Master Service Terms

Last Updated January 24, 2024

General Terms

Last Updated January 24, 2024

1. Services:

1.1 The terms “Nexxen” and “Client” (and any other terms not defined herein) have the same meaning as in the Pricing Sheet which incorporates these Nexxen Master Service General Terms and Schedules.

1.2 Nexxen shall provide digital advertising, linear television and/or intelligence services (the “Services”) to Client via an online platform operated by Nexxen (the “Platform”). The Services are set forth in the schedules (the “Schedules”) to these general terms (the “General Terms”) and the Pricing Sheet. Together the General Terms, Schedules and the Pricing Sheet constitute an agreement (the “Agreement”) between Nexxen and Client.

1.3 The Services may allow Client to plan, select, traffic, upload, optimize and report advertising campaigns (“Ad Campaigns”) using the Client’s creatives in a variety of formats, including, without limitation, text-based, graphical, interactive, rich media, social, e-mail or video formats (individually or collectively, “Creatives”).

1.4 Nexxen shall provide user support for the Platform and the Services as set forth in the applicable Schedules. Nothing herein or in any warranty shall obligate Nexxen to deliver support services in excess of what is described in the Schedules.

1.5 Client shall cooperate with Nexxen as reasonably required for Nexxen to perform the Services in a timely and professional manner in accordance with applicable professional manner.

1.6 The products and services described herein may be provided by Nexxen, Inc.

2. Payment:

2.1 Terms. Payments to Nexxen are due Net 30. Late payments shall accrue interest at a rate equal to the lesser of: (a) one and one-half percent (1.5%) per month; or (b) the highest rate allowed by law. Nexxen may, in its sole discretion and upon written notice to Client, suspend delivery of any Ad Campaign or access to the Services or the Platform if an invoice is not paid when due. If Client’s credit is or becomes impaired, Nexxen may require payment in advance and may suspend delivery of any Ad Campaign or access to the Services or the Platform until it has received such advance payment.

Notwithstanding the foregoing, for Client’s advertisers that are political advertisers, no credit will be given and Client agrees that such advertisers will prepay for services on a monthly basis. Nexxen is not responsible for preventing Client from spending in excess of the prepaid amount by on behalf of such advertisers, and Client is fully responsible for such overspend which shall be paid immediately. In the event of overspend (or in the event that Client fails to pay invoices when due) Nexxen reserves the right to immediately suspend or cancel such advertisers’ campaigns. The foregoing applies to any other advertisers of Clients which Nexxen determines shall prepay for services.

2.2 Calculations. During the Term of this Agreement, Client agrees to pay Nexxen based on the pricing specified in the Schedules and Pricing Sheet. Client will also reimburse Nexxen for any out-of-pocket expenses incurred by Nexxen that are pre-approved in writing by Client. Nexxen will invoice Client for the amounts due to Nexxen (the “Fees”). As between Nexxen and Client, Nexxen’s Platform will be the system of record in determining the number of impressions, clicks, actions, or other applicable metric, delivered, shown, produced, clicked on, or viewed, and as between Nexxen and Client, Nexxen will be solely responsible for determining charges to Client hereunder.

2.3 Discrepancies. If there is a discrepancy of more than 10% between Nexxen’s metric and Client’s third-party ad server metric or a publisher’s ad server metric, Nexxen will use commercially reasonable efforts to reconcile the discrepancy.

2.4 Preliminary Reports. Numbers provided prior to final invoicing via the Platform or otherwise are preliminary and subject to adjustment.

2.5 Disputes. On receipt of invoice Client shall have seven days to query or dispute such invoice after which time the invoice shall be deemed to be accepted by Client and no further query or dispute may be raised by Client. In the event of any good faith dispute regarding a portion of an invoice, Client shall pay the undisputed Fees when due.

2.6 Currency. The Fees are payable in the currency quoted on the Pricing Sheet unless otherwise agreed in writing. References to dollars mean United States dollars unless otherwise specified.

2.7 Taxes. The Fees are exclusive of any Taxes. “Taxes” means any sales, use, transfer, privilege, excise, VAT, GST, consumption tax, or other similar taxes and duties, whether foreign, national, state or local, however designated, present or future, that are levied or imposed by reason of the performance by Nexxen or Client under this Agreement, excluding taxes on Nexxen’s net income. Client will be responsible for paying, at the same time it pays the Fees, any Taxes imposed on the Fees. Client will be responsible for timely paying in full all other Taxes. If Client is required to make any deduction, withholding or payment on account of any Taxes in any jurisdiction in respect of any amounts payable hereunder by Client to Nexxen, such amounts will be increased to the extent necessary to ensure that after the making of such deduction, withholding or payment, Nexxen receives when due and retains (free from any liability in respect of any such deduction, withholding or payment) an amount equal to what would have been received and retained had no such deduction, withholding or payment been required or made.

2.8 Prepayments. Prepayments are not refundable unless Client terminates pursuant to section 7.2 or Nexxen terminates pursuant to section 7.4.

3. Ownership:

3.1 Nexxen acknowledges it does not have any ownership rights or ownership interest in the Creatives or in any other materials provided by Client to Nexxen under this Agreement as well as Client’s trademarks, copyrights, patents and all other intellectual property (collectively with the Creatives, “Client Intellectual Property”). Nexxen agrees that the use of Client Intellectual Property on the Platform inures to the benefit of Client, including any goodwill therein, and that Nexxen will not acquire any ownership or rights in Client Intellectual Property as a result of this Agreement.

3.2 Client acknowledges that it does not have any ownership rights or ownership interest in Nexxen’s know-how, processes and methodologies; the Platform; Nexxen’s pre-existing and independently developed materials; and Nexxen’s trademarks, copyrights, patents and all other intellectual property (collectively, “Nexxen Intellectual Property”). All modifications, upgrades, derivative works and enhancements, including without limitation any Client suggestions for new features or functionality of the Platform, are the sole property of Nexxen. Client agrees that its use, if any, of Nexxen Intellectual Property inures to the benefit of Nexxen, including any goodwill therein, and that Client will not acquire any ownership or rights in Nexxen Intellectual Property as a result of this Agreement.

3.3 Nexxen hereby grants to Client a non-exclusive, non-transferable, non-sublicensable right and license during the Term to access and use the Platform solely for the purpose of planning, selecting, trafficking, uploading, optimizing and reporting Ad Campaigns or gaining insights through brand intelligence in accordance with the terms and conditions of this Agreement. Client is responsible for all use of the Platform through Client’s credentials. Except as set forth in this Agreement, Client agrees not to (a) use or authorize use of the Platform for any purpose not specified in this Agreement; (b) copy, transfer, sell, lease, syndicate, sub-syndicate, lend, or use for co-branding, timesharing, service bureau, arbitrage or other unauthorized purposes the Platform or access thereto; (c) modify, prepare derivative works of, translate, reverse engineer, reverse compile, disassemble the Platform or any portion thereof; (d) test the Platform for vulnerabilities or service limitations; (e) use the Platform for the purposes of developing a product, program or service that will be owned by a third party or that would compete with Nexxen’s products or services; (f) use the Platform in any way which adversely affects Nexxen or other third parties; (g) access data of any third-party without authorization; (h) circumvent any privacy features (e.g., an opt-out) that are part of the Platform; (i) seek, in a proceeding filed during the Term, an injunction on any part of the Platform based on patent infringement or (j) attempt to do any of the foregoing

3.4 Nexxen is not obligated to retain Client’s data after the termination of this Agreement.

4. Warranties:

4.1 Nexxen represents and warrants to Client that:

4.1.1 Nexxen has all necessary right and authority to enter into this Agreement and provide the Platform to Client as required by this Agreement;

4.1.2 Nexxen’s performance of the Services shall not knowingly violate any applicable law, rule, regulation or third party privacy or intellectual property rights in any material respect; and

4.1.3 Nexxen and its personnel are in compliance and will at all times remain in compliance with the Singapore Prevention of Corruption Act and anti-corruption provisions of the Singapore Penal Code, the UK Bribery Act, the US Foreign Corrupt Practices Act and the anti-corruption provisions of the Australia Criminal Code Act (collectively, the “Anti-Corruption Laws”), as applicable, during the Term.

4.2 Client represents and warrants to Nexxen that:

4.2.1 Client has all necessary right and authority to enter into this Agreement and has all licenses and authorizations necessary for Client’s use of the Platform;

4.2.2 Client’s performance under this Agreement and Client’s activities in connection with the Platform shall not violate any applicable law, rule, regulation or third party privacy or intellectual property rights in any material respect;

4.2.3 Client has sufficient substantiation for all claims made and shall fulfill all commitments set out in the Creatives; and

4.2.4 Client owns or otherwise has lawful right to use all Creatives and other materials provided by Client to Nexxen under this Agreement and the Creatives and any other materials provided by Client to Nexxen under this Agreement shall not: infringe, misappropriate or otherwise violate any third party’s intellectual property rights; breach any duty toward, or rights of, any third party, including rights of publicity or privacy; be false, deceptive, misleading, unethical, defamatory, libelous, threatening, abusive, tortious, defamatory, vulgar, obscene, hateful or objectionable (racially, ethnically or otherwise); promote activities that are unlawful or harmful; load computer programs onto a consumer computer or device without express consent; contain malware, viruses, or other potentially destructive computer programs and security threats; auto-redirect, auto-play audio or animate for longer than 15 seconds (US) or 30 seconds (elsewhere); or shake or flash excessively or fail to function; and

4.2.5 Client and its personnel are in compliance and will at all times remain in compliance with the Anti-Corruption Laws, as applicable, during the Term.

4.3 THE WARRANTIES IN THIS AGREEMENT (AND IN THE SCHEDULES) ARE THE PARTIES’ ONLY WARRANTIES CONCERNING THEIR RESPECTIVE OBLIGATIONS HEREUNDER, AND ARE MADE IN LIEU OF ALL OTHER WARRANTIES AND REPRESENTATIONS, STATUTORY, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGMENT OR OTHERWISE.

5. Compliance:

5.1 Nexxen shall adhere to:

5.1.1 the Network Advertising Initiative’s Code of Conduct (if applicable) and the Digital Advertising Alliance’s Self-Regulatory Program for Online Behavioral Advertising (if Client is delivering an Ad Campaign to the United States);

5.1.2 the Digital Advertising Alliance of Canada’s Canadian Self-Regulatory Principles for Online Behavioural Advertising (if Client is delivering an Ad Campaign to Canada); and

5.1.3 the IAB Europe EU Framework for Online Behavioural Advertising (if Client is delivering an Ad Campaign to Europe).

Furthermore Nexxen will disclose in its privacy policy any use of non-cookie technology to collect data across unaffiliated websites. All these requirements are the “Self Regulatory Programs.”

5.2 If Client receives information about end-users from the Services, Client shall not (a) attempt to merge such information with personally identifiable information held by Client for interest-based advertising purposes or (b) attempt to identify the individuals to whom the information pertains for interest-based advertising purposes; and

5.3 Client shall adhere to the Self Regulatory Programs.

5.4 Client represents and warrants that it will not engage in Tailored Advertising or Ad Delivery and Reporting based on Sensitive Information (as such terms are defined by the Network Advertising Initiative’s Code of Conduct) or Special Categories of Personal Data (as defined by the General Data Protection Regulation). The determination of whether Tailored Advertising or Ad Delivery and Reporting is based on an inferred interest in sensitive health conditions will be made in Nexxen’s sole discretion and Client will not use the Platform with respect to any health condition until Nexxen has made a determination that such data concerning this health condition is not Sensitive Information or a Special Category of Personal Data. Nexxen reserves the right, in its sole discretion and without notice to Client, to reject, cancel, or modify any campaign or other activity on the Platform which does not adhere to this clause.

6. Term. The term of this Agreement shall begin on the Effective Date, and shall continue for an Initial Period, and will renew for successive Renewal Periods (the “Term”). Either party may terminate this Agreement pursuant to Section 7 hereof.

7. Termination:

7.1 Either party may terminate this Agreement (including all Schedules and all insertion orders issued thereunder) effective at the end of the then-current Initial Period or Renewal Period (the “Current Period”), at its convenience and without any breach by the other party, by providing written notice to the other party at least 30 days before the end of the Current Period.

7.2 Either party may terminate this Agreement and all Schedules for material breach of any Schedule upon giving the other party at least 15 days prior written notice specifically identifying the alleged breach, provided that the breaching party does not cure such breach within the 15-day notice period. During this notice period the non-breaching party shall have the right to suspend its performance under this Agreement and, specifically and without limitation, Nexxen may suspend delivery of any Ad Campaign or access to the Services or the Platform.

7.3 Either party may terminate this Agreement immediately by written notice if the other party makes an assignment for the benefit of creditors, becomes subject to a bankruptcy proceeding that is not dismissed within sixty (60) days of the date of filing, is subject to the appointment of a receiver, or admits in writing its inability to pay its debts as they become due.

7.4 Nexxen may terminate this Agreement pursuant to section 8.5.

7.5 Upon termination of this Agreement by either party, each party shall promptly return, as is commercially feasible, at the written request of the other party, all related data, materials and other property of the other held by it that has been so requested, provided that, subject to the confidentiality restrictions contained in Section 10, the delivering party may retain solely for record keeping purposes copies of the materials returned to the requesting party.

8. Indemnification:

8.1 Nexxen hereby agrees to indemnify, hold harmless and defend Client from and against all losses, damages or expenses (including reasonable attorney’s fees and court costs related to such defense) in each case arising from a claim, demand or action brought by a third party (collectively “Liabilities”) where such Liabilities arise out of or result from: (1) fraudulent misconduct of Nexxen in connection with its performance under this Agreement; (2) bodily injury or death of any person directly caused by the negligence of Nexxen in connection with its performance under this Agreement; or (3) any breach by Nexxen or its Affiliates, employees, agents or contractors of Sections 3 or 10.

8.2 Client hereby agrees to indemnify, hold harmless and defend Nexxen and its Affiliates, and any member, director, officer, employee or agent thereof, against all Liabilities where such Liabilities arise out of or result from: (1) fraudulent misconduct of Client in connection with its performance under this Agreement; (2) bodily injury or death of any person directly caused by the negligence of Client in connection with its performance under this Agreement; (3) any breach by Client or its Affiliates, employees, agents or contractors of Sections 3, 4.2.4 or 10; or (4) any claim that Client Intellectual Property infringes a copyright, patent, trade secret, trademark or any other proprietary right of a third party.

8.3 The indemnified party shall notify the indemnifying party promptly in writing of any such claim, and the indemnifying party shall have the sole control of the defense and all related settlement negotiations (so long as the settlement constitutes a full and unconditional release of the indemnified party and unless any settlement involves anything other than the payment of money exclusively by the indemnifying party). The indemnified party shall provide the indemnifying party with reasonably requested assistance, information, and authority to perform the above. The indemnified party can participate in the defense with counsel of its choice at its own expense.

8.4 For the purposes of this Agreement, “Affiliate” is defined as any legal entity that is owned by a party or that owns a party or that is under common control with a party. “Control” or “own” mean possessing a 50% or greater interest in an entity or the right to direct the management of the entity.

8.5 Notwithstanding any other provision in this Agreement, Client’s sole remedy for any claim that Nexxen Intellectual Property infringes a copyright, patent, trademark or any other proprietary right of a third party (an “Nexxen IP Claim”) shall be that Nexxen will in its sole discretion: obtain the right for Client to continue to use the Services, update the Platform or Services to avoid infringement, or if none of the prior options are obtainable on commercially reasonable terms, terminate this Agreement upon notice to Client without further liability or obligation hereunder. Nexxen will not indemnify Nexxen IP Claims based on any modification or derivative of the Nexxen Intellectual Property or any combination of the Nexxen Intellectual Property with any technology, software or hardware not supplied or recommended by Nexxen, if such alleged infringement would be avoided by the absence of such combination.

9. Limitation of Liability:

9.1 Except for damages arising pursuant to Sections 8 and 10 hereof, each party’s liability (whether in contract, tort, negligence, strict liability, by statute, or otherwise) to the other party or to any third party concerning performance or non-performance or otherwise related to this Agreement shall in the aggregate be limited to direct and actual damages not to exceed the Fees received by Nexxen, excluding fees for media or third-party data, under this Agreement for the portion of the Services giving rise to such claim during the twelve (12) months immediately preceding the last event giving rise to the claim.

9.2 EXCEPT IN THE EVENT OF A PARTY’S INDEMNITY OBLIGATIONS IN SECTION 8 OR A BREACH OF SECTION 10 HEREOF, IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR CONSEQUENTIAL, INCIDENTAL, PUNITIVE, SPECIAL, EXEMPLARY OR INDIRECT DAMAGES OR EXPENSES (INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR OTHER ECONOMIC LOSS, LOST REIMBURSEMENTS, LOST DATA, OR LOST SAVINGS), EVEN IF SUCH PARTY WAS ADVISED OF THE POSSIBILITY OF THE OCCURRENCE OF SUCH DAMAGES.

10. Confidential Information:

10.1 Each party agrees that the terms of this Agreement and any information that is identified as confidential, or that ought reasonably to be regarded as confidential (including, but not limited to business activities, financial information and results, pricing, contract terms, products, research, processes, methodologies, trade secrets, customers and technical knowledge disclosed by the other party in any form or medium (collectively “Confidential Information”) shall not, without the disclosing party’s authorization, be disclosed to any other party or used by the receiving party except as contemplated by this Agreement. The recipient shall protect the confidentiality of the Confidential Information using at least the same measures it takes to protect its own confidential information of like kind, so long as not less than reasonable care, and shall restrict access to Confidential Information to its employees on a need to know basis for the purposes of this Agreement.

10.2 Nothing in this Agreement shall restrict either party’s use of information: (a) that is or becomes publicly available through no breach of this Agreement; (b) that is independently developed by it without use of or reference to the disclosing party’s Confidential Information; (c) previously known to it without obligation of confidence; or (d) acquired by it from a third party that is not under an obligation of confidence with respect to such information. In the event either party receives a subpoena or other validly issued administrative or judicial process requesting Confidential Information, the recipient shall promptly notify the other party of such receipt and may, thereafter, comply with such subpoena or process to the extent permitted by law; provided that the recipient shall disclose only such Confidential Information as is absolutely necessary and shall exercise reasonable efforts to obtain assurance that confidential treatment will be accorded to the Confidential Information that is being so disclosed. Confidential Information shall be returned or destroyed (provided that such destruction is certified in writing by an authorized representative of the receiving party) upon the earlier of: (i) termination or expiration of this Agreement; or (ii) the disclosing party’s written request, which destruction shall include without limitation the complete erasure of any electronic file, folder, database or other electronic repository from all computer processing units on which the Confidential Information had been placed or stored.

10.3 This section shall survive expiration and/or termination of this Agreement for three years except for trade secrets, which shall be protected so long as considered a trade secret under applicable law.

11. Beta Features:

11.1 Nexxen will have no liability under the Agreement (including any indemnification obligations) arising out of or related to Client’s use of any Beta Features. A “Beta Feature” is a Platform feature or Service that is expressly identified as “Beta,” “Alpha,” “Experimental” or “Pre-Release” or that is otherwise expressly identified as unsupported. Any use of Beta Features will be solely at Client’s own risk and may be subject to additional requirements as specified by Nexxen. Nexxen is not obligated to provide support for Beta Features, and Nexxen may cease providing Beta Features as part of the Platform. Nexxen may use and disclose any data derived from Client’s use of a Beta Feature for any purpose without Client’s consent as long as Nexxen does not disclose results to third parties in such a manner as would identify or reasonably be expected to identify Client or any end users. Information regarding Beta Features is considered Confidential Information.

12. Relationship of Parties:

12.1 If Client is an agency (or otherwise is running Ad Campaigns for a third-party advertiser, such as in the case of a managed service provider), Client is liable to Nexxen for the compliance of its advertisers with the representations, warranties and undertakings made by Client in this Agreement. Client will be liable for any breach caused by the actions or inactions of such a third-party advertiser whether or not Client has knowledge of such actions or inactions.

12.2 The parties agree that Nexxen’s relationship with Client is that of an independent contractor and nothing in this Agreement shall be construed as creating a partnership, joint venture, pooling arrangement, partnership, employer-employee relationship, or formal business organization of any kind.

12. 3 Neither party shall have authority to bind the other except to the extent expressly authorized herein. This Agreement shall relate only to the Services specified in this Agreement, and shall not otherwise limit the rights of either party to subcontract, promote, market, sell, lease, license, or otherwise dispose of its products or services.

13. Precedence. In the event of a conflict in this Agreement among the Pricing Sheet, the applicable Schedule and the General Terms, the Pricing Sheet shall supersede the Schedule which shall supersede the General Terms. In the event of conflict between the Agreement and any insertion order issued thereunder, the Agreement shall supersede unless the conflict is specifically identified in the insertion order.

14. Assignment. Neither party may assign or transfer its interest hereunder without the prior written consent of the other party, except pursuant to a merger, acquisition, or sale of all or substantially all of its assets, such consent not to be unreasonably withheld or delayed. The Agreement will be binding upon and inure to the benefit of the parties’ permitted successors and assigns.

15. Publicity. Neither party shall make any public statement regarding this Agreement without the written consent of the other party. Nexxen and Client intend to collaborate on one quarterly public communication, which may be in the form of a customer reference, blog post, case study, testimonial video, or public speaking event, and with the other party’s consent, each party may include the other party’s name and logo in its list of reference accounts. In any case, the parties will respect each other’s marketing and branding guidelines.

16. Severability. In the event that any term or provision of this Agreement shall be held to be invalid, void or unenforceable, then the remainder of this Agreement shall be valid and enforceable to the fullest extent permitted by law.

17. Entire Agreement. This Agreement, including its Schedules, constitutes the entire agreement of the parties and supersedes all prior and contemporaneous representations, proposals, discussions, and communications, whether oral or in writing. The parties may execute this Agreement in several counterparts, all of which together constitute one agreement between the parties.

18. Equitable Relief. The parties acknowledge that any breach of Sections 3 or 10 will result in irrevocable harm to the other party and that the remedies at law for such breach may not adequately compensate the non-breaching party for damages suffered. Accordingly, the parties agree that in the event of such breach, the non-breaching party will be entitled to seek injunctive relief or such other equitable remedy as a court of competent jurisdiction may provide. Nothing contained herein will be construed to limit the non-breaching party’s right to any remedies at law, including the recovery of damages for breach of this Agreement.

19. Governing Law and Jurisdiction.

19.1 This Agreement shall be governed by and construed in accordance with the laws of the United States and the State of California, without regard to the conflict of laws provisions thereof. The parties hereby submit to the personal and subject matter jurisdiction of the state and federal courts located in the County of Los Angeles, State of California, which shall be the exclusive venue for any such dispute.

19.2 In the event that litigation is brought by either party with regard to any dispute regarding this Agreement, the prevailing party shall be entitled to reimbursement of all costs of collection and enforcement, including court costs and reasonable attorneys’ fees.

20. Survival. Sections 2 – 4, 7.5 and 8 – 21 and 24 shall survive the expiration or earlier termination of this Agreement.

21. Third-Party Beneficiaries. Unless specifically stated otherwise in this Agreement, the parties do not intend any third party to be third-party beneficiaries or confer any rights or benefits on any third party.

22. Force Majeure. If the performance of this Agreement by either party, or of any obligation under this Agreement, other than the payment of the Fees, is prevented, restricted or interfered with by reason of war, revolution, civil riot, disaster, acts of public enemies, blockade or embargo, strikes, any law, order, proclamation, or any other act whatsoever, whether similar or dissimilar to those referred to in this section, which is beyond the reasonable control of the party affected (“Force Majeure Event”), such party shall, upon giving prior written notice to the other party, be excused from such performance to the extent such performance is prevented by a Force Majeure Event, provided that the party so affected shall use all commercially reasonable efforts to avoid or remove such causes of non-performances, and shall continue performance whenever such causes are removed.

23. Modifications, Waiver. This Agreement shall not be amended or modified, nor shall any waiver of any right hereunder be effective unless set forth in a document executed by duly authorized representatives of both Nexxen and Client. The waiver of any breach of any term, covenant or condition herein contained, or the failure of either party to seek redress for the violation of, or to insist upon the strict performance of, any covenant or condition of this Agreement shall not be deemed to be a waiver of such term, covenant or condition or any subsequent breach of the same.

24. Notices. Any notice or other communication under this Agreement shall be in writing and shall be effective upon the earlier of actual receipt, five (5) days following deposit into the United States mail (certified mail, return receipt requested), the next business day following deposit with a nationally recognized overnight courier service, or the same day following transmission of a legible facsimile copy or email during regular business hours (with the original thereof posted first-class mail, postage prepaid, within two (2) business days thereafter), in each case with any delivery fees pre-paid and addressed to the party at the address set forth on the first page of this Agreement, or such other address provided to the other party in writing.

Schedule A - Demand Side Platform

Last Updated January 24, 2024

The following terms apply to the Services, specifically with respect to the Demand Side Platform (“DSP”):

The Services.
1. The DSP offers Client the ability to plan, execute, traffic and deliver Ad Campaigns on inventory and license data through the Platform, collect data and analyze the collected data. The DSP may be offered on a self-serve or managed-service basis.
  1. Managed Services.Nexxen may deliver Ad Campaigns for Client on a managed-service basis utilizing the DSP, according to parameters outlined in an insertion order. The insertion order will be subject to IAB Standard Terms and Conditions Version 3.0. A managed service client may have full login access, read-only login access or no login access, as stated on the Pricing Sheet.
2. AlwaysOn Data.
  1. Data Licensing. Nexxen may make available third-party data (“AlwaysOn Data”) through the Platform at prices and terms shown through the Platform. Client may choose to license the AlwaysOn Data, in which case Client forms a contract directly with the provider (the “AlwaysOn Vendor”) of the AlwaysOn Data by accepting the online terms. Note: In the case of programmatic television inventory, the data license cost may be built into a total per-impression cost rather than broken out separately, and in this case the Client contracts directly with Nexxen for the data license.
  2. The Platform. In the event of conflict between an AlwaysOn Vendor’s terms and the Agreement, the Agreement will control Client’s usage of the Platform. Client acknowledges that Nexxen may enter into revenue sharing or flexible pricing arrangements with AlwaysOn Vendors.
  3. Unexpected Termination. Nexxen reserves the right to terminate its relationship with any AlwaysOn Vendor at any time, in which case such AlwaysOn Vendor would no longer be available through the Platform.
  4. Managed Services Licensing. In the case where Nexxen delivers Ad Campaigns on a managed service basis, Nexxen may utilize AlwaysOn Data according to the parameters of the insertion order. Or, if Client has otherwise instructed Nexxen to set up, modify or traffic Ad Campaigns on Client’s behalf, Nexxen may utilize AlwaysOn Data according to such instructions. In either case, Client authorizes Nexxen to accept the terms governing such AlwaysOn Data on behalf of Client and bind Client to such terms. Nexxen will make reasonable efforts to inform Client of the AlwaysOn Data it utilizes on behalf of Client, and Client will be able to log into the Platform and see which AlwaysOn Data is utilized and the terms thereof.
  5. Advanced Payment. While the payment obligation is directly between Client and the AlwaysOn Vendors, Nexxen may advance payment to the AlwaysOn Vendors so long as Client is current in paying the Fees. If Client is delinquent in paying the Fees, Nexxen may choose not to advance payment to the AlwaysOn Vendors and the AlwaysOn Vendors may seek payment directly from Client. Each AlwaysOn Vendor is an intended third-party beneficiary of this Agreement and Client will not assert a defense based on lack of privity against such AlwaysOn Vendors.
3. Other Vendors.
  1. Definition. Nexxen may facilitate the provision of other third-party data or services through the Platform, excluding AlwaysOn Vendors. The providers (“Other Vendors”) of such data or services may include fraud prevention, viewability and brand safety vendors. Other Vendors may also include providers of custom audiences, the provider of the AdChoices Icon (the “Icon”), etc. Client acknowledges that Nexxen may enter into revenue sharing or flexible pricing arrangements with Other Vendors.
  2. Unexpected Termination. Nexxen reserves the right to terminate its relationship with any Other Vendor at any time, in which case such Other Vendor would no longer be available through the Platform.
  3. No Guarantee. Nexxen is not liable for the performance or availability of any Other Vendor.
4. Fees.
  1. Methodology. The Fees are one or more of the following as described on the Pricing Sheet.
    1. The “Cost of Goods Sold” is the sum of Inventory Cost, AlwaysOn Data cost, Other Vendor costs and Added Value fees.
    2. The “Advertiser Invoice” is the gross monetary amount managed by Client (or by Nexxen on behalf of Client) through the Platform. The Advertiser Invoice is the sum of the Cost of Goods Sold, any Client Margin and the DSP Fees.
    3. The “Inventory Cost” is standard campaign fulfillment costs including inventory purchase costs, ad exchange fees, and surcharges for carrying costs, billing management, and reporting system discrepancies.
    4. The “DSP Fees” are a percentage fee charged for Nexxen’s benefit. Depending on the Services chosen by Client, the DSP Fee may include one or more of: a technology fee, a managed service fee and an analytics fee, as shown in the Pricing Sheet. Note: DSP Fees are subject to a minimum of $0.00005 per impression to cover Nexxen’s operational costs in the case of very cheap inventory.
    5. “Added Value” services are optional services provided by Nexxen itself through the Platform. For example, Nexxen’s own viewability product and Nexxen’s bid factor multiplier feature are Added Value services. The prices for Added Value services are shown in the Platform.
    6. The “Client Margin” is any additional amount included by Client in the Platform but not collected by Nexxen. For example if Client is an agency and charges the Advertiser Invoice to advertisers, Client would retain the Client Margin.
  2. Invoice Format. Invoices will include the number of impressions and the total billable amount, broken down by advertiser and Campaign. Invoices will be accompanied by a billing report that breaks down Inventory Cost, AlwaysOn Data costs, Other Vendor costs, Added Value fees, DSP Fees and Client Margin (if applicable) at the advertiser, Campaign and package level. A “package” represents one or more line items.
  3. No Sequential Liability from Client. Client is responsible for paying the Fees to Nexxen, regardless of whether Client’s own advertisers (if any) have paid Client.
  4. Self-Trafficking.Client may have the ability to use the Platform to: set up, modify or traffic Ad Campaigns; deploy pixels or tracking tags; ingest, manage and analyze data or perform other functions (generally, “Self Trafficking”). Client hereby assumes any and all risk and accepts any and all liability arising out of or in connection with Self Trafficking, or in connection with Nexxen’s use of the Platform at the specific direction of Client, including but not limited to the collection of personally identifiable information, data entry errors, budget and tactic selection, and AlwaysOn Data costs and Inventory Costs. Client hereby acknowledges and agrees that Nexxen shall bear no liability in connection with Client’s Self-Trafficking or Nexxen’s use of the Services at the specific direction of Client.
5. Consumer Privacy.The parties recognize the importance of consumer privacy.
  1. Personally Identifiable Information. Nexxen agrees not to knowingly receive, collect or transmit personally identifiable information (“PII”) in connection with this Agreement. Client agrees not to provide any PII to Nexxen; upload PII into the Platform; or collect, process or store PII using the Platform.
  2. Custom Audience. Client may have the ability to upload hashed e-mail addresses or other audience identifiers to the Platform as part of a custom audience product. Client represents and warrants that it will not attempt to target individually identifiable users using such custom audience product. Client further represents and warrants that will not utilize Ad Campaign reporting to attempt to re-identify users.
  3. Icon Placement. Nexxen and Client are required to place the Icon on Creatives in connection with many types of Ad Campaigns. Nexxen will automatically attempt to place the Icon on Client’s Ad Creatives and charge Client applicable fees for same. If Client instructs Nexxen not to place the Icon, (1) Client assumes full and sole liability for the compliance of such Ad Campaign with the Self-Regulatory Programs and (2) Client agrees to fully indemnify, defend and hold Nexxen harmless from and against any and all losses, damages, liability, costs and expenses (including reasonable attorneys’ fees) resulting therefrom.
  4. Political Icon. To the extent Client engages in online behavioral advertising that expressly advocates for the election or defeat of a candidate for federal office or certain state-wide elections, the DAA Self-Regulatory Principles for Political Advertising may require a specific icon for such political Ad Campaigns (the “Political Ads Icon”) to be placed on such creatives. Nexxen will attempt to place the Political Ads Icon on Client’s Ad Creatives where applicable and charge Client applicable fees for same. If Client instructs Nexxen not to place the Political Ads Icon, (1) Client assumes full and sole liability for the compliance of such Ad Campaign with the Self-Regulatory Programs and (2) Client agrees to fully indemnify, defend and hold Nexxen harmless from and against any and all losses, damages, liability, costs and expenses (including reasonable attorneys’ fees) resulting therefrom.
  5. United Kingdom. If Client is based in the United Kingdom, each party shall comply with the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any other applicable laws.
6. Data Rights.
  1. Client’s Rights.
    1. Client Data. As between Client and Nexxen, Client owns all right, title and interest in the Client Data.
    2. User Activity Data. Nexxen grants Client a revocable, worldwide, non-exclusive, royalty-free license during the Term to use the User Activity Data relating to a Client Ad Campaign. The license is non-transferable, non-assignable and non-sublicensable.
  2. Nexxen’s Rights.
    1. Performing the Services. Client grants Nexxen a revocable, worldwide, non-exclusive, royalty-free license during the Term to use, reproduce, distribute, display and store Client Data solely in connection with the Services. Nexxen may share Client Data with ad exchanges and vendors to perform the Services.
    2. User Activity Data. As between Client and Nexxen, Nexxen holds all right, title and interest in the User Activity Data.
    3. Aggregated Data. Client also grants Nexxen an irrevocable, worldwide, non-exclusive, royalty-free and perpetual license to use, reproduce, distribute, display, and store Aggregated Data. Nexxen may also use data about Client’s usage of the Platform for internal purposes such as operating, maintaining and improving Nexxen’s products and services.
  3. Definitions.
    1. “Aggregated Data” means Campaign Analytics Data that is combined with comparable data from numerous campaigns of other Clients and precludes identification, directly or indirectly, of Client or any of Client’s advertisers.
    2. “Campaign Analytics Data” means reporting from the Platform regarding the performance of Client’s Ad Campaigns which identifies Client or its advertisers. The Campaign Analytics Data is considered to be Client Data.
    3. “Client Data” generally means data stored in the Platform by Client. Client Data includes: the Creatives, information about Client’s own advertisers, pixel targeting data, any information collected by Client outside the Platform and any data licensed by Client from an Other Vendor. Client Data does not include User Activity Data.
    4. “User Activity Data” means data regarding end users’ digital activity gathered through or by the Platform as it relates to the Client specifically, excluding Client Data, including without limitation: IP addresses, websites visited and length of time on a page or website (e.g., interactions, and header information). User Activity Data expressly excludes any PII or any data of end users’ digital activity as it relates to other clients of the Nexxen Platform.
  4. Further Restrictions. Client will not create derivative works of the User Activity Data or the AlwaysOn Data; reproduce, distribute or use the User Activity Data or AlwaysOn Data for any purpose other than trafficking campaigns through the Platform; copy, transfer, sell, lease, syndicate, sub-syndicate, lend, or use for co-branding, timesharing, service bureau, arbitrage or other unauthorized purposes the User Activity Data or the AlwaysOn Data or access thereto; or utilize the descriptions of the AlwaysOn Data to assemble similar data or audience segments from an Other Vendor or any third party.
7. Third-Party Ad Servers.Client will provide Nexxen with at least 14 days prior written notice before using any non-Nexxen ad server or third-party ad verification service and will be solely responsible for all fees for content served from such ad-servers, whether or not Creatives were served.
8. Product-Specific Terms.
  1. DSP. Inventory sources have the discretion to accept or reject Creatives and Nexxen is not liable for ads not accepted by any inventory source. Nexxen will use commercially reasonable efforts to deliver ad impressions to geographic regions specified by Client in its sole discretion. Client acknowledges that geographic targeting is not 100% accurate and therefore Nexxen cannot guarantee that ad impressions will be served in the geographic region targeted. Nexxen is not responsible for (i) impressions served outside of specified regions, (ii) any unavailability of inventory in geographic regions selected by Client or (iii) discrepancies in reporting resulting from the Client’s use of geolocation techniques or partners not used by Nexxen. Either party shall have the right to terminate this Schedule (and if there are no other active Services, the entire Agreement) at its convenience and without any breach by the other party by providing written notice to the other party at least 30 days before the desired termination date, provided that if Client is the terminating party under this clause, any spend commitment in the Pricing Sheet shall become due immediately.
  2. DSP Managed Services. If Client elects to have Campaigns run by Nexxen as managed services, the Campaigns will be run pursuant to an insertion order. The insertion order will be on Nexxen’s standard form (unless otherwise agreed by the parties in writing) and subject to the acceptance of the parties. Client may change from managed-service to self-service (or vice-versa) by executing an amendment at least 10 days prior to the end of the month; the change will occur on the first of the month. If a campaign includes creative services or a user survey, the costs of such services or survey must be paid in full even if the campaign is otherwise timely canceled. In the event of conflict between this Agreement and any insertion order, this Agreement will control.
  3. API Usage. If Client directly interfaces with the Platform API (such a client, an “API Client”), Client is not subject to the protections built into the normal Platform user interface. Accordingly, if Client is an API Client, it agrees:
    1. the API Client will not unreasonably burden the API with ad call volume and will honor requests by Nexxen to limit the volume of requests;
    2. the API Client is solely responsible for all purchases made through the API, regardless of whether such spend can be attributed to an intended purpose or is within an intended budget;
    3. the API Client may not have access to all of the functionality exposed through the normal Platform user interface (the “UI”), and as a result, no warranty is provided to any line item which was originally created in the UI or which was originally created through the API and subsequently modified through the UI and (in either case) then modified through the API. The API Client is responsible for the spend of such line items regardless of whether the line items performed in the way expected; and
    4. the API Client will use the API through an API-only account created by Nexxen. The API Client is responsible, and Nexxen is not responsible, for any changes the API Client makes to its account. Such changes (for example to permissions) may restrict or alter the functionality of subsequent API calls.
9. Explanation of DSP Fees and Services.
  1. Technology Fee. This is the fee to use the Platform. It is charged whether Client elects self service or managed service.
  2. Managed Service Fee. This is an additional fee if Client elects managed service.
  3. Analytics Fee. This is an optional fee for access to pre-existing analytics packs enabling Client to run data-driven analytics and reporting on various topics such as: media planning, audience insights, lift analysis or customer journey. Nexxen may provide custom insights as well.
  4. Differences Between Self Service and Managed Service.
    1. Both Include:
      1. Standard data on-boarding
      2. Proactive data strategy guidance
      3. Standard data export
      4. Platform training
      5. E-mail support for technical issues
    2. Self Service Includes:
      1. Limited campaign optimization guidance
      2. Quarterly business reviews
    3. Managed Service Includes:
      1. Ad operations services:
        Campaign creation
        Creative setup
        Bulk loads/editing of targeting parameters
        Creative swaps
        Package/line item level assignment
        Trafficking
        Review of KPIs and delivery of reports
      2. Campaign optimization services:
        Review of campaign design based on Client’s stated objectives and recommending tactics and any corrective actions
        Monitoring campaign performance against Client’s stated objectives, recommending alterations and optimization and (with Client approval) implementing such alterations and optimizations
      3. Account management support for all issues via designated Nexxen team members
    4. Self Service Does Not Include:
      1. All-encompassing account management support
      2. Regular ad operations services beyond training period
      3. Optimization services
    5. Tiered Pricing.Client may have been quoted tiered pricing based on the total spend during the Current Period. At the beginning of the Initial Period, Client will be charged at Tier 1 pricing. If Client’s total spend reaches the level to qualify Client for the next tier, the next tier’s pricing will take effect at the beginning of the following month. In any case, Client resets to Tier 1 at the beginning of each Renewal Period, where the Renewal Period begins in the same month as the month of the Effective Date in subsequent years
    6. Nexxen may pay a portion of Nexxen Fees to certain inventory providers in exchange for exclusive inventory made available to Nexxen for use by Nexxen Clients. In the event Client is not adhering to the payment terms set forth in this Agreement, Nexxen reserves the right to revisit whether certain data, services, and/or inventory will continue to be available to Client.

Schedule B - Data Management Platform and Datamine

Last Updated January 24, 2024

The following terms apply to the Services, specifically with respect to the Data Management Platform (“DMP”) and “Datamine”:

The Services.
1. The DMP offers Client the ability to collect and ingest data through the Platform, do analysis on the data and export audiences based on the data.
2. Datamine offers Client a powerful analytical tool to analyze data.
AlwaysOn Data.
1. Data Licensing. Nexxen may make available third-party data (“AlwaysOn Data”) through the Platform at prices and terms shown through the Platform. Client may choose to license the AlwaysOn Data, in which case Client forms a contract directly with the provider (the “AlwaysOn Vendor”) of the AlwaysOn Data by accepting the online terms.
2. The Platform. In the event of conflict between an AlwaysOn Vendor’s terms and the Agreement, the Agreement will control Client’s usage of the Platform. Client acknowledges that Nexxen may enter into revenue sharing or flexible pricing arrangements with AlwaysOn Vendors.
3. Unexpected Termination. Nexxen reserves the right to terminate its relationship with any AlwaysOn Vendor at any time, in which case such AlwaysOn Vendor would no longer be available through the Platform.
4. Advanced Payment. While the payment obligation is directly between Client and the AlwaysOn Vendors, Nexxen may advance payment to the AlwaysOn Vendors so long as Client is current in paying the Fees. If Client is deliquent in paying the Fees, Nexxen may choose not to advance payment to the AlwaysOn Vendors and the AlwaysOn Vendors may seek payment directly from Client. Each AlwaysOn Vendor is an intended third-party beneficiary of this Agreement and Client will not assert a defense based on lack of privity against such AlwaysOn Vendors.
Fees
1. Methodology
  1. DMP. Nexxen charges an upfront deployment fee and a monthly fee.
  2. Datamine. Datamine is priced on a CPU-hour basis. Client will have a monthly allotment of CPU hours (which do not roll over if unused) and may purchase additional CPU hours as needed.
2. No Sequential Liability from Client. Client is responsible for paying the Fees to Nexxen, regardless of whether Client’s own advertisers (if any) have paid Client.
3. Self-Trafficking. Client may have the ability to use the Platform to: deploy and remove pixels or tracking tags; ingest, manage and analyze data or perform other functions (generally, “Self Trafficking”). Client hereby assumes any and all risk and accepts any and all liability arising out of or in connection with Self Trafficking, or in connection with Nexxen’s use of the Platform at the specific direction of Client, including but not limited to the collection of personally identifiable information, data entry errors, and AlwaysOn Data costs and Inventory Costs. Client hereby acknowledges and agrees that Nexxen shall bear no liability in connection with Client’s Self-Trafficking or Nexxen’s use of the Services at the specific direction of Client.
Consumer Privacy. The parties recognize the importance of consumer privacy.
1. Personally Identifiable Information. Nexxen agrees not to knowingly receive, collect or transmit personally identifiable information (“PII”) in connection with this Agreement. Client agrees not to provide any PII to Nexxen; upload PII into the Platform; or collect, process or store PII using the Platform.
2. Custom Audience. Client may have the ability to upload hashed e-mail addresses or other audience specific attributes to the Platform as part of a custom audience product. Client represents and warrants that it will not attempt to target individually identifiable users using such custom audience product. Client further represents and warrants that will not utilize Ad Campaign reporting to attempt to re-identify users.
3. United Kingdom. If Client is based in the United Kingdom, each party shall comply with the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any other applicable laws.
Data Rights.
1. Client’s Rights.
  1. Client Data. As between Client and Nexxen, Client owns all right, title and interest in the Client Data.
2. Nexxen’s Rights.
  1. Performing the Services. Client grants Nexxen a revocable, worldwide, non-exclusive, royalty-free license during the Term to use, reproduce, distribute, display and store Client Data solely to perform the Services.
3. Definitions
  1. “Client Data” generally means data stored in the Platform by Client. Client Data includes: the Creatives, information about Client’s own advertisers, pixel targeting data, any information collected by Client outside the Platform and any data licensed by Client from an Other Vendor. Client Data does not include User Activity Data.
  2. “User Activity Data” means data regarding end users’ digital activity gathered through or by the Platform as it relates to the Client specifically, excluding Client Data, including without limitation: IP addresses, websites visited and length of time on a page or website (e.g., interactions, and header information). User Activity Data expressly excludes any PII or any data of end users’ digital activity as it relates to other clients of the Nexxen Platform.
4. Further Restrictions. Client will not create derivative works of the AlwaysOn Data; reproduce, distribute or use the AlwaysOn Data for any purpose other than trafficking campaigns through the Platform; copy, transfer, sell, lease, syndicate, sub-syndicate, lend, or use for co-branding, timesharing, service bureau, arbitrage or other unauthorized purposes the AlwaysOn Data or access thereto; or utilize the descriptions of the AlwaysOn Data to assemble similar data or audience segments from an Other Vendor or any third party.
Product-Specific Terms.
1. DMP. Client may not downgrade its tier of DMP services effective midway through the Current Period. Client may change its tier of DMP services by executing a change order request form at least 30 days prior to the end of the Current Period; the change will occur at the start of the next Renewal Period.
Explanation of DMP Fees and Services
1. Monthly Fee. A fixed monthly fee charged every month of the Term for the DMP Service.
2. DMP Deployment Fee. A one-time fee which includes the cost of Platform setup, enabling AlwaysOn Data, setting up the collection of Client Data, creating customized reports (e.g., audience modeling and DMP reporting) and one full day of client-site training. Nexxen will not charge for travel expenses for the initial training session unless Client cancels the session.
3. Data Events. A “Data Event” is any data attribute brought into the Platform by or for Client including but not limited to first-party data (e.g., data collected through pixels and tags, customer relationship management data and offline data), Ad performance data from third-party DSPs and ad servers (e.g., impressions, clicks, actions, video engagement metrics, ad server data and search performance data) and custom third-party data.
4. Audience and Media Provider Pixels. An “Audience Pixel” is a pixel placed on a particular web site. A “Media Provider Pixel” is a pixel placed in a Creative. Client is not permitted to re-use a pixel.
5. Custom Data Ingestions. Client Data may be ingested into the DMP via pixel, file or server-to-server. The data may be ingested directly from Client or via Client’s data provider of choice, if agreed by Client and Nexxen.
6. Audience Syndication. This feature is outbound audience segment syndication capabilities to media, content personalization or other take-action platforms. Audience syndication can utilize either pixel-based syndication to any platform selected by the Client or server-to-server syndication to partner platforms already integrated and approved by Nexxen.
7. Consulting Services. Consulting services may be agreed between Client and Nexxen. Examples are: additional training sessions on the DMP, deployment assistance, data syndication assistance or data strategy guidance.
8. Analytics Services. Analytics services may be agreed between Client and Nexxen. Examples are: additional training sessions on Datamine, performing custom analytics (e.g., audience insights, customer lifetime value, media analysis, frequency analysis), designing dashboards or custom reports or designing and evalating tests.
9. No Rollover. Unused allowances (audience and media provider pixels, custom data ingestions, audience syndication, consulting hours, analytics hours, CPU hours) expire at the end of the month and do not roll.
Explanation of Datamine Fees and Services
1. Initial Allotment of CPU Hours. Any DMP tier which includes Datamine access will include an initial allotment of CPU hours. Client will not receive a credit for failing to utilize its initial allotment of CPU hours in any given month.
2. Additional CPU Hours. Additional CPU hours are charged at the Additional CPU Hour Price per additional CPU hour. Client may purchase up to 50,000 additional CPU hours per month.
3. Calculation of CPU Hours. CPU hour usage is tracked by the Google Cloud Platform. All CPUs are charged a minimum of 10 minutes when used, and thereafter are charged in one minute increments. For example, a query that launches 100 CPUs and runs for one hour will be charged 100 CPU hours.

Schedule C – Buying of Social Publisher Inventory

Last Updated January 24, 2024

The following terms and conditions apply to the Services specifically with respect to buying of Social Publisher (as defined herein) advertising inventory (the “Social Services”):

Client can elect either self-service or managed-service on a campaign-by-campaign basis.
1. 1. “Self Service” means Client will be responsible for setting-up its campaign and targeting parameters into the Platform in addition to monitoring and executing any necessary optimizations to the Social Services Ad Campaigns. Client will be provided access to account management and support queues to assist with questions surrounding the Platform functionality. Specifically, support is available for: account management; notification of platform releases; and issues pertaining to the platform, navigation, features, reporting, accessibility or errors. Support is not provided for: campaign strategy, setup or delivery, optimization or reporting requests.
  2. “Managed Service” means Nexxen provides the services listed below under “Description of Managed Services.”
2. “Media Fees” means the media cost for Social Services Ad Campaigns. Media Fees will include any fee for third-party data that is payable by Client to the Social Publisher. The “Social Publisher” is Facebook, Instagram, Twitter, Snapchat, Pinterest and any future publishers added by Nexxen.
  1. For Self Service Ad Campaigns, Media Fees are payable by Client directly to the respective Social Publisher.
  2. For Managed Service Ad Campaigns, Media Fees will be invoiced by Nexxen. Note: If Nexxen links its line of credit to Client’s Social Publisher account, then the entirety of spend under that account is subject to the Managed Service Fee.
3. The Self Service Fee (defined on the Pricing Sheet, if applicable) is a markup of Media Fees applicable to Self Service campaigns. The Managed Service Fee (defined on the Pricing Sheet, if applicable) is a markup of Media Fees applicable to Managed Service campaigns. The Self Service Fee and the Managed Service Fee will be invoiced by Nexxen.
4. One hour of teleconference-based training is included at no charge.
5. Client may have been quoted tiered pricing based on the total spend during the Current Period. If so:
  1. at the beginning of the Initial Period, Client will be charged at Tier 1 pricing;
  2. if Client’s total spend reaches the level to qualify Client for the next tier, the next tier’s pricing will take effect at the beginning of the following month; and
  3. in any case, Client resets to Tier 1 at the beginning of each Renewal Period.
6. Client’s use of the Platform for Social Services is limited to the sources of advertising inventory made available by the respective Social Publisher. Client agrees to abide by the terms of service with each respective Social Publisher, as applicable, and to indemnify hold harmless and defend Nexxen and its Affiliates, and any member, director, officer, employee or agent thereof, against all Liabilities asserted by any third party where such Liabilities arise out of or result from Client’s breach of such terms of service.
7. Client may use audience segments (“Social Data”) made available by Nexxen for Client’s activation with a Social Publisher. Client represents and warrants in connection with its use of the Social Data that it (i) will abide by the terms of service of each respective Social Platform, (ii) shall only use the Social Data in geographic regions permitted by Nexxen, and (iii) shall not violate any applicable law, rule, regulation, privacy policy, or third-party privacy or intellectual property right in any material respect. Nexxen shall invoice Client for the price of any Social Data utilized by Client (the “Social Data Fees”); such price will either be stated on the Pricing Sheet, stated on a rate card or confirmed on a campaign-by-campaign basis.
8. For Self Service Ad Campaigns:
  1. Nexxen is subject to rate limits on the usage of the Social Publisher’s API by Nexxen and its clients, including Client. Client shall not use or abuse the Social Services with a high volume of requests causing degradation in service to Nexxen or other clients of Nexxen. Conversely, Client shall not hold Nexxen responsible for any degradation of service caused by the use or abuse of the Social Services by other clients of Nexxen.
9. For Managed Service Ad Campaigns:
  1. Client will enter into insertion orders pursuant to IAB Standard Terms and Conditions Version 3.0
10. Client acknowledges that the Social Publisher will not provide support or technical assistance to Client with respect to the Social Services.
11. Client will have access to Social Services reports through the Platform. These Social Services reports are based entirely on data provided by the Social Publisher. Client agrees that Nexxen is not responsible for the accuracy or usefulness of these reports.
12. Nexxen hereby grants to Client the non-exclusive, non-transferable, non-sublicensable right and license for ten (10) login credentials during the term hereof to access and use the Platform solely for the purpose of planning, selecting, trafficking, uploading, optimizing and reporting Ad Campaigns or gaining insights through brand intelligence in accordance with the terms and conditions hereof.
13. Nexxen may use and disclose data derived from Client’s use of the Social Services without Client’s prior consent (a) on an aggregated basis, provided that such use or disclosure does not permit a third party to associate any particular data with Client; or (b) if required by court order, law, or governmental agency.
14. NEXXEN MAKES NO REPRESENTATIONS OR WARRANTIES AS TO THE SOCIAL PUBLISHER SERVICES OR INVENTORY OR AVAILABILITY THEREOF. Client understands that Nexxen shall not monitor Social Publisher inventory for appropriate content and makes no representations with respect to content associated therewith.
15. Description of Social Services Managed Services
  1. Nexxen will provide services with respect to the purchase, management and execution of advertising media and other client approved media placements for campaigns reflecting the Client product portfolio as follows.

Service	Service Description
Strategic Development	Nexxen will work with Client to develop social strategy on Facebook, Instagram, Twitter, Pinterest and Snapchat for campaign launches.
Targeting	Nexxen will collaborate with Client to develop comprehensive audience targeting for each managed campaign.
Media Buying	Nexxen will ensure that the most efficient media-buying rate is provided for Client.
Delivery and Planning	Nexxen will have a delivery team to bid, manage, monitor and optimize managed campaigns on an ongoing basis.
Analytics	Nexxen will provide weekly and as-needed basis reporting to Client outlining insights, recommended optimizations and any recommended changes to strategy. Additionally Client may have full access to a customizable dashboard as needed, which can be utilized for Facebook, Instagram, Twitter, Pinterest and Snapchat campaigns.

Digital Media Planning and Buying
1. Deploy Nexxen’s tools, processes and talent throughout the digital media planning and buying process
2. Utilize targeting, consumer insight, competitive insight, media trends and usage data as available to inform buys
3. Provide insight and informed recommendations for media strategies and tactical plans, identify opportunities and contribute to building Client’s brands and business
4. KPIs: Quantitative KPIs for improvements in effectiveness based on better planning
Media Buying and Commercial Responsibility
1. Provide projections (audience delivery, impressions, etc. based on media type)
2. As appropriate, develop buying options with competitive benchmarks
3. Monitor placements for engagement and quality of delivery.
4. Supply of media vendor contacts and specs to Client for copy/layout delivery
5. KPIs: Optimizing vertical audience targets, Successful delivery against buying and quality guidelines
Media Buying
1. Target audience profile development using all available industry, Nexxen proprietary, syndicated and Client-provided data
2. Target audience media habits and consumption analysis with implications for planning
3. Detailed media channel identification and selection and recommendation on effective budget allocation by media
4. Scheduling, flighting and weight level recommendations
5. Analysis of program/day part/title/section/position options
6. Deliver any necessary plan revisions due to budget fluctuations or strategic shifts and incremental funds and recommendations
7. Monthly spend reporting which can be accessed by Client as necessary
8. Evaluate and present potential opportunities as they arise and incorporate as appropriate
9. Ongoing collaboration with partner agencies throughout the planning and implementation process (where applicable)
10. Budgeting analysis and recommendation
11. Incorporate campaign learnings to inform future campaign development
Client Service
1. Day to day management for clients across all advertised brands
2. Implementation of relevant Nexxen research and tools to drive efficiencies and learnings for Client
3. Provide roll-up view of local plans to clients on a quarterly basis (Provide access to affiliate information on an as needed basis)
4. Share learnings across markets and business groups and into the global Nexxen team.
5. Attendance at briefings, planning meetings, ideation days and status meetings
6. Swift resolution of any service issues within the region
7. Attendance and active contribution to key client meetings
8. Ensure all plans and buying strategies receive written client approval before being implemented
Analytics
1. Support Client’s internal analytics and measurement systems by keeping spend and performance-tracking spreadsheets up to date and developing benchmarks and monitoring current performance against targets.
2. Keep internal managers informed on performance during campaign flights via high-level reporting on progress towards targets at a weekly cadence
3. Provide post-hoc insight into campaign performance by reviewing wrap reports produced by Client’s internal analytics team and providing feedback.
4. Be available to provide spend and fee data on an ad-hoc basis for accounting and financial reporting purposes.
5. Provide reporting and support for Client’s social media accounts
6. Post-analysis of campaign media activity for brand campaigns provided after campaign ends
7. Optimization and trend analysis to be provided on a quarterly basis

Schedule D – Service Level Agreement

This Service Level Agreement (the “SLA”) applies to the Social Services Self-Serve, Demand Side Platform, Data Management Platform, Datamine and NexxenTV products only. The SLA is only for the benefit of Client, not any third-party (including any advertiser of Client).
Availability. Nexxen targets 24 × 7 availability. If scheduled maintenance is required, Nexxen will make reasonable efforts to i) give advance notice and ii) schedule the maintenance outside of U.S. business hours.
Phone Support. Nexxen provides phone support during business hours, excluding weekends and holidays. Please contact your account representative for more information.
E-mail Support. Any issues affecting the availability or performance of the Services should be sent to support@Nexxen.com (for the Demand Side Platform, Data Management Platform, Datamine or NexxenTV) or your account representative (for Social Services Self-Serve) .
Minimum Service Levels. Nexxen guarantees performance at the “Minimum Service Levels” defined below. If Nexxen fails to meet the Minimum Service Levels measured over a period of three consecutive months, Client’s sole remedy is to terminate the Agreement.

Performance Category	Products	Minimum Service Level
All functionality	Demand Side Platform	99.5%
All functionality	Social Services Self-Serve, Data Management Platform, Datamine, NexxenTV	99.0%

Exceptions to Minimum Service Levels. The following items are excluded from the computation of Minimum Service Levels: (a) downtimes caused by scheduled maintenance events (including new releases), (b) Client-caused outages or disruptions, (c) failures of interconnections to or from and connectivity within the Client’s ISP or networks, (d) “false-positive” service breaches reported as a result of outages or errors of any Nexxen measurement system; (e) force majeure events including fire, floods, war, terrorist attacks, and similar incidents, and (f) outages caused by third-party systems including but not limited to exchanges, publishers (including Social Publishers), data vendors, networks and software providers. Variability in time required to process offline (or “batch”) reports is not considered downtime.
Issue Escalation. Nexxen will provide Client with an escalation path for reporting of a failure of service levels and/or functionality of the Services and triage instructions to be used in the implementation process and resolution. Upon receipt of an issue, Nexxen and Client will collectively determine the nature of the problem, set the relative priority and open a trouble ticket to initiate the problem resolution process in accordance with the procedure outlined below, provided that the ultimate determination of the priority level shall be within Nexxen’s reasonable discretion.

Priority Level	Description	Target Resolution Time*
Critical	Critical production issue affecting all users. A problem for which there is no known Workaround and which (a) prevents the execution of a Primary Function, or (b) results in data corruption or crash.	Under 24 hours
High	Major functionality is impacted or significant performance degradation is experienced. A problem which (a) causes difficulty in execution or use of a Primary Function or (b) prevents the execution of a Secondary Function, and as to any of the preceding, for which there is no known Workaround. Issue is persistent and affects many users and/or major functionality.	Under 48 hours
Low	System performance issue or bug affecting some but not all users. Short-term Workaround is available, but not scalable. Also includes an inquiry regarding routine technical issues or a problem which causes difficulty in execution of a Secondary Function, but for which there is a Workaround.	Determined by Nexxen on case-by-case basis

* Target resolution times reflect Nexxen’s intended mean time to recover. Nexxen does not guarantee that it will be able to resolve all errors, or that it will be able to resolve all errors within the target resolution time.
Issue Resolution Reporting. Nexxen will provide communication and updates to Client regarding the resolution of submitted issues regularly and/or upon request. After the resolution of an issue and upon request, Nexxen will provide appropriate reporting detailing the cause of the issue, how soon support activity commenced, and the steps to resolution.
Definitions.

“Primary Function” means an essential function of the Services (e.g., a problem with the bidding function, budgeting/pacing function or targeting function).
“Secondary Function” means a function that does not represent an essential function of Services (e.g., a problem accessing the user interface or a problem with the accuracy or completeness of a data feed or a delay in a data feed).
“Workaround” means a feasible change in operating procedures whereby an end-user can avoid the deleterious effects of a non-conformance without material inconvenience.

Schedule E - Nexxen Data Protection Addendum for Clients

Last Updated November 2o, 2024

This Data Protection Addendum (hereafter the “DPA”) forms part of the services agreement and any other applicable agreement between Nexxen, Inc. and/or its affiliates (“Vendor”) and the Client named in the agreement (“Client”), and is effective as of the effective date of the agreement (individually, and collectively, referred to as, “Agreement”), and is hereby incorporated into the Agreement between Nexxen and the Client for the provision of the relevant Nexxen services. This DPA will be effective as of the effective date of the relevant Agreement (“Effective Date”). Nexxen and Client are individually referred to herein as a “Party” and together the “Parties”.

This DPA describes the protection and security obligations of the Parties with respect to any Processing of Personal Data carried out in connection with the Agreement, in accordance with the requirements of Data Protection Law.

Capitalized terms not defined herein are defined as in Data Protection Law. Where a Client’s agency is signing on behalf of a Client, the agency (“Agency”) (on its own behalf and on behalf of the Client) makes the additional representations set forth in Section 2.5, on behalf of Client. In turn, “Client” thus includes without limitation any warranty, representation, covenant or action made or taken by Agency on behalf of Client.

Client (or Agency acting on Client’s behalf) and Vendor agree as follows:

Definitions. For purposes of this DPA:
1. “Client Property” means an advertisement, website, mobile app, or other digital property owned by Client.
2. “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity; “control” means the possession, directly or indirectly, of the power to direct or cause the direction of the management of that entity, whether through ownership of voting securities or otherwise.
3. “Controller” or “Independent Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data. Under Section 4 of this DPA, Vendor and Client act as joint Controllers and under Section 5 of this DPA, each Party is an independent Controller as to any Personal Data in its custody or control. The term “Controller” shall also mean “Business” under the CCPA and CPRA.
4. “Data Protection Law” means, to the extent applicable in the relevant jurisdiction(s) all data protection and privacy laws applicable to the Processing of Personal Data under the Agreement, including (a) the European Data Protection Law, (b) State Privacy Laws, including any State Privacy Law that draws a distinction between a data “Controller” and a data “Processor” or a “Business” and a “Service Provider” or similar terms, (c) the Australian Privacy Principles and the Australian Privacy Act (1988), (d) the Canadian Federal Personal Information Protection and Electronic Documents Act (“PIPEDA“) and any relevant substantially similar provincial law; in each case as may be amended, superseded, or replaced from time to time and (e) all legally binding requirements issued by the competent data protection authorities (i) governing the processing and security of information relating to individuals and providing rules for the protection of such individuals’ rights and freedoms with regard to the processing of data relating to them, (ii) specifying rules for the protection of privacy in relation to data processing and electronic communications, or (iii) enacting rights for individuals which are enforceable towards organizations with respect to the processing of their personal data, including rights of access, rectification and erasure.
5. “Data Breach” means “data breach,” “breach of the security of the system,”, “personal data breach”, “security breach,” “breach of security,” or “breach of system security,” and other analogous terms referenced in applicable Data Protection Law.
6. “European Data Protection Law” means all data protection and privacy laws and regulations or other legislation enacted in in the Member States of the European Economic Area, the United Kingdom and Switzerland and applicable (in whole or in part) to the Processing of Personal Data such as (a) Regulation 2016/679 (“EU GDPR“); (b) the EU e-Privacy Directive (Directive 2002/58/EC); (c) any national data protection laws made under or pursuant to (a) or (b); (d) in respect of the UK, the EU GDPR as it forms part of UK law by virtue of section 3 of the European Union (Withdrawal) Act 2018 (“UK GDPR“), the Data Protection Act 2018, the Privacy and Electronic Communications (EC Directive) Regulations 2003 as they continue to have effect by virtue of section 2 of the European Union (Withdrawal) Act 2018, and any other laws in force in the UK applicable (in whole or in part) to the Processing of Personal Data (together, “UK Data Protection Law“); and (e) the Swiss Federal Act on Data Protection of 25 September 2020 and its corresponding ordinances (“FADP“).
7. “SCCs” means (a) where the EU GDPR applies, the standard contractual clauses annexed to the European Commission’s Decision (EU) 2021/914 of 4 June 2021 (“EU SCCs“); and (b) where the UK GDPR applies, the United Kingdom International Data Transfer Addendum to the EU SCCs, located at https://ico.org.uk/media/for-organisations/documents/4019539/international-data-transfer-addendum.pdf (“UK IDTA”); in each case as may be amended, superseded, or replaced from time to time.
8. “Services” means the services Vendor (as described in the Agreement) including services, functions and responsibilities that are required for proper performance of the service Vendor performs for Client pursuant to the Agreement.
9. “State Privacy Laws” means all U.S state privacy laws relating to the protection and Processing of Personal Data in effect in the United States of America, which may include, without limitation, (a) the California Consumer Privacy Act of 2018, Cal. Civ. Code § 1798.100 et seq., together with any amending or replacement legislation and/ or law, including the California Privacy Rights Act of 2020 (collectively, “CCPA”) and any regulations promulgated thereunder, (b) the Virginia Consumer Data Protection Act of 2021, Va. Code Ann. § 59.1-571 to -581, (c) the Colorado Privacy Act of 2021, Co. Rev. Stat. § 6-1-1301 et seq., (d) Connecticut Public Act No. 22-15, “An Act Concerning Personal Data Privacy and Online Monitoring”, (e) the Utah Consumer Privacy Act of 2022, Utah Code Ann. § 13-61-101 et seq.
10. “Subprocessor” means any data processor (including any affiliate of Vendor) appointed by Vendor to Process Personal Data on behalf of Client set out in Annex III as updated in accordance with Section 3.6.

“Business,” “Business Purpose,” “Commercial Purpose,” “Consumer,” “Cross Context Behavioral Advertising,” “Data Subject,” “Deidentified,” “De-identified Data,” “Personal Data,” “Personal Information,” “Processing,” “Processor,” “Sale,” “Sell,” “Sensitive Personal Data,” “Service Provider,” “Share,” “Targeted Advertising” and “Third Party” shall have the meanings given to those terms (or analogous terms) in Data Protection Law.

2. Roles of the Parties; Scope and Purposes of Processing

2.1 – This DPA applies solely to the extent Personal Data is Processed by Vendor in relation to the Agreement. The Personal Data to which this DPA applies is set forth at Exhibit A.
2.2 – The Parties shall cooperate to comply with Data Protection Law and with the other Party to meet and perform its respective obligations pursuant to this DPA.
2.3 – The Parties acknowledge and agree that neither Party shall provide or make available Special Categories of Personal Data to the other Party in connection with the Services. The Parties acknowledge and agree that Vendor shall have no responsibility or liability for any Special Categories of Personal Data erroneously or inadvertently transferred under this DPA.
2.4 – Nothing in this DPA shall prohibit or limit Vendor’s rights to implement anonymization of Personal Data processed in connection with the Agreement. For the sake of clarity, data resulting from effective and compliant anonymization is not subject to this DPA.
2.5 – Where Agency is the signatory on behalf of Client, Agency represents and warrants that it (a) is authorized to make any representations, warranties and covenants herein, as agency-of-record to Client, (b) it will reasonably cooperate with Vendor to investigate and remedy any breaches or defaults of this Agreement caused by the actions or omissions of the Client.
2.6 – In the event a Party can no longer meet its obligations under this DPA or Data Protection Law it shall notify the other Party, and the other Party may terminate the Agreement, and if Vendor is the Party not capable of complying, Client shall receive a pro rata reimbursement of any prepaid, but unused fees (if any) under the Agreement following the effective date of such termination.

3. Obligations of Client and Vendor when acting respectively, as Controller and Processor

3.1 – This Section 3 shall apply only with respect to Processing of Personal Data carried out in the context of the provision by Services set out in the relevant Agreement, for which Client is acting as a Controller or Business (as applicable), and Vendor is acting as a Processor or Service Provider (as applicable), and for which the subject-matter, the nature and purpose, the type Personal Data, categories of Data Subjects and duration of Processing are set out in Exhibit A “Controller-to-Processor Processing of Personal Data”.
3.2 – Client warrants and represents that (a) it will comply with its obligations as Controller under applicable Data Protection Law in its processing of Personal Data and any processing instructions it issues to Vendor, (b) as at the Effective Date and during the term of the Curate Service (as described in the Agreement) all of the information provided by Client in the Vendor Data Onboarding Questionnaire is complete and accurate, and shall notify Vendor in writing if any of the information in such questionnaire changes prior to uploading or sharing any data with Vendor, (c) it has provided notice and obtained (or will obtain) all permissions, consents and rights necessary under applicable Data Protection Law for Vendor to process Personal Data and provide the Curate Service pursuant to the Agreement (including this DPA), (d) it will be responsible for all data (including Personal Data) uploaded or shared with Vendor by Client or a third party on its behalf (“Third Party”) as part of the Curate Service, including but not limited to ensuring such data is accurate, up-to-date, complete and relevant for the provision of the Curate Service, and such data is deleted from the Vendor Platform in the event that it such Data is no longer accurate, up-to-date, complete or relevant, and (e) it follows industry standards (including, but not limited to, relevant NIST standards in relation to the reliability and robustness of hashing algorithms) with respect to the secure hashing of any and all data elements that are sent to Vendor as part of the Curate Service. Client also representations and warranties it shall ensure such Third Party’s compliance with the relevant obligations contained in this Section 3, including but not limited to the foregoing sub-sections (d) and (e). For the purposes of this Section 3, Third Party shall be deemed to be Client’s Processor.
3.3 – The details of the Processing of Personal Data by Vendor are set out in Exhibit A to this DPA. Client shall notify in writing of any changes to the Categories of Personal Data set out in Exhibit A, Part II, of this DPA, and the Parties shall enter into a written agreement amending the Categories of Personal Data prior to uploading or sharing any new categories of Personal Data with Vendor. Client warrants and represents it will not and will procure that any users accessing the Curate Service do not upload or make available to Vendor any Personal Data that contains Special Categories. Breach of this Section 3 shall constitute a material breach of the Agreement and this DPA entitling Vendor to terminate the Agreement and this DPA immediately on written notice.
3.4 – Client agrees to defend and indemnify Vendor and its Affiliates against any loss, liability, claim, actions, damage, fines, penalties, judgments, settlement costs or expense (including, but not limited to, any and all expense whatsoever reasonably incurred in investigating, preparing or defending against any litigation, commenced or threatened, or any claim whatsoever) to which Vendor or the Parties may become subject arising out of or in connection with any breach and/or omission of Section 2 and Section 3.3 by Client or a Third Party. The indemnification provided in this Section 3.4 shall survive the termination of the Agreement.
3.5 – When Vendor Processes Personal Data in its capacity as a Processor on behalf of Client, Vendor will:
- 3.5.1 – Process Personal Data (a) in compliance with applicable Data Protection Law, and (b) only as necessary to perform its obligations under the Agreement, and only in accordance with Client’s documented instructions (as set forth in the Agreement, in this DPA, or as directed by the Client or Client’s authorized users through the Curate Service). Vendor is not responsible for determining if Client’s Processing instructions are compliant with applicable law. However, Vendor shall notify Client in writing if, in its reasonable opinion, the Client’s Processing instructions infringe applicable Data Protection Law and provided that Client acknowledges that Personal Data may be Processed on an automated basis in accordance with Client’s use of the Curate Service, which Vendor does not monitor.
- 3.5.2 – Not retain, use or disclose Personal Data outside of the direct business relationship between Client and Vendor.
- 3.5.3 – Not Sell or Share any Personal Data, or Process Personal Data for purposes of “Cross Context Behavioral Advertising” or “Targeted Advertising”.
- 3.5.4 – Comply with any applicable restrictions under Data Protection Law on combining the Personal Data with personal data that Vendor receives from, or on behalf of, another person or persons, or that Vendor collects from any interaction between it and any Data Subject.
- 3.5.5 – Not otherwise engage in any Processing of Personal Data that is prohibited or not permitted by Processors or Service Providers under Data Protection Law;
- 3.5.6 – for Personal Data subject to the State Privacy Laws, provide the level of protection required under State Privacy Laws.
- 3.5.7 – Ensure that the any employees or personnel it authorizes to Process the Personal Data is subject to an appropriate duty of confidentiality.
3.6 – Client provides a general authorization to Vendor use of Subprocessors to process Personal Data in accordance with this Section 6, including its Affiliates and those Subprocessors set forth at https://nexxen.com/dpa-sub-processor/ (“Subprocessor List”).
3.7 – Vendor shall (a) enter into a written agreement with its Subprocessors, which includes data protection terms that ensure at least the same standard of protection as set forth in this DPA; and (b) remain fully liable to Client for any breach of the Agreement and this DPA that is caused by an act, error or omission of its Subprocessors to the extent that Vendor would have been liable for such act, error or omission had it been caused by Vendor.
3.8 – At least thirty (30) calendar days prior to the date on which any new Subprocessor shall commence Processing Personal Data, Vendor shall update the Subprocessor List and provide Client with notice of that update.
3.9 – Client may object to Vendors’ appointment of a new or replacement Subprocessor, provided such objection is based on reasonable grounds relating to data protection by notifying Vendor in writing within thirty (30) calendar days after receiving notice pursuant to Section 8. In such an event, Vendor and Client will discuss those objections in good faith with a view to finding an acceptable, reasonable, alternative solution. If the Parties are not able to agree to an alternative solution, within thirty (30) calendar days from Vendor’s written notification, Client, as its sole and exclusive remedy, may terminate the Agreement with respect to only those aspects which cannot be provided by Vendor without the use of the new or replacement Subprocessor. Vendor will provide Client with a pro rata reimbursement of any prepaid, but unused fees (if any) under the Agreement following the effective date of such termination.
3.10 – Client is responsible for responding to and complying with Data Subject requests (“DSR”). Vendor shall, taking into account the nature of the processing, reasonably cooperate with Client to enable Vendor to respond to the DSR. If a Data Subject sends a DSR to Vendor directly and where Client is identified or identifiable from the request, Vendor will promptly forward such DSR to Client and Vendor shall not, unless legally compelled to do so, respond directly to the Data Subject except to refer them to the Client to allow Vendor to respond as appropriate.
3.11 – Vendor will provide reasonably requested information regarding the Services to Client for Client’s fulfillment of any legal obligation to (a) perform a data protection impact assessment related to the Processing of Personal Data; and/or (b) consult with supervisory authorities as required by applicable Data Protection Law, so long as Client does not otherwise have access to the relevant information.
3.12 – Vendor has implemented and will maintain appropriate technical and organizational measures appropriate to the nature of the Personal Data to protect the Personal Data from a Data Breach and to preserve the security, integrity, and confidentiality of the Personal Data, which policies, practices and procedures shall comply with all applicable Data Protection Law. At a minimum, such measures shall include the measures identified in Exhibit C (the “Security Measures“). Vendor agrees to keep the Security Measures under review and update them where necessary so that they remain appropriate, provided that such updates and modifications do not result in the degradation of the overall security.
3.13 – In the event of a Data Breach, Vendor shall notify Client within 72 hours, and will reasonably cooperate with and assist Client with respect to any required notification requirements to supervisory authorities or Data Subjects (as applicable), taking into account the nature of the Processing, the information available to Vendor, and any restrictions on disclosing the information (such as confidentiality).
3.14 – Client shall have the right, upon written request, Vendor shall provide Client, and/or its appropriately qualified third-party representative (provided such representative is not a competitor of Vendor and enters into a confidentiality agreement acceptable to Vendor), access to reasonably requested documentation evidencing Vendor’s compliance with its obligations under this DPA in the form of the relevant audits or certifications listed in the Security Measures. Such audits are performed (a) at least once annually; (b) according to ISO 27001 standards or such other alternative standards that are substantially equivalent to ISO 27001; and (c) by independent third party security professionals selected by Vendor. Except in the circumstances of a Data Breach, Client’s audits pursuant to this Section 14 shall consist of a confidential audit report, including information regarding any independent, third-party audit of Vendor’s or Subprocessors’ systems, processes, policies, practices and procedures (subject to any restrictions on disclosing the information (such as confidentiality)). Except in the circumstances of a Data Breach or such audit is required by a supervisory authority, Client’s audits pursuant to this Section 3.14 shall be limited to once per rolling twelve (12) month period. Vendor’s obligation to report or respond to a Data Breach pursuant to this DPA is not and will not be construed as an acknowledgement by Vendor of any fault or liability of Vendor with respect to the Data Breach. For the avoidance of doubt, as part of any audit undertaken Vendor will not be required to give Client access to Vendor’s other clients’ data or systems or Confidential Information that does not relate to the Agreement or this DPA.
3.15 – Except to the extent required otherwise by Data Protection Law, Vendor will securely destroy all Personal Data upon (a) written request of Client or (b) termination of the Agreement. Following the deletion or return mentioned above, some Personal Data may reside on Vendor’s backup and logging systems. Vendor shall not Process this Personal Data for any other purpose and shall ensure it is permanently deleted or irreversibly overwritten following its technological process.

4. Obligations of the Parties When Acting as Joint Controllers

4.1 – This Section 4 shall apply only with respect to Processing of Personal Data carried out in the context of the Services (set out in the relevant Agreement) made available by Vendor to Client, in which Client and Vendor act as joint Controllers .
4.2 – In accordance with article 26 of the GDPR, the Parties hereby determine their respective responsibilities for compliance with their obligations under GDPR.
4.3 – When acting as joint Controllers, the Parties shall ensure they have complied with the requirements of Section 4, below, as a means of jointly facilitating, transmitting and honoring the requirement that consent be obtained for certain Processing of Personal Data.
4.4 – Implementation of IAB “TCF” Framework or Other Legal Means of Transparency and Consent. In accordance with and to the extent required by Data Protection Law (for instance, as to Personal Data collected from Data Subjects in the European Union or United Kingdom), Vendor shall ensure that it is listed in the IAB Transparency and Consent Framework (“TCF”) and is compliant with all applicable IAB principles, terms and agreements, as well as any opt-out signals it receives that have been recognized by a regulatory or self-regulatory organization. Client shall in turn ensure that, to the extent legally required (for instance, where Client has engaged Vendor to “retarget” data subjects”), it obtains legally sufficient consent on behalf of Vendor, through a TCF implementation or another legally sufficient means. Each Party, to the extent it is a Controller, shall have the right and obligation to determine its own legal basis, e., for purposes of the TCF framework, “consent” or “legitimate interest,” and notwithstanding any other provision herein, neither Party shall be liable to the other based on its own determination of its respective legal basis. For avoidance of doubt, this Section 4.4 shall apply regardless of whether Vendor is acting as a Processor or Controller.

5. Obligations of the Parties When Acting as Independent Controllers

5.1 – This Section 5 shall apply only with respect to Processing of Personal Data carried out in the context of the Services (set out in the relevant Agreement) made available by Vendor to Client, in which Vendor and Client act as independent Controllers .
5.2 – When Processing Personal Data as independent Controllers each Party agrees that it shall:
5.3 – Comply with all requirements under Data Protection Law applicable to it as a Controller, and not perform its obligations under this DPA in such a way as to cause the other Party (where such other Party is otherwise in compliance with Data Protection Law) to breach any of its obligations under Data Protection Law.
5.4 – Take into account all data protection principles provided for in the Data Protection Law, including but not limited to the principles of purpose limitation, data minimization, accuracy, storage limitation, security, integrity and confidentiality, transparency and protection of Personal Data by design and by default.
5.5 – Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risks that are presented by the Processing of Personal Data that it carries out, in particular to protect the Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access.
5.6 – Take all the measures reasonably necessary to address any Data Breach relating to the Personal Data it Processes, mitigate its effects, prevent a recurrence of such Data Breach, promptly notify the other Party without undue delay after becoming aware of such Data Breach, provide in such notification information to enable the other Party to respond to competent data protection authority(ies) and the affected Data Subjects as required under Data Protection Law.
5.7 – Cooperate in the preparation of required data protection impact assessments.
5.8 – Carry out any required assessment, consultation and/or notification to competent data protection authorities or Data Subjects, in relation to the Processing it carries out.
5.9 – Handle any Data Subject’s requests and/or complaints it receives, in particular requests relating to the exercise of a Data Subject’s rights under Data Protection Law, including the rights of access, rectification, erasure and objection and the right to withdraw consent, and inform the other Party (without undue delay) in the event that it receives a Data Subject request related to the other Party’s respective Processing activities.
5.10 – Prominently post a legally sufficient, publicly available, privacy policy/ privacy notice, describing (in a legally sufficient manner) all categories of Personal Data collected, used and disclosed, and providing (through such notice and elsewhere on its website) a legally sufficient mechanism for Data Subjects to “opt out” of uses of their Personal Data as required by Data Protection Law (including the Sharing of their Personal Data or use of their Personal Data for “Targeted Advertising”) and “delete” their Personal Data; such aforementioned opt-out page shall include the Network Advertising Initiative’s opt-out page, accessible at http://www.networkadvertising.org, and/or the Digital Advertising Alliance’s opt-out page, accessible at http://www.youradchoices.com/, and where European Ad Impressions are facilitated, the European Interactive Digital Advertising Alliance’s opt-out page, accessible at http://www.youronlinechoices.eu/.
5.11 – Provide Data Subjects with all necessary information pursuant to Data Protection Law, in respect of the Processing of the Personal Data hereunder.
5.12 – Without limitation of the above (and subject to Section 4), exercise all obligations required of a Controller, under any Data Protection Law.

6. Additional Obligations of Parties Under California Law: CCPA Third Party Terms

6.1 – The following definitions apply for purposes of this Section 6.
- 6.1.1 – “Advertising Purposes” means all Restricted Purposes in addition to (i) activities that constitute Targeted Advertising or Cross Context Behavioral Advertising under State Privacy Laws, including any processing that involves displaying ads to a Consumer that are selected based on the Consumer’s cross-context behaviors, (ii) creating or supplementing user profiles for such purposes.
- 6.1.2 – “Disclosing Party” means a Party providing or making available Personal Data to a Receiving Party.
- 6.1.3 – “Receiving Party” means a Party receiving Personal Data provided or made available by a Disclosing Party.
- 6.1.4 – “Restricted Processing Signal” means any flag or signal indicating that a Consumer has opted out of the Sale, Sharing, or Processing for purposes of Targeted Advertising of their Personal Data, including without limitation those flags or signals sent through the IAB CCPA Compliance Framework, Global Privacy Platform, or other signaling system agreed to by the Parties.
- 6.1.5 – “Restricted Purposes” means advertising-related Processing that qualifies as a Business Purpose under CPRA, which includes first-party advertising, contextual advertising, advertising or marketing services that do not include Cross Contextual Behavioral Advertising, Targeted Advertising, or profiling, internal research, frequency capping, measurement, auditing, security and integrity, debugging, fraud detection and prevention, and ensuring and measuring viewability, each only to the extent such activity (i) is permissible for a Processor to perform under the applicable State Privacy Laws; and (ii) does not result in a Sale or Sharing of Personal Data or constitute Processing of Personal Data for Targeted Advertising purposes.
6.2 – This Section 6, State Privacy Obligations, applies only when the receiving Party Processes Personal Data from the Disclosing Party (i) that is subject to State Privacy Laws requiring its implementation; and (ii) no Restricted Processing Signal is present. If a Restricted Processing Signal is present, in such instances receiving Party will not facilitate or engage in any Processing that is not for Restricted Purposes, including any Cross Context Behavioral Advertising, Targeted Advertising, profiling, or otherwise selling any Personal Data associated with such Restricted Processing Signal.
6.3 – Purpose Limitations. Disclosing Party makes Personal Data available to Receiving Party only for Advertising Purposes. Receiving Party will Process Personal Data only for such Advertising Purposes, in a manner consistent with the State Privacy Laws and in accordance with its obligations and any restrictions in the Agreement.
6.4 – CCPA Compliance; Notification of Determination of Noncompliance. Receiving Party will comply with applicable obligations under the CCPA, including by providing an appropriate level of privacy protection as required by the CCPA, and will notify Disclosing Party without undue delay if Receiving Party determines it can no longer meet its obligations under the CCPA.
6.5 – Verification of CCPA Compliance. Upon Disclosing Party’s reasonable request, Receiving Party will provide the following to Disclosing Party to demonstrate Receiving Party’s Processing of Personal Data consistent with Disclosing Party’s obligations under the CCPA:
- 6.5.1 – A copy of a certificate issued for security verification reflecting the outcome of an audit conducted by an independent third-party auditor; or
- 6.5.2 – Any other information the Parties agree is reasonably necessary for Disclosing Party to verify Receiving Party’s Processing is consistent with Disclosing Party’s obligations under the CCPA, such as an attestation.
6.6 – Unauthorized Use Remediation. If Disclosing Party reasonably believes that Receiving Party is engaged in the unauthorized use of Personal Data provided by Disclosing Party, Disclosing Party may notify Receiving Party of such belief using the contact information provided in the Agreement, and the Parties will work together in good faith to stop or remediate the allegedly unauthorized use of such Personal Data, as necessary. Notwithstanding anything to the contrary, the disclosing Party may take reasonable and appropriate steps to ensure that the receiving Party uses the Personal Data that it collected pursuant to this DPA in a manner consistent with the disclosing Party’s obligations under CPRA.
6.7 – Onward Disclosure Obligations. To the extent permitted by the Advertising Purposes and the Agreement, if Receiving Party makes an onward disclosure of Personal Data provided to it by Disclosing Party, including through any Sale or Sharing of the Personal Data, Receiving Party will impose terms that are substantially similar to the terms imposed on Receiving Party by this Section 6.

7. Data Transfers

7.1 – Vendor may not engage in any cross-border Processing of Personal Data, or transmit (directly or indirectly) any Personal Data to any country outside of the country from which such Personal Data was provided to Vendor, unless it complies with Data Protection Law. To the extent required by Data Protection Law, Vendor shall ensure that a lawful data transfer mechanism is in place prior to engaging in any onward transfers of Personal Data from one country to another.
7.2 – Exhibit B applies in the event of cross-border transfers of Personal Data subject to the European Data Protection Law and FADP.
7.3 – In the event Client transfers Personal Data to Vendor that is subject to the Australian Privacy Act 1988, Vendor will Process such Personal Data in compliance with the applicable Australian Privacy Principles as specified by the Australian Privacy Act 1988.
7.4 – In the event Client transfers Personal Data to Vendor that is subject to the Japan’s Act for the Protection of Personal Information (“APPI”), Vendor will Process such Personal Data in compliance with the applicable provisions of the APPI.

8. Data Security. Vendor will implement appropriate administrative, technical, physical, and organizational measures to protect Personal Data, as set forth in the accompanying Exhibit C, including when acting as an importer for purposes of the Standard Contractual Clauses.

9. Indemnification and Limitation of Liability. The Parties agree that all liabilities between them under this DPA and the SCCs will be subject to the disclaimers, limitations and exclusions of liability and other terms of the Agreement, except that such disclaimers, limitations and exclusions of liability will not apply to a Party’s liability (a) under Section 4; (b) to Data Subjects under the third party beneficiary provisions of the SCCs, and (c) to the extent limitation of such liability is prohibited by (i) any applicable Data Protection Law; or (ii) under the SCCs.

10. General

10.1 – Change in Law. Notwithstanding anything to the contrary in the Agreement or this DPA, in the event of a change in Data Protection Law or a determination or order from a supervisory authority or competent court affecting this DPA or Vendor’s Processing of Personal Data pursuant hereto, the parties may amend this DPA as reasonably necessary to ensure continued compliance with Data Protection Law or any regulatory or court decisions.
10.2 – Survival. The provisions of this DPA survive the termination or expiration of the Agreement for so long as Vendor or its Subprocessors Process Personal Data.
10.3 – Updates. If Nexxen updates this DPA to account for changes in Data Protection Law concerning privacy or data security, or changes in the legal landscape based on enforcement or guidance related to Data Protection law (“Updates”), provided Nexxen shall not materially reduce its obligations hereunder or materially impact Client’s obligations hereunder, the Parties agree such Updates to the DPA will apply to this DPA automatically as of the date such Updates are posted.
10.4 – Governing Law and Jurisdiction. This DPA will be governed by and construed in accordance with the governing law, jurisdiction, and venue provisions in the Agreement, unless otherwise required by applicable Data Protection Law.
10.5 – Order of Precedence. Unless stated otherwise, in case of a conflict between the provisions of A) the DPA to the provisions of State Privacy laws, or B) the DPA to the provisions of the EU SCCs, the UK IDTA or the FADP, the provisions providing the more stringent protection to Personal Data and the rights of individuals shall govern. For the avoidance of doubt, any changes required under State Privacy laws, the EU SCCs, the UK IDTA or the FADP shall only apply to the Processing of Personal Data which is subject to the applicable Data Protection Law. If the EU SCCs, the UK IDTA or the FADP are superseded by new or modified mechanism, the new or modified mechanism shall be deemed to be incorporated into this DPA, and the Parties will promptly begin complying with such mechanism. In the event of any conflict or discrepancy between the Data Protection Law, the SCCs, this DPA, and the Agreement, the following order of precedence will apply: (a) Data Protection Law; (b) the SCCs (where applicable); (c) this DPA; and (d) the Agreement.

EXHIBIT A

Controller-to-Processor Processing of Personal Data

PART I

Measurement, Analytics and Reporting Services

Data Exporter and Data Importer	The data exporter is the Client. Client is a Controller. The data importer is Vendor. Vendor is a Processor. Client is a data exporter and Vendor is the data importer.
Categories of Data Subjects Whose Personal Data is Processed	Data Subjects who visit Client’s digital properties and/or information about Client’s customers.
Categories of Personal Data Processed	Identifiers consisting of a series of characters (contained in a cookie or other) provided or made available by data exporter, including IP addresses, and website or mobile or other app/device visits, installs or activity.
Nature and Purpose of Transfer and further Processing	Vendor’s Processing activities are limited to those set out in the Agreement and the DPA. The objective of the transfer and further Processing of Personal Data by Vendor is to provide the Services to the Client as set forth in the Agreement, related to ad targeting and/or measurement of ad campaigns, as well as security, anti-fraud and operational purposes.
Retention of Transferred Personal Data	Personal Data will be retained by each Party in accordance with the Party’s data retention policies.
Transfers to Sub-Processors	See Annex III.
Sensitive or Special Category Data	None.
Frequency of the Transfer	Continuous for the term of the Agreement.
For transfers to Sub-processors	subject matter, nature and duration of the Processing by Sub-processors: Same as above to the extent such information is provided to Sub-processors for purposes of providing the Services.

PART II

Curate Service

The data exporter’s and data importer’s address and contact person are set forth in the Agreement.

Data Exporter and Data Importer	The data exporter is the Vendor. Vendor is a Controller. The data importer is Client. Client is a Processor. Client is a data exporter and Vendor is the data importer.
Categories of Data Subjects Whose Personal Data is Processed	Data Subjects who visit Client’s digital properties.
Categories of Personal Data Processed	Identifiers consisting of a series of characters (contained in a cookie or other) provided or made available by data exporter, including IP addresses, and website or mobile or other app/device visits, installs or activity.
Nature and Purpose of Transfer and further Processing	Allow users to create deals across Nexxen supply inventory, targeting attributes of the bid request such as impression type, ad size, geo location, etc and layering on audience data segments (both first and third party), to be sold to advertisers.
Retention of Transferred Personal Data	Personal Data will be retained by each Party in accordance with the Party’s data retention policies.
Transfers to Sub-Processors	See Annex III.
Sensitive or Special Category Data	None.
Frequency of the Transfer	Continuous for the Term of the Agreement.

EXHIBIT B

Terms Applicable to Cross-Border Transfers of EEA, UK, and Swiss Personal Data

Unless otherwise indicated, capitalized terms in this Exhibit B are defined as in the DPA.

Personal Data Subject to the GDPR. To the extent required by Data Protection Law, by entering into the DPA, Client and Vendor are deemed to be signing the EU SCCs, which form part of the DPA and are incorporated herein by reference. The EU SCCs take precedence over the rest of the DPA to the extent of any conflict and are completed as follows:
1. Module 1 (controller to controller) applies to the extent Vendor is a Controller of Client Personal Data, Module 2 (controller to processor) shall apply to the extent Vendor is a Processor of Client Personal Data.
2. In Clause 7 (Docking clause), the optional docking clause will apply.
3. Clause 9, Option 2 (General Written Authorization) will apply. The list of Subprocessors already authorized by Client is set out in Annex III, and the time period for prior notice of Subprocessor changes shall be thirty (30) days.
4. In Clause 11 (Redress), the optional requirement that Data Subjects be permitted to lodge a complaint with an independent dispute resolution body does shall not apply.
5. Under Clause 13 (Supervision), the supervisory authority shall be in order of precedents (a) Republic of Ireland or (b) should the designation of Republic of Ireland not be legally permitted, then any of the Member States in which the Data Subjects whose Personal Data is transferred in relation to the offering of goods or services to them, or whose behaviour is monitored shall act as competent supervisory authority. Such supervisory authorities may be found at: https://edpb.europa.eu/about-edpb/about-edpb/members_en
6. In Clause 17 (Governing Law), the parties choose Option 1 (the law of an EU Member State that allows for third-party beneficiary rights). The parties select the law of Republic of Ireland.
7. In Clause 18 (Choice of Forum and Jurisdiction), the member state will be the courts of Republic of Ireland.
8. Annex I of the EU SCCs is completed as follows:
  1. Annex I.A, List of Parties:
    1. Client is the data exporter and acts as the controller or processor, as applicable. Its activities relevant to the transfer are receiving the Services of the Vendor pursuant to the Agreement.
    2. Vendor is the data importer and acts as a processor or controller, as applicable. Its activities relevant to the transfer are providing the Services to Client pursuant to the Agreement.
    3. The parties’ addresses and contact details are set forth in the in the Agreement and this DPA.
  2. Annex I.B is completed with the information set forth in Exhibit A of the DPA.
  3. Annex I.C, Competent Supervisory Authority: To the extent legally permitted, the competent supervisory authority is the Irish Data Protection Commission.
9. Annex II of the EU SCCs is completed as set out in Exhibit C of the DPA.
10. Annex III of the EU SCCs (List of Subprocessors) is set forth at nexxen.com/dpa-sub-processor.
Personal Data Subject to the UK Data Protection Law. To the extent legally required, by entering into this DPA, Client and Vendor are deemed to be signing the UK IDTA, which forms part of this DPA and is incorporated herein by reference. The UK IDTA takes precedence over the rest of this DPA as set forth in the UK Addendum and is completed as follows:
1. Table 1 of the UK IDTA: The Parties’ details shall be the Parties and their affiliates to the extent any of them is involved in such transfer, and the Key Contact shall be the contacts set forth in the Agreement and this DPA.
2. Table 2 of the UK IDTA: The Approved EU SCCs referenced in Table 2 shall be the EU SCCs as executed by the parties and completed in this Exhibit B.
3. Table 3 of the UK IDTA: Annexes I and II are set forth as provided in Section 1(g), 1(h) and 1(j) of this Exhibit B.
4. Table 4: Neither Party may end the DPA as set out in Section 19 of the UK Addendum.
Personal Data Subject to the FADP. To the extent legally required, the EU SCCs form part of the DPA as set forth in Section 1 of this Exhibit B, but with the following differences to the extent required by FADP:
1. References to the EU GDPR in the EU SCCs are to be understood as references to the FADP insofar as the data transfers are subject exclusively to the FADP and not to the GDPR.
2. The term “member state” in EU SCCs shall not be interpreted in such a way as to exclude Data Subjects in Switzerland from the possibility of suing for their rights in their place of habitual residence (Switzerland) in accordance with Clause 18(c) of the EU SCCs.
3. Under Annex II of the EU SCCs (Competent supervisory authority): (I) where the transfer is subject exclusively to the FADP and not the EU GDPR, the supervisory authority is the Swiss Federal Data Protection and Information Commissioner, and (II) where the transfer is subject to both the FADP and the EU GDPR, the supervisory authority is the Swiss Federal Data Protection and Information Commissioner insofar as the transfer is governed by the FADP, and the supervisory authority is as set forth in the EU SCCs insofar as the transfer is governed by the EU GDPR.
Additional Safeguards for the Transfer and Processing of Personal Data from the EEA, Switzerland, and the United Kingdom. To the extent that Vendor Processes Personal Data of Data Subjects located in or subject to the applicable Data Protection Law in the European Economic Area, Switzerland, or the United Kingdom Vendor agrees to the following safeguards (“Additional Safeguards”) to protect such data to an equivalent level as applicable Data Protection Law:
1. Vendor uses encryption for data.
2. Vendor shall use all available legal mechanisms to challenge any demands for data access through national security process that it receives, as well as any non-disclosure provisions attached thereto.
3. Vendor will notify Client if Vendor can no longer comply with the EU SCCs or UK IDTA (as applicable) or these Additional Safeguards, without being required to identify the specific provision with which it can no longer comply.

Exhibit C

Vendor Data Security Measures

Vendor will implement and maintain the following administrative, technical, physical, and organizational security measures for the Processing of Personal Data. Vendor may update or modify its security measures from time to time, provided that such updates and modifications do not result in the degradation of overall security.

Data Center and Network Security
1. Data Centers
  1. Infrastructure. Vendor maintains or leases computers in geographically distributed data centers. Vendor stores all production data in physically secure data centers.
  2. Redundancy. Infrastructure systems have been designed to eliminate single points of failure and minimize the impact of anticipated environmental risks. Dual circuits, switches, networks or other necessary devices help provide this redundancy. The Processor Services are designed to allow Vendor to perform certain types of preventative and corrective maintenance without interruption. All environmental equipment and facilities have documented preventative maintenance procedures that detail the process for and frequency of performance in accordance with the manufacturer’s or internal specifications. Preventative and corrective maintenance of the data center equipment is scheduled through a standard process according to documented procedures.
  3. Power. The data center electrical power systems are designed to be redundant and maintainable without impact to continuous operations, 24 hours a day, and 7 days a week. In most cases, a primary as well as an alternate power source, each with equal capacity, is provided for critical infrastructure components in the data center. Backup power is provided by various mechanisms such as uninterruptible power supply batteries, which supply consistently reliable power protection during utility brownouts, blackouts, over voltage, under voltage, and out-of-tolerance frequency conditions.
  4. Server operating systems. Vendor servers use hardened operating systems which are customized for the unique server needs of the business. Data is stored using proprietary algorithms to augment data security and redundancy. Vendor employs a code review process to increase the security of the code used to provide the Processor Services and enhance the security products in production environments.
2. Networks and Transmission
  1. Data Transmission. Data centers are typically connected via high-speed private links to provide secure and fast data transfer between data centers. This is designed to prevent data from being read, copied, altered or removed without authorization during electronic transfer or transport or while being recorded onto data storage media. Vendor transfers data via Internet standard protocols.
  2. External attack surface. Vendor employs multiple layers of network devices and intrusion detection (depending on the system) to protect its external attack surface. Vendor considers potential attack vectors and incorporates appropriate purpose built technologies into external facing systems.
  3. Intrusion prevention. Vendor’s intrusion prevention involves tightly controlling the size and make-up of Vendor’s attack surface through preventative measures.
  4. Incident response. Vendor monitors a variety of communication channels for security incidents, and Vendor’s security personnel will react promptly to known incidents. Vendor has a written Security Incident Response Plan that has been reviewed by counsel.
  5. Encryption technologies. Vendor makes HTTPS encryption (also referred to as SSL or TLS connection) available.

2. Access and Site Controls

Site Controls
1. On-site data center security operation. Vendor’s data centers maintain an on-site security operation responsible for all physical data center security functions 24 hours a day, 7 days a week. (The security operation consists of non-Vendor staff.) The on-site security operation personnel monitor Closed Circuit TV (“CCTV”) cameras and all alarm systems. On-site security operation personnel perform internal and external patrols of the data center regularly.
2. Data center access procedures. Vendor maintains formal access procedures for allowing physical access to the data centers. The data centers are housed in facilities that require electronic card key access, with alarms that are linked to the on-site security operation. All entrants to the data center are required to identify themselves as well as show proof of identity to on-site security operations. Only authorized employees, contractors and visitors are allowed entry to the data centers. Only authorized employees and contractors are permitted to request electronic card key access to these facilities. Data center electronic card key access requests must be made in advance and in writing, and require the approval of the requestor’s manager and the data center director. All other entrants requiring temporary data center access must: (i) obtain approval in advance from the data center managers for the specific data center and internal areas they wish to visit; (ii) sign in at on-site security operations; and (iii) reference an approved data center access record identifying the individual as approved.
3. On-site data center security devices. The data centers that Vendor uses employ an electronic card key and biometric access control system that is linked to a system alarm. The access control system monitors and records each individual’s electronic card key and when they access perimeter doors, shipping and receiving, and other critical areas. Unauthorized activity and failed access attempts are logged by the access control system and investigated, as appropriate. Authorized access throughout the business operations and data centers is restricted based on zones and the individual’s job responsibilities. The fire doors at the data centers are alarmed. CCTV cameras are in operation both inside and outside the data centers. The positioning of the cameras has been designed to cover strategic areas including, among others, the perimeter, doors to the data center building, and shipping/receiving. On-site security operations personnel manage the CCTV monitoring, recording and control equipment. Secure cables throughout the data centers connect the CCTV equipment. Cameras record on-site via digital video recorders 24 hours a day, 7 days a week. The surveillance records are retained for at least 7 days based on activity.
Access Controls
1. Infrastructure security personnel. Vendor has, and maintains, a security policy for its personnel, and requires security training as part of the training package for its personnel. Vendor’s security personnel are responsible for the ongoing monitoring of Vendor’s security infrastructure, the review of the Processor Services, and responding to security incidents.
2. Access control and privilege management. Client’s administrators and users must authenticate themselves via a central authentication system or via a single sign on system in order to use the Processor Services.
3. Internal data access processes and policies. Vendor’s internal data access processes and policies are designed to prevent unauthorized persons and/or systems from gaining access to systems used to process personal data. Vendor aims to design its systems to: (i) only allow authorized persons to access data they are authorized to access; and (ii) ensure that personal data cannot be read, copied, altered or removed without authorization during Processing, use and after recording. The systems are designed to detect any inappropriate access.
Data
1. Pseudonymization. In order to enhance user privacy, Vendor uses pseudonymous identifiers for end users.
2. Data Storage, Isolation & Authentication. Vendor stores data in a multi-tenant environment on servers owned or leased by Vendor. Data, the Processor Services database and file system architecture are replicated between multiple geographically dispersed data centers. Vendor logically isolates each Client’s data.
3. Decommissioned Disks and Disk Destruction Guidelines. Certain disks containing data may experience performance issues, errors or hardware failure that lead them to be decommissioned. Every decommissioned disk is subject to a series of data destruction processes before leaving Vendor’s premises either for reuse or destruction.
Personal Security
1. Vendor personnel are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards.
2. Background Checks. Vendor conducts reasonably appropriate backgrounds checks to the extent legally permissible and in accordance with applicable local labor law and statutory regulations.
3. Contractual Requirements and Training. Personnel are required to execute a confidentiality agreement and must acknowledge receipt of, and compliance with, Vendor’s confidentiality and privacy policies. Personnel are provided with security training. Personnel handling Client Personal Data are required to complete additional requirements appropriate to their role.
4. Personnel will not Process Client Personal Data without authorization and access to Client Personal Data is limited to those personnel who require such access to perform the Services.
Sub-processor Security
1. Before onboarding sub-processors, Vendor conducts due diligence to ensure sub-processors provide a level of security and privacy appropriate to their access to data and the scope of the services they are engaged to provide. Once Vendor has assessed the risks presented by the sub-processor then the sub-processor is required to enter into appropriate security, confidentiality and privacy contract terms.

Schedule F – Nexxen TV Planning and Buying

Last Updated January 24, 2024
The following terms apply to the Services, specifically with respect to Nexxen’s Linear ATV Platform. Linear advanced television, or “Linear ATV,” specifically refers to television programming distributed identically and simultaneously to numerous recipients through over-the-air broadcast or a communications network.
The Services.
Through the “Planning” functionality of the Platform, Client can license data, optimize and plan Linear ATV Ad Campaigns (creating “Planning Proposals”), collect and analyze data, obtain insights and conduct post-campaign analysis. Client can use the Planning Proposals in connection with the purchase of Advertising Inventory either through the Platform or in some cases (see “Direct Purchases” below) outside the Platform.
“Advertising Inventory” is space during or time-adjacent to Linear ATV programming made available by the originator or distributor (as applicable, the “Inventory Provider”) of such programming for the display of Creatives.
Buying. Through the “Buying” functionality, Nexxen can facilitate Client’s purchase of Advertising Inventory from Inventory Providers.
Managed Services.Nexxen may buy Ad Campaigns for Client on a managed-service basis, according to parameters outlined in an insertion order.
Nexxen Data.
Data Licensing. Nexxen may make available data (“Nexxen Data”) through the Platform at prices and terms shown through the Platform or (if manual) pursuant to a signed insertion order. The Nexxen Data may be licensed from a third-party provider (the “Data Vendor”).
Unexpected Termination. Nexxen reserves the right to terminate its relationship with any Data Vendor at any time, in which case the data from such Data Vendor would no longer be available through the Platform.
Managed Services Licensing. In the case where Nexxen delivers Ad Campaigns on a managed service basis, Nexxen may utilize Nexxen Data according to the parameters of the insertion order.
Fees.
Methodology. Nexxen charges the Campaign Expenses (except the Media Cost of Direct Purchases paid directly by Client to the Inventory Provider) plus the Linear Fees.
The “Campaign Expenses” are the sum of Media Cost and Nexxen Data cost.
The “Media Cost” is standard campaign fulfillment costs including inventory purchase costs (including the costs of Direct Purchases). The Media Cost will be the CPM price shown in the Platform or (if manual) pursuant to a signed insertion order. Client will be billed based on “booked” numbers not measured audience numbers. Client’s only remedy for under-delivery will be make-goods aired at a commercially reasonable time mutually agreed between Client and Inventory Provider. Client acknowledges that Nexxen may enter into revenue sharing or flexible pricing arrangements with Inventory Providers.
The “Linear Fees” are a surcharge of the Campaign Expenses multiplied by a specified percentage. Depending on the Services chosen by Client, the Linear Fees may include a technology fee and a managed service fee, as shown in the Pricing Sheet.
No Sequential Liability from Client. Client is responsible for paying the Fees to Nexxen, regardless of whether Client’s own advertisers (if any) have paid Client.
Trafficking. Nexxen will follow Client’s instructions to: set up, modify or traffic Ad Campaigns; deploy and remove pixels or tracking tags; ingest, manage and analyze data or perform other functions (generally, “Trafficking”). Client hereby assumes any and all risk and accepts any and all liability arising out of or in connection with Trafficking at the specific direction of Client, including but not limited to budget and tactic selection, and Nexxen Data costs and Media Cost.
Direct Purchases. Nexxen at its discretion may allow Client to use the Planning Proposals in connection with the purchase of Advertising Inventory where Nexxen does not act as an intermediary with the Inventory Provider (a “Direct Purchase”). A Direct Purchase may be made by an insertion order entered into between Client and the Inventory Provider, or through the Platform. In the case of a Direct Purchase, the parties agree that Nexxen is not in any way involved in the acquisition of Advertising Inventory or the delivery of an Ad Campaign. Therefore, Nexxen is not responsible (and Client is solely responsible) for the performance of the Ad Campaign or (with one exception, below) for collecting payment for the Advertising Inventory. However, Client is still liable to Nexxen for the Linear Fees. In the case of a Direct Purchase made outside the Platform, Client agrees to provide a copy of the insertion order to Nexxen within three days after signing; this is a material obligation under the Agreement.
Payment for Direct Purchases. In the case of some Direct Purchases made through the Platform, the Inventory Provider has authorized Nexxen to collect and remit payments from Client. Payment shall be Net 30 and Nexxen shall be solely responsible for determining charges to Client hereunder. If Client fails to promptly pay Nexxen, the Inventory Provider is authorized to collect directly from Client according to the principles of sequential liability. An Inventory Provider may impose additional payment conditions, which will be communicated in advance to Client by Nexxen or the Inventory Provider.
Deadlines.
Client-Provided Information. Client must provide, in a timely manner, such information relating to its selection of Advertising Inventory and the targeting details of each Ad Campaign requested by Nexxen. Such information as well as the cleared Ad Creative must be delivered to Nexxen at least 10 calendar days prior to the start of the Ad Campaign, subject to more stringent requirements from the Inventory Provider. All Ad Creative changes must be completed and the final Ad Creative must be delivered to Nexxen no later than six business days prior to the start of the Ad Campaign.
Schedule Changes by Client. Client must request any desired changes to the Ad Campaign schedule at least seven business days prior to the Ad Campaign start date. All requested changes are subject to Inventory Provider accommodation.
Cancellation. Client’s cancellation rights (if any) for Advertising Inventory shall be set out in the insertion order. In some cases Inventory Provider can also cancel purchases, in which case such cancelation policy will be stated in the insertion order.
No Guarantees. Nexxen will use commercially reasonable efforts to deliver the Ad Campaigns (except on Direct Inventory), however Nexxen makes no guarantees regarding timing or placement of Creatives or regarding quality of Advertising Inventory. In all cases the delivery of Creatives is subject to the Inventory Providers, who may pre-empt Creatives or programming without prior notice. Any adjusted placements will be delivered on a network listed on the insertion order.
Data Rights.
Client’s Rights.
Client Data. As between Client and Nexxen, Client owns all right, title and interest in the Client Data.
Planning Proposals. Client may use (and may only use) Planning Proposals internally for the purpose of planning the purchase of Advertising Inventory. The Planning Proposals constitute Confidential Information and Client shall not remove any proprietary or copyright notice therefrom. If Client is an agency, Client is authorized to provide the Planning Proposals to the advertisers of the Ad Campaigns described in the Planning Proposals, subject to the advertisers’ compliance with the foregoing restrictions.
Nielsen-certified Data. Notwithstanding (i), Nielsen-certified data is Confidential Information and may not be publicized or shared without prior, written permission. If Client is an agency, Client is authorized to provide the Nielsen-certified data to the advertisers of the Ad Campaigns described in the Nielsen-certified data, subject to the advertisers’ compliance with the foregoing restrictions.
Nexxen’s Rights.
Performing the Services. Client grants Nexxen a revocable, worldwide, non-exclusive, royalty-free license during the Term to use, reproduce, distribute, display and store Client Data solely in connection with the Services.
Definitions.
“Client Data” generally means data stored in the Platform by Client. Client Data includes: the Creatives, information about Client’s own advertisers and any information collected by Client outside the Platform. Client Data will expire and may be deleted if not updated by Client for 30 days. Nexxen may also delete Client Data if it is not used for activating Ad Campaigns for three consecutive months.
Product-Specific Terms.
Buying Managed Services. If Client elects to have Campaigns run by Nexxen as managed services, the Campaigns will be run pursuant to an insertion order. The insertion order will be on Nexxen’s standard form and subject to the acceptance of the parties. In the event of conflict between this Agreement and any insertion order, the insertion order will control.
Explanation of Linear Fees and Services.
Technology Fee.This is the fee to use the Platform. It is charged whether Client elects self service or managed service.
Managed Service Fee.This is an additional fee if Client elects managed service.
Differences Between Self Service and Managed Service.
SERVICE
DESCRIPTION
SELF SERVICE TIER
MANAGED SERVICE TIER
Trafficking
Managed trafficking of up to two creatives per campaign. Additional creatives may be subject to additional fee
No
Yes
Planning
Strategic target creation (40,000 segments and 1st party onboarding)
Yes
Yes
Planning
Plan generation (multiple scenarios full constraint control)
Yes
No
Planning
Scoring revisions/ordered plans (strategic target)
Yes
No
Planning
Scoring baseline/pre-options (strategic target)
Yes
No
Planning
Pulling quarterly program-level rankers (strategic target)
Yes (starting Q4 2019)
No
Planning
Formatting and verifying future quarter plans
Yes
No
Planning
Mapping inventory to selling title IDs
No
Yes
Supply Ingestion
Allocation of owned inventory (quarterly optimizations)
Yes
No
Supply Ingestion
Formatting and verifying schedule for ingestion, setting up new ATV Platform instance
No
Yes
Supply Ingestion
One-time brand centric ingestion schedule ingest
Yes
No
Supply Ingestion
Direct publisher integration (quarterly allocations and scatter planning)
No
Yes
Transaction
Direct publisher transactions (scatter buying)
Yes
No
Transaction
Direct publisher allocations (custom instance)
Yes
No
Reporting
Post report generation
Yes
No
Reporting
Pacing (“Keeping Trac”)
Yes
No
Reporting
Pacing and post report generation (direct publisher integration)
Yes
No
Reporting
Pacing and post report QA (direct publisher integration)
Yes
No
Training
Training support for Agency team
Yes
No
Training
Training Agency on rescore
Yes
No
Training
Troubleshooting and planning assistance
Yes
No

SERVICE	DESCRIPTION	SELF SERVICE TIER	MANAGED SERVICE TIER
Trafficking	Managed trafficking of up to two creatives per campaign. Additional creatives may be subject to additional fee	No	Yes
Planning	Strategic target creation (40,000 segments and 1st party onboarding)	Yes	Yes
Planning	Plan generation (multiple scenarios full constraint control)	Yes	No
Planning	Scoring revisions/ordered plans (strategic target)	Yes	No
Planning	Scoring baseline/pre-options (strategic target)	Yes	No
Planning	Pulling quarterly program-level rankers (strategic target)	Yes (starting Q4 2019)	No
Planning	Formatting and verifying future quarter plans	Yes	No
Planning	Mapping inventory to selling title IDs	No	Yes
Supply Ingestion	Allocation of owned inventory (quarterly optimizations)	Yes	No
Supply Ingestion	Formatting and verifying schedule for ingestion, setting up new ATV Platform instance	No	Yes
Supply Ingestion	One-time brand centric ingestion schedule ingest	Yes	No
Supply Ingestion	Direct publisher integration (quarterly allocations and scatter planning)	No	Yes
Transaction	Direct publisher transactions (scatter buying)	Yes	No
Transaction	Direct publisher allocations (custom instance)	Yes	No
Reporting	Post report generation	Yes	No
Reporting	Pacing (“Keeping Trac”)	Yes	No
Reporting	Pacing and post report generation (direct publisher integration)	Yes	No
Reporting	Pacing and post report QA (direct publisher integration)	Yes	No
Training	Training support for Agency team	Yes	No
Training	Training Agency on rescore	Yes	No
Training	Troubleshooting and planning assistance	Yes	No

Master Service Terms

© 2025 Nexxen International Ltd. All rights reserved.