General Terms and Conditions for Adjust GmbH
Last updated: Nov 23, 2023
1. Scope of Application
- These Terms and Conditions including the Annex “Data Processing Agreement” (“T&C” or “Agreement”) entered into by Adjust GmbH, Saarbruecker Str. 37a, 10405 Berlin, Germany (hereinafter referred to as “Adjust”) and the entity accepting them (herein after referred to as “Customer”; individually referred to as “Party” and together as the “Parties”) together with the applicable Order Form (defined in Section 3 below) govern Customer’s use of the Services provided by Adjust. “Services” means Adjust’s products and services as further described in the applicable Order Form and includes Customer’s access to the Dashboard. “Dashboard” means Adjust’s analytics platform, accessible via https://www.adjust.com.
- In case of a conflict among the agreements listed in Section 1.1, the agreements will prevail in the following order: i) Order Form ii) Appendixes to this Agreement iii) this Agreement.
- These T&C are incorporated into the contractual relationship between Adjust and Customer either by reference in an Order Form or in checkboxes on Adjust’s website (as applicable).
- Adjust is entitled to amend/update this Agreement at any time (“T&C Update”). T&C Updates may be necessary, in particular, but not exclusively, to reflect changes in the applicable laws or developments in the Services. Adjust will notify Customer about T&C Updates in text form providing a notice period of at least thirty (30) days before their T&C Update’s effective date. The T&C update will become effective unless Customer objects to it in text form within the notice period mentioned above. Adjust will specifically point out these consequences to Customer in the notification. If Customer objects to the T&C Update within the notice period, Adjust is entitled to terminate the Agreement and the respective Order Form, but not earlier than the effective date of the T&C Update and only if Adjust cannot be reasonably expected to continue the provision of the Services without the T&C Update.
- The Services are designed to support Customer in the analysis and optimization of Customer’s mobile advertising campaigns.
- Adjust shall render the Services in accordance with the service description specified in the applicable Order Form and as set forth in this Agreement. The Services and support are provided in English.
- In order to ensure the proper functioning of the Services, Adjust reserves the right to (i) make technical changes and improvements to the Services within a reasonable scope, provided the changes do not result in a reduction of the functionality, performance, availability, or security of the Services and (ii) suspend the Services for maintenance or repair purposes. Adjust will inform Customer about material changes to the Services or planned suspensions of the Services as far as reasonably possible in advance via the Dashboard and/or email.
3. Order Form
- The commercial details (including selected Services, volume, fees and Term) are specified in a separate contractual document (“Order Form”). Upon Customer’s request, Adjust will send a draft of the Order Form to Customer for Customer’s review before the signature process described below will be initiated.
- The Order Form will be executed in text form. Adjust will send to Customer an Order Form which constitutes a binding offer by Adjust. Unless otherwise specified in the Order Form, the offer is valid for 14 (fourteen) days from the day on which Adjust sends the offer to Customer. As a standard, Customer has the option, within the aforementioned period, to sign the Order Form via an e-signature platform provided by Adjust (currently: DocuSign). Alternatively, upon Customer’s request, Adjust will send to Customer a PDF version of the Order Form for a wet signature or e-signature via Customer’s e-signature platform. The Order Form becomes legally valid upon Adjust’s receipt of the Customer signed version of the Order Form. Adjust will store the signed version of the Order Form in its systems.
- The Order Form and this Agreement are drafted in English. If translated, the English version shall prevail in case of a conflict.
4. Free Versions and Trial Access
- For testing purposes, Adjust may offer at its own discretion certain Services free of charge for a limited period of time (“Free Versions”). The provision of the Free Versions automatically ends once the period or volume limitations of the Free Versions have been reached.
- Either Party may terminate the provision/use of the Free Versions at any time.
- Subject to Section 11.5, Adjust’s liability for defects of the Free Versions, in particular for their correctness, freedom from errors, freedom from third-party property rights and copyrights, completeness or usability, is excluded, except in the case of intent or fraudulent intent.
- Notwithstanding Section 3, no Order Form will be provided by Adjust for Free Versions. If the requirements for the use of the Free Versions are met, Adjust will grant Customer access to the Free Versions via the Dashboard.
- Sections 4.1 to 4.3 also apply to free trial periods (“Trial”). If applicable, Trial periods will be specified in the Order Form.
In order to access the Services and the Dashboard, Customer needs to create an Adjust account. Customer represents and warrants to Adjust that all data provided by Customer during the account registration is complete and correct. Customer is obliged to promptly inform Adjust about any changes to this data or to update altered data in its Adjust account.
6. Grant of Rights, Ownership
- During the Term of this Agreement, Adjust grants Customer the non-exclusive, non-transferable and non-sublicensable, limited and revocable right to access and use the Services including the Dashboard pursuant to the terms of this Agreement and the applicable Order Form.
- Customer shall not make the Services available to Customer’s Affiliates without Adjust’s prior written confirmation (whereas a confirmation via email is sufficient). “Affiliate” means an entity which controls, is controlled by or is under common control with Customer.
- Customer may grant its employees, Agencies and Partners (“Authorized Users”) access to Customer’s account.
- Where Customer grants its Affiliates and/or Authorized Users access to the account, Customer shall ensure that such Affiliates and Authorized Users comply with the terms of this Agreement and the applicable Order Form and Customer shall remain liable for any breaches of the terms of this Agreement and the applicable Order Form by its Affiliates or Authorized Users as if they were its own.
- Apart from the parties mentioned in 6.2 and 6.3, Customer may not transfer, lend, rent, lease, distribute the Services, or use them for providing services to a third party, or grant any rights in and to the Services to a third party in any form, without Adjust’s express prior written consent.
- Adjust retains all intellectual property rights as well as any other rights in the Services as well as other services that are provided under this Agreement and the applicable Order Form, including all rights in patents, trademarks, source codes, databases, hardware or any other material (e.g. documentations, developments, functions, report templates and preparatory material).
- Customer retains full ownership of the data that Customer generates by using the Services (“Customer Data”). Customer has all rights in the reports, analytics, and other types of information and data that the Services may generate, provide or make available to the Customer.
- During the Term of this Agreement, Customer grants to Adjust the non-exclusive, transferable, sub-licensable and royalty-free right to use, host, transmit, display, and reproduce the content provided by or on behalf of Customer in connection with this Agreement, including Customer Data, for the sole purpose of fulfilling the obligations arising from this Agreement and the applicable Order Form.
- Adjust is entitled to refer to the collaboration with Customer and to depict Customer’s logo for self-promotional purposes unless the Parties have agreed otherwise in writing.
- Customer grants to Adjust a worldwide, perpetual, irrevocable, transferable, sub-licensable, royalty-free license to use any suggestion, recommendation, feature request, or other feedback related to the Services provided by or on behalf of Customer and its employees, and to incorporate any of the above into the Services.
7. Customer’s Rights and Obligations
- Customer is entitled to use the Services only in accordance with this Agreement and the applicable Order Form.
- Upon receipt of the Services, the Customer shall immediately notify Adjust in writing of any material defects in the Services.
- In order to enable and maintain a proper functioning of the Services, Customer must follow Adjust’s reasonable instructions and the protocols and specifications provided by Adjust (for example in Adjust’s Help Center).
- If Customer or a third party on behalf of Customer wants to run a penetration/vulnerability scan of the Services, Customer agrees that it may only do so with Adjust’s prior consent.
- Customer may not perform or attempt to perform any of the following in connection with the Services (or permit anyone else to perform the following):
- Breaching the security of the Services,
- Accessing data not intended for the Customer;
- Interferinging with, circumventing, manipulating, overloading, impairing or disrupting the operation, or the functionality of the Services;
- Circumventing or disclosing the user authentication or security of the Services or any host, network, or account related thereto;
- Transmitting any content, data or information that is unlawful or harmful;
- Using the Services to develop a similar or competing product or service;
- Accessing or using the Services in a manner that violates any applicable law.
- Customer will do the following in connection with the Services:
- Before accessing the Services, during use of the Services and when transferring data, take all reasonable precautions against security attacks on Customer’s systems; and
- Keep user IDs and passwords and other Dashboard access data secret, not pass them on to unauthorized third parties and protect them from being accessed by third parties by taking appropriate measures that are in line with the latest requirements and inform Adjust immediately as soon as Customer becomes aware of unauthorized third parties gaining access to these Dashboard access data.
8. Term, Termination, Downgrade, Suspension
- The term of this Agreement corresponds with the term indicated in the applicable Order Form (“Term”).
- In the event that the Order Form does not contain any term length provisions, the following shall apply:
This Agreement and the applicable Order Form shall be effective for 12 (twelve) consecutive months (“Initial Term”). Upon expiration of the Initial Term, this Agreement and the applicable Order Form shall automatically be renewed for 12 (twelve) consecutive months on a continuous basis (“Renewal Term”). To avoid a renewal of the (Renewal) Term, either Party must give the other Party written notice of its intent not to renew at least 45 days prior to the expiry of the (Renewal) Term.
- Each Party has the right to immediately terminate this Agreement and the applicable Order Form in accordance with the applicable law, in particular if:
- The other Party is dissolved or if insolvency, bankruptcy, judicial or extrajudicial reorganization proceedings are conducted against the other Party; or
- the other Party (“Breaching Party”) materially breaches the provisions of this Agreement, the applicable Order Form and/or violates applicable laws and fails to remedy such breach or violation upon receipt of a written request withing thirty (30) days. No such request is necessary if it has no prospect of success or if the breach or violation is so serious that the other Party cannot be reasonably expected to adhere to this Agreement. A breach or violation is also deemed serious if the Breaching Party has previously received written notice in respect of the same breach.
- The Parties will renegotiate the commercial details (fees and volume included) of this Agreement and/or the applicable Order Form if Customer’s account shows an abnormally high amount of tracked Data Points (“Misuse”). “Data Points” are the sum of all sessions (which include but are not limited to installs, attributions and reattributions), events, impressions and clicks which are tracked on behalf of Customer. Indications for a Misuse include but are not limited to: i) abnormally high amount of clicks and irregularly low conversion rate (“Click Spamming”) or ii) abnormally high amount of impressions or custom events. In the event that i) Customer fails to remedy the Misuse within three (3) working days upon Adjust's first written request; ii) the Parties fail to reach an agreement on the adjustment of this Agreement and/or the applicable Order Form; and/or iii) the Parties reach an agreement, but Customer’s account shows repeated/continuous Misuse of the Services, Adjust reserves the right to terminate this Agreement and the applicable Order Form extraordinarily upon providing a 14-days written notice to Customer.
- Adjust reserves the right to discontinue the provision of the Services in certain countries if applicable (local) laws make the provision of the Services impossible or economically unviable (for example due to data residency regulations). In such case Adjust may terminate this Agreement and the applicable Order Form extraordinarily upon providing a 90-days written notice to Customer.
- Upon termination or expiry of this Agreement and the applicable Order Form, Customer’s account will be terminated, meaning Customer will no longer have access to the Services, the Dashboard and its Adjust account. Adjust will delete the Customer Data within 60 days after the termination or expiry of this Agreement and the applicable Order Form unless statutory provisions applicable to Adjust require a further retention period. Customer is obliged to delete all copies of the codes (including SDKs, APIs, tracker links and associated secrets) that were provided by Adjust.
- Except as set forth in this Agreement or the applicable Order Form, neither Party shall have the right to terminate this Agreement and the applicable Order Form for convenience.
- A downgrade of the selected Services (the volume/package specified in the Order Form) during the current Term is not permitted. If Customer plans to downgrade the selected Services, Customer must give Adjust written notice of its intent to downgrade at least 45 days prior to the expiry of the current Term’s renewal date.
- Adjust may Suspend the Services if Adjust becomes aware of Customer’s material non-compliance with this Agreement and/or the applicable Order Form and in case of an emergency security issue. Adjust will (i) provide Customer written notice of the cause for suspension as soon as reasonably possible and (ii) the Suspension will be to the minimum extent and for the shortest duration reasonably required to resolve the cause for Suspension. “Suspend/Suspension” means disabling access to or use of the Services or components of the Services including Customer’s access to the Dashboard and Customer Data.
9. Fees, Payment
- The fees for the selected Services are set forth in the applicable Order Form. Unless explicitly stated otherwise, all fees are quoted exclusive of the statutory value-added tax (VAT) applicable at the relevant time.
- To the extent that the Order Form does not contain any deviating payment provisions, the following shall apply:
- Customer shall pay the fees for the whole Term in advance (prepayment). If Customer exceeds the limits of the selected Services (as set forth in the applicable Order Form), additional (re-)attributions/data points/monthly active users will be invoiced separately.
- Invoices will be sent to Customer in electronic form and must be paid withing 30 days of receipt.
- Except as explicitly stated otherwise in this Agreement and/or the applicable Order Form, Customer is responsible for paying all fees set out in the applicable Order Form, whether or not Customer actively used or accessed or otherwise benefited from the Services.
- In the event of late payments, Adjust reserves the right to Suspend Customer’s access to the Services in accordance with Section 8.9. For the avoidance of doubt, the Suspension shall not in any way affect the Term nor relieve the Customer of any further payment obligations.
- Adjust reserves the right to increase the fees by 5% with each Renewal Term.
- If i) Customer terminates this Agreement and the applicable Order Form in accordance with Section 8.3 due to a material breach by Adjust; or ii) Adjust terminates this Agreement and the applicable Order Form in accordance with Section 8.5 or Section 16.6, Adjust will refund Customer any prepaid fees for the Services not yet provided until the termination date.
- Adjust will indemnify Customer against third-party claims arising from an allegation that Adjust’s provision of the Services culpably infringes a third party’s intellectual property rights.
- Customer will indemnify Adjust against third-party claims arising from Customer’s use of the Services in breach of the terms this Agreement.
- The indemnifying Party shall indemnify and hold harmless the indemnified Party from claims under Section 10.1 and 10.2 and take the responsibility and control of all actions required to defend such claims at its own expense. If the indemnifying Party does not defend such claims or does not defend such claims in a proper manner or to the extent required, the indemnified Party may take any action deemed reasonably necessary for the defense itself.
- The Parties shall not acknowledge any claims asserted by third parties, or enter into any settlement agreement in respect thereof, without the prior written consent of the other Party. Such consent shall not be unreasonably withheld or delayed.
- Indemnifications are subject to the liability restrictions under Section 11.
- Adjust shall be responsible for ensuring that the Services operate as specified in this Agreement and the applicable Order Form. Adjust does not assume any liability for any damages resulting from a usage of the Services not in accordance with the specifications of this Agreement and the applicable Order Form.
- Adjust will be liable for damages only to the extent such damages are due to
- the intentional conduct of Adjust; or
- grossly negligent conduct of Adjust; or
- Adjust’s breach of a Material Contractual Duty. “Material Contractual Duties” are the contractual obligations protecting Customer’s material interests under this Agreement and the applicable Order Form which, if breached, would have a serious effect on a benefit of the Customer that is derived from this Agreement and the applicable Order Form.
- In the event of a just slightly negligent breach of a Material Contractual Duty by Adjust, Adjust’s liability shall be limited to the amount payable by Customer in the twelve (12) months preceding the event leading to the liability or EUR 200,000.00 aggregate, whichever is higher.
- Any claims for damages arising from a slight negligence by Adjust shall become time-barred within one (1) year upon occurrence of the damage.
- The foregoing limitations shall not affect liability for damages resulting from an injury to life, body, or health. The same applies to claims resulting from warranty breaches and claims under the German Product Liability Act.
- The provisions of this Section 11 shall also apply to Adjust’s legal representatives and agents.
- Adjust’s liability for indirect damages, in particular loss of profit is excluded.
- Adjust has no responsibility or liability regarding Customer’s reliance upon, or use of Customer Data, Customer’s actions or omissions in connection with the Customer Data, or any consequences resulting therefrom.
- Neither Party will be liable for failure or delay in performance of its obligations under this Agreement and the applicable Order Form to the extent caused by circumstances beyond its reasonable control, including, but not limited to, acts of God, natural disasters, terrorism, riots, or war (“Force Majeure”). If the period of delay or non-performance due to Force Majeure continues for 3 months, the Party not affected may terminate this Agreement and the applicable Order Form by giving 7 days’ written notice to the affected Party.
- Each Party (“Receiving Party”) shall keep in confidence and use solely for the purpose of performing its obligations under this Agreement and the applicable Order Form all Confidential Information which it receives from the other Party (“Disclosing Party”) in connection with this Agreement and the applicable Order Form. “Confidential Information” means all information and documents, including this Agreement and the applicable Order Form, which are either marked as confidential or which, according to the circumstances or their nature, should reasonably be considered to be confidential. In particular, Confidential Information comprises all trade secrets under the applicable law. Confidential Information also includes non-public technical, business or other information, information concerning technologies, research and development, products, services, prices for products and services, marketing plans and financial matters. Information which
- was already known to the Receiving Party before it received such information from the Disclosing Party under this Agreement;
- the Receiving Party independently developed without availing itself of Confidential Information of the Disclosing Party;
- the Receiving Party obtained from a third party, provided the respective third party is entitled to disclose such information without violating confidentiality obligations protecting the Disclosing Party’s Confidential Information;
- is or becomes generally known without fault of the part of the Receiving Party; or
- the Disclosing Party has exempted from confidentiality vis-à-vis the Receiving Party by way of a written agreement, is not Confidential Information.
- The Receiving Party shall protect Confidential Information against unauthorized access and treat such information with the same care they apply to their own, equally Confidential Information, but in no event less than a reasonable duty of care. Except with the prior written approval of the Disclosing Party, the Receiving Party shall not disclose Confidential Information to any third party. Nothing in this Agreement prohibits either Party from making disclosures of Confidential Information if required by applicable law, subpoena, or court order, provided (if permitted by applicable law) it notifies the other Party in advance and cooperates in any effort to obtain confidential treatment.
- The Receiving Party may use and have used and disclose Confidential Information by or to (i) its subcontractors, (ii) its technical service providers, e.g. of hosting or outsourcing services, (iii) legal counsel, tax advisors, auditors and/or accountants, (iv) third parties that are involved in M&A or restructuring activities concerning the Receiving Party to the extent this is reasonably required to conduct such activities, in each case of (i) through (iv) provided that such third party is bound by legal or professional confidentiality duties or has agreed toward the Receiving Party to confidentiality obligations that are materially comparable to the terms of this Section 12.
- The Receiving Party shall return or irretrievably delete (as reasonably instructed by the Disclosing Party) any and all Confidential Information upon (i) the termination of this Agreement or any applicable Order Form; or (ii) written request by the Disclosing Party, whichever happens first. The Receiving Party shall not be required to delete or erase such copies of Confidential Information that are stored on backup media or backup servers until such time as the backup copies are scheduled to be deleted in accordance with recognized IT security procedures, provided that, subject to Section 12.2, the Receiving Party will not use any such retained Confidential Information for other than back-up purposes.
- This Section 12 shall survive the termination of this Agreement and the applicable Order Form by a term of three (3) years.
13. Agencies and Partners
- Customer may also be an agency that is representing or providing services for the benefit of its clients (“Agency“). Agency may give its clients access to the Dashboard and use the Services for the benefit of its clients provided that the requirements and restrictions of this Agreement and the applicable Order Form, in particular Section 16 (Export Control) below, are met. Section 6 remains unaffected. Agency warrants that it will only use the Services as contractually agreed with its clients.
- The Services enable Customer to measure and analyze marketing campaigns with certain third parties that Customer cooperates with, such as advertising networks, publishers and analytics providers (“Partners“). Customer may give Partners access to the Customer Data and the Dashboard, subject to a separate agreement between Customer and the respective Partner. Section 6 remains unaffected. Customer warrants that it will only use the Services as contractually agreed with its Partners.
- Adjust will not be liable to Agency’s clients or to Partners under any circumstances and does not make any representations or warranties to Agency’s clients or to Partners. This contract has no protective effect in favor of the Agency’s clients or in favor of Partners and neither the Agency’s clients nor the Partners shall have any contractual recourse against Adjust.
14. Data Protection
- Pursuant to Article 28 European General Data Protection Regulation (“GDPR”), the processing of personal data by Adjust on behalf of Customer requires a written agreement (“Data Processing Agreement”). Customer hereby commissions Adjust to process personal data on its behalf in accordance with the conditions of the Annex “Data Processing Agreement”.
- Each Party shall comply with all applicable data protection and privacy laws and regulations.
- Customer will inform its end-/app users (i.e. the “Data Subjects”) in accordance with applicable requirements (Art. 13/14 GDPR), as only Customer as the data controller is in direct contact with the Data Subjects. Customer is responsible and guarantees to obtain and maintain valid consents from all the Data Subjects, as may be necessary under applicable law (including data protection, privacy or data processing laws and regulations) to process their personal data in the manner and for the purposes set forth in this Agreement and the applicable Order Form. Consent from all of Customer’s Data Subjects is required if Customer uses the product “Audience Builder”.
Customers with services/apps directed to children might be subject to the US Children’s Online Privacy Protection Act (“COPPA”). If applicable, Customer is not allowed to share personal identifiers including but not limited to IP-addresses, IDFA (Identifier for Advertising) or IDFV (Identifier for Vendor), Android ID, Google Play Advertising ID and Google Play store referrer, WindowsHardware ID, Windows NetworkID, Windows Phone device ID and UUIDs (“Personal Identifiers”) with Partners of Adjust or other third parties. All the aforementioned identifiers are potentially data collected within the Services. To learn more about how COPPA defines services directed to children and the rule’s requirements, see here.
16. Export Control
- For the purposes of this section the following definitions shall apply:
- “Export Control Law” means all applicable export control laws, regulations, orders or decisions of any government agency or court, such as national, international, EU, and U.S. export control laws, embargoes, sanctions, or other restrictions, affecting any business or transaction such as export, import, supply, sale or purchase, provision or receiving of services or technical support, investments, or payments between Adjust and Customer or any third party. An Export Control Law is only applicable insofar as compliance with this law does not result in a violation of Section 7 of the German Foreign Trade Ordinance (Aussenwirtschaftsverordnung), EU Council Regulation (EC) No 2271/96 of 22 November 1996, or any other German or EU anti-boycott law.
- “Sanctioned Person” means any natural or legal person, entity or body with which the conduct of any business or transaction is restricted or prohibited by Export Control Law.
- “Necessary License” means any license or permission required by Export Control Law to perform services or any other act.
- Customer warrants to comply with Export Control Law in all respects as regards the performance of this Agreement. Where Export Control Law requires Customer to apply for Necessary Licenses, Customer warrants to obtain all Necessary Licenses related to the performance of this Agreement.
- Customer confirms that the Services and software provided by Adjust and any related technology will not be used directly or indirectly for any purpose or in any way which contravenes Export Control Law.
- Customer confirms that it is not a Sanctioned Person. Customer immediately informs Adjust if it becomes a Sanctioned Person. Customer ensures that Adjust never has any direct or indirect contact with a Sanctioned Person.
- Customer certifies that the Services are not, in whole or in part, in fact for the benefit of the Government of Russia or any legal person, entity or body established in Russia, nor are they in any other way, directly or indirectly, passed on to the Government of Russia or any legal person, entity or body established in Russia, to the extent that this would constitute a breach of Article 5n of Council Regulation (EU) No. 833/2014, as amended.
- Adjust has the right to terminate the Agreement at any time if the Export Control Law precludes the performance of the Agreement, in particular if a Necessary License is not granted or Sanctioned Persons are involved in the performance of the Agreement.
- If Customer breaches the above obligations, it shall – without prejudice to other provisions – bear all damages, expenses and other disadvantages incurred by Adjust as a result thereof. This does not apply if Customer is not responsible for the breach of its obligations.
17. Service Availability
Adjust shall use commercially reasonable efforts to ensure the Services are available at least 99.8% per year. Adjust points out that the Services may be interrupted or disrupted by circumstances beyond Adjust’s area of responsibility, including but not limited to acts of third parties that do not act on Adjust’s behalf, technical conditions of the internet that Adjust cannot influence or Force Majeure. If such circumstances interfere with the availability or functionality of the Services, this has no effect on the contractual conformity of the Services provided by Adjust.
- This Agreement and the applicable Order Form shall be governed by and construed under the laws of Germany without reference to its conflict of law provisions. The UN convention on contracts on the international sale of goods (CISG) is excluded.
- All disputes arising out of or in connection with this Agreement and the applicable Order Form shall be finally settled in accordance with the Arbitration Rules of the German Arbitration Institute (DIS) without recourse to the ordinary courts of law. The arbitral tribunal shall be comprised of a sole arbitrator. The seat of the arbitration is Berlin, Germany. The language of the arbitration shall be English. Adjust shall, however, in individual cases be entitled to bring an action before the competent state courts; exclusive place of jurisdiction is Berlin, Germany.
- Unless explicitly stated otherwise, Customer will provide notices under this Agreement to Adjust by sending an email to firstname.lastname@example.org and Adjust will provide notices under this Agreement to Customer by sending an email to the email address provided in the Customer account. Notice will be treated as received when the email is sent. Customer is responsible for keeping its email address current throughout the Term.
- If any provision of this Agreement and/or the applicable Order Form or part thereof is invalid or becomes invalid at a later time, the validity of the remaining provisions shall remain unaffected. The relevant provision shall be replaced by a provision that as closely as possible reflects the economic purpose of the invalid provision. The foregoing shall apply analogously if any provision has inadvertently been omitted.
- Unless otherwise specified in this Agreement, Customer shall not assign or otherwise transfer any rights or obligations under this Agreement without Adjust’s permission. Adjust may assign, novate and/or transfer this Agreement, and its rights and obligations hereunder, in whole or in part, to (i) any of its Affiliates; or (ii) to a third party in connection with a reorganization, merger, acquisition, or sale of all or substantially all of its assets. This Agreement will be binding on the Parties and their respective successors and permitted assigns. Any assignment in contravention of this Section 18.5 is void.
- By entering into this Agreement and the applicable Order Form each Party represents and warrants that it has full power and authority to do so.
- The provision of the Services is exclusively directed at entrepreneurs, i.e., natural or legal persons or partnerships with legal capacity who, at the time of conclusion of this Agreement, are acting in the exercise of their commercial or independent professional activity. Customer confirms that it is an entrepreneur in this sense.
Annex: Data Processing Agreement
- Adjust provides Services to Customer in accordance with the Agreement.
- This Data Processing Agreement shall stipulate, in particular, the Party’s rights and obligations pursuant to Article 28 (3) GDPR.
- Customer has carefully selected Adjust on the basis that Adjust provides sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of the GDPR and ensure the protection of the rights of the Data Subject.
- With this Data Processing Agreement, the Parties intend to provide the required contractual basis for the processing of Personal Data by Adjust in the provision of the Services.
NOW THEREFORE, the Parties agree as follows:
1. Terms and definitions
1.1. Definitions of the GDPR
For the purposes of this Data Processing Agreement, the definitions of Article 4 GDPR apply, unless otherwise defined below in Section 1.3.
1.2. Definitions of the Agreement
For the purposes of this Data Processing Agreement, the definitions set out in the Agreement apply, unless otherwise defined below in Section 1.3.
1.3. Specific definitions of this Data Processing Agreement
For the purposes of this Data Processing Agreement, the following differing and/or additional definitions shall apply:
- “Data Processing Agreement” or “DPA” means this Data Processing Agreement including its annexes.
- “Data Processing Services” or “Services” means the services provided by Adjust, acting as Processor, to Customer under the Agreement and the applicable Order Form, which include, but are not limited to supporting Customer in the analysis and optimisation of Customer’s mobile advertising campaigns.
- “EEA” means the European Economic Area.
- “End User” means a natural person interacting with the Controller’s online advertisements and/or apps.
- “EU” or “Union” means the European Union.
- “General Data Protection Regulation” or “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC.
- “Member State” means a member state of the EU and/or a contracting state of the EEA.
- “SCC” means the European Commission's Standard Contractual Clauses for the transfer of Personal Data to third countries pursuant to Regulation (EU) 2016/679 as set out in the Annex to the Commission's Implementing Decision (EU) 2021/914 and/or the European Commission's Standard Contractual Clauses for the transfer of Personal Data from the EU to Processors established in third countries (Controller-to-Processor transfers), or such alternative clauses as may be approved by the European Commission from time to time.
- “Sub-processor” means any other processor engaged by a processor pursuant to Article 28 (2) and (4) GDPR.
- “Third Country” means any country outside the EEA.
- “Third Parties” (or individually a “Third Party”) means any natural or legal person, public authority, agency or other body other than the Parties and natural persons who, under the direct authority of either Party, are authorised to process Personal Data.
- “White List Country” means any Third Country for which an adequacy decision of the EU Commission pursuant to Article 45 (3) GDPR or Article 25 (6) Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of Personal Data and on the free movement of such data applies.
2. Scope of applicability, Parties and their respective roles
2.1. Scope of applicability
This DPA applies to any processing of Personal Data by Adjust in its role as Processor in the provision of the Services.
2.1. Parties and their respective roles
2.1.1. For purposes of this DPA, Customer is the Controller and Adjust is the Processor.
This means that the obligations and rights of the Controller (as set out in particular in Section 3 of this DPA) apply to Customer and the obligations of the Processor (as set out in particular in Section 4 this DPA) apply to Adjust.
3. Details of the processing
The subject matter and duration of the processing, the nature and purpose of the processing, the type of Personal Data and categories of Data Subjects are set out in Appendix 1 to this DPA.
The location of the processing is also specified in Appendix 1 to this DPA.
4. Obligations and rights of the Controller
4.1. Responsibility of the Controller
The Controller shall be responsible for complying with the obligations applicable to a Controller pursuant to the GDPR, in particular complying with the principles relating to processing of Personal Data laid down in Chapter II GDPR and compliance with Data Subjects' rights laid down in Chapter III GDPR.
4.2. Right to issue instructions
The Controller has the right to issue written instructions to the Processor regarding the processing of Personal Data under this DPA.
4.3. Right to request information and conduct audits, including inspections
The Controller has the right to request from the Processor all information necessary to demonstrate compliance with the obligations laid down in Article 28 GDPR and to conduct audits, including inspections, of the Processor by itself or by another auditor mandated by the Controller. Prior to an audit, the Controller and the Processor will agree on the timeline, scope, and methodology of the audit - unless it appears necessary to carry out an audit without prior notification, because otherwise the purpose of the audit would be jeopardized.
5. Obligations of the processor
5.1. Processing on documented instructions from the Controller
- The Processor shall only process the Personal Data which is subject to this DPA in accordance with the instructions from the Controller, including with regard to transfers of personal data to a Third Country or an international organisation, unless required to do so by Union or Member State law to which the Processor is subject; in such a case, the Processor shall inform the Controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest.
- The Processor shall immediately inform the Controller if, in its opinion, an instruction infringes the GDPR or other Union or Member State data protection provisions.
5.2. Confidentiality of persons authorised to process the Personal Data
The Processor shall ensure that persons authorised to process the Personal Data which is subject to this DPA have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
5.3. Security of the processing
- The Processor shall take all technical and organisational measures to ensure the security of the Personal Data which is subject to this DPA required pursuant to Article 32 GDPR.
- The specific measures to be taken by the Processor are set out in Appendix 2 to this DPA.
- The technical and organisational measures are subject to technological progress and refinement. The Processor is therefore entitled and where applicable obliged according to Article 32 GDPR to take additional or alternative measures to the measures set out in Appendix 2 to this DPA. Possible additional or alternative measures shall not reduce the security level of the measures specified in Appendix 2.
- When taking the measures required according to Article 32 GDPR, the Processor shall take into account the risks to the rights and freedoms of Data Subjects arising from the processing. When carrying out the risk assessment, the Processor shall in particular take into account the details of the processing described in Appendix 1.
- The Processor shall notify the Controller without undue delay after becoming aware of a Personal Data breach relating to Personal Data which is subject to this DPA.
5.4. Engagement of another processor (Sub-processor)
- The Processor acknowledges that the following conditions pursuant to Article 28 (2) and (4) GDPR shall apply if the Processor engages a Sub-processor:
- The Processor shall not engage a Sub-processor without prior specific or general written authorisation of the Controller. In the case of general written authorisation, the Processor shall inform the Controller of any intended changes concerning the addition or replacement of a Sub-processor, thereby giving the Controller the opportunity to object to such changes.
- Where the Processor engages a Sub-processor for carrying out specific processing activities on behalf of the Controller, the same data protection obligations as set out in this DPA shall be imposed on that other processor by way of a contract, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the GDPR.
- Where a Sub-processor fails to fulfil its data protection obligations, the Processor shall remain fully liable to the Controller for the performance of that Sub-processor's obligations.
- The Controller hereby grants the specific authorisation to the engagement of the Sub-processors listed in Appendix 3 under the conditions laid down in Section 5.4.1. To the extent that the processing of Personal Data by any such Sub-processors requires the transfer of personal data to a country that is not a White List Country, the Controller authorises the Processor to enter into SCC with the applicable Sub-processor.
- The Controller hereby grants the general authorisation to the engagement of additional Sub-processors under the conditions laid down in Section 5.4.1. The Processor shall inform the Controller in writing of any intended changes to the list of Sub-processors in Appendix 3 through the addition or replacement of Sub-processors at least three (3) weeks in advance, thereby giving the Controller sufficient time to be able to object to such changes prior to the engagement of the concerned Sub-processor(s). The Processor shall provide the Controller with the information necessary to enable the Controller to exercise the right to object.
5.5. Assistance for the fulfilment of the Controller's obligation to respond to requests for exercising the Data Subject's rights
- The Processor, taking into account the nature of the processing, shall assist the Controller by applying appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller's obligation to respond to Data Subject requests pursuant to Chapter III GDPR, but only insofar as the Data Subject's request relates to Personal Data which is subject to this DPA.
- The Processor shall offer an automatic opt-out tool on its website to allow end users to object to the processing of their personal data.
5.6. Deletion or return of the Personal Data to the Controller after the end of the provision of Services
- The Processor, at the choice of the Controller, shall delete or return all the Personal Data which is subject to this DPA to the Controller after the end of the provision of the Services and shall delete existing copies unless Union or Member State law requires storage of the Personal Data.
- For the avoidance of doubt: the Processor shall also delete Personal Data which is subject to this DPA at any time prior to the end of the provision of the Services upon the written instruction of the Controller.
6. Transfers of personal data to Third Countries
- Conditions for Transfers of personal data to Third Countries
Adjust and any Sub-processor engaged by Adjust shall not transfer and/or process personal data which is subject to this DPA to/in Third Countries other than White List Countries without the prior written authorisation of Controller for specific Third Countries and only where the conditions set out in Chapter V of the GDPR are met.
- Transfers to recipients which are not Sub-processors
To the extent the Controller instructs the Processor to transfer Personal Data to a recipient in a Third Country that does not satisfy the conditions set out in Section 4.4, the Controller is responsible for compliance with the conditions set out in Chapter V of the GDPR.
The liability of the Parties under this DPA shall be governed by the applicable statutory law.
8. Term of this DPA
The term of this DPA corresponds with the term of the Agreement.
9.Governing law and place of jurisdiction
This DPA shall be governed by and construed in accordance with German law.
For all disputes in connection with this DPA, the sole place of jurisdiction shall be Berlin to the extent permitted by law.
10. Final provisions
- Information on deficiencies of this Data Processing Agreement
Each Party shall inform the other Party without delay if it considers that this DPA does not meet the requirements of a processing contract according to the relevant provisions of the GDPR and/or any guidelines, recommendations, or other positions of the supervisory authorities, in particular the European Data Protection Board. In such a scenario Customer and Adjust shall endeavour to adapt this DPA to the legal and/or official requirements.
- Amendments and additions to this Data Processing Agreement
Amendments and additions to this DPA require written form. This also applies to any waiver of the written form requirement.
Scanned copies of documents signed in the original as well as documents signed electronically, even without a qualified electronic signature, satisfy the written form requirement and are deemed to be originals.
If any provision of this DPA is or becomes fully or partly invalid or unenforceable, this shall not affect the validity of the remaining provisions. The Parties undertake to jointly replace the invalid or unenforceable provision with a valid provision which comes as close as possible to the invalid or unenforceable one. The same applies to any omission in this DPA.
12. Order of precedence
In case of conflicts between this DPA and other agreements between the Parties, in particular the Agreement, the provisions of this DPA shall prevail.
Appendix 1: Details of the processing
Appendix 2: Security measures
Appendix 3: Sub-processors
Details of the processing
- Subject-matter of the processing
The subject matter of the processing is the provision of the Services.
- Duration of the processing
The duration of the processing is determined by the duration of the Agreement and the applicable Order Form.
- Purpose of the processing
The processing serves the purpose of provision of the Services, namely:
Analyzing the behavior of End Users interacting with the Customer’s online advertisements and/or app(s) and thus supporting the Customer in optimising the Customer’s online advertising campaigns. For this purpose, an End User’s device and connection data is read out when interacting with the Customer’s online advertisements and/or app(s) and are stored for the recognition of an End User as well as for tracking the End User’s usage behavior.
- Nature of the processing
Collection, recording: Collection of Personal Data of Customer’s End Users through the Software Development Kit (SDK) and tracking URLs.
Storage: Hosting of Personal Data.
Use: Using the Personal Data for the provision of the Services, for example matching an End User’s to the source that drove the End User’s install (“Attribution”).
Disclosure (by trans-mission, dissemination or otherwise making available): If applicable, disclosure to Partners that the Customer chooses/activates via the Dashboard (subject to a separate agreement between the Customer and the Partner).
Erasure, destruction: Erasure of the Personal Data at the choice of the Customer after the end of the provision of the Services (Section 5.6 of this DPA).
- Categories of Data Subjects
- Type of Personal Data
Which Personal Data Adjust specifically processes on behalf of the Customer depends on the Customer’s SDK and Dashboard settings.
In general, Adjust processes the following Personal Data:
device ID including advertising ID
user agent (country, language, local settings, [version of the] operating system as well as the app version)
device and app/web activity information (last session, in-app purchases etc.)
An overview of all data points that Adjust can potentially process on behalf of the Customer can be found in Adjust’s Help Center:
Customer shall be prohibited from using the Services for processing any Personal Data other than the Personal Data listed above, including, but not limited to the End User’s name or contact details and any information defined as special categories of data under Art. 9 GDPR (Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation).
- Location of the processing
- EU / EEA
- Third Countries: USA
- Confidentiality (Art. 32 (1) (b) GDPR)
- Physical access control: The prevention of unauthorized parties gaining access to data processing systems. These measures include an electronic access control system with protocols, a documented key allocation to employees and colocation-customers for colocation racks, video surveillance of the entrances and exits and a 24/7 occupancy of the data center at the Sub-processor’s premises (Leaseweb). In addition, there are guidelines on how to accompany and identify guests in the building.
- Logical access control: Measures that prevent the unauthorized use of the data processing systems. A password protected access is used that only authorized personnel can use.
- Data access control: Measures that ensure that people entitled to use the data processing systems can solely access data that they are entitled to access in accordance with their access rights, and that during the course of processing, use and after storage, data cannot be read, copied, modified or deleted without authorization. Audit-proof and binding authorization procedures have been implemented for the authorized employees.
- Separation control: Measures that ensure that data that was collected for different purposes can be processed separately. The data is physically or logically stored separately from other data and the data backups are made on systems that are logically and/or physically separate.
- Pseudonymisation (Art. 32 (1) (a) GDPR; Art. 25 (1) GDPR)
The processing of data in such a method/way, that the data cannot be associated with a specific Data Subject without the assistance of additional information, provided that this additional information is stored separately, and is subject to appropriate technical and organisational measures.
- Integrity (Art. 32 (1) (b) GDPR)
Data transfer control: Measures that ensure that during electronic transmission, transport or storage on data carriers data cannot be read, copied, modified or deleted without authorization, and that it can be established and verified to which entities a transfer of data by means of data transmission facilities is planned. All employees have undertaken to comply with the principle of data secrecy and there are capacities for encrypted data transmissions. Furthermore, the data is deleted in accordance with data protection laws after the end of the commission.
- Entry control
Measures that ensure the establishment of an audit trail to document whether and by whom data have been entered into, modified in or removed from the data processing systems. Entries can only be done by authorized persons that possess the identification key and password. All logins and log-offs as well as entries into the system are logged. The integrity of the data is assured by the software design.
- Availability and Resilience (Art. 32 (1) (b) GDPR)
- Availability control: Measures that ensure that the data is protected against accidental destruction or loss. Backup and recovery procedures with a daily mirroring of the data have been implemented. The technical availability is ensured by hard disk mirroring.
- In addition, there is uninterruptible power supply and a firewall system as well as port regulations are in place.
- Rapid Recovery (Art. 32 (1) (c) GDPR)
Adjust creates continuous backups, which are also continuously transferred to a remote site. With this back-up, Adjust can restore data. There is a regular check to see if recovery works this way.
- Procedures for regular testing, assessment and evaluation (Art. 32 (1) (d) GDPR; Art. 25 (1) GDPR)
Data protection management: All employees are demonstrably committed to data secrecy and receive a training at least once a year. The processor has appointed a data protection officer.
- Incident response management
In the event of a data loss, notification to the affected customers will happen without undue delay upon discovery of the relevant data loss incident. In addition, the management, the CTO and the data protection officer are informed immediately. The Customer and others may report any loss of data to email@example.com.
- Data protection by design and default (Art. 25 (2) GDPR)
Adjust only collects data that is mandatory for the provision of the Services.
- Control of instructions
Measures that ensure that the data is solely processed in accordance with the Customer’s instructions. Adjust’s employees are instructed on the relevant data protection law on a regular basis, and they are familiar with the procedural requirements and user guidelines for data processing. The unambiguous wording of this DPA ensures that the data may only be processed in accordance with the instructions issued by the Customer.
- Name and address of Sub-processor: Leaseweb Germany GmbH, Kleyerstrasse 79, 60326 Frankfurt am Main, Germany
- Scope, nature and purpose of Sub-processing: Rendering web hosting services to Adjust
- Categories of Data Subjects: As defined in Appendix 1
- Types of Personal Data: As defined in Appendix 1
- Duration of Sub-processing: For the term of this DPA
- Location of the Sub-processing: Germany
- Name and address of Sub-processor: Leaseweb Netherlands B.V., Luttenbergweg 8, 1101 EC Amsterdam, Netherlands
- Scope, nature and purpose of Sub-processing: Rendering web hosting services to Adjust
- Categories of Data Subjects: As defined in Appendix 1
- Types of Personal Data: As defined in Appendix 1
- Duration of Sub-processing: For the term of this DPA
- Location of the Sub-processing: The Netherlands
- Name and address of Sub-processor: Leaseweb USA, Inc., 9301 Innovation Drive, Suite 100, Manassas, VA 20110, USA
- Scope, nature and purpose of Sub-processing: Rendering web hosting services to Adjust
- Categories of Data Subjects: As defined in Appendix 1
- Types of Personal Data: As defined in Appendix 1
- Duration of Sub-processing: For the term of this DPA
- Location of the Sub-processing: USA (Leaseweb USA, Inc. is part of the Data Privacy Framework)