Your privacy is important to us. This Consent to Personal Data Processing (hereinafter "the Consent”) is meant to help you understand what data we collect, why we collect it, and how we process it. Please take your time to read the document. Your Consent to Personal Data processing is necessary to continue working with the CPA Titan affiliate program.
* This form of Consent fully complies with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter the “GDPR Regulation”).
I, hereinafter referred to as the “Personal Data Subject” or “Affiliate”, hereby confirm that, being a fully capable natural person who has reached the age of majority, acting on my own goodwill without compulsion and in my own interests, I decide to provide my personal data to the following legal entities, and also give consent to its processing, that is, performance of any actions (operations) or a set of actions (operations) implemented with automatic means or without any with my personal data, solely for the purposes and in the ways indicated in this Consent:
1. "The Controller” – a legal entity that independently determines the personal data processing purposes and means:
is registered in accordance with the applicable law of , registration number , address: .
2. "The Processors” – legal entities that process personal data on behalf of the Controller:
- Traffic Manager Limited processes personal data on behalf of the CPA Titan (). Traffic Manager Limited is registered in accordance with the applicable law of the Republic of Malta, registration number C76756, address: 3, Advance Business Centre, Triq G. Flores, Santa Venera, SVR1950, Malta.
TYPES, PURPOSES, METHODS AND PERIODS OF PERSONAL DATA PROCESSING
Personal data for which this Consent is granted (hereinafter the “Personal Data”):
1. First name and last name (Processing purposes: Affiliate identification);
2. Gender (Processing purposes: Marketing goals, provision of effective customer service);
3. Date of birth (Processing purposes: Affiliate age identification);
4. Identity document information (Processing purposes: in some cases the controller could ask to the affiliate the ID card for the purpose of obtaining reasonably complete information about the subject for conducting financial transactions in order to prevent money laundering, financing of terrorism and tax evasion);
5. Residence address (Processing purposes: in some cases the controller could ask to the Affiliate residence identification);
6. Contact phone number and other means of communication (including messenger apps' user IDs). (Processing purposes: Affiliate verification, provision of support services to the Affiliate, use for marketing purposes);
7. Email (Processing purposes: Identification of the Affiliate account, newsletters, use for marketing purposes);
8. Information on the Affiliate identified locale, i.e. a set of parameters that determine regional settings of user interface, namely, residence country, time zone and the interface language of the Affiliate. (Processing purposes: Identification of the Affiliate account, newsletters, use for marketing purposes);
9. Technical data that is automatically transmitted by the device through which the subject uses the Controller web-site, including the device’s technical characteristics, IP address, information in the cookies files that have been sent to the subject device, information about the subject browser, the operating system name and version, the date and time of access to the site, the requested pages’ addresses. (Processing purposes: Correct operation of the web application, mobile and desktop versions of the Controller application; monitoring of the Affiliate behavior, prevention of creating duplicate accounts for fraud purpose or other illegal actions)
Collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, examination, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, sampling, erasure or destruction.
1. If the Affiliate is a citizen of a European Union country or has been verified to work with citizens of the European Union countries, the Personal Data processing period ends in 5 (five) years from the termination of interaction between the in the Affiliate Agreement framework. The Personal Data storage period may be extended from 5 (five) to 7 (seven) years upon the competent authority request.
2. If the Affiliate is not a citizen of a European Union country and has not been verified to work with citizens of the European Union countries, the Personal Data processing period for such an Affiliate is unlimited and Personal Data may be processed by the Controller and its Processors after the termination of the Affiliate Agreement between such Affiliate and .
IN ADDITION TO THE ABOVE, I CONFIRM THAT FOR THE TIME OF THIS CONSENT I AM ACQUAINTED WITH THE FOLLOWING INFORMATION:
Legal basis for the Personal Data processing:
General Data Protection Regulation of April 27, 2016 (GDPR);
Full name and contact details of the person authorized by the Controller and responsible for the Personal Data processing: Data Protection Officer, Mr. Francesco Montanari, email: firstname.lastname@example.org
Third parties, to whom the Controller and/or the Processor may transfer the Affiliate Personal Data for processing for the purposes and in the ways indicated in this Consent:
1. Centers for personal data processing and storing (data processing centers, data centers):
- Provided Personal Data: All Personal Data listed in this Consent;
- Personal Data provision purpose: Affiliate Personal Data safe storage;
List of data processing centres:
OVH - 2 rue kellermann BP 80157 59053 ROUBAIX CEDEX 1 - France
2. State authorities authorized to receive personal data; auditors, consultants, accountants, notaries, lawyers (if necessary):
- Provided Personal Data: All Personal Data listed in this Consent;
- Personal Data provision purpose: The Controller provides the Affiliate Personal Data solely in case of the disclosure requirement to authorized official authorities or persons in accordance with the applicable law, order, decree, court decision and in the minimum necessary extent.
Personal data security ensuring means: specified in the “Policy of processing and safety of personal data” approved by the Controller. The Policy will be available on https://admin.cpatitan.com/en/privacy-policy starting from May 25th, 2018.
Validity period of the consent:
- If the Affiliate is a citizen of a European Union country or has been verified to work with citizens of the European Union countries, this Consent is valid for the minimum required period of the Affiliate Personal Data processing, namely within 5 (five) years from the date of the termination of interaction between the Affiliate and in the Affiliate Agreement framework. The Personal Data storage period may be extended from 5 (five) to 7 (seven) years from the date of the termination of interaction between the Affiliate and in the Affiliate Agreement framework;
- If the Affiliate is not a citizen of a European Union country and has not been verified to work with citizens of the European Union countries, the Personal Data processing period for such an Affiliate is unlimited and Affiliate consents that such Personal Data may be processed by the Controller and its Processors after the Affiliate Agreement between such Affiliate and validity termination.
Special rules for Affiliates that are citizens of European Union countries or have been verified to work with citizens of the European Union countries:
1. Consent withdrawal: If the Affiliate is a citizen of a European Union country or has been verified to work with citizens of the European Union countries, the Controller is obliged to comply with the GDPR Directive on the specified above minimum period for such Affiliate Personal Data storage. The Personal Data Subject understands, agrees and confirms that the right to withdraw this Consent cannot be applied prior to the mandatory Personal Data storage period expiration in accordance with the provisions of the GDPR Directive;
If the Affiliate is a citizen of a European Union country or has been verified to work with citizens of the European Union countries has not withdrawn this Consent after five (5) years following to the termination of interaction between the Affiliate and . in the Affiliate Agreement framework, the Controller, provided that the competent authority does not require the extension of the Personal Data processing to 7 (seven) years period, at the end of this five-year period erases the personal data by irrevocable destruction, and also informs all third parties to whom the Controller and/or Processors transferred the Affiliate Personal Data regarding such erasure, and demands the implementation of similar actions on their part.
2. Affiliate that is a citizen of a European Union country or has been verified to work with citizens of the European Union countries is also notified that at any time of the Consent validity period he has the right to:
- Access the Personal Data, i.e. has the right to request and obtain from the Controller a confirmation as to whether or not personal data are being processed / access to Personal Data and the following information: the purposes of the processing; the categories of personal data concerned, all possible recipients of the Personal Data, where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- Obtain from the Controller without undue delay the rectification of inaccurate Personal Data, the completion of Affiliate’s incomplete Personal Data, as well as require the receipt of notifications from the Controller regarding any corrections, additions, erasures or limitations to the Personal Data processing;
- Erasure of the Personal Data (“right to be forgotten”) if: personal data no longer necessary in relation to the purposes for which they were collected or otherwise processed; the Personal Data Subject withdraws the Consent, and there is no other legal ground for the processing; the Personal Data Subject objects to the Personal Data processing and there are no overriding legitimate grounds for the processing; Personal Data has been unlawfully processed; Personal Data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject; Personal Data has been collected in relation to the offer of information society services to a child (taking into account the provisions of Article 8 (1) of GDPR);
- Obtain restriction of Personal data processing if: the accuracy of the personal data is contested by the Affiliate, for a period enabling the Controller to verify the accuracy of the personal data; the processing is unlawful and the Affiliate opposes the erasure of the personal data and requests the restriction of their use instead; the Controller no longer needs the personal data for the purposes of the processing, but they are required by the Affiliate for the establishment, exercise or defense of legal claims; the Affiliate has objected to processing pending the verification whether the legitimate grounds of the Controller override those of the Affiliate;
- Personal Data portability, i.e. to receive the Personal Data, which Affiliate has provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller;
- Object to Personal Data processing, and as result the Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the Personal Data processing which override the interests, rights and freedoms of the Affiliate or for the establishment, exercise or defense of legal claims (where personal data is processed for direct marketing purposes, the Affiliate shall have the right to object to processing of personal data for such marketing, and the Controller shall no longer process the Personal Data for such purposes);
- File a complaint regarding the Controller/Processors actions to the supervisory authority.
Refusal to grant the Consent: Personal Data Subject hereby confirms that he has been notified that the provision of this Consent is not mandatory and the Affiliate may at any time refuse it. However, the Consent granted by the Affiliate is a requirement necessary for the conclusion of the Affiliate Agreement between the Affiliate and . In the case of absence of the Affiliate signed Consent, the contractual relationship between the Affiliate and . does not arise.
Last edit: Jan 20, 2022