/
协议条款
隐私协议
Pangle Partner Data Privacy PolicyPangle Partner Data Privacy Policy
Pangle End User Data Privacy PolicyPangle End User Data Privacy Policy
パートナーデータプライバシーポリシーパートナーデータプライバシーポリシー
エンドユーザーデータプライバシーポリシーエンドユーザーデータプライバシーポリシー
Pangle 파트너 개인정보처리방침Pangle 파트너 개인정보처리방침
최종 사용자 개인정보처리방침최종 사용자 개인정보처리방침
合作夥伴資料隱私權政策合作夥伴資料隱私權政策
終端使用者資料隱私權政策終端使用者資料隱私權政策
Política de Privacidade de Dados do Parceiro PanglePolítica de Privacidade de Dados do Parceiro Pangle
Política de Privacidade de Dados do Usuário Final PanglePolítica de Privacidade de Dados do Usuário Final Pangle
Política de Privacidad de Datos del Socio PanglePolítica de Privacidad de Datos del Socio Pangle
Política de Privacidad de Datos del Usuario Final de PanglePolítica de Privacidad de Datos del Usuario Final de Pangle
Politique de protection des données des partenaires de PanglePolitique de protection des données des partenaires de Pangle
Politique de protection des données de l’utilisateur final de PanglePolitique de protection des données de l’utilisateur final de Pangle
服务条款
Pangle Publisher AgreementPangle Publisher Agreement
EEA/SWISS/UK SPECIFIC DATA TERMS (“DATA TERMS”)EEA/SWISS/UK SPECIFIC DATA TERMS (“DATA TERMS”)

Pangle Publisher Service Agreement (effective until 18 August 2022)

This Pangle Publisher Service Agreement (this "Agreement") constitutes the agreement between You and Pangle, in connection with your use of the Pangle Services (as defined below). This Agreement form a legally binding contract between You and Pangle.


For purposes of this Agreement only, and unless otherwise specified:

“Pangle” means Bytedance Pte. Ltd.; and

“You”, “your” or “Publisher” means the entity or individual using the Pangle Services for its business or commercial purposes. 


Please review this Agreement carefully and understand it fully before You start using the Pangle Services, in particular please review the provisions that exempt and/or limit the liabilities of Pangle and which deal with the use of any special or specific services hereunder.


Special Note:


You will not be permitted to use the Pangle Services unless You accept all the terms and conditions of this Agreement. By accessing and/or using the Pangle Services, You acknowledge that You understand this Agreement and You agree to be bound hereby as a party hereto.



Introduction


1. You own, operate or represent websites and/or apps (each a "Property") on which You wish to make available advertising space ("Inventory").


2. Pangle owns and operates the Platform, which enables You to sell Inventory and enable Buyers to bid for and buy Inventory in real-time.


3. You wish to use the Platform and Services and Pangle wishes to provide the Platform and Services, subject to the terms of this Agreement.


Capitalized terms used in this Agreement, which are not otherwise defined herein, shall have the meaning given to them in clause XVIII.


1. Rights and Obligations of Pangle


a. Pangle shall provide to You, a non-exclusive, limited license for the duration of the Term to access and use the Platform and Pangle Technology and will provide certain technical support to You.


Where a Buyer successfully bids on Inventory, Pangle will:


i. serve Advertisements onto such Inventory; and

ii. make Performance Data reporting available on advertising served to and viewed by human users on such Inventory via the Platform user interface

(collectively, "Services").


b. Pangle shall have the sole and absolute discretion to decide on the winning bid that will serve an Advertisement to any Property.


c. Pangle will use commercially reasonable efforts to place Buyers under obligation to ensure that the Advertisements comply with the applicable law in the jurisdiction in which the Advertisement is set to run.


d. Pangle may, in accordance with the terms of this Agreement and, to the extent required under Applicable Law, review the Advertisements submitted by the Buyers. In this regard, Pangle may reject Advertisements which, in Pangle’s sole discretion, do not meet the obligations under clause I.3 or where on a technical level, the links are not supported by mobiles, tablets and other devices and/or where the links cannot be opened in a quick and smooth manner. Pangle shall not be responsible for reviewing the content of the landing pages.


e. Notwithstanding clause I.4 above, Pangle is not responsible for and shall not be in any way liable for the authenticity and legality of the Advertisements, as well as any aspect regarding self-regulatory rules or any third-party intellectual property rights and/or personality rights. Thus, You hereto acknowledge and agree that Pangle cannot guarantee the results, income or effectiveness in relation with the provision of Advertisements on the Properties. Pangle will conduct their operations and provide their activities in a professional manner and in accordance with good industry practice. Pangle does not promise or guarantee any minimum purchases or any specific profit or income.


f. Pangle shall, based on the Inventory for the next Settlement Period as submitted by You, organize Buyers to participate in ad bidding. Pangle does not in any way whatsoever guarantee that Pangle will serve a certain number of Advertisements. Pangle shall in no event be liable to You for any Inventory being unsold in the bidding process.


2. Rights and Obligations of You


a. You authorize Pangle to serve Advertisements on the Properties.


b. You are responsible for improving, upgrading and for the technical maintenance of the Properties to guarantee the reliability and availability of the Properties for receipt of the Services.


c. You shall implement the Pangle Technology and comply with any technical requirements and specifications (including in relation to display time and pixel dimensions) provided by Pangle from time to time, to enable the proper display of the Advertisements. In particular, You must transmit the required data parameters outlined in the Pangle SDK integration document and or the API documentation, as applicable.


d. You shall not make any amendments to the content of the Advertisements without Pangle’s prior written approval.


e. You shall not include, directly or indirectly, the Advertisements on Property that contain software viruses, worms, Trojan horses, or other harmful or malicious computer code in any form.


f. You represent and warrant on a continuing basis throughout the Term that:


i. You have full power and authority to enter into this Agreement and perform your obligations under this Agreement;

ii. You own, or have the legal right and authority to operate the Properties;

iii. You have all required licences, approvals, authorisations and consents to operate your business and the Properties;

iv. the entry into and performance by You of this Agreement will not and is not likely to result in any claim by a third party against Pangle;

v. any information provided by You to Pangle is at all times accurate, authentic, current, complete and not misleading;

vi. You will at all times comply with, and ensure the Properties comply with, all Applicable Law, this Agreement and the Policies, and will promptly notify Pangle if You are in breach of or the Properties do not comply with any Applicable Law, the Agreement or the Policies;

vii. You will only use Pangle and the Services for lawful purposes, and only for the purposes for which they are intended to be used;

viii. You will at all times disclose accurately your status as direct seller or reseller (as those terms are defined in the IAB Tech Lab app-ads.txt initiative);

ix. You will ensure that Inventory is set up on the Properties in accordance with all policies and instructions issued by Pangle;

x. You will use all reasonable endeavours to manage your Properties so as to minimize fraudulent traffic, installs and attribution; and

xi. You will not license, sublicense, sell, resell, assign, distribute or otherwise commercially exploit or make available the Platform, Pangle Technology or the Services to any third party.


3. Brand Safety Commitments


a. You shall comply with the Pangle Ad Policy. If Pangle reasonably suspects that You may be in breach of the Pangle Ad Policy or clause X (Personal Data Protection) of this Agreement, then Pangle may: (i) suspend your access to your Account (and/or disable ad serving to the relevant Properties) whilst Pangle conducts an investigation; and (ii) withhold payment of any Revenue for any Inventory which it suspects may be affected by the breach.


b. If, in Pangle’s reasonable opinion, You have breached the Pangle Ad Policy or clause X (Personal Data Protection) of this Agreement, then, without prejudice to Pangle’s other rights and remedies, Pangle shall be entitled to: (i) terminate this Agreement immediately on written notice to You; (ii) be released of your obligation to pay Revenue for any Inventory affected by the breach (the “Affected Revenue”); (iii) reduce any Revenue payable to You by an amount equal to the Affected Revenue; and (iv) receive a refund from You of any Affected Revenue already paid to You, in each case promptly on Pangle’s written demand.


4. Performance Data


a. Pangle shall measure the Performance Data, which shall be made available to You following the end of each Settlement Period in accordance with clause VI.1.


b. If there is any discrepancy between the Performance Data measured by Pangle and any data recorded by You for a Settlement Period, the following shall apply:


i. where the discrepancy in the data recorded by You for: (i) the number of impressions is no greater than 10% of the number of impressions recorded as part of Pangle s Performance Data, and (ii) the number of clicks is no greater than 30% of the number of clicks recorded as part of Pangle s Performance Data, Pangle s Performance Data shall prevail and form the basis for which the Revenue is calculated; and

ii. where the discrepancy exceeds the agreed ranges set out in sub-clause IV.2.a above, You may, within 5 working days after You receives the Performance Data from Pangle in accordance with clause VI.1, provide a notice to Pangle in writing, together with the relevant information required by Pangle (including without limitation the number of requests, impressions, clicks, CPM and total income) to assist investigations into the discrepancy. The parties shall in good faith discuss and use reasonable endeavours to agree on the performance data for that Settlement Period. Where, despite their good faith, the parties are unable to reach agreement on the performance data within 60 days after the date on which Pangle received the notice from You, the matter shall be deemed to be a dispute and shall be resolved in accordance with clause XIV of this Agreement. For the avoidance of doubt, where You does not provide Pangle with a written notice within 5 working days after the relevant Settlement Period, Pangle s Performance Data shall prevail.


c. The Performance Data shall be deemed as "Confidential Information" of Pangle and shall be subject to confidentiality provisions set out in this Agreement. You agree that You shall only use the Performance Data for the purpose of fulfilling your obligations under this Agreement and it shall not disclose any Performance Data to any third party unless agreed by Pangle in advance. Pangle has the right to share the Performance Data with the Buyers, as well as other information relating to You including information relating to your Properties.


5. Intellectual Property


a. Other than as set out expressly in this Agreement, neither party shall acquire any right, title or interest in any intellectual property belonging to the other party or the other party’s licensors. For the avoidance of doubt, all intellectual property rights in and to the Platform and Pangle Technology, including any feedback offered by You, belong to and shall remain vested in Pangle and nothing in this Agreement transfers any ownership in or to the Platform or Pangle Technology to You.


b. Subject at all times to your compliance with this Agreement, Pangle and its licensors grant You a limited, non-exclusive, non-sublicensable, revocable and non-transferable license during the Term to use the Platform and Pangle Technology and Pangle’s trademarks, trade or business names, logos and domain names, solely for the purpose of using the Services subject at all times to such terms and restrictions of use as may be prescribed by Pangle, provided always that Pangle shall have the right to terminate this Agreement or revoke such license at any time and without the need to provide any prior notice.


c. You grants Pangle a worldwide, royalty-free license to reproduce and display images of the Property and any trademarks associated with the Properties in relation to the Services, including for Pangle’s promotional and marketing use.


d. You agree that You will not: (i) copy, sell, resell, assign, licence, distribute, publish or otherwise reproduce the Platform or Pangle Technology; (ii) adapt, modify, decompile, disassemble or reverse engineer the Platform or Pangle Technology; or (iii) use the Platform or Pangle Technology for any unlawful purposes.


6. Payment and Revenue


a. Before the 8th working day of each calendar month, Pangle shall provide You with the Performance Data for the previous Settlement Period in accordance with clause IV. Following the end of each Settlement Period, Pangle agrees to calculate the Revenue payable for the Settlement Period and issue a payment request for such Revenue (a “Payment Request”). Upon receiving the Performance Data and Payment Request, You shall promptly provide Pangle with an approval of the Payment Request. Upon approval of the Payment Request, Pangle shall generate an invoice on your behalf for the Revenue stated in the approved Payment Request. During the Term, You agree to accept invoices generated on your behalf by Pangle in accordance with this clause VI.1 and, unless prohibited by the law applicable to You, not to raise invoices for the transactions covered by this Agreement. Subject to any good faith dispute in relation to the amount of Revenue payable, Pangle shall pay invoices generated by Pangle in accordance with this clause VI.1 within 30 working days upon receiving approval of the Payment Request. Payment shall be made to the bank account specified in your Account. You are solely responsible for ensuring the accuracy of the bank account details in your Account and Pangle shall not be in any way liable for any errors so long as Pangle pays the Revenue to the bank account specified in your Account.


b. Where the Revenue payable to You within one Settlement Period is less than the Applicable Threshold, the parties agree that Pangle has the right to withhold payment of the Revenue and delay issue of a Payment Request until the Revenue payable to You reaches or exceeds the Applicable Threshold, in which case Pangle shall pay the accrued Revenue within 30 working days upon receiving your approval of the relevant Payment Request. Where the Revenue payable to You at the end of a calendar year is still less than the Applicable Threshold, Pangle shall, subject to any good faith dispute in relation to the Revenue, issue a Payment Request for such Revenue and pay the Revenue for the said calendar year within 30 working days upon receiving your approval. If this Agreement or your Account is terminated (other than for your breach), Pangle shall, subject to any good faith dispute in relation to the Revenue, issue a Payment Request and pay to You any Revenue payable to You within 90 days after the end of the calendar month in which this Agreement or your Account was terminated. Should the Revenue payable to You be lower than USD100, the parties agree that Pangle may, at its sole discretion, choose not to pay the Revenue to You when the Agreement or your Account is terminated.


c. Each party shall be responsible for paying all applicable taxes and duties imposed by any government entity in connection with this Agreement including any such taxes or duties that may be imposed in connection with that party’s performance of or entry into this Agreement. For the avoidance of doubt, Pangle will not be responsible for any indirect taxes levied on You by a tax authority with jurisdiction over You.


d. Unless otherwise stipulated by both parties, all payments to be made under this Agreement shall be in United States Dollars (USD) and converted to the applicable currency (if there is a local requirement to perform an exchange operation). If there is no local legal requirement, the exchange rate shall be subject to the average exchange rate for the day of the show data announced by Reuters on its official website at www.reuters.com. Any bank service charges that arise in the course of remitting the funds shall be borne by You and Pangle reserves the right to set off any such service charges from any sums due under a payment request.Payment Request.


7. Term and Termination


a. This Agreement commences on the Effective Date and, unless terminated in accordance with its terms, continues for the Initial Term and shall automatically renew for successive Renewal Terms save that either party may provide 30 days’ prior written notice to the other party of its intention not to renew this Agreement and such notice will only be effective on the expiry of the Initial Term or the then-current Renewal Term, as applicable (the "Term").


b. You may terminate this Agreement by written notice:


i. if any Revenue which is due and payable by Pangle to You in accordance with this Agreement is overdue for 30 calendar days after You provide written notice to Pangle of such overdue payment; or

ii. at any time for any reason, provided You give no less than 30 days’ prior notice to Pangle.


c. Pangle may in its sole and absolute discretion terminate this Agreement by providing You with notice in writing:


i. at any time for any reason, provided Pangle gives no less than 30 days’ prior notice to You;

ii. immediately, without prejudice to Pangle’s other rights and remedies, if You breaches clause V (Intellectual Property) or clause IX (Confidentiality) of this Agreement;

iii. immediately, without prejudice to Pangle’s other rights and remedies, if You materially breaches any term of this Agreement;

iv. if You are declared insolvent or bankrupt, or undergoes a judicial or extrajudicial reorganization; or

v. if any of your representatives, managers, officers, advisors, affiliates, partners or employees are (a) investigated for bribery and/or corruption; (b) are convicted of bribery and/or corruption charges; or (c) are included in any economic restriction or business sanction list issued by the public authorities, for any known or suspected corruption and/or bribery practices.


8. Liability and Indemnity


a. Unless expressly set forth in this Agreement or required under any Applicable Law, the Platform, Pangle Technology and the Services are provided "as is" and "as available" with no warranties whatsoever, and Pangle expressly excludes and disclaims all representations and warranties, whether express, implied or statutory. Without limiting the foregoing and to the maximum extent permitted under Applicable Law, Pangle makes no representation, warranty nor does it provide any other assurance, express or implied, regarding the reliability, suitability, quality, availability, non-infringement or fitness for any purpose whatsoever of the Platform, Pangle Technology or the Services, or that the Platform, Pangle Technology or the Services will be uninterrupted or error free, or will operate in combination with any other hardware, software, system or data.


b. Neither party shall be liable for any lost profits, lost savings, lost value, loss of data, or lost sales (whether such profits, savings, value, or sales are direct, indirect, consequential, or of other nature), incidental, indirect, punitive, special, or consequential damages under any part of this Agreement, even if the party has been advised or was aware of the possibility of such losses or damages.


c. Without prejudice to Pangle’s rights under any provision of this Agreement, You shall indemnify, defend and hold harmless the Pangle Indemnitees, from and against Losses which may be sustained, instituted, made or alleged against, or suffered or incurred by the Pangle Indemnitees, and which arise (whether directly or indirectly) out of, in the course of or in connection with your use of Pangle and/or Services and/or your breach of any term of this Agreement.


d. Without prejudice to the generality of the rest of this clause VIII, the maximum aggregate liability of Pangle arising under or in connection with this Agreement, whether in contract, tort (including negligence), breach of statutory duty or otherwise, shall not exceed the lesser of: (A) the Revenue paid by Pangle to You in the 6 month period preceding the date of the event giving rise to the liability; and (B) USD 100,000.


e. Pangle will not be held liable for any Pangle Technology failures that may arise from circumstances beyond the control of Pangle, including, without limitation, Internet failures, power outages and hardware failures of You, as well as downtime scheduled maintenance, updating and configuration adjustments. You acknowledges and agrees that some features of the Pangle Technology may rely on the correct functioning of a third-party application, and Pangle will not be liable for, nor offer any guarantee in relation to these third-party applications.


9. Confidentiality


1. Each party ("Receiving Party") undertakes to the other party ("Disclosing Party") to treat as confidential all information, whether commercial, financial, technical or otherwise, in any medium or format, which the Receiving Party receives from the Disclosing Party, either directly or from any other person, or otherwise accesses in connection with this Agreement, which concerns the business, operations, customers or suppliers of the Disclosing Party and which: (a) is marked as confidential, (b) is identified in advance of disclosure by the Disclosing Party as being confidential, or (c) ought reasonably to be understood by the Receiving Party to be confidential ("Confidential Information"). For the purposes of this Agreement, the terms and conditions of this Agreement shall be deemed as “Confidential Information”.


2. Each party shall keep the Confidential Information confidential and not disclose the Confidential Information to anyone or any entity, save for where Pangle is the Receiving Party, to its Affiliates. The Receiving Party shall institute and/or maintain such procedures as are reasonably required to maintain the confidentiality of the Confidential Information, and shall apply at least the same level of care as the Receiving Party employs to protect its own confidential information of like nature. The Receiving Party may disclose Confidential Information in the following circumstances:


i. the disclosure is necessary for the performance of obligations under this Agreement such as disclosure to its officers, employees, subcontractors, service providers or professional advisors), provided that this is done on a strictly need-to-know basis;

ii. the disclosure is required by Applicable Laws or a competent regulatory authority, provided that the Disclosing Party shall be given as much notice as is practicable so that a protective order may be sought by the Disclosing Party, and provided further that the Receiving Party shall not disclose more information than what is required under the circumstances.


3. Nothing in this clause IX is intended to prevent or limit Pangle’s right to disclose information to Buyers which is relevant to Buyer’s purchase and use of Inventory.


4. The obligations of each party under this clause IX shall survive the termination or expiry of this Agreement.


10. Personal Data Protection


1. In the course of receiving the Services, You will make available to Pangle (or enable Pangle to collect) Personal Data through the Pangle Technology or via its measurement partners for Pangle to process for the purposes described in the Pangle Privacy Policy (or as otherwise agreed in writing by the parties) (the "Permitted Purpose").


2. Each party shall comply with the obligations that apply to it under Applicable Data Protection Law in respect of its processing of Personal Data. In particular (and without limitation):


1. You shall maintain a publicly accessible privacy notice on each Property, which shall be available to Data Subjects prior to processing of their Personal Data. Such notice shall (i) provide a clear and comprehensive description of the collection, use and disclosure of Personal Data, including Pangle s access to or storage of information on the Data Subject s device for the Permitted Purpose; (ii) make available the Pangle Privacy Policy; and (iii) comply with any other necessary transparency requirements that apply under Applicable Data Protection Law in order for it to make available Personal Data to Pangle to process for the Permitted Purpose.


2. In addition You must provide clear and comprehensive information to end users in a sufficiently prominent notice regarding Pangle’s access to, collection, and sharing of information via Pangle Technology, including: (i) that the Property uses Pangle Technology to collect information about users’ use of the Property; (ii) that such information is used to provide measurement services and/or targeted ads; and (iii) how and where users can opt out of the collection and use of such information for ad targeting. You shall ensure that such notice is made available, at a minimum, via an easily accessible link within the Property’s settings and/or privacy policy and within any store or website where the Property is distributed (e.g. Google Play or The App Store).


3. Where necessary under Applicable Data Protection Law, You shall ensure that You have a legal basis to share Personal Data with Pangle and for Pangle s processing for the Permitted Purpose.


4. Where necessary under Applicable Data Protection Law and/or platform standards (such as Apple or Google platform terms), You shall obtain each Data Subject s prior consent to: (i) processing for the Permitted Purpose; (ii) the overseas transfer of Personal Data described in the Pangle Privacy Policy; and (iii) the access to or storage of information on that Data Subject’s device via the Pangle Technology.


5. When seeking consent that is required by Applicable Data Protection Law, You shall: (a) ensure that the nature of such consent complies with the requirements under the Applicable Data Protection Law; (b) retain records of consent given by end users; (c) provide end-users with clear instructions for revocation of consent; and (d) provide records of consent to the satisfaction of Pangle upon request.


6. Each party shall implement appropriate technical and organizational measures to protect against the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data and such measures will take into account the nature, scope, context, and purposes of the processing as well as the risks.

3. You shall not make available to Pangle, nor enable Pangle to collect, Sensitive Data or Personal Data relating to Children, or Personal Data from Properties directed to or marketed at Children (“Child-Directed Properties”). You represent and warrants that none of your Properties for which you are using the Platform or Pangle Technology are Child-Directed Properties. You shall not use the Platform or Pangle Technology to: (a) collect Personal Data about Children or visitors to Child-Directed Properties, or (b) purchase, sell place or facilitate the placement of behaviorally targeted Advertisements on Child-Directed Properties. Pangle undertakes no obligation to identify Child-Directed Properties or to monitor the compliance of You with respect to identifying Child-Directed Properties.

4. Pangle reserves the right to monitor your compliance with this clause X and You agree promptly upon request to provide to Pangle reasonable documentary evidence of such compliance.

5. If You receives any correspondence, request or complaint ("Correspondence") in relation to any processing undertaken in connection with this Agreement (from a Data Subject or otherwise), You will promptly notify Pangle and provide all information, cooperation and assistance as Pangle reasonably requires in relation to any such Correspondence (including, without limitation, providing a point of contact and relevant contact details which Pangle may pass to the third party correspondent) in accordance with any timescales that may apply under Applicable Data Protection Law.


6. Where You are not a Publisher You shall procure that the Publishers You represent comply with the obligations of this clause X.

7. The parties acknowledge and agree that where You are established in the EEA, Switzerland or the United Kingdom, or otherwise subject to GDPR (under Article 3.2 of GDPR), or the Personal Data that will be processed relates to Data Subjects in the EEA, Switzerland or the United Kingdom, the additional EEA/UK Specific Terms set out in Appendix 1 shall apply.

8. You will indemnify and hold harmless the Pangle Indemnitees from and against Losses arising from any failure by You to comply with your obligations under this clause X.


11. Force Majeure


Where Pangle or You, in part or in whole, delays in fulfilling the obligations or cannot fulfil the obligations because of any Force Majeure Event (the "Affected Party"), the Affected Party shall not be liable for such default or delay in performance of its obligations under this Agreement. The Affected Party shall use its best efforts including promptly take measures to mitigate the impact of its non-performance notwithstanding the Force Majeure Event. Notwithstanding the foregoing, if the Affected Party is unable to perform its obligations for more than 30 consecutive working days due to the Force Majeure Event, the other party may terminate this Agreement immediately on written notice to the Affected Party.


12. Amendments to Agreement


Pangle reserves the right to make non-material amendments to the terms contained in this Agreement, in its sole discretion, from time to time, and any changes will be effective upon providing notice to You by way of email or posting to the Platform or your Account (when and if available), and You waives the right to receive alternative notice of such changes. Should Pangle make material amendments to the terms in this Agreement, Pangle shall notify You by email or posting to the Platform or your account (when and if available) seven (7) days in advance of the effective date of such amendments. Your continued use of Pangle or following notice will constitute your acceptance of the updated terms. If You does not agree to any changes, your sole and exclusive remedy is to terminate this Agreement and immediately cease use of Pangle and the Services.


13. Legal Compliance


1. Compliance with Anti-Corruption Laws. You understand and agree that it has complied and will continue to comply with Anti-Corruption Laws and ByteDance Business Partner Code of Conduct (https://supplier.bytedance.com/code-en.pdf). You did not and will not engage in any conduct in violation of the Anti-Corruption Laws. You did not and will not, directly or indirectly offer, promise, approve or authorize the payment of money or anything of value to any entities or individuals, to: 1) influence any official act or decision of that entity or individual, 2) improperly obtain or retain any business opportunities, 3) improperly obtain any business advantage, or 4) obtain any other improper benefits. The above-mentioned "entities" include but are not limited to Government Entities, collectively-owned enterprises and private enterprises. The above-mentioned "individuals" include but are not limited to Government Officials, staff members of collectively-owned enterprises or private enterprises, and any individual who has influence over the aforementioned individuals.


2. Books and Records. You represent and warrant that it has maintained and will continue to maintain accurate and complete accounting books and financial records in connection with this Agreement in accordance with generally accepted accounting principles, and will retain all records related to this Agreement for five (5) years upon expiration or termination of this Agreement, and agrees to make such records available upon the request of Pangle.


3. Government Ownership. You represent and warrant that during the term of this Agreement, no Government Official is or will be a direct or indirect owner or investor of You, holds or will hold any financial or personal interest You.


4. Breach and Termination. If You breach any representation or warranty of this Section XIII of the Agreement or any Anti-Corruption Laws, Pangle shall have the right to unilaterally and immediately terminate this Agreement without any obligation to provide further payments to You.


5. The Parties agree to comply with all economic sanctions and export control laws and regulations ("International Trade Compliance") applicable to this Agreement, including the laws and regulations where products/services relating to this Agreement are offered or available. Each Party represents and warrants that, at the time of signing this Agreement, it is not subject to any sanctions or relevant program maintained by applicable government authorities, not a military related agency, and is not owned, controlled by, or acting for or on behalf of, one or more of such persons/entities.


6. The Parties agree that, should either Party be unable to continue to perform its obligations under the Agreement in compliance with applicable International Trade Compliance due to International Trade Compliance restrictions, both Parties shall review the impact of such restrictions together in an effort to seek a solution to continue to perform the Agreement in compliance with applicable International Trade Compliance, or terminate this Agreement upon mutual consent.


7. Without limiting the foregoing, should any Party violate any applicable International Trade Compliance, making any continued performance of this Agreement violate applicable International Trade Compliance, the other Party is entitled to terminate performing relevant obligations under this Agreement. The violating Party shall compensate the non-violating Party for any losses incurred by such violation.


14. Governing Law and Jurisdiction


This Agreement, and any and all disputes arising out of or in connection with this Agreement (including any alleged breach of, or challenge to the validity of enforceability, of the Agreement shall be governed by, and construed in accordance with, the laws of the Republic of Singapore. Any dispute arising out of or in connection with the Agreement, including any question regarding its existence, validity or termination, shall be referred to and finally resolved by arbitration administered by the Singapore International Arbitration Centre in accordance with the Arbitration Rules of the Singapore International Arbitration Centre for the time being in force, which rules are deemed to be incorporated by reference in this Agreement. The seat of arbitration shall be Singapore. The arbitral tribunal shall consist of three (3) arbitrators and the language of the arbitration shall be English.


15. Notices and Delivery


a. Unless otherwise stipulated in this Agreement, any notices, documents, materials and data or other communications given pursuant to this Agreement shall be delivered by registered mail or electronic mail to the respective mailing addresses or email addresses as stated in your Account.


b. Where one party changes its address for notices, the said party should, within 5 working days before the change is made, inform the other party.


c. Delivery of a notice is deemed to have taken place: (i) if delivered by registered mail, at the time when the said information and documents are sent to the mailing address; (ii) if delivered by email, at 24 hours from the time when the email is sent out.


16. Rights of Third Parties


No person or entity who is not a party to this Agreement shall have any right under the Contracts (Rights of Third Parties) Act, Chapter 53B of Singapore or other similar laws to enforce any term of this Agreement, regardless of whether such person or entity has been identified by name, as a member of a class or as answering a particular description. For the avoidance of doubt, this shall not affect the rights of any permitted assignee or transferee of this Agreement.


17. Miscellaneous


a. You and Pangle are independent entities. Under no circumstances will this Agreement constitute an agency, partnership, joint venture or employment relationship between the parties.


b. This Agreement (as amended from time to time) constitutes the entire agreement between the parties in relation to the content hereof and supersedes all previous written or oral agreements (other than the Policies, the Pangle Terms of Use available at https://www.pangleglobal.com/agreement and the Pangle Privacy Policy between the parties in relation to the relevant content. You agree that any service agreement (in relation to the content hereof) previously entered into between the parties is terminated as of the Effective Date.


c. Any waiver of any breach of or non-compliance with this Agreement by Pangle shall not be deemed to be a waiver of any prior or subsequent breach of or non-compliance with this Agreement.


d. If any terms of the Agreement are partially invalid or unenforceable for any reason, the remaining terms are still valid and binding on both parties.


e. You may not assign, sub-license, transfer, subcontract, or otherwise dispose of any of your rights or obligations, under this Agreement without Pangle s prior written consent. Pangle may at any time assign, sub-license, transfer, subcontract or otherwise dispose of its rights or obligations under this Agreement without notice or consent (save to the extent required by Applicable Law).


f. Termination shall not prejudice or affect any right of action or remedy which shall have accrued or shall thereafter accrue to either party and all provisions which are to survive this Agreement, or which are implied to survive shall remain in full force and effect. For the avoidance of doubt, the right to claim loss or damage arising from an event which caused a breach of contract is expressly reserved.


g. The English language version of this Agreement, regardless of whether a translation in any other language is or will be made, shall be the only authentic one. In the event of any inconsistency or difference in interpretation between the English version and the version in the other language, the English version shall prevail.


18. Definitions and Interpretation


In this Agreement, unless the subject or context otherwise requires, the following words and expressions shall have the following meanings respectively ascribed to them:


a. "Account" means your registered account which You signed up for to access Pangle.


b. "Advertisements" means the advertising material which will be served by Pangle on the Properties and may be in the form of: (a) images, text, videos; and/or (b) links which will re-direct end users to visit advertisers websites and/or mobile applications.


c. "Affiliate" means, in relation to a party, any entity that controls, is under the control of, or is under common control with, that party, where control means the direct or indirect ownership of more than 50 per cent of the voting capital or similar right of ownership of that party or the legal power to direct or cause the direction of the general management and policies of that party, whether through the ownership of voting capital, by contract or otherwise, and Controls and Controlled shall be interpreted accordingly.


d. "Anti-Corruption Law" means any laws of the countries in which either party does business, including but not limited to: (i) the Prevention of Corruption Act (Chapter 241 of Singapore); (ii) the U.S. Foreign Corrupt Practices Act of 1977; (iii) the UK Bribery Act 2010; (iv) Brazilian Anti-Corruption Law (Law No. 12846/2013) and (v) any other applicable anti-corruption laws, regulations and rules.


e. "Applicable Data Protection Law" means all data protection and privacy laws and regulations anywhere in the world applicable to the processing of Personal Data, including, where applicable and without limitation, GDPR, national laws implementing European Directive 2002/58/EC, the Swiss DPA, the California Consumer Privacy Act Of 2018, the United States’ Children’s Online Privacy Protection Act and the Singapore Personal Data Protection Act 2012, the Brazilian Data Protection Law (LGPD), Russian Federal Law on Personal Data (152-FZ) and any laws succeeding the same.


f. "Applicable Law" means all applicable laws, by-laws, enactments, regulations, regulatory policies, ordinances, protocols, industry codes, self-regulatory principles, regulatory permits, regulatory licences or requirements of any court, tribunal or governmental, statutory, regulatory, judicial, administrative or supervisory authority or body.


g. "Applicable Threshold" means USD 100.


h. "Buyer" means a buyer that purchases advertising inventory using Pangle’s technologies.


i. "Child" (or "Children" as applicable) means a Data Subject either: (i) below the age of 13; or (ii) who is under the age of majority in the territory in which they reside who is not permitted under applicable local laws to consent on their own behalf to processing of their Personal Data (where consent is required for such processing under applicable local laws).


j. "Data Subject" means an identified or identifiable natural person whose Personal Data is processed pursuant to this Agreement.


k. "EEA" means the European Economic Area.


l. "Effective Date" has the meaning given on the front page of this Agreement.


m. "Force Majeure Event" means causes beyond the affected party’s reasonable control, including but not limited to acts of God, fire, explosion, adverse weather conditions, flood, earthquake, pandemic, terrorism, riot, civil commotion, war, hostilities, strikes, work stoppages, slow-downs, or other industrial disputes, accidents, riots or civil disturbance, acts of government, lack of power and delays by suppliers or materials shortages of transportation, facilities, fuel, energy, labour, or materials, energy supply interruption, IT viruses and cyber-attacks, dysfunction of networks.


n. "GDPR" means: (i) the General Data Protection Regulation of the European Union (Regulation 2016/679 of 27 April 2016) ("EU GDPR"); (ii) the EU GDPR as saved into United Kingdom law pursuant to s.3 of the United Kingdom s European Union (Withdrawal) Act 2018 (the "UK GDPR"); (iii) any national legislation made under or pursuant to (i) or (ii); and (iv) any amendments or successor legislation to any of (i), (ii) or (iii).


o. "Initial Term" means the period between the Effective Date and the end of the calendar year on which the Effective Date occurs.


p. "Inventory" has the meaning given in paragraph A of the Introduction.


q. "Losses" mean any and all claims, costs, expenses (including attorneys fees and costs), liabilities, damages and losses of any kind.


r. "Pangle Ad Policy" means the Pangle Ad Policy accessible at https://www.pangleglobal.com/help/doc/5dd364533d7897001168e341 as updated from time to time.


s. "Pangle Indemnitees" mean Pangle, its licensors and each such party’s Affiliates and their respective employees, members, officers, directors and agents.


t. "Pangle Privacy Policy" means the means the “Pangle End User Data Privacy Policy” accessible at https://www.pangleglobal.com/privacy as updated from time to time.


u. "Pangle Technology" means any SDK, code or other technology which is provided by Pangle for implementation by You, which enables Pangle’s access to or storage of information on an end user s device.


v. "Performance Data" means data on the performance of the Advertisements on the Properties, including the Performance Results.


w. "Performance Results" means, in relation to Inventory on any Property, the number of valid impressions, clicks, installs, purchases or any other relevant metrics that an Buyer remunerates Pangle for.


x. "Personal Data" means data that falls within the scope of "personal data" or "personal information" (or any analogous term) that is protected by Applicable Data Protection Law.


y. "Platform" means the website operated by Pangle at https://www.pangleglobal.com/ and any related apps, websites, platforms and other support systems and services operated by Pangle.


z. "Policies" means any policies, guidelines or directions (including but not limited to the Pangle Ad Policy), as notified to You or otherwise made available by Pangle from time to time, and as may be updated from time to time.


aa. "Publisher" means the owner or operator of a Property or Properties.


ab. "Renewal Term" means the automatic renewal term of 12 months or as set out in your Account.


ac. "Revenue" means the amount payable by Pangle to You for each Settlement Period calculated by reference to the Performance Results, as determined by Pangle in its sole discretion.


ad. "Sensitive Data" has the meaning given under Applicable Data Protection Law (or any analogous term, such as "special categories of personal data").


ae. "Services" has the meaning given in clause I.1 above.


af. "Settlement Period" means one (1) month, according to the Gregorian calendar month, i.e. from 00:00 of the 1st of each month to 23:59 of the last day of that month.


ag. “Swiss DPA” means Switzerland’s Federal Data Protection Act of 1992 (as amended or superseded).


ah. "Term" has the meaning given in clause VII.1.


The headings of the terms used herein are for convenience and reference only and do not have any legal meaning or have any effect on interpretation.


IN WITNESS WHEREOF, the Parties have caused this Agreement to be executed by their duly authorized representatives as of the Effective Date.

ByteDance Pte. Ltd.


[Insert You Company Name]



Signature:


Signature:



Name:


Name:



Title:


Title:



Date:


Date:



Appendix 1: EEA/ Swiss/ UK Specific Terms


1. In this Appendix 1, the following additional definitions shall apply:


"Controller" means a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.


"Joint Controllers" means two or more Controllers that jointly determine the purposes and means of processing. "Joint Controller" shall be construed accordingly.


"Joint Processing" means the collection of Personal Data via the Pangle Technology on the Property and its subsequent transmission to Pangle to be used for the Permitted Purpose, but does not include any processing of the Personal Data that takes place after it has been transmitted to Pangle.


"Joint Controller Terms" means the terms set out in this Appendix 1.


"Personal Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed under this Appendix 1.


“Restricted Transfer” means (i) where the EU GDPR applies, a transfer of Personal Data from the European Economic Area to a country outside of the European Economic Area which is not subject to an adequacy determination by the European Commission; (ii) where the UK GDPR applies, a transfer of Personal Data from the United Kingdom to any other country which is not based on adequacy regulations pursuant to Section 17A of the United Kingdom Data Protection Act 2018; and (iii) where the Swiss DPA applies, a transfer of Personal Data from Switzerland to any other country which is not subject to an adequacy determination by the competent Swiss authority in accordance with the Swiss DPA.


"Standard Contractual Clauses" means: (i) where the EU GDPR applies or the Swiss DPA applies, the contractual clauses annexed to the European Commission’s Implementing Decision 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of Personal Data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (“EU SCCs”); and (ii) where the UK GDPR applies, standard data protection clauses adopted pursuant to or permitted under Article 46 of the UK GDPR (“UK SCCs”).


2. The parties each acknowledge and agree that they are Joint Controllers in accordance with Article 26 GDPR for any Joint Processing and these Joint Controller Terms determine the parties responsibilities for compliance with GDPR with respect to the Joint Processing. All other responsibilities for compliance with obligations under GDPR regarding the Joint Processing not referred to in this Appendix remain with each of Pangle and You individually. If You are contacted by a supervisory authority or Data Subject with regard to the Joint Processing (each a "Request"), You will promptly notify Pangle at europe_privacy@pangleglobal.com and provide all timely information, cooperation and assistance as Pangle reasonably requires in relation to such Request. You are not authorized to act or answer such Request on Pangle s behalf.


3. Pangle and your GDPR compliance responsibilities with respect to the Joint Processing shall be as follows:


GDPR compliance responsibility

Pangle s responsibility

Your responsibility

i.

Art 6: Legal Basis

X Pangle has the responsibility to establish a lawful basis in respect of its own processing of Personal Data.

X You have responsibility to establish a lawful basis in respect of your own processing of Personal Data. In addition, to the extent that Pangle Technology accesses or stores information (including Personal Data), You must obtain all necessary and verifiable consents required by virtue of Applicable Data Protection Law and the Agreement.

ii.

Arts 13, 14: Information

X Pangle will display (or procure the display of) a publicly-available privacy notice describing its processing activities (including the Joint Processing) that meets the requirements of Article 13 and 14 of GDPR.

X You must display (or procure the display of) a privacy notice describing your processing activities (including the Joint Processing) to meet the requirements of Article 13 and 14. This includes as a minimum the provision of the following information: That Pangle is a Joint Controller of the Joint Processing. That You uses Pangle Technology which enables the collection and transmission of Personal Data for the Permitted Purpose. That further information on how Pangle processes Personal Data, including the legal basis Pangle relies on and the ways to exercise Data Subject rights against Pangle, can be found in the Pangle Privacy Policy (with a link to that policy). In addition, to the extent that the Pangle Technology accesses or stores information (including Personal Data), You must also provide clear and comprehensive information about such access or storage to Data Subjects as required by Applicable Data Protection Law and the Agreement.

iii.

Art 26(2): Making available Joint Controller Terms


X This includes as a minimum the provision of the following information: That You and Pangle have: entered into these Joint Controller Terms to determine their respective responsibilities for compliance with the obligations under GDPR with regard to the Joint Processing; agreed that You are responsible for providing Data Subjects as a minimum with the information listed under point B in this table above; and agreed that between the parties, Pangle is responsible for enabling Data Subjects rights under Articles 15-20 of GDPR with regard to the Personal Data stored or otherwise Processed by Pangle after the Joint Processing.

iv.

Art 15-20: Subject Rights

X Pangle shall respond to the exercise of any Data Subject rights under Articles 15-20 GDPR in respect of Personal Data processed by Pangle with regard to the Joint Processing.


v.

Art 21: Right to object

X Pangle will enable Data Subjects to exercise their right to object in respect of its own Processing of Personal Data.

X You will enable Data Subjects to exercise their right to object in respect of your Processing of Personal Data.

vi.

Art 32: Security

X Pangle in respect of security of the Pangle Technology.

X You in relation to your correct technical implementation and configuration of the Pangle Technology.

vii.

Arts 33, 34: Personal Data Breaches

X Pangle will comply with its obligations under GDPR in respect of Personal Data Breaches insofar as any Personal Data Breach concerns Pangle s security obligations under these Joint Controller Terms.

X You will comply with your obligations under GDPR in respect of Personal Data Breaches insofar as any Personal Data Breach concerns your security obligations under these Joint Controller Terms.



You will comply with your obligations under GDPR in respect of Personal Data Breaches insofar as any Personal Data Breach concerns your security obligations under these Joint Controller Terms.


4. Where You make a Restricted Transfer of Personal Data to Pangle pursuant to this Agreement, the Standard Contractual Clauses shall apply between You (as data exporter) and Pangle (as data importer) as follows:


a. in relation to Personal Data that is protected by the EU GDPR, the EU SCCs will apply as follows: (i) Module One will apply; (ii) in Clause 7, the optional docking clause will apply; (iii) in Clause 11, the optional language will not apply; (iv) in Clause 17, Option 1 will apply, and the EU SCCs will be governed by Irish law; (v) in Clause 18(b), disputes shall be resolved before the courts of Ireland; (vi) Annex I of the EU SCCs shall be deemed completed with the information set out in Annex I to this Appendix; and (vii) Annex II of the EU SCCs shall be deemed completed with the information set out in Annex II to this Appendix; and

b. in relation to Personal Data that is protected by the UK GDPR, the UK SCCs will apply as follows:

i. Until such time as it is possible to rely on EU SCCs for transfers of Personal Data from the United Kingdom in the manner described in sub-clause 4(b)(ii) below, the standard contractual clauses for the transfer of personal data to processors set out in the European Commission’s Decision 2004/915/EC of 27 December 2004 (“Prior C2C SCCs”) shall apply as follows: (aa) Appendix 1 shall be completed with the relevant information set out in Annex I to this Appendix; (bb) Appendix 2 shall be completed with the relevant information set out in Annex II to this Appendix; and (cc) the optional illustrative indemnification clause will not apply;

ii. Where You and Pangle are lawfully permitted to rely on the EU SCCs for transfers of personal data from the United Kingdom subject to completion of a “UK Addendum to the EU Standard Contractual Clauses” (“UK Addendum”) issued by the Information Commissioner’s Office under s.119A(1) of the Data Protection Act 2018, then: (aa) subject to sub-clause (bb), the EU SCCs, completed as set out above in sub-clause 4(a) of this Appendix shall also apply to transfers of Personal Data from You to Pangle; and (bb) the UK Addendum shall be deemed executed between You and Pangle, and the EU SCCs shall be deemed amended as specified by the UK Addendum in respect of the transfer of such Personal Data from You to Pangle; and

iii. If neither sub-clause 4(b)(i) or sub-clause 4(b)(ii) of this Appendix applies, then Pangle shall cooperate in good faith with You to implement alternative appropriate safeguards for transfers of Personal Data as required or permitted by the UK GDPR without undue delay; and

c. in relation to Personal Data that is protected by the Swiss DPA, the EU SCCs will apply as set out in sub-clause 4(a) of this Appendix with the following amendments: (i) references to ‘Regulation (EU) 2016/679’ in the EU SCCs will be deemed to refer to the Swiss DPA; (ii) references to specific articles of ‘Regulation (EU) 2016/679’ will be deemed replaced with the equivalent article or section of the Swiss DPA, (iii) references to ‘EU’, ‘Union’ and ‘Member State’ will be deemed replaced with ‘Switzerland’, (iv) references to the ‘competent supervisory authority’ and ‘competent courts’ are replaced with the ‘Swiss Federal Data Protection Information Commissioner’ and ‘applicable courts of Switzerland’ (as applicable), (v) in Clause 17, the EU SCCs will be governed by the laws of Switzerland, and (vii) in Clause 18(b), disputes shall be resolved before the competent courts of Switzerland.

5. If the parties compliance with GDPR or Swiss DPA requirements relating to international transfers of Personal Data is affected by circumstances outside of the parties control, including if the Standard Contractual Clauses or any other legal instrument for international transfers of Personal Data is invalidated, amended or replaced, then the parties will work together in good faith to reasonably resolve such non-compliance.

6. If a Property is within the IAB Europe Transparency & Consent Framework, You shall (or shall procure that the relevant Publisher shall) comply fully with the policies of the IAB Europe Transparency & Consent Framework Policies currently available at: https://iabeurope.eu/iab-europe-transparency-consent-framework-policies/.


Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons.



I. System Entry Control

Establishing, maintaining, monitoring, and using appropriate technical, physical, administrative, and organisational safeguards consistent with the highest industry standards to secure against a security incident including, at a minimum:

(a) Secure user authentication protocols and system access control;

(b) Use of mature and appropriate physical security, current malware, antivirus, and security software that includes e-mail filtering and malware detection;

(c) Use of proper network protection measures;

(d) During idle times, company-issued equipment (e.g., company-issued laptops) are automatically locked;

(e) Encourage use of complex passwords;

(f) Concept of least privilege, allowing only the necessary access for users to accomplish their job function. Access above requires appropriate authorisation;

(g)IT access privileges are reviewed regularly by appropriate personnel;

(h) Network monitoring services in place 24 x 7 x 365 to detect unauthorised activities;

(i) Vulnerability scanning and remediation in place;

(j) Penetration testing as appropriate;

(k) Encryption protocols applied as necessary under various circumstances. 


II. Physical Access Controls

Taking, among others, the appropriate security measures in order to establish the identity of the authorised persons and prevent unauthorised access to the data importer(s) premises and facilities in which the data are processed.


III. Data Access Control

Taking technical and organisational measures in order to prevent unauthorised activities in the data processing systems outside the scope of any granted authorisations including, at a minimum:

(a) User and administrator access to the network a role-based access rights model. Authorization model grants access rights to data only on a “need to know” basis;

(b) Administration of user rights through system administrators;

(c) Number of administrators is reduced to the absolute minimum;

(d) Perform internal audits as required to assess high risk processes, technologies, and people;

(e) Prohibit each employee from disclosing the Personal Data to any unauthorised third party or using the Personal Data in an unauthorised manner.

(f) Where encryption of data is used, proper key lifecycle management practices are in place.


IV. Data Transfer Control

Taking technical and organisational measures in order to ensure that Personal Data cannot be read, copied, altered, or removed by unauthorised persons under their electronic transmission or during their transport or recording on data carriers and to guarantee that it is possible to examine and establish where Personal Data are or have been transmitted by data transmission equipment including, at a minimum:

(a) Remote access (including during remote maintenance or service procedures) to the IT systems are to be via VPN tunnels, where appropriate, or other secure, encrypted connections;

(b) Encryption protocols applied as necessary under various circumstances; 

(c) Data storage devices and paper documents are locked away when not in use (e.g., clean desk policy);

(d) Appropriate destruction and disposal of documents;

(e) Physical destruction processes in place to industry standards; 

(f) Secure communication session established via TLS or similar protocols across core applications/services;

(g) Encrypted certificates utilised for authentication between core web client and core web server.


V. Input Control

Taking appropriate technical and organisational measures in order to ensure that it is subsequently possible to verify and establish via log files whether and by whom Personal Data have been entered into data processing systems, altered, or removed.


VI. Framework Control 

Taking technical and organisational measures in order to ensure that any Personal Data transferred under this Agreement can only be processed for the purposes specified in the Agreement including, at a minimum:

(a) Clear and binding internal policies contain formalised instructions for data processing procedures;

(b) Clearly articulated contractual protections in place as appropriate in underlying contracts;

(c) Regular staff training on the proper use of the computer security system, the security backup and disaster recovery procedures, and the importance of security to ensure compliance with contractual arrangements and maintain awareness regarding data protection requirements;

(d) Secure destruction processes in place to industry standards;

(e) Periodic access reviews that monitor employee access controls;

(f) Company s corporate network is separated from its user services network by means of complex segregation devices.


VII. Availability Control

Taking technical and organisational measures in order to protect the data from accidental destruction or loss including, at a minimum:

(a) Appliances for the monitoring of temperature and humidity in data centers;

(b) Fire/smoke detectors and fire extinguishers or fire suppression system in data centers;

(c) Use of mature and appropriate anti-virus software that includes e-mail filtering and malware detection;

(d) Data recovery measures and emergency plan in place and regularly tested;

(e) Implementation of mature and appropriate backup methods including physical separation of the backup data and storage of data stored in a redundant archive;

(f) Use a combination of full, differential, and cumulative backups to ensure data integrity and timely restoration for core data, as appropriate;

(g) To ensure an uninterrupted supply of power to the system, redundant power supply units are built into the systems wherever possible;

(h) Integrity of stored data regularly verified using checksums;

(i) Processes in place to move data traffic away from affected area to uncompromised area in case of failure;

(j) Preventative maintenance is performed to ensure continued operability of equipment.

(k) Appropriate Denial of Service and Distributed Denial of Service technology in place to defend against network and systems based resource starvation attacks.