Publisher Terms and Conditions

Services. Brightcom enables the Publisher executing this IO (“Publisher”) to receive, transmit and promote creative images, text, videos or other advertisements, and promotional materials regarding (“Advertisement”) provided by Brightcom’s third party advertisers (“Advertiser”) on Publisher’s digital assets including without limitation, websites or mobile apps (“Digital Asset”) (collectively, the “Services”).

Payments. Brightcom shall remit payment to the Publisher (“Payment”) in accordance with the payment terms stipulated in the IO, from invoice receipt and after it receives payment from Advertiser for the respective campaign. Payments shall be calculated and determined solely based on Brightcom’s data and information with respect to the campaigns, commissions due to Publisher. Publisher will establish, implement and use all commercially reasonable technology and methodologies to: (i) prevent Fraudulent Traffic (as such term is defined below); (ii) detect Fraudulent Traffic should it occur; and (iii) promptly take steps to prevent continuation and/or recurrence of occurrences thereof.

For the purpose of this Agreement, “Fraudulent Traffic” shall mean the inclusion in reports, bills or other information and materials associated with this Agreement, of data that counts or uses in calculations, anything other than natural persons viewing actually displayed Advertisements in the normal course of using any device, including, without limitation, browsing through online, mobile or any other technology or platform. For the avoidance of ambiguity, Fraudulent Traffic includes, without limitation, the inclusion or counting of views: (i) by a natural person who has been engaged for the purpose of viewing such Creative, whether exclusively or in conjunction with any other activities of that person; (ii) by non-human visitors; (iii) combinations of displays directed or redirected by any combination of (i) and/or (ii); and (iv) that are not actually visible to the human eye, discernible to human senses or perceived by a human being.

Publisher agrees that Brightcom shall have no obligation hereunder, for compensation, liability or otherwise in respect of Fraudulent Traffic and shall not be billed or required to pay for Fraudulent Traffic. To the extent any payment attributable to Fraudulent Traffic is or may be paid by Brightcom, Publisher shall, within five (5) days, reimburse and refund such payment to Brightcom, together with reasonably adequate documentation to substantiate the accuracy of any such reimbursement or refund.

In addition, Brightcom shall not pay for any traffic from any blacklisted websites or which include any non-human traffic.
Furthermore, Brightcom reserves the right to deduct or withhold payment due to Publisher in the following events:

1. Any Digital Asset which does not include a Video Player (such as E bay, Skype, etc.).
2. Digital Assets which include any illegal content or are not in compliance with applicable laws, rules or regulations.
3. In the event an Advertiser has not paid Brightcom for the placement of the Advertisement on the Digital Asset.

Brightcom has the right to resell the site’s inventory based on BrightCom’s direct demand, SSP’s and open marketplaces demand.

Term and Termination. The term of this Agreement will commence upon the Effective Date and will continue until terminated by either party or as detailed in the respective IO (the “Term”). Either party may terminate this Agreement at any time, with or without cause, by giving the other party at least twenty-four (24) hours prior written notice. Upon the expiration or termination of the Agreement, all licenses granted hereunder shall immediately terminate, and Publisher shall immediately cease any and all use of the Services.

Intellectual Property. Brightcom shall retain all right, title and interest in and to any content originated by, or transmitted from Brightcom to Publisher. During the campaign, Brightcom grants Publisher a limited nonexclusive license to use the Advertisements in accordance with this Agreement. Brightcom shall own all right, title and interest in and to any content, design or software provided by Brightcom. This Agreement does not transfer or convey any right, title or interest in any Brightcom intellectual property intellectual property rights.

Representations and Warranties. Each party warrants and represents to the other party that it: (i) is duly organized and validly existing under the laws of its state of incorporation (ii) owns all right, title, and interest in its business, and in the content provided hereunder, as applicable, as necessary in order to run the campaign contemplated by this Agreement; (iii) has full power and authority to execute this Agreement and to perform its obligations hereunder.

Publisher hereby represents and warrants that the Digital Assets shall (a) comply with all applicable laws rules and regulations; (b) not infringe any copyright, trade secret, or other intellectual property right of any third party, contain any user or PC installed widget, toolbar, or any browser extension; (c) contains any of the following categories: Graphic or explicit violence; Adult, sexual, or obscene content; Discriminating, offensive, or profane material or hate content; Weapons, weapon accessories, or ammunition; Illegal drugs or drug paraphernalia; Tobacco or tobacco accessories; Spyware, malware, viruses, illegal hacking, or other materials that are intended to damage or render inoperable software or hardware; P2P file sharing, torrenting, or other content violating or infringing upon any third-party intellectual property rights; Counterfeit goods; Illegal products, activities, or services; Unmoderated user-generated content; Websites and other content that are under construction; Incentivized clicks, videos, or downloads; Exception: Publisher may allow rewarded video advertising, provided that the rewards offered to end-users for viewing the Ads are: (a) designated as a rewarded Ad by Publisher, (b) for the app in which the video Ad is displayed, and (c) virtual (i.e., having no monetary value). Publisher shall assume all responsibility and liability for such rewards. Content offering traffic generation or promoting fraudulent traffic; Content pertaining to particular religions or spirituality, or advocating the superiority of a specific race/ethnic group, national origin, color, religion, sex, sexual orientation, language; Alcohol; Gambling or online casinos (if there is the ability to cash out in real currency); Lotteries; Pharmaceutical or health products and services, including prescription medications; Abuse support;  Substance abuse; Content promoting or containing links that are disparaging Brightcom.

Publisher further represents and warrants that it shall serve Advertisements solely with high quality, fully transparent and fully organic traffic from specific domains which were provided and approved by Brightcom.

In case the Publisher includes within the Digital Asset, or intends on including an Ads.txt file, Publisher shall add Brightcom as part of the relevant demand partners.

Limitation of Liability. Except as set forth in this agreement, in no event will either party or its subsidiaries, shareholders, directors, affiliates, officers, employees, agents, successors and permitted assignees be liable to the other party or any third party for any special, incidental, consequential, exemplary or punitive damages, including to any damages for the use or inability to use the services or any part thereof, lost data, lost profits, loss of goodwill, lost revenue, service interruption, system failure or costs arising out of or in connection with this agreement, the service or any part therein under any theory of liability, including for contract or tort (including products liability, strict liability and negligence), and whether or not the party was or should have been aware or advised of the possibility of such damage and notwithstanding the failure of essential purpose of any limited remedy stated herein. In no event shall either party’s aggregate liability for any claim arising out of or related to this agreement, to the fullest extent possible under applicable law, exceed the amount paid by Brightcom to Publisher in the six (6) month period prior to the date of the relevant claim.

Indemnification. Each party shall defend, indemnify, and hold the other party harmless from and against any suit, proceeding, assertion, damage, cost, liability, or expense (including court costs and reasonable attorney fees), incurred as a result of a claim by a third party against such party or its affiliates, licensors, suppliers, officers, directors, employees or agents arising from, associated with or connected with such party’s breach of any of its representations or warranties set forth in this Agreement.

Miscellaneous. This Agreement does not, and shall not be construed to create any partnership, joint venture, employer-employee, agency, or franchisor-franchisee relationship between the parties hereto. Publisher may not, without the prior written consent of Brightcom, assign this Agreement, in whole or in part which shall not be unreasonably withheld. The Agreement is solely for the benefit of the parties and their successors and permitted assigns, and does not confer any rights or remedies on any other person or entity. This Agreement shall be interpreted according to the laws of the State of New York without regard to or application of conflict-of-law rules or principles. Any dispute relating to or arising from this Agreement shall be settled in the sole jurisdiction of the applicable courts in New York.  This Agreement shall constitute the entire agreement between the parties with respect to the subject matter hereof and all prior agreements, representations, and statements with respect to such subject matter are superseded hereby. This Agreement may be amended only by written agreement signed by both parties. No failure of either party to exercise or enforce any rights under the Agreement shall act as a waiver of subsequent breaches. In the event any provision of the Agreement is for any reason held invalid, illegal or unenforceable, the parties will begin negotiations for a replacement provision and the remaining provisions of the Agreement will be unimpaired. If either Party is prevented from performing any of its obligations under the Agreement due to any cause beyond the party’s reasonable control, including, without limitations, an act of God, fire, flood, explosion, war, strike, embargo, government regulation, civil or military authority, acts or omissions of carriers, transmitters, providers, vandals, or hackers (a “Force Majeure Event”) the time for that Party’s performance will be extended for the period of the delay or inability to perform due to such occurrence;. This Agreement shall be construed and interpreted fairly, in accordance with the plain meaning of its terms, and there shall be no presumption or inference against the party drafting the Agreement in construing or interpreting the provisions hereof.

Notice and Choice Requirements.

Solely where personal data (as that term is defined under the General Data Protection Regulation (“GDPR”) is collected from residents of European Economic Area, for purposes described in this Agreement, Publisher must, on each Digital Asset:

Provide legally sufficient notice that describes the manner in which personal data (such as IP address and unique cookie or device identifiers) are used in the course of the engagement between the parties.

Obtain legally sufficient consent from Publisher’s users, regarding the collection of such Personal Data and use of cookies for the purpose of providing personalized ads; and

Provide a legally sufficient opt-out method, or a link to an industry-wide or platform-based opt-out method, that will enable Publisher’s users to withdraw their consent from (i.e., to opt out of) the data collection and usage described herein.

For avoidance of doubt, the above shall not apply where Publisher does not permit Brightcom to interact with traffic from the EEA.

In compliance with the above, Publisher shall, as feasible and as available, implement an industry-wide consent mechanism such as the mechanism being developed by the IAB and/or EDAA, in order to comply with the GDPR’s consent requirements.  In the absence of such consent mechanism, Publisher acknowledges that Brightcom recommends the following, or similar, language be provided in a consent box or dialog that users agree to:

“We and third parties may collect and share your IP data, mobile device identifier, advertising ID, a cookie identifier, or and other information about your device or browser for interest-based advertising purposes. 

[Agree] [Decline]

Details and opt-out instructions:  [Publisher Privacy Policy]

Publisher agrees that the above recommended language, and any subsequent language recommended by Brightcom, does not constitute and should not be relied upon as or as a substitute for legal advice, and that Publisher is solely responsible for its own methods of notice, consent, and legal compliance. In the even the Publisher did not obtain users’ consent or did not provide Brightcom with consent signal or string, the Publisher undertakes and accepts that Brightcom might not be able to provide interest-based advertisement to EEA users.

DPO. Each party shall identify and provide contact details for its contact point within its organization authorized to respond to enquiries concerning processing of the Personal Data or its Data Protection Officer (“DPO”), as applicable. In the event of a change of the above contact person or DPO’s identity, each party shall provide updated contact details. Each party will cooperate in good faith with the other party, the Data Subject and the Supervisory Authority concerning all such enquiries within a reasonable time.

Brightcom’s DPO can be contacted at [email protected]

Company Data. Brightcom processes certain Personal Data from the end user as detailed in the Brightcom Privacy Policy available at: http://brightcom.com/privacy-policy/ (“Company Data”). Publisher hereby undertakes that as Data Controller of the user data it shall comply with the applicable laws, regulations and the Data attached hereto as Exhibit A.

Exhibit A Data Processing Agreement

This DPA only applies to the extent that EU Data Protection Law (as defined below) applies to the Processing of Personal Data under this Agreement, including if (a) the Processing is in the context of the activities of an establishment of either party in the EEA or (b) the Personal Data relates to Data Subjects who are in the EEA and the Processing relates to the offering to them of goods or services or the monitoring of their behavior in the EEA by or on behalf of a party. Notwithstanding the above, this DPA and the obligations hereunder do not apply to aggregated reporting or statistics information a party may collect from end users or provide to the other party.

1. DEFINITIONS
   • “Publisher Data” means any and all data shared between the parties that may include, inter alia, device information, IDs, events, and country level geo location data. The Publisher Data includes, without limitation, data deemed as Personal Data and IDs all as detailed in Schedule 1 attached herein.
   • “Data Protection Law” means any and all applicable privacy and data protection laws and regulations (including, where applicable, EU Data Protection Law) as may be amended or superseded from time to time.
   • “Controller“, “Processor“, “Data Subject“, “Personal Data“, “Processing” (and “Process“), “Personal Data Breach”, “Special Categories of Personal Data” and “Supervisory Authority” shall have the meanings given in EU Data Protection Law.
   • “EU Data Protection Law” means the (i) General Data Protection Regulation (Regulation 2016/679) (“GDPR”); (ii) the EU e-Privacy Directive (Directive 2002/58/EC), as amended (e-Privacy Law); (iii) any national data protection laws made under, pursuant to, replacing or succeeding (i) and (ii); (iv) any legislation replacing or updating any of the foregoing (v) any judicial or administrative interpretation of any of the above, including any binding guidance, guidelines, codes of practice, approved codes of conduct or approved certification mechanisms issued by any relevant Supervisory Authority.
   • “ID” means online identifiers such as IPs, advertising IDs, cookies and agents.
   • “Security Incident” means any security breach relating any Personal Data elements leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data within, Personal Data transmitted, stored or otherwise processed; including without limitation the meaning assigned to it under section 12 of Article 4 of the GDPR.

2. RELATIONSHIP OF THE PARTIES

In relation to all Publisher Data, the parties acknowledge that, as between the parties, Publisher is the Controller of Publisher Data, and that the Company, in providing the services is acting as a Processor on behalf of the Controller. The subject-matter and duration of the Processing carried out by the Processor on behalf of the Controller, the nature and purpose of the Processing, the type of Personal Data and categories of Data Subjects are described in Schedule 1.

3. REPRESENTATIONS AND WARRANTIES

The Publisher represents and warrants that: (a) its Processing instructions comply with all applicable Data Protection Laws, the Publisher acknowledges that, taking into account the nature of the Processing, the Company is not in a position to determine whether the Publisher’s instructions infringe applicable Data Protection Laws; and (b) the Publisher hereby warrants and represents that as of the Effective Date it will comply with EU Data Protection Law, specifically with the lawful basis for Processing Personal Data. The Company represents and warrants it shall process Personal Data, as set forth under Article 28(3) of the GDPR and Schedule 1 attached herein, on behalf of the Publisher, solely for the purpose of providing the service. Notwithstanding the above, in the event required under applicable laws, the Company may Process Personal Data other than as instructed by the Publisher, in such event the Company shall make best efforts to inform the Publisher of such requirement unless prohibited under applicable law.

4. RIGHTS OF THE DATA SUBJECT

It is agreed that where either party receives a request from a Data Subject or an applicable authority in respect of Personal Data Controlled or Processed by the other party, where relevant, the party receiving such request will direct the Data Subject or the authority to the other party, as applicable, in order to enable the other party to respond directly to the Data Subject’s request. Each party shall reasonable cooperate and assist the other party in handling of a Data Subject’s or an authority’s request, to the extent permitted under Data Protection Law.

5. SUB-PROCESSOR

The Publisher acknowledges that the Company may transfer Personal Data to and otherwise interact with third party data processors (“Sub-Processor”). Publisher hereby, authorizes the Company to engage and appoint such Sub-Processors to Process Personal Data, as well as permits each Sub-Processor to appoint a Sub- Processor on its behalf. The Company may, continue to use those Sub-Processors already engaged by the Company (as detailed in Schedule 2) and the Company may, engage an additional or replace an existing Sub-Processor to process Personal Data provided that it notifies the Publisher. The Company shall, where it engages any Sub-Processor impose, through a legally binding contract between the Company and Sub-Processor, data protection obligations no less onerous than those set out in this DPA on the Sub-Processor, in particular providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of the GDPR.

6. TECHNICAL AND SECURITY MEASURES

Each party shall implement appropriate technical and organizational measures to protect the Personal Data and its security, confidentiality and integrity and the Data Subject’s rights, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing the Personal Data, as well as the risk of varying likelihood and severity for the consumer’s rights, in order to ensure a level of security appropriate to that risk, including measures such as access control, auditing, encrypted transmission of data, encrypted storage and physical protections in line with industry best practices, all in accordance with the Data Protection Laws. Description of the technical and organizational measures implemented by Company, are available at: http://brightcom.com/security-policy/ (“Security Information Page”). Company may update or modify the Security Information Page from time to time, provided that such updates and modifications will not result in the degradation of the overall security of the Personal Data. Company takes reasonable steps to ensure that its personnel’s access to the Personal Data is limited on a need to know or access basis, and that its personnel receiving such access are subject to confidentiality undertakings or professional or statutory obligations of confidentiality in connection with their access or use of the Personal Data.

7. SECURITY INCIDENT

The Company will notify Publisher without undue delay upon becoming aware that an actual Security Incident involving the Publisher Data in Company’s possession or control has occurred, as Company determines in its sole discretion. Company’s notification of or response to a Security Incident under this section 3 shall not be construed as an acknowledgment by the Company of any fault or liability with respect to the Security Incident. The Company will, in connection with any Security Incident affecting Publisher Data: (i) quickly and without delay, take such steps as are necessary to contain, remediate, minimize any effects of and investigate any Security Incident and to identify its cause (ii) co-operate with Publisher and provide Publisher with such assistance and information as it may reasonably require in connection with the containment, investigation, remediation or mitigation of the Security Incident; and (iii) immediately notify Publisher in writing of any request, inspection, audit or investigation by a supervisory authority or other authority.

8. AUDIT RIGHTS

The Company shall make available, solely upon prior written notice and no more than once per year, to a reputable auditor nominated by the Publisher, information necessary to reasonably demonstrate compliance with this DPA, and shall allow for audits, including inspections, by such reputable auditor solely in relation to the Processing of the Publisher Data (“Audit”).

The Audit shall be subject to the terms of this DPA and confidentiality obligations (including towards third parties). The Company may object in writing to an auditor appointed by the Publisher in the event the Company reasonably believes, the auditor is not suitably qualified or independent, a competitor of the Company or otherwise manifestly unsuitable (“Objection Notice”). In the event of Objection Notice, the Publisher will appoint a different auditor or conduct the Audit itself.

The Publisher shall bear all expenses related to the Audit and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors to avoid causing (or, if it cannot avoid, to minimize) any damage, injury or disruption to the Company’s premises, equipment, personnel and business while its personnel are on those premises in the course of such Audit. Any and all conclusions of such Audit shall be confidential and reported back to the Company immediately.

9. DATA TRANSFER

Where EU Data Protection Law applies, neither party shall transfer to a territory outside of the EEA unless it has taken such measures as are necessary to ensure the transfer is in compliance with EU Data Protection Law. Such measures may include (without limitation) transferring the Personal Data to a recipient in a country that the European Commission has decided provides adequate protection for Personal Data.

10. LIABILITY

Each party shall take out and maintain insurance policies to the value sufficient to meet their respective liabilities under or in connection with this DPA.

SCHEDULE 1

Details of Processing of Controller Personal Data

This Schedule 1 includes certain details of the Processing Personal Data as required by Article 28(3) GDPR.

Subject matter and duration of the Processing of Personal Data

Processing carried out in connection with the provision of the services. The duration shall be for the terms of the Agreement, with an additional period from the expiration of the partnership until deletion of Publisher Data by the Company in accordance with the terms of this DPA.

The nature and purpose of the Processing of Personal Data

To provide the services and display advertisement on Digital Assets

The types of Personal Data Processed

IDs

The categories of Data Subject to whom the Personal Data relates

Users/Data Subject in the EEA.