LinkedIn Independent Controller Addendum

This Independent Controller Addendum (“Addendum”) is entered into by the LinkedIn customer identified on the applicable LinkedIn ordering document for LinkedIn services (“Customer” or “You”) and the LinkedIn company identified on the ordering document (along with its affiliates, “LinkedIn” or “We”). This Addendum amends the LinkedIn Data Processing Agreement between Customer and LinkedIn available at this link: https://www.linkedin.com/legal/l/dpa (“DPA”) only with respect to the Processing of Customer Personal Data (including Audience Data), but excluding the Customer Personal Data of California Consumers, in connection with services related to the Relevant Products (defined as “LinkedIn Marketing Solutions products and services including the LinkedIn Insight Tag and LinkedIn’s services based thereon, including Website Retargeting and Conversion Tracking, as well as Lead Gen Forms and Matched Audiences, Audience Insights, Revenue Attribution Report and Offline Conversions/Conversions API”). For the avoidance of doubt, the DPA will apply unamended with respect to any processing of Customer Personal Data by LinkedIn: 1) of California Consumers; and 2) in connection with all other services and products outside of the Relevant Products. Capitalized terms have the meaning set forth in the DPA, unless otherwise defined in this Addendum.

LinkedIn owns and is controller of Customer Personal Data Processed by LinkedIn in respect of the Relevant Products (as that term is defined under the Data Protection Requirements). We use and share such Customer Personal Data for the purposes of delivering, supporting and improving our products and services including, where applicable, retargeting and conversions. You understand and acknowledge that we use such Customer Personal Data for our own purposes including those related to reporting and performance analysis. 

The terms of the DPA shall be amended as follows:

i) Sections 2, 4-6 and 8 of the DPA are intentionally unused.

ii) Section 7 (Data Transfers) of the DPA is replaced in its entirety with the following clause:

“7. Data transfers

7.1 For transfers of EU Personal Data between the parties for Processing in a jurisdiction other than a jurisdiction in the EU, the EEA, or the European Commission-approved countries providing adequate data protection, each party agrees it will use Module 1 of the SCCs (Controller to Controller provisions) , which are incorporated herein by reference. The parties agree that the following terms apply: (i) the competent Supervisory  Member State in which the exporting Party is located shall be the competent Supervisory Authority pursuant to Clause 13 of the SCCs; (ii) data subjects for whom a an n entity Processes EU Personal Data are third-party beneficiaries under the applicable SCCs; (iii) the SCCs shall be governed by the law of Ireland, which allows for third-party beneficiary rights pursuant to Clause 17 of the SCCs; and (iv) any dispute arising from the SCCs shall be resolved by the courts of Ireland pursuant to Clause 18 of the SCCs. Schedule A to this DPA shall apply as Annex I of SCCs and Schedule D shall apply at Annex II of the SCCs. If one party is unable or becomes unable to comply with these requirements, then EU Personal Data will be processed and used exclusively within the territory of a member state of the European Union and any movement of EU Personal Data to a non-EU country requires the prior written consent of the other party. Each party shall promptly notify the other of any inability to comply with the provisions of this Section 7.

7.2 Notwithstanding Section 7.1, where the transfers contemplated under this Section 7 result in transfers of UK Personal Data for Processing in a jurisdiction other than in the UK or UK Information Commissioner’s Office-approved countries providing ‘adequate’ data protection, each party agrees it will use the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (the “UK IDTA”) which is incorporated herein by reference. Accordingly, (a) the SCCs used for EU Personal Data shall also apply to transfers of UK Personal Data; (b) the SCCs between the parties shall be deemed amended as specified in the UK IDTA in respect of the transfer of such UK Personal Data; and (c) neither party may terminate the UK IDTA pursuant to Section 19 of the UK IDTA. Schedules A and D shall apply as Annex I and Annex II, respectively."