between __
(hereinafter “Platform”)
(hereinafter “Advertiser”)
(each of Platform and Advertiser may hereinafter be referred to as a “Party”, and together the “Parties”)
General Provisions
Definitions
‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’);
‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘joint processing’ means a processing where two or more controllers determine purposes and means of it.
Parties’ responsibilities
No
|
Obligation under GDPR
|
Platform
|
Advertiser
|
|||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
1
|
Article 6: Requirement of legal basis for joint processing
|
-
|
X The Advertiser takes consent through the cookie banner. The advertiser must also ensure the user's consent to the processing of data by the Platform. The Advertiser is obliged to share information with the Platform about the choice made by the data subject using the cookie banner (preferences)
|
|||||||||
2
|
Articles 13,14: Providing information on joint processing of personal data
|
-
|
X The Advertiser informs the data subject of the processing in accordance with the applicable law. The advertiser discloses information about cooperation with the Platform in its Privacy policy (or in the Cookie policy if it is separate)
|
|||||||||
3
|
Article 15: Access right
|
X
|
The Party does not have access to the data, so it cannot exercise this data subject right on its own. Since the GDPR allows the data subject to apply to any of the joint controllers for the exercise of his or her rights, The Advertiser is obliged to pass on information about the request it receives to the other Party within 7 days. The Platform is in turn obliged to respond to the data subject's request in accordance with the applicable law.
|
|||||||||
4
|
Article 16: Right to rectification
|
X
|
The Party does not have access to the data, so it cannot exercise this data subject right on its own. Since the GDPR allows the data subject to apply to any of the joint controllers for the exercise of his or her rights, The Advertiser is obliged to pass on information about the request it receives to the other Party 7 days. The Platform is in turn obliged to respond to the data subject's request in accordance with the applicable law.
|
|||||||||
5
|
Article 17: Right to be forgotten
|
X
|
The Party does not have access to the data, so it cannot exercise this data subject right on its own. Since the GDPR allows the data subject to apply to any of the joint controllers for the exercise of his or her rights, The Advertiser is obliged to pass on information about the request it receives to the other Party 7 days. The Platform is in turn obliged to respond to the data subject's request in accordance with the applicable law.
|
|||||||||
6
|
Article 18: Right to restriction of processing
|
X
|
X
|
|||||||||
7
|
Article 20: Right to data portability
|
X
|
The Party does not have access to the data, so it cannot exercise this data subject right on its own. Since the GDPR allows the data subject to apply to any of the joint controllers for the exercise of his or her rights, The Advertiser is obliged to pass on information about the request it receives to the other Party 7 days. The Platform is in turn obliged to respond to the data subject's request in accordance with the applicable law.
|
|||||||||
8
|
Article 20: Right to object
|
X
|
The Party does not have access to the data, so it cannot exercise this data subject right on its own. Since the GDPR allows the data subject to apply to any of the joint controllers for the exercise of his or her rights, The Advertiser is obliged to pass on information about the request it receives to the other Party 7 days. The Platform is in turn obliged to respond to the data subject's request in accordance with the applicable law.
|
|||||||||
9
|
Article 32: Security of the joint processing
|
X (regarding the security of the applicable products)
|
X (regarding the correct technical implementation and configuration of the applicable products)
|
|||||||||
10
|
Articles 33, 34: Personal data breaches concerning the joint processing
|
X
|
If a Party becomes aware of a data breach, it shall notify the Platform without delay. All other obligations related to the data breach (notification of the supervisory authority and subjects, investigation, elimination of negative consequences, etc. in accordance with the applicable legislation) shall be performed by the Platform.
|
Cooperation
To send information about receipt of a request for the exercise of rights from a data subject, the Advertiser shall use email __ or an alternative method established by the Parties.