Updated on 2025-01-16

This Privacy Policy (hereafter referred to as “This Policy”) outlines the manner in which Kiickr Ltd  handles the information and
personal data which You have provided to Us and which enables Us to be able to effectively manage the relationship which
You have with Us.

This Policy applies to Our websites, applications, products and/or services that link to this policy or do not have a separate
privacy policy (hereinafter referred to as Our services). This privacy policy is intended to give You a better understanding of the
data We collect, the reason why We collect such data, the manner in which We process this data, the entities with whom We
share the said personal data, Your rights in relation to the collection, processing and sharing of such data and any other
pertinent matter relating to privacy and security.

Any personal data You will provide or which We already hold will be processed in line with and in the manner set out in this
Privacy Policy. Any and all information will be provided through any of the Kiickr website (“The Website”) or any other means
which Kiickr may make available from time to time.

By reading This Policy You understand and acknowledge that Your personal data may be processed in the manner set out in
this policy. If You do not agree with the terms of this Privacy Policy please do not use the Website or otherwise provide Us with
Your Personal Data.

Any references in this Policy to “Kiickr”, “Us”, “We” or “Our” relate to the Data Controller, namely, Kiickr Ltd., a Maltese
company bearing registration number C 103411 and having its registered address at Level 5, Spinola Park, Triq Mikiel Ang.
Borg, St Julians, SPK 1000, Malta and which is the owner of the website https://www.kiickr.com

All processing of Personal Data performed by Kiickr as envisaged in this Privacy Policy shall be carried out in line with:

–      The Maltese Data Protection Act (hereafter referred to as the “DPA” – Chapter 586 of the Laws of Malta) as well as any
other subsidiary legislation issued under the DPA as may be amended from time to time; and

–      Regulation (EU) 2016/679 of The European  Parliament And of The Council of 27 April 2016  On The Protection of Natural
Persons With Regard to The Processing of Personal Data And On The Free Movement of Such Data, And Repealing Directive
95/46/EC (General Data Protection  Regulation)” (hereinafter referred to as “the Regulation” or “GDPR”).

The DPA and the GDPR shall hereafter be collectively referred to as the “Data Protection Laws”.

Kiickr determines the means and purposes of the processing of Personal Data and therefore acts as the “Data Controller” in
terms of the applicable Data Protection Laws.  

DEFINITIONS

Cookies

“Cookies” means small set of data stored in the User’s device

“Game Lounge Group” means any entity holding shares in Kiickr whether directly or indirectly or in which the Kiickr holds
shares whether indirectly or directly or which is owner (directly or indirectly) by the same shareholder where “ownership” means
holding even at least one share in the entity in question or any sister company within the Group.

The Data Controller

Kiickr Ltd – C103411 of Spinola Parks Level 5 Triq Dun Mikiel Ang Borg St Julians, Malta

DPO contact Email: [email protected]

The Data Processor

“The Data Processor” means a natural or legal person, public authority, agency or other body which processes personal data
on behalf of the controller.

The Data Subject

“The Data Subject” is the natural person to whom the Personal Data refers.

Personal Data

“Personal Data” means any information that identifies You individually or relates to an identified or identifiable natural person.

Usage Data

“Usage Data” means information collected automatically through the website (or third party services employed by Kiickr), which
can include: IP addresses , the various tie details per visit and the details about the path followed with special reference to the
sequence of the pages visited and other parameters about the device operating system and/or User’s IT environment.

User

“User” the individual using https://kiickr.com who unless otherwise specified coincides with the the Data Subject

SECURITY

Kiickr stores Your Personal Data digitally on encrypted hard drives.

PERSONAL DATA PROTECTION

Personal Data held by Us is protected using the highest industry standard security processes and systems. Our commitment to
protect personal data is not merely through quality and high standards but also through the best and most efficient application
of the law. We are bound to only process personal data if such processing is based on a genuine and legitimate reason to do
so on the basis of one of the legal grounds established in the GDPR.

PERSONAL DATA YOU GIVE US

You may give us your personal by:

● Filing the contact form

● Submission of Know Your Business (KYB) Requests

● Signing of Advertiser or Publisher T&Cs or Contracts

In the following, We report the detailed set of data We ask you, mandatorily or optionally for each process you may be involved
in.

PERSONAL DATA WE COLLECT FROM YOUR DEVICE

We use Usage Data and Cookies to manage Our website, and to make sure that content from Our website is presented in the
most effective way for you and your device.  For more information about cookies, please see our Cookie Policy.

LAWFUL BASIS FOR PERSONAL PROCESSING
● Name, surname, email address, phone, bank account information, Gender, Age, Nationality, and Social
Media Account: This data is necessary and relevant for the purposes of performing our contractual
relationship with you.. The legal basis is our contractual relationship between ourselves when you sign-up to
our T&Cs or sign our contractual agreements.

● Age: to make sure you have the legal age to receive direct marketing communications or promotions related
to our product and services. The legal basis is Our legal obligation to target only individuals in the legal age.

● Age and E-mail address: to send to you any promotions or direct marketing communications about the group
products, services and different brands. The legal basis is your consent which you provide upon registration.

● Analytic data to have a better understanding of how you use the Website. The legal basis is Our legitimate
interest in learning how to offer a better service and user experience.

● Name, surname and contact details provided by interested parties during business events or similar activities
are processed for the purposes of initiating a business relationship. The legal basis is the data subject’s
consent and/or our legitimate interests to reach out to individuals providing us with their contact information
to initiate a business relationship.

● Visual images (both videos and photographs) taken during business events or similar activities are used by
the Controller or other Group entities to promote the Kiickr Publisher Program or for other Group PR,
branding and awareness initiatives. The legal basis is the data subject’s consent and/ or our legitimate
interest.

● Name and Surname, Date of Birth, Nationality, email address, physical address, passport or National ID,
Role within the organisation, shareholding details including beneficial owners, business registration
documents, Politically Exposed Person (PEP) Status, Financial details including source of wealth, business
information like licensing certificates. The legal basis is legal obligation and contractual obligations for
sanctioning purposes and performance of the contractual obligations. More information can be obtained from
here

PROCESSING ON THE BASIS OF OUR LEGITIMATE INTERESTS

A legitimate interest exists when We have a business or commercial reason upon which personal data will be processed. In
such a case We undertake to protect any and all of Your personal data and the manner in which such data is processed and to
ensure that such processing would not be unfair to You or Your interest.

PROCESSING ON THE BASIS OF YOUR CONSENT

Consent is not the only ground we may be permitted or obliged to rely on to process Your personal data. We will only process
personal data on the basis of Your consent where we cannot or otherwise choose not to rely on any ulterior legal ground (such
as compliance with a legal obligation or legitimate interest). Where we process Your personal data on the basis of Your
consent, you shall have the right to withdraw your consent at any time and in the same manner as it had been previously
provided by Yourself. In the case that You exercise Your right to withdraw consent, we would then determine whether we are
able (or obliged) to process Your personal data on the basis of any other legal ground other than consent. If this is the case We
will notify You accordingly. Any such withdrawal of Your consent will not invalidate any processing operations carried out prior
to You having withdrawn Your consent.

For the avoidance of all doubt, We would like to point out that in those limited cases where We cannot or choose not to rely on
another legal ground (for example, Our legitimate interests), We will process Your Personal Data on the basis of Your consent. 

In those cases where We process on the basis of Your consent (which We will never presume but which We shall have
obtained in a clear and manifest manner from You), YOU HAVE THE RIGHT TO WITHDRAW YOUR CONSENT AT ANY
TIME and this, in the same manner as You shall have provided it to Us. 

Should You exercise Your right to withdraw Your consent at any time (by writing to Us at the physical or email address below),
We will determine whether at that stage an alternative legal basis exists for processing Your Personal Data (for example, on the
basis of a legal obligation to which We are subject) where We would be legally authorised (or even obliged) to process Your
Personal Data without needing Your consent and if so, notify You accordingly. 

When We ask for such Personal Data, You may always decline, however should You decline to provide Us with necessary data
that We require to provide requested services, We may not necessarily be able to provide You with such services (especially if
consent is the only legal ground that is available to Us). 

Just to clarify, consent is not the only ground that permits Us to process Your Personal Data. In the last preceding section
above We pointed out the various grounds that We rely on when processing Your Personal Data for specific purposes. 

OTHER PURPOSES

We may be required to use and retain personal information for; loss prevention; and to protect Our rights, privacy, safety, or
property, or those of other persons in accordance with Our legitimate interests.

DATA RETENTION

We are required to keep your Personal Data according to Our Data Retention Policy. The GDPR does not specify time limits for
the retention of Personal Data, therefore the criteria we use to determine the retention periods (set out in Our Data Retention
Policy) depends on the specific Personal Data in question. Typically, we check if any specific EU and/or national laws (such as
license requirements, tax, or corporate laws) require us to retain certain Personal Data for a specified period (in which case we
will retain the data for the maximum period indicated by such laws). If no such laws apply, we consider if there are any laws or
contractual provisions that may be invoked against us by you and/or third parties, and if so, we determine the prescriptive
periods for such actions. In this case, we will retain any relevant Personal Data needed to defend ourselves against any claims,
challenges, or other actions by you and/or third parties.

Once the time period set out in Our Retention Policy has expired, your Personal Data will be irrevocably and securely deleted
or anonymised.  Any personal data held by Us for service notifications will be kept by Us until such time that you notify Us that
you no longer wish to receive this data. Should you need further information about the retention periods please contact us
on [email protected]

We retain data for limited periods when it needs to be kept for legitimate business or legal purposes. We try to ensure that our
services protect information from accidental or malicious deletion. Because of this, there may be delays between when you
delete something and when copies are deleted from our active and backup systems.

SHARING OF PERSONAL DATA WITH OTHER CATEGORIES OF RECIPIENT

Relevant data will also be disclosed or shared as appropriate (and in all cases in line with the Data Protection Laws) to/with
members and staff of Kiickr, to /with other entities within Game Lounge Group (for example in compliance with legal
obligations) and/or to/with affiliated entities and/or subcontractors for the following purposes:

1. To administer offers and promotion;
   
2. Assess and analyse marketing strategies and trends and market research and training;
   
3. Respond to your access requests and answer your GDPR-related questions;
   
4. When we believe, in good faith, that sharing your personal information is necessary to defend your rights, your safety
   of others, to investigate fraud or to comply with government requests;
   
5. To provide you with secure access and maintenance of our Website;
   
6. To establish, exercise and defend our legal rights;
   
7. To fulfil our legal obligations to regulatory authorities, in addition to fulfilling our obligations under applicable laws and
   relevant authorities in other jurisdictions;
   
8. Investigation, prevention and prosecution of offences;
   
9. To provide customer support and respond to questions and complaints;
   
   Details on the categories of recipients of the personal data may include:
   
   ● Marketing Partners: This includes social media platforms and other business partners to carry out marketing
   activities such as advertising campaigns, optimization, market analysis, and research on our behalf.
   
   ● Marketing Consultants: Professionals who provide marketing advice to us.
   
   ● Communication/Marketing Service Providers: Companies that facilitate communication with you via email, chat,
   SMS, and phone.
   
   ● Technical Support Providers: Suppliers that support the operation of our website and technical systems, including
   both front-end and back-end functions.
   
   ● Database Administrators: Technical administrators responsible for maintaining our Group database.
   
   ● Cloud Service Providers: Companies that offer cloud-based services such as storage and hosting software.
   
   ● Data Analytics and Business Intelligence Providers: Service providers that assist with data analytics and
   business intelligence.
   
   ● Game Lounge Group Companies: Other companies within the Game Lounge Group that provide various services
   and support for our functions.
   
   ● Professional Advisors: Lawyers, bankers, auditors, and insurers who offer consultancy, legal, banking, insurance,
   and accounting services.
   
   ● Payment Service Providers: Companies that process payment services for you.
   Moreover, the Company may share your personal data with:
   
   Other third parties to the extent necessary to: (i) comply with a government request, a court order or applicable law; (ii) prevent
   illegal uses of Our website, violations of Our website, its terms of use and Our policies; (iii) defend Ourselves against third party
   claims; and (iv) assist in fraud prevention or investigation.

To any other third party for which you have provided Us with your consent

Corporate restructuring: We may share your personal data with third parties, including entities within our Group of
Companies, to support our business operations or in scenarios where we decide to sell, transfer, or merge parts of our
business, assets, or operations. Should we undergo a merger, acquisition, or sale, your personal information would typically be
included in such transactions. Similarly, if we acquire or merge with another business, your personal data may be utilized by the
new owners in accordance with the terms outlined in this privacy notice. If such situations arise, you will be informed via email
and/or through updates on our website, or as stipulated by applicable guidelines, rules, or regulations. We have established or
will establish contractual agreements with these entities to ensure that your personal data remains confidential, is safeguarded
with appropriate security measures, and is not used by them for their own purposes.

AUTHORISED DISCLOSURES OF PERSONAL DATA TO THIRD PARTIES

Without prejudice to anything else contained in this Privacy Policy, personal data relating to You may be shared with authorised
third parties located in or outside of the EU/EEA where such disclosures are permitted or required pursuant to Data Protection
Laws and/or any other applicable legislation. These authorised third parties may include but are not limited to entities within
Game Lounge Group, other third parties and organisations such as law enforcement agencies, collaborating accounting and
auditing firms, regulators, relevant authorities and digital marketing providers. We may also share such personal data with
organisations who have introduced You to Us, third parties which You have asked Us or permitted Us to share Your data with
or any other third party which We must necessarily share Your personal data with so as to be able to provide the products
and/or services which You have requested. The personal data shared will depend on the product/s and or service/s You
choose to use.

When any such personal data has to be transferred outside of the EEA – European Economic Area, We ensure that all the
necessary and appropriate safeguards are in place. We may also disclose personal information to other companies within
associated or subsidiary companies and to business partners, or successors in title to Our business. The manner in which data
transfer outside the EEA is handled is detailed below. Your Personal Data will never be shared with third parties for their
marketing purposes (unless You give Your consent thereto).

Any authorised disclosures (whether within or outside the EU/EEA) will be done in accordance with the Data Protection laws
(for example, all Our processors are contractually bound by the requirements in the said Data Protection Laws, including a strict
obligation to keep any information they receive confidential and to ensure that their employees/personnel are also bound by
similar obligations). The said service providers (Our processors) are also bound by a number of other obligations (in particular,
those established in Article 28 of the GDPR).

Your Personal Data will never be shared with third parties for their marketing purposes (unless You give Your consent
thereto).

INTERNET COMMUNICATIONS

You will be aware that data sent via the Internet may be transmitted across international borders even where the sender and
receiver of information are located in the same country. We cannot be held responsible for anything done or omitted to be done
by You or any third party in connection with any Personal Data prior to Our receiving it including but not limited to any transfers
of Personal Data from You to Us via a country having a lower level of data protection than that in place in the European Union,
and this, by any technological means whatsoever (for example, WhatsApp, Skype, Dropbox etc.).

Moreover, We shall accept no responsibility or liability whatsoever for the security of Your data while in transit through the
internet unless Our responsibility results explicitly from a law having effect in Malta.

ACCURACY OF PERSONAL DATA

All reasonable efforts are made to keep any Personal Data We may hold about You up-to-date and as accurate as possible.
You can check the information that We hold about You at any time by contacting Us in the manner explained below. If You find
any inaccuracies, We will correct them and where required, delete them as necessary. To protect your privacy and security, we
will also take reasonable steps to verify your identity before granting access or making corrections. Please see below for a
detailed list of Your legal rights in terms of any applicable data protection law.

LINKS TO THIRD PARTY SITES

Links that We provide to third-party websites are clearly marked and We are not in any way whatsoever responsible for (nor
can We be deemed to endorse in any way) the content of such websites (including any applicable privacy policies or data
processing operations of any kind). We suggest that You read the privacy policies of any such third-party websites.

TRANSFER OF DATA OUTSIDE OF THE EEA

Your personal data will only be transferred outside of the EEA or any other non-EEA country which has been deemed by the
European Commission to offer an adequate level of protection (also referred to as “white-listed countries” – listed

here https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-
decisions_en) in the following circumstances: When You have expressly consented Us to do so; when it is necessary to
constitute or execute a contract entered between You and Kiickr; or to be compliant and in line with any and all legal obligations
or duties.

In the event that personal data is transferred outside of the EEA, within Kiickr or to any of Kiickr’s business partners, We ensure
to implement all appropriate safeguards to ensure that the same protection is afforded and the same standards are applied as
would be within the EEA. You are entitled to receive a copy of such safeguards by contacting Us at the address below.

Contracts containing the EU Standard Contractual clauses (EU Model Clauses) will be used which require the entity receiving
the personal data to use the same standards as they would be subject to within the EEA. Personal Data will only be transferred
to the USA if (i) the entity receiving the data is registered with the EU-U.S. Data Privacy Framework (a framework that ensures
personal data protection, (ii) and we have conducted appropriate due diligence on the recipient to ensure that we are satisfied
of its compliance with the DPF Principles.

DATA SUBJECT RIGHTS

Kiickr undertakes to assist You in the best way possible should You choose to exercise any of Your rights with respect to Your
Personal Data. In certain cases We might need to verify Your identity prior to acceding to Your request to exercise any relevant
right. Your principal rights are as follows, however, please note that some of these rights will be subject to exemptions:

● Access to your Personal Data

● An electronic copy of your Personal Data and/or the transfer of this data to a third party (portability), to be provided in
a structured, commonly-used machine readable format.

● Correction of your Personal Data if it is incomplete or inaccurate

● Deletion or restriction of your Personal Data in certain circumstances by applicable law.

● The right to restrict or object to processing of your Personal Data

● The right to withdraw consent

● Rights in related to automated decision making and profiling.

The Right To Lodge A Complaint

You have the option to submit complaints to the relevant Data Protection Supervisory Authority. Given that our primary EU
establishment is situated in Malta, the Maltese Information and Data Protection Commissioner (IDPC) serves as our Lead
Supervisory Authority. We request that you first try to resolve any concerns with us directly, although you retain the right to
contact the competent authority at any time, as previously mentioned.

Information We May Require From You

When you exercise your rights by contacting us, we may need to ask for specific information to verify your identity and confirm
your right to access your personal data (or to exercise any other rights you have). This is a security measure designed to
prevent unauthorized disclosure of personal data. Additionally, we may reach out to you for additional information related to
your request in order to expedite our response. 

Response Time Limit

We aim to respond to all valid requests within one month (unless a shorter time frame is mandated by law). If your request is
particularly complex or if there are multiple requests, it may occasionally take us longer than a month to respond. If this occurs,
we will notify you and keep you informed of the progress.

Other info about user data storage

We employ features such as a comparison tool and sticky banner on our website to enhance your user experience. When you
choose to interact with such features, we utilize functionality that stores certain data (for example, what you clicked on or added
to the comparison tool) in the session storage feature of your web browser. We do not process any personal data through such features. Additionally, we store the visual state of the comparison toolbar, which indicates whether it is ‘open’, ‘closed’, or
‘minimised’. This state information allows us to maintain the preferred view of the toolbar for your subsequent website visits.

CHANGES TO THIS PRIVACY POLICY

Kiickr reserves the right to make changes to the privacy policy at any time.  It is recommended to check this page often,
referring to the date of the last update. Should the changes affect activities performed on the basis of the User’s consent, Kiickr
shall collect new consent from the User, where required.