Effective Date: April 10, 2025
This Data Processing Agreement (“Agreement” or “DPA”) forms part of the Terms and Conditions and/or other service agreements between the client (“Controller”) and Fourth Cliff Co. d/b/a Floodlight (“Floodlight,” “Processor,” “we,” “us”).
This DPA governs the processing of personal data by Floodlight on behalf of the Controller, to provide digital marketing and advertising services as described in the service agreement.
– The Controller determines the purposes and means of the processing of personal data.
– Floodlight acts solely as a Processor on behalf of the Controller.
Data may include:
– Contact details (e.g., name, email, IP address);
– Browser or device information;
– Marketing tags, conversion tracking data, and campaign engagement metrics;
– Any other data provided by the Controller for advertising or analytics purposes.
Floodlight does not collect or intentionally process any sensitive personal data unless explicitly directed by the Controller.
Floodlight shall only process personal data:
– On documented instructions from the Controller;
– For the purpose of delivering advertising, retargeting, analytics, and performance optimization;
– In accordance with applicable data protection laws.
Floodlight will not sell, reuse, or disclose personal data for any purposes other than as authorized in writing by the Controller.
Floodlight maintains appropriate technical and organizational measures to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These include encryption, access controls, audits, and employee confidentiality protocols.
Floodlight may engage subprocessors to assist with data processing, including cloud providers, data platforms, or analytics services. A current list of subprocessors will be provided upon request.
Floodlight remains fully liable for subprocessors’ performance and requires them to meet equivalent data protection obligations.
If the Controller is established in the EU/EEA or if personal data is subject to the GDPR:
– Floodlight shall ensure that any international transfers comply with Chapter V of the GDPR;
– The Standard Contractual Clauses (SCCs) adopted by the European Commission are incorporated by reference;
– The Controller is responsible for obtaining end-user consent and ensuring lawful data collection.
In the event of a personal data breach, Floodlight will notify the Controller without undue delay and within 72 hours of becoming aware of the breach. The notification will include:
– A description of the breach;
– Categories and approximate number of data subjects and records affected;
– Mitigation steps taken or planned.
Floodlight will cooperate with any related investigation or regulatory process.
Floodlight will assist the Controller in responding to data subject requests as required under applicable law, including:
– Right of access;
– Right to rectification or erasure;
– Right to object or restrict processing;
– Right to data portability.
Floodlight shall not respond directly to data subjects unless explicitly instructed by the Controller.
Floodlight will retain personal data only as long as necessary to fulfill service obligations or comply with legal requirements. Upon termination of services or written request, Floodlight will securely delete or return all personal data, unless continued retention is required by law.
Floodlight will provide documentation reasonably demonstrating its data protection practices upon request. Onsite or third-party audits may be permitted only when required by law or regulatory authority, subject to reasonable notice and scope.
The Controller agrees to indemnify and hold harmless Floodlight from any claims, fines, or losses arising from the Controller’s failure to comply with data protection laws, including failure to obtain valid consents or provide appropriate disclosures.
Floodlight’s liability under this DPA is limited in accordance with the limitation of liability set forth in the primary service agreement or Terms and Conditions.
This Agreement shall be governed by and construed in accordance with the laws of the Commonwealth of Massachusetts, without regard to conflict of law principles.
If there are any questions regarding our Terms and Conditions, please contact us at info@getfloodlight.com.