Partner FAQs: GDPR Data Processing Addendum

March 2022

Partner-Facing Only

 

GDPR Basics

GDPR went into effect on May 25, 2018 with the primary objectives of giving EU citizens (Data Subjects) control of their personal data and simplifying the regulatory environment for international businesses by unifying the regulation within the EU. Adobe considers GDPR compliance a shared journey with our customers and partners (solution and technology). Here is a link to Adobe’s GDPR site if you want more details about Adobe’s GDPR readiness. 

 

Reason for GDPR Data Processing Addendum

Under Article 28.3 of the GDPR, there is an obligation that Data Controllers have an agreement or other binding terms in place outlining the processing activities with each of their Data Processors. Adobe is asking each of its Data Providers to sign the GDPR Data Processing Addendum to assist the Data Provider in fulfilling its obligations under Article 28.3. The GDPR Data Processing Addendum merely documents Adobe’s obligations as the Data Provider’s Data Processor.

 

Why is Schrems II Relevant to Audience Marketplace Data Providers?

Due to the architecture of Adobe Audience Marketplace, Data Provider data must be transferred from the EU to the U.S. for processing. In light of the recent Schrems II ruling, it is important to have the appropriate transfer mechanisms in place for such transfers.

 

As a Data Provider Partner, I’m not sending any EU data to Adobe, do I have to sign this and what is the impact of signing or not?

Adobe cannot provide specific legal advice on this matter. Adobe recommends you seek legal counsel from an attorney for guidance around the implications for your business. Generally speaking, the agreement outlines Adobe’s obligations as a data processor of your data. The terms of the agreement reflect the parties’ respective obligations in the event EU data may be transferred.

 

How does Adobe process our data?

Adobe processes the Data Provider Audiences in accordance with the Data Provider’s permission and instructions in order to Make Available Audiences to Clients as outlined in your Audience Marketplace Data Provider Agreement with Adobe. Please refer to that Agreement for further details. 

 

If a data provider previously signed a GDPR Data Processing Addendum, would I have to sign this one?

This new Addendum includes updates related to Adobe’s terms and GDPR and will replace the Addendum that you previously signed with Adobe.

 

When should I expect the GDPR Data Processing Addendum to arrive in my inbox and how long do I have to sign the GDPR Data Processing Addendum?

We will be sending out the Addendum on the week of April 4, 2022. Please plan to review and sign the Addendum in a timely manner.

 

What happens if I do not sign the GDPR Data Processing Addendum?

If we do not receive your signed Addendum, Adobe will terminate or suspend your Audience Marketplace data integration until the Addendum is signed to ensure appropriate GDPR requirements are reflected in our agreements with your company. During this time, no data will be made available to prospective buyers and we may notify buyers of the same.

 

What happens if I am not the right signatory to sign the GDPR Data Processing Addendum?

If you are not the right signatory, you can delegate signatory to someone else*. Please do note that Acrobat Sign does not work well on Google Chrome. We highly suggest that you use other browsers when delegating the signatory. 

  1. Open your agreement in Acrobat Sign
  2. Select tab “Manage” on the upper left corner
  3. Go to the upper left corner of the page. Select “Option”, then “Delegate signing to another”

*See delegating signature authority screenshots at the bottom of this FAQ.

 

Who Can I Talk to if I have more questions?

For any additional questions that you may have, please reach out to gdprcomp@adobe.com.

 

Step 2 in changing signatories
Step 3 on changing signatories