PRIVACY POLICY

For the owner of this website, YouAff Spółka z ograniczoną odpowiedzialnością, based at ul. Prosta 70, 00-838 in Warsaw, NIP: 5273106711, REGON: 528277388, KRS: 0001098352, data protection is one of the most important issues. The owner makes every effort to ensure the protection of Users’ personal data during their use of the website.

This Privacy Policy defines the rules and scope of processing Users’ personal data, the obligations of the data controller, and specifies the way cookies are used.

The Company operates an affiliate marketing platform created by Advertisers and Publishers. The Company’s platform enables Advertisers and Publishers to connect, leading to the promotion of Advertisers and their products/services by Publishers through displaying ads on their websites. Customers clicking on relevant ads are redirected from the Publisher’s site to the Advertiser’s site, where they can directly make transactions related to the Advertiser’s products/services.

  1. DEFINITIONS

For the purposes of this Privacy Policy, the following definitions are introduced:

1.1. Data Protection Act – means the Act of May 10, 2018, on the protection of personal data, i.e. (Journal of Laws 2018.1000 of 2018.05.24);

1.2. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;

1.3. Personal Data – information about an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be directly or indirectly identified, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or several specific factors characteristic of the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;

1.4. Policy – this Privacy Policy;

1.5. Company – YouAff Spółka z ograniczoną odpowiedzialnością, based at ul. Prosta 70, 00-838 in Warsaw, NIP: 5273106711, REGON: 528277388, KRS: 0001098352;

1.6. Data Controller – the Company processing personal data of the Publisher or Advertiser in connection with a concluded agreement;

1.7. User – a person visiting the Service, a person intending to use or using the services offered by the Data Controller, including a person registering on the Service to start cooperation in the field of affiliation;

1.8. Servicehttps://youaff.hasoffers.com/

  1. GENERAL PROVISIONS

2.1. This Privacy Policy sets out the principles for the processing of personal data by the Company, obtained via the website https://youaff.hasoffers.com/, i.e., the personal data of Publishers or Advertisers, excluding the personal data of the clients of Publishers and Advertisers.

2.2. The data controller of the personal data provided by Publishers and Advertisers is the Company.

2.3. The Publisher and the Advertiser are the data controllers of their clients’ personal data in accordance with Article 6(1)(a) and (b) of the GDPR. Consequently, the Publisher or Advertiser releases the Company from liability and claims from third parties for the processing of personal data of their clients by the Publisher or Advertiser, using the provided link.

2.4. Personal data is processed:

2.4.1. in accordance with the regulations concerning the protection of personal data, including the GDPR,

2.4.2. in accordance with this Privacy Policy,

2.4.3. to the extent and for the purpose necessary to establish, shape the content of the agreement binding the Company with the Publisher or Advertiser, to change or terminate it, and to properly execute services provided electronically,

2.4.4. to the extent and for the purpose necessary to fulfill legitimate interests (legally justified purposes), provided that the processing does not infringe on the rights and freedoms of the data subject:

2.4.5. to the extent and for the purpose consistent with the consent expressed by the User.

2.5. The definitions indicated in the Terms and Conditions (https://youaff.hasoffers.com/terms) apply to this Privacy Policy.

2.6. In connection with the User’s use of the Service, the data controller, the Company, collects data to the extent necessary to provide the various offered services, as well as information about the User’s activity in the Service. Below are described the detailed principles and purposes of processing personal data collected during the User’s use of the Service.

2.7. The Company reserves the right to share data, including personal data of the Publisher, Advertiser, or User, based on relevant legal regulations. Furthermore, the Company reserves the right to entrust the processing of data, including personal data of the Publisher, Advertiser, or User, to third parties with whom the Company cooperates based on separately concluded agreements.

2.8. All data provided by the Publisher, Advertiser, or User is treated by the Company as confidential.

  1. PURPOSES AND LEGAL BASES FOR DATA PROCESSING IN THE SERVICE

USING THE SERVICE

3.1. Personal data of all individuals using the Service (e.g., IP address and other information collected through the use of cookies) who are not registered (i.e., individuals who do not have an account in the Service) are processed by the Administrator:

3.1.1. for the purpose of providing electronic services in the scope of making available to Users the content collected in the Service, handling complaints and reporting abuse – the legal basis is the necessity of processing for the performance of a contract (Article 6(1)(b) of the GDPR);

3.1.2. for analytical and statistical purposes – the legal basis is the legitimate interest of the Data Controller, the Company (Article 6(1)(f) of the GDPR), consisting of conducting analyses of User activity and their preferences to improve the quality of the services provided;

3.1.3. for the possible establishment and pursuit of claims or defense against them – the legal basis is the legitimate interest of the Data Controller, the Company (Article 6(1)(f) of the GDPR), aimed at protecting its rights;

3.1.4. for marketing purposes of the Data Controller and other entities, particularly related to presenting advertisements and informing about new campaigns, new guidelines from the Advertiser, potential breaks in promotion, and other actions related to the promotion of products available through the partner network – the legal basis for processing personal data for marketing purposes is described below.

3.2. The User’s activity in the Service, including their personal data, is recorded in system logs (a special computer program used to maintain a chronological record containing information about events and actions concerning the IT system used to provide services by the Data Controller, the Company). The information collected in the logs is primarily processed for purposes related to providing services. The Data Controller, the Company, also processes this data for technical, administrative purposes, to ensure the security of the IT system and manage this system, as well as for analytical and statistical purposes – in this respect, the legal basis for processing is the legitimate interest of the Data Controller, the Company (Article 6(1)(f) of the GDPR).

REGISTRATION IN THE SERVICE

3.3. Individuals registering in the Service are asked to provide the data necessary to create and manage an account.

3.4. In the registration form, the User provides:

3.4.1. First name;

3.4.2. Last name;

3.4.3. Company NIP (Tax Identification Number);

3.4.4. Company address;

3.4.5. Website address;

3.4.6. Email address;

3.4.7. Phone number.

3.5. If the Publisher or Advertiser consents to receive marketing information at their email address, the Company will send electronic messages containing commercial information about promotions and new products available through the Service.

3.6. To facilitate service, the Publisher or Advertiser may provide additional data, thereby consenting to their processing. Such data can be deleted at any time. Providing the data marked as mandatory is required to establish and manage the account, and failure to provide it will result in the inability to create an account. Providing other data is voluntary, in connection with the services provided through the Service, with the reservation that failure to provide specific data indicated in the registration form will prevent registration.

3.7. Personal data is processed:

3.7.1. for the purpose of providing services related to the management and maintenance of the account in the Service – the legal basis for processing is the necessity of processing for the performance of a contract (Article 6(1)(b) of the GDPR), and for the scope of optionally provided data – the legal basis for processing is consent (Article 6(1)(a) of the GDPR);

3.7.2. for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Data Controller, the Company (Article 6(1)(f) of the GDPR), consisting of conducting analyses of the activity of Publishers and Advertisers in the Service and how they use their accounts, as well as their preferences to improve the functionalities used;

3.7.3. for the possible establishment and pursuit of claims or defense against them – the legal basis for processing is the legitimate interest of the Data Controller, the Company (Article 6(1)(f) of the GDPR), aimed at protecting its rights;

3.7.4. for marketing purposes of the Data Controller, the Company, and other entities – the principles of data processing are described below.

3.8. If the Publisher or Advertiser places any personal data of other individuals (including their name, address, phone number, or email address) in the Service, they may only do so provided that they do not violate applicable laws and the personal rights of those individuals.

CONTACT FORMS

3.9. The Data Controller, the Company, provides the possibility to contact it using electronic contact forms. Using the form requires providing personal data necessary to contact the Publisher, Advertiser, or User and to respond to the inquiry. The Publisher, Advertiser, or User may also provide additional data to facilitate contact or the handling of the inquiry. Providing data marked as mandatory is required to accept and handle the inquiry, and failure to provide it will result in the inability to process the inquiry. Providing the remaining data is voluntary.

3.10. Personal data is processed:

3.10.1. for the purpose of identifying the sender and handling their inquiry submitted through the provided form – the legal basis is the necessity of processing for the performance of a service contract (Article 6(1)(b) of the GDPR);

3.10.2. for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Data Controller, the Company (Article 6(1)(f) of the GDPR), consisting of conducting statistics of inquiries submitted by Publishers, Advertisers, or Users through the Service and improving its functionality.

  1. MARKETING

4.1. The Data Controller, the Company, processes the personal data of Publishers, Advertisers, and Users for the purpose of carrying out marketing activities, which may consist of:

4.1.1. displaying marketing content to the Publisher, Advertiser, or User that is not tailored to their preferences (contextual advertising);

4.1.2. displaying marketing content to the Publisher, Advertiser, or User that corresponds to their interests (behavioral advertising);

4.1.3. sending email notifications about interesting offers or content, which in some cases include commercial information (newsletter service);

4.1.4. conducting other types of activities related to direct marketing of goods and services (sending commercial information electronically and telemarketing activities).

4.2. For the purpose of carrying out marketing activities, the Data Controller, the Company, in some cases uses profiling. This means that through automated data processing, the Data Controller assesses selected factors concerning individuals to analyze their behavior or create future forecasts.

CONTEXTUAL ADVERTISING

4.3. The Data Controller, the Company, processes the personal data of Publishers, Advertisers, and Users for marketing purposes in connection with directing contextual advertising to them (i.e., advertising that is not tailored to the User’s preferences). The processing of personal data then occurs in connection with the realization of the legitimate interest of the Data Controller, the Company (Article 6(1)(f) of the GDPR).

BEHAVIORAL ADVERTISING

4.4. The Data Controller, the Company, and its trusted partners process the personal data of Publishers, Advertisers, and Users, including personal data collected through cookies and other similar technologies, for marketing purposes in connection with directing behavioral advertising to them (i.e., advertising that is tailored to preferences). The processing of personal data also includes profiling Publishers, Advertisers, and Users. The use of personal data collected through this technology for marketing purposes, particularly in promoting services and goods of third parties, requires obtaining consent from the aforementioned entities. This consent may be withdrawn at any time.

NEWSLETTER

4.5. The Data Controller, the Company, provides a newsletter service on the terms specified in the Terms and Conditions for individuals who have provided their email address for this purpose. Providing data is required for the provision of the newsletter service, and failure to provide it will result in the inability to send it.

4.6. Personal data is processed:

4.6.1. for the purpose of providing the newsletter service – the legal basis for processing is the necessity of processing for the performance of a contract (Article 6(1)(b) of the GDPR);

4.6.2. in the case of sending marketing content to the Publisher, Advertiser, or User within the newsletter – the legal basis for processing, including profiling, is the legitimate interest of the Data Controller, the Company (Article 6(1)(f) of the GDPR) in connection with the expressed consent to receive the newsletter;

4.6.3. for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Data Controller, the Company (Article 6(1)(f) of the GDPR), consisting of conducting analyses of the activity of Publishers, Advertisers, and Users in the Service to improve the functionalities used;

4.6.4. for the possible establishment and pursuit of claims or defense against them – the legal basis for processing is the legitimate interest of the Data Controller, the Company (Article 6(1)(f) of the GDPR).

DIRECT MARKETING

4.7. The personal data of the Publisher, Advertiser, and User may also be used by the Data Administrator Company to send marketing content through various channels, such as via email, MMS/SMS, or by phone. Such actions are undertaken by the Data Administrator Company only if the Publisher, Advertiser, or User has given their consent, which can be withdrawn at any time.

  1. SOCIAL MEDIA PLATFORMS

5.1. The Data Administrator Company processes the personal data of Publishers, Advertisers, and Users visiting the profiles of the Data Administrator Company conducted on social media (Facebook, YouTube, Instagram, Twitter). This data is processed solely in connection with maintaining the profile, including informing Publishers, Advertisers, and Users about the activity of the Data Administrator Company and promoting various events, services, and products. The legal basis for processing personal data by the Data Administrator Company for this purpose is its legitimate interest (Article 6(1)(f) of the GDPR) in promoting its own brand.

  1. COOKIES AND SIMILAR TECHNOLOGIES

6.1. Cookies are small text files installed on the device of the Publisher, Advertiser, or User browsing the Service. Cookies collect information that facilitates the use of the website—for example, by remembering the visits of the Publisher, Advertiser, and User to the Service and the actions they take.

6.2. The Data Administrator Company uses so-called service cookies primarily to provide the User with electronic services and to improve the quality of those services. Accordingly, the Data Administrator Company and other entities providing analytical and statistical services for it use cookies, storing information or accessing information already stored on the telecommunications end device of the Publisher, Advertiser, or User (computer, phone, tablet, etc.). The cookies used for this purpose include:

6.2.1. cookies with data entered by the Publisher, Advertiser, or User (session identifier) for the duration of the session (user input cookies);

6.2.2. authentication cookies used for services requiring authentication for the duration of the session (authentication cookies);

6.2.3. security cookies used to ensure security, e.g., used to detect authentication abuses (user-centric security cookies);

6.2.4. session cookies for multimedia players (e.g., flash player cookies) for the duration of the session (multimedia player session cookies);

6.2.5. persistent cookies for personalizing the interface of the Publisher, Advertiser, or User for the duration of the session or slightly longer (user interface customization cookies);

6.2.6. cookies used to monitor website traffic, i.e., data analytics, including Google Analytics cookies (these are files used by Google to analyze how the Publisher, Advertiser, or User uses the Service to create statistics and reports regarding the functioning of the Service). Google does not use the collected data to identify the User and does not link this information to enable identification. Detailed information about the scope and principles of data collection in connection with this service can be found at the following link: https://www.google.com/intl/en/policies/privacy/partners.

«MARKETING» COOKIES

6.3. The Data Administrator Company and its trusted partners also use cookies for marketing purposes, including targeting behavioral advertising to Publishers, Advertisers, or Users. For this purpose, the Data Administrator Company and trusted partners store information or access information already stored on the telecommunications end device of the Publisher, Advertiser, or User (computer, phone, tablet, etc.). The use of cookies and the personal data collected through them for marketing purposes, particularly for promoting the services and goods of third parties, requires obtaining the consent of the Publisher, Advertiser, or User. This consent can be withdrawn at any time.

  1. RIGHTS OF DATA SUBJECTS

7.1. Every individual whose personal data is processed has the right to:

7.1.1. Access to Data – in accordance with Article 15 of the GDPR:

7.1.1.1. The Publisher, Advertiser, or User has the right to obtain confirmation from the Company as to whether their personal data is being processed, and if so, the right to:

  • 7.1.1.1.1. Access their personal data,
  • 7.1.1.1.2. Receive a copy of their personal data,
  • 7.1.1.1.3. Obtain information about the purposes of processing, categories of personal data being processed, recipients or categories of recipients of the data, the planned retention period for the data of the Publisher, Advertiser, or User, or the criteria used to determine this period (if determining the planned retention period is not possible), their rights under the GDPR, the right to lodge a complaint with a supervisory authority, the source of this data, automated decision-making, including profiling, and the safeguards in place regarding the transfer of this data outside the European Union.

7.1.2. Information on Data Processing

7.1.3. To receive a copy of the data.

7.1.4. Rectification or Modification of Data – in accordance with Article 16 of the GDPR:

7.1.4.1. The Publisher, Advertiser, or User has the right to request the Company to promptly rectify personal data that is inaccurate.

7.1.4.2. Taking into account the purposes of processing, the Publisher, Advertiser, or User has the right to request the completion of incomplete personal data or modification of data necessary for the payment of remuneration, including contact and address details, by submitting an additional statement.

7.1.4.3. The Publisher, Advertiser, or User can request rectification or completion of personal data by sending an email to the indicated address: kontakt@youaff.com. The Company will provide the Publisher, Advertiser, or User with a link to change the data.

7.1.5. Deletion of Data (the «Right to be Forgotten») – in accordance with Article 17 of the GDPR:

7.1.5.1. The Publisher, Advertiser, or User has the right to request the deletion of all or some personal data.

7.1.5.2. The Publisher, Advertiser, or User has the right to request the deletion of personal data if:

  • 7.1.5.2.1. The personal data is no longer necessary for the purposes for which it was collected or processed,
  • 7.1.5.2.2. They have withdrawn their consent, to the extent that the personal data has been processed based on that consent,
  • 7.1.5.2.3. They have objected to the use of their data for marketing purposes,
  • 7.1.5.2.4. The personal data has been processed unlawfully,
  • 7.1.5.2.5. The personal data must be deleted to comply with a legal obligation under EU or Member State law to which the Company is subject,
  • 7.1.5.2.6. The personal data was collected in connection with the offering of information society services.

7.1.5.3. Despite the request for deletion of personal data due to an objection or withdrawal of consent, the Company may retain certain personal data to the extent that processing is necessary for establishing, pursuing, or defending claims, as well as to comply with a legal obligation requiring processing under EU or Member State law to which the Company is subject. This particularly concerns personal data such as name, surname, email address, which are retained for the purposes of handling complaints and claims related to the use of the Company’s services, as well as additionally residential address/correspondence address, which is retained for handling complaints and claims related to service contracts.

7.1.6. Restriction of Data Processing – in accordance with Article 18 of the GDPR:

7.1.6.1. The Publisher, Advertiser, or User has the right to request the restriction of processing their personal data. Until this request is considered, the use of certain services that involve the processing of the data in question will be impossible. Until the request is resolved, the Company will not send any communications, including marketing messages.

7.1.6.2. The Publisher, Advertiser, or User has the right to request the restriction of the use of personal data in the following cases:

  • 7.1.6.2.1. When they contest the accuracy of their personal data – in which case the Company restricts its use for as long as it is necessary to verify the accuracy of the data, but no longer than 90 days;
  • 7.1.6.2.2. When the processing of the data is unlawful, and instead of deleting the data, the Publisher, Advertiser, or User requests a restriction on its use;
  • 7.1.6.2.3. When personal data is no longer necessary for the purposes for which it was collected or used, but is required by the Publisher, Advertiser, or User to establish, pursue, or defend claims;
  • 7.1.6.2.4. When they have objected to the processing of their data – in which case the restriction occurs for as long as necessary to consider whether, due to a specific situation, the protection of the interests, rights, and freedoms of the Publisher, Advertiser, or User outweighs the interests pursued by the Company in processing the personal data.

7.1.7. Data Portability – in accordance with Article 20 of the GDPR:

7.1.7.1. The Publisher, Advertiser, or User has the right to receive their personal data provided to the Data Administrator and transmit it to another data controller of their choice. The Publisher, Advertiser, or User also has the right to request that their personal data be transmitted directly by the Data Administrator to another controller, where technically feasible. In such a case, the Data Administrator will send the personal data of the Publisher, Advertiser, or User in a file format of CSV, which is a commonly used format suitable for machine readability and allows for the transfer of received data to another data controller.

7.1.7.2. When the Publisher, Advertiser, or User exercises the rights arising from the above rights, the Company will fulfill the request or refuse to fulfill it promptly, no later than one month after receiving it. However, if due to the complexity of the request or the number of requests, the Company cannot fulfill the request within one month, it will do so within the following two months, informing the Publisher, Advertiser, or User in advance, within one month of receiving the request, of the intended extension of the deadline and its reasons.

7.1.7.3. The Publisher, Advertiser, or User can submit complaints, inquiries, and requests to the Data Administrator regarding the processing of their personal data and the realization of their rights.

7.1.7.4. The Publisher, Advertiser, or User has the right to request from the Company a copy of the standard contractual clauses by sending an inquiry.

7.1.8. Objection to Data Processing for Marketing Purposes or Other Purposes – in accordance with Article 21 of the GDPR:

7.1.8.1. The Publisher, Advertiser, or User has the right to object at any time, on grounds relating to their particular situation, to the processing of their personal data, including profiling, if the Company processes their data based on a legitimate interest, e.g., marketing of the Company’s services.

7.1.8.2. The Publisher, Advertiser, or User can object to the processing of personal data by sending an email indicating their wish to unsubscribe from receiving marketing communications about the Company’s services.

7.1.8.3. If the Company considers the objection of the Publisher, Advertiser, or User to be justified and has no other legal basis for processing the personal data, it will delete the personal data regarding which the Publisher, Advertiser, or User has objected.

7.1.9. Withdrawal of Consent – in accordance with Article 7(3) of the GDPR:

7.1.9.1. The Publisher, Advertiser, or User has the right to withdraw any consent given to the Company.

7.1.9.2. The withdrawal of consent takes effect from the moment of expressing the will to withdraw consent.

7.1.9.3. The withdrawal of consent does not affect the lawfulness of the processing of personal data carried out by the Company before the withdrawal of consent.

7.1.10. Right to Lodge a Complaint with a Supervisory Authority regarding personal data protection.

7.2. Contact with the person supervising the processing of personal data in the Service Provider’s organization is possible electronically at the email address: kontakt@youaff.com.

7.3. The Publisher, Advertiser, or User has the right to lodge a complaint with the President of the Office for Personal Data Protection regarding the violation of their rights to personal data protection or other rights granted under the GDPR.

  1. DATA PROCESSING PERIOD

8.1. The data processing period by the Data Administrator (the Company) depends on the type of service provided and the purpose of processing.

8.1.1. The data processing period may also arise from legal provisions, which constitute the basis for processing.

8.1.2. In the case of processing data based on the legitimate interest of the Data Administrator (the Company) — e.g., for security reasons — the data will be processed for the period necessary to realize that interest or until an effective objection to the processing of data is lodged.

8.1.3. If processing is based on consent, the data will be processed until that consent is withdrawn.

8.1.4. In connection with the execution of a cooperation agreement and the pursuit and defense of claims related to it — for the duration of the agreement and, after its termination, until the claims related to it are time-barred.

8.1.5. In connection with maintaining and communicating via websites — for a period of 30 days.

8.1.6. In connection with handling requests, complaints, claims, or other correspondence sent to the Company — until the matter raised in the request, complaint, claim, or other correspondence is resolved.

8.1.7. In connection with direct marketing — until an objection is raised or the consent granted is withdrawn, and after the withdrawal of consent, for a period corresponding to the limitation period for claims that the Company may assert and those that may be asserted against it.

8.1.8. In connection with statistical research, analytical activities, and satisfaction surveys — for the duration of the agreement, and after its termination only in anonymized or aggregated form (statistical data).

8.1.9. In connection with the fulfillment of legal obligations — until the obligation expires.

8.2. The data processing period may be extended if processing is necessary for the establishment or pursuit of claims or the defense against claims, and after that period — only to the extent required by law. After the data processing period expires, the data will be irreversibly deleted or anonymized.

8.3. The Company reserves the right to process data after the termination of the agreement or the withdrawal of consent only to the extent necessary for the pursuit of potential claims before a court or if national or EU regulations or international law require data retention.

8.4. Deletion of personal data may occur as a result of withdrawing consent or raising a legally permissible objection to the processing of personal data.

  1. DATA RECIPIENTS

9.1. The personal data of the User is transmitted to service providers that the Company uses in the operation of the Service. The service providers to whom personal data is transferred, depending on contractual agreements and circumstances, either act under the instructions of the Company regarding the purposes and methods of processing such data (data processors) or independently determine the purposes and methods of their processing (administrators).

9.2. Data Processors: The Company uses providers who process personal data only at the instruction of the Company. These include, among others, providers offering hosting services, accounting services, delivering marketing systems, traffic analysis systems for the Service, and systems for analyzing the effectiveness of marketing campaigns.

9.2.1. Administrators: The Company uses providers who do not operate solely on instruction and independently determine the purposes and methods of utilizing the personal data of Users.

9.2.2. Location: Service providers are mainly based in Poland and in other countries of the European Economic Area (EEA).

  1. CHANGES TO THE PRIVACY POLICY

10.1. The Company reserves the right to make changes to the privacy policy at any time. Updates to the privacy policy will be published on the website https://youaff.hasoffers.com/privacy_policy.

10.2. Questions related to the Privacy Policy can be directed to the address: kontakt@youaff.com.

10.3. Date of the last modification: April 19, 2024.