement, the Partner must immediately stop using the Adapex Services. The use of the Adapex Services will be considered as tacit acceptance of the Agreement. This Agreement shall be effective from the date the Partner accepts it by clicking on “I have read and accept” present on the Adapex Platform or signing the contract ) or as otherwise agreed with Adapex (“Effective Date“) and shall be effective until terminated in accordance with the terms of this Agreement.

OBJECT

1. This Agreement applies to Adapex’s advertising solution which enables the Partner to monetise its advertising inventory. Adapex advertising solutions are composed of the services described in greater detail in these General Conditions and/or in the Special Conditions, where applicable (each a “Service” and jointly the “Services“. The Services shall be agreed between the Parties by means of a Purchase Order and/or the Platform and/or by e-mail and provided in accordance with this Agreement. The Partner may subscribe to one or more Services at the same time and/or decide to add new Services during the term of this Agreement.
2. Adapex Services facilitate the placement of advertisements in the various dedicated spaces within the Properties and the display of advertisements on the Properties using Adapex Formats.

DEFINITIONS

1. For the purposes of this Agreement, the  Adapex Definitions  contained in this  link shall apply. The terms “including”, “such as” or “for example” shall be construed without limitation in respect of the following terms. 

IMPLEMENTATION AND OPERATION 

1. Partner will comply with all technical requirements provided by Adapex for use of the Platform and access to the Services. Partner agrees not to remove the Tags and/or disable the SDK integration without providing Adapex with five (5) business days prior written notice. Partner may suspend the Tags by providing Adapex with 24 hours written notice. Adapex will provide the Partner with the necessary guidelines (an email will suffice for this purpose).
2. The Partner acknowledges and accepts that Adapex will organize and manage the placement of Advertisements (monetising through programmatic and/or non-programmatic protocols, directly and/or through third parties).The Partner acknowledges that an unforeseen event and/or any significant event related to the industry or third party standards to which Adapex is subject, occurring during the term of the Agreement, which results in a significant technological or economic change beyond Adapex’s control may directly and/or indirectly affect Adapex’s performance of its obligations and the economic balance of the Agreement as determined at the time of signing the Agreement. In such a case, Adapex will inform the Partner, and the Parties undertake to seek in good faith an appropriate solution for the continuation of the Agreement. If the Parties are unable to agree on a solution within ten (10) working days, Adapex shall be entitled to terminate the Agreement by giving the Partner five (5) days’ written notice by e-mail or other equivalent means.
3. Partner agrees to comply with the technical implementation instructions provided by Adapex from time to time in order to enable the optimisation of the Adapex Services on the Partner’s Property.

PLATFORM ACCESS 

1. Adapex grants access to the Platform for Users through the use of the username and password communicated by Adapex to the Partner or which the Partner has set himself when creating his account on the Platform (“Identification Data“). The Identification Data is confidential and can only be modified by the Partner or, at Partner request, by Adapex.
2. The Partner is responsible for the confidentiality and security of the Identifying Data and will not provide access to the Identifying Data to third parties, unless they are Platform Users authorized by the Partner. The Partner is fully responsible for all activities carried out on its account and for any consequences resulting from the use of the Identifying Data, including any loss, theft, appropriation and/or fraudulent use of the Identifying Data. 
3. The Partner shall provide all information requested during the registration process. The Partner must regularly check and update the registration information to ensure that it remains accurate, current and complete. Adapex will not be responsible for any problems relating to the operation of the Platform or the Services caused by the information provided by the Partner.

PLATFORM USE

1. The Partner agrees to use the Platform in accordance with the “Platform General Terms and Conditions of Use”. 
2. The Partner explicitly recognizes and accepts that Adapex Network Members will determine the validity of the traffic and the validity of the Impression generated. If any Adapex Network Members considers, in its discretion, that the traffic or any Impression is invalid, such Impressions will not be taken into account for the purpose of calculating the compensation due to the Partner under this Agreement.
3. In case the Partner generates a disproportionate amount of invalid traffic Adapex reserves the right to terminate  the contract and retain the compensation due to the Partner under this Agreement. 
4. In the event that the Partner is not the owner of the Properties on which the Advertisements are shown through the Platform, the Partner guarantees that it (i) holds the necessary rights to the Properties and the content appearing thereon; and (ii) is authorized to use the Properties for the purposes of this Agreement. The Partner shall be responsible for compliance with the conditions prescribed for the use of the Platform and the conditions of this Agreement by the Platform Users.
5. In addition, the Partner agrees to: (i) follow Adapex’s instructions in relation to the use of the Platform; and (ii) immediately inform Adapex of any event that may affect its ability to comply with the terms of this Agreement. 
6. The Partner will comply with all Adapex policies in relation to the use of the Platform, including the Adapex Privacy Policy available at the web address https://adapex.io/privacy-policy/ or different URL provided by Adapex from time to time (“Privacy Policy“).  The Partner acknowledges that any Policy may be updated from time to time by Adapex, which will provide the Partner with specific notice thereof.
7. Adapex may, at its sole discretion, with or without notice, temporarily or permanently suspend the Partner’s use of the Platform, without incurring any liability whatsoever. 
8. Adapex may deactivate any unused account for six (6) consecutive months for security reasons. If the Partner wishes to reactivate the account, upon request, Adapex will send the Partner new Identification Data to access the Platform. In the case of an account that has been inactive for at least twelve (12) months, Adapex will have the right to terminate the Agreement, without having to provide any further reasons.

PRICES, INVOICING AND PAYMENTS

1. Partner agrees to allow Adapex a revshare in the amount set out in the Purchase Order for all advertising revenue generated by AdApex each month. Revenues will be based on net advertiser numbers (net of advertiser commissions, service fees and invalid traffic costs) and will be collected by AdApex, then paid on a monthly basis, net 60 days . Payments will be paid to the Partner in the first week of each month. The minimum monthly payment threshold is $200. Unpaid revenue will accrue until the minimum threshold is reached. In the event of termination of this Agreement mid-month for any reason, revenues and revshare will be paid pro-rata.
2. Adapex Network Partners measure Impressions and other metrics against which fees are calculated. The Partner shall have access to a dashboard through the Platform that provides access to economic reporting as well as other statistics and measurements related to his account (“Matrix“).  The Partner accepts that all Adapex measurements and statistics are final and binding. 
3. The fees are calculated on the basis of the Dynamic CPM in accordance with the conditions stated on the Platform and agreed between the Parties. However, the Parties may agree to use any other metric. In this case, the Partner and Adapex will agree on the applicable metric, which will be formalized in the Purchase Order or via email (as the case may be) and which may be modified from time to time when expressly agreed between the Parties. In the event of a conflict, the metric agreed by the Parties by email shall prevail.
4. It is expressly agreed between the Parties that Adapex reserves the right to revise its pricing conditions during the term of the Agreement. In this case, Adapex will provide a 30-day written notice to the Partner (an e-mail will suffice). 
5. The Partner acknowledges that, in some cases, Adapex will have to make changes to the statistics reported on the Platform. In the event that the difference between Adapex’s and the Partner’s measurement exceeds ten percent (10%), the Partner shall notify Adapex within 15 days of the end of the billing month and the Parties shall attempt to remedy the divergence in good faith. 
6. Partner acknowledges that, where required by tax or governmental authorities, third party network providers or advertisers may deduct from advances, commissions and/or other payments to Customer hereunder any tax or other taxation or governmental charge or levy which they are obliged to deduct from such payments as aforesaid under or by virtue of any applicable tax or governmental provision, whether or not as a result of Partner’s status for tax purposes. AdApex shall be paid its fees based on the total amount earned by the Partner, not the net amount after any required withholding tax.
7. All taxes due on monies received by AdApex for and on behalf of the Partner, such as monies received from third party networks and transferred to the Partner, shall be due and payable solely by the Partner and/or the owner of the site/app and charged to AdApex by any tax authority.

PRIVACY POLICY AND DATA PROCESSING

In accordance with the Applicable Data Protection Laws, Adapex might come into contact with personal data of the Partner’s Users. Also, through the Adapex Services, Partner will share Users’ data with the Adapex Network. Members of the Adapex Network will act from time to time:

1. as joint controllers for the operations of reading and writing information to the User’s terminal. This joint responsibility is limited to obtaining the legal basis and managing the User’s right to withdraw consent as described below.
2. Data Processors(the list of all Members of the Adapex Network and the relatives DPA are available at the following link.)

Accordingly, the Parties shall act as autonomous data controllers for the rest of the operations carried out.

The Partner shall ensure that each of the Properties (owned and/or operated by it) is organized in such a way as to:

1. inform its Users about: a)  the use of third party technologies; and b) the collection of data and its use by Adapex and/or Adapex Network Members resulting from the Partner’s use of the Platform and Services; 
2. include, where required by law, a link to the Privacy Policy of Adapex and/or Adapex Network Members;
3. when required by law, provide Users with adequate information and choice mechanisms that comply with applicable laws and regulations. Where disclosure is required by law, the same shall allow Users to have more information about, and object to, the Adapex Services. Where applicable, Partner agrees to inform Users that data may be collected and shared with the Adapex Network for Cross-Device Linking purposes. Each notification will include a link to the individual Adapex Network member’s Privacy Policy which will include information for Users on how to disable the Adapex Network member’s Service. This information may be disclosed using a consent management platform as specified below.
4. implement IAB technical solutions by Partner: specifically, (i) for the European market, a Consent Management Platform (“CMP“) registered with the IAB Transparency and Consent Framework (latest version) in order to collect and store valid consent from Users and to be able to demonstrate that such consent has been obtained in accordance with applicable law, including on behalf of Adapex Network Members; and (ii) for the California market, an opt-out mechanism registered or compatible with the IAB CCPA Compliance Framework in order to be able to demonstrate that such opt-out has been processed in accordance with applicable law. For reasons of technical interoperability, such solutions shall be integrated into the Properties through a format that complies with the IAB technical specifications. In addition, Partner shall ensure, by all means, that each applicable IAB technical solution is kept up-to-date so that it complies with changes in Applicable Data Protection Laws and technical specifications;
5. when Partner is subject to a national or state-level privacy law, other than those set forth above, Partner will ensure that data collected through the Properties may be lawfully used and shared in all ways and for all purposes contemplated by the Agreement without limitation, by ensuring that (i) Users have been provided with lawful and appropriate mechanisms of choice and (ii) Users may exercise their rights. Partner has been informed that, to this end, Adapex encourages participation in an industry standardized transparency and consent framework (such as that of the IAB);
6. in any case, the Partner will maintain and make available to Adapex, upon request, any evidence necessary for Adapex and Adapex’s Partners to justify its compliance with the law.

Partner authorizes Adapex Network Members to collect, use, analyze and process Partner’s Raw Data:

1. to execute the Agreement;
2. as part of its activities, to operate, manage, test, maintain and improve Adapex and Adapex Network Members’ technology, the Adapex Services and Adapex Network Members Services, the Platform and other Adapex products, programs and/or services, including, as part of its redirection capabilities (i.e. segmentation, creation or integration of User profiles or inventory profiles, or creation of interest categories, etc.), to present to Users Advertisements based on their interests. ), to present Users with Advertisements based on their interests and to associate Partner’s Raw Data with other data obtained, including Adapex’s Partner Data; and as part of their performance campaign reporting, as well as their re-targeting capabilities (i.e. segmentation, creation or integration of User or inventory profiles or creation of interest categories, etc.) to deliver interest-based Advertisements to Users who have been exposed or not exposed to the Advertisements
3. Adapex Network Members, through the use of their own tracking technologies, may directly collect Partner’s Raw Data to track campaign performance, as well as within the scope of their redirection capabilities (i.e. segmentation, creation or integration of User or inventory profiles, or creation of interest categories, etc.) as detailed in the Privacy Policy of each Adapex Network member.
4. In addition, Adapex may use and share without limitation any anonymized and/or aggregated data so that it is not identifiable and traceable to a specific individual.

INTELLECTUAL PROPERTY

1. Each Party will remain the exclusive owner of the intellectual property rights it held prior to entering into the Agreement. 
2. Adapex is the exclusive owner of all intellectual property rights on and in respect of the Platform.
3. Adapex grants the Partner a non-exclusive, non-transferable and revocable license for the duration of this Agreement to access and use the Platform in accordance with the terms of this Agreement. For the duration of the Agreement, the Partner grants Adapex (and Adapex’s Affiliates) a worldwide, royalty-free, non-transferable license to use, reproduce and depict the Partner’s trademarks and logos on all promotional literature related to the Platform and for the use of the Services. 

DURATION AND TERMINATION OF CONTRACT

1. Unless otherwise provided for in the Purchase Order, this Agreement shall be effective from the date of acceptance hereof and for the first twelve (12) months thereafter (“Initial Term“).  
2. Following expiry of the Initial Term, the Agreement shall automatically renew for successive periods of twelve (12) months (“Extended Term“). 
3. Either party to this Agreement may terminate this Agreement with or without cause by providing at least thirty working days’ written notice to the other party. Any termination of this Agreement (whether for cause or not) shall not affect the accrued rights or liabilities of either Party nor shall it affect the coming into force or continuation in force of any provision hereof which is expressly or by implication intended to come into or continue in force from or after such termination.
4. Termination of this Agreement (for any reason) shall not affect the rights and obligations of the Parties arising prior to the date of termination. The following articles shall continue to bind the Parties following termination of this Agreement: 6, 7, 8, 9, 10, 11, 12, 13, 14, 18 and 19, and any other provisions of this Agreement that are consequently intended to survive any termination or expiration. 

STATEMENTS AND WARRANTIES

Each Party represents and warrants that:

1. it has full capacity and power to enter into and perform this Agreement;
2. once entered into, this Agreement shall be legally binding upon it and enforceable in accordance with its terms;
3. entering into, implementing and performing this Agreement is not and shall not conflict with any contract, order, judgment or understanding, oral or written, to which it is a party or by which it may be bound; and
4. it will perform its obligations under this Agreement in accordance with all applicable laws, rules and regulations, including applicable privacy and data protection rules and regulations. 

INDEMNITY

The Partner agrees to defend Adapex against any third party claims which are related to a breach by the Partner of any express representations or warranties under the Agreement. The Partner agrees to indemnify Adapex for any settlement amounts or sums by way of damages, liabilities, costs and expenses (including legal fees) awarded by reason of, or arising out of, the aforementioned claims.

LIMITATION OF LIABILITY

1. Nothing in this Agreement shall exclude or limit either Party’s liability for: (a) death or personal injury; (b) fraud or fraudulent misrepresentation; or (c) wilful misconduct or gross negligence, or any other liability that cannot otherwise be limited or excluded by applicable law. 
2. Without prejudice to clause 13.1 above, and with the exception of the indemnity provision in clause 12 and claims arising from breaches of confidentiality, in no event shall either Party be liable to the other Party for any loss or damage arising out of or in connection with: 
   1. interruption of use, loss or inaccuracy of data or expenses incurred in procuring substitute technology, goods or services;
   2. special or particular damages, even if the other party knew of the circumstances in which such damages might occur 
   3. loss of business; 
   4. loss of revenue; 
   5. loss of profits; or
   6. loss of or damage to goodwill; 
3. whether such loss or damage is direct, indirect, immediate or consequential and whether arising in contract, tort (including negligence) or otherwise. 
4. Without prejudice to Art. 13. 1, if any liability of a Party arises, whether in contract, tort or otherwise, which is not otherwise limited or excluded by this Agreement, the aggregate amount thereof shall not exceed the amounts paid or payable under this Agreement during the twelve (12) months prior to the date on which such liability arises, provided, however, that the foregoing shall not limit the liability of a Party with respect to: (a) its indemnification obligations under Article 12; or (b) its obligations arising out of breaches of confidentiality.

CONFIDENTIALITY

For the purposes of this Agreement, “Confidential Information” means the terms of this Agreement and any information, know-how and trade secrets in any form which is not publicly known and which is identified as confidential.

Each Party agrees to: 

1. to keep confidential any Confidential Information it receives from the other Party, and to employ the same degree of caution that it uses to protect its own Confidential Information; 
2. not disclose to any third party any Confidential Information of the other Party without the express consent of the other Party;
3. use the other Party’s Confidential Information solely to exercise its rights and perform its obligations in accordance with the terms of the Agreement. 
4. The obligations of the Parties with respect to Confidential Information shall continue in force throughout the term of this Agreement and for a further period of two (2) years after the expiry or termination for any reason of this Agreement, provided that the obligations of the Parties with respect to trade secrets shall continue in force until such trade secrets become publicly known for reasons other than a breach of this Agreement by the receiving Party.

FORCE MAJEURE

1. The Parties shall not be liable to each other for any delay or breach of this Agreement caused by any factor beyond the reasonable control of the Parties which prevents in whole or in part the performance of this Agreement, including (but not limited to) natural disasters, fire, storm, flood, earthquake, explosion, accident, acts of terrorism, wars, rebellions, insurrections, sabotage, epidemics, pandemics, lockdowns, quarantines or similar measures, labour disputes, shortage of workers, energy shortages, embargoes, transportation shortages or delays, any act or omission (including laws, regulations, disagreements or lack of approval) of any government or governmental agency (“Force Majeure“).
2. It is expressly agreed that the occurrence of a Force Majeure Event shall result in the suspension of the Agreement for the sole period of duration of such event; provided that the Party intending to invoke this Clause 15 shall notify the other Party within a period not exceeding two (2) weeks of the occurrence of the Force Majeure Event, by email, specifying the period of suspension of its obligations and the Force Majeure Event justifying such suspension. 

TRANSFER OF CONTRACT

1. No Party may assign, transfer or subcontract its rights under this Agreement without the prior written consent of the other Party, which consent shall not be unreasonably withheld. Notwithstanding the foregoing, Adapex may assign this Agreement, without Partner’s consent (i) to a company belonging to Adapex’s corporate group; or (ii) to a third party acquiring Adapex or a controlling interest or all or substantially all of Adapex’s share capital. Any assignment of this Agreement in breach of the provisions of this article shall be null and void.

APPLICABLE LAW AND JURISDICTION

1. The Agreement (including any dispute or claim of a non-contractual nature arising out of or relating to the Agreement) shall be governed by and construed in accordance with the laws of Delaware, without regard to any principles or rules of conflicts of laws which would result in the application of the laws of a different jurisdiction. The Parties agree that the court of Delaware shall have exclusive jurisdiction over all disputes (including non-contractual disputes) arising out of or relating to this Agreement and hereby waive any claim of forum non conveniens with respect to such jurisdictions.

MISCELLANEOUS

1. Adapex and Partner are independent contractors and nothing in the Agreement shall be construed to qualify either Party as a legal representative, partner, joint venturer, principal, employee or agent of the other Party. 
2. If any term or provision of this Agreement is held to be invalid or unenforceable, that fact shall not affect the other terms or provisions of this Agreement, nor shall it render such provision invalid or unenforceable in any other jurisdiction. In such cases, a valid provision that comes as close as possible to what the Parties intended to define commercially and that will replace the invalid provision shall be deemed to have been agreed. If such a change is not possible, the provision in question, or part of it, shall be deemed deleted and shall not affect the validity or enforceability of the remainder of the Agreement.
3. The present Agreement constitutes the entire agreement and understanding between the Parties and supersedes previous agreements, declarations, negotiations and discussions between the Parties with respect to the Platform and the subject matter of the present Agreement. 
4. The Partner acknowledges and agrees that Adapex may update or amend this Agreement at any time. If the Agreement is revised, Adapex will inform the Partner of the changes through the Platform or by any other appropriate means. If such changes are material, Adapex will notify the Partner before the change becomes effective. Any use of the Services and/or the Platform by the Partner subsequent to the notification will be considered as acceptance by the Partner of the Agreement as amended. If Partner does not intend to accept such changes, Partner must immediately: (i) notify Adapex in writing; and (ii) stop using the Services and the Adapex Platform.
5. Unless otherwise provided for in this Agreement, in the event of any discrepancy between what is set out in the documents making up the Agreement, the following shall prevail, in the order set out below: (i) Purchase Order (when applicable), (ii) General Terms and Conditions.

​​​​

This MSA (“Agreement”) is dated (“Effective Date”) and entered into between (“Client”), and Adapex, Inc. (“Company”). Each shall be referred to as a “Party” and “Parties” collectively. In reliance upon the mutual promises, representations and covenants set forth below, the parties agree as follows:

Term

1. 1. Contract Period. The contract is tacitly renewed on expiry, for periods of 12 months, unless notice of termination is sent by email within 30 days of expiry. 

1. 1. Termination Without Cause. This Agreement and associated license may be terminated by either party, without cause, upon ten (30) calendar days, written notice to the other party.
   2. Actions Upon Termination. Upon termination or expiration of this Agreement, each Party will delete the other Party’s Data and all other data provided by the other party in accordance with the Agreement. Any such deletion will be completed within thirty (30) days of the termination or expiration of this Agreement and the Party deleting such information shall certify that it has completed the same to the other Party (email will suffice).

• Compensation: Company shall be compensated based on a 50% revenue share of monthly uplifts via the data refinery. Uplift will be measured according to the provisions outlined in Exhibit B.

1. Data. For the purposes of this Agreement, Data” shall mean all advertising and/or demographic information, including anonymized or hashed personally identifiable information (i.e IP), and any proprietary identifiers related thereto, shared by one party with another for the purposes of providing matches with other data sets in order to evaluate a future business relationship. When processing Data that contains personally identifiable information, the parties agree to abide by the Data Processing Addendum attached hereto as Exhibit A. 
2. License. Subject to the terms and conditions contained herein, each Party grants to the other Party a limited, revocable, non-transferable, non-sublicensable right and license to receive, store, process, and use such Data as is transferred to it by the other Party solely (i) in the United States and EU (ii) solely to fulfill the purpose of evaluating the commercial value of the Data under this Agreement. All rights not expressly granted herein are reserved.
3. Data Obligation. Either Party may send Data to the other Party in such format as the Parties may mutually agree upon, as appropriate and necessary for the other Party to assess the suitability of such Data for its business needs. CLIENT Data will not be released to the Company database (i.e. will be blocked). Company’s Data will not be released to the CLIENT database (i.e. will be blocked). Each Party will use reasonable efforts to ensure that the Data it sends to the other Party (i) does not contain information related to individuals located in the EEA, Switzerland, or the UK and (ii) will be limited to information related to individuals located in the US.

1. Confidentiality. “Confidential Information” means any information disclosed by either party to the other party that is identified as confidential or proprietary, or which should reasonably be understood to be confidential or proprietary given its nature or the circumstances of its disclosure. Confidential Information includes, without limitation, the Data. Confidential Information shall not include information that (a) is or becomes publicly known and generally available through no fault of or breach of this Agreement by the receiving party; (b) was rightfully in the possession of the receiving party prior to disclosure by disclosing party as demonstrated by documentary evidence; (c) the receiving party rightfully obtains from a third party who has the right to disclose such information without breach of any confidentiality obligation to the disclosing party; (d) is independently developed by the receiving party without use of or reliance on the disclosing party’s Confidential Information as demonstrated by documentary evidence. The receiving party will not disclose the disclosing party’s Confidential Information except as necessary for the performance of this Agreement and will not disclose the Confidential Information to any third party except those employees, consultants, and agents (“Representatives”) who have a need to know such information for the performance of this Agreement and who are bound by a written non-disclosure and non-use agreement consistent with the terms set forth herein. The receiving party will use at least the same degree of care in keeping the Confidential Information confidential as it uses for its own confidential information of a similar nature but in no event no less than reasonable standard of care. The receiving party may make disclosures required by law or court order provided the receiving party notifies the disclosing party of the required disclosure and assists in obtaining an order protecting the information from public disclosure. 

Representations and Warranties. In consideration of the data exchanges contemplated hereunder, each Party represents and warrants that it:

1. Shall not use the Data except as expressly permitted in this Agreement;
2. Shall not store the Data except as needed for processing and provided that the data is permanently removed and deleted from its systems and possession immediately upon completion of the applicable campaign;
3. Shall not use Data to create any derivative products;
4. Shall not attempt to reverse engineer, decompile, recreate, copy, or otherwise replace the Data or provide access to the Data to third parties;
5. Shall not share, resell, sublicense, lease, assign, rent, convey, distribute, disclose or otherwise transfer the Data and/or any of the other party’s rights under this Agreement;
6. Shall make commercially reasonable efforts to ensure the technical and physical security of the Data; and
7. Shall ensure that it maintains privacy policy compliant with U.S. federal and state laws;
8. Will not collect, store, transfer, process, display or otherwise use Data in a manner inconsistent with U.S. federal and state privacy and data laws and regulations.
9. Will not knowingly provide any data files that contain malware, spyware, ransomware, viruses, Trojans, or other malicious code.

Company further represent and warrants that its services will not violate, infringe or misappropriate the copyrights, trade secrets, patents, trademarks, or any other intellectual property or proprietary rights or other rights of any third party and its services will be free from material errors or other defects and will substantially conform to any specifications or other documentation the services; and its services will not violate any applicable laws or regulations.   

1. 1. Disclaimer. EITHER PARTY MAKES NO ADDITIONAL REPRESENTATION OR WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED (EITHER IN FACT OR BY OPERATION OF LAW), OR STATUTORY, AS TO ANY MATTER WHATSOEVER. ALL OTHER EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES ARE HEREBY EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE LAW.
   2. Limitation of Liability. EXCEPT FOR A BREACH OF EITHER PARTY’S CONFIDENTIALITY, DATA SECURITY AND INDEMNIFICATION OBLIGATIONS, OR GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY SPECIAL, INDIRECT, RELIANCE, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY KIND, LOST OR DAMAGED DATA, LOST PROFITS OR LOST REVENUE, WHETHER ARISING IN CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, EVEN IF SUCH PARTY HAS BEEN NOTIFIED OF THE POSSIBILITY THEREOF. EXCEPT FOR A BREACH OF EITHER PARTY’S CONFIDENTIALITY, DATA SECURITY AND INDEMNIFICATION OBLIGATIONS, OR GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, UNDER NO CIRCUMSTANCES WILL A PARTY’S LIABILITY FOR ALL CLAIMS ARISING UNDER OR RELATING TO THIS AGREEMENT (INCLUDING BUT NOT LIMITED TO WARRANTY CLAIMS), REGARDLESS OF THE FORUM AND REGARDLESS OF WHETHER ANY ACTION OR CLAIM IS BASED ON CONTRACT, TORT, OR OTHERWISE, EXCEED THE GREATER OF (A) THE FEES PAID OR OWED BY CLIENT TO COMPANY UNDER THIS AGREEMENT DURING THE THREE (3) MONTH PERIOD PRECEDING THE EVENT OR CIRCUMSTANCES GIVING RISE TO SUCH LIABILITY OR (B) FIVE THOUSAND DOLLARS ($5,000). THIS LIMITATION OF LIABILITY IS CUMULATIVE AND NOT PER INCIDENT.

• Indemnification. Company shall defend, indemnify, hold Client, its parent companies, subsidiaries, affiliates, shareholders, member, manager, officers, directors, employees, agents and representatives from and against any and all claims, costs, proceedings, demands, losses, damages, and expenses (including, without limitation, reasonable attorney’s fees and legal costs, which will be reimbursed as incurred) of any kind or nature, arising from or relating to, any actual or alleged breach of any of Company’s representations, warranties or covenants in this Agreement or Company’s negligence or misconduct.  Company agrees not to settle any indemnified claim against Client unless the settlement unconditionally releases Client of all liability.  Client may participate in the defense of any indemnified claim at Client’ expense.  Client, at its expense, may undertake and control the defense of any indemnified claim in the event of the material failure of  Company to undertake and control the same.

• General

1. 1. Notice. Any notice, report, approval or consent required or permitted hereunder shall be in writing and will be deemed to have been duly given if delivered personally, mailed by first-class, registered or certified U.S. mail, postage prepaid, return receipt requested or via overnight delivery service to the respective addresses of the Parties as set forth below (or such other address as a Party may designate) or sent via confirmed facsimile or email, provided that in all cases of email notification, the date of the email shall control provided that a physical copy of such notice is promptly sent to recipient’s address as set forth below. In the case of notice to Company such physical notice shall be sent to the attention of the CFO.
   2. Independent Contractors. The Parties shall not be deemed to be partners, joint ventures, employers, employees or each other’s agents, and no Party shall have the right to act on behalf of any other except as expressly agreed in writing.
   3. Counterparts. This Agreement may be executed in counterparts, each of which will be deemed an original and all of which together will constitute one and the same document. This Agreement and written amendments hereto, may be executed by facsimile.
   4. No Waiver. The failure of either Party to insist upon or enforce strict performance by the other Party of any provision of this Agreement or to exercise any right under this Agreement will not be construed as a waiver or relinquishment to any extent of such Party’s right to assert or rely upon any such provision or right in that or any other instance; rather, the same will be and remain in full force and effect.
   5. Amendment. Any waivers or amendments shall be effective only if made in writing and signed by a representative of the respective Parties authorized to bind the parties.
   6. Assignment. CLIENT may not assign this Agreement or assign or delegate its rights or obligations under the Agreement without the prior written consent of Company, which consent shall not be unreasonably withheld or delayed. Any assignment or attempted assignment by either Party without the other party’s written consent shall be null and void. Company shall have the right to assign this Agreement to an affiliate or any successor to its business or assets to which this Agreement relates, whether by merger, sale of assets, sale of stock, reorganization or otherwise.
   7. Force Majeure. Except for any payment obligations, neither Party shall be liable hereunder by reason of any failure or delay in the performance of its obligations hereunder for any cause which is beyond the reasonable control of such Party.
   8. Applicable Law; Venue. This Agreement shall be deemed to have been made in, and shall be construed pursuant to the laws of the State of New York and the United States without regard to conflict of law’s provisions thereof and the United Nations Convention on Contracts for the International Sale of Goods shall not apply to this Agreement. If any legal action is brought by a Party to enforce this Agreement, the prevailing Party will be entitled to receive its attorneys’ fees, court costs, and other collection expenses, in addition to any other relief it may receive.
   9. Entire Agreement. This Agreement sets forth the final and entire agreement and supersedes any and all prior agreements of the Parties with respect to the transactions set forth herein. Neither Party will be bound by, and each Party specifically objects to, any term, condition or other provision which is different from or in addition to the provisions of this Agreement (whether or not it would materially alter this Agreement) and which is proffered by the other Party in any correspondence or other document, unless the Party to be bound thereby specifically agrees to such provision in writing. If any provision of this Agreement shall be adjudged by any court of competent jurisdiction to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary so that this Agreement shall otherwise remain in full force and effect and enforceable. To the extent that there are any contradictions or inconsistencies between this Agreement and any Exhibit, such Exhibit shall take precedence and govern.

The parties by their authorized representatives have entered into this MSA as of the Effective Date.

Adapex, Inc CLIENT

Signature: Signature: Name: Andrew Moskowitz Name: Title:CRO Title:  

Date: Date:  

DATA PROCESSING ADDENDUM

Customer and Service Provider have entered into an agreement for the provision by Service Provider to Customer of Services (as may be amended from time to time, the “Agreement”).  This Data Processing Addendum (this “Addendum”) will apply to Service Provider’s Processing of Customer Personal Data in conjunction with such Services.  This Addendum is hereby incorporated into and made a part of the Agreement.  This Addendum will be effective until such time as Service Provider is no longer providing such Services.

• Definitions

“Customer” means (fill in the blank)

“Controller,” “Processor,” “Data Subject,” “Personal Data,” “Personal Data Breach,” and “Processing” each have the meaning set forth in the EU General Data Protection Regulation 2016/679.

“CCPA” means the California Consumer Privacy Act of 2018 and the Regulations promulgated thereunder.

“Service Provider” means the party listed in Annex 1.

“Data Protection Laws” means all applicable state/regional (including CCPA), national, and international (including the EU) laws, orders, regulations, and regulatory guidance now or in the future relating to information security, privacy and data protection.

 “Model Clauses” means the EU Commission Standard Contractual Clauses, issued by the Information Commissioner and laid before Parliament in accordance with s.119A of the Data Protection Act 2018 on 2 February 2022.

  “Services” means the services to be provided by Service Provider for the benefit of Customer that are specified in the Agreement.

“Sub-processor” means a third-party subcontractor engaged by Service Provider which, as part of Service Provider’s role of delivering the Services, will Process Personal Data of Customer.

1. Service Provider’s Obligations.  Service Provider acknowledges that in the course of performing the Services, it may Process Personal Data for Customer or on its behalf.  Service Provider represents and warrants to Customer continuously throughout the term of the Agreement that it will: (a) only Process Personal Data in accordance with the instructions provided by Customer, for the purposes set out in the Agreement and only to the extent necessary to perform the Services and its obligations hereunder, (b) not disclose, distribute, sell (as such term is defined under applicable Data Protection Laws), assign, lease, commercially exploit (or allow to be exploited), or otherwise dispose of or make available any Personal Data to third parties, (c) not copy, modify, or create derivative works of any Personal Data (including, without limitation, aggregated and/or anonymized data) except with Customer’s prior consent or as may be permitted by any applicable law which is incapable of exclusion by contract, (d) implement and maintain organizational, administrative, physical and technical safeguards meeting the highest standards of good industry practice to prevent the unauthorized Processing, destruction or loss of Personal Data in Service Provider’s possession, custody or control, (e) implement and maintain an appropriate network security program that includes encryption of all Personal Data, (f) ensure its compliance with Data Protection Laws, (g) take all reasonable precautions with respect to the employment of and access to Personal Data given to Personnel (defined below) and Sub-Processors, and (h) at Customer’s request at any time during the term, provide Customer with a complete copy of or full access to any and all Personal Data that may be in Service Provider’s possession. Service Provider acknowledges that it is a “Service Provider” of Customer under the CCPA. 
2. Processing Personal Data.  Customer and Service Provider acknowledge and agree that with regard to the Processing of Personal Data in the context of the provision of the Services, Customer and/or its affiliates is/are the Data Controller, Service Provider is a Data Processor and that Service Provider may engage Sub-Processors pursuant to the requirements set forth in Section 5 (Sub-Processors) below. 

All verbal instructions are to be confirmed in writing or by email without undue delay. Service Provider shall inform Customer immediately if it considers that an instruction violates Data Protection Laws or if it is required to Process Personal Data outside the scope of Customer’s instructions.

The nature and purpose of Processing Personal Data by Service Provider is the performance of the Services pursuant to the Agreement. The duration of the Processing shall be for the duration of the Agreement and the rights and obligations under this Addendum shall remain in force after termination of the Agreement until all Personal Data Processed under this Addendum is deleted on the systems of Service Provider and its Sub-Processors. Details about Processing, including the types of Personal Data Processed, the categories of Data Subjects under this Addendum, and the jurisdictions where Processing may occur are set out on Annex 1. 

Service Provider shall (a) ensure that Personal Data initially collected within the European Economic Area (“EEA”), the UK and Switzerland will not be Processed outside of the EEA, UK and Switzerland, respectively, and Personal Data collected in any other country (i.e. not within the EEA) will not be Processed outside of that country unless Customer has given its prior written consent and either: (i) Service Provider and Customer and/or relevant affiliates abide by the International Data Transfer Addendum attached hereto as Exhibit A or an alternative data transfer agreement in a similar form to the Model Clauses as may be approved by Customer from time to time at its discretion or (ii) other binding and appropriate transfer mechanisms that provide an adequate level of protection in compliance with Data Protection Laws, such as approved Binding Corporate Rules for Processors, (b) provide, at Service Provider’s own cost, reasonable cooperation, assistance, and information to Customer in relation to queries, complaints and other correspondence with any data subject or regulatory body (including data subject access requests) and as may reasonably be required to enable Customer to comply with its obligations under applicable Data Protection Laws, and (c) amend, update, supplement, return or delete any Personal Data as soon as reasonably practicable at Customer’s request.  For the purposes of the Model Clauses, the parties agree that (x) Customer will act as the data exporter on Customer’s own behalf and on behalf of any of its affiliates and (y) Service Provider will act on its own behalf and/or on behalf of the relevant affiliates as the data importers.

• Service Provider Personnel.  Service Provider shall ensure that access to Personal Data is limited to those Service Provider employees and contractors (“Personnel”) and agents who have a need to know or need to access that Personal Data to enable Service Provider to perform its obligations under the Agreement. Service Provider shall ensure that its Personnel engaged in the Processing of Personal Data are informed of the confidential nature of the Personal Data, have received appropriate training on their responsibilities and have executed written confidentiality obligations no less restrictive than those contained in this Addendum and such obligations survive the termination of that persons’ engagement with Service Provider. Service Provider has appointed, where required by applicable Data Protection Laws, a data protection officer who meets the requirements under such laws for the performance of his or her duties.  Details about the appointed person shall be included in Annex 2. 

1. 1. Sub-Processors.  Service Provider may only appoint a Sub-Processor with Customer’s prior written consent and such Sub-Processor must be bound by the same obligations as the ones to which Service Provider is bound by this Addendum.  The list of approved Sub-Processors can be found on Annex 3 hereto.
   2. Security.  Service Provider shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including as appropriate: (a) the pseudonymization and encryption of Personal Data; (b) measures designed to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and Services; (c) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; (d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the Processing; (e) a process and procedures to monitor and log processing systems for unauthorized changes and other evidence the processing environment has been compromised. Service Provider shall document and monitor compliance with these measures. Technical and organizational measures are subject to technical progress and further development and Service Provider may implement alternative adequate measures provided Service Provider shall not decrease the overall security of the Services during the term of the Agreement.  The minimum security measures to be implemented by Service Provider are as follows.
      1. Encryption.  Service Provider shall use strong encryption methodologies to protect Personal Data transferred over public networks, and shall implement whole disk encryption for all Personal Data at rest.  Service Provider will fully document and comply with Service Provider’s key management procedures for crypto keys used for the encryption of Personal Data.
      2. Storage.  Service Provider shall retain all Personal Data in a physically and logically secure environment to protect from unauthorized access, modification, theft, misuse and destruction.  Service Provider shall utilize platforms to host Personal Data that are configured to conform to industry standard security requirements and will only use hardened platforms that are continuously monitored for unauthorized changes.    
      3. Antivirus; Firewall.  Service Provider shall utilize antivirus programs that are capable of detecting, removing, and protecting against all known types of malicious or unauthorized software with antivirus signature updates at least every twelve (12) hours.  Service Provider will implement firewalls designed to ensure that all outbound traffic to Customer systems are restricted to only what is necessary to ensure the proper functioning of the Services.  All other unnecessary ports and services will be blocked by firewall rules at Service Provider network. 

• Vulnerability Management.

1. 1. 1. 1. Updates and Patches.  With regards to the handling of Personal Data, Service Provider shall establish and maintain mechanisms for vulnerability and patch management that are designed to evaluate application, system, and network device vulnerabilities and apply Service Provider -supplied security fixes and patches in a timely manner taking a risk-based approach for prioritizing critical patches.  
         2. Data Loss Prevention.  Service Provider shall maintain a “data loss prevention” (DLP) or “extrusion prevention” solution to protect Personal Data, and shall integrate the results of that activity with its program for audit logging and intrusion detection as described below.
         3.  Audit Logging; Intrusion Detection.  Service Provider shall collect and retain audit logs recording privileged user access activities, authorized and unauthorized access attempts, system exceptions, and information security events, complying with applicable policies and regulations.  Audit logs shall be reviewed at least daily and file integrity (host) and network intrusion detection (IDS) tools shall be implemented to help facilitate timely detection, investigation by root cause analysis and response to incidents.  Physical and logical user access to audit logs shall be restricted to authorized Personnel.
         4. Information Risk Assessment.  On an annual basis, Service Provider shall cooperate with Customer, at Customer’s discretion, to perform formal risk assessments to determine the likelihood and impact of potential privacy and security risks to Personal Data.  Service Provider shall conduct the audit annually in accordance with all applicable local laws, regulations and requirements for credit card and privacy (including without limitation PCI DSS) as well as industry common standards for information security. An audit report shall be provided to Customer within three (3) months upon the completion of every year’s Services by Service Provider to Customer. 
         5. Physical Security.  Where Service Provider is Processing Personal Data, such Personal Data shall be housed in secure areas, physically protected from unauthorized access, with appropriate environmental and perimeter controls.  The facilities shall be physically protected from unauthorized access, damage, theft and interference. 
         6. Disaster Recovery Management.   Service Provider shall provide documentation of its formal and secure disaster recovery plan, meeting a standard of good industry standards and redacted for proprietary and confidential information.  Service Provider shall share evidence with Customer that Service Provider conducts regular testing of that plan on at least an annual basis, which impacts any Customer systems and Personal Data governed by the Agreement.
   2. Personal Data Breach Notification.  Service Provider shall:  (i) provide Customer with the name and contact information for an employee of Service Provider who shall serve as Customer’s primary security contact and shall be available to assist Customer twenty-four (24) hours per day, seven (7) days per week as a contact in resolving obligations associated with a Personal Data Breach; and (ii) notify Customer of a Personal Data Breach as soon as practicable, but no later than twenty-four (24) hours after Service Provider becomes aware of it; and
      1. Immediately following Service Provider’s notification to Customer of a Personal Data Breach, the parties shall coordinate with each other to investigate the Personal Data Breach.  Service Provider agrees to fully cooperate with Customer in Customer’s handling of the matter, including, without limitation:  (i) assisting with any investigation; and (ii) making available all relevant records, logs, files, data reporting and other materials required to comply with applicable law, regulation, industry standards or as otherwise required by Customer.
      2. Service Provider shall promptly use best efforts to remedy any Personal Data Breach and prevent any further Personal Data Breach at Service Provider’s expense in accordance with applicable privacy rights, laws, regulations and standards.  Service Provider shall reimburse Customer for actual reasonable costs incurred by Customer in responding to, and mitigating damages caused by, any Personal Data Breach, including all costs of notice and remediation pursuant to Section 7(d).
      3. Service Provider agrees that it shall not inform any third party of any Personal Data Breach without first notifying Customer, other than to inform a complainant that the matter has been forwarded to Customer’s legal counsel.  Further, Service Provider agrees that it shall reasonably cooperate with Customer to jointly determine:  (i) whether notice of the Personal Data Breach is to be provided to any individuals, regulators, law enforcement agencies, consumer reporting agencies or others as required by law or regulation, or otherwise; and (ii) the contents of such notice, whether any type of remediation may be offered to affected persons, and the nature and extent of any such remediation.
      4. Service Provider agrees to fully cooperate at its own expense with Customer in any litigation or other formal action deemed necessary by Customer to protect its rights relating to the use, disclosure, protection, and maintenance of Personal Information.
      5. In the event of any Personal Data Breach, Service Provider shall promptly use best efforts to prevent a recurrence of any such Personal Data Breach.

• Data Subjects’ Rights.  Service Provider shall promptly notify Customer if it receives a request from a Data Subject for information, access to, correction, amendment, deletion, erasure, portability, restriction of Processing of that person’s Personal Data. Service Provider shall not respond to any such Data Subject request without first notifying and obtaining Customer’s prior written consent, except to confirm that the request relates to Customer. Upon request by Customer, Service Provider shall assist Customer to fulfill the rights of the Data Subjects and respond to such Data Subjects requests.

• Assistance and Cooperation with Compliance.  Service Provider shall: (a) maintain a record in writing of all categories of Processing carried out on behalf of Customer and make such records available to Customer upon request from Customer or a relevant data protection authority (“Data Protection Authority”); (b) provide any information required by Customer to document compliance with Data Protection Laws and compliance with Service Provider’s obligations as set out in this Addendum and its Annexes; (c) inform Customer without undue delay of (i) any Processing of Personal Data outside the scope of this Addendum and its Annexes and of any violations of Data Protection Laws, in particular disruptions, suspected breaches of data protection or other impairments or changes to the collection, processing or use of Personal Data by Service Provider or any Sub-Processor or individuals employed by Service Provider or any Sub-Processors and (ii) any control actions or measures taken by a Data Protection Authority or any other authority with respect to the Processing of Personal Data and make every effort to support Customer insofar as Customer is subject to an inspection by a Data Protection Authority, an administrative or criminal procedure or claim by a Data Subject or by a third party or any other claim in connection with the Processing by Service Provider; and (d) assist Customer with the execution of any data protection impact assessment and with consultation of the relevant Data Protection Authority where legally required. 

• Audit Rights.  To the extent the Services under this Addendum or the Agreement entail Service Provider’s Processing of Personal Data on Customer’s behalf, Customer has the right to inspect Service Provider’s respective systems and facilities at any time to ensure compliance with this Addendum and its Annexes, and applicable Data Protection Laws. Before the commencement of any such audit, Customer and Service Provider shall mutually agree in good faith upon the scope, timing, and duration of the audit. Customer is entitled to conduct the audit either by an authorized representative, including its data protection officer, where relevant, or through third parties that it instructs. Customer shall notify Service Provider with information regarding any non-compliance discovered during the course of an audit.  Service Provider shall also grant the above audit rights to any competent Data Protection Authority.

• Equitable Relief.  Service Provider acknowledges that any breach of its covenants or obligations set forth in this Addendum may cause Customer irreparable harm for which monetary damages would not be adequate compensation and agrees that, in the event of such breach or threatened breach, Customer is entitled to seek equitable relief, including a restraining order, injunctive relief, specific performance and any other relief that may be available from any court, without the necessity of posting a bond, in addition to any other remedy to which Customer may be entitled at law or in equity.  Such remedies shall not be deemed to be exclusive but shall be in addition to all other remedies available at law or in equity, subject to any express exclusions or limitations in the Agreement to the contrary.

• Material Breach.  Service Provider’s failure to comply with any of the provisions of this Addendum is a material breach of the Agreement.  In such event, Customer may terminate the Agreement effective immediately upon written notice to the Service Provider without further liability or obligation to Customer and Service Provider shall refund to Customer the pro rata portion of any unused fees paid by Customer under the Agreement.

• Indemnification.  Service Provider hereby agrees to indemnify, defend and hold harmless Customer and its affiliates, and any of their respective officers, directors, employees, representatives, and agents (“Customer Indemnitees”) from and against any and all claims, causes of action, liabilities, damages, losses, costs and expenses (including reasonable attorneys’ fees and legal costs, which shall be reimbursed as incurred) arising from, relating to or based on any actual or alleged breach of Service Provider’s representations, warranties or covenants contained in this Addendum or any actual or alleged negligence or willful misconduct.  The indemnification obligations set forth in this Section 13 of this Addendum is not subject to any limitation of liability or similar provisions in the Agreement.

• Conflict.  Notwithstanding anything to the contrary in the Agreement, in the event and to the extent that the terms of this Addendum conflict with any of the terms of the Agreement, this Addendum supersedes the Agreement. In the event of any conflict or inconsistency between the body of this Addendum and the Model Clauses in Annex 4, the Model Clauses shall prevail.

EXHIBIT A

INTERNATIONAL DATA TRANSFER ADDENDUM

This International Data Transfer Addendum (the “Addendum”) to the Data Processing Agreement (the “Engagement”) is entered into by and between Customer and Service Provider.a

1. For purposes of the EU General Data Protection Regulation 2016/679 (“GDPR”), the GDPR as implemented under UK law by virtue of Section 3 of the UK’s European Union (Withdrawal) and the UK Data Protection Act of 2018 (“UK GDPR”), and Switzerland’s Federal Act on Data Protection of 19 June 1992 (“FADP”), each party is a “controller” of any “personal data” (as those terms are defined by the GDPR, UK GDPR, and FADP) in question hereunder.  Each party is responsible for its own compliance with GDPR, UK GDPR, and FADP where it applies to the “processing” of “personal data” (as those terms are defined by the GDPR, UK GDPR, and FADP) hereunder.
2. UK Data Transfers. For transfers of personal data from the UK, the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses, issued by the Information Commissioner and laid before Parliament in accordance with s.119A of the Data Protection Act 2018 on 2 February 2022 is agreed to and incorporated by reference, but, as permitted by clause 17 of such addendum, the parties agree to change the format of the information set out in Part 1 of the addendum such that: 
   1. For the purposes of Table 1, Customer shall be the “importer” and Service Provider shall be the “exporter,” with the applicable details the same as identified in the Engagement.
   2. For the purposes of Table 2, (A) the EU SCCs shall apply, (B) Module 1 will apply to the personal data transferred to a third country; (C) in Clause 7, the optional docking clause will not apply; (D) in Clause 11, the optional language will not apply; (E) in Clause 17, Option 1 will apply, and, the EU SCCs will be governed by the laws of the UK for personal data transferred out of the UK; (F) in Clause 18(b), disputes will be resolved before the courts of the UK for personal data transferred out of the UK.
   3. For purposes of Table 3, Annex IA and Annex IB will be deemed completed with the information set forth in Schedule 1 of this Exhibit and Annex II will be deemed completed with the information set forth in Schedule 2 of this Exhibit. 
   4. For purposes of Table 4, neither party may terminate this Addendum when the Approved Addendum changes.
3. EEA and Switzerland Data Transfers. In relation to personal data that is protected by the GDPR, the contractual clauses annexed to the European Commission’s Implementing Decision 2021/914 of 4 June 2021 (“EU SCCs”) will apply as follows: (A) Customer will be the “data importer” and Service Provider will be the “data exporter”; (B) Module One will apply to the personal data of both parties; (C) in Clause 7, the optional docking clause will not apply; (D) in Clause 11, the optional language will not apply; (E) in Clause 17, Option 1 will apply, and the EU SCCs will be governed by Irish law for personal data transferred out of the European Economic Area or Swiss law for personal data transferred out of Switzerland; (F) in Clause 18(b), disputes will be resolved before the courts of Ireland for personal data transferred out of the European Economic Area or Switzerland for personal data transferred out of Switzerland; (H) Annex I will be deemed completed with the information set out in Schedule 1 of this Addendum; and (I) Annex II will be deemed completed with the information set out in Schedule 2 of this Addendum. For purposes of any transfers of personal data also subject to FADP, (i) the term “member state” must not be interpreted in such a way as to exclude data subjects in Switzerland from the possibility of bringing legal proceedings to enforce their rights in their place of habitual residence in accordance with Clause 18(c) and (ii) the clauses also protect the data of legal entities until the entry into force of the revised FADP.

EXHIBIT B

Publishers leverage Adapex’s capabilities to generate incremental revenue based upon capturing and syncing Universal IDs and SSP IDs into bid requests. 

As part of this service, Adapex measures the performance of Signal+.  We measure lift and bid density and provide intelligence to engage with buyers, agencies, and other technology partners better. 

To complete this reporting, Adapex requires read-only access to the local GAM instance. 

A/B TESTING FOR UPLIFT

What is an A/B Test:

A/B testing (also known as bucket testing, split-run testing, or split testing) is a user-experience research methodology.[1] A/B tests consist of a randomized experiment that usually involves two variants (A and B),[2][3][4] although the concept can also be extended to multiple variants of the same variable. 

Adapex measures uplift using a standardized methodology.  

1. Adapex automatically assigns every new user to a series of audience cohorts.  Each user is randomly assigned to a cohort and remains in that cohort for as long as Adapex can identify them. 
2. Adapex creates two key Cohorts. 
   1. Control Cohort
   2. Active Cohort
3. Control Cohort
   1. 20% of all users
   2. No IDs are injected into the bid request
4. Active Cohort
   1. 80% of all users
   2. IDs dynamically enrich all bid requests
      1. Dynamic enrichment provides an AI-based algorithm that chooses which IDs are enriched for each SSP.
         1. Adapex varies enrichment by browser, SSP, DSP (when available), and Brand (when available) and adds additional variables to this process. 
5. Measurement
   1. Adapex provides a dashboard illustrating the following:
      1. Total Programmatic Revenue
      2. Total Revenue
      3. RPM
      4. RPS
      5. Bid Density

Comparing the Active Cohort to the Control Cohort.

1. Users can dynamically compare these measurements by:
   1. Time period
   2. SSP
   3. Browser
   4. DSP

It typically requires about seven days to see the results from the Adapex Data Refinery.

SCHEDULE I

1. LIST OF PARTIES

The Parties as identified in the Engagement.

1. DESCRIPTION OF TRANSFER

Categories of data subjects whose personal data is transferred: end users who come onto Customer’s website

Categories of personal data transferred: Common

Sensitive data transferred: no

The frequency of the transfer: continuous and daily basis

Nature of the processing: Allowing marketing activities

Purpose(s) of the data transfer and further processing: 

The period for which the personal data will be retained:no data retention

For transfers to (sub-) processors: 

1. COMPETENT SUPERVISORY AUTHORITY

Identified competent supervisory authority in accordance with Clause 13: Irish supervisory authority for personal data transferred out of the European Economic Area, Swiss supervisory authority for personal data transferred out of Switzerland, and UK supervisory authority for personal data transferred out of the UK. 

SCHEDULE 2

TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA

Customer takes technical and organizational security measures appropriate to the risks, such as against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, presented by the processing. These measures include asset management processes, access controls, physical security controls, security training, and incident response processes. Any person acting under the authority of Customer, including a processor, must not process the data except on instructions from Customer.