Terms of Use

Last Updated: April 15, 2025

Welcome To Azira

The General Terms and Conditions (collectively, the “Terms”) are the terms and conditions for the Customer’s use of the Services (as defined below) and constitute a legally binding agreement between the corporate entity, LLP, corporation, LLC, partnership, sole proprietorship, or other business entity signing the Service Order (the “Customer”) and (i) AZIRA, LLC, in case the Customer is registered in the territorial limits of North America; or (ii) AZIRA PTE. LTD., in case the Customer is registered outside of North America, and each of their affiliates (the “Company”). Customer and Company are collectively referred to as the “Parties.” These Terms and any fully executed Insertion Orders or Service Orders that refer to these Terms (“Service Orders”) constitute the Parties’ agreement, and are collectively referred to as the “Agreement”. In the event of a conflict or ambiguity between these Terms and the applicable Service Order, the terms of the Service Order shall prevail. In the event of an inconsistency between the Data Processing Agreement (“DPA”) set forth in Schedule I and any other provision of the Agreement, the DPA shall prevail.

The Company may modify these Terms. The Company will notify the Customer by making the revised version available on this page or an identified successor page, and an updated version date will indicate that changes have been made. If the Customer does not accept the changes, the Customer must stop using the Services. The Customer’s continued use of the Services after the Company publishes changes shall indicate the Customer’s consent to the updates. For the avoidance of doubt, changes to these Terms will not affect any fees agreed in a Service Order, for the duration of the then-current terms of the Service Order.

1. Definitions

“Adequate Country” means a country or territory recognized as providing an adequate level of protection for Personal Data under an adequacy decision or regulations made, from time to time, by (as applicable) (i) the European Commission; and/or (ii) the UK Secretary of State.
“Allspark” means the Company’s identity, enrichment, audience curation, activation products which form the Company’s marketing intelligence solution.
“State Privacy Laws” means, as applicable, all US state privacy laws including but not limited to: (i) the CCPA; (ii) all US state Privacy Laws, which may include but shall not be limited to, the CCPA, the Virginia Consumer Data Protection Act, Code of Virginia title 59.1, Chapter 52, the Colorado Privacy Act, Colorado Rev. Stat. 6-1-1301 et seq., the Utah Consumer Privacy Act, Utah Code 13-61-101 et seq., the Connecticut Act Concerning Personal Data Protection and Online Monitoring, Conn. PA 22-15 § 1 et seq.; Washington My Health My Data Act, Ch. 19.373 RCW et seq., Nevada Security and Privacy of Personal Information, Nev. Rev. Stat. § 603A et seq., N.Y. Gen. Bus. Law § 394-G, or any regulations or guidance issued pursuant thereto; and (iii) all other relevant U.S. state laws regarding the privacy of personal information as applicable to the Underlying Agreement.
“Azira Platform”means the Company’s proprietary operational intelligence and marketing intelligence solutions through which the Services are provided.
“CCPA” means the California Consumer Privacy Act of 2018, as amended and as it may be amended from time to time, and any implementing regulations.
“Company Data” means any data (including reports) either derived from the Azira Platform by the Customer or curated and provided to the Customer by the Company as part of the Services including but not limited to (i) aggregated dataset created and customized on or from the Azira Platform, which may incorporate Customer Data; or (ii) Pseudonymised Data.
“Covered Person” means an individual or entity that is linked to a Country of Concern as set forth in U.S. regulations published at 28 CFR Part 202 (Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons)
“Compass” means the
“Country of Concern”Company’s measurement product, which forms part of the Company’s marketing intelligence solution.
“Customer Data” means any data provided by the Customer in connection with the provision of Services, including any data received by or on behalf of the Customer from websites, mobile sites, mobile applications, or other digital media owned and/or operated by the Customer, its affiliates, customers or other partners, wherein reference to ‘Customer’ includes, without limitation, its Users, but excluding all Company Data.
“Company Privacy Policy” means the Company’s privacy policy available at: https://azira.com/privacy-policy/.
“Data Protection Laws” means, applicable statutes, regulations, or other laws pertaining to information and security, including where applicable, the EU GDPR, the UK GDPR, the European e-Privacy Directive (Directive 2002/58/EC) and all national implementations (including but not limited to the Privacy and Electronic Communications (EC Directive) Regulations 2003), applicable State Privacy Laws, and any other data protection and privacy laws applicable to any Personal Data processed under the Agreement, each as amended or replaced from time to time. Data Protection Laws also include any current restrictions on the processing of Personal Data imposed by a regulator with competent jurisdiction over to the Customer’s access and use of the Services, in any final order in any enforcement action, irrespective of the identity of the respondent or defendant therein, including, as applicable, any processing deemed to be an unfair, deceptive or abusive act or practice by the Federal Trade Commission and/or any competent U.S. State agency.
“Data Subject Request” means a request from or on behalf of a Data Subject to exercise any rights in relation to their Personal Data under Data Protection Laws.
“Derivative Data” shall mean all works and output created by the Customer through its usage of the Company Data and which does not contain any Company Data in its raw and unmodified form.
“EEA” means the European Economic Area.
“Engage” means the Company’s in-house demand side or activation platform (“DSP”), and part of the Company’s marketing intelligence solution.
“Enrichment” means the Company’s service which appends Company Data to Customer Data.
“Enquiry” means a complaint or request in relation to either party’s obligations under Data Protection Laws relevant to the Agreement, including but not limited to any compensation claim from a Data Subject or any notice, investigation or other action from a supervisory authority.
“EU GDPR” means the EU’s Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (General Data Protection Regulation).
“EU SCCs” means the standard contractual clauses for international transfers of personal data to third countries set out in the European Commission’s Decision 2021/914means the standard contractual clauses for international transfers of personal data to third countries set out in the European Commission’s Decision 2021/914 of 4th June 2021 (at https://data.europa.eu/eli/dec_impl/2021/914/oj) incorporating Module One for controller to controller transfers.
“Fees” shall mean all fees payable by the Customer for the provision of Services in accordance with these Terms, and as specified in the applicable Service Order.
“Industry Standards” means any of the following which the Customer is subject to, from time to time,: (i) the IAB Transparency and Consent Framework; and (ii) any applicable self-regulatory codes, rules or guidelines, including the rules, codes and guidelines of the European Interactive Digital Advertising Alliance, and the Network Advertising Initiative.
“Intellectual Property Rights” means patents, patentable rights, copyright, design rights, utility models, trademarks (whether or not any of the above are registered), trade names, rights in domain names, rights in inventions, rights in data, database rights, rights in know-how and trade secrets, and all other intellectual and industrial property and similar or analogous rights existing under the laws of any country and all pending applications for and right to apply for or register the same (present, future and contingent, and including all renewals, extensions, revivals and all accrued rights of action).
“Marketing Material” means the creative, artwork, copy or active URLs of advertisement provided by the Customer to the Company or otherwise approved by the Customer for running it through the platform that interfaces with a publisher platform (i.e., mobile application on which Company has a right to serve advertisements including the Azira Platform) to enable the Company to serve advertisements (including by running Marketing Materials) on such publisher platform.
“Permitted Purpose” has the meaning given to it in Section 4.1.
“Personal Data” means any information processed in connection with the Services which relates to (a) an identified or identifiable natural person , or (b) under certain Data Protection Laws, as applicable, an identified or identifiable household (collectively, a “Data Subject”). A natural person or household is “identifiable” if it can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Personal Data Breach” means a breach of security leading to the accidental or unauthorized destruction, loss, alteration, disclosure of, or access to, Personal Data processed in connection with the Agreement.
“Pinnacle” means the Company’s operational intelligence solution.
“Pseudonymised Data” means Personal Data encoded to obscure the identity of the Data Subject, such the Data Subject might be re-identified only through the use of additional, separately-stored information.
“Restricted Transfer” means an EU Transfer and/or UK Transfer.
“Sensitive Personal Data” means Personal Data classified as sensitive by any applicable Data Protection Law (including “special categories of personal data” under EU GDPR and UK GDPR), such as Personal Data revealing or concerning the following: precise geolocation information (including, but not limited to, latitude, longitude, and timestamp) (“Precise Geolocation Information”), racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, financial information, sex life or sexual preferences, family planning, medical, reproductive or health information, genetic or biometric data for purpose of uniquely identifying an individual, children to the extent the data is in-scope of any applicable child protection law (including Personal Information subject to the US Children’s Online Privacy Protection Act (“COPPA”)), and criminal conviction or offense data.
“Services” means the Azira Platform, the Company Data shared with the Customer under a Service Order, the Company products provided to the Customer (e.g., Allspark, Compass, Advance, Engage, Identity and Enrichment and/or Pinnacle) and other solutions or products specified in a Service Order.
“Term” shall mean the term of this Agreement as specified in the respective Service Order which will auto-renew for subsequent one year terms unless otherwise specified in the Service Order.
“UK” means the United Kingdom.
“UK Approved Addendum” means the template Addendum B.1.0 and the accompanying mandatory clauses as issued by the UK’s Information Commissioner’s Office and laid before Parliament in accordance with s119A of the Data Protection Act 2018 of the UK on 2nd February 2022, and in force on 21st March 2022.
“UK GDPR” means the EU GDPR as implemented into the law of the United Kingdom by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 and the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2020 and the Data Protection Act 2018.
“User” means any individual who uses the Services on Customer’s behalf or through Customer’s login accounts or passwords, whether authorized or not.
“controller“, “processor“, “process“, “processing“, “supervisory authority” and “Data Subject” shall have the meaning as set out in the Data Protection Laws.

2. Customer Eligibility

Customer may not be, and is not, a Covered Person or Country of Concern.

3. Payment Terms

Fees.Customer shall pay the Company all Fees as set out in the Service Order. The Customer agrees that all invoices will only be delivered electronically to Customer at the email address specified in the Service Order. All payments must be made free and clear of any set-off or credits within thirty (30) days of receipt of the applicable invoice in accordance with this Section 2.1. In the event of any dispute as to the amount of an invoice, the Customer shall pay the amount in full pending the resolution of any dispute and the Company shall make any adjustment due immediately upon such resolution. Late payments bear interest at the rate of 1.5% per month (or the highest rate permitted by law, if less). All amounts payable hereunder are exclusive of any sales, use, other taxes or duties or other deductions and withholdings, however designated, for which Customer is solely responsible. Any Fees that are unpaid as of the date of termination or expiration of the Agreement will be immediately due and payable.
Fee Review. The Fees in respect of Service Orders with a Term longer than 12 (Twelve) months are subject to review and increase by the Company on every anniversary of the effective date of the Service Order, until the termination or expiry of the Agreement.
Taxes. The Fees payable under the Service Order must be paid to the Company without deduction and are net of any applicable tax, tariff, duty, or assessment imposed by any governmental authority (national, state, provincial, or local), including without limitation any goods and services, sales, use, excise, ad valorem, property, withholding, or value-added tax withheld at the source. The Customer will be solely responsible for paying all applicable taxes which may be levied or assessed in connection with the Services. If applicable law requires withholding or deduction of such taxes or duties, the Customer will separately pay the Company the withheld or deducted amount. However, this Section does not apply to taxes based on the Company’s net income.

4. Intellectual Property Rights

Ownership. The Company and/or its licensors (as applicable) retain all right, title, and interest in and to the Company’s brands, trademarks and logos, in each of the Allspark, Compass, Engage, Identity and Enrichment, Pinnacle services and all other Services, including associated methods, processes, designs, analyses, materials and information used in connection with the Services, and all Intellectual Property Rights thereto. Except for the licenses described herein, nothing herein shall be construed to assign or transfer any Intellectual Property Rights of one party to the other. Customer shall (i) not remove notices and notations on the Company Data that refer to copyrights, trademark rights, patent rights and other intellectual property rights; (ii) promptly bring to the attention of the Company any improper or wrongful use of any of the Company’s Intellectual Property Rights which comes to the Customer’s notice, and provide all assistance as may be reasonably requested by the Company in defending its Intellectual Property Rights. As between the Company and the Customer, the Customer owns (or where applicable, must ensure it has a valid license to) the Customer Data and the Derivative Data.
Feedback. All suggestions or contributions for improving or otherwise modifying any of the Company’s products or services (“Feedback”) provided by the Customer will be owned by the Company, and the Customer assigns all rights in such Feedback to the Company. Nothing in the Agreement will restrict the Company’s right to use, profit from, disclose, publish, keep secret, or otherwise exploit the Feedback without compensating or crediting the Customer or the User in question. Notwithstanding anything to the contrary, Feedback will not be considered as Confidential Information.
Trademarks. The Customer authorizes the Company to use its trade name, trademark and logo for the purpose of listing the Customer in its general list of customers. Additionally, the Customer permits the Company to bring out press releases, create case studies on anonymized basis and will be open to provide quotes from time to time solely for the Company’s marketing purposes, provided the Company obtains the Customer’s prior written approval specific to such quotes, which approval shall not be unreasonably withheld or delayed. The Company will comply with the Customer’s guidelines regarding the use of the Customer’s trademarks.

5. Grant Of Licence And Scope Of Use

Subject to full payment of the Fees and subject to the other provisions of this Agreement, the Customer is granted a limited, non-transferable, non-exclusive, revocable, and non-sublicensable licence, for the Term, to access and use the Services solely for the applicable permitted purpose set forth below (each a “Permitted Purpose”):

5.1.1. Audience data, including AllsparkServices: where the Service Order specifies that device ID data (“MAID”) exports are not included, may only be used to target the Customer’s specific advertising campaigns for which the Company Data has been provided to the Customer and for analysing the efficacy of that specific advertising campaign in the marketing channel identified in the Service Order;

5.1.2. Measurement/conversion data, including CompassServices: may be used solely for analysing the efficacy of specific advertising campaigns;

5.1.3. Engage/AdvanceServices: may be used solely for planning, managing, optimizing and analyzing online advertising campaigns;

5.1.4. Identity & EnrichmentServices: may be used for (i) the Customer’s non-commercial internal operational purposes; and (ii) analyses that the Customer may provide to its third-party clients;

5.1.5. Foot traffic and insights data, including Pinnacle Services: may be used for extraction of information from the Company Data solely for: (i) analyses that the Customer may provide to its third-party clients; (ii) creating reports, statements or other work output by combining the Company Data with the Customer’s own or any third party data; (iii) drawing conclusions or making business decisions; and (iv) conducting market research; and

5.1.6. The Polygon and POI data of Azira in any of its products or feeds is for the purpose of contextualization of the mobility data/ insights only. It may be used only for internal analysis and not be used for any other purpose including any consumer facing platform or downstream commercial purpose.

5.1.7. Any other usage explicitly set forth in a Service Order.
Subject to full payment of the Fees and subject to the other provisions of this Agreement, the Customer is granted a limited, non-transferable, non-exclusive, revocable, and non-sublicensable licence, for the Term, to access and use the Company Data for the applicable Permitted Purpose and as set out in this Agreement. Except as prohibited elsewhere in this Agreement or by Privacy Laws or the DPA, this license permits the Customer to:

5.2.1. access, view, combine or aggregate the Company Data (wholly or in part) with other data or information or to adapt the Company Data (wholly or in part), and create Derivative Data;

5.2.2. store the Company Data on the Customer systems; and
make the Company Data accessible (including the provision of access through a database or other application populated with the Company Data, reselling, sub-licensing, transferring or disclosing the Company Data) by any means (including any electronic means) to third parties solely to the extent explicitly set out in the applicable Permitted Purpose, provided that the Customer shall not share, resell, or permit or enable any third party to have access to, any Company Data in its raw form (i.e., as-is).
The Customer must not retain or permit any third-party to retain any Company Data for longer than the period during which Customer has a legitimate need to retain the Company Data for the applicable Permitted Purposes.
Upon the earlier of, the completion of the applicable Permitted Purposes or expiration/termination of the Agreement, the Customer must: (i) cease all processing or storage of such Company Data; (ii) securely delete and destroy such Company Data, including any associated backup copies, whether stored or maintained by the Customer or any of its service providers or partners (including its Partners, where relevant); (iii) certify in writing that the Customer has deleted/ destroyed or otherwise expunged/purged such Company Data; (iv) update, delete, destroy, segregate, truncate, encrypt, mask, transfer, and/or provide to any third party designated by the Company any Company Data stored or maintained by the Customer, as per Company’s specific instructions.
The Customer is not authorized to use any Services beyond those specifically granted in this Agreement. Without limiting the foregoing, the Customer shall not:

5.5.1. resell, sublicense or otherwise commercially exploit or make available to any third party, the Azira Platform, including using the Azira Platform for service bureau or time-sharing purposes;

5.5.2. share, publish, publicly display, or otherwise disclose or make available the Azira Platform to any third party;

5.5.3. store, combine, comingle, or otherwise use the Azira Platform, or any element thereof, to develop, enhance, or structure any database, or use the Services for purposes of segmenting, re-targeting, creating or supplementing user profiles or inventory profiles, interest categories, audience segmentations, or syndication;

5.5.4. copy, translate, decompile, reverse engineer or otherwise modify or make derivative works based upon any parts of the Services in order to build a competitive product or service;

5.5.5. use the Services and the Company Data in an illegal or unethical manner;

5.5.6. create Internet ‘links’ to the Services or ‘frame’ or ‘mirror’ the Services on any other server or wireless or Internet-based device or interfere with or disrupt the Company’s systems used to host the Services;

5.5.7. engage in web scraping or data scraping, including collection of information through any software that simulates human activity or any bot or web crawler;

5.5.8. circumvent the user authentication/login provided to the Customer; or

5.5.9. provide Company Data (i) to a Covered Person or Country of Concern, or (ii) to any foreign (i.e., non-US) person or entity without first having contractually prohibited the recipient from passing the Company Data along to a Covered Person or Country of Concern.
Without limiting the foregoing Section 4.5, in all cases, the Customer will not use the Services for any of the following purposes:

5.6.1. employment eligibility,

5.6.2. credit eligibility,

5.6.3. health care eligibility,

5.6.4. insurance eligibility, underwriting, or pricing,

5.6.5. for correlation or generating Personal Data,

5.6.6. to market or sell to law enforcement agencies, or

5.6.7. any unlawful or prohibited purposes, including any purpose prohibited by section 8.1.3.
Where the Customer is using Allspark and Engage Services, if the Customer uses any third-party advertisement serving or measurement platform on its behalf (“Partner”), the Partner will receive Pseudonymised Data. The Customer agrees that it will not, and will procure that each Partner will not, share any Pseudonymised Data received from the Company with third parties and that the Customer’s use of such Pseudonymised Data will be solely as permitted herein, and without limitation, the Customer will not use, transmit, combine, merge, sync, link, or analyse Pseudonymised Data with other Personal Data or make any other attempt to re-identify the individuals.
The Customer must use the Services in a manner that is consistent with the Customer’s privacy policy and compliant with all applicable laws, regulations and self-regulatory guidelines (including but not limited to the NAI’s Self-Regulatory Principles).
Subject to the terms of the Service Order, the Customer may use each Service and access, store and otherwise process the Company Data for the applicable Permitted Purpose only, provided always that no more than the number of Users set out in the Service Order may access and use the Service and the Company Data for such Permitted Purpose. The Customer acknowledges and agrees that any use of any Service and/or Customer Data beyond the applicable Permitted Purposes will be considered a material breach of the Agreement.
The Company may, without liability, terminate this Agreement upon notice to the Customer or suspend Customer’s access to the Services without advance notice if the Company, in its sole discretion, determines any breach of this Section 4. The Company’s right to suspend the Services is in addition to other remedies that the Company may have. The Customer must notify the Company immediately of any known or suspected unauthorized use of the Services or breach of its security and will use best efforts to stop the said breach.
The Customer grants Company and its affiliates free of charge, a non-exclusive, worldwide, royalty-free, irrevocable, perpetual license to use, copy, modify, transmit, sub-license, index, store, validate, integrate, aggregate, sort, analyse and display the Customer Data: (i) to the extent necessary for the provision of Services as the Company may determine (including creating derivative works from the Customer Data, developing, modifying, improving, supporting, customizing, optimising and operating the Services) or enforcing its rights under the Agreement; or (ii) where required or authorized by law. The Customer represents and warrants that it has all rights to grant such license to the Company without infringement or violation of any third-party rights.
The Company may use, copy, transmit, index, model, aggregate (including with other customers’ data) the Customer Data for the purpose of (i) developing, improving or customizing the Services; and (ii) publishing, displaying and distributing any anonymous information (i.e., information where neither Customer nor its Users are capable of being identified) derived from the Customer Data.
In the event the Customer is granted a temporary, limited, non-exclusive, revocable, non-sublicensable, non-transferable license to access and use the Azira Platform and/or Company Data for the purpose of internal evaluation, such use is limited to an internal test environment and such license is provided on “as-is” basis without any representations and warranties from the Company. Unless Company has agreed otherwise in writing, the duration of the foregoing license is no more than 30 days. The Customer agrees and understands that it is not authorized to distribute, commercialize, or otherwise use in its production any part of the Company Data provided under this Section.

6. Confidentiality

“Confidential Information” includes (but is not limited to) the following items that either party (“Disclosing Party”) discloses to the other party (“Receiving Party”): (i) any document that the Disclosing Party marks as ‘Confidential’; (ii) any information that the Disclosing Party orally designates as ‘Confidential’ at the time of disclosure, provided the Disclosing Party confirms such designation in writing within 15 (Fifteen) business days; (iii) the Company Data and Customer Data, whether or not marked or designated as confidential; and (iv) any other non-public, sensitive information that the Receiving Party should reasonably consider a trade secret or otherwise confidential. Notwithstanding the foregoing, Confidential Information does not include information that: (a) is lawfully in the Receiving Party’s possession at the time of disclosure in circumstances in which the Receiving Party is not prevented from disclosing it to others; (b) is independently developed by the Receiving Party without use of or reference to Confidential Information; (c) becomes known publicly, before or after disclosure, other than as a result of improper action or inaction; (d) has been disclosed to the Receiving Party by a third party who, to the Receiving Party’s knowledge, has the right to disclose such information without restriction; or (e) is approved for release in writing by the Disclosing Party. The Customer is on notice that the Confidential Information may include the Company’s valuable trade secrets. For the purpose of this Section 5, a reference to a “party” means such party and its affiliates.
The Receiving Party will treat the Confidential Information with the same care as it exercises in respect of its own information, which shall not be less than ‘reasonable care’ and disclose only on a need-to-know basis or as permitted under the Agreement. The Receiving Party will only use the Confidential Information for the purposes of performing its obligations or as permitted under the Agreement. However, the Receiving Party may disclose Confidential Information: (i) if approved by the other party in writing; (ii) if required by law or regulation; (iii) in the event of dispute between the parties, as necessary to establish the rights of either party; or (iv) as necessary to provide the Services to the Customer. In the case of (ii) and (iii), the Receiving Party will, to the extent lawful to do so, provide reasonable advance notice to the Disclosing Party and provide reasonable assistance to limit the scope of the disclosure unless prohibited by law or regulation. The Receiving Party is responsible for ensuring that its representatives and affiliates fully comply with the obligations of the Receiving Party under this Section. Upon termination of the Agreement, the Disclosing Party shall return all copies of the Confidential Information to the Receiving Party or certify, in writing, the destruction thereof. The Customer shall return all Confidential Information of the Company within 10 (Ten) days of termination or expiry of the Service Order.
Notwithstanding the foregoing, the Company Data and the terms and pricing in the Service Order are considered Confidential Information of the Company and the Customer must use the same care and protection it affords to its own Confidential Information (but not less than reasonable care). The Customer will be responsible for any breach of confidentiality by its employees, consultants, agents and representatives. The Customer must keep the Company Data distinct and separate from all other data and information retained by the Customer. The Customer agrees to maintain reasonable and appropriate technical and organizational measures to protect the Company Data from unauthorized access, misuse, or disclosure.

7. Warranties

Company’s Warranties.Company represents and warrants that it has all rights needed to provide the Services and grant the licenses as set forth in this Agreement. The Company’s representations and warranties in the preceding sentence do not apply to the extent any infringement arises out of any of the conditions listed in Sections 7.3.(i) and 7.3.(ii) below. In the event of a breach of the warranty in this Section 6.1, the Company shall, within a reasonable time period and at its own expense: (i) secure for the Customer the right to continue using the Services; (ii) modify the Services to make them non-infringing, or provide a reasonable solution that is not materially detrimental to the Customer; or (iii) terminate the infringing features of the Services, and refund to the Customer any prepaid Fees for such features, in proportion to the portion of the Term left after such termination, in which case the Customer shall cease all use of the affected Services and erase any copies of Company Data in relation thereto. In conjunction with the Customer’s right to terminate for breach, where applicable, the preceding sentence states the Company’s sole obligation and liability, and the Customer’s sole and exclusive remedy, for breach of the warranty in this Section 6.1 and for potential or actual intellectual property infringement by the Services.
Customer’s Warranties. The Customer represents and warrants that: (i) it is not a Covered Person or Country of Concern, (ii) it has the full right and authority to enter into, execute, and perform its obligations under the Agreement; (iii) it is an entity authorized to do business pursuant to applicable law; (iv) it has the right, power and authority to provide the Customer Data and the Marketing Material to the Company as envisaged by this Agreement; (v) the Customer Data and Marketing Material are complete, accurate, in the agreed format, and will not infringe or misappropriate the Intellectual Property Rights of any third party, breach any duty towards or rights of any third party, including rights of publicity or privacy; (vi) the Marketing Materials are not false, deceptive, misleading, obscene, defamatory, illegal (including without limitation, in violation of applicable advertising laws and other applicable laws, rules and regulations), harmful, threatening, abusive, obscene, hateful, libellous, invasive of any individual’s privacy rights, unethical or racially or politically objectionable; (vii) the Marketing Materials will be in accordance with the then existing advertising guidelines of the Company; (viii) the Customer shall accurately identify each User and shall not provide any inaccurate information about a User to the Company; (ix) the performance of its obligations under these Terms will not cause the Company to infringe the rights of any third party (including privacy rights of individuals); and (x) it will comply with all laws, rules and regulations applicable to its use of the Services.
IMPLIED WARRANTIES. THE CUSTOMER AGREES THAT IT IS SOLELY RESPONSIBLE FOR ITS SELECTION OF THE SERVICE AND FOR ALL USE IT MAKES OF THEM, AND ALL RELIANCE IT CHOOSES TO PLACE ON THE SERVICES AND ANY COMPANY DATA. EXCEPT FOR THE EXPRESS WARRANTIES IN THE AGREEMENT, THE CUSTOMER ACCEPTS THAT THE SERVICES ARE PROVIDED ON AN “AS-IS” AND AS AVAILABLE BASIS, WITH NO REPRESENTATION OR WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, ACCURACY, COMPLETENESS, CURRENCY, CORRECTNESS, RELIABILITY, INTEGRITY, USEFULNESS, QUALITY, NON-INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, ACCURACY OR ANY IMPLIED WARRANTY ARISING FROM STATUTE, COURSE OF DEALING, COURSE OF PERFORMANCE, OR USAGE OF TRADE. THE CUSTOMER ACKNOWLEDGES THAT (I) NEITHER THE COMPANY, ITS AFFILIATES NOR ITS THIRD-PARTY PROVIDERS CONTROLS THE CUSTOMER EQUIPMENT OR THE TRANSFER OF DATA OVER COMMUNICATIONS FACILITIES (INCLUDING THE INTERNET); (II) THE SERVICES MAY BE SUBJECT TO LIMITATIONS, INTERRUPTIONS, DELAYS, CANCELLATIONS, AND OTHER PROBLEMS INHERENT IN THE USE OF THE COMMUNICATIONS FACILITIES; AND (III) IT IS FULLY RESPONSIBLE TO INSTALL APPROPRIATE SECURITY UPDATES AND PATCHES. THE COMPANY, ITS AFFILIATES, AND ITS THIRD-PARTY PROVIDERS ARE NOT RESPONSIBLE FOR ANY INTERRUPTIONS, DELAYS, CANCELLATIONS, DELIVERY FAILURES, DATA LOSS, CONTENT CORRUPTION, PACKET LOSS, OR OTHER DAMAGE RESULTING FROM THESE PROBLEMS. COMPANY IS NOT RESPONSIBLE FOR ANY COMPUTER VIRUSES, WORMS, SOFTWARE BOMBS, BUGS OR SIMILAR ITEMS THAT AFFECT THE CUSTOMER’S COMPUTERS, COMPUTER SYSTEMS, SOFTWARE, INFRASTRUCTURE OR DATA AS A RESULT OF THE CUSTOMER’S ACCESS TO OR USE OF SERVICES. THERE MAY BE PERIODS WHEN THE SERVICES ARE UNAVAILABLE AND CANNOT BE ACCESSED, AND THE COMPANY ACCEPTS NO LIABILITY FOR ANY LOSS OR DAMAGE THAT CUSTOMER MAY SUFFER OR INCUR AS A RESULT OF SUCH UNAVAILABILITY AT ANY TIME.
Company Data. Company Data is derived from data provided by third parties, the accuracy and/or completeness of which is not guaranteed. The Services involve models and techniques based on aggregate statistical analysis, probability and predictive behaviour. Accordingly, the Company shall not be liable for any inaccuracy, incompleteness or other error in the Services, or for any failure of Company Data to achieve any particular result for the Customer. While the Company strives to provide reliable information, Company Data may become stale and less dependable for a number of reasons, including, without limitation, changes over time, market conditions and/or technological changes. Except where expressly provided in the Service Order, the Company shall have no obligation to update the Company Data and may discontinue offering Company Data. If the Company provides support or updates for the Company Data under a Service Order, such updates shall be included in the definition of “Company Data” for purposes of the Agreement.

8. Indemnities

Customer’s Indemnities. The Customer will indemnify, defend and hold the Company, its parent, subsidiaries, affiliates, shareholders, licensors, customers, officers, and employees harmless, including costs, expenses and attorneys’ fees and other legal costs, from any and all losses, damages, penalties and/or fines liability imposed by judicial or regulatory authorities, claim or demand made by any third party due to or arising out of:

8.1.1. the Company’s receipt, use or possession of Customer Data or the Marketing Materials. The Customer recognizes and agrees that hosting data online involves risks of unauthorized disclosure or exposure and that, in accessing and using the System, the Customer assumes such risks;

8.1.2. any violation of the Agreement by the Customer including, without limitation, breach of representations and warranties and/or obligations related to (i) confidentiality and the Customer Data, (ii) Data Privacy (as detailed in Section 9 hereof), and (iii) the Customer’s status as a person that is not a Covered Person or Country of Concern;

8.1.3. the Customer’s failure to abide by the following requirements: (i) the Customer shall not access or use the Services to process Precise Geolocation Data associated with any sensitive location, including: (a) medical facilities (e.g., family planning centers, general medical and surgical hospitals, offices of physicians, offices of mental health physicians and practitioners, residential mental health and substance abuse facilities, outpatient mental health and substance abuse centers, outpatient care centers, psychiatric and substance abuse hospitals, and specialty hospitals); (b) religious organizations; (c) correctional facilities; (d) labor union offices; (e) locations of entities held out to the public as predominantly providing education or childcare services to minors; (f) associations held out to the public as predominantly providing services based on racial or ethnic origin; (g) locations held out to the public as providing temporary shelter or social services to homeless, survivors of rape or domestic violence, refugees, or immigrants; (h) places held out to the public as involving engagement with explicit sexual content, material, or acts; (i) halfway houses; (j) credit repair, debt services, bankruptcy services, or payday lending institutions; or (k) military bases; (ii) the Customer shall not use the Services to associate Precise Geolocation Data with (a) locations held out to the public as predominantly providing services to LGBTQ+ individuals such as service organizations, bars and nightlife; or (b) locations of public gatherings of individuals during political or social demonstrations, marches and protests; and (iii) the Customer shall not use the Services to determine the identity or Precise Geolocation of an individual’s private residence (e.g., single family home, apartment condominium, etc.);

8.1.4. infringement of any third-party intellectual property rights or other rights of any person or entity by the Customer;

8.1.5. wilful misconduct or gross negligence by the Customer;

8.1.6. fraudulent or unlawful act of the Customer;

8.1.7. the Customer Data, the Marketing Materials, or the Customer’s use of the Services not complying with all applicable laws, rules and regulations, or causing an infringement of any third party intellectual property rights or other right of any person or entity;

8.1.8. breaches of confidentiality; and

8.1.9. use of Services beyond the scope granted under Section 4 (Grant of License & Scope of Use) and breach of restrictions set out under Section 4 (Grant of License & Scope of Use).

Additionally, the Customer will be responsible for the retention and payment of attorneys and court costs, as well as settlement and payment of judgments and its own cost and expense. The Company will have the right, not to be exercised unreasonably, to reject any settlement or compromise that requires that it admit wrongdoing or liability or subjects it to any ongoing affirmative obligations. The Customer must not settle or compromise any such claim, subject to an indemnity under this Section, without the Company’s prior written consent. The Customer acknowledges and agrees that it is responsible and liable for: (i) all of its Users’ use of the Services; and (ii) any use of the Services through the Customer’s account, whether authorized or unauthorized.

Company’s Indemnities. The Company will defend, at its expense, any third-party claim, suit, or proceeding against the Customer made during the Term to the extent such claim alleges that: (i) the Azira Platform directly infringes any third-party copyright, or trademark rights; or (ii) the Company has misappropriated any third-party trade secrets (“Infringement Claim”). The Company will pay any damages finally awarded by a court of competent jurisdiction (or settlement amounts agreed to in writing by the Company). The Company’s obligations set forth in this Section do not apply to the extent that the Infringement Claim arises out of: (a) the Customer’s breach of the Agreement; or (b) modifications to the Services made without the Company’s written consent; or (c) the Customer Data; or (d) third-party products, services, hardware, software, or other materials, or combination of these with the Services, if the Services would not be infringing without this combination. In the event of an Infringement Claim, the Company may exercise the remedies in Sections 6.1(i) through 6.1(iii) above including, without limitation, its right therein to terminate the Service Order and require erasure of the Company Data. The Company will have no liability for any Infringement Claim under this Section that arises from the Customer’s failure to: (1) notify the Company in writing of the Infringement Claim promptly upon the earlier of learning of or receiving a notice of it, to the extent that the Company is prejudiced by this failure; (2) provide the Company with reasonable assistance requested by the Company for the defense or settlement (as applicable) of the Infringement Claim; (3) provide the Company with the exclusive right to control and the authority to settle the Infringement Claim; or (4) refrain from making admissions or statements about the Infringement Claim without the Company’s prior written consent.
The remedies in this Section are the Customer’s sole and exclusive remedy and the Company’s sole liability regarding the subject matter giving rise to the Infringement Claim.

9. Limitation Of Liability

Under no circumstances shall either party shall be liable for any (i) indirect, incidental, special, consequential or punitive damages (even if it has been advised of the possibility of such damages), arising from or related to the Agreement; (ii) loss of revenue or profits or lost business; (iii) loss of or damage to reputation or goodwill; (iv) loss of any software or data; or (v) use of the Services in a manner which is not consistent with terms of this Agreement, except for instances of willful misconduct or fraud.
The Company’s cumulative liability for all losses, claims, action, demands, and expenses arising out of or related to the Agreement in any 12 (Twelve) month period will not exceed the greater of (i) the Fees paid by the Customer to the Company, under the Service Order, during that 12 (Twelve) months period; or (ii) $20,000 (USD), notwithstanding the failure of essential purpose of any remedy.
The liabilities limited by this Section 8 apply regardless of the form of action, whether in contract, tort, negligence, strict product liability, breach of statutory duty or otherwise, even if the Company is advised in advance of the possibility of the damages in question and even if such damages were foreseeable; and the Customer’s remedies fail their essential purpose. If applicable law limits the application of this Section 8, the Company’s liability will be limited to the maximum extent permissible. For the avoidance of doubt, the Company’s liability limits and other rights set forth in this Section 8 apply likewise to the Company’s affiliates, licensors, suppliers, agents, directors, officers, employees, consultants, and other representatives.
Nothing in this Agreement limits or excludes either party’s liability for anything that may not lawfully be excluded or limited.

10. Data Privacy

The parties agree that both the Company and the Customer act as independent controllers when processing Personal Data. The Customer will comply with applicable Data Protection Laws in respect of performance and/or exercise of rights under the Agreement and only process Personal Data in accordance with the Permitted Purposes. The Customer shall notify the Company no later than five (5) business days following any determination by the Customer that it or its subcontractor(s) cannot meet its or their obligations under the applicable Data Protection Laws.
Each of the Company and the Customer shall notify each other of an individual within its organization authorized to respond from time to time to Enquiries regarding Personal Data and each of the Company and the Customer shall deal with such Enquiries within a reasonable time.
The Customer will not collect, transmit, process, store or make available any Sensitive Personal Data through its use of the Services. The Customer will not transmit, disclose, or make available any Sensitive Personal Data to the Company or its affiliates or third-party partners.
The Customer will ensure that, at all times in compliance with the Data Protection Laws, it shall: (i) only input lawfully collected Personal Data into the Azira Platform; (ii) conspicuously display (and comply with) a privacy policy that complies with applicable Data Protection Law and discloses the Customer’s privacy practices in relation to the collection, use and sharing of Personal Data; (iii) ensure that such privacy policy provides sufficiently clear, meaningful and prominent notice to relevant Data Subjects; (iv) where required by applicable Data Protection Laws and/or Industry Standards: (a) obtain valid consent from relevant Data Subjects to the processing of their Personal Data by Company and its affiliates for the purposes of the Services and/or (as appropriate) the use of cookies and other technologies used in connection with the Services to store or access information stored on data subjects’ devices; (b) provide relevant Data Subjects with persistent and easy to use opt-out mechanisms for processing Personal Data and legally sufficient consumer choices (including, where applicable, to disallow interest-based advertising or further sale of Personal Data); and (v) in respect of Customer Data provided for Allspark and/or Enrichment, always obtain opt-in consent as per applicable Data Protection Laws, from the relevant Data Subjects whose Personal Data is provided to the Company with consent prompts including information identifying: (a) the purposes for which Personal Data can be used by the Customer (including sharing such Personal Data with the Company); (b) the Company’s processing of such Personal Data for the provision of the Services (including data enrichment activity), which includes, but is not limited to, identifying the behaviour of such Data Subjects and profiling them based on their physical/digital world behaviour to create an enriched dataset from such Personal Data (“Enriched Data“) and sharing of such Enriched Data with the Customer.
The Customer will, within five (5) days of the Company’s request, provide the Company with copies of screenshots of its proposed Data Subject consent flow, opt-out process and the privacy policy which relate(s) to the processing of Personal Data, and a brief written explanation of how it proposes to achieve required consents and transparency in accordance with applicable Data Protection Laws. The parties will discuss in good faith within a reasonable time any comments or concerns the Company may have in this regard. If the Company reasonably believes at any time that the Customer’s notification or consent wording or mechanism, opt-out process, privacy policy or related documentation does not allow the Company to process Personal Data and/or use cookies or other technologies in accordance with Industry Standards and Data Protection Laws, the Company may notify the Customer of its concerns and/or provide a reasonable alternative method. The parties will discuss subsequent amendments to this Agreement prompted by the Data Protection Laws and/or Industry Standards in good faith.
Each party may respond directly to Data Subject Requests addressed to it relating to its processing of Personal Data as a controller. At the request of a party receiving a Data Subject Request, the other party shall provide any cooperation reasonably requested to enable the other party’s compliance with such request.
The Customer will notify the Company if it receives any Enquiry regarding Personal Data in respect of which the Company acts as a data controller. The Customer will provide the Company with reasonable cooperation and assistance to allow the Company to assess and respond to such Enquiry.
Each party will implement appropriate physical, technical and organizational measures to ensure a level of security appropriate to the risks that are presented by the processing of Personal Data in connection with the Services as set out in Annex 2, to Schedule I (DPA).
If the Customer becomes aware of any Personal Data Breach involving Personal Data processed in connection with the Services, it will promptly notify the Company of the Personal Data Breach and, if requested, provide reasonable cooperation to Company to take measures to record, report and address the Personal Data Breach in accordance with the Customer’s obligations under Data Protection Laws.
In the event that a data transfer mechanism other than the EU SCCs and/or UK Approved Addendum (as applicable) is or becomes available in respect of any Restricted Transfer in accordance with Data Protection Laws, including any further alternative standard contractual clauses approved from time to time, the parties will, on the request of either party, work in good faith to determine if such data transfer mechanism is sufficient in respect of any or all Restricted Transfer(s) and, if the parties agree that it is sufficient, the parties will discuss subsequent amendments to this Agreement in good faith.
The Customer shall make available, to the Company, such information in the Customer’s possession or control as may be necessary to demonstrate compliance with its obligations relating to Personal Data under this Agreement or in order for the Company to respond to an Enquiry. The Company may require the Customer to attest that it treats the Personal Data processed in the same manner that the Company is obligated to treat such Personal Data under the applicable Data Protection Laws. The Company may itself, or commission a third-party auditor to conduct, an audit of the Customer’s data privacy practices. Audits will: (i) be on no less than fourteen days’ prior written notice to the Customer; (ii) be conducted during normal business hours; (iii) not unreasonably interfere with the Customer’s business activities; and (iv) not take place more than once in any year except when agreed between the parties.
The Customer agrees and acknowledges that the Company does not require any Personal Data for the provision of Services. The Customer will ensure that it reviews all Customer Data provided to the Company and scrub any Personal Data from the same before providing it to the Company. In the event the Customer determines that disclosure of Personal Data is crucial for the performance of Services, the Customer will provide the Company with a prior written notice of its intent to disclose Personal Data. Such data shall be disclosed upon the Company’s written acceptance of such notice and subject to any documentation that the Company requires the Customer to execute, and the Customer must specify the Company’s name in its privacy policy as one of the third-parties with whom the Customer will be sharing Personal Data.
The Customer warrants that it will not use Company Data in combination with any third-party data (including other Personal Data) that may lead to identification or disclosure of the Data Subject(s)/ individual(s).
By using the Services, the Customer acknowledges the Company’s processing, use and disclosure of the Customer Data in accordance with the Company’s Privacy Policy. The Company Privacy Policy applies only to the Azira Platform and does not apply to any third-party website or service linked to the Azira Platform or recommended or referred to through the Azira Platform.

11. Termination

Termination by Company. The Company reserves the right to terminate this Agreement by giving fifteen (15) days’ notice if the Customer (i) is in breach of this Agreement and which breach is not cured within fifteen (15) days of receipt of a written notice from the Company or if such breach is incapable of remedy; or (ii) has repeatedly or persistently breached any terms of this Agreement.
Termination by Customer. The Customer may terminate this Agreement, if the Company is in material breach of its obligations hereunder, which breach is not cured within fifteen (15) days of receipt of a written notice or which breach is incapable of remedy.
Effect of Termination. Upon termination (for any reason) or expiry of the Service Order, (i) all payments due till the date of termination or expiry shall be immediately paid by the Customer on or prior to the date of termination or expiry (as applicable); and (ii) all license rights granted herein shall terminate; and (iii) the Customer shall cease all use of the Services and delete, destroy, or return all copies of the Company Data in its possession or control, and certify such deletion or destruction through an authorized officer of the Customer. Termination or expiration of the Service Order shall not affect any rights, obligations or liabilities, arising out of the Service Order, that have accrued before termination or expiry or which are intended to continue to have effect beyond termination or expiry.
Survival. The termination or expiration of the Agreement will not affect any provisions of the Agreement which by their nature survive termination or expiration, including the provisions that deal with payment obligations, confidentiality, data security, term and termination, effect of termination, intellectual property rights, compliance, indemnities, limitation of liability, privacy, usage analytics and Section 12 (Miscellaneous).

12. Compliance Audit

Customer will maintain accurate records of its use of the Services and all consents obtained from its Users throughout the Term. In the event (i) any third party authorised under applicable law asks the Company for information or audits the Company’s records in respect of the Customer Data or the Customer’s use of the Company Data and all consents obtained from its Users (“Third-Party Request”); or (ii) in an event the Company deems it fit to conduct an audit for any reasons whatsoever, the Customer will permit, the applicable third party, the Company or an independent external auditor approved by the Company or such third party to inspect and audit the Customer’s records pertaining to the scope of such Third-Party Request. The audit rights provided herein shall be valid for the Term and a period of two (2) years thereafter.
Such audits shall be conducted at the Company’s sole expense. All audits conducted under this Section will be subject to the following requirements: (i) the Company shall provide at least five (5) business days’ notice to the Customer before such audit, unless applicable law requires otherwise; and (ii) any such inspection and audit shall be conducted during regular business hours of the Customer in such a manner as to not interfere with normal business activities of the Customer. The Customer will, at its own expense, promptly correct any non-compliance detected by such audit, but not exceeding: (a) Fifteen (15) days from the release of such audit results identifying such non-compliance; or (b) the period as may be required under applicable law, whichever is lower. If any audit under this Section reveals any material breach of the Agreement by the Customer (including a material underpayment of Fees, as determined by the Company), the Customer will reimburse the Company for the reasonable costs of the audit. If the audit reveals an underpayment by the Customer, the Customer will make payment to the Company within 10 (Ten) business days.

13. Miscellaneous

Third Party Products. The Services may contain certain third-party products, services and/or data licensed to the Company (“Third-Party Products”). Such Third-Party Products may be available to the Customer in an embedded, integrated or linked form on the Services. The Agreement does not govern the use and access of such Third-Party Products, and the same shall be governed by the terms and conditions specific to such Third-Party Products (“Third-Party Product Terms”). By way of using the Third-Party Products, or consenting to the Third-Party Product Terms, the Company will assume that the Customer has read, agreed, and accepted the Third-Party Product Terms. The Company will not be liable for the disputes arising out of or related to the Third-Party Product Terms or the breach of such Third-Party Product Terms by the third-party service providers.
Insurance. Without prejudice to its obligations under these Terms, the Customer shall affect and maintain a commercial general liability insurance policy with a limit of $$5,000,000 (USD)), with a reputable insurance company. Upon receipt of a written request from Company, the Customer shall submit a certificate to confirm that Customer maintains the required insurance policy.
Force Majeure. Except for the Customer’s payment obligations under the Service Order, neither party will be responsible for any failure or delay in its performance under these Terms due to causes beyond its reasonable control, including, but not limited to, labour disputes, strikes, lock-outs, internet or telecommunications failures, shortages of or inability to obtain labour, energy, or supplies, war, terrorism, riot, acts of God or governmental action, acts by hackers or other malicious third parties and problems with the Internet generally, and such performance shall be excused to the extent that it is prevented or delayed by reason of any of the foregoing.
Assignment. The Customer shall not have the right to assign, transfer, resell or sublicense the Customer’s rights or obligations hereunder. Any attempt to assign, transfer, resell or sub-license such rights or obligations without the Company’s prior written approval will be null and void.
Governing Law and Jurisdiction. If the Customer is registered in North America, these Terms will be governed by the laws of the State of California. If the Customer is registered outside of North America, these Terms will be governed by and construed in accordance with the laws of Singapore. The Company and the Customer agree that any claims, legal proceedings, or litigation arising in connection with these Terms, will be brought solely in the courts of Pasadena, California or Singapore based on the jurisdiction where the Customer is registered. If any provision herein is held to be unenforceable, the remaining provisions will remain in full force and effect. All rights and remedies hereunder are cumulative.
Injunctive Relief. Actual or threatened breach of the Agreement (such as, without limitation, provisions on intellectual property (including ownership), license, privacy, data protection and confidentiality) may cause immediate, irreparable harm that is difficult to calculate and cannot be remedied by the payment of damages alone. Either party will be entitled to seek preliminary and permanent injunctive relief and other equitable relief for any such breach.
Notices. Any notice required to be delivered hereunder will be deemed delivered: (i) upon delivery, if delivered by courier or by hand (against receipt); or (ii) Three (3) days after posting, if sent by electronic mail, fax, or certified or registered mail, return receipt requested. All notices to the Company and the Customer will be sent to the addresses set forth in the Service Order or to such other address as a party may designate by written notice to the other.
Entire Agreement; Severability; No Waiver; Conflicts; Independent Contractors. This is the entire agreement between the parties relating to this subject matter and supersedes all other commitments, negotiations and understandings. If one or more of the provisions contained in these Terms is found by a court of competent jurisdiction to be invalid, illegal or unenforceable in any respect, the validity, legality and enforceability of the remaining provisions will not be affected. The provisions will be revised only to the extent necessary to make them enforceable. The failure of either party to enforce its rights under the Agreement at any time for any period shall not be construed as a waiver of such rights. Nothing herein will constitute either party as the employer, employee, agent or representative of the other party, or both parties as joint venturers for any purpose. Except as provided herein, neither party will have the authority to obligate or bind the other in any manner.

SCHEDULE I

DATA PROCESSING AGREEMENT

1. DEFINITIONS

“Azira Personal Information” means any Personal Information that Azira makes available to the Customer pursuant to the Agreement.
“Covered Person” means an individual or entity that is linked to a Country of Concern as set forth in U.S. regulations published at 28 CFR Part 202 (Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons).
“Country of Concern” means countries designated as such in U.S. regulations published at 28 CFR § 202.601, e.g. China, Cuba, Iran, North Korea, Russia, and Venezuela (as applicable).
“Data Subject Request”means a request from or on behalf of a Data Subject to exercise any rights in relation to their Personal Information under the Privacy Laws.
“Inquiry” means a complaint or request in relation to either Party’s obligations under the Privacy Laws relevant to the Agreement, including but not limited to any compensation claim from a Data Subject or any notice, investigation or other action from a supervisory authority.
“IDTA” means the International Data Transfer Addendum to the Standard Contractual Clauses, issued by the Information Commissioner’s Office of the United Kingdom.
“Personal Information” shall be interpreted consistent with the Privacy Laws, includes at a minimum “personal information” and “personal data” as those terms are defined in the State Privacy Laws, and shall include Sensitive Personal Data as defined herein.
“Privacy Laws” means applicable statutes, regulations or other laws pertaining to privacy and information security, including, where applicable, the EU General Data Protection Regulation 2016/679 (“GDPR”), United Kingdom General Data Protection Regulation applicable by virtue of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (“UK GDPR”), and the State Privacy Laws.
“Sensitive Personal Data” means what is defined in Section 1.29 of the Azira Terms.
“Standard Contractual Clauses” means the standard contractual clauses annex to European Commission Implementing Decision (EU) 2021/914 for the transfer of Personal Information to Third Countries (and any successor clauses).
“State Privacy Laws” mean all US state Privacy Laws, as defined in the Definitions above.
“Third Countries” mean countries which are not recognized by the applicable Privacy Laws as countries providing adequate protection of Personal Information.

2. TERMS OF DATA DISCLOSURE

Permitted Purposes. Azira provides Azira Personal Information to Customer only for limited and specified purposes (“Permitted Purposes”) described in Annex 3 attached hereto, and Customer agrees to use the Azira Personal Information only for such limited and specified purposes.
Prohibited Uses. Notwithstanding anything else in this DPA or the Agreement, the Customer will not do any of the following: (i) associate Azira Personal Information with: (a) locations held out to the public as predominantly providing services to LGBTQ+ individuals such as service organizations, bars and nightlife; (b) locations of public gatherings of individuals during political or social demonstrations, marches and protests; or (ii) use Azira Personal Information to: (a) associate any individual with the foregoing locations; or (b) determine the identity or the location of an individual’s home, i.e., the location of any individual’s private residences (e.g., single family homes, apartments, condominiums, townhomes) (all of the foregoing, “Prohibited Uses”).
The Parties acknowledge and agree that:
2.3.1. Customer complies with the applicable Privacy Laws and agrees to provide the level of privacy protection required by the applicable Privacy Laws with respect to the Azira Personal Information;

2.3.2. Azira has the right to take reasonable and appropriate steps to help ensure that Customer uses the Azira Personal Information in a manner consistent with the requirements of the applicable Privacy Laws, this DPA, and the Agreement, including through an attestation signed by Customer, manual reviews, automated scans, regular assessments, audits, or technical or operational testing. The Customer will reasonably and promptly cooperate to enable Azira to assess and document the Company’s compliance with the Permitted Purposes and Prohibited Uses described in this DPA. Azira may terminate this Agreement upon written notice if the Customer fails to cooperate or if Azira determines that the Company has engaged in any use of the Azira Personal Information outside the Permitted Uses or that is a Prohibited Use;

2.3.3. The Customer will notify Azira without undue delay if it makes a determination that it can no longer meet its obligations under the applicable Privacy Laws, this DPA, or the Agreement, and Azira has the right, upon 10 (Ten) days’ notice to the Customer, to take reasonable and appropriate steps to stop and remediate unauthorized use of Azira Personal Information, including requiring the Customer to delete the Azira Personal Information on legitimate data protection grounds; and

2.3.4. The Customer shall cooperate with any reasonable request from Azira with respect to a Data Subject Request or Inquiry related to data protection. The Customer will notify Azira if it receives any Inquiry in relation to Personal Information received from Azira, in whole or in part, and will provide Azira with reasonable cooperation and assistance to allow Azira to assess and respond to such Inquiry.
Restrictions on Selling or Sharing. If the Agreement permits the Customer to sell, share, or disclose the Azira Personal Information to any third party, the Customer shall (i) prohibit such third party from engaging in Prohibited Uses; (ii) restrict such third party to use the Azira Personal Information for Permitted Purposes; and (iii) remain directly responsible to Azira for such third party compliance with these restrictions. Without limiting the foregoing, the Customer will not sell or share the Azira Personal Information unless the Customer provides explicit notice to the end consumer and provides the end consumer an opportunity to exercise the right to opt-out.
Opt-out Preferences. Where required by the applicable Privacy Laws, the Customer shall comply with an end consumer’s opt-out preferences forwarded to the Customer by Azira.
The Customer acknowledges and agrees that:

2.6.1. the Customer, its employees, agents, subcontractors, and sub-processors are subject to a duty of confidentiality with respect to the Azira Personal Information, and the Customer is liable for any breach of confidentiality by its employees, agents, sub-contractors or sub-processors;

2.6.2. the Customer shall implement and maintain reasonable technical and organizational security measures, policies, and procedures, including physical access control, backup, and encryption to protect the Azira Personal Information. Such security measures will, at all times, be appropriate to the nature of the Azira Personal Information;

2.6.3. the Customer shall implement appropriate access controls restricting access to Azira Personal Information to only such employees, agents, subcontractors, and sub-processors as need to know the information in order to perform the Permitted Purposes and in accordance with the Agreement;

2.6.4. the Customer will, as part of its incident management policies and procedures and to the extent permitted by law, promptly notify Azira without unreasonable delay of any actual or reasonably suspected incident that introduces a material risk to the Customer’s processing of Azira Personal Information; and

2.6.5. the Customer will inform Azira within 24 (Twenty-Four) hours of Customer’s knowledge of any unauthorized access, destruction, use, modification, or disclosure (each, a “Security Incident”) of any Azira Personal Information (to include, without limitation, any personal data breach as defined by applicable law). The Customer will provide Azira with any information and cooperation reasonably requested by Azira regarding such Security Incident. The Customer shall not provide notice of such a Security Incident to any third party without the prior written consent of Azira unless required by applicable law. If requested, the Customer shall provide reasonable cooperation to Azira to take measures to record, report and address the Security Incident in accordance with Azira’s obligations under Privacy Laws.
Prohibited Transfers

2.7.1. The transfer of Company Data to a Covered Person or Country of Concern is strictly prohibited.

2.7.2. Any transfer of Company Data to a foreign person or entity without first contractually prohibiting the recipient from passing the Company Data along to a Covered Person or Country of Concern is strictly prohibited.
Changes to Privacy Laws. The Parties agree to cooperate in good faith to enter into additional terms to address any modifications, amendments, or updates to applicable Privacy Laws.

3. CROSS-BORDER DATA TRANSFERS

Transfer Mechanism. With regard to any transfers of Azira Personal Information to countries that do not provide adequate protection for such data (as determined by the applicable Privacy Laws), the Parties hereby enter into applicable instruments in support of such transfer. If Azira Personal Information is transferred to Third Countries from a member state of the European Economic Area, Switzerland, or the United Kingdom, this DPA incorporates the Standard Contractual Clauses and, in the case of the United Kingdom, the IDTA.
Alternative Data Transfer Authority. The Parties acknowledge that the laws, rules and regulations relating to international data transfers are rapidly evolving. In the event that Azira adopts another mechanism authorized by applicable laws, rules or regulations to transfer Azira Personal Information (each an “Alternative Data Transfer Authority”), Azira may provide the Customer with written notice describing that Alternative Data Transfer Authority and, and upon the Customer’s approval, the Parties agree that the mechanism described in Section 3.1, as the case may be, shall no longer apply to any Personal Information that Azira elects to receive or process under that Alternative Data Transfer Authority, and such Alternative Data Transfer Authority shall thereafter apply. The Parties agree to work together in good faith to implement any amendments to this DPA necessary to implement the Alternative Data Transfer Authority.

4. TERMS OF STANDARD CONTRACTUAL CLAUSES

Customer as Controller. If the Parties agree to the Standard Contractual Clauses and the Customer is a Controller:
4.1.1. For transfers from the European Economic Area, United Kingdom, or Switzerland, the Standard Contractual Clauses, Module I, is hereby incorporated by reference when available as a valid transfer mechanism under applicable law. Azira and the Customer further agree to the following provisions with respect to the Standard Contractual Clauses:

i. Applicable Module: Module One (controller to controller) applies to transfers from the Customer to Azira where Azira acts as a Controller. The Customer is the data exporter and Azira is the data importer.

ii. Conflicts: In the event of any conflict or inconsistency between this DPA and the Standard Contractual Clauses, the Standard Contractual Clauses shall prevail.

iii. Specific Provisions: The following specific provisions apply to the Standard Contractual Clauses:
- Module One will apply.
- In Clause 7, the Parties do not permit docking.
- In Clause 11, the Parties do not select the independent dispute resolution option.
- In Clause 18(b), the Parties agree that the jurisdiction is the member state in which the Controller is established, or if the Controller is not established in a member state, the Republic of Ireland.
- Annex I: with the information set out in Annex 1 to this DPA.
- Annex II: with the information set out in Annex 2 to this DPA.
4.1.2. For transfers from the United Kingdom, the IDTA (including all Part 2 Mandatory Clauses) is also incorporated by reference as an addendum to the Standard Contractual Clauses when the IDTA is available as a valid transfer mechanism under applicable law. Azira and the Customer further agree to the following provisions with respect to the IDTA
i. Specific Provisions: The following specific provisions apply to the IDTA:
- Table 1 (Parties): The contents of Table 1 (Parties) shall be completed with the details provided in Annex 1.
- Table 2 (Selected SCCs, Modules, and Selected Clauses):1. Module One will apply.2. In Clause 7, the Parties do not permit docking.3. In Clause 11, the Parties do not select the independent dispute resolution option.
- Table 3 (Appendix Information): The list of Parties is provided in Annex 1.A. and the description of the transfer is provided in Annex 1.B, attached to this DPA. The technical and organizational measures including technical and organizational measures to ensure the security of the data are provided in Annex 2, attached to this DPA.
- Table 4 (Ending this DPA when the Approved Addendum Changes): The Parties agree that Importer or Exporter may end the DPA as set out in Section 19 of the IDTA.
ii. Conflicts: In the event of any conflict or inconsistency between this DPA and the IDTA, the IDTA shall prevail.

DATA PROCESSING ANNEXES

ANNEX 1

A. List of Parties

Name of Data Exporter	Azira LLC or Azira Pte. Ltd. (if applicable) or as set out in the Agreement
Address	As set out in the Agreement.
Contact Person’s Name, Position, and Contact Details	As set out in the Agreement.
Activities relevant to the data transferred under these Clauses:	As set out in the Agreement.
Signature and Date	Signed and dated through execution of the DPA.
Role	Controller

Name of Data Importer	As set out in the Agreement.
Address	As set out in the Agreement.
Contact Person’s Name, Position, and Contact Details	As set out in the Agreement.
Activities relevant to the data transferred under these Clauses:		As set out in the Agreement.
Signature and Date	Signed and dated through execution of the DPA.
Role	Controller

B. Description of Transfer

Categories of Data Subjects whose personal data is transferred	Individuals who use mobile or electronic devices
Categories of personal data that will be transferred	Device ID (IFDA or AAID (MAIDs)), hashed email address, home address, timestamp, latitude-longitude, IP address, country code, users agent string (mobile device information derived from UA string: device type, manufacturer, model, screen size, browser and version), ISP/Carrier, GPS source, App ID, App Name, Publisher ID, Publisher Name, Postal Code, OS, OS Version, Ad Height/Width, IAB Category, Keywords, GDPR Device (whether the device is in the EEA), Gender, Year of Birth, audience codes, HTTP referrer, HTTP cookies, language preference, census data.
Sensitive Personal Data transferred and applicable restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions **(including access only for staff having followed specialized training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.**	N/A
Frequency of the transfer *(e.g. whether the data is transferred on a one-off or continuous basis)*.	As set out in the Agreement.
Nature of the processing	The collection, analysis, storage, duplication, deletion and disclosure as necessary in the provision of the services under the Agreement.
Purpose of the data transfer and further processing.	The provision of the services under the Agreement and Company’s use of such Personal Data for the provision of its own services to its customers.
Retention Criteria	For the duration of the Agreement or until the processing is otherwise no longer necessary for the purposes for which it was shared between the Parties.
Sub-processor transfers	N/A
Competent Supervisory Authority	EEA Data Subjects: Republic of Ireland UK Data Subjects: United Kingdom

ANNEX 2: TECHNICAL & ORGANIZATIONAL MEASURES

Technical and Organisational Measures including Technical and Organisational Measures to ensure the Security of the Data

A. Information Security; Information Security Policies and Standards.

Azira shall maintain a corporate Information Security function that is responsible for managing its information security program. The Information Security function shall be responsible for:

1. Performing periodic onsite security risk assessments of Azira’s information processing facilities, systems, and applications.

2. Advising Azira’s executive management team about Azira’s information security program, potential risks, and mitigation plans.

3. Promulgating and maintaining reasonable and appropriate information security policies, procedures and standards that are designed to adequately provide for the confidentiality, integrity and availability of information, including Personal Information processed by Azira.

4. Periodically reviewing and updating Azira’s information security policies, procedures and standards to address new and emerging threats and changes to legal requirements and industry standards.

5. Providing management direction and support for information security in accordance with business requirements and relevant laws and regulations.

B. Personnel Security.

1. Azira shall take steps to educate and inform its employees, contractors, and other third-party users of its network, systems and applications about (i) information security threats and concerns; (ii) the requirements of the information security program; and (iii) their responsibilities and obligations with respect to the processing of Personal Information.

2. Unless Azira uses Azira-provided computing equipment, application and network access to provide the Services, Azira shall equip its employees with systems and applications and with appropriate tools and equipment that support the implementation of the information security program requirements in the course of their normal work.

3. Azira shall maintain procedures to terminate access to Personal Information when employees or contractors exit the organization or change roles.

C. Asset Management.

Azira shall maintain reasonable and appropriate controls that are designed to protect organizational assets that process data.

D. Physical and Environmental Security.

Azira shall take reasonable and appropriate steps designed to prevent unauthorized physical access and damage to and interference with its premises, and the loss, damage, theft or compromise of assets and interruption to its activities related to the processing of Personal Information.

E. Communications and operations management.

1. Azira shall implement processes designed to provide for the correct and secure operation of information processing facilities, including by use of appropriate firewall and encryption technologies and, as far as possible, the logging and monitoring of all data transmissions.

2. Azira shall implement and maintain appropriate levels of information security and service delivery designed to facilitate compliance with relevant agreements.

F. System Planning and Acceptance.

Azira shall maintain processes and procedures designed to minimize the risk of system failures and maintain appropriate backup facilities as a control to support the integrity and availability of information and information processing facilities.

G. Network security management.

1. Azira employs reasonable and appropriate controls to protect both the Personal Information in its networks and the supporting network infrastructure.

2. Azira shall maintain protections (including anti-virus software) against malicious and mobile code.

H. Media handling.

Azira shall maintain appropriate processes and procedures designed to prevent unauthorized disclosures, modifications, removals or destruction of assets, and interruptions to business activities. When media are to be disposed of or reused, procedures have been implemented to prevent any subsequent retrieval of the information stored on them before they are withdrawn from the inventory.

I. Access Controls.

1. Azira shall maintain appropriate access control procedures to prevent unauthorized access to, theft or loss of Personal Information from information systems, including networks, applications, and operating systems.

2. Azira shall implement access controls for networks, systems, and applications based on a “least privilege” basis.

3. Azira shall implement procedures to limit the ability to grant, modify or revoke user access to an information system to a limited set of authorized privileged users.

J. Information Systems Acquisition, Development and Maintenance.

Azira shall incorporate privacy and information security as an integral part of information systems acquisition development and maintenance, and shall develop appropriate policies, processes and procedures to prevent the erroneous processing of Personal Information and the loss, unauthorized modification or misuse of such data in applications.

K. Cryptographic Controls.

Azira shall implement suitable measures to prevent Personal Information from being read, copied, altered or deleted by unauthorized parties during its transmission or during the transport of the data media. Specifically, where it is feasible to do so, Azira shall protect the confidentiality, authenticity or integrity of Personal Information at rest and in transit by use of cryptographic means.

L. Technical Vulnerability Management.

Azira has bug-bounty and vulnerability management programs, which reduce risks resulting from the exploitation of technical vulnerabilities. Further, Azira maintains an independent platform accessible to all that facilitates safe disclosures.

M. Data Incident Management.

Azira shall maintain a consistent and effective approach to the management of Security Incidents and shall take timely corrective action to address such incidents.

N. Business Continuity Management.

Azira shall take appropriate measures designed to counteract interruptions to business activities and protect critical business processes from the effects of major failures of information systems or disasters and to ensure their timely resumption.

O. Information Systems Audit Considerations.

Azira shall conduct periodic audits of systems and processes involved in the processing of Personal Information.

ANNEX 3

MANDATORY DISCLOSURES

Limited and specified purposes for the sale or disclosure of Azira Personal Information

The limited and specified purposes for the sale or disclosure of Azira Personal Information are as explicitly set forth in Section 4 of the Terms and each Service Order.