Privacy Policy

1. – SCOPE OF APPLICATION AND RESPONSIBILITY

The Company is responsible for the processing of your personal data (e.g., information that identifies a person, such as their full name or email address) collected through our services, in accordance with this Privacy Policy. This Privacy Policy, like our Cookie Policy, applies to all users, whether they use our services without registering or subscribing to any of them or those who have registered or subscribed to any of our services. For clarification purposes, this Privacy Policy does not apply to data collected by third parties through their websites, even if any of those websites contain links to the Company´s Website. The Company is not responsible for any content within the privacy policy of third parties, and makes no warranties, express or implied, regarding the accuracy, legality, correctness, or validity of any third-party website.

2. – COMPANY SERVICES

The Website offers you the possibility to manage your user area, configure alerts, receive newsletters, information, and advertising about the products and services of the Company and/or third parties. The aforementioned newsletters, information, and advertising will be based on the areas of interest you have indicated to us, in accordance with the criteria of the website and your profile. If you wish, you can also participate in various promotions, contests, and sweepstakes. To use the Company´s services, you must register on the Website through the provided registration form and freely and expressly consent to the processing of your data, this Privacy Policy, and our Cookie Policy. In this regard, you can select, by checking certain boxes, at least three (3) fields of interest from the options provided by the Website. Additionally, if you wish, you may accept the transfer of your anonymized data (anonymized through encryption and the use of electronic pseudonym), so that we can combine it with other information and enrich the data. This procedure would be carried out through technical means in a completely anonymous and non-identifiable manner. The data transfer aims to combine information from different sources to increase information related to areas of interest, which may have been defined directly through navigation or other subscriptions, and enhance our advertising campaigns. All this without prejudice to your privacy, which is guaranteed through the encryption and compartmentalization of your data.

3. – PERSONAL DATA COLLECTED BY THE COMPANY

The Company collects information to provide you with services, either directly through personal data provided directly to the Company, or indirectly through the use of the Website and the services it provides (device-related information, registration data, and physical location). In particular, the Company collects the following data from and about you:

a. Data provided by the user for registration in a Company service, through subscription forms. Subscription forms request personal data through mandatory or optional fields that the user must complete, such as their name, phone number, and email address, so that we can manage our mailing lists and send you personalized online advertising. Subscription to mailing lists is done through the Hermes and Perseus tools. Email sending is managed by the Company, which verifies your email beforehand. To verify it, you will receive an email from the Company with the subject “Successfully registered in our exclusive offers newsletter” or similar in your inbox. We will use the provided data to send you advertising from our clients. Registration information may include, among other data, name, surname, email address, gender, country, postal code, and date of birth, areas of interest, and academic/professional aspects. At any time, you can revoke your consent or inform us that you have not subscribed to any of our services, following the instructions in Section 13 of this Privacy Policy.

b. Social media information. If you access or register for a Company service through a social network or connect a Company service to a social network, the data we obtain may include your user identity and/or the username you have associated with that social network, any information you allow the social network to share with us (such as your profile picture, email address, or friend lists), and any other personal data you have made public through that social network. These social networks may collect a lot of personal data and information, such as the websites you have visited and your IP address, and may install cookies on your device to allow the proper functioning of the social network services. The Company is not responsible for the security or privacy of the information collected by these third parties. You must read and understand the policies applicable to the third-party services you use or access before giving your consent to these third parties. Likewise, you must configure these services according to your interests. When you access our services through a social network or when you connect a Company service to a social network, you are authorizing the Company to obtain, store, and use such personal data and content in accordance with this Privacy Policy.

c. Information submitted to the Company through a contact form. There is a contact form on the Website for inquiries, suggestions, and/or professional matters. If you contact us through this online form, we will use your email address to respond to you and send you the information requested by you, if applicable.

d. Activity data. When you access and interact with our Services, we may obtain certain information about those actions. For example, to enable your connection to the Company´s services, our servers receive and store information about your device and your browser, potentially including your IP address, browser type, and other information about the software or hardware used. We may also install cookies and other tracking technologies (such as browser cookies, pixels, and beacons). These technologies may be used to obtain and store information about your use of our services, such as the pages you visit, the videos and other content you view, the searches you perform, and the ads shown to you. For more information, please visit our Cookie Policy.

e. Information from other sources. We may supplement the information we collect with information from other sources, such as publicly available information on social media services and commercially available sources. Your personal data will be retained for two (2) years from the date they were provided to the Company. We will use the data to fulfill the purposes for which they were collected. However, the retention period of your data will always be subject to the unsubscribe request from the mailing list or blog subscription, unless there is a legitimate interest of the Company, which will prevail over your interests, or to take legal action. At the end of the retention period, your personal data will be deleted, anonymized, or aggregated.

4.- USE OF DATA COLLECTED BY THE COMPANY

We use the personal data we collect from and about you to:

a) Provide you with the Company´s services;

b) Measure, analyze, and improve our services and their features;

c) Provide you with our customer support service and respond to your queries;

d) Protect the rights of the Company and others, such as entities belonging to the Group or their employees, agents, contractors, licensors, and providers; users of the Company´s services or third parties; and providers of the Company;

e) Enable you to manage your browsing and alert settings;

f) Enable you to participate in and subscribe, when possible, to promotions, contests, and/or sweepstakes;

g) Comply with applicable laws or legal proceedings and/or respond to requests from authorities or governmental entities;

h) Carry out corporate operations (e.g., merger, sale, joint venture, assignment, transfer, or other disposition of all or part of the business, assets, or shares of the Company, including those carried out within the framework of insolvency proceedings or other similar procedures). For example, if the Company is in the process of merging or transferring all or a substantial part of its business, the Company may communicate or transfer your personal data to the party or parties involved in such operation, as part of that transaction;

i) Allow you to log in to the Company´s services through a social network;

j) Send you (via email, SMS, phone, multimedia messaging services, calls, chat and social networks, or other means of communication) offers, promotions, or other commercial communications related to services and/or products of the Company, Group entities, and/or third parties operating in the sectors indicated by you, as applicable, as well as other sectors you may be interested in (according to the criteria of the Website and/or your user profile and depending on your cookie settings in your browser). You can read our Cookie Policy here;

k) With your “prior consent,” transmit or assign data to third parties for the purpose of conducting commercial and telemarketing practices in different sectors of activity in which you may be interested. Personal data may be used for the purpose of segmenting and analyzing. Advertising may be sent by third-party companies. This processing is optional and applies only if you expressly agree that your data be transmitted to third parties.

The aforementioned sectors are as follows:

For clarification purposes, the Company will carry out permission e-mail marketing and direct marketing actions, telemarketing; will develop profiles and segmentations in its data; and/or will combine files containing your data. On occasion, we proceed to profile to assess certain personal aspects of an individual, particularly to analyze or predict aspects related to performance, personal preferences, interests, reliability, behavior, location, or movements in order to segment advertising campaigns with the purpose of achieving their effectiveness and thus offer advertising that may be of interest to the user. The Company collects data that is adequate, relevant, and not excessive in relation to the scope and purposes indicated in this Privacy Policy.

5.- PURPOSE OF DATA PROCESSING AND LEGITIMIZING BASIS

Your data is collected and processed by the Company for the following purposes:

• Data processing described in sections a) to f) of Section 4 of this Privacy Policy is necessary for the provision of the Company´s services. The requested personal data is mandatory, and refusal to provide it will result in the impossibility of carrying out the contracted services.

• Data processing described in section g) of Section 4 of this Privacy Policy is mandatory and is requested in accordance with applicable laws.

• Section h) of Section 4 of this Privacy Policy is based on the legitimate interest of the Company and its counterparts to carry out the mentioned economic activities. This data processing is not mandatory, and you can object at any time, following the instructions in Section 13 of this Privacy Policy.

• Section i) of Section 4 of this Privacy Policy is discretionary, although without your consent, it is impossible to connect a social media account with the Company´s services. In this regard, without your consent, when logging into the Company´s services, you will need to use a different mechanism.

• Section 4, letters j) and k), is discretionary, although without your consent, the Company and/or third parties cannot provide you with generic commercial communications of the Company´s services and/or products, or communications based on your interests and needs. On occasion, we carry out segmentation of advertising campaigns to achieve their effectiveness through profiling. This profiling is only done with the data that the interested party has provided and consented to directly with the company or through its website in the registration form (such as name, phone number, and email address…), in order to manage our mailing lists and send you personalized online advertising. Under no circumstances will tracking of individuals across different websites, applications, and/or services be carried out.

• With your “prior consent,” transmit or transfer data to third parties for the purpose of conducting commercial and telemarketing practices in different sectors of activity in which you may be interested.

If you are interested in revoking your consent for the processing of your personal data or exercising your right to object to receiving commercial communications, please contact us at the addresses listed in Section 13 of this Privacy Policy or, for the purposes of section i) of Section 4, click on the unsubscribe link available in any commercial communication. Please remember that, by selecting the corresponding box, you are giving your free and express consent to receive advertising, the transfer of your data to third parties, as well as our Terms and Conditions, Privacy Policy, and Cookie Policy. The Company, to carry out direct marketing actions, will enter into agreements with third parties. These third parties are suitable service providers who carry out their activities in the sectors indicated in Section 4 of this Privacy Policy. These service providers will process the data following the precise instructions of the Company and in strict compliance with legal regulations on personal data protection, information security, and other applicable regulations. In general, they will perform tasks for the Company regarding your interests in certain products or advertising campaigns, as well as for the conversion of these campaigns into product purchases or service subscriptions. This will require providing your data to these third parties so that they can carry out direct marketing actions. This data processing is based on the existing contractual relationship between the Company and you, with prior registration and consent for data processing.

6.- TYPES OF DATA PROCESSING

Your personal data is processed through automated and non-automated means and is protected by appropriate security measures, taking into account the state of the art, implementation costs, the nature, scope, context, and purposes of processing. In this sense, the Company uses administrative, technical, personnel, and physical measures appropriate to protect personal data in its possession against loss, theft, and unauthorized use, disclosure, or alteration. Our information security policies and procedures are closely related to international standards, which are widely accepted and reviewed and updated regularly when necessary to meet the needs of our business, technological changes, and regulatory requirements. The Company has designed a business continuity plan aimed at addressing any type of adverse and unexpected event in order to safeguard the continuity of our service for our clients and protect our assets and our personnel. We appropriately restrict access to personal information and implement necessary measures and controls, including physical and monitoring measures, to store and transfer data securely. Additionally, we require our employees and contractors to receive ongoing training in the area of information security. However, please note that internet security measures are not fail-proof.

7.- ACCESS TO YOUR PERSONAL DATA AND INTERNATIONAL DATA TRANSFERS

The Company may share your personal data with the following categories of recipients, in compliance and within the limits established by applicable law:

• Third-party service providers to whom the Company entrusts data processing activities, duly designated as data processors when required by applicable laws. For example, cloud service providers, other entities of the Group, information technology service providers, experts, consultants, and lawyers, among others. You can request a list of our data processors at the addresses listed in Section 13 of this Privacy Policy.

• Companies resulting from corporate transactions, such as possible mergers, spin-offs, or other transformations.

• Collaborating companies. With your prior consent, the Company may share your personal data with collaborating companies in the sectors indicated by you—according to Sections 2 and 4 of this Policy— to send you commercial communications.

• Competent authorities, for the purpose of complying with applicable laws. Your personal data may be transferred to countries within and outside the European Economic Area (“EEA”). Certain countries outside the EEA have been recognized by the European Commission as countries that provide an adequate level of data protection, in accordance with EEA standards. The complete list of these countries is available at http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm. For transfers from the EEA to countries that the European Commission does not consider adequate, we have established sufficient measures and appropriate safeguards designed to protect your personal data and the transfer of your data, all in accordance with applicable data protection regulations, such as the standard contractual clauses adopted by the European Commission, in accordance with Articles 45 and 46 of the EU General Data Protection Regulation 679/2016 (“GDPR”). You have the right to request additional information about your personal data by contacting the Company at the addresses indicated in Section 13 of this Privacy Policy.

8.- AGE TO REGISTER ON THE WEBSITE AND ACCOUNT SECURITY

Registration on the Website is limited to users over eighteen (18) years of age. An authentication mechanism does not allow the registration of (a) those who do not enter their year of birth with valid characters, which must demonstrate that you are of legal age, and (b) those who do not expressly accept their legal age. By registering on the Website, you guarantee that you are of legal age. All registration information you submit to create an account must be true, accurate, complete, and up-to-date. You acknowledge that you will be responsible for any direct or indirect damages that may result from any breach of this obligation. If the provided data belongs to a third party, you guarantee that you have informed said third party of the aspects included here and have obtained their consent to provide the data to the Company for the purposes specified in this Privacy Policy. You are responsible for maintaining the confidentiality of your password and are responsible for the use of your account. Therefore, it is crucial not to share your password with anyone. You agree not to use another member´s or subscriber´s account, username, email address, or password at any time. You agree to notify the Company immediately if you suspect unauthorized use or access to your account or password.

9.- RIGHTS OF DATA SUBJECTS REGARDING THEIR DATA

Through this Privacy Policy, we inform you that you have the right to exercise your rights, free of charge and whenever you deem it appropriate, as established by current regulations, in relation to: • Access to your own personal data; • Rectification of inaccurate or incomplete data; • Deletion of your personal data; • Opposition to the processing of your data; • Obtain the restriction of the processing of your data when one of the conditions provided for in data protection regulations is met; and • Data portability. To exercise the aforementioned rights, you can send your request by email to dpd@arkeero.com or by written communication addressed to Rock Internet, S.L., Calle Barquillo, 8, 2nd left, 28004 Madrid. Please accompany your request with a copy of your identity document to prove that you are the data subject. If you believe that the Company has violated, or may have violated, your rights under applicable data protection regulations, you can file a complaint with the relevant supervisory authority. In Spain, the supervisory authority is the Spanish Data Protection Agency (www.aepd.es), located at Calle Jorge Juan, 6, 28001 Madrid (Spain).

10.- COMMERCIAL COMMUNICATIONS

The content of communications sent by electronic means complies with the regulations established in the GDPR, Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights (“LOPDGDD”), and Law 34/2002, of July 11, on services of the information society and electronic commerce (“LSSI”). These emails include an unsubscribe link for our commercial communications, as well as the instructions you should follow if you are interested in exercising your rights regarding data protection, in accordance with Section 9 of this Privacy Policy.

11.- INFORMATION SECURITY

For inquiries related to the products or services of Third-Party Providers once contracted, Users should contact the Third-Party Provider of said service or product. On the contrary, any complaints and claims regarding the provision of Arkeero´s own services must be sent, in any case, to the Company through the contact details provided in the above lines.

12.- DECLARATION OF GOOD PRACTICES

The Company complies with current legislation, particularly with the provisions of the GDPR, the LOPDGDD, Good Practices Codes in Data Protection, and the LSSI. The Company does not send commercial communications by electronic means that have not been previously requested or authorized by the User in accordance with current legislation. The Company will terminate agreements with advertising companies or members of the affiliate network that engage in practices contrary to current legislation.

13.- VALIDITY OF THE PRIVACY POLICY

The Company may modify or update this Privacy Policy for any reason (including, among others, changes in applicable laws and interpretations, decisions, opinions, and instructions related to such applicable law. Please check the Effective Date at the top of this Privacy Policy to see when it was last reviewed. Any changes to the Privacy Policy will be notified sufficiently in advance by publishing the updated Privacy Policy on the Website. Substantial modifications to this Privacy Policy that alter the nature of the processing or expand our rights to use your personal data collected by us will be notified in advance, and we will provide you with an option regarding our future use of such personal data, in accordance with applicable law.

14.- APPOINTMENT OF DPO. CONTACT US

The company has appointed a data protection officer (DPO). If you have any questions regarding this Privacy Policy, please contact us at the following addresses: • Email address: dpd@arkeero.com • Postal address: Rock Internet, S.L., Calle Barquillo, 8, 2nd floor left, 28004 Madrid, Spain.