HIPOLINK PRIVACY POLICY

1. Who we are

1.1. We are CEBC B.V., a company established and operating under the legislation of the Netherlands (reg. number: 78627303), with its registered office at Barbara Strozzilaan 201, 1083 HN, Amsterdam, the Netherlands (“we”, “our”, “us” or “COMPANY”).

1.2. This Privacy Policy shall be read alongside, and in addition to, our Terms of Service accessible online at https://hipolink.net/en/user-agreement (the “EULA”), all relevant agreements and regulations available at the Website and our Cookie Policy accessible online at https://hipolink.net/en/cookie-policy (the “Cookie Policy”).

1.3. This Privacy Policy sets out how we collect and use your personal information when you use our site https://hipolink.net/ (“Website”) and our online service “Hipolink”, offered by the COMPANY on the Website (for the purposes of this Privacy Policy all the above mentioned shall be collectively referred as the “Hipolink Platform” unless the context otherwise requires) and the choices available to you in connection with our use of your personal information (the “Privacy Policy”).

1.4. It is reminded that information collected via the Hipolink Platform is used by the COMPANY, which is responsible for its processing.

1.5. In case of any contradictions between this Privacy Policy and the EULA, this Privacy Policy will prevail.

2. THIS PRIVACY POLICY

2.1. By making the Hipolink Platform available, we, acting reasonably and in good faith, believe that you:

(a) have all necessary rights to register on and use the Hipolink Platform;

(b) provide true information about yourself to the extent necessary for the use of the Hipolink Platform;

(c) understand that, by posting your personal information, if there is such a technical possibility on the Hipolink Platform, and where it is accessible by other users of the Hipolink Platform, you have manifestly made this information public, and this information may become available to other users and Internet users, be copied, and be disseminated by them;

(d) understand that some types of information transferred by you to other users cannot be deleted by you or by us;

(e) are aware of and accept this Privacy Policy.

2.2. We do not check the user information received from you, except where such a check is necessary in order for us to fulfil our obligations to you.

3. INFORMATION WE COLLECT ABOUT YOU

3.1. In order to implement the agreement between you and us, and provide you with access to the use of the Hipolink Platform, we will improve, develop, and implement new features of our Hipolink Platform, and enhance the functionality of the available Hipolink Platform. To achieve these objectives, and in compliance with applicable laws, we will collect, store, aggregate, organise, extract, compare, use, and supplement your data (hereinafter “processing”). We will also receive and pass this data, and our automatically processed analyses of this data, to our affiliates and partners as set out in the table below and in Section 4 of this Privacy Policy.

3.2. We set out in more detail the information we collect when you use the Hipolink Platform, why we collect and process it, and the legal basis below.

3.3. General clauses, which shall apply to your use of the Hipolink Platform:

3.4. Our legitimate interests include

(1) maintaining and administrating the Hipolink Platform;

(2) providing the Hipolink Platform to you;

(3) improving the content of the Hipolink Platform and web pages;

(4) processing of the data that was manifestly made public by you where it is accessible by other users of the Hipolink Platform;

(5) ensuring your account is adequately protected; and

(6) complying with any contractual, legal, or regulatory obligations under any applicable law.

3.5. As part of maintaining and administrating the Hipolink Platform, we use the information to analyse user activity and to ensure that the EULA is not violated.

3.6. Your personal information may also be processed if it is required by a law enforcement or regulatory authority, body, or agency, or in the defence or exercise of legal claims.We will not delete personal information if it is relevant to an investigation or a dispute.It will continue to be stored until those issues are fully resolved and/or during the term that is required and/or permissible under applicable/relevant law.

3.7. In case you provided us with a consent to the sending of marketing information, you may withdraw your consent to the sending of marketing information to you by amending your privacy settings in your account. An option to unsubscribe will also be included in every SMS or e-mail sent to you by us or our selected third-party partners.

3.8. Please note, that if you do not want us to process sensitive and special categories of data about you (including data relating to your health, racial or ethnic origin, political opinion, religious or philosophical beliefs, sex life, and/or your sexual orientation), you have to take care not to post this information or share this data on the Hipolink Platform. Once you have provided this data, it will be accessible by other users and it becomes difficult for us to remove this data.

3.9. Please note, that if you withdraw your consent to data processing or you do not provide the data that we require in order to maintain and administer the Hipolink Platform, you may not be able to access the Hipolink Platform.

3.10. If we intend to further process your data for any other purpose besides those set out in this Privacy Policy, we shall provide you with details of these purposes before we commence data processing.

4. DATA SHARING

4.1. Publicly available data. Your username and other information that you provide or post while using the Hipolink Platform can be available to all users of the Hipolink Platform. We take technical and organisational measures to ensure that your data is safe. Please note, that by posting your personal information in publicly accessible areas (resources accessible by other users of the Hipolink Platform), you have manifestly made this information public, and it may become available to other users of the Hipolink Platform and Internet users and be copied and/ or disseminated by such users. Please keep in mind that once other users have gained access to or copied your data, neither you nor we are able to delete or remove such data from possession of those other users.

4.2. Sharing with third parties. We may share your personal information with third parties only in the ways that are described in this Privacy Policy. Sometimes we may need to provide your data our affiliated entities, as well as our partners, in order to provide you with the Hipolink Platform, to administer the Hipolink Platform, for example, if you choose to share your data across other social media platforms, to administer the billing services or to personalize, adjust and improve the Hipolink Platform or in other cases described in this Privacy Policy and only subject to the purposes described in this Privacy Policy. We do not sell your personal information to third parties. The transmissions of personal data with the recipients (whatever their legal status, subcontractor, processing manager or just recipient) are carried out in a secure manner and in application of an agreement between us and each recipient as may be necessary under applicable law. We undertake to ensure that each recipient knows the directive principles of personal data protection and submit to them in application of the law and/or of a particular contract.

4.3. Confidentiality obligations. In case we share your data with selected third parties, including our third party contractors, we always ensure that these third parties undertake confidentiality obligations regarding your personal data collected while you use of the services or applications they offer. We will not share your personal data outside the scope of purposes specified in this Privacy Policy without your prior consent.

4.4. Advertising disclaimer. Our ad management and recommendation system is designed so that your information will not be shared directly with our third party advertisers. An advertiser or maker of a recommendation can only choose to target advertisements to groups of users falling within criteria such as gender, general location (country), or other, or to target communities according to their types. If you fall within one of the target groups, you will receive an advertisement or recommendation of such third party partners or our affiliates. However, such third party advertisers or our affiliates may gather some of your information in case you interact in any way with the ads provided by such advertisers.

4.5. Integrated advertising, analytics and transfer of data to partners. We may share your personal information with analytical systems for the purposes of performance measurement of the Hipolink Platform, and we may also provide such information to third parties such as advertisement networks and our partners engaged in operation of the Hipolink Platform. By using our Hipolink Platform, you agree that we may transfer your data to such third parties and accept that your data will be processed in accordance with privacy EULA of such third parties. The current list of integrated third-party systems used by us and other cases of data transfer will become available at the link provided in this clause as soon as we will start using such third-party systems.

4.6. Retargeting disclaimer. An advertiser or maker of recommendations may also choose to upload a list of identifiers (e.g., e-mails, phone numbers) and identities to our systems so that we (but not the adviser or maker of recommendations) can check for user matches. They will see the number of matches but not the matches themselves.

4.7. Sharing in the general conduct of business. We may also share your data with our affiliates and keep some of your personal information in our business records for the accounting and compliance purposes. As such, we may also disclose your personal information to a third party if we decide to transfer a business to that third party, so you can continue to receive service and information in connection with that business with as little disruption as possible. Similarly, in the event of a merger, acquisition, reorganization, bankruptcy, or other similar event, your personal information may be transferred to our successor or assignee.

4.8. Disclosure to tax authorities. We reserve the right to disclose your personal information to tax authorities in case it is necessary because of your participation in public tournaments. We may also publish your data as part of the tournament score tables on our and third party websites.

4.9. Disclosure required by law. We reserve the right to disclose your personal information as required by law, by court order or in special cases when we have reason to believe that disclosing such information is necessary to identify, contact, or bring legal action if you or third parties are violating the EULA, any other EULA of services provided by us or our affiliates or any applicable law, for the purpose of defence of our rights and interests. We also reserve the right to disclose your personal information if we have a good faith belief that it is necessary to prevent fraud or other illegal activities.

5. PRIVACY SETTINGS

5.1. The Hipolink Platform may contain links to websites operated by third parties. We are not responsible for your data privacy when you access these links or engage with third party services, and you shall ensure that you review the relevant third party’s privacy statement, which will govern your data privacy rights.

5.2. In case you intend to connect your YouTube or Google account to the Hipolink Platform using YouTube API, you may review and, if necessary, adjust your YouTube privacy settings at Google security settings page at https://security.google.com/settings/security/permissions before linking or connecting them to our Website. You can find more information on YouTube and Google’s privacy at https://policies.google.com/ and Google Privacy Policy at Google Privacy Policy at https://policies.google.com/privacy.

5.3. We bear no liability for the actions of third parties, which, as the result of your use of the Internet or the Hipolink Platform, obtain access to your information in accordance with the confidentiality level selected by you.

5.4. We bear no liability for the consequences of the use of the information that, due to the nature of the Hipolink Platform, is available to any Internet user. We ask you to take a responsible approach to the scope of the information posted on the Website.

6. INTERNATIONAL TRANSFERS

6.1. We may transfer and maintain some of your personal information on our servers or databases outside the European Economic Area (EEA), including in CIS.

6.2. The countries to which we transfer your data may not have the same data protection laws as your jurisdiction. We take reasonable cyber security measures and/or put in place the Standard Contractual Clauses to ensure your data is adequately protected.

7. RETENTION PERIODS

7.1. We will retain your personal information for as long as required to perform the purposes for which the data was collected, depending on the legal basis for which that data was obtained and/or whether additional legal/regulatory obligations mandate that we retain your personal information during the term that is required and/or permissible under applicable/relevant law.

7.2. You may delete your personal data by removing the data from your account; alternatively, you can delete your account.

7.3. You may request to remove your account and data on our Hipolink Platform by contacting the Support Service.

7.4. We may remove your account or the information you post, as provided by the EULA.

8. YOUR RIGHTS

8.1. You have the following rights, in certain circumstances, in relation to your personal information:

(a) Right to access your personal information.

(b) Right to rectify your personal information: you can request that we update, block, or delete your personal data, if the data is incomplete, outdated, incorrect, unlawfully received, or no longer relevant for the purpose of processing.

(c) Right to restrict the use of your personal information.

(d) Right to request that your personal information is erased if:

• it is no longer required in relation to the purposes for which it was gathered or processed in another way;

• you withdraw your consent concerning processing subject to consent;

• you are justifiably opposed to the processing;

• it has been subject to illicit processing; or

• it is imposed by law.

(e) Right to object to processing of your personal information.

(f) Right to data portability (in certain specific circumstances).

(g) Right not to be subject to an automated decision.

(h) Right to lodge a complaint with a supervisory authority.

(i) For processing based upon your consent, the right withdraw that consent at any time.

(j) You may have other rights under your legislation of your country of residence, including right to define the instructions relative to the outcome of your personal data after your death.

(k) You may, subject to the limitations indicated below, set one of the following confidentiality levels for your Hipolink Platform account:

• information available to any Internet user;

• information available to the users of the Hipolink Platform having the status of your friends on the Hipolink Platform;

• information available only to You and no one else.

The following information is always available to any Internet user: your nickname and avatar picture, link to your Hipolink Platform account, last login date, time spent on the Hipolink Platform.

Despite of the confidentiality level for your Hipolink Platform account change, information indicated in the sixth table line of Clause 3.3 shall remain available on the Website.

Please be aware that Internet users, who have accessed your personal information in accordance with the confidentiality level selected by You, may disclose such information to others. In case of removal of your information from your account or removal of your account from the Hipolink Platform, your information copied by other persons or stored on other persons’ pages may remain available on the Website.

8.2. You also have the right to independently remove personal information on your account and make changes and corrections to your information, provided that such changes and corrections contain up-to-date and true information. You can also view an overview of the information we hold about you. If you reside in France you have the right to register on the list of opposition to telephone canvassing on https://www.bloctel.gouv.fr.

8.3. If you would like to exercise these rights, please contact our Support Service or send your request to us in writing to Barbara Strozzilaan 201, 1083 HN, Amsterdam, the Netherlands. We will aim to respond to you within thirty (30) days from the date of receipt of your request. We will need to verify your identity before we are able to disclose any personal data to you.

8.4. In case you provided the access of the Hipolink Platform to your YouTube account (for example if you registered on the Hipolink Platform using YouTube social network account) you can revoke that the access of the Hipolink Platform to your YouTube account via the Google security settings page at https://security.google.com/settings/security/permissions.

9. YOUR CALIFORNIA PRIVACY RIGHTS

9.1. This notice to California residents is provided under California law, including the California Consumer Privacy Act (“CCPA”), Cal. Civ. Code 1798.100, et seq. This notice supplements our Privacy Policy by explaining your California privacy rights if you are a California resident, and provides certain mandated disclosures about our treatment of California residents’ information, both online and offline.

9.2. If you are a California resident you have the following rights in relation to your personal information:

(a) Right to Access. If you are a California resident, you have the right to request, up to two times each year, access to categories and specific pieces of personal information about you that we collect, use, disclose, and sell.

(b) Right to Delete. If you are a California resident, you have the right to request that we delete personal information that we collect from you, subject to applicable legal exceptions.

(c) Process to Make a CCPA Request. To make an access or deletion request, please send your enquiries to our Support Service.

(d) Before completing your request, we may need to verify your identity or the identity of your authorized representative. We will then take action to verify your email address and may request additional documentation or information solely for the purpose of verifying your identity.

(e) Right to Opt Out of Sale of Personal Information. If you are a California resident, you have the right to “opt out” of the “sale” of your “personal information” to “third parties” (as those terms are defined in the CCPA). You can exercise this right by clicking here. Our Privacy Policy describes the limited circumstances in which we may share your information with third parties. Our Privacy Policy also provides you with certain controls and choices regarding our collection, use, and sharing of your information.

(f) Right to Non-Discrimination: You have the right not to receive discriminatory treatment for the exercise of your privacy rights conferred by the CCPA.

(g) Shine the Light Act. If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information by us and our affiliates to third parties for the third parties’ direct marketing purposes. We are dedicated to treating your personal information with care and respect. For inquiries regarding our disclosure policy, you may send your enquiries to our Support Service.

(h) Authorized Agents. If you would like to designate an authorized agent to make a request on your behalf, please be sure the agent can (I) demonstrate you have provided written permission for the agent to submit the request on your behalf, and (II) provide proof of his or her own identity. If the agent does not satisfy these requirements, we will deny the request.

(i) Privacy Rights for California Minors. If you are a California resident under the age of 18, California Business and Professions Code Section 22581 permits you to view, correct and request the removal of content or information you have posted to the Site, message boards, or forums. You may exercise this right you may send your enquiries to our Support Service. Note that any information posted to the message boards or forums is publicly viewable. We strongly recommend that all users avoid posting personal or sensitive information. Residual copies of content and/or information that have been deleted may remain on our backup servers. We do not have to remove posted content or information if it has been rendered anonymous. We may retain your information to resolve disputes, enforce our user agreements, or comply with legal requirements; in this case, your personal information will be blocked from use for any other purpose. Additionally, we do not have control over third parties (e.g., other users) who may have copied or reposted the content or information.

9.3. Mandatory Disclosures. In addition to the information provided elsewhere in our Privacy Policy, we make the following disclosures for purposes of compliance with the CCPA:

• We collected the following categories of personal information in the last 12 months: Identifiers, contact Information, demographic information, payment information associated with you, commercial information (such as information about goods and services you have purchased), Internet or other electronic network activity information, including information obtained from third parties, general location data (country), electronic information, and inferences drawn from the above. For detailed information please refer to “INFORMATION WE COLLECT ABOUT YOU” Section of this Privacy Policy.

• The sources of personal information that we collected are: our users, directly, third party sites or platforms that you link with your registration account, analytics tools, social networks, advertising networks, and trusted sources who update or supplement information we hold about you.

• The business or commercial purposes of collecting personal information are described in the “INFORMATION WE COLLECT ABOUT YOU” Section of this Privacy.

• We disclosed the following categories of personal information for a business purpose in the last 12 months: IP addresses, Identifiers, information about your web browsing and app usage, demographic information, payment information associated with you, commercial information, Internet or other electronic network activity information, including information obtained from authorisation services of third parties, general location data (country), electronic information, and inferences drawn from the above. We disclose these categories outside only as described in the “DATA SHARING” Section of this Privacy Policy.

• Although we do not sell personal information for monetary consideration, some of our partners may collect and process information when you interact with our Hipolink Platform, including IP addresses, digital identifiers, information about your web browsing and app usage, and how you interact with our advertising properties and ads in order to provide you with relevant ads across the Internet and for other analytics purposes, and such partners may “sell” that information to other businesses for advertising and other purposes under the definition of “sale” in the CCPA.

• As the term is defined by the CCPA, we “sold” the following categories of personal information in the last 12 months: IP addresses, Identifiers/Contact Information, Internet or other electronic network activity information, including information about your web browsing and app usage, and inferences drawn from the above. We “sold” each category to social networks (for the authorization purposes), advertising networks, data analytics providers and our infrastructure service providers.

• The business or commercial purposes of “selling” personal information is for third party companies to perform services on our behalf, like marketing, advertising, performance and audience measurement.

• We do not “sell” personal information of known minors under 16 years of age.

9.4 Online Tracking/Do Not Track. We and our third party service providers may use cookies, pixels, or other tracking technologies to collect information about your browsing activities over time and across different websites. California Business and Professions Code Section 22575(b) (as amended effective January 1, 2014) permits our users who are California residents to be informed as to how we respond to Web browser "Do Not Track" settings. As Do Not Track is a standard that is currently being developed, we do not take actions to respond to Do Not Track settings, and instead we adhere to the standards set out in this Privacy Policy.

10. SECURITY MEASURES

10.1. We take technical, organisational, and legal measures, including, where suitable, encryption, to ensure that your personal data is protected from unauthorised or accidental access, deletion, modification, blocking, copying, and dissemination.

10.2. Access to the Hipolink Platform is authorised using your login (e-mail address or mobile phone number) and password. You are responsible for keeping this information confidential. You shall not share your credentials with third parties and we recommend you take measures to ensure this information is kept confidential.

10.3. If you forget your login details, you can request us to send you an SMS or e-mail, which will contain a restoration code.

10.4. To reduce the probability of third parties gaining unauthorised access, if you login to your account from an unusual place or after several failed attempts to provide valid login details, we may block entry to your account. You will then need to contact our Support Service and provide certain additional information to verify your credentials and gain access to your account.

11. CHANGES TO THIS POLICY

11.1. From time to time, we may change and/or update this Privacy Policy. If this Privacy Policy changes in any way, we will post an updated version on this page. We will store the previous versions of this Privacy Policy in our documentation archive. We recommend you regularly review this page to ensure that you are always aware of our information practices and any changes to them.

12. CONTACT US

12.1. If you have any questions, please send your enquiries to our Support Service at support@hipolink.net or send your request to us in writing to Barbara Strozzilaan 201, 1083 HN, Amsterdam, Netherlands. Please quote this Privacy Policy so we can deal with your enquiry efficiently. We will aim to respond to you within 30 days from receipt of your request.

12.2. All correspondence received by us from you (written or electronic enquiries) is classified as restricted-access information and may not be disclosed without your written consent. The personal data and other information about you may not be used without your consent for any purpose other than for responding to the enquiry, except as expressly provided by law.

12.3. The e-mail address of our DPO is dpo@hipolink.net.

13. PRIVACY NOTICE FOR PARENTS/LEGAL GUARDIANS

13.1. We encourage parents to discuss with their children the importance of personal data protection.

13.2. We will not require a child to provide more information than is reasonably necessary in order to use the Hipolink Platform.

13.3. If under applicable law a parental consent is required, children can use the Hipolink Platform only with the parental consent. For the purpose of parental consent, when setting up an account, a child must provide email address of his/her parent/ legal guardian. We use that email address to contact the child’s parent/legal guardian to ask for his/her consent for child’s registration on the Hipolink Platform and our use of the child’s personal data in respect thereof. Information on the parental consent (with email address of parent/ legal guardian) shall remain available on the Hipolink Platform. We will use email address of parent/ legal guardian solely for parental consent purposes.

13.4. At any time, parent/legal guardian can refuse to permit us to collect further personal data of their children in association with a particular account, and can request that we cease collecting of such personal data, by sending a corresponding request via our DPO.

13.5. For the matters related to children’s personal data collecting parents/legal guardians can contract us via our DPO.