Data Protection Addendum for Publisher Monetization Services

Effective version: 18 May 2026

This Data Protection Addendum (the "DPA") applies between:

1. the publisher identified in the Publisher Agreement ("Publisher"); and

2. ADN TOPCO, as identified in the Publisher Agreement and designated in this DPA as "ADN".

Publisher and ADN are each a "Party" and together the "Parties".

This DPA is hosted online by ADN and is incorporated by reference into the Publisher Agreement signed or accepted by the Parties. By signing or accepting the Publisher Agreement, the Parties agree that this DPA forms part of the Publisher Agreement and governs the privacy and data protection terms applicable to the Services. This DPA does not need to be separately signed.

The version of this DPA made available by ADN at the URL referenced in the Publisher Agreement as of the Publisher Agreement effective date applies to that Publisher Agreement, as may be updated in accordance with Section 18.

If the Parties enter into more than one Publisher Agreement incorporating this DPA by reference, this DPA applies separately to each such Publisher Agreement.

1. Scope

1.1. This DPA governs the Processing of Personal Data by the Parties in connection with the Services, including Publisher's integration, activation, configuration and calling of the ADN SDK in Publisher Properties, and ADN's independent Processing of Personal Data in connection with the Services.

1.2. The Parties agree that the Services are provided on an independent controller-to-independent controller basis. Each Party determines its own purposes and means of processing in relation to the Personal Data it processes in connection with the Services.

1.3. ADN does not act as Publisher's processor, service provider, contractor, agent, fiduciary or representative in relation to the Services. ADN does not process Personal Data on behalf of Publisher.

1.4. Where Publisher integrates, activates, configures or calls the ADN SDK in Publisher Properties, or otherwise makes Personal Data, signals, events or inventory available to ADN, ADN processes the resulting Personal Data as an independent controller and not as Publisher's processor.

1.5. The Publisher Agreement, together with any applicable IO, technical documentation, platform specifications, policies, insertion instructions or written guidance made available by ADN, may set out the commercial, operational and technical terms applicable to the Services, including, where relevant, the Publisher Properties, SDK integration requirements, ad formats, territories, reporting, revenue share or payment terms, permitted data categories, technical specifications and any specific restrictions or conditions.

1.6. Nothing in this DPA restricts ADN from processing Personal Data as an independent controller for its own lawful business purposes, including the purposes described in Section 6, subject to Applicable Privacy Laws and applicable Publisher Signals.

2. Definitions

2.1. "ADN SDK" means any mobile software development kit, code, library, SDK endpoint, API, technical documentation, configuration parameter, update or related mobile technology made available by ADN for integration with Publisher Properties.

2.2. "ADN SDK Data" means Personal Data collected, accessed, generated, received or otherwise processed by ADN through or in connection with the ADN SDK or related technical integrations, and Personal Data, signals, events, parameters or other information transmitted or made available to ADN by Publisher or a Publisher-authorised third party through such integrations. 

2.3. "Applicable Privacy Laws" means all privacy, data protection, electronic communications, online advertising, consumer privacy and direct marketing laws and regulations applicable to a Party's processing of Personal Data under the Publisher Agreement, including, where applicable and without limitation, the GDPR, the ePrivacy Directive and national implementing laws, the UK GDPR, the CCPA/CPRA, US state privacy laws, and any equivalent or successor laws.

2.4. "CCPA/CPRA" means the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020, and its implementing regulations.

2.5. "Data Protection Authority" means any competent supervisory authority, regulator or governmental body responsible for enforcing Applicable Privacy Laws.

2.6. "Data Subject" means an identified or identifiable natural person to whom Personal Data relates.

2.7. "GDPR" means Regulation (EU) 2016/679.

2.8. "Personal Data" means any information relating to an identified or identifiable natural person, and includes "personal information", "personal data" or equivalent terms under Applicable Privacy Laws.

2.9. "Personal Data Breach" means a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data.

2.10. "Publisher Agreement" means the publisher agreement, insertion order, SDK agreement, platform terms, statement of work or other ordering or contractual document signed or accepted by the Parties that incorporates this DPA by reference and governs ADN's provision or operation of the Services with Publisher.

2.11. "Publisher Properties" means Publisher's mobile applications, app store pages, accounts, CMPs, APIs, mobile ad placements, inventory, databases, systems, Publisher-controlled SDKs and integrations controlled by Publisher or a Publisher-authorised third party.

2.12. "Publisher Signals" means all consent strings, ATT statuses, TCF strings, GPP strings, US privacy strings, opt-out signals, objection signals, withdrawal signals, "Do Not Sell or Share" signals, limited ad tracking signals, restricted processing signals, age signals, child-directed treatment flags, contextual signals, audience eligibility signals and other privacy, consent, preference or compliance signals made available to ADN by Publisher or a Publisher-authorised third party.

2.13. "Restricted Data" means Sensitive Data, children's data, teen data where subject to heightened legal, platform or contractual restrictions, precise geolocation data, biometric data, health data, financial account data, government identifier data, data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life or sexual orientation, criminal offence data, and any other data subject to heightened legal, contractual or platform restrictions.

2.14. "Services" means ADN's mobile SDK-based advertising technology, monetization and ad network services provided under the Publisher Agreement, including ADN SDK integration, mobile inventory access and monetization, ad serving, ad delivery, programmatic demand, demand access, campaign execution, ad selection, yield optimization, attribution, measurement, reporting, analytics, frequency capping, fraud prevention, traffic quality control, billing, support, compliance, product improvement and related services.

2.15. "Sensitive Data" means special categories of personal data under Article 9 GDPR, criminal offence data under Article 10 GDPR, sensitive personal information under the CCPA/CPRA and any equivalent category under Applicable Privacy Laws.

2.16. "UK GDPR" means the GDPR as incorporated into UK law by the European Union (Withdrawal) Act 2018.

2.17. The terms "controller", "processor", "processing", "process", "business", "third party", "service provider", "contractor", "sell", "share" and "targeted advertising" have the meanings given to them under the Applicable Privacy Laws relevant to the processing at issue.

2.18. Capitalised terms used but not defined in this DPA have the meaning given to them in the Publisher Agreement.

3. Order of Precedence

3.1. If there is any conflict between this DPA and the Publisher Agreement in relation to the processing of Personal Data, this DPA prevails, unless the Publisher Agreement expressly identifies the relevant provision of this DPA and states that it overrides that provision.

3.2. The commercial terms, payment terms, revenue share terms, liability caps, exclusions, audit restrictions, confidentiality provisions, governing law and dispute resolution provisions in the Publisher Agreement apply to this DPA unless this DPA expressly states otherwise or Applicable Privacy Laws require otherwise. Liability and indemnification between the Parties are governed exclusively by the Publisher Agreement.

4. Controller-to-Controller Relationship

4.1. For the Services, including any processing of ADN SDK Data, Publisher and ADN each act as an independent controller.

4.2. Publisher is independently responsible for:

1. Publisher Properties, app users, mobile audiences, inventory, ad placements, SDK integrations, CMPs, user interfaces and user relationships;

2. the integration, activation, configuration and use of the ADN SDK or related technical integrations on the Publisher Properties, including the lawfulness of calling such SDK or integrations and of transmitting or making available any Personal Data, parameters, consent signals, preference signals or other information to ADN through them;

3. the decision to integrate, activate, configure, call, update or disable the ADN SDK within Publisher Properties;

4. the lawfulness of Publisher Properties, Publisher Signals, SDK configurations, ad placements, inventory, user eligibility signals and any Personal Data made available to ADN by Publisher or a Publisher-authorised third party;

5. the provision of privacy notices, tracking notices, in-app disclosures, SDK disclosures, consent notices and any other legally required disclosures to Data Subjects; and

6. the collection, recording, maintenance, transmission and implementation, within Publisher-controlled interfaces and integrations, of all required consents, permissions, opt-outs, withdrawals, objections, age flags, restricted processing flags and preference signals relating to Publisher Properties and Personal Data made available to ADN.

4.3. ADN is independently responsible for its processing of ADN SDK Data and for the processing it determines in connection with the Services, including the purposes described in Section 6.

4.4. ADN does not process ADN SDK Data on behalf of Publisher. ADN may combine, compare, analyse, enrich, aggregate, de-identify or otherwise use ADN SDK Data for ADN's own lawful business purposes, subject to Applicable Privacy Laws.

4.5. The Parties do not intend to create a joint controllership arrangement. No Party is authorised to make privacy representations, regulatory commitments, admissions, settlement offers or public statements on behalf of the other Party.

4.6. Publisher's technical configurations, SDK settings, ad placement settings, reporting requests, commercial requests or business requests do not constitute processor instructions. ADN may decline, ignore or modify any request, configuration or signal where ADN reasonably determines that doing so is necessary to comply with Applicable Privacy Laws, platform rules, partner requirements, technical constraints, security requirements or ADN's policies.

5. Publisher Obligations and Warranties

5.1. Publisher represents, warrants and undertakes that:

1. Publisher has a valid legal basis for integrating, activating, configuring and calling the ADN SDK or related technical integrations on the Publisher Properties, and for transmitting or making available to ADN any Personal Data, parameters, consent signals, preference signals or other information through such integrations;

2. Publisher has provided Data Subjects with all legally required privacy notices, tracking notices, in-app notices, consent notices, SDK disclosures and partner disclosures in relation to Publisher Properties, the ADN SDK, advertising, personalised advertising, measurement, attribution, partner sharing, device access, device identifiers, international processing and Data Subject rights;

3. Publisher has obtained, recorded and will communicate to ADN, where required, all consents, permissions, opt-ins and authorisations required under Applicable Privacy Laws and applicable platform rules before enabling, activating or calling the ADN SDK or related technical integrations for local storage, access to terminal equipment, mobile advertising identifiers, vendor identifiers, device identifiers, personalised advertising, attribution, measurement, cross-app tracking, frequency capping, fraud prevention, device graph creation and maintenance, or any other processing requiring such consent, permission or signal;

4. Publisher complies with Apple App Tracking Transparency requirements, Google/Android requirements, app store privacy requirements, TCF requirements where used, GPP or US privacy signal requirements where used, CCPA/CPRA opt-out requirements and any other platform, industry or technical requirements applicable to Publisher Properties, the ADN SDK, Publisher Signals or Personal Data made available to ADN;

5. Publisher will not integrate, activate, call, configure or operate the ADN SDK in a manner that causes ADN to store information on, or access information from, a user's terminal equipment unless all notices, consents and permissions required under Applicable Privacy Laws have been provided or obtained;

6. Publisher will not transmit to ADN, or cause the ADN SDK to transmit to ADN, Personal Data for personalised advertising, targeted advertising, cross-app tracking, attribution or measurement where Publisher has not obtained or maintained the required legal basis, consent, permission or preference signal;

7. all Publisher Signals provided to ADN are accurate, complete, current, valid, technically usable and transmitted in the format required by ADN's technical documentation or the Publisher Agreement;

8. Publisher will promptly update or stop transmitting Publisher Signals, SDK calls, events or Personal Data where a user withdraws consent, opts out, objects, requests restriction, disables tracking, limits ad personalisation or otherwise exercises a privacy choice that affects the processing;

9. Publisher will not provide or make available Restricted Data to ADN unless ADN has given prior written approval and the Parties have agreed appropriate additional terms;

10. Publisher will not use the ADN SDK in Publisher Properties directed to children, teens or age-restricted users, or in mixed-audience properties where such users may be included, unless Publisher has implemented all legally required notices, consents, age gates, platform permissions and safeguards and ADN has approved the relevant use case in writing;

11. Publisher's inventory, ad placements, mobile applications, content, audience categories, user eligibility signals and contextual signals are lawful, accurate, non-discriminatory, not misleading, not based on prohibited criteria and not inconsistent with platform rules or ADN's policies;

12. Publisher has configured its CMPs, Publisher-controlled SDKs, APIs, consent tools, ADN SDK integration settings, app settings, privacy manifests, app store disclosures and platform configurations correctly and in a manner that avoids transmitting unlawful, excessive, inaccurate or unauthorised Personal Data to ADN;

13. Publisher will not modify, reverse engineer, interfere with, disable, circumvent or misrepresent the ADN SDK, its privacy controls, signal handling, security features or technical documentation;

14. Publisher will promptly notify ADN if any Personal Data, Publisher Signal, SDK configuration, app setting, user eligibility signal, consent, permission, disclosure or legal basis relevant to the processing becomes invalid, unlawful, inaccurate, disputed, withdrawn, restricted, suppressed, subject to an opt-out or otherwise non-compliant with Applicable Privacy Laws; and

15. Publisher will maintain evidence of its notices, consents, legal bases, Publisher Signals, SDK configurations and compliance decisions and will provide such evidence to ADN on reasonable request where needed for a Data Protection Authority inquiry, platform audit, partner inquiry, Data Subject complaint, dispute or incident.

5.2. ADN may rely on Publisher's data, ADN SDK integration settings, Publisher Signals, technical settings, requests, representations and warranties. ADN is not required to verify their lawfulness, validity, completeness, accuracy or regulatory sufficiency unless their unlawfulness is manifest.

5.3. Where missing, invalid, incomplete, inconsistent, inaccurate or expired notices, consents, permissions, Publisher Signals, SDK configurations or platform settings relating to Publisher Properties affect the availability, delivery, performance, measurement, reach, acceptance of traffic or operation of the Services, ADN will not be deemed in breach of this DPA or the Publisher Agreement solely as a result of such impact, and ADN may take the measures permitted under this DPA or the Publisher Agreement.

5.4. Without prejudice to Section 16, Publisher is responsible for all acts and omissions of its affiliates, personnel, contractors, service providers, CMP providers, MMP providers, app developers and other Publisher-authorised third parties in connection with Publisher Properties, Publisher Signals, Personal Data made available to ADN, and the integration, activation, configuration or calling of the ADN SDK.

6. ADN Obligations as Independent Controller

6.1. ADN will process Personal Data in accordance with Applicable Privacy Laws that apply to ADN's own processing.

6.2. ADN may process Personal Data for the following purposes:

1. providing, operating, managing, securing and improving the Services and the ADN SDK;

2. SDK operation, SDK maintenance, SDK updates, technical diagnostics, debugging, event collection, request handling and integration support;

3. ad delivery, ad selection, campaign execution, inventory evaluation, frequency capping, pacing, targeting, contextualisation and optimisation;

4. attribution, measurement, reporting, analytics, forecasting, modelling and performance assessment;

5. identity resolution, creation and maintenance of device graphs, linking of advertising identifiers, vendor identifiers, device identifiers, successor identifiers and other pseudonymous identifiers, and creation, use and improvement of pseudonymous user profiles for ad delivery, frequency capping, attribution, measurement, optimisation, fraud prevention, modelling, model training and service improvement, in each case subject to Applicable Privacy Laws and applicable consent or preference signals;

6. fraud prevention, traffic quality control, invalid traffic detection, bot detection, click spam detection, click injection detection, SDK spoofing detection, device farm detection, policy enforcement and abuse prevention;

7. security, integrity, availability and resilience of ADN's SDK, network, systems, platform and partner ecosystem;

8. billing, payment, tax, accounting, reconciliation, revenue share calculation, chargeback handling and financial recordkeeping;

9. support, troubleshooting, debugging, maintenance and error correction;

10. compliance with laws, platform rules, partner requirements, court orders, regulatory requests and internal policies;

11. enforcement of ADN's rights, contractual terms, SDK documentation, platform policies and network rules;

12. dispute resolution, claims handling, legal defence and preservation of evidence; and

13. creation, use and commercialisation of aggregated, de-identified or anonymised data, provided that ADN does not attempt to re-identify such data except as permitted by law.

6.3. ADN may disclose Personal Data to its affiliates, suppliers, hosting providers, cloud providers, security vendors, fraud prevention vendors, analytics providers, demand partners, attribution partners, measurement partners, platforms, professional advisers, auditors, authorities, investors, acquirers and other third parties where reasonably necessary for the purposes described in this DPA.

6.4. ADN may determine its own retention periods for Personal Data processed as an independent controller, taking into account reporting, attribution, billing, fraud prevention, security, tax, accounting, legal defence, compliance and business needs.

6.5. ADN may rely on Publisher Signals received from Publisher, Publisher-authorised third parties, CMPs, app platforms, mediation partners, attribution partners and other technical participants, unless ADN has actual knowledge that such signals are invalid or unlawfully generated.

6.6. ADN is responsible, as an independent controller, for respecting and applying Publisher Signals received by ADN in a technically valid and usable format in connection with ADN SDK Data, in accordance with Applicable Privacy Laws and ADN's technical documentation.

6.7. ADN may reject, suppress, filter, treat as non-consented, suspend or decline to process any request, impression, click, install, event, signal, SDK call, ad placement, Publisher Property or integration where ADN reasonably determines that required notices, consents, permissions, signals, configurations or legal bases are missing, invalid, incomplete, inconsistent, expired, technically unusable or otherwise non-compliant.

7. SDK Integration, Consent and Platform Requirements

7.1. Publisher must integrate, activate, configure and call the ADN SDK in accordance with the Publisher Agreement, ADN's technical documentation, ADN's policies and applicable platform requirements.

7.2. Publisher must ensure that Publisher Properties include clear, accessible and legally sufficient disclosures describing the ADN SDK, ADN's role, the categories of Personal Data processed, the purposes of processing, the use of advertising identifiers and similar technologies, personalised advertising, measurement, attribution, fraud prevention, device graph creation and maintenance, Data Subject rights and any disclosures required by Applicable Privacy Laws.

7.3. Publisher must obtain valid consent where required under Applicable Privacy Laws before enabling, activating or allowing the ADN SDK or related technologies to store information on, or access information from, a user's terminal equipment, or before transmitting or making available Personal Data to ADN for personalised advertising, targeted advertising, cross-app tracking, measurement or attribution.

7.4. Where the TCF is used by Publisher or a Publisher-authorised third party, Publisher must ensure that all applicable vendors, purposes, features, special features and legal bases are properly disclosed and signalled before any relevant Personal Data is disclosed or made available to ADN.

7.5. Where Apple App Tracking Transparency applies to Publisher Properties or to Publisher's activation or use of the ADN SDK, Publisher must ensure that the required tracking permissions are obtained and honoured before calling the ADN SDK or making Personal Data available to ADN for the relevant advertising, measurement or attribution purpose.

7.6. Where US state privacy laws apply, Publisher must determine whether the disclosure or making available of Personal Data from Publisher Properties to ADN constitutes a sale, sharing, targeted advertising, cross-context behavioural advertising or equivalent activity, and must provide all notices, consents, opt-outs, preference signals and contractual disclosures required by applicable law.

7.7. Publisher must ensure that Publisher Signals are transmitted before, or together with, any SDK call, ad request, event or Personal Data transmission where such signals are required for ADN to determine whether and how it may process Personal Data.

7.8. Publisher must promptly implement SDK updates, technical changes, policy changes or configuration changes reasonably required by ADN for privacy, security, compliance, platform, fraud prevention or service continuity purposes.

8. Restricted Data, Children and Sensitive Use Cases

8.1. Publisher must not provide or make available Restricted Data to ADN without ADN's prior written approval.

8.2. Publisher must not use the ADN SDK in connection with Restricted Data, children, teens, age-restricted users, sensitive content, health-related apps, financial apps, dating apps, political content, religious content or other sensitive use cases unless ADN has approved the relevant use case in writing.

8.3. ADN may reject, delete, quarantine, block, ignore, disable or return any data, SDK call, ad placement, Publisher Property, inventory or integration that ADN reasonably believes involves Restricted Data or otherwise presents an unacceptable legal, platform, security, reputational or operational risk.

8.4. Publisher is responsible for ensuring that, to the extent within Publisher's control, Restricted Data is not transmitted or made available to ADN through Publisher Properties, SDK calls, event parameters, files, APIs, integrations, ad requests, Publisher Signals or other Publisher-controlled systems, unless ADN has expressly agreed otherwise in writing.

9. Data Subject Requests

9.1. Each Party is responsible for handling Data Subject requests it receives in its capacity as an independent controller.

9.2. Publisher is responsible for Data Subject requests relating to Publisher Properties, app accounts, user relationships, consents, opt-outs, Publisher Signals, Publisher-controlled SDK configurations and Personal Data provided or made available by Publisher. ADN remains responsible for Data Subject requests relating to ADN's own processing of ADN SDK Data as an independent controller.

9.3. ADN is not required to re-identify any Data Subject, maintain Personal Data solely for the purpose of responding to a request, or respond to a request where ADN cannot reasonably verify the Data Subject or identify the relevant Personal Data.

9.4. If a Data Subject request received by ADN relates primarily to Publisher's relationship with the Data Subject, ADN may direct the Data Subject to Publisher.

9.5. Publisher will reasonably cooperate with ADN where necessary for ADN to assess or respond to a Data Subject request relating to Publisher Properties, Publisher Signals or SDK configurations.

10. Security

10.1. Each Party will implement appropriate technical and organisational measures designed to protect Personal Data against unauthorised or unlawful processing and against accidental loss, destruction or damage, taking into account the nature, scope, context and purposes of processing and the risks to Data Subjects.

10.2. ADN will implement security measures appropriate to its own processing as an independent controller, taking into account the nature, scope, context and purposes of Processing and the risks to Data Subjects. ADN may modify its security measures from time to time, provided that it does not materially reduce the overall level of protection required under Applicable Privacy Laws.

10.3. Publisher is responsible for the security of Publisher Properties, app code, app releases, SDK integrations, CMPs, API keys, credentials, developer accounts, platform accounts, configuration settings, consent tools, file transfers, Publisher Signals, authorised personnel and Publisher-authorised third parties.

10.4. Publisher must promptly notify ADN of any misconfiguration or consent failure within Publisher Properties or Publisher-controlled systems that may affect the Services, the ADN SDK integration, ADN systems or Personal Data processed by ADN.

11. Personal Data Breaches

11.1. For Personal Data processed by each Party as an independent controller, each Party is responsible for assessing and complying with its own breach notification obligations under Applicable Privacy Laws.

11.2. Neither Party is required under this DPA to notify the other Party of a Personal Data Breach affecting Personal Data processed by that Party as an independent controller, unless such notification is mandatory under Applicable Privacy Laws or required by the Publisher Agreement.

11.3. Any liability, cost allocation, indemnification, remedy or allocation of risk arising from a Personal Data Breach is governed exclusively by the Publisher Agreement.

12. International Processing

12.1. This DPA does not include standard contractual clauses, an international data transfer addendum or any other transfer mechanism. Any transfer mechanism required under Applicable Privacy Laws must be addressed separately, including in the Publisher Agreement where applicable.

12.2. Each Party may process Personal Data in the countries where that Party, its affiliates, suppliers, infrastructure providers, partners, professional advisers or other authorised recipients are located, subject to Applicable Privacy Laws and any transfer mechanism required by such laws.

12.3. If a transfer mechanism becomes required, invalid, unavailable or insufficient for any processing under the Publisher Agreement, ADN may suspend the affected transfer or Service, implement an appropriate transfer mechanism, change the relevant processing location or terminate the affected Service in accordance with the Publisher Agreement.

13. US State Privacy Laws

13.1. The Parties act as independent businesses, controllers or third parties under US state privacy laws.

13.2. Publisher is responsible for determining whether its disclosure or making available of Personal Data to ADN constitutes a sale, sharing, targeted advertising, cross-context behavioural advertising or equivalent activity.

13.3. Publisher must provide all notices, consents, opt-outs, contractual disclosures and preference signal compliance required for any disclosure or making available of Personal Data from Publisher Properties or Publisher-controlled systems to ADN.

13.4. ADN may process Personal Data received in a controller-to-controller context for its own lawful business purposes, subject to Applicable Privacy Laws and any mandatory restrictions expressly agreed in the Publisher Agreement.

13.5. ADN will not be deemed Publisher's service provider, contractor or processor under US state privacy laws in relation to the Services, the ADN SDK or any ADN SDK Data.

14. Audit and Information Rights

14.1. As independent controllers, the Parties have no general audit rights over each other's systems, networks, partners, algorithms, fraud controls, security controls, source code, commercial terms, pricing, client data, publisher data or confidential information.

14.2. ADN may provide Publisher with reasonable information about ADN's privacy and security practices where required to support Publisher's compliance assessment, provided that ADN may withhold or redact information to protect security, confidentiality, trade secrets, partner information, other publishers' data, advertiser data or legal privilege.

14.3. Publisher will provide ADN with reasonable information, evidence and assistance requested by ADN to verify Publisher's compliance with this DPA, including copies or screenshots of notices, consent flows, CMP configurations, ATT prompts, app store disclosures, SDK configurations and Publisher Signals. ADN may withhold, suspend or terminate the Services where Publisher fails to provide such information within a reasonable period.

15. Suspension

15.1. ADN may suspend, restrict, reject, filter, block, disable or terminate any SDK integration, Publisher Property, ad placement, inventory source, event stream, transfer or processing operation immediately if ADN reasonably believes that:

1. Publisher's Personal Data, Publisher Signals, SDK configurations, consents, permissions, opt-outs, preference signals, disclosures, age signals, app settings or data protection documentation are unlawful, invalid, incomplete, inaccurate, expired, withdrawn, disputed, suppressed, inadequately documented or otherwise non-compliant with Applicable Privacy Laws;

2. the relevant processing may breach Applicable Privacy Laws, applicable privacy-related platform requirements, consent requirements, preference signal requirements, ADN's policies or this DPA;

3. the processing may expose ADN, its affiliates, advertisers, partners, customers or suppliers to legal, regulatory, data protection, privacy, security, platform, confidentiality or reputational risk;

4. a Data Protection Authority, privacy regulator, platform privacy requirement, app store requirement, advertiser requirement, partner requirement or Applicable Privacy Law requires or recommends suspension; or

5. Publisher breaches this DPA or any privacy or data protection obligation in the Publisher Agreement.

15.2. Suspension does not relieve Publisher from any payment, refund, clawback, repayment, traffic quality, make-good or other obligation under the Publisher Agreement.

16. Liability

16.1. This DPA does not create any separate liability, indemnity, exclusion, limitation or cap regime between the Parties.

16.2. Any liability, indemnification, exclusion, limitation, cap, remedy, clawback, refund, set-off or allocation of risk arising out of or relating to this DPA, the Services, the ADN SDK, Publisher Properties, Personal Data, privacy, data protection, security, international processing, Personal Data Breaches, audits, Data Subject requests, platform claims, advertiser claims or regulatory claims is governed exclusively by the Publisher Agreement.

16.3. Nothing in this DPA limits any mandatory rights of Data Subjects or any mandatory liability that cannot be excluded or limited under Applicable Privacy Laws.

17. Term and Termination

17.1. This DPA remains in force for as long as ADN processes Personal Data in connection with the Services.

17.2. Termination or expiry of the Publisher Agreement automatically terminates this DPA in respect of that Publisher Agreement, except for provisions that by their nature should survive, including confidentiality, retention, deletion, international processing, audit restrictions, liability, dispute resolution and provisions relating to ADN's independent controller processing.

17.3. ADN may retain Personal Data after termination to the extent permitted or required for billing, payment, tax, accounting, legal compliance, fraud prevention, traffic quality control, security, dispute handling, enforcement of rights, audit, backup or other legitimate business purposes.

17.4. Upon termination or suspension of the Publisher Agreement or relevant Services, Publisher must promptly stop using the ADN SDK in the affected Publisher Properties and remove or disable the ADN SDK where required by ADN.

18. Miscellaneous

18.1. ADN may update this DPA where reasonably necessary to reflect changes in Applicable Privacy Laws, platform rules, partner requirements, Services, SDK functionality, technical architecture, security standards, signal frameworks, industry standards or operational practices.

18.2. ADN will notify Publisher of material changes by reasonable means. Changes required to comply with Applicable Privacy Laws, platform requirements, security requirements, SDK requirements, signal requirements or partner requirements may take effect immediately. Other material changes will take effect no earlier than fifteen (15) days after notice. If Publisher objects to a change that is necessary for compliance or service continuity, ADN may suspend or terminate the affected Services in accordance with the Publisher Agreement. For clarity, any amendment, replacement or update of this DPA made in accordance with this Section 18 does not require a separate written amendment signed by the Parties.

18.3. If any provision of this DPA is invalid or unenforceable, the remaining provisions remain in effect and the invalid or unenforceable provision will be replaced by a valid provision that most closely reflects the original commercial and legal intent.

18.4. ADN's failure to enforce any provision of this DPA is not a waiver.

18.5. Notices relating to this DPA must be sent to the contacts set out in the Publisher Agreement and will be deemed received in accordance with the notice provisions of the Publisher Agreement.