Data Processing Addendum for CMP
The terms of this Data Processing Addendum for CMP (“DPA”) apply whereby Adlane LTD (“Adlane”) and you (“Publisher”) (each a “Party” and together the “Parties”) entered into a mutual agreement relating to the CMP Terms of Service whereby either one or both of the Parties will be sharing Personal Data (as defined herein) to the other Party in order to provide and/or receive the CMP Service. This DPA shall be incorporated into the CMP Terms of Service and shall be binding on the Parties.
- CONFLICT
In the event of any conflict between the provisions of the CMP Terms of Service and the provisions of this DPA, the provisions of this DPA shall take precedence.
- DEFINITIONS AND INTERPRETATION
In this DPA, the following terms shall have the meanings set out below:
“Account” has the meaning set out in the CMP Terms of Service.
“Agreed Purposes” means performing respective actions under the CMP Terms of Service to make available and receive the CMP Service and to process the Shared Personal Data with other data provided by third parties as it considers necessary.
“Applicable Laws” means the laws and regulations of any jurisdiction that may be applicable to the Personal Data, including a Member State of the European Union or the laws of the European Union applicable to the Parties and any other applicable law including but not limited to the Data Protection Legislation and the e-Privacy Legislation.
“CMP Service” means an optional service provided to assist Publishers in obtaining consent for the data collection on properties worldwide as described in the CMP Terms of Service.
“CMP Terms of Service” means the CMP Terms of Service located on Adlane’s website via the link: adlane.io/terms/ (as updated or amended from time to time).
“Data Protection Legislation” means (i) the EU General Data Protection Regulation ((EU) 2016/679) as amended, replaced, or superseded from time to time and laws implementing or supplementing the GDPR; (ii) to the extent applicable, the data protection laws of any other country, including the United Kingdom; and (iii) the California Consumer Protection Act and other relevant US federal or state laws.
“Data Controller” has the meaning set out in the GDPR.
“Data Processor” has the meaning set out in the GDPR.
“Data Subject” has the meaning set out in the GDPR.
“e-Privacy Legislation” means (i) the EU Privacy and Electronic Communications Directive (2002/58/EC) as transposed into domestic legislation of each Member State as amended, replaced, or superseded from time to time; and (ii) to the extent applicable, the privacy laws of any other country, including the United Kingdom if and when the United Kingdom ceases to be a Member State.
“GDPR” means General Data Protection Regulation ((EU) 2016/679).
“Google Ad Tech Providers” means Google partners, included in Google’s Ad Tech Providers (ATP) list.
“Permitted Recipients” means the Party to this DPA, its employees, and any third-party processor engaged by such Party to process Personal Data for the Agreed Purposes.
“Personal Data” has the meaning set out in Applicable Laws to the information collected.
“EU-U.S. DPF” means the EU-U.S. Data Privacy Framework self-certification program operated by the U.S. Department of Commerce (as may be amended, superseded, or replaced).
“Publisher Properties” means the websites, mobile applications, and/or other digital media properties owned or operated by the Publisher and accessible through the CMP Service or via which Personal Data used in connection with the CMP Service is collected.
“Shared Personal Data” means Personal Data relating to any Data Subject to be shared between the Parties, including IP address, device ID, etc.
“TCF Vendor” means a company that can be Ad servers, measurement providers, advertising agencies, DSPs, SSPs, and more, included in the “Global Vendor List” (GVL), a publicly available and machine-readable registry hosted by IAB Europe.
“US State Privacy Laws” means all state laws relating to the protection and processing of Personal Data in effect in the United States of America, which may include, without limitation, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, and the Utah Consumer Privacy Act.
“Restricted Transfer” means (i) where the GDPR applies, a transfer of Personal Data from the European Economic Area to a country outside of the European Economic Area which is not subject to an adequacy determination by the European Commission; (ii) where the UK Privacy Law applies, a transfer of Personal Data from the United Kingdom to any other country which is not based on adequacy regulations pursuant to section 17A of the United Kingdom Data Protection Act 2018.
“Standard Contractual Clauses” means Module 2 (Controller to Processor) of the contractual clauses annexed to the European Commission’s Implementing Decision 2021/914 of 4 June 2021 located at https://eur-lex.europa.eu/eli/dec_impl/2021/914.
“UK Addendum” means the International Data Transfer Addendum (version B1.0) to the EU Commission Standard Contractual Clauses issued by the UK Information Commissioners Office under S.119(A) of the UK Data Protection Act 2018, as amended, superseded, or replaced from time to time.
- DATA PROTECTION
3.1. Scope of the processing. Unless otherwise and separately agreed between the Parties, the Parties agree and understand that in connection with the CMP Service, Adlane may collect or otherwise receive data (including Personal Data) about or related to end-users of the Publisher Properties as more particularly described in Annex A of this DPA.
3.2. Relationship of the Parties. The Parties acknowledge that to the extent the data is Personal Data, the Publisher shall process such data as Data Controller and Adlane shall process such data as Data Processor, and only for the Agreed Purposes.
3.3. Shared Personal Data. A Party shall share (“Data Exporter”) the Shared Personal Data with the other Party (“Data Importer”) for the purpose of performing under provisions of the CMP Terms of Service by the Parties.
3.4. Effect of non-compliance with Data Protection Legislation. Each Party shall comply with all the obligations imposed on a Data Controller and Data Processor under the Data Protection Legislation, and any material breach of the Data Protection Legislation by one Party shall, if not remedied within 30 (thirty) days of written notice from the other Party, give grounds to the other Party to terminate this DPA with immediate effect.
3.5. The Data Exporter obligations. The Data Exporter shall: (a) ensure that it has all necessary notices and consents, where applicable, to enable the lawful transfer of the Shared Personal Data to the Permitted Recipients for the Agreed Purposes, including but not limited to, any notices and consents required under the e-Privacy Legislation; (b) record, document, store and make available to the Data Importer upon request the legal bases and consents that are being relied on to request CMP Service; (c) when required, list the Data Importer, with a link to its privacy policy, to its list of TCF Vendors and Google Ad Tech Providers with respect to the CMP Service; and (d) give full information to any Data Subject whose Personal Data may be processed under the CMP Terms of Service of the nature of such processing and their rights regarding such processing as required under the Data Protection Legislation.
3.6. The Data Importer obligations. The Data Importer shall: (a) only process the Shared Personal Data for the Agreed Purposes; (b) process the Shared Personal Data in accordance with Applicable Laws and Data Exporter instructions as set forth in clause 3.7 herein; (c) maintain appropriate technical and organizational measures for the protection, security, confidentiality and integrity of the Shared Personal Data; (d) notify the other Party without undue delay after becoming aware of a data incident involving the Shared Personal Data and fully cooperate with the Data Exporter to remedy the incident; (e) not disclose the Shared Personal Data to any third party unless permitted by the Data Exporter in writing and if such permission is granted, it shall ensure that all Permitted Recipients are subject to written contractual obligations concerning the Shared Personal Data (including obligations of confidentiality) which are no less onerous than those imposed by this DPA; and (f) not retain the Shared Personal Data for longer than the period during which it has a legitimate need to retain the Shared Personal Data for or in connection with the Agreed Purposes.
3.7. Data Controller’s Instructions. The Shared Personal Data is handled exclusively within the framework of the agreements made and in accordance with documented instructions from the Data Controller under Article 28 of GDPR. The CMP Terms of Service, the mutual agreement, this DPA and, if applicable, the settings made by the Publisher for the use of the CMP Service shall constitute the Data Controller’s instructions. Within the scope of the description of the data processing mandate in this DPA, the Publisher reserves the right to issue comprehensive instructions on the type, scope, and procedure of data processing, which it can specify in more detail by means of individual instructions. Changes to the object of processing and procedural changes are to be jointly agreed upon and documented. Any additional expenses incurred are to be remunerated by the Controller on a time and material basis.
The Data Processor may only provide information to third parties or the person concerned with the prior written consent of the Data Controller. The Data Processor shall not use the data for any other purposes and shall in particular not be entitled to pass them on to third parties. Excluded from this are backup copies, insofar as they are necessary to ensure proper data processing, as well as data that is necessary in order to comply with legal obligations under the Data Protection Legislation, and to comply with retention obligations.
The Data Processor must inform the Data Controller without delay in accordance with Article 28 of GDPR if it believes that an instruction violates data protection regulations. The Data Processor is entitled to suspend the execution of the corresponding instruction until it is confirmed or amended by the person responsible at the Data Controller.
3.8. Adlane assistance. With respect to Shared Personal Data, Adlane will assist the Publisher in responding to requests for exercising Data Subjects’ rights and will endeavor to assist the Publisher with its obligations pursuant to Articles 32-36 of GDPR, including data security, data protection impact assessments, and breach notifications. Adlane will promptly inform the Publisher if it is asked to do something which to its knowledge violates Data Protection Legislation. The Parties will make available all information reasonably necessary available to each other as may be required to demonstrate compliance with Data Protection Legislation, and Adlane may allow for and contribute to audits and inspection in this regard.
3.9. Sub-processors. The engagement and/or change of Sub-processors by the Data Processor is only allowed with the consent of the Data Controller. The Data Controller hereby agrees to the engagement of the Sub-processors as well as to the use or modification of further Sub-processors if the Data Processor notifies the Data Controller of the engagement, use, or change in writing (email sufficient) thirty (30) days before the start of the data processing. The Data Controller may object to the use of a new Sub-processor or the change. If no objection is made within the aforementioned period, the approval of the use or change shall be assumed to have been given.
The Data Processor shall design the contractual arrangements with the Sub-processor(s) in such a way that they contain the same data protection obligations as defined in this DPA, taking into account the nature and extent of data processing within the scope of the subcontract. The Sub-processor’s commitment must be made in writing or in electronic format.
3.10. Publisher Privacy Notice Requirements. Publisher agrees that it is responsible for ensuring that all Data Subjects are appropriately notified about the data collection and use practices taking place on the Publisher Properties via CMP Service. Publisher represents and warrants that it shall conspicuously post, maintain, and abide by a publicly accessible privacy notice within all Publisher Properties from which the data is collected that satisfies the requirements of the Applicable Laws and the CMP Terms of Service (including this DPA). Without prejudice to the generality of the foregoing, such notice shall at a minimum include the following information: (i) a statement that data may be collected for advertising purposes; (ii) a description of the type of Personal Data collected by Adlane, TCF Vendors and Google Ad Tech Providers, and the purposes of processing thereof, including for delivering ads across the Publisher Properties over time; (iii) a description of the categories of individuals who will have access to the Personal Data; (iv) the identity of the Controller(s) of the data; (v) a link to or description of how to access a relevant choice mechanism; and/or (vi) any other information required to comply with the information and transparency requirements of Applicable Laws. The privacy notice, its explanation of the data Adlane collects, and how CMP Service uses it, may assist you in complying with your notification obligations under this DPA.
3.11. US State Privacy Laws Compliance. For data of California residents, each Party agrees to comply with the California Consumer Protection Act (CCPA) and will employ reasonable efforts to provide a Do Not Sell My Information link on the home page of any Publisher Properties where Shared Personal Data will be provided. For users who exercise the CCPA Do Not Sell right, each Party agrees to limit the uses of Shared Data as restricted by the CCPA. For data of Virginia, Connecticut, and Colorado residents, each Party agrees to comply with the Virginia Consumer Data Protection Act (VCDPA), Connecticut Data Privacy Act (CTDPA), and Colorado Privacy Act (CPA) and not to use “dark patterns” to obtain consumer consent. For data of New York residents, each Party agrees to comply with the New York Privacy Act (NYPA). For data of Washington residents, each Party agrees to comply with the Washington Privacy Act (WPA). For data of Utah residents, each Party agrees to comply with the Utah Consumer Privacy Act (UCPA).
3.12. Industry Standards. Each Party will use reasonable efforts to provide or require partners to provide end users with notice of the use and sharing of Shared Personal Information and to provide end users with the ability to opt-out of the uses of Shared Personal Information for cross-contextual advertising, as defined by industry best practices.
3.13. Prohibited Data Sharing. Publisher shall not include or launch on any Publisher Properties any CMP Service if such Publisher Properties are directed at or likely to be accessed by any Data Subject that is deemed a child under Applicable Laws of the country in which the child resides. Publisher shall inform Adlane in writing prior to launching on any of such Publisher Properties the CMP Service or pass to Adlane, TCF Vendors, or Google Ad Tech Providers any Personal Data of any Data Subject that is deemed a child under Applicable Laws.
3.14. International Transfers. The recipient Party shall not process, nor permit the processing of, any of the Shared Personal Data, in a territory outside the European Economic Area or the United Kingdom or Switzerland (“EEA”) unless it has taken such measures as are necessary to ensure the transfer is in compliance with Data Protection Legislation. Such measures may include, without limitation, transferring the Shared Personal Data to a recipient in a country that the European Commission has decided provides adequate protection for personal data, for internal transfers by a recipient that has achieved binding corporate rules authorization in accordance with Applicable Laws, or to a recipient that has executed standard contractual clauses adopted or approved by the European Commission.
3.15. Storage limitation. The Data Importer shall retain the Shared Personal Data for no longer than necessary for the purpose(s) determined according to the CMP Terms of Service for which it is processed. It shall put in place appropriate technical and organizational measures to ensure compliance with this obligation, including the erasure or anonymization of the data and all backups at the end of the retention period.
3.16. Measure to ensure the security of processing. Each Party undertakes to observe the principles of due and proper data processing in accordance with Art. 32 in conjunction with Art. 5 (1) GDPR. Each Party shall take all necessary measures to safeguard the data and the security of the processing, in particular taking into account the state of the art, as well as to reduce possible adverse consequences for the affected Parties. Measures to be taken include, in particular, measures to protect the confidentiality, integrity, availability, and resilience of systems and measures to ensure continuity of processing after incidents. In order to ensure an appropriate level of processing security at all times, each Party shall regularly evaluate the measures implemented and make any necessary adjustments. The Data Importer shall carry out regular checks to ensure that these measures continue to provide an appropriate level of security. The Data Importer shall ensure that persons authorized to process the Shared Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. In the event of a Personal Data breach concerning Personal Data processed by the Data Importer under this DPA, the Data Importer shall take appropriate measures to address the Personal Data breach, including measures to mitigate its possible adverse effects.
3.17. Noncompliance. If the Data Exporter is unable to comply with its consent and notice obligations under the Terms of Service (including this DPA) in respect of the Shared Personal Data, the Data Exporter shall promptly notify the Data Importer and cease the transfer until mitigation.
- DATA TRANSFERS
4.1. Standard Contractual Clauses. The Parties agree that when the transfer of Personal Data from Publisher (as Data Exporter) to Adlane (as Data Importer) is a Restricted Transfer and European Data Protection Legislation applies, the transfer shall be subject to the Standard Contractual Clauses, which shall be deemed incorporated into and shall form part of this DPA, as follows:
(a) in relation to transfers of Personal Data protected by the GDPR, the Standard Contractual Clauses shall apply, completed as follows: (i) in Clause 7, the optional docking clause will apply, (ii) in Clause 11, the optional language will not apply; (iii) in Clause 17, Option 1 will apply, and the Standard Contractual Clauses will be governed by laws of Bulgaria; (iv) in Clause 18(b), disputes shall be resolved before the courts of Bulgaria; (v) Annex I of the Standard Contractual Clauses shall be deemed completed with the information set out in Annex A to this DPA; and (vii) Annex II of the Standard Contractual Clauses shall be deemed completed with the information set out in Annex B to this DPA;
(b) in relation to transfers of Personal Data protected by UK Privacy Law, the Standard Contractual Clauses shall also apply completed in accordance with paragraph (a) above, but as modified and interpreted by Part2: Mandatory Clauses of the UK Addendum, which shall be deemed executed by the Parties and incorporated into and form an integral part of this DPA. In addition, Tables 1 to 3 in Part 1 of the UK Addendum shall be completed respectively with the information set out in Annexes A and B of this DPA and Table 4 in Part 1 shall be deemed completed by selecting “neither party”; and
(c) in relation to transfers of Personal Data protected by the Swiss Data Protection Act (Swiss DPA), the Standard Contractual Clauses shall also apply completed in accordance with paragraph (a) above, with the following modifications: (i) references to “Regulation (EU) 2016/679” shall be interpreted as references to the Swiss DPA; (ii) references to specific Articles of “Regulation (EU) 2016/679” shall be replaced with the equivalent article or section of the Swiss DPA; (iii) references to “EU”, “Union”, “Member State” and “Member State law” shall be replaced with references to “Switzerland”, or “Swiss law”; (iv) the term “member state” shall not be interpreted in such a way as to exclude data subjects in Switzerland from the possibility of suing for their rights in their place of habitual residence (i.e., Switzerland); (v) Clause 13(a) and Part C of Annex A are not used and the “competent supervisory authority” is the Swiss Federal Data Protection Information Commissioner; (vi) references to the “competent supervisory authority” and “competent courts” shall be replaced with references to the “Swiss Federal Data Protection Information Commissioner” and “applicable courts of Switzerland”; (vii) in Clause 17, the Standard Contractual Clauses shall be governed by the laws of Switzerland; and (viii) Clause 18(b) shall state that disputes shall be resolved before the applicable courts of Switzerland.
4.2. Adequacy Mechanisms. The terms of the Standard Contractual Clauses will not apply where and to the extent Adlane (as Data Importer) and the applicable transfer of Personal Data are covered by an alternative, suitable framework or other legally adequate transfer mechanism recognized by the relevant authorities or courts as providing an adequate level of protection or appropriate safeguards for Personal Data (provided that it is deemed legally valid in jurisdictions subject to European Data Protection Law), including the U.S. – EU DPF (an “Adequacy Mechanism”). Where an Adequacy Mechanism applies, Adlane shall process the Personal Data in compliance with the Adequacy Mechanism and the Standard Contractual Clauses shall not apply.
4.3. Alternative Transfer Mechanisms. The Parties agree that if European Data Protection Legislation no longer allows the lawful transfer of Personal Data under the Standard Contractual Clauses and/or a relevant regulator or court of competent jurisdiction requires the Parties to adopt additional measures (“Additional Measures“) or an alternative data export solution (“Alternative Transfer Mechanism“) to enable the lawful transfer of data outside of EEA and such requirements are not satisfied by an Adequacy Mechanism in line with clause 4.2 above (if applicable), both Parties agree to cooperate and agree any Additional Measures or Alternative Transfer Mechanism that may be required (but only to the extent such Additional Measures or Alternative Transfer Mechanism extend to the territories to which Data is transferred).
4.4. It is not the intent of either Party to contradict or restrict any of the provisions set forth in the Standard Contractual Clauses. Accordingly, if and to the extent the Standard Contractual Clauses conflict with any provision of the Terms of Service, including this DPA, the Standard Contractual Clauses shall prevail to the extent of such conflict.
- MISCELLANEOUS PROVISIONS
5.1 Contact. The representative within Adlane authorized to respond from time to time to inquiries regarding the Shared Data and who shall deal with such inquiries promptly can be contactable here: legal@adlane.io.
5.2 Changes in Law. In the event that there is a change in the Applicable Laws that apply to the processing of data, that would, in the reasonable opinion of a Party, require changes to the CMP Service, the means by which the CMP Service is provided or used and/or terms of this DPA, that Party reserves the right (acting reasonably) to request such changes; provided that, to the extent possible, the Party requesting the change will provide at least thirty (30) days prior notice (including by email or via Publisher Account on the Adlane platform) of such changes and agrees to discuss such changes in good faith. If the requested changes will cause material harm to any Party (which includes for the avoidance of doubt, causing a Party to be in breach of European Data Protection Legislation) or materially alter any Party’s provision or use (as applicable) of the CMP Service, such Party may terminate the Terms of Service for the affected CMP Service upon written notice without liability for such termination.
5.3. Indemnity. Publisher shall indemnify Adlane against all liabilities, costs, expenses, damages, and losses (including but not limited to any direct, indirect, or consequential losses, loss of profit, loss of reputation and all interest, penalties and legal costs (calculated on a full indemnity basis) and all other reasonable professional costs and expenses) suffered or incurred by Adlane arising out of or in connection with the breach of the Applicable Laws by the Publisher, its employees or agents, provided that Adlane gives to the Publisher prompt notice of such claim, full information about the circumstances giving rise to it, reasonable assistance in dealing with the claim and sole authority to manage, defend and/or settle it.
5.4. Security. Both Parties shall implement appropriate technical and organizational measures to protect the copy of the data in their possession or control (i) from accidental or unlawful destruction, and (ii) loss, alteration, unauthorized disclosure of, or access to the data.
5.5. General. With effect from the effective date, this DPA is part of and incorporated into the CMP Terms of Service. To the extent there are any prior agreements with regard to the subject matter of this DPA, this DPA supersedes and replaces such prior agreements. This DPA shall survive termination or expiry of the CMP Terms of Service. Upon termination or expiry of the CMP Terms of Service Adlane continue to process the data provided that such processing complies with the requirements of this DPA and the Applicable Laws. This DPA may be executed in counterparts, each of which shall be deemed to be an original, but all of which, taken together, shall constitute one and the same agreement. This DPA may be executed by means of accepting the CMP Terms of Service by the Publisher upon registration on Adlane’s platform and may be signed, scanned, and emailed, and any such copies shall be treated as original for all applicable purposes.
ANNEX A
Description of the Transfer
- List of Parties
Controller/Data Exporter:
Name: | See the information in the Publisher Account |
Address: | See the information in the Publisher Account |
Contact person’s name, position, and contact details: | See the information in the Publisher Account |
Activities relevant to the data transferred under this DPA: | See the Description of Data Transfer |
Signature and date: | See the information in the Publisher Account |
Role (controller/processor): | Controller |
Processor/Data Importer:
Name: | Adlane LTD |
Address: | 10 Apostol Karamitiev Str. floor 5, office 13 Burgas, Bulgaria |
Contact person’s name, position, and contact details: | DPO, contactable at legal@adlane.io |
Activities relevant to the data transferred under this DPA: | See the Description of Data Transfer |
Signature and date: | See the information in the Publisher Account |
Role (controller/processor): | Processor |
- Description of Data Transfer
Defined terms are as set out in the DPA agreed upon between the Parties.
Categories of Data Subjects: | End users of the Publisher Properties; Publisher employees and other personnel authorized to use CMP Service. |
Categories of Personal Data: | End users’ online identifiers (e.g. EventId/Consent ID, EventDateTime, IP Address, URL Address, IsConsent, AgreedConsentData, User Agent, Browser Language, Cookies, Geolocation); TCF String; Google Additional Consent String. Publisher Personnel: Contact details (name, email, telephone) and professional details (role). |
Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialized training), keeping a record of access to the data, restrictions for onward transfers or additional security measures: | NA |
The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis): | End Users – Continuous Publisher Personnel – Only where required to facilitate communication between the Parties. |
Nature of the processing: | Receipt, storage, use, and processing for the purpose of the CMP Service provision and business relationships. |
Purpose(s) of the data transfer and further processing: | End Users: For the Agreed Purposes (as defined in this DPA) Publisher Personnel: For business relationship and account management purposes. |
The period for which the Personal Data will be retained, or, if that is not possible, the criteria used to determine that period: | Until necessary for the provision of the CMP Service |
ANNEX B
Technical and Organizational Measures
Adlane LTD (“ADLANE”) takes appropriate Technical and Organizational Measures to ensure a level of security appropriate to the risk of the processing of Personal Data, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
The implemented security measures include, but are not limited to:
- Access security
- Strong passwords, based on a password policy, are used to provide access security;
- Information is stored in databases with state-of-the-art corresponding encryption.
- Data integrity
Data integrity of information is guaranteed by a state-of-the-art database.
- Organizational security
All applying workflows, information, and disciplinary consequences are also codified for employees in a comprehensible way.
- Physical security
Whereas physical storage location is not within the space of ADLANE but with a partner and/or another 3rd party, said partner and/or 3rd party is contractually obliged to fulfill the requirements according to the legislation applicable.
- Network and data security
- Only secure communication channels are being used;
- Only those network protocols essential for the delivery of the organization’s service to its users are open.
- Security incident management
- Both manual and automatic incident monitoring has been implemented by ADLANE in its systems;
- Said incident monitoring is continuously held to the state-of-the-art and controlled on functionality;
- Incident response workflows are defined, and incident report training is conducted based on said workflows.
- Testing and evaluation procedures
- Risk analysis is part of all new projects;
- All code is checked into a version-controlled repository. Code changes are subject to peer review;
- Deployment uses continuous integration testing, including automatic content security policy (cross-site scripting, clickjacking, and other code injection attacks) checks;
- Projects are carefully tested by a dedicated team before going to production.
- Data Disposal
Opt-out information is publicly available on ADLANE’s website.