Affiliate Squared Limited

Privacy Policy Agreement

Privacy commitment and scope of this policy

This Privacy Policy (“Privacy Policy”) describes how Personal Data is collected and used by Affiliate Squared Limited, AffiliatePad, 7 Western Gardens, Brentwood, CM14 4SP, under Company number 07510763, (we, AS2) when providing our Services.

We care about your privacy, and we want you to understand how we process Personal Data and the choices you have with regards to it. We have taken steps to ensure this information is as clear and easy to understand as possible, but if you have any questions, please contact your account manager or privacy@affiliatesquared.com.

We are of the belief that data protection is essential to the growth and prosperity of the Internet and that a superior online experience can provide significant benefits to users if performed correctly. In accordance with these beliefs, AS2 creates results for affiliates and merchants in revolutionary ways without compromising users’ privacy or data protection.

By getting familiar with this Privacy Policy, you have taken the first step in understanding how advertising businesses such as ours help contribute to the Internet’s ability to remain a diverse ecosystem of content, as well as provide a better digital browsing experience.

What does AS2 do?

When a consumer visits websites and mobile applications, there are a plethora of third parties working behind the scenes to contribute to a great digital experience. AS2 is one of these companies and we provide the affiliate marketing that keeps your favourite blogs free, your favourite shops in business, and your advertising experience more relevant

Affiliate marketing is the process of an affiliate (for example a blog or a news site) earning commission by promoting the products or services of merchants (for example an online retailer).

Affiliates will promote products or services from merchants to visitors of their websites or mobile applications and earn a commission of the profit for each sale generated. AS2 operates an affiliate network, which helps affiliates and merchants connect with each other.

An affiliate network acts as an intermediary between affiliates and merchants to help them find advertising programs which are suitable for their needs and channels, and makes sure the right party is rewarded for an effective referral or marketing effort. To make some of these things possible, and to make smarter decisions, we need to use information that is considered Personal Data.

Cookies and device access

We will only place our own Cookies or otherwise access a consumer’s device directly if we have been provided with consent to do so, as required by the ePrivacy Directive and the UK Privacy and Electronic Communications Regulations (PECR). However, certain essential Cookies do not require consent. This includes Cookies that are essential to comply with the GDPR’s security principle as well as Cookies that help ensure that content of a page loads quickly and effectively by distributing the workload across numerous computers.

Examples of situations where essential Cookies are used are when we need to identify a consumer to be able to provide them with loyalty points or cash back. If a consumer has requested loyalty points or cash back from one of our partners, we need to access the consumer's device to create/read a Cookie ID so that we can ensure that the loyalty points or cash back are provided to the correct consumer. In these situations, accessing the device is strictly necessary to provide the consumer with a service they have requested.

What Personal Data do we process?

The majority of the Personal Data AS2 processes is machine-generated. We do not collect any Personal Data that directly identifies a consumer. As AS2's data processing activities do not require the direct identification of a consumer, AS2 only holds what is known as “Pseudonymised Personal Data”. Pseudonymised Personal Data is Personal Data that cannot be attributed to a specific consumer without the use of additional information. Using Pseudonymised Personal Data can reduce the risks to consumers, while also help companies like AS2 meet their data protection obligations.

Using only Pseudonymised Personal Data lets us see and follow a consumer’s journey from an affiliate to a merchant, but without revealing who that consumer is in a traditional sense by using name, address or email. In other words, we cannot directly identify a consumer using the Personal Data that we process. We have no interest in or need to know those details about any particular consumer.

When a consumer visits and interacts with a website or mobile application that participates in our Services the following information might be collected and transferred to us:

  • Browser and device information. This includes information such as user agent string which provides browser type and version, Cookie ID, click, impressions, time stamp, IP address, referring site URL and current site URL.
  • Transactional Data. This includes information that described the online purchases and actions made by a consumer, Order ID, order information like products and services and online timestamp.
  • How Personal Data is used and lawful basis

    AS2 primarily uses Personal Data for the purpose of attributing a referral or a marketing effort on an affiliate website or mobile application to a transaction with an merchant. We do this to enable merchants to reward affiliates on a per-transaction basis for their marketing efforts. It also allows AS2 to provide affiliates and merchants with related reports and analytics. Most of these reports contain only aggregated statistical data.

    We do not use Personal Data to make predictions or evaluations of a consumer’s interest, and we do not use Personal Data to create advertising profiles.

    Please see our full purposes and lawful bases below.

  • To identify consumers, including trying to determine what devices are likely to belong to a consumer and trying to distinguish their device from other devices, so that we are able to provide commission accurately to participants of our Services.
  • Support reporting and analytics to participants of our Services on the transactions made.
  • Improve existing systems and software and to develop new products.
  • In support of the purposes above we use Personal Data that we hold to determine whether different devices are likely to belong to the same consumer, and to distinguish their device from other devices based on information the device automatically sends, such as IP address or browser type. This helps us understand whether the same consumer starts a transaction on one device and completes it on another. We do this to make sure we can provide commission to the referring affiliate accurately.

    AS2’s legitimate interests for the purposes above include; providing our Services; ensuring that participants of our Services (affiliates and merchants) are paying and are being compensated for traffic and transactions generated through our Service; and ensuring participants (affiliates and merchants) are only paying and being compensated for traffic and transactions by a natural person (e.g. not a bot). Further information can be provided upon request.

    If a consumer has requested loyalty points or cash back from one of our partners, then we need to process Personal Data for the purposes above so that we are able to provide the consumer with the loyalty points or cash back that they have requested. In those cases, the processing is necessary for performance of the contract that the consumer has with one of our partners regarding loyalty points or cash back.

    Who do we share Personal Data with?

    We share your Personal Data:

  • With companies within the Affiliate Squared Group for the purposes above,
  • With participants of our Services (affiliates and merchants) so that they can verify that they have either paid, or have been compensated with, the correct amount,
  • With our processors,
  • Third parties in the event of any reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stocks (including in connection with any bankruptcy or similar proceedings) and
  • As we believe necessary and appropriate: (a) under applicable law; (b) to comply with legal processes and obligations; (c) to respond to requests from public and governmental authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations; (f) to protect our rights, privacy, safety or property; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
  • How long do we keep Personal Data?

    We retain all Personal Data in accordance with our data retention policy which abides by applicable law. The retention period depends on the type of data. For example, we retain Pseudonymised Personal Data for up to six (6) years.

    Your rights

    We understand that you may be interested to know what Personal Data we hold about you. You can obtain this information by contacting us.

    If you wish to exercise any other rights you might under Data Protection Laws (including rectification, portability and restriction, please contact us.

    In situations when we rely on consent you have the right to withdraw your consent at any time. If you have provided AS2 with consent to place our own Cookies or otherwise access your device directly, you have the right to withdraw such consent at any time.

    International transfers

    In order to provide our Services, we transfer Personal Data to, and Process Personal Data in, countries outside the European Union (EU), the European Economic Area (EEA) and the United Kingdom. More specifically our servers are located in the United Kingdom, and our processors operate globally.

    We have taken appropriate and suitable safeguards to ensure that your Personal Data will remain protected when transferred outside EU/EEA and the UK. This includes implementing Standard Contractual Clauses for transfers of Personal Data adopted by the European Commission and/or the United Kingdom. Further information about our international transfers as well as the safeguards in place can be provided upon request.

    Security

    We have implemented appropriate technical and organisational security measures to protect the Personal Data in our care, both during transmission and once we receive it. This includes physical and technical security measures to protect our Personal Data from accidental or unlawful destruction, loss, or alteration, and from unauthorised disclosure or access. Although please note that no method of transmitting information over the Internet or storing information is completely secure.

    Contact us

    Affiliate Squared Holdings Ltd is the controller of the Personal Data that we process as described in this Privacy Policy. If you have any question about the processing, please contact us.

    Our Data Protection Officer is tasked with informing and advising us on the obligations that apply to us under Data Protection Laws, as well as monitoring our compliance with the same. If you need to contact our Data Protection Officer, please email contact us. However, we respectfully ask that you only contact our Data Protection Officer regarding urgent matters relating to data protection.

    As an EU resident, you have the right to report a concern to your country’s Data Protection Authority. The same applies if you are a UK resident, please visit the Information Commissioner’s Office’s website for contact information. However, we respectfully request that you contact us first so that we can assist you.

    Changes to this Privacy Policy

    We may occasionally make changes to this Privacy Policy. If we do, we will take appropriate measures to inform you, consistent with the significance of the changes we make.

    Definitions used in this Privacy Policy

    “AS2” means Affiliate Squared Limited, AffiliatePad, 7 Western Gardens, Brentwood, CM14 4SP, under Company number 07510763. ICO Registration Number ZA585556.

    “Cookies” are small text files that are downloaded and stored onto your device (e.g. a computer or smartphone). Cookies allow us to recognise your device and store information about your preferences or past actions. In this Privacy Policy the definition of “Cookies” includes similar technologies that can write or read information on your device such as “Local Shared Objects” (sometimes called Flash Cookies), pixels and web-beacons.

    Data Protection Laws” means (i) EU Regulation 2016/679 and the UK General Data Protection Regulation (UK GDPR) as tailored by the UK Data Protection Act 2018 (together “GDPR”); (ii) EU Directive 2002/58/EC (ePrivacy Directive); (iii) the UK Privacy and Electronic Communications (EC Directive) Regulations 2003; and (iv) any and all applicable national data protection laws made under or pursuant to (i) or (iii); in each case as may be amended or superseded from time to time.

    “Personal Data” means any information relating to an identified or identifiable natural person. Information such as name, identification number, location data and an online identifier is considered Personal Data.

    “Services” means the affiliate marketing services that we provide to affiliates and merchants in more detail described above.