1. OVERVIEW

By engaging with our affiliate program, you consent to adhere to this Data Privacy Statement.

This statement outlines how we gather, utilize, process, and share your personal details.

The entity designated as the "Data Controller" is the company responsible for defining the purposes and methods of processing personal data under this statement.

Mad Men Ltd operates as the data controller in accordance with EU Regulation 2016/67, determining the objectives and means for processing your personal data.

Within the context of this policy, terms like "we," "us," or "our" refer to the company accountable for your information as per this Data Privacy Statement.

Refer to Section 7 for the contact information of the Data Controllers.

2. INFORMATION WE GATHER

Upon applying to become an Affiliate, we request and collect your username, website URL, email address, country, and preferred currency.

Once your Affiliate status is approved, we collect your full name, physical address, date of birth, phone number, and in some instances, your Skype ID.

3. HOW WE UTILIZE COLLECTED INFORMATION

The details you provide are essential for the proper execution of the agreement between you and us, particularly for enforcing our Service Terms, including notifying you of any modifications.

In certain situations, we may also use your data to:

• reach out to you regarding promotions, offerings, or services that might interest you periodically, but only if you have opted-in to receive such marketing messages.

• conduct specific profiling to customize, evaluate, and enhance our marketing efforts and deliver more relevant promotional communications.

In these instances, we will process your personal information for the purposes outlined in this section based on our legitimate interest in conducting marketing activities to present you with potentially interesting products or services. You retain the option to unsubscribe from our marketing communications at any time by following the opt-out instructions provided in our messages or by adjusting your notification preferences within your account interface.

4. SHARING AND DISCLOSURE PRACTICES

4.1. ADHERENCE TO LEGAL REQUIREMENTS, RESPONDING TO OFFICIAL REQUESTS, PREVENTING HARM, AND SAFEGUARDING OUR RIGHTS.

We may share your information, including personal details, with judicial bodies, law enforcement agencies, governmental authorities, or authorized third parties, if and to the extent mandated or permitted by law, or if such disclosure is reasonably necessary: (i) to fulfill our legal obligations, (ii) to comply with legal procedures and address claims made against us, (iii) to respond to inquiries related to criminal investigations or suspected illegal activities, or any other actions that could expose us, you, or any of our users to legal liability.

The lawful basis for this processing is our legitimate interests, specifically the defense and assertion of our legal rights and the appropriate protection of our business against risks.

4.2. EXTERNAL SERVICE PROVIDERS

We may engage various external service providers to assist us in delivering services related to the affiliate program. These providers may be situated within or outside the European Economic Area ("EEA").

These providers have restricted access to your information and are contractually obligated to safeguard and use it solely on our behalf for the purposes for which it was shared, in accordance with this Data Privacy Statement.

We may share some of your information with such external service providers to ensure the effective performance of our contract with you, based on our legitimate interest, and to comply with our legal duties. We will seek your consent when necessary.

You are welcome to contact us at any time to obtain a complete list of our service providers who process your data.

4.3. CORPORATE AFFILIATES

We may share your information, including personal details, with any entity within our corporate group (encompassing our subsidiaries, our ultimate parent company, and all its subsidiaries) to the extent reasonably required for the purposes, and based on the legal grounds, outlined in this policy.

4.4. BUSINESS TRANSACTIONS

Should we undergo or be involved in any merger, acquisition, restructuring, asset sale, bankruptcy, or insolvency event, we may sell, transfer, or share some or all of our assets, including your information, in connection with or in anticipation of such a transaction (e.g., for due diligence). In such an event, we will inform you before your personal information is transferred and becomes subject to a different privacy policy.

5. YOUR DATA RIGHTS

Under the General Data Protection Regulation, you possess the right to access, correct, transfer, and request the deletion of some of your data. You also have the right to object to and limit certain data processing activities. This is determined on a case-by-case basis, depending on factors such as the nature of the data, the reasons for its collection and processing, and relevant legal or operational data retention requirements.

You may exercise any of the rights described in this section by contacting your Data Controller via email at [email protected]. Please note that we may need to verify your identity before proceeding with your request.

Kindly be aware that while we will endeavor to accommodate any request you make concerning your rights, these rights are not absolute. This means we may need to decline your request or may only be able to fulfill it partially.

5.1. MANAGING YOUR INFORMATION

You can access and update some of your information through your account Interface settings. You are responsible for ensuring your personal information remains current.

5.2. CORRECTING INACCURATE OR INCOMPLETE INFORMATION

You are entitled to request that we rectify any inaccurate or incomplete personal information about you (which you are unable to update yourself within your Interface).

5.3. DATA ACCESS AND PORTABILITY

You have the right to access your personal data held by us and the right to receive certain personal data in a structured, commonly used, and machine-readable format, and/or request that we transfer this information to another service provider (where technically feasible).

5.4. DATA RETENTION AND DELETION

We will retain your personal data for the duration necessary to fulfill the contract between you and us and to comply with our legal obligations. When processing your personal data is no longer necessary, it will be removed. However, please note that we may be legally and regulatorily required to retain personal data for a longer period.

You have the right to request the erasure of certain personal data when its processing is no longer necessary for us, when you have withdrawn your consent as per paragraph 5.5, when you have objected as per paragraph 5.6, when your personal data has been processed unlawfully, or when the erasure of your personal data is mandated by a legal obligation;

Please note that if you request the deletion of your personal information:

a. We may retain and use your personal information to the extent required to meet our legal obligations.

b. We may retain some of your personal information as needed for our legitimate business interests, such as detecting and preventing fraud and enhancing security.

c. Information we receive about you may be accessed and preserved for an extended period if it is subject to a legal request or obligation, governmental investigation, or inquiries into potential breaches of our Terms or Policies, or otherwise to prevent harm.

5.5. REVOKING CONSENT AND LIMITING PROCESSING

Where we have specifically sought your consent to process your personal data and have no other lawful basis to rely on, you are entitled to withdraw this consent at any time by modifying your Interface settings or by sending a communication to [email protected] specifying which consent you are revoking. Please note that withdrawing your consent does not invalidate the lawfulness of any processing activities based on that consent prior to its withdrawal.

Furthermore, applicable law may grant you the right to restrict how we use your personal information, particularly when (i) you dispute the accuracy of your personal information; (ii) the processing is unlawful and you oppose the deletion of your personal information; (iii) we no longer require your personal information for processing purposes, but you need the information for establishing, exercising, or defending legal claims; or (iv) you have objected to the processing as per the following section and while the verification of whether the Data Controller's legitimate grounds outweigh your own is pending.

5.6. OBJECTING TO PROCESSING

You have the right to object to processing where the lawful basis is our legitimate interests, but please be aware that we may still process your personal data if there are other relevant lawful bases or if we have compelling reasons to continue processing your personal data in our interests that are not overridden by your rights, interests, or freedoms;

You also have the right to object to direct marketing, which can be done by opting out of direct marketing either through your Interface settings or by opting out via the communication itself. You also have the right to object to any profiling solely related to direct marketing.

5.7. FILING COMPLAINTS

You are entitled to file complaints regarding the data processing activities conducted by the Data Controller with the relevant data protection authorities. Please refer to Section 7 for additional details.

6. INTERNATIONAL DATA TRANSFERS

To support our global operations, we may transfer, store, and process your information within our corporate family or share it with service providers located outside Europe for the purposes described in this Data Privacy Statement.

If we transfer your Personal Data outside the EEA, whether within the group or to our business partners, we will take all reasonable measures to ensure that appropriate safeguards are in place to maintain the security of your personal data at a level comparable to that within the EEA and in accordance with this Data Privacy Statement. This may involve using standard contractual clauses, binding corporate rules, or any other acceptable method that guarantees protection of your data to the standard required within the EEA.

You can always contact us to obtain a comprehensive list of our service providers located outside the EEA who process your data.

7. REACH OUT TO US

Should you have inquiries about this Statement or our data handling practices, or if you wish to exercise any of your rights under the General Data Protection Regulation, please contact our Data Protection Officer at: [email protected]

The Data Controller responsible for your information is Mad Men Ltd, registration no. C 77905, located at 97, Windsor Street, Sliema, Malta.

8. SUBMITTING A COMPLAINT

If you are dissatisfied with how we manage your personal data, you also have the right to file a complaint with your local Data Protection Authority .