Data Protection Addendum

Last updated: May 24,2018

This Data ProtectionAddendum, henceforth referred to as the “Addendum”, is entered into by andbetween Jason Portnoy and/or JPORT Media., henceforth referred to as“”, and the customer agreeing to this Addendum, henceforthreferred to as the “Customer”.

This Addendum will beeffective from the Addendum Effective Date (as defined below) and replace anypreviously applicable data protection addendum.

If you are acceptingthis Addendum on behalf of Customer/Affiliate, you represent and warrant that:

  • You have readand understood this Addendum
  • You have fulllegal authority to bind yourself, or the applicable entity, to these Terms
  • You agree, on behalf of the party yourepresent, to this Addendum.

If you do not have thelegal authority to bind Customer, please do not “Sign/Accept/Opt IN”.


This Addendum sets out termsthat will apply to processing of Customer’s Personal Data under the PrivacyPolicy Agreement executed by and Customer.


Terms Defined by the General Data ProtectionRegulation (GDPR):

  • “AddendumEffective Date” is defined as the date on which Customer clicked to accept oropt-in to this Addendum.
  • “AdequateCountry” is defined as a country which is deemed adequate by the European Commissionunder Article 25(6) of Directive 95/46/EC or Article 45 of GDPR.
  • “Data Subject”is defined as the identified or identifiable person who is the subject ofPersonal Data.
  • “Personal Data”is defined as any information included in the Customer Data relating to anidentified or identifiable natural person; an identifiable person is one whocan be identified, directly or indirectly, in particular by reference to anidentification number or to one or more factors specific to his physical,physiological, mental, economic, cultural, or social identity.
  • “Processing” isdefined by the applicable EU Data Protection Law and “process”, “processes” and“processed” will be interpreted accordingly.
  • “DataController” is defined as the party that determines the purposes and means ofthe Processing of Personal Data.
  • “DataProcessor” is defined as the party that Processes Personal Data on behalf of,or under the instruction of, the Data Controller.
  • “Data TransferMechanism” is defined as an alternative data export solution for the lawfultransfer of Customer Data (as recognized under EU Data Protection Law) outsidethe EEA.
  • “DataProtection Laws” are defined with respect to a party, all privacy, data protection,information security-related, and other laws and regulations applicable to suchparty, including, where applicable, EU Data Protection Law.
  • “DataProtection Authority” is defined as the competent body in the jurisdictioncharged with enforcement of applicable Data Protection Law.
  • “EEA” means theEuropean Economic Area, United Kingdom, and Switzerland.
  • “EU DataProtection Law” means
    ○ Prior to 25thMay 2018, European Union Directive 95/46/EC; and
    ○ On and after25th May 2018, European Union Regulation 2016/679 (“GDPR”)
  • References to“written instructions” and related terms mean Data Controller’s instructionsfor Processing of Customer Data, which consist of
    ○ The terms ofthe Agreement and this Addendum,
    ○ Processingenabled by Data Controller through the Service, and
    ○ Otherreasonable written instructions of Data Controller consistent with the terms ofthe Agreement.
  • “ModelContracts” are defined as the Standard Contractual Clauses for Processors asapproved by the European Commission under Decision 2010/87/EU in the form madeaccessible in the Workspace.
  • “SecurityIncident” is defined as any unauthorized or unlawful confirmed breach ofsecurity that leads to the accidental or unlawful destruction, loss,alteration, unauthorized disclosure of, or access to Personal Data in DataProcessor’s control.
  • “Subprocessor”is defined as any Third Party engaged by Data Processor or its affiliates toprocess any Customer Data pursuant to the Agreement or this Addendum.
  • “Third Party”shall mean any natural or legal person, public authority, agency, or any otherbody other than the Data Subject, Data Controller, Data Processor,Subprocessors, or other persons who, under the direct authority of the Data Controlleror Data Processor, are authorized to Process the data.
  • Other capitalized terms not defined herein havethe meanings given in the Agreement.

Terms Defined by with Respectto GDPR:

  • “Data Subjects”are defined to include the individuals about whom data is provided via the Services by (or at the direction of) the Customer.
  • “Details ofProcessing Subject Matter” is defined as the subject matter of the dataprocessing under this Addendum is the Customer Data.
  • “Duration ofthe Processing” is defined as the duration of the data processing under thisAddendum is until the termination of the Agreement plus the period from theexpiry of the Agreement until deletion of all Customer Data by www.jportnoy.comin accordance with the terms of the Addendum.
  • “Nature andPurpose of the Processing” is defined as the purpose of the Processing underthis Addendum is the provision of the Service to Customer and the performanceof's obligations under the Agreement (including this Addendum)or as otherwise agreed by the parties.
  • “Categories ofData” is defined as data relating to individuals provided to www.jportnoy.comwhen Customers sign up, login, use the product, interact with the website, andinteract with the ads.
  • “Security Measures” are defined as the measuresthat agrees to use. They are commercially reasonable technicaland organizational measures designed to prevent unauthorized access, use,alteration, or disclosure of the Service or Customer Data.


  • This Addendumforms part of the Agreement and except as expressly set forth in this Addendum,the Agreement remains unchanged and in full force and effect. If there is anyconflict between this Addendum and the Agreement, this Addendum shall prevailto the extent of that conflict in connection with the Processing of Customer’sPersonal Data.
  • All activitiesunder this Addendum (including without limitation Processing of Customer Data)remain subject to the applicable limitations of liability set forth in theAgreement.
  • This Addendumwill be governed by and construed in accordance with governing law andjurisdiction provisions in the Agreement, unless required otherwise byapplicable Data Protection Laws.
  • This Addendum and Model Contracts willautomatically terminate upon expiration or termination of the Agreement.


  • This regulationapplies to the processing of the personal data in the context of the activitiesof the establishment of a Controller or a Processor in the EU.
  • This Addendumapplies where and to the extent that processes Customer Datathat originates from the EEA or that is otherwise subject to EU Data ProtectionLaw on behalf of Customer in the course of providing the Service pursuant tothe Agreement.
  • This Addendum applies where and to the extentthat processes Customer Data that originates from the EEA orthat is otherwise subject to EU Data Protection Law on behalf of Customer inthe course of providing the Service pursuant to the Agreement.


  • Customer willact as the Data Controller and will act as the Data Processorunder this Addendum. Both Customer and shall be subject toapplicable Data Protection Laws in the carrying out of their responsibilitiesas set forth in this Addendum.
  • Customerretains all ownership rights in the Customer Data, as set forth in theAgreement. Except as expressly authorized by Customer in writing or asinstructed by Customer, shall have no right directly orindirectly to sell, rent, lease, combine, display, perform, modify, transfer,or disclose the Customer Data or any derivative work thereof. www.jportnoy.comshall act only in accordance with Customer's instructions regarding theProcessing of the Customer Data except to the extent prohibited by applicableData Protection Laws.
  • Additionalinstructions not consistent with the scope of the Agreement require priorwritten agreement of the parties, including agreement on any additional feespayable by Customer.
  • Notwithstandingthe above, Customer acknowledges that shall have a right touse Aggregated Anonymous Data as detailed in the Agreement Section 4.4.
  • www.jportnoy.comshall not disclose the Customer Data to any Third Party in any circumstancesother than in compliance with Customer’s instructions or in compliance with alegal obligation to disclose. shall inform Customer in writingprior to making any such legally required disclosure, to the extent permittedby Data Protection Laws.
  • For clarity, nothing in this Addendum from transmitting Customer Data (including without limitationPersonal Data) as instructed by Customer through the Service.


  •’sobligations under this Addendum shall apply to’s employees,agents and Subprocessors who may have access to the Personal Data.
  • Customer agreesthat is authorized to use Subprocessors (including withoutlimitation cloud infrastructure providers) to Process the Personal Data,provided that
    ○ Enters into awritten agreement with any Subprocessor, imposing data protection obligationssubstantially similar to this Addendum; and
    ○ Remains liablefor compliance with the obligations of this Addendum and for any acts oromissions of the Subprocessor that cause to breach any of itsobligations under this Addendum.
  • Information about Subprocessors, includingtheir functions and locations, is available on request and may be updated bywww.jportnoy.comfrom time to time in accordance with this Addendum.


  • www.jportnoy.comshall implement and maintain appropriate technical and organizational securitymeasures to protect Personal Data from Security Incidents and to preserve thesecurity and confidentiality of the Personal Data, in accordance's security standards.
  • Customer isresponsible for reviewing the information made available by wwww.jportnoy.comrelating to data security and making an independent determination as to whetherthe Service meets the Customer’s requirements and legal obligations under DataProtection Laws. Customer acknowledges that the Security Measures are subjectto technical progress and that may update or modify theSecurity Measures from time to time provided that such updates andmodifications do not result in the degradation of the overall security of theService purchased by Customer.
  • shall ensure that any personwho is authorized by Customer to process Personal Data (including its staff,agents and Subprocessors) shall be under an appropriate contractual orstatutory obligation of confidentiality.


  • www.jportnoy.commay, subject to complying with this Section 8, store and process Customer Dataanywhere in the world where, its affiliates or Subprocessorsmaintain data processing operations.
  • To the extentthat processes any Personal Data protected by GDPR and/ororiginating from the EEA in the United States or another country outside theEEA that is not designated as an Adequate Country, then the parties shall signthe Model Contracts.
  • The partiesagree that is the “data importer” and Customer is the “dataexporter” under the Model Contracts (notwithstanding that Customer may be anentity located outside of the EEA).
  • The parties agree that the data export solutionidentified in Section 8.B shall not apply if and to the extent adopts an Alternative Transfer Mechanism. In which event, theAlternative Transfer Mechanism shall apply instead (but only to the extent suchAlternative Transfer Mechanism extends to the territories to which PersonalData is transferred).


  • At Customer’srequest and expense, shall reasonably assist Customer asnecessary to meet its obligations to regulatory authorities, including DataProtection Authorities.
  • shall (at Customer's expense)reasonably assist Customer to respond to requests from individuals in relationto their rights of data access, rectification, erasure, restriction,portability and objection. In the event that any such request is made directlyto, shall not respond to such communicationdirectly without Customer's prior authorization unless required by DataProtection Laws.


  • At Customer’srequest, shall provide Customer with written responses to allreasonable requests for information made by Customer relevant to the Processingof Personal Data under this Addendum, including responses to security and auditquestionnaires, in each case solely to the extent necessary to’s compliance with this Addendum.
  • www.jportnoy.comwill provide such information within thirty (30) days of Customer’s writtenrequest, unless shorter notice is required by Customer’s regulatoryauthorities.
  • Except asexpressly required by Data Protection Laws, any review under this Section 10will:
    ○ Be conducted nomore often than once per year during’s normal business hours,in a manner so as not to interfere with standard business operations;
    ○ Be subject’s reasonable confidentiality and security constraints;
    ○ Be conducted atCustomer’s expense; and
    ○ Not extend toany information, systems or facilities of’s other customers orits Third Party infrastructure providers.
  • Any information provided by www.jportnoy.comunder this Section 10 constitutes’s Confidential Informationunder the Agreement.


  • www.jportnoy.comshall, within ninety (90) days after request by Customer at the termination orexpiration of the Agreement, delete or return, at Customer's choice, all of thePersonal Data from’s systems. Within a reasonable periodfollowing deletion, at Customer’s request, will providewritten confirmation that’s obligations of data deletion ordestruction have been fulfilled.
  • Notwithstanding the foregoing, the Customerunderstands that may retain Customer Data as required by DataProtection Laws, which data will remain subject to the requirements of thisAddendum.


  1. Upon becomingaware of a confirmed Security Incident, shall notify theCustomer without undue delay, in accordance with the Security Measures.Notwithstanding the foregoing, is not required to make suchnotice to the extent prohibited by Data Protection Laws, and www.jportnoy.commay delay such notice as requested by law enforcement and/or in light of'slegitimate needs to investigate or remediate the matter before providingnotice.
  2. Each notice ofa Security Incident will include:
    ○ The extent towhich Personal Data has been, or is reasonably believed to have been, used,accessed, acquired, or disclosed during the Security Incident;
    ○ A descriptionof what happened, including the date of the Security Incident and the date ofdiscovery of the Security Incident, if known;
    ○ The scope ofthe Security Incident, to the extent known; and
    ○ A descriptionof's response to the Security Incident, including has taken to mitigate the harm caused by the Security Incident.
  3. shall take reasonable measuresto mitigate the harmful effects of the Security Incident and prevent furtherunauthorized access or disclosure.


When any newSubprocessor is engaged, will, at least a week before the newSubprocessor processes any Customer Data, inform Customer of the engagement bysending an email or via the in-app notification.


  • Where and whenrequired by Data Protection Laws, will provide the relevantData Protection Authorities with information related to’sProcessing of Personal Data. further agrees that it willmaintain such required registrations and where necessary renew them during theterm of this Addendum. Any changes to’s status in this respectshall be notified to Customer immediately either via email or in-appnotifications.
  • To the extent is requiredunder Data Protection Laws, shall (at Customer's expense)provide reasonably requested information regarding the Service or priorconsultations with Data Protection Authorities to enable Customer to carry outdata protection impact assessments.