SPITCHE PRIVACY POLICY

SPITCHE S.A.S., WITH ITS REGISTERED OFFICE AT 2 RUE NIEPCE 60200 COMPIEGNE.
(“SPITCHE” OR “WE” OR “US”) IS COMMITTED TO PROTECTING THE PERSONAL DATA OF OUR CUSTOMERS, INDIVIDUALS WHO VISIT OUR WEBSITE AND PLATFORM AT THE DOMAIN SPITCHE.COM AND APP.SPITCHE.COM (“OUR WEBSITE AND PLATFORM”) , INDIVIDUALS WHO CONTACT US VIA CONTACT FORMS ON OUR WEBSITE, INDIVIDUALS RECEIVE MARKETING COMMUNICATION OR NEWSLETTERS FROM US, APPLICANTS FOR A JOB IN ACCORDANCE WITH THE REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL OF 27 APRIL 2016 ON THE PROTECTION OF NATURAL PERSONS WITH REGARD TO THE PROCESSING OF PERSONAL DATA AND ON THE FREE MOVEMENT OF SUCH DATA AND REPEALING DIRECTIVE 95/46/EC (HEREINAFTER REFERRED TO AS “GDPR”) AND ACT NO. 18/2018 COLL. ON PERSONAL DATA PROTECTION

(HEREINAFTER REFERRED TO AS “DATA PROTECTION ACT”).

THIS PRIVACY POLICY IS BINDING TO (I) ALL OUR CUSTOMERS WHO ARE PROVIDED WITH THE SERVICES BASED ON THE AGREEMENT AS DEFINED IN THE GENERAL TERMS AND CONDITIONS – SPITCHE PLATFORM, (II) VISITORS OF OUR WEBSITES, (III) INDIVIDUALS WHO CONTACT US THROUGH OUR WEBSITE, (IV) JOB APPLICANTS (ALL THE PREVIOUSLY MENTIONED INDIVIDUALS HEREINAFTER REFERRED TO AS “YOU”).

DATA PROCESSING

IF YOU ARE AN INDIVIDUAL INTERESTED IN COOPERATION WITH SPITCHE (CANDIDATE FOR A JOB, PROSPECTIVE PARTNER/SUPPLIER/CUSTOMER), YOU MAY CONTACT US VIA CONTACT FORMS AVAILABLE ON OUR WEBSITE. IN SUCH CONTACT FORM YOU ARE REQUIRED TO PROVIDE INFORMATION THAT INCLUDES YOUR FULL NAME, COMPANY EMAIL, PHONE NUMBER. WE PROCESS THIS DATA FOR THE PURPOSE OF HANDLING YOUR REQUEST REGARDING OUR FUTURE COOPERATION. THE LEGAL GROUND FOR PROCESSING THIS DATA IS ARTICLE 6 (1) B) GDPR CONTRACT PERFORMANCE. SPITCHE PROCESSES THIS DATA AS THE CONTROLLER WITHIN THE MEANING OF ARTICLE 4 (7) GDPR.

CONTRACTUAL RELATIONSHIP. SPITCHE PROCESSES PERSONAL DATA OF ITS EXISTING CUSTOMERS IN ORDER TO PROVIDE THEM WITH SERVICES. THE DATA PROCESSED FOR SUCH PURPOSE MAY INCLUDE: FULL NAME, COMPANY EMAIL, PHONE NUMBER, DATA IN THE ACCOUNT, COMPANY NAME, INDUSTRY AND OTHERS. THE LEGAL GROUND FOR PROCESSING THIS DATA IS ARTICLE 6 (1) B) GDPR CONTRACT PERFORMANCE. SPITCHE PROCESSES THIS DATA AS THE CONTROLLER WITHIN THE MEANING OF ARTICLE 4 (7) GDPR.

SPITCHE PROCESSES PERSONAL DATA OF INDIVIDUALS WHO SUBSCRIBED FOR RECEIVING PERSONALIZED (TARGETED) NEWSLETTERS. THE LEGAL GROUND FOR PROCESSING THIS DATA IS CONSENT ACCORDING TO ARTICLE 6 (1) A) GDPR. YOU HAVE THE RIGHT TO WITHDRAW YOUR CONSENT AT ANY TIME (FOR MORE INFORMATION PLEASE SEE SECTION 9 HEREOF). SPITCHE PROCESSES THIS DATA AS THE CONTROLLER WITHIN THE MEANING OF ARTICLE 4 (7) GDPR.

THE DATA PROCESSED FOR SUCH PURPOSE MAY INCLUDE: EMAIL ADDRESS, GENDER, LOGIN INFORMATION, TIME ZONE SETTING, OPERATING SYSTEM AND PLATFORM, INFORMATION ABOUT VISITS INCLUDING THE URL, THE SEARCH TERMS, INFORMATION ABOUT WHAT YOU VIEWED OR SEARCHED ON OUR WEBSITE, PAGE RESPONSE TIMES, DOWNLOAD ERRORS, LENGTH OF VISITS TO CERTAIN PAGES, PAGE INTERACTION INFORMATION, (SUCH AS SCROLLING, CLICKS, AND MOUSE-OVERS) AND THE METHODS USED TO BROWSE AWAY FROM THE PAGE, ACTIVITIES OF USERS, BROWSING WEB PAGES. IN EVERY EMAIL WE WILL PROVIDE YOU WITH THE OPPORTUNITY TO EXERCISE AN OPT-OUT CHOICE IF YOU DO NOT WANT TO RECEIVE ANY FURTHER MARKETING COMMUNICATIONS FROM US. THE OPT-OUT CHOICE MAY BE EXERCISED BY CLICKING ON THE “UNSUBSCRIBE” LINK LOCATED AT THE BOTTOM OF OUR MARKETING EMAILS.

SPITCHE PROCESSES PERSONAL DATA FOR THE PURPOSE OF TARGETED EMAIL MARKETING TO EXISTING CUSTOMERS. THE DATA PROCESSED FOR SUCH PURPOSE MAY INCLUDE: EMAIL ADDRESS, GENDER, LOGIN INFORMATION, TIME ZONE SETTING, OPERATING SYSTEM AND PLATFORM, INFORMATION ABOUT VISITS INCLUDING THE URL, THE SEARCH TERMS, INFORMATION ABOUT WHAT YOU VIEWED OR SEARCHED ON OUR WEBSITE, PAGE RESPONSE TIMES, DOWNLOAD ERRORS, LENGTH OF VISITS TO CERTAIN PAGES, PAGE INTERACTION INFORMATION, (SUCH AS SCROLLING, CLICKS, AND MOUSE-OVERS) AND THE METHODS USED TO BROWSE AWAY FROM THE PAGE, ACTIVITIES OF USERS, BROWSING WEB PAGES. THE LEGAL GROUND FOR

PROCESSING THIS DATA IS OUR LEGITIMATE INTEREST ACCORDING TO ARTICLE 6 (1) F) GDPR. SPITCHE PROCESSES THIS DATA AS THE CONTROLLER WITHIN THE MEANING OF ARTICLE 4 (7) GDPR. YOU HAVE THE RIGHT TO OBJECT TO SUCH PROCESSING (FOR MORE INFORMATION PLEASE SEE SECTION 9 HEREOF). IN EVERY EMAIL WE WILL PROVIDE YOU WITH THE OPPORTUNITY TO EXERCISE AN OPT-OUT CHOICE IF YOU DO NOT WANT TO RECEIVE ANY FURTHER MARKETING COMMUNICATIONS FROM US. THE OPT-OUT CHOICE MAY BE EXERCISED BY CLICKING ON THE “UNSUBSCRIBE” LINK LOCATED AT THE BOTTOM OF OUR MARKETING EMAILS.

IF YOU GET IN TOUCH WITH US THROUGH ANY CONTACT FORM, WE HAVE ON OUR WEBSITE WE WILL PROCESS YOUR NAME, EMAIL ADDRESS, PHONE NUMBER, COMPANY AND OTHER DATA YOU PROVIDE US WITH. WE WILL PROCESS THE DATA FOR THE PURPOSE OF DEALING WITH YOUR REQUEST. THE LEGAL GROUND FOR PROCESSING THIS DATA IS CONSENT UNDER ARTICLE 6 (1) A) GDPR. SPITCHE PROCESSES THIS DATA AS THE CONTROLLER WITHIN THE MEANING OF ARTICLE 4 (7) GDPR.

SHARING OF INFORMATION COLLECTED

SPITCHE WILL SHARE YOUR PERSONAL DATA WITH THIRD PARTIES ONLY IN THE WAYS THAT ARE DESCRIBED IN THIS PRIVACY POLICY. WE USE TRUSTED THIRD PARTIES THAT ACT AS OUR PROCESSORS TO PROVIDE SERVICES ON OUR BEHALF. WE USE THE FOLLOWING CATEGORIES OF PROCESSORS: – DATA CENTRES, HOSTING – MARKETING TOOLS – TOOLS FOR ANALYTICS AND TRACKING – TOOLS FOR RUNNING EVENTS, POLLS OR SURVEYS – BUSINESS OPERATIONS/MANAGEMENT TOOLS – TASK MANAGEMENT AND COMMUNICATION TOOLS

SUBJECT TO THE PREVIOUS PARAGRAPHS, YOUR PERSONAL DATA SHALL NOT BE SHARED OR PROVIDED TO ANY OTHER THIRD PARTY WITHOUT YOUR CONSENT EXCEPT FOR THE FOLLOWING CASES: (I) WHERE SPITCHE IS OBLIGED TO PROVIDE PERSONAL DATA BY LAW OR AN ORDER OF PUBLIC AUTHORITY; OR (II) IF PERSONAL DATA SHARING IS MANDATED BY APPLICABLE LAW.

IF THIRD-PARTY PROVIDERS ARE ESTABLISHED OUTSIDE OF THE EU/EEA, SPITCHE SHALL ENSURE THAT IT COOPERATES ONLY WITH THIRD-PARTY PROVIDERS THAT ARE LOCATED IN COUNTRIES THAT ENSURE ADEQUATE LEVELS OF PROTECTION BASED ON THE EUROPEAN COMMISSION’S ADEQUACY DECISION, OR THAT SPITCHE HAS ENTERED INTO AGREEMENTS WITH CORRESPONDING STANDARD CONTRACTUAL CLAUSES THAT ENSURE ADEQUATE SAFEGUARDS WITH RESPECT TO THE PROTECTION OF THE PRIVACY AND FUNDAMENTAL RIGHTS AND FREEDOMS OF INDIVIDUALS.

DATA RETENTION

GENERALLY PERSONAL DATA SHALL BE KEPT FOR AS LONG AS NECESSARY FOR THE PURPOSE FOR WHICH IT WAS PROCESSED. FOR HOW LONG SPITCHE WILL HOLD YOUR PERSONAL DATA WILL AS WELL DEPEND ON THE LEGAL BASIS ON WHICH YOUR DATA IS PROCESSED. SHALL THE PROCESSING BE BASED ON LEGITIMATE INTEREST YOUR DATA WILL BE PROCESSED FOR AS LONG AS THE GIVEN LEGITIMATE INTEREST OF SPITCHE IS IN PLACE AND SHALL BE ERASED AFTER. FOR DATA KEPT BASED ON LEGAL OBLIGATIONS THE DATA RETENTION PERIOD IS PRESCRIBED BY APPLICABLE LEGAL REGULATIONS AND SHALL BE DELETED ONCE THE LEGALLY PRESCRIBED TIME PERIOD LAPSES. FOR DATA PROCESSED BASED ON PERFORMANCE OF A CONTRACT THE DATA IS PROCESSED FOR THE DURATION OF THE CONTRACTUAL RELATIONSHIP AND FOR AN APPLICABLE LIMITATION PERIOD. THIS DATA IS THEN ERASED AFTER. SHALL THE PROCESSING BE BASED ON YOUR CONSENT YOUR PERSONAL DATA SHALL BE ERASED AFTER YOU WITHDRAW YOUR CONSENT. PLEASE BEAR IN MIND THAT THE SAME DATA MAY AS WELL BE PROCESSED BASED ON OTHER LEGAL BASIS IN WHICH CASE YOUR WITHDRAWAL OF CONSENT MIGHT NOT MEAN A FULL ERASURE OF YOUR DATA.

SPITCHE AS A DATA PROCESSOR

WHILE USING OUR SERVICES, OUR CUSTOMERS MAY BE PROVIDING US WITH THEIR CLIENTS’ PERSONAL DATA. THIS DATA MAY INCLUDE FOLLOWING: (IP) ADDRESS, NAME, SURNAME, GENDER, BIRTH DATE, EMAIL ADDRESS, LOGIN INFORMATION, TIME ZONE SETTING, OPERATING SYSTEM AND PLATFORM, INFORMATION ABOUT VISITS INCLUDING THE URL, THE SEARCH TERMS, INFORMATION ABOUT WHAT THEY VIEWED OR SEARCHED ON OUR WEBSITE, PAGE RESPONSE TIMES, DOWNLOAD ERRORS, LENGTH OF VISITS TO CERTAIN PAGES, PAGE INTERACTION INFORMATION, (SUCH AS SCROLLING, CLICKS, AND MOUSE-OVERS) AND THE METHODS USED TO BROWSE AWAY FROM THE PAGE, ACTIVITIES OF USERS, BROWSING WEB PAGES AS WELL AS FACEBOOK / INSTAGRAM ACTIONS AND BEHAVIOUR IN ACCORDANCE TO THE CORRESPONDING SOCIAL MEDIA DEVELOPERS AND THIRD-PARTY APP TERMS AND CONDITIONS AND PRIVACY POLICIES (HTTPS:// DEVELOPERS.FACEBOOK.COM/TERMS/).

SPITCHE ANALYZES OUR CUSTOMERS’ CLIENTS’ PERSONAL DATA TO BUILD INDIVIDUAL PROFILES AND GROUP ANALYTICS. THESE PROFILES ARE USED TO PREDICT FUTURE INTERESTS ANDIDENTIFIED THE USERS AND THEIR BEHAVIOUR. THE AIM IS TO PROVIDE CUSTOMERS’ CLIENTS WITH OFFERS THAT ARE RELEVANT AND INTERESTING FOR THEM. SPITCHE DOES NOT MAKE ANY DECISIONS BASED SOLELY ON AUTOMATED PROCESSING WHICH PRODUCE LEGAL EFFECTS CONCERNING OUR CUSTOMERS’ CLIENTS OR WHICH SIGNIFICANTLY AFFECT OUR CUSTOMERS’ CLIENTS. SPITCHE PROCESSES THIS DATA AS THE PROCESSOR WITHIN THE MEANING OF ARTICLE 4 (8) GDPR. THE CUSTOMERS HAVE THE OBLIGATION TO ENSURE THAT THEY HAVE COLLECTED THEIR CLIENTS’ RESPECTIVE CONSENTS AND APPROVAL IN ORDER TO PROCESS SUCH DATA IN ACCORDANCE WITH GDPR , OTHER APPLICABLE DATA PROTECTION LAW AND THE GENERAL TERMS AND CONDITIONS – SPITCHE PLATFORM.

ACCESS TO YOUR SPITCHE APPLICATION IS PROTECTED WITH USERNAME AND PASSWORD. YOU ARE RESPONSIBLE FOR MAINTAINING THE CONFIDENTIALITY OF YOUR CREDENTIALS, AND WE STRONGLY RECOMMEND THAT YOU DO NOT DISCLOSE YOUR USERNAME OR PASSWORD TO ANYONE. WE WILL NEVER ASK YOU FOR YOUR PASSWORD IN ANY UNSOLICITED COMMUNICATION. PLEASE NOTIFY OUR DATA PROTECTION OFFICER IMMEDIATELY OF ANY UNAUTHORIZED USE OF YOUR ACCOUNT CREDENTIALS OR ANY OTHER SUSPECTED BREACH OF SECURITY.