Privacy Notice

Privacy Notice – KINDRED GROUP (the “Company”)

What is a privacy notice?

We want to ensure you understand what information we collect about you, how we will use it and for what purpose.

We are also required by data protection legislation to explain certain matters to you.

This Privacy Notice is part of the contractual terms with the Terms and Conditions : Terms & Conditions – Kindred Affiliates | The award-winning online betting and gaming affiliate program.

What personal data do we collect about you?

Upon joining the Affiliate Program via the sign-up form provided once you contact us through https://www.kindredaffiliates.com/contact/, we will collect, store and process personal information about you that you provided, this can include your:

• Sign-up data: name, affiliate/company name, e-mail address, contact number, skype name, postal address, website address, payment details, username and password
• Payment information: Payee name, payment method, e-mail address for the chosen payment method or bank name, postal address, account number, bank code, IBAN code and BIC/ABA/Swift code
• Identification Documents: Copies of ID, director details (if applicable), for due diligence and fraud prevention
• Due diligence: copy of ID, Proof of address, Bank statement or an official document provided by the bank (affiliates paid via Bank Wire, Proof showing ownership (affiliates paid via E-wallet), Certificate of Incorporation

How and why will we use your personal data?

As you will appreciate, we need to use your personal information to process your application, determine your suitability as an Affiliate and to carry out an ongoing business relationship with you.

In most cases, we will use your personal information to comply with our legal obligations, to take steps towards entering into a contract with you, or to further the Company’s legitimate business interests.

Type of personal data	Purpose of processing	Legal basis	Retention period
Contact details (e.g., name, email, phone)	Managing the Affiliate Program (e.g., contacting you for queries, updates on the program or brands).	Contractual necessity (Article 6(1)(b) GDPR).	Duration of the contractual relationship + 6 years for legal purposes
Payment details (e.g., payee name, bank details, payment method)	Processing commission payments.	Contractual necessity (Article 6(1)(b) GDPR).	Duration of the contractual relationship + 6 years for legal purposes
Identification documents (e.g., ID copies, director details)	Verifying your identity or that of the directors of the company for due diligence and fraud prevention purposes.	Contractual necessity (Article 6(1)(b) GDPR) and in some local markets, legal obligation (Article 6(1)(c) GDPR).	Duration of the contractual relationship + 6 years for legal purposes
Contact details and dispute-related documentation (e.g., communications, records of activity)	Processing your personal data in connection with disputes during or after your participation in the Affiliate Program to ensure fair and transparent resolution and meet legal or regulatory requirements.	Legitimate interests (Article 6(1)(f) GDPR).	Retained for the duration of the dispute and archived for up to 6 years following resolution for legal and regulatory purposes
Affiliate verification process	Kindred Group conducts Affiliate Due Diligence (ADD) for all prospective and existing affiliates as part of our Know Your Affiliate (KYA) programme. This is to comply with industry regulations and to verify the accuracy of the information associated with affiliate accounts. Existing affiliates may also be required to complete a questionnaire to update their profiles.	Legitimate interests under Article 6(1)(f) of the GDPR.	Data will be retained for the duration of the dispute and archived for up to six years following resolution to fulfil legal and regulatory requirements

What happens if you do not provide personal information?

You are required by law to provide certain personal information to us, for example to enable us to verify your identity. If you fail to provide certain personal information when requested, we will not be able to continue with your application and in some cases (i.e. should you refuse to provide us with the necessary information to verify the identity of yourself or the directors of the company to which the affiliate account belongs) your affiliate account may have to be closed.

Who else might your personal data be shared with?

We work with a third-party software supplier, NetRefer (the “Techincal Platform”), who are the Data Processor of your data relating to your affiliate account.

NetRefer monitors compliance with its data protection policies and procedures and has procedures to address privacy-related complaints and disputes. In this regard, individuals may address their data protection related concerns by contacting NetRefer’s Data Protection officer at dpo@netrefer.com or +356 2767 3337.

NetRefer shall respond to all inquiries, concerns and/or complaints about its personal information handling practices.

The regulatory body in Malta responsible for the handling of personal information is the Office of the Information and Data Protection Commissioner. For more information, please visit https://idpc.org.mt/en/Pages/Home.aspx.

Every privacy-related complaint will be acknowledged, recorded and investigated, and the results of the investigation will be provided. If a complaint is found to be justified, appropriate measures will be taken including, if necessary, amending our privacy policies and procedures.

Data may be shared with the relevant authorities, such as the Office of the Information and Data Protection Commissioner in Malta, as required by law.

Your personal data will not be transferred outside the European Economic Area (EEA). However, in the unlikely event that such a transfer becomes necessary, we will ensure that appropriate safeguards are in place to protect your data.

These safeguards may include:

• The use of Standard Contractual Clauses (SCCs) approved by the European Commission, which impose data protection obligations on the recipient
• Ensuring that the transfer is to a country that the European Commission has determined provides an adequate level of protection for personal data
• Implementing other lawful mechanisms as permitted by applicable data protection laws

How long do we keep your personal data?

If your application is successful, we will retain your personal information only for as long as it is necessary to fulfil the purposes for which it was collected, or as required to comply with legal obligations. Once these purposes have been fulfilled, or the legal retention period has expired, we will securely delete or anonymize your personal data

• Inactive Affiliates: your information will be retained for up to 1 year and archived for up to 6 years; we will ask you if you would like us to retain your personal information or not
• Active Affiliates: your information will be retained for the lifetime of the Affiliate and then deleted as per indicated above

How do we keep your personal data secure?

We work with a third-party software supplier, NetRefer (the “Techincal Platform”) to ensure the security of personal data through robust protection measures against unauthorized access, loss, or misuse.. These measures include:

• Data Encryption: Encryption is applied for data both in transit and at rest, ensuring sensitive information is well-protected and masked where necessary
• Access Control: Access to personal data is restricted to authorized personnel only, utilizing role-based access control and multi-factor authentication for enhanced security
• Regular Security Reviews: Systems undergo ongoing testing and evaluations to protect against potential security threats
• Firewall and Threat Monitoring: We use advanced tools to monitor and block unauthorized access attempts and protect against cyberattacks
• Regular Security Reviews: Systems undergo ongoing testing and evaluations to protect against potential security threats
• Observability, Monitoring, and Enforcement: Advanced monitoring tools are employed to gain insights into data flows and detect security events proactively, ensuring constant visibility
• Remote Access Methods: Secure remote access is provided using established encryption protocols and multi-factor authentication to protect sensitive data
• Application Layer Security: Authentication and authorization measures are enforced using a structured access control framework, with integrated protections against common vulnerabilities
• Governance, Compliance, and Regular Audits: Compliance with ISO standards is maintained, with regular audits conducted to ensure adherence to security practices and continuous improvement in the framework

What are your rights in relation to your personal information?

You have certain rights in relation to your personal data, and we have summarised those that are relevant here. For more information on your rights, or if you wish to exercise any of them, please contact us (see the contact details at the bottom of this notice).

1. The right to be informed

You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Privacy Notice.

2. The right of access

You have the right to obtain access to your information (if we’re processing it), and certain other information (similar to that provided in this Privacy Notice).

This is so you’re aware and can check that we’re using your information in accordance with data protection law.

3. The rights to rectification and erasure

You are entitled to have your information corrected if it’s inaccurate or incomplete. In limited circumstances you will have a right to have information erased (known as the right to be forgotten).

4. The right to restrict processing

You have the right to restrict some processing of your personal information, which means that you can ask us to limit what we do with it;

5. The right to object to processing

You have the right to object to certain types of processing, including processing based on our legitimate interests in some cases.

6. The right to lodge a complaint

You are able to submit a complaint to the Information Commissioner’s Office about any matter concerning your personal information, using the details below. However, we take our obligations seriously, so if you have any questions or concerns, we encourage you to raise them with us first, so that we can try to resolve them.

Office of the Information and Data Protection Commissioner, Level 2, Airways House, High Street, Sliema SLM 1549, Malta

Tel (+356) 2328 7100, www.idpc.org.mt

7. The right to withdraw consent

If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful).

How will we handle a request to exercise your rights?

This will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.

We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:

• baseless or excessive/repeated requests, or
• further copies of the same information

Alternatively, the law may allow us to refuse to act on the request.

Questions?

If you have any questions about anything in this privacy notice, please contact Data Protection Officer at DPO.Officer@kindredgroup.com.

Our general contact details are affiliates@kindredgroup.com.

We may update this Privacy Notice to reflect changes in laws or our processing activities. Any updates will be communicated through our website.

Last updated 04/02/2025.