PrivateOfferz - Network
PRIVACY POLICY

Your privacy is important to us. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, how long we retain it, and what rights Affiliates and/or Advertisers have in relation to their personal data. Please read this Privacy Policy carefully before using the PrivateOfferz - Network platform, including in connection with affiliate, advertiser, tracking and attribution services.

This Privacy Policy is intended to provide information in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation or “GDPR”).

This Privacy Policy describes how personal data relating to Affiliates and/or Advertisers is processed by the Controller and, where applicable, by Processors acting on behalf of the Controller for the purposes of administering the affiliate program, ensuring accurate attribution, preventing fraud, providing support, processing payouts, and complying with legal obligations.

For the purposes of this Privacy Policy, references to Affiliates and/or Advertisers include both natural persons acting on their own behalf and representatives, users, beneficial owners, contact persons, directors, employees or other authorized persons acting on behalf of legal entities, where applicable.

1.      "The Controller”

is registered in accordance with the applicable law of , registration number , address: . The Controller determines the purposes and means of processing personal data described in this Privacy Policy.

2.       "The Processors”

Traffic Manager Group S.R.L. processes personal data on behalf of the PrivateOfferz - Network () in connection with the provision of the affiliate tracking platform, hosting, technical support, attribution services, fraud-prevention functions, and related infrastructure services. Traffic Manager Group S.R.L. acts as a processor only to the extent it processes personal data on documented instructions of the Controller in relation to the services described above. Traffic Manager Group S.R.L. is registered in accordance with the applicable law of Romania (European Union), VIES registration number RO43058081, address: Brasov, Ionel Teodoreanu 1.

Categories of Personal Data, Purposes of Processing, Processing Methods and Retention

The Controller may process the following categories of personal data relating to data subjects covered by this Privacy Policy: (hereinafter the “Personal Data”):

• First name and last name (purpose: affiliate and/or advertiser identification and account administration);
• Business and account information, including company name, registered address, registration number, VAT number, tax identification details, billing details, and information relating to authorized representatives (purpose: account setup, contractual administration, invoicing, compliance, and business relationship management);
• Payment and payout information, including billing records, payment references, bank or wallet-related information where applicable, payout method details, and transaction status data (purpose: payment processing, payout administration, accounting, audit, compliance, dispute management, and fraud prevention);
• Date of birth (purpose: age verification where necessary);
• Gender (purpose: optional profile data and communication personalization where voluntarily provided and where relevant)
• Identity document information (purpose: identity verification, compliance checks, prevention of money laundering, terrorism financing, tax evasion, and payout verification where required);
• Residence address (purpose: identity verification, contractual administration, compliance and payout-related checks where necessary);
• Contact phone number and other means of communication, including messenger IDs (purpose: affiliate and/or advertiser verification, support, operational communication, fraud-prevention checks, and marketing where permitted by law);
• Email address (purpose: account identification, login, support, service communications, and marketing where permitted by law);
• Affiliate and/or Advertiser locale information, including country of residence, time zone, and interface language (purpose: account administration, localization, service communications, and user experience);
• Transaction, tracking and attribution data, including affiliate and/or advertiser account ID, campaign identifiers, click IDs, conversion data, payout-related records, and technical attribution records (purpose: performance tracking, attribution, reporting, payout calculation, dispute resolution, and fraud prevention);
• Technical data, including IP address, browser details, operating system information, cookies, device characteristics, access timestamps, and requested page addresses (purpose: platform operation, security, attribution integrity, fraud prevention, duplicate account detection, and troubleshooting);
• Support, compliance and verification records (purpose: account administration, support, audit trail, dispute resolution, fraud investigation, and compliance management).

Processing methods

The Controller and its Processors may collect, record, organize, structure, store, adapt, retrieve, consult, use, disclose by transmission where necessary, combine, restrict, erase, anonymize, or destroy personal data using automated and/or non-automated means, as appropriate for the purposes described in this Privacy Policy.

Retention period

Personal data shall be retained only for as long as necessary for the purposes for which it was collected and processed, including the performance of the Affiliate and/or Advertiser Agreement, fraud prevention, platform security, legal compliance, record-keeping, dispute resolution, and the establishment, exercise or defence of legal claims.

• Account and profile data shall generally be retained for the duration of the Affiliate and/or Advertiser Agreement and for a limited period thereafter as necessary to manage post-termination matters and operational requests;
• Contractual, payout, invoicing, tax and accounting records may be retained for up to 5 (five) years after the end of the contractual relationship, or longer if required by applicable law or by a competent authority;
• Fraud prevention, security, abuse-detection, duplicate-account prevention, attribution-integrity and evidentiary records may be retained for up to 5 (five) years after the end of the contractual relationship, and longer where reasonably necessary for ongoing investigations, authority requests, enforcement actions, or the establishment, exercise or defence of legal claims;
• Technical and attribution logs shall be retained for the period necessary to ensure platform security, attribution integrity, troubleshooting, fraud prevention and legal compliance;
• Where personal data is no longer necessary, it shall be securely deleted or irreversibly anonymized without undue delay.

Legal bases for processing

The Controller processes personal data on one or more of the following legal bases, depending on the relevant processing activity:

• Performance of a contract under Article 6(1)(b) GDPR, including the administration and execution of the Affiliate and/or Advertiser Agreement;
• Compliance with legal obligations under Article 6(1)(c) GDPR, including accounting, tax, audit, compliance, anti-money laundering, and cooperation with competent authorities where applicable;
• Legitimate interests under Article 6(1)(f) GDPR, including fraud prevention, platform security, duplicate-account detection, attribution integrity, payout verification, dispute resolution, and the establishment, exercise or defence of legal claims;
• Consent under Article 6(1)(a) GDPR, where consent is specifically required by applicable law, including certain marketing communications where applicable.

Privacy contact: For questions relating to personal data processing, Affiliates and Advertisers may contact the privacy team designated for the Controller at: dpo@trafficmanager.com

Recipients of personal data

1. Hosting and data storage providers

Provided Personal Data: personal data necessary for hosting, storage, backup, and infrastructure operation.

Purpose: secure hosting, storage, backup, and technical operation of the affiliate and advertiser platform.

List of data processing centres:

• OVH - 2 rue Kellermann BP 80157 59053 Roubaix Cedex 1 - France
• 9 Rue du Bassin de l’Industrie, 67000 Strasbourg, France
• Route de la Ferme Masson, 59820 Gravelines, France

The following are used when the customer chooses "America (US West Coast)" or "America (US East Coast)" as the datacenter location:

• 1300 NE 25th Ave, Hillsboro, OR 97124, USA
• 6872 Watson Ct, Warrenton, VA 20187, USA

2. Authorities, auditors and professional advisers

Provided Personal Data: personal data necessary for compliance, disclosure, audit, legal advice, accounting, and enforcement purposes.

Purpose: compliance with legal obligations, responding to lawful requests, audit, legal representation, accounting, and protection of rights and interests.

3. Fraud prevention, security, compliance and dispute-management recipients, where necessary

Provided Personal Data: identification data, contact data, technical data, transaction and attribution records, fraud indicators, support records, and other data reasonably necessary for the relevant purpose.

Purpose: fraud prevention, abuse detection, duplicate-account investigation, payout-risk assessment, attribution verification, dispute management, legal claims, platform security, and cooperation with competent authorities.

Security of personal data: The Controller and its Processors apply appropriate technical and organizational measures designed to protect personal data against unauthorized access, accidental loss, unlawful destruction, alteration, disclosure or misuse. Additional details may be made available by the Controller upon request where appropriate.

Account closure, erasure requests and restricted retention

If an Affiliate or Advertiser requests the closure of the account or the erasure of personal data, the Controller shall assess the request in accordance with Article 17 GDPR and applicable law.

The Controller shall delete or irreversibly anonymize personal data where there is no longer a valid legal basis to retain it. However, the right to erasure is not absolute. Certain personal data may continue to be retained, with processing restricted, where such retention is necessary:

• to comply with applicable legal obligations;
• to maintain accounting, tax, payout, contractual and audit records;
• to detect, prevent, investigate or document fraud, abuse, suspicious conduct, duplicate accounts, attribution manipulation, unauthorized use of the platform, affiliate program, advertiser account, or related services, or other violations of law or contract;
• for the establishment, exercise or defence of legal claims;
• to comply with requests, orders or investigations from competent authorities.

Where retention remains necessary for the above purposes, the relevant data shall be placed under restricted processing and accessed only by authorized personnel on a need-to-know basis. Once the applicable retention period expires, such data shall be securely deleted or irreversibly anonymized.

Affiliate and Advertiser rights

Subject to applicable law and the conditions set by the GDPR, Affiliates and Advertisers may have the following rights in relation to their personal data:

• the right to access personal data and obtain information about how it is processed;
• the right to request rectification of inaccurate or incomplete personal data;
• the right to request erasure of personal data where the legal conditions for erasure are met;
• the right to request restriction of processing in the cases provided by law;
• the right to data portability, where applicable;
• the right to object to processing based on legitimate interests, including direct marketing where applicable;
• the right to withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing carried out before withdrawal;
• the right to file a complaint with the competent supervisory authority.

Please note that some rights are not absolute and may be limited where processing remains necessary for compliance with legal obligations, fraud prevention, security, attribution integrity, audit requirements, or the establishment, exercise or defence of legal claims.

Requests concerning these rights should generally be addressed to the Controller. Where a Processor receives such a request on behalf of the Controller, it may assist in handling the request in accordance with the Controller’s documented instructions and applicable law.

Requirement necessary for the contractual relationship: The provision of certain personal data described in this Privacy Policy is necessary for the conclusion, administration and performance of the Affiliate Agreement and/or Advertiser Agreement, as applicable. Failure to provide such data, or a request for erasure during the term of the relevant agreement, may result in the inability to create or maintain the relevant account, accurately track results, provide support, verify compliance, process affiliate payouts, process advertiser payments, or provide access to the platform and related services.

The Controller remains solely responsible for ensuring that its use of the platform, including any affiliate or advertiser activity conducted through it, complies with applicable law, licensing, sector-specific regulatory requirements, advertising restrictions, and contractual obligations. The provision of the platform by Traffic Manager Group S.R.L. does not constitute legal, regulatory, payment, licensing, or sector-specific compliance approval for the Controller’s business activities.

After termination of the Affiliate and/or Advertiser Agreement, certain categories of personal data may still need to be retained on a restricted basis for accounting, tax, compliance, fraud prevention, security, dispute management, audit trail, and legal-claims purposes.

Last revision: April 17, 2026