TERMS OF USE AND SERVICE AGREEMENT

Effective date: April 17th, 2018

1. Scope of this Terms of Use and Service Agreement

1.1. Scope. This Terms of Use and Service Agreement (the “Terms of Use”) sets forth the standards of use of the website http://www.smadex.com
(the “site”), as well as the legal agreement between Smadex S.L. (“Smadex” or “us”), and the Customers of this site or of the services provided by Smadex (the “Customer”). Smadex is a Spanish company with seat in 08029 -Barcelona, c/ Rosselló 33 sobreàtic, with Spanish Tax Number B-65322034, registered in the Commercial Registry of Barcelona at page B-399036.

1.2.Acceptance. The use of this site entails full acceptance of the Terms of Use as published by Smadex at the moment of such use. If you do not agree with the Terms of Use, you should immediately cease all usage of this website.

The use of the services provided by Smadex, contracted either online or offline, entails the full acceptance and application of this Terms of Use as published by Smadex at the moment of such use, unless Smadex and the relevant Customer agree otherwise in writing.

1.3.Effectivity. Smadex may change or amend this Terms of Use at any moment, without notice. An updated and effective draft of this Terms of Use is permanently accessible on the website through the url http://www.smadex.com/legal-terms. Customer should look at such url regularly to check for changes in the Terms of Use. Any changes to the Terms of Use will not apply retroactively and will become effective seven days after posting.

2.Content of the site

2.1.Ownership over the site.The site is owned and managed by Smadex.

2.2.Use of the site. Subject to the terms and conditions of this Terms of Use, Smadex grants to Customer a non-exclusive, non-transferable, non-sublicensable license to access and use the site, solely for the purpose of obtaining the mobile DSP services provided by Smadex.

2.3.Services modification. Smadex may modify without prior notice the design, layout and/or configuration of this site, as well as some or all of its functionalities. Smadex reserves the right to modify or discontinue the service with or without notice to the Customer. Smadex shall not be liable to the Customer or to any third party should Smadex exercise its right to modify or discontinue the services provided by means of the site.

2.4.No guarantee of technical availability. The Customer acknowledges that it is not technically possible that the site is 100% available 100% of the time. However, Smadex will strive to keep the site available and functioning as much as possible. Brief anomalies or temporary suspension may affect Smadex services, especially due to site maintenances, security reviews, or capacity issues, and because of events that may not be controlled or influenced Smadex (e.g. anomalies in public communication networks, power shortages, etc.).

3. Insertion orders

3.1.Binding nature.Where the Customer has submitted a Smadex Insertion Order (“IO”) in order to engage the services provided by Smadex, the terms contained in such IO shall be regarded as a binding agreement between the parties and shall be complementary to, but not a substitute of, this Terms of Use.

3.2.Relation with the Terms of Use. The submission of the said IO shall not revoke or affect in any way the content and effect of these Terms of Use unless it is so laid down in the IO, or when there is discrepancy between the IO and these Terms of Use, in which case the IO shall prevail. If the IO and this Terms of Use establish a set of rules concerning one same matter (i.e. ad content policy), both set of rules shall apply at the same time, unless they are materially incompatible, in which case the IO shall prevail.

3.3.Relation with IAB Terms. IAB Standard Terms and Conditions for Internet Advertising for Media Buys (Version 3.0) (the “IAB Terms”), shall apply as subsidiary set of rules to this agreement. In case of discrepancy between the IAB Terms and either this Terms of Use or the applicable IO, the Terms of User or the applicable IO shall prevail.

4. Customer obligations

4.1.Indemnity. Customer undertakes to make diligent use of the site and the services provided by Smadex, in full compliance with the relevant IO, this Terms of Use, the IAB Terms when applicable, and the relevant regulations. Customer shall indemnify and hold Smadex (as well as its agents, affiliates, directors, officers, employees and partners), harmless of any damage, including any kind of cost, penalty, or loss profit, arising from the Customer’s non-compliance with its obligations.

4.2.Information provided by the Customer. All information provided by the Customer through the site shall be truthful. Customer guarantees the authenticity of all data communicated as a result of completing the forms necessary for the subscription and use of the services provided by Smadex.

Customer shall be held responsible for keeping constantly updated all information provided to Smadex, so that said information is at all times accurate. Customer will be solely responsible for any false or inaccurate information provided to Smadex, as well as for the damage caused to Smadex or to third parties due to such unreliable information.

4.3.Registry. Smadex may require at any moment that the Customer is registered in order to have access to any of the services provided by the site. In such case, the Customer password may not be transferred or assigned, even temporarily, to any third person. In the event that the Customer knows or suspects that his or her password is being used by any third party, the Customer shall inform Smadex of such undue use.

4.4. Use of the site. Unless previous authorization is granted by Smadex, the Customer may not incur in the following behavior:

a) To use software or scripts in connection with site usage.

b) To block, overwrite, modify or copy the site code, unless such action is necessary for the proper use of the services offered at the site.

c) Any action that may impair the correct functioning of the site, especially overloading its servers.

d) To use any of the materials and information contained in this site for illegal aims, or by any aim expressly prohibited by these terms and conditions.

Smadex retains the right to terminate, at its sole discretion, any accounts involved with botnets and related activities.

4.5.Payment terms. Invoices issued by Smadex shall become net and payable within 30 natural days since date of issuance. In case of late payment, Smadex shall apply different levels of penalties, including (i) stopping AdOps activities (quoting, reporting, launching new campaigns), (ii) stopping current campaigns, and (iii) a 1% daily default interest. Smadex shall have the right, but not the obligation, to seek payment of past due amounts directly from the applicable advertiser represented by the Customer (if there be one), without reducing or limiting Customer’s obligation in any way.

4.6.Ad standards. Smadex, at its own discretion, may refuse to run any ad or campaign if it determines that such ad or campaign does not comply with Smadex ad quality standards, mobile advertising good practices or applicable regulations, or would otherwise be inappropriate or damaging to Smadex or its partners.

User shall refrain from submitting, and Smadex shall refuse to run, among others, (i) ads that promote or depict illegal content or activities, violence; (ii) ads that contain advocacy against any protected group (e.g., racial or ethnic origin, sexual orientation/gender identity, age, disability, sex, religion, color, national origin, or veteran status); (iii) ads that depict offensive content or activity; (iv) ads that infringe third party intellectual property; (v) ads that are deceptive or resemble Customer interface elements (e.g. text boxes) or feature excessive animation, shaking or smileys; (vi) ads that mislead the end user insofar as the ad doesn’t match with the final product; (vii) ads that include rotating or auto-expanding rich media creative; (viii) deceptive ads that replicate the Customer interface of OS notifications; (ix) ads that contain creative with iframes; or (x) ads that include applications such as viruses, spyware, and malware.

4.7.Update of ad standards. Smadex may set forth at any time (for instance, in its IO) further restrictions on ad content and creative attributes.

4.8.Fraudulent campaigns. Customer shall refrain from submitting campaigns that Smadex regards as deceptive, malicious, or fraudulent (“fraudulent campaigns). A campaign shall be regarded as fraudulent when it generates queries, impressions, click-throughs, conversions, subscriptions, and/or other actions through any automated, deceptive, fraudulent or other invalid means (including click spam, robots, macro programs, and internet agents), or encourage or require end users to click on ads through offering incentives or any other methods that are manipulative, or attempt to create a substitute or similar service through access to any of the Smadex services or proprietary information related thereto. A campaign shall also be regarded as fraudulent when it starts any kind of action (such as a download, a subscription or a call), without the end user’s informed consent and engagement.

Customer acknowledges that fraudulent campaigns may result in a direct damage to Smadex (including costs, penalties or loss profit, as well as Smadex’ exclusion from real time bidding markets). Customer shall fully indemnify and hold Smadex (including its a<ffiliates, directors,=”” agents=”” or=”” employees),=”” harmless=”” of=”” any=”” such=”” damage=”” caused=”” by=”” a=”” fraudulent=”” campaign,=”” including=”” income=”” lost=”” due=”” to=”” smadex’=”” exclusion=”” from=”” real=”” time=”” bidding=”” market.<=”” p=””>

4.9.Compliance check. At any given moment Smadex may require Customer to provide further evidence that its campaigns comply with the regulations set forth in this Terms of Use and in the IO. As an example, Smadex may require screenshots of the landing pages or tracking systems for any current, past or oncoming campaign managed by a Customer. Such compliance shall be specially required in case of mobile content subscription campaigns.

5. Disclaimer. Warranties and liability

5.1.Disclaimer. Except where expressly provided in this Terms of Use and in the applicable regulatory framework, Smadex is not responsible for damages of any kind that may result from the lack of accuracy, completeness or timeliness, or from errors or omissions in the contents of the site and the services provided to the Customer, unless the provision of such contents in certain conditions has been specifically guaranteed by Smadex to the Customer.

5.2.No warranty. The site is provided by Smadex on an “as is” and on an “as available” basis. To the fullest extent permitted by applicable law, Smadex makes no representations or warranties of any kind, express or implied, regarding the use or the results of this site and the services provided by means of this site, in terms of its correctness, accuracy, reliability, or otherwise. Smadex shall have no liability for any interruptions in the use of this site. Smadex disclaims all warranties with regard to the information provided, including the implied warranties of merchantability and fitness for a particular purpose, and non-infringement.

5.3.No liability. Smadex excludes any liability for damages of any kind (including any special, indirect, consequential, or incidental damages, or damages for lost profits, loss of revenue, or loss of use) that may be due to lack availability, continuity, or accuracy of the site, and the services rendered through the site.

5.4.Third party information. While Smadex makes every effort to ensure that the information on the site is accurate, no representations or warranties are made as to the accuracy or reliability of any information provided on this site, specially the information provided by publishers or third parties of any kind.

6. Links to third party websites

6.1.Inclusion of third party links. Smadex may include in the site links to third party sites with the aim of facilitating access to relevant information available on the Internet. Smadex shall not be held responsible for the contents of the links between the site and third party sites not managed by Smadex. Such links or references are for informational purposes only and in no way imply an endorsement, approval, or commercial relationship of any kind between Smadex and the persons who manage or own the said third party sites.

7. Intellectual Property Rights

7.1.Copyright. The IP contents of this site, including its code, are subject to Copyright © 2014 – Smadex S.L. Consequently, all economic and/or exploitation rights in connection with the contents of the site are held by Smadex, unless they have been licensed to Smadex by a third party. The reproduction, transmission, adaptation, translation, modification, public communication or any other use of all or part of the contents of this site, in any form and by any means, is strictly prohibited unless it has been authorized in written form by Smadex.

7.2.Content of the site. The text, graphics, images, audio, databases, logos, structure, brands and other elements of this site protected by intellectual property rights are held by Smadex and/or by any third party owners who have duly authorized their inclusion on the site by means of the corresponding agreement with Smadex.

7.3.Trademark. Smadex, the Smadex logo, and all related marks and logos, are registered trademarks of Smadex. All other marks are the property of their respective owners. Such use of trademarks or links to the web sites of third parties is not intended to imply, directly or indirectly, that such third parties endorse or have any affiliation with Smadex.

8. Privacy and personal data protection

8.1. Smadex privacy policy & data subject rights policy. Smadex privacy policy is posted in the following URL: [End User Privacy Policy]. Smadex’s data subject rights policy is posted in the following URL: [Data Subject Rights Policy].

8.2. Customer compliance and privacy policy. Customer represents and warrants that, at all times during the term of this agreement it shall maintain a posted privacy policy accessible by direct link from the Customer’s home that (a) complies with all applicable laws, rules and regulations, (b) accurately discloses the data collection, use and disclosure practices applicable; and (c) discloses the use of one or more third parties for ad serving. In particular, Customer shall ensure that its privacy policy describes accurately the process by which data subjects can exercise their personal data rights with regards to Customer, and in particular the right of access as described in Article 15 GDPR.  Customer shall ensure that on each website or application where information is being collected by pixel, beacon or similar technology for monitoring or retargeting purposes, such information is collected in compliance with all applicable e-privacy regulations Smadex may from time to time require Customer to provide specific additional notice mechanisms consistent with applicable laws or industry self-regulations.

8.3. Children’s Privacy. Smadex does not knowingly collect any personal information from children under age of thirteen (13). Should Customer’s site or services be directed to children under age of thirteen (13) or should Customer collect information from children under age of thirteen (13) (further collectively referred as “Children’s Content”), we require Customer at all times to comply with the Children’s Online Privacy Protection Act of 1998 (“COPPA”) as amended from time to time. In addition, we require Customer to immediately notify Smadex by sending an email to info@smadex.com or contacting its Smadex account manager in the event Customer uses the Smadex services in connection with Children’s Content. Should Customer choose not to notify us, we will assume that Customer is not using Smadex services in connection with Children Content and is compliant with COPPA. e disclaim liability for Customer’s failure to prior notify us and honor its obligations as per the herewith request and per Smadex’s Privacy Policy.

8.4. Personal Data Protection. Smadex informs Customer of the existence of personal data files concerning the personal data of Customer and/or its team, created and managed by Smadex as data controller. The Customer has the right to access, rectify, erase or block the personal data controlled by Smadex. These rights can be exercised by means of an email addressed to the address info@Smadex.com, quoting the above subject, or by regular mail addressed to Smadex SL, CIF: B65322034, Carrer Roselló, Barcelona 08029 (Spain).

8.5. Data Processing Addendum concerning digital identifiers. The parties will enter a separate Data Processing Addendum following the contractual model provided by Smadex, concerning the processing of digital identifiers such as device identifiers, cookie identifiers, and IP address, by Smadex as data processor, following the instructions of Customer as Data Controller. This Data Processing Addendum contains the whole agreement between the parties as to the processing of such digital identifiers .

8.6. Additional Data Processing Agreement.  Besides the digital identifiers whose processing is the object of the Data Processing Addendum described in section 8.5, , the Parties acknowledge that in some instances either of them (the ‘Controller Party’) may transfer to the other (the ‘Processor Party’), or the Processor Party may independently collect, certain personal data concerning the Controller Party’s employees, collaborators o contacts, that is necessary for the purposes of executing the advertising campaigns entrusted by Customer to Smadex, and to fulfill the obligations of both Parties under this agreement (“Controller Personal Data”). For what concerns such processing of Controller Personal Data, the Parties agree as follows:

(i). Controller Personal Data shall be processed by the Processor Party exclusively for the purpose of fulfilling its obligations under the IO and this Agreement, and under the instructions of the Controller Party. In no event shall Controller Personal Data be transferred to any third party, unless such transfer is necessary for fulfilling this Agreement.

(ii). When Processing Controller Personal Data, the Processor Party shall ensure that it implements and maintains appropriate technical and organizational security measures, in accordance with the standards in force in the online advertising sector, and with GDPR. The Processor Party shall provide to the Controller Party  any information it may reasonably require concerning the security measures taken in order to protect Controller Personal Data.

(iii). In no event shall the Controller Party transfer, orto the Processor Party process, any personal data that may fall into the categories of data envisaged in Articles 9 and 22 GDPR.

(iv). The control of Personal Data remains with the Controller Party. The Controller Party is responsible for compliance with its obligations as data controller under data protection laws, shall inform any and all data subjects of their rights as envisaged in the GDPR and any other applicable data protection regulation,. It shall provide the means for effectively exercising such rights. In particular, Customer must provide visible notice to, and where necessary, obtain consent from, its employees, collaborators and contacts,  regarding the scope of Customer’s and Smadex’s collection, sharing, and use of data in the context of the services provided by Smadex to Customer.

(v). Smadex is hereby authorized to engage third party subprocessors  that will assist Smadex in the provision of the Smadex services.In particular, Customer is hereby informed that Customer Personal Data will be processed by providers of cloud services such as Amazon Web Services, Google, and Dropbox. Customer is entitled to ask for any additional information concerning such subprocessors, as it may be reasonably necessary.

Customer shall only be entitled to engage third party subprocessors if it receives a prior written authorization by Smadex.

(vi). Following the termination of the Smadex services, the Processor Part will promptly delete or otherwise render inaccessible all copies of the Controller Personal Data, except as may be required by law.

(vii). Smadex is entitled to transfer to and store, Customer data in the United States, and in certain countries where data protection laws may be different from the EU regulations, provided that in every case it will be obliged to enter into the relevant Standard Contractual Clauses for data exportation, as approved by the European Commission at the time. Customer shall provide its customers with sufficient notice thereof, and when necessary obtain their consent for such transfer, storage and use.

(viii) The Processor Party  shall ensure that every person that is granted access to Controller Personal Data as an employee, agent or contractor of the Processor Party, has contractually committed to or is under a statutory obligation of confidentiality.

(ix) Taking into account the nature of the processing, the Processor Party shall assist the Controller Party in implementing appropriate technical and organisational measures in order to ensure the fulfilment of the Controller Party’s obligation to respond to requests concerning the exercise of data subject rights. The Processor Party shall: (i) cooperate with the Controller Party in order to ensure that the rights of data subjects are fully respected, and promptly follow the Controller Party’s instructions concerning their exercise (instructions such as deleting, transferring, or processing the data of Data subject); and (ii) in case that a data subject contacts the Processor Party, such party will immediately notify the other Controller Party and will refrain from responding to the relevant data subject except on the documented instructions of the Controller Party or as required by applicable laws.

(x) Each Processor Party will provide to the relevant Controller Party any reasonable information it may demand, concerning the processing of personal data controlled by such Controller  Party. In addition to that, it will provide any evidence that is reasonably requested by the Controller Party concerning the fulfillment of the Processor Party’s obligations under the applicable data protection regulations.

(xi) The Processor Party will immediately notify the Controller Party in case it suspects or becomes aware of a Personal Data Breach affecting Controller Party Data,  and will immediately provide Controller Party with sufficient information and evidence to allow Controller Party to meet any obligations to report or inform Data Subjects of the personal data breach. In addition to that, the Processor Party will immediately take any action required in order to put an end to such data breach, and will provide to the Controller Party evidence of such action.

8.7. Data processing by third parties. In the context of the services provided by Smadex to Customer, Customer may instruct Smadex to transfer certain data to third parties such as ad serving or tracking companies (hereinafter “third party data processors”). In such event, Customer warrants to Smadex that it has entered into a data processing agreement with the relevant third party data processor that fulfills all the requirements set in the GDPR and any other applicable data protection regulation, and that such third party data processor will use the transferred data (i) in compliance with all applicable laws; (ii) exclusively for the purpose of providing services to the Customer related to the ad campaigns run by Smadex; (iii) that the third party data processor will neither store nor share such data with a third party; and (iv) that the third party shall implement appropriate technical and organizational measures to protect the data against destruction or loss, alteration, unauthorized disclosure or access. Smadex will be entitled to refrain from executing such data transfer if it reasonably believes that these requirements have not been met.

8.8.. Smadex website Cookies. Smadex may use at any moment first-party or third-party cookies, aimed at increasing site Customer experience, site customization, or at facilitating access to information reserved to certain Customers. In accordance with the company data protection policy, the Customer is informed that the cookies, if used, shall be associated to an anonymous Customer and its computer. Therefore, the cookies shall not provide the name and surname of the Customer, or any other identifying personal information. The cookies shall not retain any information of a confidential or sensitive nature, such as political affiliation of a person. The Customer may reject the use of cookies by means of selecting the appropriate settings on its browser or device.

9. Governing law and dispute resolution

9.1.Applicable law and competent jurisdiction. These terms and conditions are governed by Spanish law. Any dispute arising from the use and/or contents of this site shall be submitted to the exclusive jurisdiction of the courts of Barcelona (Spain).