close

Data Processing Agreement

Last updated: April 2026

This Data Processing Agreement (“DPA“) is hereby entered into by and between M.D. Primis Technologies, formerly  known as McCann Disciplines Ltd. (“Primis” or “Company“) and the Publisher identified in the Insertion Order (“IO“) executed between the parties (“Publisher” or “you“), for the purpose of using the Services, as defined under the Publisher Terms and Conditions to which this DPA is attached (“Terms“).

This DPA forms an integral part of the Terms. Capitalized terms not defined herein shall have the respective meanings given to them in the Terms.

This DPA sets forth the parties’ responsibilities and obligations regarding the Processing of Personal Data during the course of the engagement between them.

  • DEFINITIONS
    1. The terms “Personal Data”, “Controller”, “Processor”, “Data Subject”, “Processing” (and “Process“), “Personal Data Breach”, “Special Categories of Personal Data,” and “Supervisory Authority” shall all have the same meanings as ascribed to them in the EU Data Protection Law. The terms “Business Purpose”, “Consumer”, “Cross-Context Behavioral Advertising”, Service Provider”, “Share”, “Sale”, “Third Party,” and “Sell” shall have the same meaning as ascribed to them in State Privacy Law. “Data Subject” shall also mean and refer to “Consumer,” as such term is defined in State Privacy Law, and “Personal Data” shall include “Personal Information” under this DPA. 
    2. “Adequate Country” is a country that has received an adequacy decision from the European Commission.
    3. CCPA” means the California Consumer Privacy Act (Cal. Civ. Code §§ 1798.100 – 1798.199) of 2018, including as modified by the California Privacy Rights Act (“CPRA”) once the CPRA takes effect, as well as all regulations promulgated thereunder from time to time (11 C.C.R §§7000 et seq.).
    4. Consent” means an End User’s informed and freely given consent that meets the requirements stipulated under Article 7 of the GDPR or under Purpose 1 of the IAB TCF Policy (as such term is defined below). 
    5. Data Protection Laws” means applicable privacy and data protection laws and regulations (including, where applicable, EU Data Protection Law, UK Data Protection Laws, Swiss Data Protection Laws, State Privacy Laws, and Israeli Law) as may be amended or superseded and in force from time to time. 
    6. EEA” means the European Economic Area.
    7. End User” means an individual visiting or browsing the Publisher’s digital assets.  
    8. EU Data Protection Law” means (i) the EU General Data Protection Regulation (Regulation 2016/679) (“GDPR”); (ii) Regulation 2018/1725; (iii) the EU e-Privacy Directive (Directive 2002/58/EC), as amended (e-Privacy Law); (iv) any national data protection laws made under, pursuant to, replacing, or succeeding (i) and (ii); (v) any legislation replacing or updating any of the foregoing; and (vi) any judicial or administrative interpretation of any of the above, including any binding guidance, guidelines, codes of practice, approved codes of conduct, or approved certification mechanisms issued by any relevant Supervisory Authority.
    9. IAB” means the Interactive Advertising Bureau.
    10. IAB Consent Management Framework” means the IAB tech labs’ technical specification for the GDPR transparency & consent framework. 
    11. IAB TCF Policy” means the currently applicable version of the IAB Europe Transparency & Consent Framework – Policies.
    12. Israeli Law” means the Israeli Protection of Privacy Law, 5741-1981, the regulations promulgated thereunder, including the Israeli Privacy Protection Regulations (Data Security), 5777-2017, and other related privacy regulations.
    13. LGPD” means the Brazilian General Data Protection Law (as amended by Law No. 13,853/2019), as may be amended from time to time. 
    14. Signal” means such term as defined under the IAB TCF Policy.
    15. State Privacy Laws” means applicable state privacy laws in the United States, as well as the regulations promulgated thereunder, including, but not limited to, the CCPA, the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Act Concerning Personal Data Privacy and Online Monitoring, and the Utah Consumer Privacy Act.
    16. Swiss Data Protection Laws” or “FADP” shall mean the Swiss Federal Act on Data Protection of September 25, 2020 (FADP) and its ordinances, i.e., the Ordinance on Data Protection (ODP) and the Ordinance on Data Protection Certification. 
    17. UK Data Protection Laws” shall mean the Data Protection Act 2018 (DPA 2018), as amended, and the EU General Data Protection Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as incorporated into UK law as the UK GDPR, as amended, and any other applicable UK data protection laws, or regulatory Codes of Conduct or other guidance that may be issued from time to time.
    18. UK GDPR” shall mean the GDPR as it forms part of domestic law in the United Kingdom by virtue of Section 3 of the European Union (Withdrawal) Act 2018 (including as further amended or modified by the laws of the United Kingdom or a part of the United Kingdom from time to time).

Any other terms not defined herein shall have the meaning provided under the Agreement or applicable law. 

  • ROLES; SCOPE
      1. This Addendum applies to Personal Data that Publisher enables Primis to collect using Primis’ technologies from the Publisher’s online properties. 
      2. Publisher and Primis are each a separate and independent Controller or Business under Data Protection Laws. 
      3. The Publisher and Primis are each responsible for complying with Data Protection Laws, as applicable to them, in their independent roles as Controller or Business. 
      4. Each party shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including protection against unauthorized access, disclosure, alteration, or destruction of Personal Data. Such measures shall include access control, incident management procedures, and supplier security controls appropriate to the nature of the processing.
      5. Each party shall notify the other without undue delay upon becoming aware of a personal data breach that may impact the other party’s compliance obligations and shall cooperate in good faith to address such incident.
      6. The details of the Processing by Primis are described in Annex I attached hereto. 
  • STATE PRIVACY LAWS IN THE UNITED STATES
      1. The Parties acknowledge and agree that Primis is a Third Party under the CCPA.
      2. The Parties agree that the Publisher is disclosing Personal Information to Primis only for the following limited and specified Business Purpose: online advertising.
      3. Primis shall comply with all applicable sections of Data Protection Laws. Upon reasonable request, Primis shall provide information necessary to demonstrate compliance with its data protection and information security obligations.
      4. Primis grants Publisher the right to take reasonable and appropriate steps, in accordance with this Addendum, to ensure that Primis uses the Personal Information it collects pursuant to this Agreement in a manner consistent with Primis’ obligations under Data Protection Laws. 
      5. Primis grants Publisher the right, upon notice, to take reasonable and appropriate steps, in accordance with this Agreement, to stop and remediate Primis’ unauthorized use of Personal Information. 
  • CONSENT AND IAB TCF
      1. Publisher acknowledges that Primis is a Vendor as defined under the IAB TCF Policy. Publisher acknowledges and agrees that the End User does not have a direct relationship with Primis; however, certain features of the Primis Services are dependent upon and based on End User’s Consent or any other demonstrated lawful basis, which shall be facilitated by Publisher and upon which Primis relies, among other things, in its capacity as a Vendor under the IAB TCF Policy. Publisher also acknowledges that it shall be able to demonstrate such Consent at any time and represents that such Consent exists. 
      2. Publisher shall ensure that it is a participant in and properly implements the IAB Consent Management Framework and will pass signals received under the IAB Consent Management Framework to the Company. In cases where a signal has been passed to Publisher by the data source that an applicable Data Subject or Consumer exercised their rights not to give Consent, withdraw Consent, or exercise their right to opt-out, Publisher shall communicate such signal to Company in the applicable ad requests and/or bid requests sent by Publisher to Company. Such indication shall be a correct and accurate reflection of the status of the data subject’s consent. Publisher acknowledges that Primis will rely on Publisher’s indication of consents as a representation, which, if misrepresented, may cause Primis irreparable harm under Data Protection Laws.
      3. Publisher and Primis each represent and warrant that it has, properly publishes, and abides by an appropriate privacy policy that complies with all Data Protection Laws. Primis’ privacy policy for the Primis’ technologies used on the Publisher’s online properties is available at https://www.primis.tech/primis-video-platform-privacy-policy/
  • TERM & TERMINATION; MISCELLANEOUS 
    1. This DPA shall be effective as of the Effective Date and shall remain in force until the Agreement terminates. 
    2. Liability under this DPA will be as per the limitations, exclusions, and caps specified in the Agreement.
    3. In the event of a conflict between the terms and conditions of this DPA and the Agreement, this DPA shall prevail. For the avoidance of doubt, in the event Standard Contractual Clauses have been executed between the parties, the terms of the Standard Contractual Clauses shall prevail over those of this DPA. 

ANNEX I

DETAILS OF PROCESSING 

  • Categories of Data Subjects

End Users of the Publisher’s online properties onto which Primis’ technology is implemented.

  • Categories of Personal Data Processed
  • A unique user ID that Primis generates and retrieves when the End User accesses the Publisher’s online properties.
  • Information regarding End User engagement  by with our video player on the Publisher’s online property, such as clicking ‘Play’, the duration of the visit to the webpage, etc.
  • The IDFA (Identifier for Advertisers), if the Publisher’s online property is an iOS native application.
  • The AAID (Android Advertising Identifier), if the Publisher’s online property is a native Android application.
  • The IP address of the device the End User uses to access the Internet (these are not retained, but only processed momentarily).
  • Your approximate (city-granular) location derived from the End User’s IP address. This does not constitute precise geolocation.
  • Contextual information: the content on the Publisher’s online property that the End User is accessing, the URL, and keywords and tags associated with the content on the Publisher’s online property. These are not retained to form any user profile, but only processed momentarily.
  • Analytics information: the browser type, language, and operating system the End User uses. These are not retained to form any user profile, but only processed momentarily
  • Special categories of Personal Data Processed

None.

  • Frequency of Transfer

Ongoing, throughout the term of the Agreement.

  • Nature of the Processing

Collection, storage, organization, analysis, modification, retrieval, disclosure, communication, and other uses in performance of the Services as set out in the Agreement. Personal Data is processed within systems protected by technical and organizational security measures appropriate to the risks associated with the processing.

  • Purpose(s) of the Data Transfer

Online advertising

 

Linkedin