ADFINITYS PTE.LTD. | DSP広告・デジタル広告代理店

PRIVACY POLICY

Effective Date: February 21, 2026

1. About ADFINITYS PTE. LTD.

ADFINITYS PTE. LTD. operates an advertising platform enabling advertisers to serve ads on third-party mobile applications and websites. The company collects personal information from site visitors, business representatives (Customers), and individuals visiting Customer websites (Users) to customize advertising and measure campaign effectiveness.

1.1 Defined Terms

For the purposes of this Privacy Policy, the following terms have the meanings set out below:

"ADFINITYS", "we", "us" or "our" means ADFINITYS PTE. LTD., a company incorporated in Singapore (UEN: 202531738E), with its registered office at 152 Beach Road, #23-02 Gateway East, Singapore 189721.

"Customers" means business entities (and their business representatives) that use our Services, including advertisers, publishers and other advertising business partners.

"Authorized Users" means individuals who have been granted access to a Customer's account on our Services by such Customer, including employees, contractors and agents of the Customer who are authorised to access and use the Services in connection with the Customer's account.

"Users" means individuals who visit, access or otherwise interact with websites, mobile applications or other digital properties operated by our Customers where our advertising technology is integrated.

"Website Visitors" means individuals who visit, access or otherwise interact with the websites and online services operated directly by ADFINITYS.

"Services" means, collectively, our advertising technology platform, websites, mobile applications, products, features, content and related services provided by ADFINITYS, whether accessed directly or through our Customers' integrations.

"Personal Data" or "Personal Information" means any information that, alone or in combination with other information, identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an identified or identifiable individual, as further defined under applicable law.

"Sites" means the websites operated by ADFINITYS, including but not limited to adfinitys.com.

"Privacy Policy" means this privacy policy, together with the Cookie Notice and all Additional Regional Privacy Disclosures.

2. Information We Collect

2.1 Personal Data About Users

The platform collects data enabling customized ad delivery including:

Unique identifiers (cookie IDs, session IDs, customer IDs) for serving ads and measuring attribution
Approximate location based on IP addresses
Activity information on Customer websites: pages visited, keywords searched, time spent, products viewed/purchased, prices, product categories, transaction quantities and currencies, product and order IDs
Access and usage patterns showing referral sources, exit destinations, access frequency, multi-device access, browsing behaviors
Device specifications: type, model, unique identifiers, operating system, screen dimensions, browser information
Analytics data including traffic and demographic measurements via tools like Google Analytics
Interaction metrics with advertisements: impressions, clicks, subsequent purchase visits

2.2 Information from Customers and Authorized Users

Collected personal information includes:

Contact details: names, email addresses, company names, job titles, geographic location, communication preferences, custom messages
Account information: credentials, profile data, dashboard information, campaign details including ad content, platform specifications, budget allocations, postal addresses, payment history, transaction information
Behavioral inferences: interests, preferences, characteristics, purchase patterns
Automatically collected data through tracking technologies: cookies, pixels, logging mechanisms

Device and usage information collected automatically includes IP addresses, browser specifications, operating systems, timestamps, unique device identifiers, access patterns, page visits, link interactions, location data, and analytics information.

2.3 Information from Third Parties

Personal data sources include employers/companies, advertising partners, service providers (payment processors, survey providers), and other sources including publicly available data, third-party data providers and brand partnerships. Information about disclosures we make in connection with corporate transactions such as mergers, acquisitions, reorganisations or sales of assets is set out in Section 4 (How We Disclose Your Information).

3. Additional Uses of Personal Information

ADFINITYS PTE. LTD. uses collected data for:

Service fulfillment: delivering Services, serving personalized advertisements, auditing, reporting, campaign analytics, account access coordination, customer support, payment processing, service notifications, program administration
Marketing purposes: communications about new features, updates, products, special offers
Experience personalization: tailoring website content and Services
Customer communications: account activity updates, product introductions, inquiry responses, complaint handling, product update announcements
Product improvement: analyzing statistics, understanding user interests, developing new features and services
Business protection: fraud prevention, legal compliance, rights protection, Terms enforcement, crime prevention, business transaction involvement
Other purposes: with user consent or where notice is provided

4. How We Disclose Your Information

Information sharing occurs with:

ADFINITYS PTE. LTD. group affiliates for intragroup services and IT infrastructure
Service providers performing work on ADFINITYS PTE. LTD.'s behalf including cloud services, consultants, analytics providers
Future transaction parties in mergers, acquisitions, asset sales, reorganizations, financing events, or bankruptcy proceedings
Customers and advertising partners including ad exchanges and demand-side platforms
Third parties as legally required: complying with laws, regulations, court orders, government requests, Terms enforcement, defending against claims, protecting rights and safety, detecting criminal activity and fraud
Consenting parties: with explicit user consent or direction

Aggregated or anonymized information may be shared that doesn't reasonably identify individuals.

5. Data Retention

ADFINITYS PTE. LTD. retains personal information only as long as necessary for stated collection purposes and legitimate business interests, complying with applicable law. Retention duration considers data sensitivity, unauthorized use risks, objective attainment through alternative means, and legal/regulatory/tax obligations. After retention necessity ends, data is deleted, deidentified, or securely isolated until deletion/deidentification becomes feasible.

6. Third-Party Links

The Services operate on and contain links to third-party websites with separate privacy policies. ADFINITYS PTE. LTD. accepts no responsibility for third-party policies. Users should review individual policies before submitting information.

7. Children's Personal Information

Services aren't directed toward children under 13. The company doesn't knowingly collect personal information from children under 13. Parents/guardians discovering child data provision should contact ADFINITYS PTE. LTD. for removal requests. Discovered child data (under 13) will be promptly deleted.

8. Regional Privacy Disclosures

Singapore Notice: If you are an individual located in Singapore, please see the Additional Singapore Privacy Disclosures below for information about our processing of personal data in accordance with the Personal Data Protection Act 2012 of Singapore (PDPA), including our Data Protection Officer's contact details and your rights under the PDPA.

EEA, UK, Switzerland Notice: Additional European-specific privacy information applies to residents of these jurisdictions regarding data definitions, lawful processing bases, cookie usage, and data subject rights.

U.S. State Residents Notice: Residents of California, Colorado, Connecticut, Utah, and Virginia may exercise additional rights under applicable state laws regarding collected personal information.

Nevada Consumer Notice: Nevada Revised Statutes Chapter 603A permits Nevada residents to opt out of future covered information sales. Requests may be submitted via our Contact Us page.

9. Contact Us

For privacy-related inquiries, you may contact us directly at privacy@adfinitys.com or via our Contact Us page on our website. We have established a dedicated privacy contact channel to ensure your queries and rights requests are handled by our designated privacy team.

10. Updates to This Privacy Policy

We reserve the right to modify this Privacy Policy from time to time. If we make any changes, we will update the "Effective Date" at the top of this Privacy Policy and post the updated version on this page. Where the changes are material, we will provide more prominent notice, which may include email notification or a notice on our Services.

ADDITIONAL SINGAPORE PRIVACY DISCLOSURES

Effective Date: February 21, 2026

1. Scope and Applicability

These Additional Singapore Privacy Disclosures (the "Singapore Disclosures") supplement and form part of our Privacy Policy and apply to individuals located in Singapore whose personal data is collected, used, disclosed or otherwise processed by ADFINITYS PTE. LTD. ("ADFINITYS", "we", "us" or "our") in accordance with the Personal Data Protection Act 2012 of Singapore (No. 26 of 2012), as amended from time to time, together with any subsidiary legislation, advisory guidelines and codes of practice issued by the Personal Data Protection Commission of Singapore (collectively, the "PDPA").

In the event of any inconsistency between these Singapore Disclosures and the main Privacy Policy, these Singapore Disclosures shall prevail with respect to individuals located in Singapore.

Capitalised terms used but not defined in these Singapore Disclosures shall have the meanings given to them in the Privacy Policy or under the PDPA.

2. About ADFINITYS PTE. LTD.

ADFINITYS PTE. LTD. is a private company limited by shares incorporated under the laws of the Republic of Singapore.

Company Name: ADFINITYS PTE. LTD.
Unique Entity Number (UEN): 202531738E
Registered Office Address: 152 Beach Road, #23-02 Gateway East, Singapore 189721
Principal Business: Operation of an advertising technology platform enabling advertisers to serve advertisements on third-party mobile applications and websites, and related analytics, measurement and optimisation services.

3. Data Protection Officer

In accordance with section 11(3) of the PDPA, we have appointed a Data Protection Officer ("DPO") who is responsible for ensuring our compliance with the PDPA. You may contact our DPO in respect of any matter relating to your personal data or these Singapore Disclosures using the contact details below:

Attention: Data Protection Officer
Email: privacy@adfinitys.com

When contacting our DPO, please provide sufficient detail to enable us to identify you and respond to your request, including your full name, a description of your request, and any relevant context. We may require additional information to verify your identity before acting on any request.

We aim to acknowledge receipt of your enquiry within a reasonable period and respond substantively as soon as practicable.

4. Personal Data We Collect

For the purposes of these Singapore Disclosures, "personal data" has the meaning given to it under the PDPA, namely data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which we have or are likely to have access.

We collect personal data about the following categories of individuals:

Customers — business representatives of our advertisers, publishers and partners;
Users — individuals who visit websites and applications operated by our Customers; and
Website Visitors — individuals who visit our own websites and online services.

The categories of personal data we collect, the sources of such personal data and the manner in which it is collected are described in Section 2 (Information We Collect) of the main Privacy Policy.

5. Purposes of Collection, Use and Disclosure

In accordance with sections 18 and 20 of the PDPA (the Purpose Limitation Obligation and the Notification Obligation), we collect, use and disclose personal data only for purposes that a reasonable person would consider appropriate in the circumstances and for which we have notified you, including:

(a) providing, operating and maintaining our advertising platform and related services;
(b) creating and administering accounts for Customers and authorised users;
(c) serving, measuring, optimising and reporting on advertisements and advertising campaigns;
(d) performing analytics, attribution, fraud detection and audience research;
(e) communicating with Customers, partners, Users and Website Visitors, including responding to enquiries, complaints and feedback;
(f) processing payments and managing billing and contractual relationships;
(g) improving and developing our products, services, security and user experience;
(h) sending marketing communications where permitted by applicable law;
(i) protecting our rights, property and the safety of ADFINITYS, our personnel, Customers, Users and the public;
(j) complying with applicable laws, regulations, court orders, subpoenas and lawful requests by public authorities; and
(k) any other purpose notified to you at or before the time of collection, or otherwise permitted or required under the PDPA.

We will not use or disclose your personal data for any purpose that is materially different from the purposes set out above without first obtaining your consent or as otherwise permitted or required under the PDPA.

6. Consent and Withdrawal of Consent

6.1 Basis for Processing

We collect, use and disclose your personal data on the basis of your consent, including consent that is deemed to have been given under the PDPA (for example, where you voluntarily provide your personal data to us for a purpose that has been notified to you and it is reasonable to do so), unless an exception under the PDPA applies.

In certain circumstances, we may rely on the legitimate interests exception, business improvement exception, or other exceptions set out in the First Schedule or Second Schedule to the PDPA where the collection, use or disclosure of personal data without consent is permitted.

6.2 Withdrawal of Consent

You may, at any time, withdraw any consent you have given, or that you are deemed to have given, in respect of our collection, use or disclosure of your personal data, by contacting our DPO using the details set out in Section 3 above.

Upon receipt of a withdrawal request, we will inform you of the likely consequences of the withdrawal, including that we may not be in a position to continue providing certain services to you. We will cease to collect, use or disclose your personal data within a reasonable period from the receipt of your withdrawal request, unless we are required or permitted to continue such processing under the PDPA or other applicable law.

The withdrawal of consent does not affect the lawfulness of processing carried out prior to such withdrawal.

7. Disclosure of Personal Data to Third Parties

We may disclose your personal data to the categories of recipients described in Section 4 (How We Disclose Your Information) of the main Privacy Policy, including:

(a) members of the ADFINITYS group of companies;
(b) service providers and data intermediaries acting on our behalf, including cloud hosting providers, analytics providers, payment processors and professional advisers;
(c) Customers, advertising partners, advertising exchanges and demand-side platforms;
(d) prospective purchasers or successors in connection with any proposed or actual merger, acquisition, reorganisation, financing, sale of assets or insolvency proceeding; and
(e) law enforcement, regulators, courts and other public authorities where required or permitted by law.

Where we engage data intermediaries to process personal data on our behalf, we will enter into written agreements requiring such data intermediaries to comply with the protection and retention obligations under the PDPA.

8. Accuracy of Personal Data

In accordance with section 23 of the PDPA (the Accuracy Obligation), we will make a reasonable effort to ensure that personal data collected by or on behalf of ADFINITYS is accurate and complete if such personal data is likely to be used by us to make a decision that affects you, or is likely to be disclosed to another organisation.

You are responsible for ensuring that the personal data you provide to us is accurate, complete and up to date. You may request a correction of your personal data in accordance with Section 12 below.

9. Protection of Personal Data

In accordance with section 24 of the PDPA (the Protection Obligation), we have implemented reasonable security arrangements designed to protect personal data in our possession or under our control from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. These include:

Technical measures such as encryption of personal data in transit and at rest, access controls, firewalls, intrusion detection, secure development practices and regular security testing;
Organisational measures such as internal data protection policies, role-based access controls, staff training, confidentiality undertakings and incident response procedures; and
Contractual measures with our service providers and data intermediaries requiring them to implement appropriate technical and organisational measures to protect personal data.

No method of transmission or storage is completely secure. While we endeavour to protect your personal data, we cannot guarantee the absolute security of any information you transmit to us.

10. Retention of Personal Data

In accordance with section 25 of the PDPA (the Retention Limitation Obligation), we cease to retain personal data, or remove the means by which the personal data can be associated with you, as soon as it is reasonable to assume that:

(a) the purpose for which the personal data was collected is no longer being served by retention of such personal data; and
(b) retention is no longer necessary for legal or business purposes.

In determining the appropriate retention period, we take into account the nature and sensitivity of the personal data, the purposes for which we process it, applicable legal, tax, accounting and regulatory requirements, and the existence of any actual or anticipated legal proceedings.

Where personal data is no longer required, we will securely delete, destroy or anonymise it.

11. Cross-Border Data Transfers

In accordance with section 26 of the PDPA (the Transfer Limitation Obligation), we may transfer your personal data to countries outside Singapore, including (without limitation) to jurisdictions in which our affiliates, service providers, advertising partners or other recipients are located.

Where we transfer personal data outside Singapore, we take appropriate steps to ensure that the transferred personal data will be afforded a standard of protection that is comparable to the protection under the PDPA, including by way of one or more of the following:

(a) entering into legally enforceable contractual obligations with the recipient (including, where appropriate, the ASEAN Model Contractual Clauses or the European Commission Standard Contractual Clauses);
(b) transferring personal data to recipients holding a valid APEC Cross Border Privacy Rules ("CBPR") or Privacy Recognition for Processors ("PRP") certification;
(c) transferring personal data to jurisdictions that are recognised as providing a comparable level of protection to personal data; or
(d) any other lawful transfer mechanism permitted under the PDPA and the Personal Data Protection Regulations 2021.

You may request further information about the safeguards we have put in place by contacting our DPO using the details set out in Section 3 above.

12. Your Rights under the PDPA

Subject to the conditions and exceptions set out in the PDPA, you have the following rights in respect of personal data about you that is in our possession or under our control:

12.1 Right of Access

You have the right to request information about:

(a) the personal data we hold about you; and
(b) the ways in which your personal data has been or may have been used or disclosed by us within a period of one (1) year before the date of your request.

12.2 Right of Correction

You have the right to request the correction of an error or omission in your personal data that is in our possession or under our control.

12.3 Right to Withdraw Consent

You have the right to withdraw your consent to our collection, use or disclosure of your personal data, as described in Section 6.2 above.

12.4 Right to Data Portability

To the extent that the data portability provisions under the PDPA are in force and applicable, you have the right to request that we transmit your personal data that is in our possession or under our control to another organisation in a commonly used machine-readable format.

12.5 How to Exercise Your Rights

To exercise any of the above rights, please submit a written request to our DPO using the contact details set out in Section 3 above. Your request should:

(a) provide sufficient detail to enable us to identify you and locate the relevant personal data; and
(b) specify the right you wish to exercise and the personal data to which the request relates.

We may require additional information to verify your identity before processing your request. We will respond to your request as soon as reasonably possible, and in any event in accordance with the timeframes prescribed under the PDPA.

In limited circumstances permitted or required under the PDPA, we may refuse to comply with your request, in which case we will inform you of the reasons for our refusal (except where we are not required to do so under the PDPA). A reasonable fee may be charged for an access request to cover the administrative costs of complying with the request, in which case we will notify you of the fee in advance.

13. Do Not Call Provisions

We will comply with the Do Not Call ("DNC") provisions under Part 9 of the PDPA in respect of specified marketing messages sent to Singapore telephone numbers. Before sending such marketing messages, we will, where required, either:

(a) check the relevant DNC Registers maintained by the Personal Data Protection Commission; or
(b) rely on clear and unambiguous consent provided by you in writing or other accessible form.

You may opt out of receiving marketing messages from us at any time by following the unsubscribe instructions contained in the relevant marketing message, by adjusting your account preferences, or by contacting our DPO using the details set out in Section 3 above.

14. Data Breach Notification

In accordance with Part 6A of the PDPA, we have implemented internal policies and procedures to identify, assess, contain and remediate data breaches involving personal data.

Where a data breach occurs that:

(a) results in, or is likely to result in, significant harm to affected individuals; or
(b) is, or is likely to be, of a significant scale (affecting 500 or more individuals),

we will:

(i) notify the Personal Data Protection Commission as soon as practicable, and in any event no later than three (3) calendar days after we have made the assessment that the breach is a notifiable data breach; and
(ii) where required under the PDPA, notify affected individuals as soon as practicable.

If you believe that your personal data may have been compromised, please contact our DPO immediately using the details set out in Section 3 above.

15. Complaints

If you have any concerns or complaints about how we handle your personal data, we encourage you to contact our DPO first using the details set out in Section 3 above. We will investigate your complaint and respond to you within a reasonable time.

If you are not satisfied with our response, you have the right to lodge a complaint with the Personal Data Protection Commission of Singapore:

Website: https://www.pdpc.gov.sg
Telephone: +65 6377 3131
Address: Personal Data Protection Commission, Singapore

16. Children's Personal Data

Our services are not directed at individuals under the age of 18 in Singapore. We do not knowingly collect personal data from children under the age of 13 without verifiable consent from a parent or guardian. If you believe that we have inadvertently collected personal data from a child under the age of 13, please contact our DPO immediately so that we may take appropriate steps to delete such personal data in accordance with the PDPA and the Advisory Guidelines on the PDPA for Children's Personal Data in the Digital Environment.

17. Updates to These Singapore Disclosures

We may update these Singapore Disclosures from time to time to reflect changes in our practices, legal or regulatory requirements, or for other operational reasons. The "Effective Date" at the top of these Singapore Disclosures indicates when they were last revised. Where the changes are material, we will provide more prominent notice (which may include, for example, notification through our services).

Your continued use of our services after the updated Singapore Disclosures take effect will constitute your acknowledgement of the updated Singapore Disclosures, to the extent permitted under the PDPA.

18. Contact Information

If you have any questions, comments or requests regarding these Singapore Disclosures or our handling of your personal data, please contact our Data Protection Officer at privacy@adfinitys.com.

ADDITIONAL U.S. STATE PRIVACY DISCLOSURES

Effective Date: February 21, 2026

1. Scope

These disclosures supplement the Privacy Policy for California, Colorado, Connecticut, Utah, and Virginia residents, excluding publicly available, deidentified, aggregated, or anonymized information.

2. Collection and Use

Over the last 12 months, ADFINITYS PTE. LTD. collected these categories from Customers:

Identifiers: usernames, email addresses
Customer Records: login credentials
Commercial Information: purchased/considered products and services, purchasing histories
Geolocation Data: IP-based approximate location
Professional/Employment Information: job titles, companies
Other Personal Information: feedback submissions, communications, social media information
Inferences: interest/preference predictions

From users/web visitors:

Internet/Network Information: device information, logs, analytics
Geolocation Data: IP-based approximate location
Inferences: interest/preference predictions

3. Disclosure

ADFINITYS PTE. LTD. discloses all collected personal information categories to third parties for business purposes, including other brands/affiliates, service providers, marketing partners, and Customers.

4. Sales and Personalized Advertising Sharing

Over the last 12 months, ADFINITYS PTE. LTD. sold or shared for personalized advertising:

Internet/Network Information: device information, logs, analytics
Geolocation Data: IP-based approximate location

Recipients include analytics providers, third-party ad networks, social networks, and advertising partners.

Sensitive Information: ADFINITYS PTE. LTD. collects account login credentials combined with security codes/passwords as sensitive information, used only for expected Service-related purposes, fraud/illegal activity detection, or short-term transient use. Sensitive information isn't sold or used for personalized advertising.

Deidentified Information: Maintained deidentified data won't be reidentified except as required/permitted by law.

5. Consumer Privacy Rights

Right to Access/Know: Consumers may request specific pieces, categories, sources, and disclosures of collected personal information; business/commercial purposes; sold/shared information and recipient categories; and opt-out information. Requests limited to twice yearly.

Right to Request Deletion: Consumers may request personal information deletion, subject to exceptions.

Right to Correction: Consumers may request inaccurate personal information correction.

Right to Opt Out: Consumers may direct ADFINITYS PTE. LTD. not to sell/share personal information for personalized advertising.

Automated Decision-Making Control: Consumers may direct ADFINITYS PTE. LTD. not to use automated decision-making/profiling.

Right to Appeal: If we decline to take action on a request you have submitted, you have the right to appeal our decision. To submit an appeal, please contact us through our Contact Us page within a reasonable time after receiving our decision, clearly indicating that you are submitting a "Privacy Request Appeal" and providing details of the original request and the reasons for your appeal.

We will review your appeal and inform you in writing of any action taken or not taken in response, together with a written explanation of the reasons for our decisions, within sixty (60) days of receipt of the appeal (or such other period as may be required by applicable state law).

If your appeal is denied, you may then have the right to contact the Attorney General of your state of residence to submit a complaint. Contact information for the relevant state Attorneys General is publicly available through their respective official websites.

5A. Additional Rights for California Residents Only

The following right is available exclusively to residents of the State of California and is granted under California state law independently of the consumer privacy rights described in Section 5 above.

California "Shine the Light" Law (Civil Code § 1798.83)

If you are a California resident and have an established business relationship with ADFINITYS, you have the right to request, free of charge and once per calendar year:

(a) a list of the categories of personal information (as defined under California Civil Code § 1798.83) that we have disclosed to third parties for those third parties' direct marketing purposes during the immediately preceding calendar year; and
(b) the names and addresses of those third parties.

This right is granted under California Civil Code § 1798.83 (the "Shine the Light" law) and applies only to California residents. Residents of other U.S. states are not eligible to exercise this right but may have other rights as described in Section 5 above.

To submit a "Shine the Light" request, please contact us through our Contact Us page, clearly indicating that you are submitting a "California Shine the Light Request" and providing sufficient information for us to:

(i) verify that you are a California resident; and
(ii) verify that you have an established business relationship with ADFINITYS.

We will respond within thirty (30) days of receipt of a verified request. Requests submitted by means other than as described above may not be processed.

6. How to Exercise Rights

Submit requests via our Contact Us page.

Identity verification required through successful account authentication or information matching. Additional personal information may be requested. Requests may be declined if identity verification fails or information location proves impossible.

Opt-Out Methods:

Cookie-based: Click "Do Not Sell or Share My Personal Information" footer button

Authorized Agents: Valid power of attorney or signed permission with verified consumer identity enables agent requests.

Appeal Submissions: If we deny your request to exercise any of the rights described in Section 5 above, you may appeal our decision by contacting us through our Contact Us page. Your appeal should:

(a) clearly indicate that you are submitting a "Privacy Request Appeal";
(b) reference the original request and our response; and
(c) explain the grounds for your appeal.

We will respond to your appeal in writing within sixty (60) days of receipt (or such other period as required by applicable state law), informing you of any action taken or not taken in response to the appeal, together with a written explanation of the reasons for our decisions.

If, following our written response to your appeal, you remain unsatisfied with the outcome, you may submit a complaint to the Attorney General of your state of residence:

California: https://oag.ca.gov/contact
Colorado: https://coag.gov/file-complaint/
Connecticut: https://portal.ct.gov/AG
Utah: https://attorneygeneral.utah.gov
Virginia: https://www.oag.state.va.us/

We will not discriminate against you for exercising any of your rights under applicable state privacy laws or for filing an appeal or complaint.

Minors Under 16: ADFINITYS PTE. LTD. doesn't sell personal information for consumers known to be under 16 without opt-in authorization from the minor (13–16) or parent/guardian (under 13). Please Contact Us to report minor status.

ADDITIONAL EUROPEAN ECONOMIC AREA, UNITED KINGDOM, AND SWITZERLAND PRIVACY DISCLOSURES

Effective Date: February 21, 2026

1. Applicability

This European Privacy Policy applies to EEA, Switzerland, and UK residents, supplementing the main Privacy Policy with GDPR-specific information about personal data collection, processing, storage, transfer, sharing, cookie usage, and rights.

2. Data Responsibility

Customers: ADFINITYS PTE. LTD. processes most Customer personal data as a processor on behalf of Customers. However, contact person data is processed as a controller.

Website Visitors: ADFINITYS PTE. LTD. controls personal data from website visitors.

Users: ADFINITYS PTE. LTD. and Customers are joint controllers of User personal data regarding Customer website interactions and ad serving.

Responsibility allocation:

Privacy Policy provision: Customers must provide this information before personal data collection
Rights exercise: Customers serve as primary contacts for consent obtaining and right withdrawal, typically through cookie settings or browser adjustments
Security: Both parties maintain separate safeguards
Transfers: Both parties implement transfer safeguards including standard contractual clauses

3. Personal Data from Customers

Contact information (names, email addresses) is collected and used for:

Service communications and query responses (legitimate interest basis)
Marketing communications where consent is provided
Inquiry and testimonial information for service improvement and feature development (legitimate interest basis)
Preference information for notification/marketing compliance (legal obligation basis)

4. Automatically Collected Data from Authorized Users and Website Visitors

Approximate location data is collected for:

Fraud/suspicious activity monitoring (legitimate interest basis)
Service display customization with consent (consent basis)
Marketing-related product/service determination with consent (consent basis)

Access/interaction/device information is collected for:

Services presentation on devices (legitimate interest basis)
Fraud/suspicious activity detection (legitimate interest basis)
Service monitoring/improvement with consent (consent basis)
Marketing effectiveness measurement with consent (consent basis)

5. Personal Data from Users

Unique identifiers are used for ad relevance determination and effectiveness measurement with consent.

Approximate location and Customer website activity information (pages, keywords, time spent, products viewed/purchased, prices, quantities, transaction currencies) are used for interest-based product/service identification with consent.

Device information (type, model, identifiers, operating system, screen size, browser specifications) is used for ad display determination with consent.

Other websites visited and interaction information is used for interest-based product/service identification with consent.

Advertisement interaction data (displayed ads, views, clicks, subsequent purchases) is used for advertising effectiveness measurement and strategy development with consent, and for interest-based product/service identification with consent.

6. User Personal Data Collection

Information is typically collected through cookies/tracking technologies on Customer websites, activated only with user consent. Users may withdraw consent through website settings or browser adjustments. While ads will continue, they may reflect content-based rather than activity-based relevance.

6a. IAB Europe Transparency & Consent Framework

ADFINITYS PTE. LTD. participates in and complies with the IAB Europe TCF. When visiting TCF-compliant CMP websites, users receive advertising-related choices. Choices are respected and enforced through TC String signaling. More information available at https://iabeurope.eu/transparency-consent-framework/.

7. Personal Data Recipients

ADFINITYS PTE. LTD. group affiliates receive data for intragroup services and strategy coordination (legitimate interest basis).

Customers and advertising partners (exchanges, DSPs) receive data for advertising delivery with consent.

Service providers (analytics, communications, data hosting) receive data as processors under ADFINITYS PTE. LTD.'s instructions.

Business buyers receive data in transaction contexts (legitimate interest basis).

Law enforcement and regulators receive data as required by law or for legal necessity (legal obligation/legitimate interest basis).

8. Customer Marketing and Advertising

Marketing messages are sent with customer consent. Unsubscribe options appear in marketing emails and account settings.

9. Data Storage, Security and International Transfers

9.1 Security of Personal Data

We have implemented appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. These measures include encryption of personal data in transit and at rest, access controls, network security, secure development practices, and regular security testing and review.

ADFINITYS will never send you unsolicited communications requesting your account credentials or other sensitive information.

9.2 Storage and International Transfers

Personal data collected by ADFINITYS may be transferred to, stored in, and processed in countries outside the European Economic Area ("EEA"), the United Kingdom and Switzerland, including countries that may not be subject to an adequacy decision by the European Commission, the UK Government or the Swiss Federal Council.

These transfers may occur because:

(a) ADFINITYS is incorporated in Singapore and operates infrastructure and personnel in multiple jurisdictions;
(b) we engage service providers, sub-processors and advertising partners located outside the EEA, UK and Switzerland; and
(c) our group companies operate in various jurisdictions.

The principal jurisdictions to which personal data may be transferred include, without limitation:

Singapore (where ADFINITYS is headquartered);
United States (where certain cloud infrastructure providers and advertising partners are located);
Other jurisdictions in which our affiliates, service providers, advertising partners or sub-processors operate.

9.3 Legal Mechanisms for International Transfers

Where we transfer personal data outside the EEA, the UK or Switzerland, we rely on one or more of the following legal mechanisms to ensure an adequate level of protection:

(a) Adequacy Decisions (Article 45 GDPR)
Where the European Commission, the UK Government or the Swiss Federal Council has issued an adequacy decision in respect of the recipient country (for example, the EU-US Data Privacy Framework for certified US recipients), the transfer is made on the basis of that adequacy decision.

(b) Standard Contractual Clauses (Article 46(2)(c) GDPR)
Where there is no adequacy decision, we transfer personal data on the basis of the relevant standard contractual clauses:

EU Standard Contractual Clauses (2021): For transfers from the EEA, we use the standard contractual clauses adopted by the European Commission on 4 June 2021 pursuant to Commission Implementing Decision (EU) 2021/914 (the "2021 SCCs"). The legacy SCCs adopted under Commission Decisions 2001/497/EC and 2010/87/EU ceased to provide a valid transfer mechanism as of 27 December 2022.
UK International Data Transfer Agreement / Addendum: For transfers from the United Kingdom, we use either the UK International Data Transfer Agreement issued by the Information Commissioner under section 119A of the Data Protection Act 2018 (the "UK IDTA"); or the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses issued by the Information Commissioner (the "UK Addendum"), as in force from 21 March 2022. The legacy UK SCCs ceased to provide a valid transfer mechanism as of 21 March 2024.
Swiss-compatible Mechanisms: For transfers from Switzerland, we use the 2021 SCCs as supplemented in accordance with the guidance issued by the Swiss Federal Data Protection and Information Commissioner (FDPIC) to address Swiss-specific requirements.

(c) Other Lawful Transfer Mechanisms
In certain limited circumstances, we may rely on other transfer mechanisms permitted under Articles 46 and 49 of the GDPR (and the equivalent provisions of the UK GDPR and the Swiss Federal Act on Data Protection), including:

binding corporate rules (where applicable);
approved codes of conduct or certification mechanisms; or
specific derogations under Article 49 GDPR (for example, your explicit consent, where the transfer is necessary for the performance of a contract, or where the transfer is necessary for important reasons of public interest).

9.4 Transfer Impact Assessments (Schrems II)

Following the judgment of the Court of Justice of the European Union in Case C-311/18 (Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems, "Schrems II") and the Recommendations 01/2020 of the European Data Protection Board, we carry out a Transfer Impact Assessment ("TIA") for each category of transfer of personal data to third countries that are not subject to an adequacy decision.

Our TIA process includes the following steps, consistent with EDPB Recommendations 01/2020:

(i) identifying and mapping the transfer (including the categories of personal data, recipients, purposes, and processing operations);
(ii) identifying the transfer tool relied upon (such as the 2021 SCCs, the UK IDTA or the UK Addendum);
(iii) assessing whether the laws and practices of the third country (including those relating to government access to personal data) may impinge on the effectiveness of the transfer tool;
(iv) where the assessment identifies that the transfer tool alone may not ensure an essentially equivalent level of protection, identifying and adopting supplementary measures to bring the level of protection up to the EU standard;
(v) taking any procedural steps required under the transfer tool (such as informing the data subject); and
(vi) re-evaluating the assessment at appropriate intervals or when circumstances change.

The supplementary measures we adopt, where required, may include technical measures (such as end-to-end encryption, pseudonymisation and split-processing techniques), contractual measures (such as enhanced warranties from importers regarding government access requests and audit rights) and organisational measures (such as internal policies on responding to government requests for access to personal data).

9.5 Right to Request Information About Safeguards

You have the right to obtain a copy of, or information about, the safeguards we have implemented in respect of transfers of your personal data to third countries. To request such information, please contact us at privacy@adfinitys.com. We may redact certain commercially sensitive information from any copies provided to you.

9.6 Re-evaluation

We re-evaluate our international transfer arrangements, including the TIAs we have carried out, at appropriate intervals and whenever there is a material change in the laws or practices of the recipient country, the nature of the personal data transferred, or the parties involved in the transfer.

10. Rights Regarding Personal Data

Right of Access: Users may obtain confirmation of processing, categories of personal data, processing purposes, retention determination information, recipient categories, and personal data copies.

Right of Portability: Users may receive personal data in structured, commonly-used, machine-readable formats or request transfer to other persons.

Right to Rectification: Users may obtain inaccurate or incomplete personal data correction.

Right to Erasure: Users may require personal data erasure in some circumstances.

Right to Restriction: Users may limit processing purposes when continued processing is unjustified.

Right to Withdraw Consent: Consent withdrawal is possible. Pre-withdrawal processing lawfulness isn't affected.

Right Against Automated Decision-Making: Users may opt out of automated decision-making including profiling with legal effects or significant consequences by contacting us via our Contact Us page.

Right to Object: Users may object to legitimate interest-based processing or marketing for any reason.

Local data protection authority complaints may be filed. UK residents may contact the Information Commissioner's Office at https://ico.org.uk/global/contact-us/. EU authority information available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

Identity proof may be requested for rights exercise.

11. Children's Policy

Our Services are not directed toward children under the age of 13. We do not knowingly collect personal data from children under the age of 13. If we become aware that personal data has been collected from a child under the age of 13, such information will be deleted as soon as practicable. If you believe that a child under the age of 13 has provided personal data to us, please contact us using the details below so that we may take appropriate action.

12. Policy Changes

Updates occur periodically with effective date changes upon material modifications.

13. Contact Information

For data protection inquiries, please contact our Data Protection Officer directly at privacy@adfinitys.com or via our Contact Us page on our website. This dedicated channel is available for exercising your rights under the GDPR, UK GDPR or Swiss Federal Act on Data Protection, and for any other privacy-related matters.

COOKIE NOTICE

Effective Date: February 21, 2026

1. Scope

This notice supplements the Privacy Policy, explaining cookie and related technology usage in managing online services and communications, including purposes and control rights.

This Cookie Notice should be read together with our Privacy Policy. Where you are located in the European Economic Area, the United Kingdom or Switzerland, the placement and reading of non-essential cookies on your device is subject to your prior consent in accordance with Article 5(3) of the ePrivacy Directive (2002/58/EC, as amended).

2. Cookie and Technology Definitions

Cookies are tiny downloaded files allowing information collection about interactions with email, websites, and online services. Related technologies include web beacons, pixels, embedded scripts, location-identifying technologies, and logging technologies.

3. Information Collected via Cookies

Automatically collected information includes device software details (IP addresses, operating systems, browser types, visit dates/times), analytics data measuring usage and activity trends, and location data (general geographic location from IP addresses or precise mobile device location).

4. Cookie Types

We use the following types of cookies and similar tracking technologies on our Services:

4.1 Strictly Necessary Cookies

These cookies are essential to enable you to navigate our Services and use their core features, including security, network management, and accessibility. Without these cookies, the Services cannot function properly.

Legal basis (EEA/UK/Switzerland): These cookies are exempt from the consent requirement under Article 5(3) of the ePrivacy Directive (2002/58/EC, as amended) as they are strictly necessary for the provision of an information society service explicitly requested by the user. Any subsequent processing of personal data is carried out on the basis of our legitimate interests (Article 6(1)(f) GDPR) in providing and securing our Services.

You may disable these cookies through your browser settings, but doing so may prevent the Services from functioning correctly.

4.2 Functionality Cookies

These cookies allow our Services to remember choices you make (such as your preferred language or region) and provide enhanced, more personalised features.

Legal basis (EEA/UK/Switzerland): Your consent, obtained through our cookie consent banner, in accordance with Article 5(3) of the ePrivacy Directive. Any subsequent processing of personal data is carried out on the basis of your consent (Article 6(1)(a) GDPR).

You may withdraw your consent at any time through our cookie preference centre or by adjusting your browser settings.

4.3 Analytical / Performance Cookies

These cookies collect information about how visitors use our Services, such as which pages are visited most often, in order to help us improve the Services and measure their performance.

You may withdraw your consent at any time through our cookie preference centre.

4.4 Targeting Cookies

These cookies record your visits to our Services, the pages you visit and the links you follow, and may be used to track visitors across websites and devices in order to build a profile of your interests.

You may withdraw your consent at any time through our cookie preference centre, or by exercising the choices described in Section 9 (Online Ad Choices) of this Cookie Notice.

4.5 Advertising Cookies

These cookies are used to deliver advertisements that are relevant to you and your interests, to limit the number of times you see an advertisement, and to measure the effectiveness of advertising campaigns.

Legal basis (EEA/UK/Switzerland): Your consent, obtained through our cookie consent banner (and, where applicable, through the IAB Europe Transparency & Consent Framework), in accordance with Article 5(3) of the ePrivacy Directive. Any subsequent processing of personal data is carried out on the basis of your consent (Article 6(1)(a) GDPR).

You may withdraw your consent at any time through our cookie preference centre, or by exercising the choices described in Section 9 (Online Ad Choices) of this Cookie Notice.

5. Consent Management for EEA, UK and Switzerland Users

If you access our Services from the European Economic Area, the United Kingdom or Switzerland, we will display a cookie consent banner upon your first visit that allows you to:

(a) accept all non-essential cookies;
(b) reject all non-essential cookies; or
(c) customise your preferences by cookie category.

You may change your preferences at any time by clicking on the "Cookie Preferences" link available in the footer of our Services.

Strictly Necessary Cookies will be placed without your consent, as they are essential for the operation of the Services.

Non-essential cookies (including Functionality, Analytical / Performance, Targeting and Advertising cookies) will not be placed on your device until you have given your explicit, freely given, specific, informed and unambiguous consent, in accordance with Article 5(3) of the ePrivacy Directive (2002/58/EC, as amended) and the standard of consent under the EU General Data Protection Regulation and the UK GDPR.

You may withdraw your consent at any time, and withdrawing consent is as easy as giving it. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

Where we participate in the IAB Europe Transparency & Consent Framework (TCF), your choices will be communicated to our advertising partners through TC String signalling, as further described in Section 6a of the Additional EEA, UK and Switzerland Privacy Disclosures.

6. Cookie Information Uses

Cookies manage signup processes, remember login status, manage newsletters/subscriptions, enable e-commerce/payment functions, remember form data, preserve user preferences, provide/monitor Services effectiveness, monitor online usage/activities, and understand browsing activities for personalized product/service information delivery.

Personal information collected via cookies combines with other collected personal information for purposes described in the Privacy Policy.

7. Third-Party Data Collection and Online Advertising

ADFINITYS PTE. LTD. participates in interest-based advertising using third-party companies for personalized ad serving and effectiveness measurement. Customers and third-party advertising networks, exchanges, and other platforms collect information about Services usage for displaying ads across Services, other websites/services, and other devices. Information typically collected through tracking technologies includes clickstream information, browser specifications, visit dates/times, mobile ad IDs or other digital identifiers (cookie IDs, click IDs, proprietary universal IDs or other ID solutions), geolocation, and other information. Common account identifiers assist cross-device identification. Services providers deliver personalized ads on platforms.

8. Cookie Choice Options

Browser setting adjustments allow: notification when cookies are received for acceptance choice, existing cookie disabling, or automatic rejection. Disabling cookies may negatively affect Services functionality. Complete cross-browser/device cookie rejection requires action on each browser on each device.

Email options may prevent automatic image downloading for technologies tracking email access and function engagement.

9. Online Ad Choices

Interest-based advertising opt-out information is available through:

Digital Advertising Alliance (DAA): https://www.aboutads.info/choices
Network Advertising Initiative (NAI): https://www.networkadvertising.org/choices/
Mobile app opt-out: https://www.aboutads.info/appchoices

Opting out of interest-based advertisements doesn't eliminate ad viewing; it means displayed ads shouldn't reflect user interests. ADFINITYS PTE. LTD. isn't responsible for third-party opt-out program effectiveness, compliance, or accuracy. Third parties may still use cookies for analytics, fraud prevention, and other permitted purposes.

10. Cookie Notice Updates

Updates occur periodically with effective date changes. Material changes receive prominent notice through Services or appropriate communication channels.

11. Contact Information

For Cookie Notice inquiries or other privacy-related matters, you may contact us directly at privacy@adfinitys.com or via our Contact Us page on our website.

ANNEX – COOKIES

Cookie Name	Cookie Type	When Set	Duration	Purpose
ADFINITYS PTE. LTD. uid	Advertising	Users view/click ADFINITYS PTE. LTD. ads	365 days	Holds anonymous user ID for tracking user actions including ad recommendation clicks