XPR Media - Cookie Policy
Effective Date: 3/10/2026 | Version: 1
This Cookie Policy explains how XPR Media ("XPR", "we", "our", or "us") uses cookies and similar technologies when you use our website or Services.
1. What Are Cookies?
Cookies are small text files placed on your device to store data. They help websites remember your actions and preferences (such as login, language, etc.).
2. Types of Cookies We Use
| Type | Purpose |
|---|---|
| Strictly Necessary | To enable essential platform functionality (e.g., logins, security, and tracking). |
| Performance | To collect information on how visitors use our website (e.g., analytics). |
| Functional | To remember your preferences and enhance your experience. |
| Marketing | To deliver relevant ads and measure campaign effectiveness. |
3. Third-Party Cookies
We may allow trusted third parties (e.g., Google Analytics, LinkedIn Insights, etc.) to set cookies for analytics and advertising. These third parties are governed by their own privacy policies.
4. Your Choices
You can control cookies through your browser settings:
- Block or delete cookies
- Enable "Do Not Track" signals
- Use browser extensions or plug-ins for privacy controls
Please note: Disabling cookies may affect the functionality of the Services.
5. Updates
We may update this Cookie Policy periodically. Changes will be reflected via this page and by accepting our cookies, you acknowledge having read and accepted this policy.
6. Contact Us
For questions about our use of cookies, email us at privacy@xpr.media
PR Media Data Processing Addendum (DPA)
By continuing the use of our platform by syndicating content through XPR Media, you acknowledge that you have read, understood and accepted the below processing addendum. This DPA is now incorporated into the main agreement between XPR Media and its clients (the "Agreement") and applies when XPR processes personal data on behalf of the Client.
1. Definitions
- Data Controller: The Client, who determines the purpose of processing.
- Data Processor: XPR Media, who processes personal data on behalf of the Controller.
- Personal Data, Processing, etc.: As defined in GDPR Article 4.
2. Purpose of Processing
XPR will process personal data solely for:
- Enabling content syndication
- Managing agency and publisher accounts
- Providing access to reporting tools
- Delivering contracted services
3. Client Obligations
The Client represents that:
- It has obtained all necessary rights and consents to share personal data with XPR and syndicate on behalf of its own clients.
- Personal data shared is relevant, accurate, and lawful.
4. XPR Obligations
XPR agrees to:
- Process data only on documented instructions
- Implement appropriate technical and organizational security measures
- Ensure confidentiality and limit access to authorized personnel
- Assist the Client in fulfilling data subject rights
5. Sub-Processors
XPR may use sub-processors (e.g., hosting, analytics, etc.). A current list is available upon request. XPR ensures sub-processors are subject to equivalent obligations.
6. Data Transfers
Personal data may be transferred to countries outside the EEA under appropriate safeguards, such as:
- Standard Contractual Clauses (SCCs)
- Data Privacy Framework participation
7. Data Subject Requests
If XPR receives a data subject request directly, we will notify the Client without undue delay and assist in responding if required, adhering in accordance with our service level agreements.
8. Security Breach Notification
In the event of a confirmed personal data breach, XPR will notify the Client without undue delay, provide details, and cooperate with necessary mitigation efforts.
9. Audit Rights
Client may audit XPR's data processing activities upon reasonable notice and during normal business hours, limited to once annually unless legally required.
10. Termination
Upon termination of the Agreement, XPR will delete or return personal data, unless retention is required by law.
11. Governing Law
This DPA is governed by the same laws and jurisdiction as the main Agreement.