Terms and Conditions



The IAB/AAAA Standard Terms and Conditions Version 3.0 (“IAB/AAAA Terms”) shall apply to the IO, except as set forth in this Addendum.  The specific subsections of the IAB/AAAA Terms referenced below are replaced with the modified provisions contained below, and the additional provisions contained below are added, where applicable.


d.    Return Policy

In order for any credit to be processed by the Agency the Advertiser must supply, no later than seven (7) days upon close of month any Deliverable that is considered non-viable as defined within the IO. All non-viable Deliverables submitted to the Agency must contain a valid reason, as well as the associated subid, as defined within the Advertiser IO. Any Deliverables submitted to the Agency without a valid reason shall be considered ineligible for a credit.  With the exception of such non-viable leads, all other leads/actions for which the postback has been fired by the advertiser, must be paid for.



                         ii.    With two (2) business days’ prior written notice to the Agency, without penalty, for any non-guaranteed Deliverable, including, but not limited to, CPC Deliverables, CPL Deliverables, or CPA Deliverables, as well as some non-guaranteed CPM Deliverables.

b.         Either Media Company or Agency may terminate an IO at any time if the other party is in material breach of its obligations hereunder, which breach is not cured within 5 business days after receipt of written notice thereof from the non-breaching party, except as otherwise stated in these Terms with regard to specific breaches. Additionally, if Agency or Advertiser breaches its obligations by violating the same Policy three times (and such Policy was provided to Agency or Advertiser) and receives timely notice of each such breach, even if Agency or Advertiser cures such breaches, then Media Company may terminate the IO or placements associated with such breach upon written notice. If Agency or Advertiser does not cure a violation of a Policy within the applicable 5-day cure period after written notice, where such Policy had been provided by Media Company to Agency, then Media Company may terminate the IO and/or placements associated with such breach upon written notice.


XIV.                            MISCELLANEOUS

d.    In the event of any inconsistency between the terms of an IO and these Terms and Conditions, the terms of the IO shall prevail. Any dispute, claim or controversy arising out of or relating to this IO (including these Terms and Conditions) or the breach, termination, enforcement, interpretation or validity thereof, including the determination of the scope or applicability of this agreement to arbitrate, shall be determined by arbitration before a single arbitrator mutually agreed upon by the parties, or ordered by a court of competent jurisdiction, if the parties are unable to agree. Judgment on the Award may be entered in any court having jurisdiction. This clause shall not preclude parties from seeking provisional remedies in aid of arbitration from a court of appropriate jurisdiction. The arbitrator may, in the Award, allocate all or part of the costs of the arbitration, including the fees of the arbitrator and the reasonable attorneys’ fees of the prevailing party. Each party agrees that it may be served with process at its address set forth on the first page hereof. All IOs shall be governed by the laws of the Province of Ontario, Canada. If Advertiser is the party initiating arbitration, the exclusive venue and jurisdiction shall be Toronto, Ontario, Canada and the parties consent to the jurisdiction.  If the Agency (on behalf of itself and not Advertiser) or Media Company initiates arbitration against the Advertiser the exclusive venue and jurisdiction shall be Toronto, Ontario, Canada and the parties consent to the jurisdiction. No modification of these Terms and Conditions or any IO shall be binding unless in writing and signed by both parties. If any provision herein is held to be unenforceable, the remaining provisions shall remain in full force and effect. All rights and remedies hereunder are cumulative.


XV.                   DATA PROTECTION

For the purposes of these terms ‘Applicable Data Protection Law’ shall mean: (a) any applicable local implementing legislation of the Data Protection Directive; (b) from 25th May 2018, the General Data Protection Regulation ((EU) 2016/679 (“GDPR”), read in conjunction with and subject to any applicable UK national legislation that provides for specifications or restrictions of the GDPR’s rules; (c) from the date of implementation, any applicable local legislation that supersedes or replaces the GDPR in a country or territory or which applies the operation of the GDPR as if the GDPR were part of any applicable local legislation; and (d) any other applicable data protection or privacy law of any jurisdiction. Advertiser and the Media Company agree to comply with the relevant provisions of Applicable Data Protection Laws. To the extent that any party processes any personal data that is either Controlled (as defined in Schedule 1) by another party in relation to this Agreement or Processed (as defined in Schedule 1) by another party on behalf of a third party Controller, it shall comply with the provisions contained in Schedule 1 of this Agreement. Where relevant, both parties warrant and undertake that they have obtained and shall obtain all necessary consents (in accordance with all applicable law, including Applicable Data Protection Law) in relation to any Personal Data Controlled by either party and Processed (each as defined in Schedule 1) in accordance with this Agreement.



                                                                   DATA PROTECTION


1.1               In this Schedule the following terms shall have the following meanings:

“Controller” shall have the same meaning as set out in Applicable Data Protection Law;

“Data Subject(s)” shall have the same meaning as set out in Applicable Data Protection Law;

“European Economic Area, EEA” means the member states of the European Union from time to time plus additional states that are party to the EEA Agreement from time to time;

“Personal Data” shall have the same meaning as set out in Applicable Data Protection Law;

“Personnel” shall mean any staff (including temporary, casual and unpaid workers) and sub-contractors employed or appointed by the Processor;

“Processing” shall have the same meaning as set out in Applicable Data Protection Law and other parts of the verb “to process” shall be construed accordingly;

“Processor” shall have the same meaning as set out in Applicable Data Protection Law.

1.2               For the purposes of this Schedule the parties agree either Advertiser or Media Company may be the Controller or the Processor under this Agreement.

1.3               Where the Processor Processes Personal Data on behalf of the Controller, the Processor shall:

1.3.1                   process the Personal Data only in accordance with the documented instructions of the Controller;

1.3.2                   implement appropriate technical and organisational measures to protect the Personal Data against unauthorised or unlawful Processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm and risk which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Personal Data and having regard to the nature of the Personal Data which is to be protected;

1.3.3                   only employ or appoint Personnel to Process the Personal Data who have given binding undertakings of confidentiality;

1.3.4                   not transfer Personal Data outside of the EEA without the prior written consent of the Controller and (where the Controller consents to such transfer) covenant that the transfer shall be made in such a way as to ensure that the level of protection offered to natural persons by Applicable Data Protection Law is not undermined, which may, at Controller’s election, involve the parties entering into standard contractual clauses as approved pursuant to ‘Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries’ (or any applicable superseding clauses);

1.3.5                   comply with any obligations placed on it under Applicable Data Protection Law;

1.3.6                   obtain prior written consent from the Controller in order to transfer the Personal Data to any third parties and where the Controller consents, the Processor shall:

(a)               ensure that the third parties are subject to, and contractually bound by, at least the same obligations as the Processor under this paragraph 1.3;

(b)               provide to the Controller copies of any documentation to demonstrate compliance with the obligations under this paragraph 1.3; and

(c)                remain fully liable to the Controller for all acts and omissions of any  third parties;

1.3.7                   immediately alert and inform the Controller of a Personal Data breach (including, but not limited to, any unauthorised or unlawful Processing, loss of, damage to or destruction of the Personal Data) suffered by the Processor or third parties to which Personal Data has been transferred (“Personal Data Breach”) and provide all necessary co-operation and assistance to enable the Controller to comply with its obligations under Applicable Data Protection Law;

1.3.8                   permit, or procure permission for, the Controller (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit the Processor’s data Processing activities (and/or those of its agents, sub-contractors, Affiliates and third parties) and comply with all reasonable requests for information or directions by the Controller to enable the Controller to verify and/or procure that the Processor is in full compliance with its obligations under this Agreement;

1.3.9                   immediately notify the Controller if it receives a request from or on behalf of a Data Subject to have access to that person’s Personal Data or to exercise any of their other rights under Applicable Data Protection Law (a “Data Related Request”);

1.3.10               not respond to any Data Related Request without the prior written consent of the Controller and shall provide the Controller with full co-operation and assistance in relation to a Data Related Request, including by:

(a)               providing the Controller with full details of the Data Related Request;

(b)               assisting the Controller to comply with a Data Related Request (within any relevant timescales required by applicable law, including Applicable Data Protection Law and in accordance with the Controller’s instructions;

(c)                providing the Controller with any Personal Data it holds in relation to an individual; and

(d)               providing the Controller with any other relevant information requested by the Controller;

1.3.11               unless applicable law requires otherwise, upon termination of this Agreement:

(a)               at the option of the Controller comply or procure the compliance with the following:

(i)                 return to the Controller all Personal Data and any other information provided by the Controller to the Processor; and/or

(ii)                delete all Personal Data provided by the Controller to the Processor permanently, safely and securely and provide the Controller with a certificate of destruction; and

(b)               cease to process the Personal Data;

1.3.12               where the laws of the country where the Processor is established require the Processor to transfer the Personal Data to a third country or an international organisation, inform the Controller as soon as reasonably possible of that legal requirement unless that law prohibits such communication on important grounds of public interest.

1.4               The nature/purpose of the Processing under this Agreement is: to enable the Controller to carry out its obligations under the Agreement.

1.5               The duration of the Processing under this Agreement will be for the term of this Agreement or as otherwise required by applicable law.

1.6               The types of Personal Data which may be subject to Processing under this Agreement may concern employees, consultants, subcontractors or customers of each party.