Agreement On Data Protection - Affiliates

AGREEMENT ON DATA PROTECTION

for use of an Affiliate Marketing Platform Between Affiliate Publisher

and

WONDERDAYS LTD (“WD”)

(each individually “Party” and together, “Parties”).

BACKGROUND

1. (A) WD operates an Affiliate Marketing Platform. WD can use this platform to provide the relevant advertising material for the marketing of their offers / services by publishers. For participation in the Affiliate Marketing Program of WD, it is necessary that these advertising materials are equipped with a tracking code provided by WD for the Advertiser. This is the only way to ensure that the service provision of WD can be implemented technically for the Advertisers.
2. (B) WDs can search from the registered Publishers who are supposed to take over marketing of the advertising materials provided for them on their sales channels. The sales brokered for WD by the Publishers are recorded and processed with the Affiliate Marketing Platform provided by WD. In addition, WD provides corresponding reporting for publishers and shows which remuneration publishers have achieved for the brokerage activity with WD
3. (C) WD maintains contractual relationships the Publisher. The data relevant for the settlement of the Publisher's sales activities shall be transmitted to WD.
4. (D) The details of the respective processing activities are described in more detail in Part A of this Agreement. Part B contains the template of the Joint Controller Agreement, which applies between WD and Publisher if the Publisher processes WD’s advertising material. With the selection the advertising material provided by WD on the Affiliate Marketing Platform, the publisher accepts the offer to conclude the Joint Controller Agreement (in accordance with Part B).

(E) This Agreement shall ensure appropriate protection of Personal Data in the course of the transmission and processing of Personal Data within the framework of the applicable data protection laws. In addition, the Parties would like to implement appropriate measures with regard to the protection of privacy and the fundamental rights and freedoms of the Data Subjects.

Against this backdrop, the Parties make the following agreement:

1. DEFINITIONS

1.1 In this Agreement, the following terms have the following meanings:

1. (a) “Personal Data”, “Controller”, “Processor”, “Processing”, “Data Subject”, “Additional Processors” (= “Subprocessor or Sub-Service Provider”), “Technical and Organisational Measures” and “Supervisory Authority” have the same meaning as in the UK GDPR.
2. (b) “Country with an appropriate level of protection” is every country outside the EEA for which the European Commission has decided that the country has an appropriate level of data protection due to its laws or international agreements into which it has entered.
3. (c) “General Terms and Conditions of Business” or “GTC” are the General Terms and Conditions of Business that are provided by WD for the Publisher, including all related agreements, conditions or other orders by which the use of the platform is regulated.
4. (d) “Agreement” means this agreement on data protection.
5. (e) "Regulations" refers to the joint controller regulations (see below).
6. (f) “WD” refers to WonderDays Ltd, Telford, Shropshire, Company Number 11879155 (hereinafter referred to as “WD”)
7. (g) “Joint Controller Agreement" consists of the provisions in Part A and Part B. The Joint Controller Agreement concerns the cooperation of WD and Publisher relevant to data protection law according to Art. 26 UK GDPR (Part A) and regulates the cooperation of Advertiser and Publisher(s) relevant to data protection law according to Art. 26 UK GDPR (Part B). The respective regulations apply irrespective of whether the Parties actually are to be considered as a Joint Controller within the meaning of Art. 26 UK GDPR and shall ensure an appropriate protection of the transmission and processing of Personal Data regardless of this question.
8. (h) “Processing” is the processing of Personal Data on behalf of the Controller within the meaning of Art. 28 UK GDPR.
9. (i) “Advertiser” includes all enterprises that use the Affiliate Marketing Services of WD on the basis of the GTC or similar contractual agreements.

(l) “Publisher” is all natural persons or legal entities who have registered on the WD platform on the basis of the General Terms and Conditions and promote the advertising material provided by a Advertiser in their media offers/sales channels.

1. (k) “UK GDPR” is the UK Data Protection Act 2018 (DPA) and is the basis upon which ‘data protection’ is judged in the United Kingdom.
2. (l) “Joint Controller(s)” refers to the processing of Personal Data by several (joint) Controllers who jointly define the purpose and means of processing (see Article 26 UK GDPR).
3. (m) “Member State” is a Member State of the EU or a Contracting State of the EEA.
4. (n) “Affiliate Marketing Services” includes the services described or referred to in the General Terms and Conditions, including the provision of the Affiliate Marketing Platform of WD that allows Advertisers to control Affiliate Marketing processes. In addition to the recording of sales by Publishers, this also includes corresponding reporting.

1.2 The following conditions apply to this Agreement:

1. (a) References to a statutory regulation include all subordinated legal provisions which are issued based on this provision;
2. (b) References to this Agreement include the parts (currently A and B) and their Appendices;
3. (c) Headings are not to be included in the interpretation of this Agreement; and
4. (d) in the case of a conflict or contradictions within this Agreement, the conflict or inconsistency is resolved by the respective priority clauses.

2. SCOPE

2.1 The regulations on the Joint Controller Agreements (Part A) shall apply between the respective Parties in respect to their role as Controller in relation to the Personal Data that is processed in accordance with the provisions in Part A. The respective processes and which Party is responsible within the framework of which processes for individual data processing are explained in more detail in Part A.

2.2 In order to ensure an adequate level of protection in connection with the transmission and processing of Personal Data, the principles contained in Part A apply for any processing and transmission between the Controllers for the processing.

2.3 When commissioning Publishers via the WD Affiliate Marketing Platform, the Advertiser concludes a separate agreement on Joint Control in accordance with Art. 26 UK GDPR (in accordance with Part B Joint Controller Agreement) with the respective Publisher(s). WD agrees with the Advertisers participating in the Affiliate Marketing Platform to a corresponding obligation to conclude the Joint Controller Agreement (in accordance with Part B) upon the execution of an order by the Publisher. According to the common understanding of the Parties, the agreement of a Joint Controller Agreement (Part B) does not lead to the creation of a civil-law contractual relationship between the Publisher and Advertiser. The Parties agree that the Publisher (and Advertiser) assert rights regarding the use of Affiliate Marketing Services exclusively within the framework of the contractual relationship with WD.

3. COMPLIANCE WITH THE CONTRACTUAL REGULATIONS

1. 3.1 The Parties agree to comply with the obligations that are imposed on them in their role as a Controller within the framework of this Agreement.
2. 3.2 Each Party is entitled to assert the claims of this Agreement towards the other Party to the extent that the other party operates in the corresponding role.

4. AMENDMENTS

1. 4.1 The Parties agree that this Agreement can be amended and/or supplemented according to the following procedure.
2. 4.2 WD is entitled to amend or supplement this Agreement, provided WD considers this necessary, in particular, to comply with the statutory obligations of the Parties in accordance with applicable data protection law.
3. 4.3 WD shall inform the other Party in writing at least in text form (e.g. by email) with a notice period of six (6) weeks prior to the planned entry into force of the amendment or supplement. If the other Party does not object in writing to the changes to WD within four (4) weeks after receipt of the notification of the changes and continues to use the Affiliate Marketing Services after the expiry of this period, the amendment and/or supplement shall be deemed to have been accepted and the Agreement shall be accordingly amended with the expiry of the aforementioned six (6) week period.
4. 4.4 WD shall inform the other Party with receipt of the notification of the consequences of further, unobjected to, use of the Affiliate Marketing Services.
5. 4.5 If the other Party objects to the amendments or supplements, the Parties shall discuss any complaints and disagreements constructively and clarify them in an amicable manner. If the Parties do not find any solution, both WD and the Advertiser have the right to terminate this Agreement or the corresponding commissions with a notice period of four (4) weeks.

5. TERM AND TERMINATION

1. 5.1 This Agreement enters into force with the confirmation of its validity by the Publisher in the previously communicated procedure, whereby the decisive date is when the last Party agrees either by signing this Agreement or by another way (in particular, by electronic acceptance of these conditions or by email or by implied agreement by the use of the Affiliate Marketing Services without objection). Each Party is bound to the provisions contained in the Agreement from the effective date.
2. 5.2 This Agreement runs for an indefinite period and ends automatically at the end of the contractual relationship based on the GTC and the associated use of the Affiliate Marketing Services.

6. TERMINATION

6.1 Any notice of termination within the framework of this Agreement (“Termination”) must be done in writing.

6.2 If WD is entitled to terminate the contractual relationship based on the General Terms and Conditions and the use of the Affiliate Marketing Services pursuant to the GTC, WD also has a right to terminate this Agreement.

1. The right to extraordinary termination remains unaffected for both Parties.

7. ASSIGNMENT

The Publisher may not assign or transfer any rights or obligations from this Agreement without the prior written consent of WD.

8. SEVERABILITY CLAUSE

8.1 If a provision of this Agreement is, in whole or in part, unlawful, invalid or unenforceable, the legality, validity and enforceability of the remaining provisions of this Agreement shall not be affected thereby.

8.2 The parties undertake to agree to an effective provision in place of the invalid provision, whose effect comes as close as possible to the economic objective that the Parties pursued with the invalid provision. The aforementioned provisions apply accordingly in the event that the contract proves to be incomplete.

9. APPLICABLE LAW

The place of fulfilment and place of jurisdiction is London. The law of the United Kingdom Applies, excluding the use of any conflict of laws. The application of the uniform UN Sales Law based on the Treaty of the United Nations dated 11/04/1980 for Contracts on the International Sale of Goods is excluded.

10. RELATIONSHIP WITH THE GENERAL TERMS AND CONDITIONS OF BUSINESS

10.1 All circumstances not expressly regulated in this Agreement, including the liability of the Parties for the provision or use of the Affiliate Marketing Services are subject to the provisions of the General Terms and Conditions.

10.2 In the case of contradictions between the provisions of this Agreement and the GTC, the provisions of this Agreement shall have priority.

Preamble

PART A

JOINT CONTROLLER AGREEMENT BETWEEN PUBLISHER AND WD

The use of the WD platform for affiliate marketing requires a cooperative division of labour between the WD and the Publisher to the extent described below (“collaboration”). In addition, there is a collaboration between Publisher and WD relevant to data protection law in accordance with Art. 26 UK GDPR (see Part B Joint Controller Agreement). For this purpose, the Parties shall grant each other access to specific Personal Data or collect and process it during the collaboration.

This Agreement is concluded between Publisher and WD. In addition, WD agrees with the commissioned Publisher on an additional Joint Controller Agreement (in accordance with Part B) for the collaboration relevant to data protection law. This Agreement is also concluded in cases where WD uses certain Publishers for the placement of advertisements / commercials.

In this Part A, the Parties shall specify the scope of the collaboration, mutual obligations of the Parties and their respective roles and responsibilities in regard to compliance with the respective data protection obligations.

1. Scope of Collaboration

The Controllers will act (as joint controller) within the framework of the collaboration. The roles of the Controller and the associated tasks are specified in more detail in Appendix 1. If one party is solely responsible for a data processing operation, this party will implement all relevant data protection provisions on its own responsibility. However, such data processing procedures are not subject to this Agreement.

Joint data processing and the type of Personal Data collected and processed within the framework of collaboration are specified in Appendix 1.

2. Obligations of the Controller, Processors

2.1 The Controller carries out the processing of Personal Data in accordance with the relevant provisions of the applicable data protection laws. Both Parties are jointly responsible externally for compliance with the applicable data protection laws with regard to joint data processing. In the internal relationship, the scope of the responsibility for compliance with the applicable data protection laws arises from Appendix 1 where the Parties have been assigned individual data processing procedures.

2.2 The Controllers use the Personal Data within the framework of this Collaboration for the purposes as described in Appendix 1. For further data processing beyond the joint responsibility, each Controller is solely accountable and must comply with the data protection law requirements independently.

Should the Parties process Personal Data for purposes other than those described herein, the Parties shall inform each other in the appropriate scope, provided this is mandatory by law.

2.3 The Controllers ensure that all persons who are involved in the processing of Personal Data are required and/or will be required to maintain confidentiality and will process personal data on instruction of the controller only.

2.4 Personal Data must be correct and, if necessary, up-to-date. The collection and processing of Personal Data must be restricted appropriately and considerably to the purpose as well as to the extent necessary for the purposes of transmission and further processing.

2.5 The Controller will only process Personal Data in accordance with the contract with the aid of Processors if an order processing agreement corresponding to the statutory requirements is concluded with the respective Processors. The Controller shall only disclose Personal Data to third parties to the extent this is actually required for fulfilling the obligations resulting from the Collaboration or is otherwise legally permissible and proper and the other Party is informed of the other recipients of the Personal Data.

3. Technical and organisational measures

Taking into account the state of the art, the implementation costs and the type, scope, circumstances, and the purposes of processing, as well as the different probability of occurrence and severity of the risk to the rights and freedoms of natural persons, the Controllers shall take appropriate technical and organisational measures to ensure an appropriate level of protection; these measures include, depending on individual case, the following:

• pseudonymisation and encryption of Personal Data;
• the ability to ensure, over the long-term, the confidentiality, integrity, availability and resilience of the systems and services in connection with processing;
• the ability to rapidly restore the availability of Personal Data and access to it upon the occurrence of a physical or technical incident;
• a procedure for regular review, assessment and evaluation of the effectiveness of the technical and organisational measures to ensure the security of processing.

4. Responsibility for compliance with data protection laws and rights of Data Subjects

4.1 As a rule, the Controller who has initially collected the Personal Data or has a direct contractual relationship with the Data Subjects is a central contact point for the Data Subjects. In the form of cooperation relevant here, the merchant usually has direct contact with the data subject. WD shall contractually regulate with the Advertiser that WD is the central contact for the data subject with regard to the data processing relevant here and that the data subject is informed about this.

4.2 Data Subjects are entitled to various rights with regard to the Personal Data processed by the Controller. The Controllers agree to fulfil their respective obligations in accordance with the provisions of the applicable data protection laws.

4.3 Data Subjects must be provided with information about the processing in accordance with Art. 13 and 14 UK GDPR. The Parties agree that WD issues the information obligations vis-a-vis the Data Subjects for the data processing described in Part A, Appendix 1, Case 1.

4.4 The Controllers support each other in the fulfilment of corresponding contractual and/or other statutory obligations and provide the necessary information on the relevant data processing activities in order to meet these requirements. WD shall provide the Advertiser with separate data protection notices that will provide its end customers with information on the data processing activities carried out by WD in the course of the use of Affiliate Marketing Services.

4.5 Data Subjects are entitled under the statutory requirements to the right to request information about the processing of their Personal Data. In addition, the Data Subjects affected by the Collaboration can demand that the Controller correct, delete or restrict access to their data. In the cases regulated by law, the persons affected by the cooperation can object to the processing of their personal data by the person responsible at any time for reasons that arise from their particular situation.

The Parties agree that it is basically the responsibility of the WD to answer corresponding enquiries from Data Subjects. It remains the central point of contact for the Data Subjects.

The Controller shall also clarify that the Data Subjects of the processing can assert their respective rights arising from or in connection with the processing of the Personal Data against each Controller.

The Controller will take all necessary and appropriate steps to fulfil corresponding enquiries and claims in the name of the other Controller and to collaborate accordingly in this context. In each case, the Controllers must support each other appropriately.

4.6 Reporting obligations according to Art. 33 and 34 UK GDPR are fulfilled by the Controller where the reportable incident occurred. The Parties shall immediately inform each other in the event of a reportable incident with regard to the processing covered by the contract. The respective other Party shall support the Controller with the reporting obligation in the best possible way in clarifying the facts and in taking appropriate measures to protect the Data Subjects. The decision on the necessity, content and scope of the measures to be taken shall be made by the Controller with the reporting obligation.

4.7 In addition, the Parties are agreed that WD remains responsible for providing information to the Data Subject about the essential contents of the regulations according to PART A, if, and to the extent, that the Data Subject requests this and it is absolutely required under applicable law. In the event that the affected persons request corresponding information, the Controllers will forward this section of PART A to the affected persons after prior coordination.

4.8 Each Controller shall maintain a directory of processing activities independently. The Controllers shall provide each other with the information required for maintaining a corresponding directory of processing activities.

4.9 The Controllers shall support each other in the appropriate scope, if necessary, in the creation of a data protection impact assessment and, if appropriate and insofar as legally permissible with the prior consultation with Supervisory Authorities. At the request of the other Controller, the other Controller must provide the required information and documents to the requesting party.

4.10 Each Controller shall bear any costs it might incur in the context of fulfilling the obligation in accordance with this PART A. The provisions of the General Terms and Conditions for the use of Affiliate Marketing Services remain unaffected by this.

5. Liability

The Controllers are liable to each other in accordance with the statutory provisions.

6. Conflict regulation

The regulations in the General Terms and Conditions concerning the use of Affiliate Marketing Services is superseded by this regulation to the extent that this Agreement provides for special regulations. Otherwise, the subsidiary applicability of the provisions for the use of the Affiliate Marketing Services remains.

PART A

APPENDIX 1: Roles, tasks and scope of the collaboration between Publisher and WD

WD provides an Affiliate Marketing Platform and concludes separate Agreements (“GTC”) for its use with the Publisher. The task of WD is to enable the settlement of the sales brokered via the platform. The Publisher initiates this data processing by publishing advertisements provided by the WD with a corresponding tracking code. This implements the forwarding to a landing page specified in advance by WD.

The data relevant for the invoicing of the Publisher’s services is transmitted to the Advertiser based on contractual agreement to WD, so that WD can fulfil its contractual obligations. In addition, WD shall provide the Publisher with corresponding reports about its brokerage activities on the basis of the data of the Publisher collected by WD for brokerage purposes.

In detail, the tasks are distributed as part of Joint Controller as follows:

Procedure	Purpose / scope	Roles and tasks	Processing of / access to data categories / Data Subjects
Reporting on brokered sales of a publisher via the WD network	Preparation and provision of data (anonymised reports) on a Publisher’s sales for individual Advertisers mediated via the platform for the purpose of verifying sales and optimising own marketing activities.	WD: Preparation and provision of data on the sales brokered by the Publisher for Publisher’s access Publisher: Coordination with regard to the data used for the creation of reports	Data Subject: Customers of the WD who have concluded a contract with WD due to the Publisher’s brokerage. The following data is affected: Product ID / Name / Item Invoice data Transaction Status Amount of sale Timestamp Commission of the Publisher ("Commission")

Preamble

PART B

JOINT CONTROLLER AGREEMENT BETWEEN WD AND PUBLISHER

The use of the WD platform for affiliate marketing requires a cooperative division of labour between WD and the Publisher as well as a collaboration between Publisher and WD relevant to the data protection law according to Art. 26 UK GDPR. The regulations of Part B JOINT CONTROLLER AGREEMENT apply to this collaboration between WD and Publisher. WD and Publisher shall grant each other access to specific Personal Data or collect and process this data during the collaboration. This Agreement is also concluded in cases where WD use certain Publishers for the placement of displays/advertising.

In Appendix 1 to this Agreement, the Parties specify the scope of the collaboration, mutual obligations of the Parties and their respective roles and responsibilities in regard to compliance with the respective data protection obligations.

1. Scope of Collaboration

As part of the collaboration, the Controllers will act as Joint Controller. The roles of the Controller and the associated tasks are specified in more detail in Appendix 1. If one party is solely responsible for a data processing operation, this party will implement all relevant data protection provisions on its own responsibility. However, such data processing procedures are not subject to this Agreement.

Joint data processing and the type of Personal Data collected and processed within the framework of collaboration are specified in Appendix 1.

2. Obligations of the Controller, Processors

2.1 The Controller carries out the processing of Personal Data in accordance with the relevant provisions of the applicable data protection laws. Both Parties and the Publisher are jointly responsible externally for compliance with the applicable data protection laws with regard to joint data processing. In the internal relationship, the scope of the responsibility for compliance with the applicable data protection laws arises from Appendix 1 where the Parties have been assigned individual data processing procedures.

2.2 The Controllers use the Personal Data within the framework of this Collaboration for the purposes as described in Appendix 1. For further data processing beyond the joint responsibility, each Controller is solely accountable and must comply with the data protection law requirements independently.

Should the Parties process Personal Data for purposes other than those described herein, the Parties shall inform each other in the appropriate scope, provided this is mandatory by law.

2.3 The Controllers ensure that all persons who are involved in the processing of Personal Data are required and/or will be required to maintain confidentiality and will process personal data on instruction of the controller only.

2.4 Personal Data must be correct and, if necessary, up-to-date. The collection and processing of Personal Data must be restricted appropriately and considerably to the purpose as well as to the extent necessary for the purposes of transmission and further processing.

2.5 The Controller will only process Personal Data in accordance with the contract with the aid of Processors if an order processing agreement corresponding to the statutory requirements is concluded with the respective Processors. The Controller shall only disclose Personal Data to third parties to the extent this is actually required for fulfilling the obligations resulting from the Collaboration or is otherwise legally permissible and proper and the other Party is informed of the other recipients of the Personal Data.

3. Technical and organisational measures

Taking into account the state of the art, the implementation costs and the type, scope, circumstances, and the purposes of processing, as well as the different probability of occurrence and severity of the risk to the rights and freedoms of natural persons, the Controllers shall take appropriate technical and organisational measures to ensure an appropriate level of protection; these measures include, depending on individual case, the following:

• pseudonymisation and encryption of Personal Data;
• the ability to ensure, over the long-term, the confidentiality, integrity, availability and resilience of the systems and services in connection with processing;
• the ability to rapidly restore the availability of Personal Data and access to it upon the occurrence of a physical or technical incident;
• a procedure for regular review, assessment and evaluation of the effectiveness of the technical and organisational measures to ensure the security of processing.

Responsibility for compliance with data protection laws and rights of Data Subjects

4.1 As a rule, the Controller who has initially collected the Personal Data or has a direct contractual relationship with the Data Subjects is a central contact point for the Data Subjects. This is usually WD who is directly in contact with the customer and has collected its data for the conclusion of the contract.

4.2 Data Subjects are entitled to various rights with regard to the Personal Data processed by the Controller. The Controllers agree to fulfil their respective obligations in accordance with the provisions of the applicable data protection laws.

4.3 Data Subjects must be provided with information about the processing in accordance with Art. 13 and 14 UK GDPR. The Parties agree that the Publisher fulfils the information obligations to the Data Subjects for the data processing regulated in Part D, Appendix 1. Furthermore, it is the responsibility of WD to provide all necessary information on the data processing activities listed in Part B Appendix 1 to the Data Subjects in a suitable manner in accordance with the procedure described below.

4.4 The Controllers support each other in the fulfilment of corresponding contractual and/or other statutory obligations and provide the necessary information on the relevant data processing activities in order to meet these requirements. Notwithstanding the provision of the above-mentioned data protection notices, WD remains responsible for complying with all legal obligations that it must meet, in particular, obligations to inform.

4.5 Data Subjects are entitled under the statutory requirements to the right to request information about the processing of their Personal Data. In addition, the Data Subjects affected by the Collaboration can demand that the Controller correct, delete or restrict access to their data. In the cases regulated by law, the persons affected by the cooperation can object to the processing of their personal data by the person responsible at any time for reasons that arise from their particular situation.

The Parties agree that it is basically the responsibility of WD to answer appropriate enquiries from Data Subjects. It remains the central point of contact for the Data Subjects.

The Controller shall also clarify that the Data Subjects of the processing can assert their respective rights arising from or in connection with the processing of the Personal Data against each Controller. Art. 82 UK GDPR remains unaffected.

The Controller will take all necessary and appropriate steps to fulfil corresponding enquiries and claims in the name of the other Controller and to collaborate accordingly in this context. In each case, the Controllers must support each other appropriately.

4.6 Reporting obligations according to Art. 33 and 34 UK GDPR are fulfilled by the Controller where the reportable incident occurred. The Parties shall immediately inform each other in the event of a reportable incident with regard to the processing covered by the contract. The respective other Party shall support the Controller with the reporting obligation in the best possible way in clarifying the facts and in taking appropriate measures to protect the Data Subjects. The decision on the necessity, content and scope of the measures to be taken shall be made by the Controller with the reporting obligation.

4.7 In addition, WD is responsible for providing information to the Data Subject about the essential contents of the regulations according to PART B, if, and to the extent, that the Data Subject requests this and it is absolutely required under applicable law. In the event that the Data Subjects request appropriate information, the Controller will pass on this section of PART B to the Data Subject after prior coordination.

4.8 Each Controller shall maintain a directory of processing activities independently. The Controllers shall provide each other with the information required for maintaining a corresponding directory of processing activities.

4.9 The Controllers shall support each other in the appropriate scope, if necessary, in the creation of a data protection impact assessment and, if appropriate and insofar as legally permissible with the prior consultation with Supervisory Authorities. At the request of the other Controller, the other Controller must provide the required information and documents to the requesting party.

4.10 Each Controller shall bear its own costs incurred in the context of fulfilling the obligation in accordance with this Agreement. The regulations of the General Terms and Conditions existing between the respective Parties and WD and the supplemental regulations for the use of Affiliate Marketing Services remain unaffected by this.

5. Liability

The Controllers are liable to each other in accordance with the statutory provisions.

6. Conflict regulation

The regulations in the General Terms and Conditions concerning the use of Affiliate Marketing Services to WD is superseded by this regulation to the extent that this Agreement provides for special regulations. Otherwise, the subsidiary applicability of the provisions for the use of the Affiliate Marketing Services remains.

PART B

APPENDIX 1: Roles, tasks and scope of collaboration between WD and Publisher, provided it is commissioned by WD for the brokerage

WD provides an Affiliate Marketing Platform and concludes separate Agreements (“GTC”) for its use with WD and Publisher. The task of WD is to enable the settlement of the sales brokered via the platform. The Publisher initiates this data processing by publishing an advertisement provided by WD via the Affiliate Marketing Platform that contains a corresponding tracking code. This is done by forwarding the interested party to a landing page specified in advance by WD.

The merchant transmits the data relevant for billing the publisher’s services to WD on the basis of a separate contractual agreement so that WD can meet its contractual obligations.

In detail, the tasks are distributed as part of Joint Controller between WD and Publisher as follows:

Procedure	Purpose / scope	Roles and tasks	Processing of / access to data categories / Data Subjects
Forwarding of the user by Publisher after the accessing of an advertisement of WD to the landing page linked in the advertising material	The Publisher uses the advertisements of WD furnished with a tracking code for advertising purposes (“Display”). After clicking on the display, the user is forwarded to the intended landing page	Publisher: Integration of the pixelated advertising material (ad) within the framework of own marketing measures and forwarding of the request after the click on advertising material to access WD's landing page WD: Provision of ad with script for forwarding the specified data	Data Subject: potential customers of Advertiser The following data are affected: IP address, Referrer, Browser type, Call time (timestamp), Publisher ID Value

DOCUMENT ENDS