API Controller Addendum

This Addendum applies to the services identified in the Terms of Service for companies that have access to our APIs containing “data subjects” as defined by EU Data Protection Law

 

Introduction

Armor Games Inc. (“Company”) and counterparty agreeing to these terms (“Recipient”) have entered into agreement for the Recipient to receive data in compliance with the EU Data Protection Law. This addendum is a supplement to the terms of service, replacing any applicable terms relating to the subject matter of this Addendum. It is intended to outline the respective roles and duties of each party.

Definitions

The following terms shall have the following meanings:

(a) “controller”, “processor”, “data subject”, “personal data”, “processing” (and “process”) and “special categories of personal data” shall have the meanings given in Applicable Data Protection Law;

(b) “Recipient” shall mean any user or company receiving data from our API;

(c) “API” shall refer to protocol that enables Company to share data about users with Recipient for the purposes of allowing Recipient to provide games to users on Company Services, including armorgames.com;

(d) “Applicable Data Protection Laws” means any and all applicable privacy and data protection laws (including, where applicable, EU Data Protection Law) as may be amended or superseded from time to time;

(e) “EU Data Protection Law” means (i) prior to 25 May 2018, the EU Data Protection Directive (Directive 95/46/EC); (ii) on and after 25 May 2018, the EU General Data Protection Regulation (Regulation 2016/679); (iii) the EU e-Privacy Directive (Directive 2002/58/EC); (iv) any national data protection laws made under or pursuant to (i), (ii) or (iii); and (v) any EU national law derived directly from the GDPR such as the UK’s Data Protection Act and Swiss variations of GDPR;

(f) “Agreement” refers to the underlying terms of service, this addendum, and any other addendums to the terms of service.

Relationship of the Parties

The parties acknowledge that each party is an independent controller and nothing in this Agreement shall be interpreted to suggest a “joint controller” relationship as defined by EU Data Protection Law. Recipient agrees that Company makes no guarantees about access to the data and maintains the right to withdraw Recipient’s access to the API for any reason.

Legality of Processing

Each party agrees to comply with any Applicable Data Protection Laws. Unless otherwise stated in this addendum, each party is independently responsible for maintaining their own compliance with Applicable Data Protection Laws.

Use and Purposes

Each party shall independently determine the means and purposes of processing to the extent such means and purposes are legal under EU Data Protection Law and any other applicable privacy laws. Recipient shall have a valid legal basis for processing personal data received through the API from Company. Recipient acknowledges that personal data collected by Company and shared with Recipient through the API under this Agreement is collected from data subjects who have the expectation that the data will be used by third parties solely for the purposes of providing them with games (along with supportive and ancillary services to providing such games, such as analytics, ads, marketing, security, and game optimization). Recipient takes responsibility for obtaining legally valid consent (or other applicable legal basis) for the purposes of marketing communications or any other use of the data.

Privacy Policy

Each party shall be individually and separately responsible for complying with the obligations that apply to it as a controller under EU Data Protection Law. Without limitation to the foregoing, each party shall maintain a publicly accessible privacy policy on its website that satisfies the transparency disclosure requirements of Applicable Data Protection Laws.

Data Subject Requests

Each party shall respond to and complies with data subject requests as required by Applicable Data Protection Laws and Recipient shall assist Company with any requests to help Company comply with data subject requests submitted to the Company with respect to data shared via the API. To assist Company with such requests, Recipient shall maintain the ability to comply with a request to access, download, correct, export, and delete data about any data subject as described in the EU Data Protection Law, including through any of Recipient’s sub-processors.

Cross-Border Transfers

Either party may transfer the data to other countries if it complies with the provisions on the cross-border transfer of  personal data to third parties under Applicable Data Protection Laws.

Security

Recipient shall provide a level of protection for personal data that is at least equivalent that required under privacy shield and Applicable Data Protection Laws. If Recipient determines it cannot comply with section, it will notify Company immediately in writing and either cease processing of data or take reasonable and appropriate steps to remedy such non-compliance.

Severability

If any provision of this Agreement or the application thereof is held invalid, the invalidity shall not affect other provisions or applications of the Agreement which can be given effect without the invalid provisions or applications and to this end the provisions of this Agreement are declared to be severable.