Note: This Data Processing Agreement (the "DPA") is an addendum to the Terms of Service between the Processor, Affilimate (operating as Adaero Software UG (haftungsbeschränkt), registered at Amtsgericht Charlottenburg and registration number HRB 228340 B) and the Controller (the "customer").
If you are accepting this DPA on behalf of your customer, you warrant that: a) you have full legal authority to bind your customer to this DPA; b) you have read and understand this DPA; and c) you agree, on behalf of your customer, to this DPA.
In order to use our products and services, you need to accept our DPA. By using our product, you are in agreement to our terms of service and you are automatically accepting our DPA and do not need to sign a separate document.
These service terms incorporate the Data Processing Agreement when the General Data Protection Regulation ("GDPR") applies to your use of Affilimate services to process visitor data, as defined in the DPA.
We protect and secure your visitor data to the high standards, set out in the following agreement.
- "You" or "customer" refers to the company, organization, or individual that signs up to use the Service to analyze visitor data.
- "Visitor data" refers to both website analytics, and transaction data that occur on affiliate networks with which the Controller has a relationship and integrates while using the Service.
- "Agreement" or "DPA" refers to this agreement, which functions as an addendum to the general Terms of Service.
- In the course of providing Affilimate's service to the customer pursuant to the Agreement, Affilimate may process visitor data on behalf of the customer.
- In this Agreement, "Data Protection Legislation", and means the General Data Protection Regulation (Regulation (EU) 2016/279), and all other applicable laws relating to processing visitor data and privacy that may exist in any relevant jurisdiction.
- "Data Controller", "Data Processor", "Data Subject", "Personal Data", and "processing" shall be interpreted according to applicable Data Protection Legislation.
- The parties agree that the customer is the data controller and that Affilimate is its data processor as it relates to visitor data that is processed in the course of providing the service.
Privacy and security of your visitor data
We take numerous measures to protect and sure your data through backups, encryption, and redundancy. When you use our service to measure your website statistics and aggregate transaction data, Affilimate will collect information about your visitors.
You agree that Affilimate may process your data as described in our Terms of Service and for no other purpose. You own all right, title, and interest to your data. We obtain no rights from you to your data. We do not collect and analyze personal information from website users.
We do not sell or share your data to any third parties. A list of Affilimate's subprocessors can be found in our Terms of Service.
By using Affilimate, all website analytics are collected anonymously. We do not collect or store personal data, generate persistent device identifiers, or store IP addresses. The data we process cannot be used to identify any single individual.
We minimize our collection of data in general, by measuring only the most essential data points and nothing else.
The group of data subjects affected by the processing of their data under this agreement include end-users of the controller's websites, which make use of the service provided by the processor.
More information about our processing of visitor data can be found in our Terms and Conditions.
Processor's obligations with respect to the controller
- Affilimate will process visitor data only in accordance with instructions from the customer through the settings of the service.
- Affilimate shall notify the customer without undue delay if, in Affilimate's opinion, an instruction for processing of visitor data given by the customer infringes applicable Data Protection Legislation.
- Affilimate shall guarantee the confidentiality of visitor data processed with respect to use of the Service.
- We can ensure that personnel with access to the visitor data are informed of the confidential nature of the data, and comply with obligations set out in this agreement.
- Affilimate shall implement and uphold appropriate measures, both technical and organizational, designed to protect visitor data against unauthorized or unlawful processing, accidental loss, destruction, damage, disclosure, or alteration. These measures shall correspond appropriately to the harm which may result from the aforementioned actions, as well as the nature of the visitor data to be protected.
- If Affilimate becomes aware of any security breach, be it accidental, unauthorized, or unlawful, resulting in destruction, loss, disclosure, or alternation of the personal data that is processed by Affilimate in the course of providing the service, it shall notify the customer by email without undue delay (not later than 48 hours after having become aware of it). Affilimate shall provide regular updates, take action to investigate the incident, and reasonably prevent or mitigate the effects of the incident.
- The customer warrants that it has all necessary rights to provide Affilimate the visitor data for processing in connection with the provision of the Service.
- The customer shall comply at all times with Data Protection Legislation, with respect to all visitor data it provides to Affilimate pursuant to the Agreement.
- The customer understands that, as a controller, it is responsible (as between Affilimate and the customer) for:
- determining the lawfulness of any processing, performing any required and appropriate data protection impact assessments, and accounting to regulators and individuals as may be needed;
- providing relevant privacy notices to data subjects, as may be required in the customer's jurisdiction;
- implementing your own appropriate technical and organizational measures to demonstrate and ensure processing in accordance with this DPA;
- notify any relevant regulators or authorities of any incident, as may be required by law in your jurisdiction.
Liability and indemnity
- Each party indemnifies the other and holds them harmless against all claims, actions, third party claims, losses, damages, and expenses incurred by the indemnified party and arising directly or indirectly out of or in connection with a breach of this DPA.
Duration and Termination
- This DPA is effective as of January 1, 2021 and replaces and supersedes any previously agreed data processing agreement between you and Affilimate related to the GDPR.
- Termination or expiration of the Processing activities shall not discharge the parties from the confidentiality obligations herein.
If you have a question about the Data Processing Agreement (DPA), please contact us.