ID5 ID Agreement

v1.0 June 30, 2025

  1. Introduction and Agreement.
    • These terms of service and the accompanying DPA(s) annexed hereto (collectively, the “ID5 ID Agreement”) represents, as of the Commencement Date, a binding legal agreement between ID5 Technology Limited (“ID5”) and the legal entity which is bound by the Platform Agreement into which these terms are incorporated (“Company”) to govern Company’s use of the ID5 ID Services. ID5 and Company may be referred to herein together as the “Parties” or individually as a “Party”.
    • Acceptance. By (x) accepting the applicable Platform Agreement without written objection to the explicit incorporation of this ID5 ID Agreement by reference; or (y) otherwise instructing the/a Platform Partner to activate the ID5 ID Services for Company:
      • i) Company acknowledges and agrees that it is bound by the terms and conditions this ID5 ID Agreement, thereby forming a direct contractual relationship with ID5; and
      • ii) the person accepting the Platform Agreement, including as modified, represents and warrants that they have been duly authorized to bind Company to this ID5 ID Agreement.
    • Effective Date. This ID5 ID Agreement sets forth the terms and conditions governing Company’s use of the ID5 ID Services. This ID5 ID Agreement becomes effective on the date on which the Platform Agreement which incorporates this ID5 ID Agreement by reference becomes effective (“Commencement Date”). This ID5 ID Agreement shall remain in full force and effect following the expiration or termination of the Platform Agreement for any reason.
    • Third-Party Beneficiary. As further described in the Platform Agreement, Company acknowledges and agrees that ID5 is an express third-party beneficiary of Company’s agreement to the Platform Agreement, and ID5 has the direct right to enforce the terms of this ID5 ID Agreement against Company as if ID5 were an original party to the Platform Agreement. This direct right of enforcement by ID5 is independent of, and shall not be affected by, the continuation or termination of Company’s relationship with the Platform Partner.
    • Interpretation. Defined terms used in this ID5 ID Agreement are provided below and in Section 14. For the purposes of this ID5 ID Agreement, (a) the words “include,” includes,” “including,” and similar terms are deemed to be followed by the words “without limitation”; (b) unless the context otherwise requires, words in the singular include the plural and in the plural include the singular; (c) headings in this ID5 ID Agreement are only for reference and will not affect the interpretation of this ID5 ID Agreement; and (d) references to a statute, regulation, directive, or other legally binding rule (each, a “Law”) means such Law as amended from time to time and includes any successor legislation thereto and any regulations promulgated thereunder.
    • ID5 ID Services Free of Charge. ID5 provides the ID5 ID Services free of charge subject to the terms and conditions hereof, including its warranties, indemnities, and limitations of liability.
  2. ID5 ID Services; Rights; Related Parties.
    • ID5 ID Services
      • i) Subject to the terms and conditions of this ID5 ID Agreement, when a Visitor accesses any of the Digital Properties, ID5 will process Personal Data for the Permitted Purpose, including for the purpose of returning a Visitor’s ID5 ID and/or other User IDs to Company or its Related Party (as applicable) in real time through the ID5 ID Services.
      • ii) To activate the ID5 ID Services, Company and its Related Parties must incorporate its/their assigned ID5 Partner Number into each instance of the ID5 API which the applicable party integrates on its Digital Properties in accordance with the ID5 ID Requirements.
      • iii) Company or its Related Parties may enable ID5 Identity Insights, ID5’s proprietary analytics adapter for prebid, at any time.
    • Rights.
      • i) Rights granted by ID5.
        1. Subject to the terms and conditions of this ID5 ID Agreement, ID5 hereby grants Company a non-exclusive, revocable, worldwide, non-transferable and non-sublicensable right and license during the Term to: (i) integrate and use the ID5 API on Digital Properties solely to enable the ID5 ID Services; and (ii) to receive, use, and distribute the specific encrypted instance of each ID5 ID in accordance with Applicable Privacy Law.
        2. Company may permit its Related Parties to use the ID5 ID Services, including integrating the ID5 API, solely for the Permitted Purpose in connection with such Related Parties’ activities related to Digital Properties, provided that Company is directly liable for any act or omission of any Related Party in violation of this ID5 ID Agreement as if it were committed by Company. Notwithstanding the foregoing, Company shall not be directly liable for any Related Party which has executed a ID5 ID Agreement directly with ID5 for such party’s use of the ID5 ID Services.
      • ii) Rights granted by Company. Subject to the terms and conditions of this ID5 ID Agreement, Company hereby grants, and is authorized to grant, a non-exclusive, worldwide, royalty-free license during the Term to ID5 to access, use, process, and store the Company Data and Collected Data from each Digital Property for ID5 to provide the ID5 ID Services and fulfill the Permitted Purpose, including the generation of ID5 Generated Data as further described herein. ID5 may sublicense the foregoing rights to its Affiliates and subcontractors as necessary to assist ID5 in the performance of its obligations.
  3. Proprietary Rights.
    • Intellectual Property.
      • i) As between the Parties, Company owns all right, title and interest in and to its intellectual property, including the raw Company Data provided to ID5 hereunder.
      • ii) As between the Parties, ID5 owns and will retain all right, title and interest in and to its ID5 Intellectual Property. Notwithstanding anything to the contrary in this ID5 ID Agreement, Company acknowledges and agrees that ID5 exclusively owns all right, title, and interest in and to any and all ID5 Generated Data. Company acknowledges that ID5 Generated Data results from the application of ID5’s proprietary algorithms to a vast dataset aggregated from thousands of independent sources, and as such, constitutes a new and distinct asset wholly owned by ID5. ID5 Generated Data shall not be considered the property of Company or a derivative work of Company's intellectual property or Company Data.
      • iii) Each Party reserves any and all rights not expressly granted in this ID5 ID Agreement and disclaims all implied licenses.
    • Feedback. If Company provides any Feedback to ID5:
      • i) In its sole discretion, ID5 will determine whether to proceed with the development of any enhancements, features and/or functionality, in whole or in part; and
      • ii) Company hereby grants ID5 a royalty-free, fully paid-up, irrevocable, perpetual, worldwide license to use such Feedback for any lawful purpose, including, without limitation, the development and/or improvement of features and/or functionality for the ID5 ID Services and/or any other ID5 products and/or services; provided that ID5 will not publicly disclose any of the Feedback in such a way as to identify or that would reasonably be expected to identify Company as the source of such Feedback.
    • Publicity; Press Releases. Without the other Party’s prior written consent, neither Party shall use the other Party’s name or logo to (a) issue public announcements or marketing communications referencing the other Party; or (b) issue case studies, testimonials, or press releases. Notwithstanding the foregoing, each Party grants the other Party a limited, non-exclusive, revocable right to use the other Party’s name and logo in client or vendor lists, subject to any brand guidelines and any reasonable written restrictions of such Party.
  4. Representations and Warranties. Each Party represents and warrants to the other Party that: (a) it has the full right, power, and authority to enter into this ID5 ID Agreement and to convey the rights and perform its obligations hereunder; (b) its execution and performance of this ID5 ID Agreement does not and will not violate any other agreement to which it is a party or by which it is otherwise bound; and (c) it will comply with all Applicable Laws to the extent applicable to its performance of its respective obligations and exercise of its respective rights under this ID5 ID Agreement, except to the extent non-compliance arises from the action or inaction of the other Party (including such other Party’s Affiliates and Related Parties).
  5. Security
    • Information Security Standard. Each Party agrees that it will use commercially reasonable efforts to maintain administrative, technical, and physical safeguards that are no less rigorous than industry standard practices and the requirements of Applicable Privacy Law to ensure the security and confidentiality of Personal Data, protect against any anticipated threats or hazards to the confidentiality, availability, or integrity of Personal Data, and protect against unauthorized access, use, or alteration of Personal Data.
    • Written Information Security Program. Throughout the Term, each Party shall maintain, in writing, reasonable security procedures and practices necessary to protect Personal Data within its control from unauthorized access, destruction, use, modification, or disclosure.
    • Unauthorized Access.
      • i) Throughout the Term, without limiting any of its obligations under this ID5 ID Agreement, each Party will use commercially reasonable efforts to prevent unauthorized access to or use of the ID5 ID Services.
      • ii) Each Party shall promptly notify the other Party in writing upon becoming aware of any security incident or breach that materially impacts or compromises: (i) the security, integrity, or operation of the ID5 ID Services on the Digital Properties; or (ii) the confidentiality, integrity, or security of Collected Data or Company Data transmitted, or intended to be transmitted, to ID5 from Digital Properties.
  6. Obligations and Restrictions
    • Company Obligations.
      • i) For each Digital Property, Company or the applicable Related Party owns, operates, or controls the property, or has otherwise obtained and will maintain all necessary rights, permissions, licenses, and consents required to perform its obligations in compliance with Applicable Law and this ID5 ID Agreement
      • ii) Company is solely responsible for implementing and maintaining reasonable security measures to safeguard its assigned ID5 Partner Number(s). Company shall not, and shall ensure its Related Parties do not, publish, share, or otherwise disclose its ID5 Partner Number(s) in any manner that would facilitate its unauthorized use by a third party. For the purposes of this Agreement, any and all use of the ID5 ID Services associated with Company's assigned ID5 Partner Number(s) shall be deemed to be use by Company, and Company shall be fully liable for all such use in accordance with Section 2(b) and Section 11.
      • iii) Throughout the Term, without limiting any of its obligations under this ID5 ID Agreement, Company (on behalf of itself and its Related Parties) is solely and directly responsible for:
        1. all implementation and use of the ID5 ID Services hereunder (including all use of the ID5 IDs) on all Digital Properties;
        2. compliance with the ID5 ID Requirements;
        3. performance of all obligations hereunder in accordance with good industry practice and without gross negligence or willful misconduct; and
        4. ensuring that:
          • each Digital Property displays a clear, comprehensive, and accurate privacy notice regarding the collection, Processing, use, and sharing of Collected Data and Company Data for the Permitted Purpose(s) as contemplated by this ID5 ID Agreement which is sufficient to meet the requirements of Applicable Privacy Law;
          • all Visitor Choices required under Applicable Privacy Law are offered to Visitors in a prominent and easily accessible manner;
          • Visitor Choice Signals are collected, recorded, and respected as required under Applicable Law;
          • Visitor Choice Signals are accurately, completely, and promptly transmitted to ID5 via the ID5 ID Services in accordance with the ID5 ID Requirements.
    • ID5 Obligations.
      • i) Privacy Policy. Throughout the Term, the ID5 website will prominently display the ID5 Privacy Policy.
      • ii) Data Retention. ID5 shall retain Company Data and Collected Data for no longer than three months, except to the extent reasonably necessary for internal logs, security, and compliance with Applicable Law.
      • iii) Permitted Purpose. Throughout the Term, ID5 will Process the Company Data and Collected Data hereunder in compliance with the Permitted Purpose, ID5 Privacy Policy, and Visitor Choice Signals.
    • Company Restrictions. Without limiting any of Company’s obligations under this ID5 ID Agreement, Company will not, and will not assist or knowingly permit any Related Party or third party to:
      • i) Use the ID5 ID Services for any fraudulent purpose or otherwise in violation of any Applicable Law, or outside the Permitted Purpose;
      • ii) Copy, reproduce, modify, translate, host, sublicense, lease, transfer, resell, disassemble, decompile, reverse engineer, or create derivative works from the ID5 ID Services, the ID5 IDs, or any aspect thereof;
      • iii) Send or provide to ID5, including via the ID5 ID Services, any material that is or is intended to be technically harmful (including viruses, worms, Trojan horses, logic bombs, or other malicious code or features);
      • iv) Damage, impair, disable, breach, tamper with, misappropriate, circumvent, or interfere with any security measure, access or use restrictions, or any other aspect of the ID5 ID Services;
      • v) Use the ID5 ID Services or ID5 IDs:
        1. to make, or assist in making, a decision about a Visitor’s eligibility for employment, health care, credit or insurance; or
        2. to make, or assist in making, a decision by automatic means that produces legal effects concerning, or has a similarly significant effect on, the Visitor;
        3. Provide to ID5 any Directly Identifiable Data or Sensitive Data; or
        4. Use the ID5 ID Services on any Digital Property, or portion thereof, that is directed to users or Visitors below the Restricted Age or knowingly collect or transmit Personal Data (including Collected Data or Company Data) to ID5 from users or Visitors reasonably known by Company to be under the Restricted Age.
  7. Confidentiality.
    • The receiving Party shall (i) maintain the confidentiality of the disclosing Party’s Confidential Information using at least the same degree of care it uses to protect its own confidential information, but no less than a reasonable degree of care, (ii) not disclose such information to any third party without the disclosing Party’s prior written consent, and (iii) use such information solely for the purpose of performing its obligations and exercising its rights under this ID5 ID Agreement.
    • D5’s obligations with respect to Company Data (including but not limited to confidentiality obligations therewith) are governed by Section 8 of this ID5 ID Agreement, Applicable Privacy Laws, and all data processing agreements executed between the Parties (including but not limited to Exhibit X and Exhibit Y hereto, as applicable) and, therefore, Company Data is expressly excluded from Confidential Information
  8. Data Protection; Privacy.
    • Data Processing Addenda.
      • i) The Parties shall comply with the terms of the Data Processing Addenda attached at the links below as Exhibit X and Exhibit Y (each a "DPA", collectively the "DPAs"), which are incorporated herein by reference and govern the Processing of Personal Data under this ID5 ID Agreement. The specific DPA applicable to a Processing activity depends on the nature of the Applicable Privacy Law governing such activity:
        1. Opt-In Jurisdictions.
          • i) Where Applicable Privacy Laws require obtaining the data subject’s explicit consent prior to the relevant Processing of the data subject’s Personal Data ("Opt-In Applicable Privacy Laws"), the terms of the Opt-In Jurisdiction Data Processing Agreement available at id5.io/legal/agreements/dpa/opt-in effective as of the Commencement Date shall apply, subject to Section 8(b). As of the Commencement Date, Opt-In Applicable Privacy Laws include, without limitation, Applicable European Data Protection Law such as GDPR and UK GDPR.
          • The Parties acknowledge and agree that to the extent Opt-In Applicable Privacy Laws apply, each Party acts as an independent controller or similar term under Applicable Privacy Laws with respect to its respective Processing of Personal Data. As such, Company is solely responsible for ensuring that it has secured any legally required rights, consents, or permissions (including those from its Visitors/data subjects) necessary to enable ID5 to Process Personal Data in accordance with this ID5 ID Agreement, the DPAs, and the ID5 Privacy Policy.
        2. Opt-Out Jurisdictions. Where Applicable Privacy Laws permit the relevant Processing to occur based on providing data subjects with notice and an opportunity to opt-out ("Opt-Out Applicable Privacy Laws"), the terms of the Opt-Out Jurisdiction Data Processing Agreement available at id5.io/legal/agreements/dpa/opt-out effective as of the Commencement Date shall apply, subject to Section 8(b). As of the Commencement Date, Opt-Out Applicable Privacy Laws include, without limitation, certain Applicable U.S. Privacy Laws.
      • ii) The Parties agree that the applicable DPA governing their Processing activities under the ID5 ID Agreement shall automatically be determined by the nature of the Applicable Privacy Law governing the specific Processing activity in question, without requiring further amendment to this ID5 ID Agreement, as further detailed in the DPAs.
      • iii) In the event of any conflict or inconsistency between the terms of this ID5 ID Agreement and the terms of an applicable DPA concerning the Processing of Personal Data, the terms of the applicable DPA shall control.
      • iv) Future Legal Frameworks. In the event a new Applicable Privacy Law governing a specific Processing activity does not align with the criteria for either Opt-In Applicable Privacy Laws or Opt-Out Applicable Privacy Laws, the Parties agree to cooperate in good faith to apply the principles of the applicable DPAs to ensure such Processing complies with said Law.
    • DPA Revisions to Comply with Applicable Laws.
      • ID5 may update the DPAs from time to time solely as reasonably necessary to comply with changes in Applicable Privacy Laws or binding regulatory guidance where such changes materially alter the Parties' rights or obligations under the DPA (“Required DPA Updates”). For any Required DPA Update, ID5 will provide Company with at least thirty (30) days’ prior written notice unless a shorter period is necessitated by Applicable Privacy Law. The notice will identify the modifications and the effective date.
      • If Company reasonably objects in writing within fifteen (15) days of receiving such notice, specifying that the modifications go beyond what is legally required or materially prejudice Company in a manner not necessitated by Applicable Privacy Law, the Parties will discuss the objection in good faith. If Company does not object within fifteen (15) days, or if the Parties cannot resolve a timely objection within fifteen (15) days of discussion commencing, the Required DPA Update will be deemed incorporated into this ID5 ID Agreement as of the effective date specified in the notice. ID5 will maintain an accessible archive of previous versions of the DPAs at id5.io/legal/agreements/dpa.
      • Notwithstanding the foregoing, ID5 may make non-substantive changes or clarifications to the DPAs that do not materially alter the Parties' rights or obligations (such as correcting typographical errors, clarifying existing provisions without changing their substantive meaning, reformatting, or making other purely stylistic revisions) by posting an updated version at the designated URL(s) without providing formal notice under this section. The archive of previous versions will reflect these updates.
  9. Term; Termination; Suspension.
    • Term. This ID5 ID Agreement shall commence on the Commencement Date and shall continue in full force and effect until terminated by either Party pursuant to Section 9(b), 9(c), or 9(d) (the “Term”).
    • Termination for Convenience. Company may terminate this ID5 ID Agreement at any time upon five (5) business days’ prior written notice to ID5. ID5 may terminate this ID5 ID Agreement at any time upon at least sixty (60) days’ prior written notice to Company.
    • Termination for Breach. Each Party may terminate this ID5 ID Agreement immediately on notice to the other Party if it reasonably believes that Party is in material breach hereof; provided that, if the breach is capable of cure, the breaching Party will have thirty (30) days from the notice date to cure the breach to the non-breaching Party’s reasonable satisfaction.
    • Actions Upon Termination. Notwithstanding any other provision in this ID5 ID Agreement, in the event this ID5 ID Agreement is terminated for any reason, Company and its Related Parties must remove or deactivate the ID5 ID Services on all Digital Properties. Whilst the ID5 ID Services remains active on any Digital Property, including where any ID5 API instance references Company’s or any Related Party’s ID5 Partner Number, and notwithstanding the termination or expiration of the Term, the terms and conditions of this ID5 ID Agreement shall remain in force as between ID5 and Company in respect of such usage.
    • Suspension of Service. Without limiting any of ID5’s rights under this ID5 ID Agreement, ID5 may immediately suspend Company’s (and/or any Related Party’s) access to or use of the ID5 ID Services, in whole or in part, if ID5 reasonably determines that: (i) Company or any Related Party has breached any material term of this ID5 ID Agreement ; (ii) Company’s or any Related Party’s use of the ID5 ID Services poses a security risk to the ID5 ID Services or to other users thereof, or may adversely impact the ID5 ID Services or systems operated by ID5; or (iii) suspension is required pursuant to a legal or regulatory requirement. ID5 will use commercially reasonable efforts to provide Company with prior notice of any suspension and an opportunity to remedy the issue, where practicable.
    • Survival. Without limiting the foregoing, the following provisions shall survive any termination or expiration of this ID5 ID Agreement: Section 3(a) (Intellectual Property), Section 7 (Confidentiality), Section 9(d) (Actions on Termination), Section 8(a) (Data Processing Addendum), Section 10 (Disclaimers; Limitation of Liability), Section 11 (Indemnification), Section 13 (Miscellaneous), and Section 14 (Definitions), together with any other provisions that by their nature are intended to survive.
  10. DISCLAIMERS; LIMITATION OF LIABILITY.
    • Disclaimers. EXCEPT AS EXPRESSLY SET FORTH HEREIN, THE ID5 ID SERVICES IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS, WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE. ID5 AND ITS SUPPLIERS EXPRESSLY DISCLAIM ALL OTHER WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING, USAGE OR TRADE PRACTICE. ID5 DOES NOT WARRANT THAT THE ID5 ID SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR COMPLETELY SECURE.
    • Limitations of Liability.
      • i) Basis of Bargain. THE PARTIES ACKNOWLEDGE AND AGREE THAT THE DISCLAIMERS AND LIMITATIONS OF LIABILITY SET FORTH IN THIS SECTION 10 ARE FUNDAMENTAL AND REFLECT A REASONABLE AND FAIR ALLOCATION OF RISK BETWEEN THE PARTIES, TAKING INTO ACCOUNT THE FACT THAT (i) THE ID5 ID SERVICES ARE PROVIDED FREE OF CHARGE; (ii) ID5 OWES A MATERIAL PORTION OF ITS OBLIGATIONS DIRECTLY TO REGULATORS AND DATA SUBJECTS UNDER APPLICABLE PRIVACY LAW; (iii) THE ID5 ID SERVICES ARE, BY THEIR NATURE, AUTOMATED AND HIGH- VOLUME, AND THEIR PROVISION IS PREDICATED ON THE WARRANTIES AND COMPLIANCE OF THOUSANDS OF INDEPENDENT PARTNERS, INCLUDING COMPANY; AND (iv) ID5 IS PRIMARILY AND EXISTENTIALLY RELIANT ON COMPANY’S, AND ITS RELATED PARTIES’, COMPLIANCE WITH THIS AGREEMENT AND APPLICABLE PRIVACY LAW. THE PARTIES FURTHER ACKNOWLEDGE THAT ID5 WOULD NOT BE ABLE TO PROVIDE THE ID5 ID SERVICES ON AN ECONOMICALLY VIABLE BASIS WITHOUT THESE LIMITATIONS AND THAT THEY FORM AN ESSENTIAL BASIS OF THE BARGAIN BETWEEN THE PARTIES.
      • ii) Exclusion of Certain Damages. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL ID5 OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR FOR ANY LOSS OF PROFITS, LOSS OF REVENUE, LOSS OF BUSINESS, LOSS OF DATA, OR COST OF SUBSTITUTE GOODS OR SERVICES, ARISING OUT OF OR IN CONNECTION WITH THIS ID5 ID AGREEMENT OR THE USE OF OR INABILITY TO USE THE ID5 ID SERVICES, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), STATUTE, OR ANY OTHER LEGAL THEORY, AND WHETHER OR NOT ID5 HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT SHALL ID5 BE LIABLE FOR ANY CLAIMS OR DAMAGES OF ANY KIND ARISING FROM OR RELATING TO THE USE OF COLLECTED DATA AND COMPANY DATA SO LONG AS SUCH USE IS IN ACCORDANCE WITH THE PERMITTED PURPOSE.
      • iii) Maximum Aggregate Liability. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, AND SUBJECT TO SECTION 10(b)(ii), ID5’S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR IN CONNECTION WITH THIS ID5 ID AGREEMENT OR THE ID5 ID SERVICES, FOR ANY AND ALL CLAIMS (WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STATUTE, OR OTHERWISE), SHALL NOT EXCEED ONE THOUSAND GREAT BRITAIN POUNDS (£1000). THIS LIMITATION IS CUMULATIVE FOR ALL CLAIMS AND NOT PER INCIDENT.
      • iv) Exclusions. NOTHING IN THIS ID5 ID AGREEMENT SHALL LIMIT OR EXCLUDE EITHER PARTY’S LIABILITY FOR: (A) DEATH OR PERSONAL INJURY CAUSED BY ITS NEGLIGENCE OR THE NEGLIGENCE OF ITS EMPLOYEES, AGENTS OR SUBCONTRACTORS; (B) FRAUD OR FRAUDULENT MISREPRESENTATION; OR (C) ANY OTHER LIABILITY THAT CANNOT BE LIMITED OR EXCLUDED BY APPLICABLE LAW.’
  11. Indemnification.
    • Company will defend, indemnify, and hold harmless ID5, its Affiliates, and its and their respective officers, directors, employees, agents, successors and assigns (each, an “ID5 Indemnified Party”), from and against all third-party claims, liabilities, damages, losses, costs, and expenses (including reasonable outside attorneys' fees and disbursements) (collectively, “Losses”), incurred by any ID5 Indemnified Party and arising out of or related to Company’s, or any Related Party’s: (a) breach or alleged breach of any representation, warranty, covenant, or obligation set forth in Section 6 (Obligations and Restrictions) and Section 8 (Data Protection; Privacy); or (b) Company's material breach of any representation, warranty, covenant, or obligation under this ID5 ID Agreement other than those set forth in Section 6 and Section 8.
    • Indemnification Procedure.
      • i) ID5 shall promptly notify Company in writing of any third-party claim subject to indemnification hereunder ("Claim"), provided any delay shall not relieve Company of its obligations.
      • Company shall assume the defense of the Claim with legal counsel reasonably acceptable to ID5, and Company shall control such defense in reasonable consultation with ID5 regarding material strategic decisions.
      • Company requires ID5's prior written consent (not unreasonably withheld, conditioned or delayed) for any settlement that involves an admission of fault or wrongdoing by ID5, imposes non-monetary obligations or liability on ID5, requires ID5 to take or refrain from taking any action, or could reasonably be expected to materially adversely affect ID5's reputation, business operations, or regulatory standing, provided that ID5's consent is not required for settlements solely involving the payment of money fully covered by Company under this indemnity where such settlement includes a full release of ID5 from all liability regarding the Claim. ID5 shall provide reasonable cooperation with Company's defense at Company's reasonable expense for ID5's related out-of-pocket costs.
      • ID5 may participate in the defense using its own counsel at its own expense. If Company fails to assume and diligently conduct the defense of a Claim after reasonable notice from ID5, ID5 may assume the defense at Company's reasonable expense.
  12. Compliance
    • Anti-Bribery and Corruption. During the Term, each Party shall:
      • i) comply with all Applicable Laws relating to anti-bribery and anti-corruption (“ABC Laws”), including by way of example the UK Bribery Act 2010 and the US Foreign Corrupt Practices Act;
      • ii) establish, maintain and enforce its own policies and procedures to ensure compliance with the ABC Laws;
      • iii) he other party if it becomes aware of any breach of this Section 12 or has reason to believe that it has received a request or demand for any undue financial or other advantage in connection with the performance of this ID5 ID Agreement; and
      • iv) ensure that any of its Related Parties do so only on the basis of a written contract which imposes on and secures from such person terms equivalent to those imposed under this Section 12.
    • Trade Sanctions. Advertiser shall not enable or use the ID5 API or the ID5 ID Services where such enabling or use would violate any applicable trade sanctions, export control laws, or embargoes.
    • Breach of this Section 12 shall be deemed an irremediable material breach of this ID5 ID Agreement.
  13. Miscellaneous.
    • Notices. All notices under this ID5 ID Agreement must be made in writing (including, without limitation, email) and sent to the attention of: (a) if to Company, to the email address of the primary contact provided to ID5 or the Platform Partner from time to time and notified to ID5 in writing; and (b) if to ID5, ID5’s CEO (at 8 Devonshire Square, 6th Floor, London, EC2M 4YJ, UK and by email to legal@id5.io and contact@id5.io). Each Party may change its contact for notices by providing not less than five (5) business days’ prior written notice to the other Party. Notice will be deemed given when delivered.
    • Governing Law and Jurisdiction. This ID5 ID Agreement (and all non-contractual disputes and/or claims arising under or in connection with it) is governed by the laws of England and Wales, excluding principles of conflicts of law and is subject to the exclusive jurisdiction of the Courts of England, AND THE PARTIES HEREBY CONSENT TO PERSONAL JURISDICTION IN THOSE COURTS. This ID5 ID Agreement will not be governed by the United Nations Convention of Contracts for the International Sale of Goods, the application of which is hereby expressly excluded. Nothing in this ID5 ID Agreement will limit a Party’s ability to seek equitable relief in any court of competent jurisdiction.
    • Assignment. Neither Party may assign or transfer any part of this ID5 ID Agreement without the written consent of the other Party; provided, however, that this ID5 ID Agreement may be assigned, without the other Party’s written consent, (a) by either Party to a person or entity that acquires, by sale, merger or otherwise, all or substantially all of such assigning Party’s assets, stock, or business, and (b) by ID5 to an Affiliate of ID5. Subject to the foregoing, this ID5 ID Agreement will bind and inure to the benefit of the Parties, their respective successors and permitted assigns. Any attempted assignment in violation of this Section will be void and of no effect
    • Entire Agreement, Waiver. This ID5 ID Agreement is the Parties’ entire agreement relating to its subject matter and supersedes any prior or contemporaneous agreements. Without limiting any of ID5’s rights or any of Company’s obligations with respect to the ID5 ID Requirements, all amendments hereto must be executed by both Parties and expressly state that they are amending this ID5 ID Agreement. Failure to enforce any provision of this ID5 ID Agreement will not constitute a waiver.
    • Severability. If any provision of this ID5 ID Agreement is found unenforceable, it and any related provisions will be interpreted to best accomplish the unenforceable provision’s essential purpose.
    • Authorship. No presumption or burden of proof will arise favouring or disfavouring either Party by virtue of the authorship of any of the provisions of this ID5 ID Agreement
    • Relationship, Third-Party Beneficiaries. Except with respect to ID5’s rights to enforce the terms of this ID5 ID Agreement against Company as an express third-party beneficiary of the Platform Agreement, there are no third- party beneficiaries to this ID5 ID Agreement. The Parties are independent contractors, and this ID5 ID Agreement does not create an agency, partnership or joint venture.
    • Force Majeure. Neither Party will be liable for any acts or omissions resulting from circumstances or causes beyond its reasonable control.
  14. Definitions

“Affiliate” means, with respect to a Party, an entity that, directly or indirectly, controls, is controlled by, or is under common control with such Party.

“Applicable Law” means any statute, law, ordinance, regulation, directive, rule, code, order, constitution, treaty, common law, judgment, decree, or other requirement of any federal, state, local, or foreign government or political subdivision thereof, or any arbitrator, court, or tribunal of competent jurisdiction applicable to a Party’s performance of its rights and obligations hereunder, and references to Applicable Law shall include such Applicable Law as amended from time to time, any successor legislation thereto, and any regulations promulgated thereunder. ABC Laws and Applicable Privacy Laws are included in the definition of Applicable Laws.

“Applicable Privacy Law” means, collectively, all Applicable Laws which relate to privacy and data protection of Personal Data, cookies, Targeted Advertising, Profiling, or other laws applicable to the provision or use of the ID5 ID Services, including but not limited to Opt-In Applicable Privacy Laws and Opt-Out Applicable Privacy Laws, in each case to the extent applicable to a Party’s Processing, or a portion of such Processing, hereunder.

“Collected Data” means any and all data collected by an ID5 API on a Digital Property directly from the Visitor’s browser, including, without limitation, IP address, user-agent string, page URL, and timestamp. Collected Data does not include Company Data.

“Commencement Date” means the date this ID5 ID Agreement is accepted and agreed by Company as described in Section 1.

“Company Data” means Personal Data collected by Company from a data subject outside the ID5 ID Services and provided to ID5 by or at the direction of Company to ID5 hereunder. A list of data types which ID5 accepts as Company Data is available at https://wiki.id5.io/docs/passing-partner-data-to-id5 and Company shall not integrate any other types of data.

“Confidential Information” means any information that is disclosed, provided, or made accessible by, or on behalf of, one Party to the other Party in connection with this ID5 ID Agreement, and that is identified as “confidential” or “proprietary” or that, given the nature of the information or material, or the circumstances surrounding the disclosure or provision, reasonably should be understood to be confidential or proprietary (e.g., product or business plans). Confidential Information does not include information that the receiving Party already knew, becomes public through no fault of the receiving Party, or was independently developed by the receiving Party without reference to the disclosing Party’s confidential information. Confidential Information excludes Company Data and encrypted ID5 IDs.

“Digital Property” means any website, application, or other digital property on which the ID5 ID Services is used (including where an ID5 API is placed) or from which Collected Data and/or Company Data is collected or provided, by or with the authorization of, Company or any of its Related Parties (as applicable).

“Directly Identifiable Data” means any information that can be used to distinguish specific individual, including an un-hashed name, address, telephone number, and email address.

“Feedback” means any and all suggestions and comments provided by or on behalf of Company related to the ID5 ID Services or other ID5 services.

“ID5 API” means any programming code, HTML, API, file, or other mechanism that ID5 may make available to its clients to use on or in such clients Digital Properties, in each case to enable ID5 to write, read, access, associate, and/or create User IDs.

"ID5 Generated Data" means all data, insights, connections, ID5 IDs, derivative works, and other information without limitation generated or derived by ID5 in connection with the ID5 ID Services, including through the processing of Collected Data and Company Data. ID5 Generated Data is part of ID5 Intellectual Property and excludes the Company Data provided by Company hereunder.

“ID5 ID” means a unique User ID created by ID5. For the avoidance of doubt, all ID5 IDs hereunder will be delivered to Digital Properties in encrypted format only.

“ID5 ID Requirements” means, collectively, all applicable written requirements, specifications, and technical standards of ID5 and third parties as may be set forth in the ID5 ID Services, the ID5 wiki (currently available at wiki.id5.io), and/or in ID5 documentation (currently available at: https://github.com/id5io/id5-api.js), in each case as may be modified from time to time provided that ID5 will provide notice to Company of material changes to the ID5 ID Requirements.

“ID5 ID Services” means ID5’s proprietary set of code (including the ID5 API), applications, tools, analytics, services, methods and systems - including all components, software, technologies, methodologies, algorithms, trade secrets, source code, know-how, and related documentation, along with all modifications, updates, enhancements, and derivative works including optional capabilities such as TrueLink - designed to enable ID5’s clients to retrieve an ID5 ID, in each case encrypted on behalf of the particular client, and to distribute it to their respective advertising partners for the Digital Property on which such services are made available.

"ID5 Intellectual Property" means all intellectual property and proprietary rights in and to: (A) the ID5 ID Services and the ID5 API; (B) the Collected Data, the ID5 Generated Data, and all modifications, updates, processes, and derivative works thereof; and (C) the name “ID5,” its derivatives, and all trademarks and logos owned or controlled by ID5.

“ID5 Opt-Out” means ID5’s opt-out website that provides end users and visitors the ability to exercise their data subject rights, including but not limited to opting-out of the ID5 ID Services (available at https://id5-sync.com/privacy).

“ID5 Partner Number” means the number assigned by ID5 to Company or any of its Related Parties following execution of this ID5 ID Agreement.

“ID5 Privacy Policy” means ID5’s Platform Privacy Policy (currently available at https://id5.io/platform-privacy-policy/), which may be updated from time to time and which discloses ID5’s practices with respect to the collection, use, and disclosure of Collected Data.

“Permitted Purpose” means (a) Company’s exercise of the rights granted to it under Section 2(b)(i); and (b) ID5’s performance of the following activities, conducted in a manner consistent with the ID5 Privacy Policy: (i) providing and operating the ID5 ID Services; (ii) processing Collected Data and Company Data in connection with such services, including for the creation of ID5 Generated Data; and (iii) developing, maintaining, operating, securing, analyzing, and improving the ID5 ID Services and related ID5 products, services, and technologies.

“Personal Data” shall mean any information defined as “personally-identifiable information,” “personal information,” “personal data” or similar terms as such terms are defined under Applicable Privacy Laws.

“Platform Agreement” means any and all terms and conditions entered into between Company and the Platform Partner, including as amended, revised, or updated from time to time to the extent accepted by, or otherwise effective against, Company which explicitly incorporate this ID5 ID Agreement by reference.

“Platform Partner” means an entity which operates as Company’s vendor and facilitates the activation of the ID5 ID Services for Company (e.g., Criteo, Google, Amazon Publisher Services, etc.).

"Process", "Processes" or "Processing" means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Profiling” means any form of automated Processing of Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

“Related Party” or “Related Parties” means Company’s Affiliates, clients, digital advertising partners, Subcontractors, vendors and all other third parties who access or use the ID5 ID Services, or ID5 IDs, through Company. Without limiting the foregoing, all ID5 APIs which utilize one or more ID5 Partner Numbers assigned by ID5 to Company related to this ID5 ID Agreement shall be considered Related Parties.

“Restricted Age” means the minimum age below which the Applicable Privacy Law imposes specific restrictions or requirements on the Processing of Personal Data relating to individuals under such age, such as requiring verifiable parental or guardian consent prior to Processing (examples include the age thresholds defined under the Children's Online Privacy Protection Act (COPPA) in the United States or Article 8 of the General Data Protection Regulation (GDPR) in the European Union), including as modified by time to time under an Applicable Privacy Law.

“Sensitive Data” means data that constitutes “sensitive data”, a “special category of data”, or a corresponding term denoting a substantially similar meaning under Applicable Law, which depending on jurisdiction may include: financial account numbers, insurance plan numbers, precise information about health or medical conditions, medical records or pharmaceutical prescriptions, government-issued identifiers (such as a Social Security number), race, ethnicity, religion, trade union membership, sexual orientation, genetic or biometric information and precise location information such as GPS coordinates.

“Subcontractor” means, with respect to a party, a contractor, subcontractor, consultant, third-party service provider, or agent engaged by such party in connection with its use or provision of the ID5 ID Services under this ID5 ID Agreement.

“Targeted Advertising” means the processing of previously collected data about an individual, browser, or device to tailor advertising across unaffiliated web domains, applications, or properties, or on devices, based on attributes, preferences, interests, or intent linked to or inferred about that individual, browser, or device and/or as defined under Applicable Privacy Laws.

“TrueLink” means an optional feature or integration that, when enabled by Company, generates a signal from a secondary domain to assist ID5 in generating a more accurate ID5 ID for a Visitor across different Digital Properties.

“User ID” means a unique identifier that may be associated with an end user or Visitor, such as a cookie ID, a mobile advertising identifier, a hashed email address, or any other identifier.

“Visitor” means an end user or visitor of a Digital Property.

“Visitor Choice” means any legally recognized expression by a Visitor of their preferences or exercise of their rights regarding the Processing of their Personal Data under Applicable Privacy Law, including expressions of consent, objection, opt-out, withdrawal of consent, or data subject rights requests made pursuant to Applicable Privacy Law. Visitors may exercise their rights directly with ID5 via the ID5 Opt-Out.

“Visitor Choice Signals” means digital or other signals or communications reflecting Visitor Choices that are recognized under this ID5 ID Agreement, including: (i) signals collected via Company's or its Related Parties' consent management platforms or other user interfaces reflecting Visitor Choice; (ii) Visitor Choices communicated via the ID5 Opt-Out or via email to ID5; and (iii) any other signals recognized under Applicable Privacy Law or applicable industry standards (such as Global Privacy Control signals) to the extent supported by the ID5 ID Requirements as communicating Visitor Choice.