Data Processing Agreement
Last updated: December 2025
1. Introduction
This Data Processing Agreement ("DPA") is entered into between OnChain Media Group and its customers to ensure compliance with GDPR and other data protection regulations when processing personal data through our ad-tech platform.
2. Definitions
- "Controller" means the entity that determines the purposes and means of the processing of personal data.
- "Processor" means OnChain Media Group, which processes personal data on behalf of the Controller.
- "Personal Data" means any information relating to an identified or identifiable natural person.
- "Processing" means any operation performed on personal data, such as collection, storage, use, or disclosure.
3. Subject Matter and Duration
This DPA governs the processing of personal data by OnChain Media Group in connection with the provision of our ad-tech platform services. This agreement remains in effect for the duration of the service agreement.
4. Nature and Purpose of Processing
OnChain Media Group processes personal data for the following purposes:
- Ad targeting and optimization
- Fraud detection and prevention
- Analytics and reporting
- Billing and account management
- Compliance and legal obligations
5. Type of Personal Data
The types of personal data processed may include:
- IP addresses and device identifiers
- Browser and user agent information
- Geographic location data
- Advertising identifiers
- Behavioral and contextual data
6. Obligations of the Processor
OnChain Media Group agrees to:
6.1. Security Measures
Implement appropriate technical and organizational security measures, including:
- Encryption of data in transit and at rest
- Access controls and authentication
- Regular security audits and assessments
- Incident response procedures
6.2. Confidentiality
Ensure that personnel authorized to process personal data are committed to confidentiality.
6.3. Sub-processing
Only engage sub-processors with the Controller's prior written authorization and ensure they provide the same level of data protection.
6.4. Data Subject Rights
Assist the Controller in handling data subject requests, including access, rectification, erasure, and data portability requests.
7. Data Subject Rights
OnChain Media Group will assist the Controller in responding to data subject requests within the timeframes required by applicable law.
8. Data Breach Notification
OnChain Media Group will notify the Controller without undue delay upon becoming aware of a personal data breach, providing sufficient information to enable the Controller to meet its notification obligations.
9. Data Deletion and Return
At the Controller's choice, OnChain Media Group will delete or return all personal data upon termination of the service agreement, unless required to retain such data by applicable law.
10. Audit Rights
OnChain Media Group will make available to the Controller all information necessary to demonstrate compliance with this DPA and allow for and contribute to audits.
11. International Data Transfers
Any transfer of personal data outside the EEA will be subject to appropriate safeguards, including Standard Contractual Clauses or other approved mechanisms.
12. Liability
OnChain Media Group shall be liable for damages caused by its breach of this DPA or applicable data protection laws.
13. Governing Law
This DPA shall be governed by the laws of the jurisdiction in which the Controller is established, unless otherwise agreed.