SKIMLINKS PUBLISHER PRIVACY TERMS
Effective Date: July 28, 2023
These Skimlinks Publisher Privacy Terms (“Publisher Privacy Terms”) apply to Skimlinks’ digital marketing services, such as when Skimlinks and its affiliates (the “Skimlinks Group”) provide publishers the ability to create and place affiliate marketing links within publisher content or when an agreement between Skimlinks and a Publisher (“Agreement”) incorporates these Publisher Privacy Terms. These Publisher Privacy Terms identify the Skimlinks Group’s and Publisher’s roles and responsibilities with respect to Personal Data collected in connection with the Agreement.
1. Order of Precedence. Should there be a conflict between the Publisher Privacy Terms and the Agreement, the Publisher Privacy Terms will govern unless the conflicting provision in the Agreement expressly references the portion of these Publisher Privacy Terms it supersedes.
2. Definitions. Terms defined in this section shall have the meanings set out below, and cognate terms shall be construed accordingly. Capitalized terms used but not defined in the Publisher Privacy Terms shall have the meanings defined in the Agreement.
|“Applicable Data Protection Laws”
||means any and all applicable federal, national, state, or other privacy and data protection laws as may be amended or superseded from time to time.
||means an entity that determines the purposes and means of the processing of Personal Data, inclusive of how such term and/or the term “data controller” is defined under Applicable Data Protection Laws.
|“California Privacy Law”
||means California Consumer Privacy Act of 2018, Cal. Civil Code § 1798.100 et seq. (also, “CCPA”), as amended (including by the California Privacy Rights Act), and any subordinate legislation and implementing regulations.
||means an identified or identifiable natural person about whom Personal Data is Processed under the Agreement or as otherwise defined (including under similar terms such as “consumer”) under Data Protection Laws.
|“Data Subject Request”
||means any request by a Data Subject to a party to the Agreement to exercise their rights under Applicable Data Protection Laws.
|“EU Data Protection Law”
||means: (aa) the EU General Data Protection Regulation (Regulation 2016/679) (“GDPR”); (bb) the EU e-Privacy Directive (Directive 2002/58/EC); and (cc) any national data protection laws made under or pursuant to (aa) or (bb).
||means any information that relates to an identified or identifiable individual (and such term shall include, where required by Applicable Data Protection Law, unique browser or device identifiers).
||means collection, receipt, recording, use, transmission, access, sharing, disclosure, transfer, storage, combination, aggregation, inferring, derivation, analysis, disposal or other handling of Personal Data, inclusive of how such term is defined under Applicable Data Protection Law
||means an entity that Processes Personal Data on behalf of a Controller, and is inclusive of how such term and/or the term “data processor” is defined under Applicable Data Protection Law.
|“Sale” and “Sell”
||mean exchanging Personal Data for monetary or other valuable consideration, and are inclusive of how such terms are defined under Applicable Data Protection Laws.
||means services provided by the Skimlinks Group under the Agreement.
||means a business that acts as a Controller with respect to Personal Data, and that is not the business that the Data Subject whose Personal Data is Processed has intentionally interacted with; the term is inclusive of how such term is defined under Applicable Data Protection Law.
|“UK Data Protection Law”
||means the Data Protection Act 2018 and GDPR as amended and incorporated into UK law under the UK European Union (Withdrawal) Act 2018 and as amended by Schedule 1 to the Data Protection, Privacy and Electronic Communications (Addendums etc.) (EU Exit) Regulations 2019 (SI 2019/419).
4. Relationship of the Parties. To the extent that the Personal Data qualifies as, or contains, Personal Data under Applicable Data Protection Laws, each party shall Process the Personal Data it collects as a Controller or Third Party, as applicable. Disclosures (whether directly, or via a party making data available to the other party) of Personal Data from one party to the other are disclosures to Third Parties. Each party shall be individually responsible for its own compliance with Applicable Data Protection Laws, including for providing any transparency and obtaining any consents for the Processing of Personal Datathat may be required under Applicable Data Protection Laws.
a. If US or US state Data Protection Law applies to the Personal Data, including without limitation California Privacy Law, to the extent that Skimlinks Code or Pixel(s) of the Skimlinks Group are used in connection with the Services to Process Personal Data about a User, the Skimlinks Group acts as a Third Party to Publisher for such Personal Data. The Skimlinks Group shall Process such Personal Data for the purposes permitted by these Publisher Privacy Terms, the Agreement, Applicable Data Protection Law, and the Privacy Policies. Such Personal Data is only made available to the Skimlinks Group for such purposes. The Skimlinks Group will provide the same level of privacy protection as required of Businesses by applicable US Data Protection Laws, including if applicable, California Privacy Laws. The Skimlinks Group will inform Publisher in the time period required by Applicable Data Protection Law if the Skimlinks Group determines it is no longer able to meet its obligations under Applicable Data Protection Laws. Upon providing notice to the Skimlinks Group, Publisher has the right to take reasonable and appropriate steps to stop and remediate unauthorized use of Personal Data that it makes available to the Skimlinks Group.
b. If EU Data Protection Law or UK Data Protection Law applies to the Personal Data, to the extent that Skimlinks Code or Pixel(s) of the Skimlinks Group are used in connection with the Services to Process Personal Data about a User:
i. Each party shall at all times ensure that:
1. All Personal Data made available to the other party has been collected, processed and made available with Applicable Data Protection Laws; and
2. The essence of the arrangements in these Publisher Privacy Terms has been made available to Users.
ii. As between the parties, responsibility for compliance with Applicable Data Protection Laws shall be dealt with as follows:
1. Publisher shall be responsible for:
a. Complying with the transparency requirements set out in Annex II to these Publisher Privacy Terms; and
b. Ensuring the lawfulness of the processing of the Personal Data for the applicable Purposes set out in Annex I of these Publisher Privacy Terms;
c. Any Data Subject Request falls on the party which first received such Data Subject Request;
d. Any complaint falls on the party which receives receives the complaint from a complainant;
e. Any Personal Data breach (including notification fo the data protection supervisory authority and/or Data Subject(s)) relating to any Personal Data falls on the party which incurred the Personal Data breach; and
f. Any other matter under Applicable Data Protection Laws falls on the party subject to such obligations under Applicable Data Protection Laws.
iii. Each party shall promptly co-operate with and provide reasonable assistance, information and records to the other party to assist that party with its compliance with these Publisher Privacy Terms, Applicable Data Protection Laws and in relation to all complaints and Data Subject Requests.
5. Application of Data Protection Law. The parties acknowledge that Applicable Data Protection Laws may apply to the processing of the Personal Data. Where this is the case, each party shall comply with such Applicable Data Protection Laws with respect to its processing of the Personal Data.
6. International Transfers.
a. If EU Data Protection Law applies to the Personal Data, neither party shall process its Personal Data (nor permit its Personal Data to be processed) in a territory outside of the European Economic Area ("EEA") unless it has taken such measures as are necessary to ensure the transfer is in compliance with EU Data Protection Law.
b. If UK Data Protection Law applies to the Personal Data, neither party shall process its Personal Data (nor permit its Personal Data to be processed) in a territory that the UK has not declared to provide an adequate level of data protection, unless it has taken such measures as are necessary to ensure the transfer is in compliance with UK Data Protection Law.
7. Transparency for Users on Publisher Properties. The Skimlinks Group uses the Skimlinks Code and Pixel(s) of the Skimlinks Group to provide the Services. Publisher shall ensure that it provides all required notices and obtains and adheres to all required consent and opt-out requirements, as required by Applicable Data Protection Law, in connection with Properties in which Publisher places the the Skimlinks Code and/or Pixel(s) of the Skimlinks Group and from which the Skimlinks Group receives Personal Datafor Processing, including such requirements set out in the Annex II of these Publisher Privacy Terms. Publisher’s obligations in this regard includes providing all required notices and obtaining and maintaining all required consents so that the Skimlinks Group can provide its Services lawfully through such Properties, and Process Personal Dataas permitted by these Publisher Privacy Terms, including for the Purposes set out Annex I below, and the Agreement. Upon written request, the Skimlinks Group shall provide Publisher with such information as Publisher may reasonably require about the the Skimlinks Code and Pixel(s) of the Skimlinks Group and the Skimlinks Group’s Processing of Personal Data through Publisher Properties so that Publisher can ensure that appropriate notice and consent mechanisms are displayed. Publisher shall not fire or load Skimlinks Code or any Pixel(s) of the Skimlinks Group unless and until any necessary consents required under Applicable Data Protection Laws have been obtained. Publisher shall further provide Data Subjects with information about how they may exercise their data protection rights under Applicable Data Protection Laws, and provide a contact point for Data Subjects to contact in order to exercise their rights. Publisher shall promptly notify the Skimlinks Group to the extent that it receives any data protection rights request concerning the Skimlinks Group's Processing of Personal Data as a Controller in order that the Skimlinks Group may fulfill the request in accordance with its obligations under Applicable Data Protection Laws.
ANNEX I TO THE SKIMLINKS PUBLISHER PRIVACY TERMS
Purposes of Processing the Personal Data
The Skimlinks Group processes the Personal Data for reporting to Publishers and calculating Publisher Revenue and the following purposes:
- To measure advertisement performance;
- To measure content performance;
- To develop and improve products;
- To ensure security, prevent fraud, and debug;
- To technically deliver ads or content;
- To receive and use automatically-sent device characteristics for identification;
- Outside of the UK and EMEA, and solely in relation to Users of Properties of self-service Publishers, in addition to the above list we will also process Personal Data for the following purposes:
- To store and/or access information on a device;
- To select basic advertisements;
- To create a personalised ads profile;
- To select personalised advertisements;
- To create a personalised content profile;
- To select personalised content;
- To match and combine offline data sources;
- To link different devices; and
- To use limited data to select content.
ANNEX II TO THE SKIMLINKS PUBLISHER PRIVACY TERMS
Data Protection Requirements
1. Transparency Requirements
- A statement regarding use of the Service on Publisher’s Properties and the nature of the relationship between Skimlinks and Publisher. For example:
- “Our website contains some affiliate marketing links, which means we get paid commission on sales of those products or services we write about. Our editorial content is not influenced by advertisers or affiliate partnerships. We use Skimlinks and its affiliates (the “Skimlinks Group”) and more information about their data collection and usage is set out in their privacy policies at https://skimlinks.com/privacy-policy and https://www.taboola.com/policies/privacy-policy.
- To the extent the Skimlinks Group processes your personal data when providing affiliate marketing links, we act as controllers in respect of this data. Details regarding our controller arrangement can be requested using the contact details set out in section [x]. ”
- Full details about cookies, or automated means of data collection used, by the Skimlinks Group on Users’ devices when Users view a web page or click on an affiliate link on Publisher’s Properties. Publishers must at a minimum include the following information (in the format they deem appropriate):
Name of Cookie:
- t_gid (outside the UK and EMEA)
First or third party:
Name of other automated means of data collection:
First or third party:
Purpose(s) of cookie or other automated means of data collection:
The Skimlinks Group uses the above automated means of data collection to earn income from our content. The service works by creating/tagging links within content that a user is reading which, if clicked, takes the user to a third party merchant’s website where the products and/or services can be purchased. If the user then buys something as a result of clicking on these links, the publisher is paid a referral fee by the merchant through Skimlinks. This referral fee does not come out of users’ pockets, nor does it affect the price users pay or the experience users have on the merchant’s site.
In respect of Users outside the UK and EMEA, the Skimlinks Group also stores or reads the t_gid cookie when a User visits a web page or clicks on content on a publisher’s properties, in order optimize, personalize, analyze, and recommend content to Users.
Please note that in order for us to benefit from the Skimlinks Group’s services, the Skimlinks Group works with alongside other third parties, called “affiliate networks”, who may also set cookies on your device. Affiliate networks are not processors or subprocessors of Skimlinks. An overview of these affiliate networks and a link to their respective privacy policies can be found here.
- SkimJS: As long as SkimJS is enabled by Publisher on its Properties.
- Link Wrapper: As long as Link Wrapper syntax is enabled by Publisher on its Properties.
- t_gid: 1 year.”
2. Consent Requirements
Publisher shall adhere to the following requirements prior to enabling the Service on its Properties:
- In respect of UK or EEA targeted users:
- Publisher shall, upon the User’s first visit to Publisher’s Properties, request any required consents under Applicable Privacy Laws of the User to the use of advertising cookies or automated means of data collection used by third parties (i.e. the Skimlinks Group, Affiliate Networks). After initial provision of consent by a User, it need not be requested again, unless the consent expires as per the period that was declared. Skimlinks strongly recommends Publisher to use a consent management platform to help it comply with this requirement.