ULUD (hereinafter - “the ULUD Platform”, “the Platform”) is a partner marketing platform providing services on the design and management of an affiliate network introduced by ULUD LTD (hereinafter – “we”, “our”, “us”, “the Company”). The Company is registered in the United Kingdom with the location of 91 Battersea Park Road, London, England, SW8 4DU, registration number: 13309068. The present document makes an integral part of the entire set of documents regulating the operation of the Platform.

May 25, 2018, the European Union introduced the General Data Protection Regulation (GDPR). GDPR presents the rules on personal data protection that cover all 28 EU countries. GDPR replaces the Directive of 1995 and introduces the most considerable changes on the personal data protection for the last 20 years.

Technologies are rapidly evolving, the volume and the types of information are increasing. The aim of GDPR is to implement universal regulations in all EU countries, that is going to ease the international business activity, as well as to strengthen control over personal data providing all instruments for the entire control over personal information. You can find all the necessary information with regard to the new regulations on the official site https://eugdpr.org/.

PARTIES TO THE PROCESSING OF THE PERSONAL DATA

Under GDPR, two parties join in the processing of the personal data – a ‘data controller’ and a ‘data processor’.

The data controller (Controller) is a physical or legal body to determine the purposes for which and the means by which personal data is processed. We speak about joint controllers when we mean that two or more persons/ agencies/ companies/ organizations jointly determine ‘why’ and ‘how’ personal data should be processed’. ULUD users are data controllers.

The data processor (Processor) processes personal data only on behalf of the controller. ULUD LTD is a data processor.

APPLICATION OF GDPR BY ULUD LTD

GDPR gives an opportunity to better protect your personal data and businesses will have to comply with new rules. As an international company, ULUD LTD fully recognizes its responsibility in the face of users. Our work in frames of compliance with GDPR includes the following points:

• implementation of the common strategy to enforce the GDPR rules;

• determination and audit of our practices in the field of the processing of the personal data;

• introduction of updates, rules, notifications and information sources;

• appointment of an official to be responsible for the policy on personal data protection;

• compliance with the approved rules and certification;

• final audit.

Personal Data Collection

At the account level, we afford our users a ground to use the product in the environment of the IP obfuscation as well as to exploit device identifier blanking for all EU countries, the United Kingdom, and Switzerland.

IP obfuscation, in general, is the conversion of the original text or of the performed program code into the form that preserves the functionality but that makes it difficult to make analysis, to understand the operational algorithms. In the ULUD operation, we put a 0 instead of the last octet of the IP.

As for the device identifier blanking, it puts an empty string instead of any incoming values from these macros:

• device_id, android_id, ref_android_id, ref_device_id

• ios_ifa

• user_id, unid

• mac_address

Personal Data Access, Usage, and Transfer

ULUD LTD uses all the necessary instruments to ensure protection from unauthorized access, usage and transfer of data. Unauthorized bodies cannot amend or delete the date in the process of its transfer.

Deletion of Personal Data

There is always an option to delete any personal data on your affiliates, advertisers, or employees.

Note: Even if we delete end user’s data, the information on affiliate, advertiser, or employees, we will not delete the entire record about the user, just the segment containing the personal information.

Data Minimization & Separation

Data minimization is one of the most significant principles within the GDPR. Bearing it in our mind, we propose 120-day rolling retention that will be at the disposal of the IP addresses and the above-listed device identifiers and 12-month rolling retention that will be in access for the entire log-level reporting.

Nevertheless, only the Conversion Report and Click Logs will be subjected to the influence of the retention amendments. The Statistics Report Queries will remain in access beyond these retention periods. However, Affiliate Sub 1-8 or Source Statistics Queries will be in access for a year and a half.

The data separation mechanism has recommended itself as a good way to protect the data and ULUD LTD cannot but use it in the processing of data so that it could be stored securely. Test and production systems don’t make an exception.

Pseudonymization

According to the GDPR, it makes one of the relevant technical and organizational measures to ensure the security level that corresponds to the existing risks. In such a way, ULUD hashes the data in the earliest possible stages and the personal data no longer refers to a certain subject of the data without using additional information.

Recoverability & Physical Access

Protection from data loss is ensured by the special systems that allow carrying out backups with the help of automated tools on a regular basis. The properly configured backup system of ULUD allows restoring the information in case of its unexpected loss.

ULUD LTD uses all modern means to ensure the security of the physical data centers. Security staff is on duty 24/7. Alarm systems, security footage, and many other means are used by the service to provide the highest level of security for the servers so that no unauthorized person could get access to them, no matter if he or she is even a ULUD LTD Team member.

PRIVACY SETTINGS

Users’ privacy is protected by ULUD by default. A user does not have to go to settings and change them manually to make privacy settings safe to the maximum.

On our website, you can find Terms and Conditions, Privacy Policy, and User Agreement. We kindly ask you to get to know them and to sign the User Agreement.

CONCLUSION

Opposite to the previous regulations, GDPR directly addresses the processors of personal data and defines how they shall work. If you have a ULUD account, you are the controller of your personal data. That is why it is you to define why and how this information will be processed. It means you have your own obligations under GDPR.

As we have already stated, ULUD LTD has a certain strategy on compliance with GDPR and the following two points have always been an integral part of our security policy:

• personnel training;

• testing and verification of compliance with all the provisions of the regulations.

We continuously hold training courses and meetings to be sure our Information Security Team is informed on new rules or amendments to the old ones as well as on the best solutions in the area of security.

We’ve presented the above-stated information to you so that you could understand how ULUD LTD implements the EU regulations on personal data. This information shouldn’t be recognized as legal advice. We ask you to consult your own legal expert to get a full and complete understanding of your personal obligations under the GDPR, as well as of the company’s activities on the personal data use.

You can find some more information on the GDPR on the website of the Information Commissioners Office.

If you still have any questions, we are glad to answer all of them at legal@ulud.com