This Data Processing Addendum ("DPA") is incorporated into the Terms of Service between Customer ("Controller") and SpotlightIQ, LLC ("Processor").
1. Definitions
Terms like "Personal Data," "Processing," and "Data Subject" will have the meanings ascribed to them in applicable data protection laws like the CCPA.
2. Roles and Scope of Processing
Processor will process Personal Data only on behalf of and in accordance with the documented instructions of the Controller (as detailed in Appendix 1).
3. Security Measures
Processor will implement and maintain appropriate technical and organizational security measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, or unauthorized disclosure or access.
4. Subprocessors
Controller provides a general authorization for Processor to engage third-party subprocessors to provide the Services. Processor will maintain a list of subprocessors and provide notice of any new subprocessors.
5. Data Subject Rights
Processor will, to the extent legally permitted, provide reasonable assistance to the Controller to respond to requests from Data Subjects to exercise their rights.
6. Data Breach Notification
Processor will notify Controller without undue delay after becoming aware of a Personal Data breach.
7. Termination
Upon termination of the Services, Processor will delete or return all Personal Data as instructed by the Controller, unless required by law to retain it.
Appendix 1: Details of Processing
Categories of Data Subjects:
- Employees, agents, and representatives of the Customer who are authorized to use the SpotlightIQ platform.
- Individuals (e.g., business professionals, stakeholders) whose personal data is included in the Customer Content uploaded or synced by the Customer for targeting purposes.
- Visitors to the Customer's websites where a SpotlightIQ measurement pixel is installed.
Categories of Personal Data:
- Customer User Data: Full name, business email address, phone number, job title, company name, and IP address.
- Customer Targeting Data: Personal data contained within Customer Content, which may include names, titles, company names, and business contact information.
- Website Measurement Data: Online identifiers (e.g., cookie IDs), IP addresses, and browsing activity collected via the measurement pixel on Customer's website(s).
Nature and Purpose of Processing:
- To provide the Services as described in the Terms of Service.
- To enable the Customer to create, manage, and measure CTV and other digital video advertising campaigns.
- To process Customer Targeting Data as instructed by the Customer to create target audience segments.
- To analyze campaign performance and generate insights.
- To provide customer support and maintain the platform.