1. Introduction

This Privacy Notice outlines our practices concerning the collection, use, and safeguarding of your personal data.

This notice applies to SuprMedia Affiliates. It is designed to meet our duties of transparency under the privacy legislation and to ensure you understand our approach to your personal data.

Please read this notice carefully to understand our practices regarding your personal data and how we will treat it. If you have any questions or concerns about this notice or your data protection rights, our contact details are provided at the end of this document for your convenience.

2. Who are we?

SuprMedia Ltd, a Gibraltar-registered company with company registration number 119577, is the personal data controller responsible for the processing of your personal data (the “Company”). This policy describes our processing of personal data. SuprMedia Ltd. processes your personal data in compliance with the EU General Data Protection Regulation 2016/679 (the “GDPR”), Privacy and Electronic Communications Directive 2002/58/EC and the various subsidiary legislation issued under the same (“Data Protection Legislation”). 

SuprMedia is part of the SuprNation Group (“SuprNation” or “SN”), and it can be contacted at the following address: Palazzo Villa Rosa, Triq in-Nemes, Swieqi, Malta.

3. Collection of Personal Information

We collect personal information directly from you once you have signed up to the SuprAffiliates Programme and, where applicable, public sources, such as business registries and databases. 

Personal information we may collect includes the following: 

  • Contact details (email address, phone number) 
  • Personal details, such as name, address, DoB
  • Financial information (bank account details) 
  • KYC information, including copies of ID documents.

4. How we process your personal data

Your personal information will be used to:

  • Comply with legal or regulatory requirements.
  • Process payments required under the agreement.
  • Fraud detection, anti-money laundering or other criminal activity. 
  • Marketing purposes. 

5. What is the legal basis for processing your personal data?

The lawful basis for processing your personal information for these purposes includes:

  • Consent: You have given clear consent for us to process your personal data for the purpose of marketing.
  • Contractual necessity: The processing is necessary for contract performance, such as processing payments. 
  • Legal obligation: The processing is necessary for compliance with a legal obligation to which we are subject, such as AML laws, regulatory, tax and any other applicable laws. 
  • Legitimate interests: The processing is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not overridden by your rights and interests. These interests include fraud detection and prevention, as well as defending legal claims. 

6. Sharing of Your Personal Information

We may share your personal information with third parties involved in certain processes of SuprMedia, including, but not limited to, banks, financial institutions etc. Any third-party service providers we use are required to take appropriate security measures to protect your personal information.

We may also share your personal information with other companies within the SuprNation group.

7. How long we keep your personal data 

We will retain your personal information for as long as necessary to fulfil the purposes identified in clause 5, including for the purposes of satisfying any legal, accounting, or reporting requirements.

8. Your rights and your personal data 

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

  • The right to request a copy of your personal data which Company holds about you unless there are legally binding restrictions forbidding us to share all the information we process,
  • The right to request that Company corrects any personal data if it is found to be inaccurate or out of date,
  • The right to request your personal data is erased where it is no longer necessary for Company to retain such data (unless Company has a right to process data e.g. to defend its legal claims),
  • The right to withdraw your consent to the processing at any time,
  • The right to request that Company to provide you with your personal data and where possible, to transmit that data directly to another data controller
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing 
  • The right to object to the processing of personal data 
  • The right to lodge a complaint with the Information and Data Protection Commissioners Office

Generally, exercising your rights is free of charge. However, if your request is clearly unfounded, repetitive, or excessive a reasonable administrative fee may be charged. Company shall provide you with a response without undue delay, and in any event within 1 month starting from the date that your identity is verified. Please note that verification of your identity is a security measure to ensure that personal data is not disclosed to any unauthorized person.

9. Transfer of data outside of the EU

Where personal data is intended to be transferred outside of the EU, the GDPR imposes restrictions to ensure the protection of individuals is not undermined by taking the necessary actions so that your privacy rights continue to be protected in accordance with Data Protection Legislation. Company will ensure that any transfers within the group companies provide for adequate safeguards as enforced by the Information Commissioner.

10. Further processing 

If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.  Where and whenever necessary, we will seek your prior consent to the new processing.

11. Data Security

Company takes information security seriously and strives to comply with our regulatory and legal obligations at all times.  Any personal information collected will have appropriate safeguards applied in line with obligations arising out of Data Protection Legislation.

Your information is protected by controls designed to minimise loss or damage through accident, negligence or deliberate actions. This includes:

  • Encryption: data is stored on a reputable cloud (Google and Dropbox) which encrypts data;
  • Strong password requirements;
  • Access restrictions: only a restricted number of person(s) within the Company have and will have access to your personal data;
  • Keeping personal information up to date;
  • Storing and destroying it securely;
  • Data minimization: not collecting or retaining excessive amounts of data;
  • Protecting personal data from loss, misuse, authorized access and disclosure;
  • Ensuring that appropriate technical measures are in place to protect personal data.

12. How to make a complaint

Company will always strive to collect, use and safeguard your personal information in line with Data Protection Legislation.  If you do not believe we have handled your information as set out in this Privacy Notice or in accordance with applicable Data Protection Legislation, please contact us immediately at [email protected] to put things right.

If you believe the matter is still unresolved you can make a complaint to the Isle of Man Information Commissioner