Effective Date: 20.06.2025

1. Introduction and Your Agreement

This Privacy Policy explains how ADVERTASIO LIMITED (“we”, “us”, “our”) collects, uses, processes, stores, and shares information from users of our website, www.advertasio.com (the “Website”). We are committed to protecting your privacy and handling personal data in strict compliance with applicable laws, including the General Data Protection Regulation (GDPR), the ePrivacy Directive, and the Data Protection Act. This policy applies to our Website and all services and products we offer. This includes any interaction you have with us through the Website or by corresponding with us via email or our Website’s contact forms. By using our Website, services, or contacting us, you signify your agreement with this Privacy Policy. When you submit a message using a form on our platform, you explicitly confirm your acceptance of the data practices described herein and in our Terms and Conditions. This includes your acceptance of how we process, store, and use your personal data. If you do not agree with the terms of this Privacy Policy, please refrain from using our Website and services. We consider this Privacy Policy to be an integral part of our Terms and Conditions.

2. Personal Data: What We Process and Why

Defining Personal Data Personal data refers to any information related to an identified or identifiable natural person, as defined by the GDPR. This includes individuals who can be directly or indirectly identified through various identifiers or personal characteristics. ADVERTASIO LIMITED will only process your personal data for the specific purposes outlined in this Privacy Policy and will not process it for any other purpose without your consent. Our Purposes for Processing Personal Data We collect and process personal data for several specific, predetermined purposes, with a clear legal basis for each activity.

• To Provide Our Services: We process your personal data to fulfill our contractual obligations to you. This includes responding to your inquiries, offering support, and processing transactions. Providing this information may be a requirement for entering into a contract with us, and failure to provide it may result in our inability to deliver services to you. Legal Basis: Performance of a contract (GDPR Art. 6.1.b).
• For Invoicing and Payment Processing: To conduct our business legally, we must process certain personal data, such as your name, contact details, and bank account information, to issue invoices and process payments. Legal Basis: Legal obligation (GDPR Art. 6.1.c).
• To Communicate with You: We may process your personal data to communicate with you about our services, including providing updates and other relevant information.
  • Legal Basis: Performance of a contract or our legitimate business interests (GDPR Art. 6.1.b or 6.1.f).
• For Direct Marketing: With your explicit consent, we may use your personal data to send you marketing materials like newsletters, promotions, and special offers. You have the right to withdraw this consent at any time.
  • Legal Basis: Consent (GDPR Art. 6.1.a).
• To Improve Our Platform: We analyze user data to understand how our services are used, which helps us enhance our platform’s efficiency and optimize the user experience.
  • Legal Basis: Legitimate interest (GDPR Art. 6.1.f).
• For Legal and Compliance Purposes: We process personal data to meet our legal obligations. This includes fulfilling KYC/AML requirements and responding to lawful orders from courts, law enforcement, or other authorities.
  • Legal Basis: Legal obligation (GDPR Art. 6.1.c).
• For Recruitment and Events:
  • For recruitment, we process your personal data to evaluate your suitability for a role with us and to communicate with you regarding the recruitment process.
  • For event planning, we may process your data to manage events, which includes verifying attendance, arranging accommodation, and processing competition entries.
  • Legal Basis: Performance of a contract or our legitimate business interests (GDPR Art. 6.1.b or 6.1.f).
• For Purposes Arising from Partner Contracts: We may process your personal data for other purposes as required by our contracts with our partners, always in accordance with applicable data protection laws.

Categories of Personal Data We Process

To fulfill the purposes described above, we may process the following categories of personal data. The specific data processed will depend on the nature of your interaction with us.

• Identity Information: This includes your title, full name, surname, date of birth, and official identification numbers (e.g., birth number, ID card number). This data is essential for verifying your identity, entering into legally binding contracts, and complying with KYC regulations.
• Contact Details: This includes your permanent residence address, email address, and telephone number. We use this information to communicate with you, deliver services, and send important notices.
• Employment Information: For individuals applying for roles or engaged in a professional capacity, this may include your employee number.
• Business Information (for Sole Proprietors and Legal Entities): This includes commercial identifiers such as a Business ID, tax ID, and VAT ID, as well as the business name and location. For legal entities, this extends to the personal data of managers, board members, and other authorized representatives. This data is necessary for B2B transactions and contractual engagements.
• Communication Records: This may include video or audio recordings of customer service calls for quality assurance and training purposes, or photographs you voluntarily provide. We will always inform you before a recording is made.
• Digital Footprint and Website Usage Data: When you visit our Website, we automatically collect technical information, which may include your IP address, browser type and version, and data about your interaction with our site. This also includes information collected via cookies, as detailed in Section 8. We process this data to ensure the security of our platform and to analyze user behavior for service improvement.
• Publicly Available Information: This includes data from social media profiles (e.g., Facebook, Instagram), professional networking data (e.g., LinkedIn), or other information you have made public on business or employment-focused websites. We may process this data for recruitment or due diligence purposes.

3. How and With Whom We Share Personal Data

ADVERTASIO LIMITED may need to disclose your personal data to third parties. We only do so when it is legally permissible and necessary, and we take contractual and operational measures to ensure all recipients process your data in accordance with the GDPR and other applicable laws. The categories of recipients for your personal data include:

• Authorized Employees: Access to your personal data is restricted to employees within our company who require it to perform their job duties. These employees are bound by strict confidentiality obligations and are trained in data protection. Access is granted on a principle of least privilege, meaning they only have access to the data necessary for their specific tasks.
• Contractual Partners (as Processors): We engage third-party service providers, known as subprocessors, who process your personal data on our behalf and under our instruction. This may include partners providing IT infrastructure, cloud hosting, payment processing, or customer support solutions. We conduct due diligence on all subprocessors and enter into legally binding Data Processing Agreements (DPAs) that comply with Article 28 of the GDPR. These agreements obligate our partners to provide sufficient guarantees to implement appropriate technical and organizational measures to protect your rights.
• Law Enforcement and Other Authorities: We may disclose your personal data to law enforcement, courts, regulators, or other public authorities to the extent required by law. This will only be done to comply with a binding legal obligation, such as a court order or subpoena, or where necessary to protect the vital interests of an individual.
• Professional Advisors: We may share your personal data with our professional advisors, such as lawyers, auditors, and insurers, where necessary in the course of the professional services that they render to us. They are also bound by confidentiality obligations.
• In Case of Business Transfers: If ADVERTASIO LIMITED is involved in a merger, acquisition, or sale of all or a portion of its assets, your personal data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Website of any change in ownership or uses of your personal data, as well as any choices you may have.

We may update this list of recipients as our operational needs and legal obligations change. We do not sell your personal data to third parties.

4. International Data Transfers

We manage personal data with the utmost care, particularly regarding international data transfers. Our primary data storage and processing occurs on servers located within the European Union (EU) or the European Economic Area (EEA). However, a cross-border transfer of your data to a third country outside of these regions may occur when necessary for service provision or efficient communication, involving authorized third parties. Any such transfer of personal data to a country outside the EU/EEA or the UK will be conducted in strict compliance with Chapter V of the EU GDPR and the UK GDPR, respectively. We ensure that your personal data is protected by implementing legally established transfer mechanisms, such as:

• Adequacy Decisions: Transferring data to countries that the European Commission (or the UK government) has deemed to provide an adequate level of data protection.
• Standard Contractual Clauses (SCCs): Using legally binding, pre-approved data protection clauses adopted by the European Commission. Where required, these SCCs are supplemented with additional technical and organizational measures based on a thorough Transfer Impact Assessment (TIA) to ensure the level of protection is essentially equivalent to that within the EU.
• Other Legal Instruments: In specific cases, we may rely on other valid transfer mechanisms, such as Binding Corporate Rules (BCRs) for intra-group transfers or specific derogations under Article 49 of the GDPR, although these are used only in exceptional circumstances.

Our commitment is to ensure that your personal data remains protected, regardless of its geographic location. We continuously monitor and update our data transfer practices to align with evolving international data protection regulations and judicial interpretations.

5. Data Security and Retention

We are committed to protecting your personal data and have implemented appropriate technical and organizational security measures designed to prevent unauthorized access, use, alteration, disclosure, or destruction. These measures include:

• Technical Safeguards: Employing encryption for data in transit and at rest, using firewalls, and implementing access control systems.
• Organizational Policies: Maintaining internal policies for data handling, conducting regular data protection training for our personnel, and restricting access to personal data to authorized personnel on a need-to-know basis.
• Oversight and Review: Regularly reviewing and updating our security measures to adapt to new threats and maintain optimal data protection.

Data Breach Notification In the unlikely event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data, we have procedures in place to manage the incident promptly. We will assess the risk to individuals’ rights and freedoms and, where required, will issue a breach notification to the relevant supervisory authority and affected individuals in accordance with our legal obligations under the GDPR. Data Retention We adhere strictly to the principles of data minimization and purpose limitation. We retain personal data only for as long as is necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The retention period for your personal data depends on the specific purpose of the processing:

• Contractual Data: Retained for the duration of the contractual relationship and for a subsequent period of up to 10 years after its termination, to cover potential statutory limitation periods for legal claims.
• Dispute-Related Data: In the event of a dispute, data will be retained until the full and final settlement of any claims or proceedings, plus the subsequent limitation period for enforcement.
• Consent-Based Data: Where processing is based on consent (e.g., for marketing), personal data is retained until you withdraw that consent.
• Other Data: Retained as required by specific legal or statutory obligations (e.g., tax or company laws), after which it will be securely deleted or anonymized.

We conduct regular reviews of our data retention periods to ensure we do not hold personal data longer than is legally permissible and necessary.

6. Our Policy on Children’s Data

We take special precautions when handling the personal data of children (individuals under the age of majority in their country). We only process such data if:

1. A person with parental responsibility has provided consent; or
2. The child can legally provide consent themselves under national law.

If we learn that we have unintentionally received a child’s personal data without such legal basis, we will promptly delete it.

7. Your Data Protection Rights

As a data subject under the GDPR and the Data Protection Act, you have specific rights regarding your personal data.

• Right of Access: You can request confirmation of whether we process your personal data and, if so, receive a copy of that data.
• Right to Rectification: You can request the correction of inaccurate personal data and the completion of incomplete data.
• Right to Erasure (“Right to be Forgotten”): You can request the deletion of your personal data if it is no longer needed, you withdraw consent, you object to the processing, or the processing is unlawful.
• Right to Restrict Processing: You can request to limit the processing of your data under certain circumstances, such as if you contest its accuracy.
• Right to Data Portability: You can receive the personal data you provided to us in a structured, machine-readable format and have it transferred to another data controller.
• Right to Object: You can object at any time to the processing of your personal data based on your particular situation.
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.
• Right to Lodge a Complaint: If you believe your rights have been violated, you have the right to lodge a complaint with your national data protection authority.

To exercise any of these rights, please contact us.

8. Our Use of Cookies

Our Website uses cookies and similar tracking technologies to operate and enhance your browsing experience. A cookie is a small text file stored on your device when you visit a website. Types of Cookies We Use and Their Purposes We categorize our cookies as follows:

• Strictly Necessary Cookies: These cookies are essential for the Website to function correctly. They enable core functionalities such as security, network management, and accessibility. As they are necessary for the operation of our services, they are placed on your device without requiring your prior consent.
• Performance and Analytics Cookies: These cookies collect anonymous and aggregated information about how visitors use our Website, such as which pages are visited most often. This data helps us analyze traffic and improve the Website’s performance. We use third-party services like Google Analytics for this purpose. These cookies are only placed on your device with your explicit consent.
• Functional Cookies: These cookies allow the Website to remember choices you make (such as your language preference or region) and provide enhanced, more personal features. These cookies are only placed on your device with your explicit consent.
• Marketing and Advertising Cookies: These cookies are used to deliver advertisements that are more relevant to you and your interests. They may be used to track the effectiveness of advertising campaigns and may be set by us or by third-party advertising partners. These cookies are only placed on your device with your explicit consent.

Your Consent and How to Manage Cookies In compliance with the law, we require your explicit and informed consent to place any cookies on your device that are not strictly necessary. When you first visit our Website, you will be presented with a cookie banner providing clear options to accept all cookies, reject non-essential cookies, or customize your preferences.

9. Changes to This Privacy Policy

We regularly review and amend this Privacy Policy to ensure it remains compliant with data protection laws. ADVERTASIO LIMITED reserves the right to amend this policy at any time. All changes are effective immediately upon posting the updated Privacy Policy on our Website. We encourage you to review this page periodically to stay informed.

10. How to Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us by sending an email with the subject line “Personal Data Protection” to: [email protected]