Data Protection Policy – Romanian

1. POLICY INFORMATION

1.1. Organization

1.1.1. HTTPOOL, Internet Marketing, d.o.o. (‘ HTTPOOL Slovenia’), a limited liability company incorporated under the laws of the Republic of Slovenia, with its main establishment and registered office at Ljubljana, Tacenska cesta 26, 1210 Ljubljana – Šentvid, Slovenia, registration number 1554301000 and tax identification number SI 81931247, is responsible as the data controller of your personal data.

1.1.2. In addition, this Data Protection Policy (‘policy’) applies to ‘HTTPOOL’ meaning the group of undertakings comprised of HTTPOOL Slovenia as the controlling undertaking and its controlled undertakings comprised of subsidiary and affiliated enterprises and any other enterprise whether to be incorporated as the controlled undertaking or to adhere to this policy. The reference to HTTPOOL, also referred to as ‘we’ or ‘us’, may mean reference to the group of undertakings or an individual enterprise within this group being responsible as the data controller of your personal data as the case may be.

1.1.3. HTTPOOL cooperates with service providers, such as advertisers, publishers and other partners, accounting and IT services providers, wherein within this business cooperation certain personal data could be collected, transferred and processed by such service providers. HTTPOOL cooperates only with service providers, which are in compliance with the General Data Protection Regulation.

1.1.4. This policy applies to information we collect when you access or use HTTPOOL’s website(s), AdPlatform, including the Ad Network, or otherwise interact with us as described below. We are compliant with applicable legislation in the countries in which we operate. By using our services or interacting with us as described below, you confirm that you are aware of this policy.

1.1.5. We may amend this policy from time to time due to change of legislation or us updating our internal policies and practices. If we make changes, we will notify you by revising the date of this policy, and in some circumstances, we may provide you with additional notice, including, for example, by adding a statement to the website(s) of HTTPOOL or by sending you an email notification. We strongly encourage you to review the policy whenever you access or use our services to stay informed about our information practices and your privacy rights and choices.

1.1.6. This policy was prepared by joint cooperation of enterprises comprising HTTPOOL and approved on 25 May 2018 by Timotej Gala, director of HTTPOOL Slovenia.

2. INTRODUCTION

2.1. Definitions

2.1.1. ‘personal data’ means any information relating to an identified or identifiable natural person (‘ data
subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by
reference to an identifier such as a name, an identification number, location data, an online identifier or to one
or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of
that natural person;

2.1.2. ‘processing’ means any operation or set of operations which is performed on personal data or on sets of
personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage,
adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise
making available, alignment or combination, restriction, erasure or destruction;

2.1.3. ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly
with others, determines the purposes and means of the processing of personal data; where the purposes and means of
such processing are determined by Union or Member State law, the controller or the specific criteria for its
nomination may be provided for by Union or Member State law;

2.1.4. ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal
data on behalf of the controller;

2.1.5. ‘third party’ means a natural or legal person, public authority, agency or body other than the data subject,
controller, processor and persons who, under the direct authority of the controller or processor, are authorised to
process personal data;

2.1.6. ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the
data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to
the processing of personal data relating to him or her;

2.1.7. ‘data concerning health’ means personal data related to the physical or mental health of a natural person,
including the provision of health care services, which reveal information about his or her health status;

2.1.8. ‘enterprise’ means a natural or legal person engaged in an economic activity, irrespective of its legal form,
including partnerships or associations regularly engaged in an economic activity;

2.1.9. ‘group of undertakings’ means a controlling undertaking and its controlled undertakings;

2.1.10. ‘General Data Protection Regulation’ means the Regulation (EU) 2016/679 of the European Parliament and of the
Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on
the free movement of such data, and repealing Directive 95/46/EC;

2.2. Purpose of policy

2.2.1. The purpose of this policy is to give you information about what personal data we collect and why we do it,
how we collect, use and disclose that personal data, the legal grounds for processing, and your rights in respect to
your personal information.

2.2.2. HTTPOOL has adopted this policy in order to ensure the protection of your rights in relation to the processing
of your personal data as your fundamental right, to further design the processing of personal data to serve both
you, HTTPOOL’s clients, workers and employees and other individuals, as well as to protect HTTPOOL.

2.2.3. HTTPOOL notably strives to further design this policy in order to approved it as binding corporate rules in
accordance with Article 47 of the General Data Protection Regulation.

2.3. Business activities

2.3.1. HTTPOOL provides advertising technology services to its clients. Upon opening an account at the AdPlatform
connecting advertisers, publishers and other partners through the Ad Network, you provide us with Contact and
Business Management Data. Clients use the AdPlatform to provide advertising to end users and we in return provide
the services under our AdPlatform to help the clients to provide advertisements to end users. Thus, within its
business activities HTTPOOL processes only a very limited scope of personal data notably End User Data, wherein the
majority of the information we receive when providing services to our clients is considered to be data of
enterprises, notably Business Management Data.

2.4. Types of data

2.4.1. HTTPOOL processes the following categories of personal data:

2.4.1.1. Contact Data: personal name, company name, telephone number and e-mail address, in order to respond to you
when you contact us;

2.4.1.2. End User Data: data collected through interactions of end users with advertisements generated using
HTTPOOL’s services on behalf of our clients, which may be advertisers or publishers, including internet protocol
numbers automatically provided to us when the end user posts information through social media sites, plug-ins or
other applications depending upon your privacy settings, geolocation information (generally an end user’s latitude
and longitude data) for determining geotargeting, cookies on geolocation and frequency for providing advertisements,
all in order for us to perform business;

2.4.1.3. Business Management Data: personal name of employee or worker of the client (enterprise), company name,
address, e-mail address, telephone and fax number, the client’s payment details such as bank account number and type
of banc account, registration and tax number, information on the profit, submitted using special payment application
filled out by the client, all in order to provide services and further our business interests. HTTPOOL uses this
information to process payments. Where HTTPOOL uses third-party service providers to manage credit card processing,
such personal data are being obtained from the payment service providers.

2.4.1.4. Human Resource Data: personal data of our employees and workers including information about employee’s work
permit, employment contract and its termination, labour costs, data on salaries and compensations charged to the
employer and data on other labour costs and information on statutory social security contributions for an individual
worker, information on the use of working time, medical examinations, health checks of individual groups of workers,
completed training for safe work and tests of the workers’ qualifications, accidents at work, collective casualties,
dangerous occurrences, established occupational diseases and work-related illnesses and their causes, all in order
to comply with statutory provisions and to the extent as permitted by law;

2.4.1.5. Candidate Management Data: personal data of candidates for employment, namely personal name, date of birth,
place and the country of birth, address of permanent or temporary residence, actual and required education, work
experience, diploma certificate and various other certificates that are attached them to the application
(certificate of foreign language knowledge, statement on impunity, recommendations) or other details you provide to
us contained in letters of application and résumés, all in order to process your application for employment with us
and comply with statutory provisions;

2.4.1.6. Information on Management of Premises: personal data of individuals maintained regarding entries and exits
from the premises, namely the personal name, number and type of personal document, address of residence, employment,
type and registration number of the vehicle and date, time and reason for entry to or exit from the premises, all in
order to ensure the safety of people and property in our business premise;

2.4.1.7. Sensitive Information: information of employees and workers in relation to medical examination with an
assessment of the worker’s compliance with specific health requirements for a particular work in the workplace,
health checks of individual groups of workers with a list of examined workers and an assessment of the fulfilment of
specific health requirements for a particular work in the work environment, health status of a group of examined
workers, established occupational diseases, sickness-related illnesses or suspicion of an occupational disease,
information on the fact and level of intoxication, information whether the worker was under the influence of illicit
drugs and other psychoactive substances or not in case testing for illicit drugs and other psychoactive substances,
accidents at work, collective casualties, dangerous occurrences, established occupational diseases and work-related
illnesses and their causes; all only in order for us to comply with regulatory statutory provisions and to the
extent as permitted by law;

2.4.1.8. We ask that you avoid submitting us special categories of personal data including sensitive information and
data concerning health, unless such information is legally required and/or the HTTPOOL requests you to submit such
information.

2.4.1.9. HTTPOOL has adopted every reasonable step to ensure that personal data are accurate and kept up to date, as
well as that inaccurate personal data are erased or rectified without delay, however, it cannot assume liability
should your information provided to us not be true, incomplete and/or misleading.

2.5. Legal basis for processing

2.5.1. HTTPOOL processes personal data only, if permitted to do so by the General Data Protection Regulation.

2.5.2. Most commonly, HTTPOOL processes personal data about you because the processing is necessary for compliance
with a legal obligation to which HTTPOOL is subject . Special categories of personal data are processed only on this
legal basis and HTTPOOL does not process any such data on any other legal basis. Processing of Human Resource Data
including Sensitive Information is almost entirely subject to this legal basis.

2.5.3. Furthermore, HTTPOOL processes some personal data where processing is necessary for the performance of a
contract to which you are party or in order to take steps at your request prior to entering into a contract. Most of
the processing employment and work contracts (Human Resource Data), as well as Candidate Management Data is carried
out on this legal basis.

2.5.4. Moreover, we process some personal data where this is necessary for the legitimate interests pursued by
HTTPOOL (or by a third party) and your interests and fundamental rights do not override these interests. For
example, HTTPOOL has a legitimate interest in the processing and transfer of personal data within its group of
undertakings for internal business purposes, including centralisation of data processing activities, to design
lawfully efficient and workable business processes, to allow cross border teams to work together and to make
business processes more efficient and cost effective. Moreover, when HTTPOOL automatically receives your internet
protocol number we rely on our legitimate interest by geotargeting advertisements to end users, which is beneficial
to the user as an integral part of the social media site, plug-in or other application the user has consented to
use.

2.5.5. HTTPOOL may also process your personal data when you have given consent to the processing of your personal
data for one or more specific purposes. HTTPOOL has strived and continues to endeavour to obtain consents, which are
given freely, specific, informed and present an unambiguous indication of your wishes by a statement or by a clear
affirmative action, signifying agreement to the processing of your personal data.

2.5.6. Where HTTPOOL relies on your consent to process personal data, you have the right to withdraw or decline your
consent at any time and where we rely on legitimate interests, you have the right to object. The withdrawal of
consent shall not affect the lawfulness of processing based on consent before its withdrawal.

2.6. Use of data

2.6.1. We process your data for the following purposes:

2.6.1.1. Managing of workforce notably with respect to Human Resource Data, Candidate Management Data and Sensitive
Information;

2.6.1.2. Communications: enabling response and facilitating communication with you regarding Contact Data;

2.6.1.3. Complying with legal requirements, such as record-keeping and reporting obligations, conducting audits,
compliance with government inspections and other requests from government or other public authorities, responding to
legal process such as subpoenas, pursuing legal rights and remedies, defending litigation and managing any internal
complaints or claims, conducting investigations and complying with internal rules, policies and procedures.

2.6.1.4. Services: HTTPOOL processes Business Management and End User Data in order to provide services to
clients.

2.6.2. There may be more than one purpose that justifies our use of your personal data in any particular
circumstance.

2.6.3. We shall only use your personal data for the purposes for which we collected it. Should we reasonably require
to use your personal data for an unrelated purpose, we will notify you thereof and explain the legal obligation or
that such processing is compatible with the original purpose, which allows us to use it for another reason. If your
consent was granted for a specific purpose, which may contain one or more processing activities, we shall not
process your personal data for another purpose other than the purpose for which it was originally collected. Where
we intend to perform processing for another purpose on the basis of your initial consent, we shall process your
personal data only on the basis of a new consent.

2.6.4. Managing of workforce and complying

2.6.4.1. HTTPOOL manages your Business Management, Human Resource, Candidate Management Data and Sensitive
Information within its customer relations management software. The software is designed on a need-to-know basis.
Furthermore, our internal privacy and security rules are communicated to all of our employees and workers,
instructing them to process personal data in accordance with the respective legislation, internal rules and under
highest security processing standards when managing workforce or complying with statutory provisions.

2.6.5. Services:

2.6.5.1. HTTPOOL uses your data to operate lawfully, effectively and provide the best experience with our
services.

2.6.5.2. We use your data to enable access to the AdPlatform, to provide customer, technical, and operational
support, to manage your account(s), to send you technical notices, updates, security alerts and support and
administrative messages and to resolve disputes and enforcing of our rights, to detect and protect against errors,
fraud, or other criminal or illegal activities and to enforce our client agreements. This may also include
analysing, customizing, and improving the AdPlatform, to provide information and analytics to clients about the use
of the AdPlatform, to help our clients to create or enhance their services with respect to marketing or
analytics.

2.6.5.3. You may access to the AdPlatform by submitting the identification form (Join us form), wherein for certain
services it is necessary to create a user account, enabling the user to use certain applications. In these cases,
you are required to submit data including Business Management Data. This information is needed to provide services
to clients, including access to the application, display of customized content and advertising, communications,
transfer of profit deriving from digital advertising, ensuring the technical functioning of the network, research
and analysis in order to maintain and protect our services.

2.6.5.4. We also use your data to create interferences about end users geographically categorized in order to enable
the enterprises within HTTPOOL to help clients place advertisement in the respective geographical region. For
example, if the End User Data indicates that an end user is located in a certain geographical region or country, the
AdPlatform enables the client to place advertisements in such region or country. After this process is done, the
internet protocol number of the end user is anonymized in order to prevent enterprises within HTTPOOL from other
regions or countries, clients and third parties to access or retrieve the internet protocol number of the end user.
This process also includes anonymizing internet protocol numbers for statistical purposes.

2.6.5.5. We may also use your data when the AdPlatform interferes with social media sites, plug-ins or other
applications provided by advertisers, publishers or other partners. For example, if a worker or an employee of a
client intends to advertise on Facebook through the AdPlatform, it has to link its personal Facebook account with
the AdPlatform, considering that Facebook does not enable corporate Facebook accounts. After the connection is
established, we save his personal name, Facebook identification number and a list of all Facebook advertisement
accounts such individual has access to, which we consider Business Management Data since it the individual has
opened the AdPlatform account for the client (enterprise), in order for us to invoice the services provided by the
AdPlatform. If the individual then revokes his AdPlatform through its Facebook account, we still store his data
necessary until the agreement with our client is fulfilled.

2.6.6. Cookies

2.6.6.1. When an end user visits a website or views an advertisement linked to the AdPlatform we may deploy online
cookies to end users in order to better or more accurately target relevant advertisements to end users with respect
to its geolocation and frequency of the advertisements. Cookies are small text files that are placed on your
computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently,
as well as to provide information to the owners of the site. They are typically stored on your computer’s hard
drive.

2.6.6.2. Cookies include such strictly necessary for the normal website functions, which cannot be switched off
because the website wouldn’t work properly anymore nor do they store any personal data.

2.6.6.3. In order to deliver as relevant advertisements as feasible, HTTPOOL collects data across its Ad Network.
This enables it to identify likely consumer interest segments. All the data, however, is on completely aggregate
basis. We use cookies to improve the quality of our services by storing user preferences and tracking users’ trends,
thus providing the most relevant advertisements. Cookies are also used to help advertisers and publishers serve and
manage advertisements across the web. We use Google Analytics cookies that enable us to improve user experience on
our websites. They help us understand how our users use the website and decide on the functional and material
adjustments in order to show as much useful content as possible.

2.6.6.4. You are free to decline most of our cookies if your browser or browser add-on permits it but choosing to
remove or disable our cookies may interfere with your use and functionality of HTPPOOL’s services. You may amend our
cookies settings by clicking on the following link: cookie settings.

2.6.6.5. You may delete other cookies as follows:

2.6.6.5.1. Google Chrome – After clicking on the menu icon navigate to settings. On the bottom of the page, expand
the settings by clicking on ‘Advanced’. In the ‘Privacy and Security’ panel click on ‘Content settings’ and then
‘Cookies’. You can also type chrome://settings/content/cookies in the browsers address bar;

2.6.6.5.2. Mozilla Firefox – click on the ‘Menu’ hamburger icon and navigate to preferences. In the ‘Privacy &
Security’ tab head to the history section and click on the ‘remove individual cookies’ link

2.6.6.5.3. Safari – in the ‘Privacy’ menu navigation item, there is an option to ‘Block all cookies’ and to remove
them all. You can also click ‘Details’ to remove individual cookies

2.6.6.5.4. Edge – Click on the 3 dot icon and select ‘Settings’. Select the arrow keys next to the ‘Advanced
settings’ on the top side. You will see an option ‘clear browsing data’ with which you can clear cookies.

2.6.7. Communications:

2.6.7.1. We use your Contact Data primarily to respond to you when you have contacted us.

2.6.7.2. In addition, we may use your Contact Data and/or Business Management Data in order to send you promotional
communications or newsletters from us through e-mails where you have given consent. You may choose to sign-up for
marketing or other communications from HTTPOOL on our website.

2.6.7.3. You may opt out of receiving promotional communications and/or newsletters from us by following the
instructions in those communications (unsubscribe button at the bottom of each email). If you opt out of receiving
promotional communications and/or newsletters, we may still send you transactional or relationship messages, such as
those about your account or our ongoing business relations for as long as the business relationship exists.

2.6.7.4. In case of performing direct marketing upon the first communication at latest, we shall communicate to you
our identity and contact details and the details of our data protection officer, the purposes of the processing for
which the personal data are intended as well as the legal basis for the processing, categories of personal data, the
recipients or categories of recipients of the personal data and other information provided in Article 14 of the
General Data Protection Regulation. If we shall process personal data for direct marketing purposes, we shall do so
in accordance with Article 21 of the General Data Protection Regulation, wherein you may exercise your rights to
rectification, to object and to request from us to permanently or temporarily cease to use or otherwise process your
personal data for the purpose of direct marketing. We shall not disclose this personal data to other users.

2.7. Disclosure of data

2.7.1. For the provision of our services, we share personal data with the following unaffiliated third person:

2.7.1.1. Program integrations withAppNexus, Viber, Bidswitch and LG smart TVs for campaign settings, advertisement
group targeting settings available on the respective program integration and for advertisements;

2.7.1.2. Social integrations with Facebook and Twitter for campaign settings, advertisement group targeting settings
for advertisements, and with Snapchat and LinkedIn only for campaign statistics import at present;

2.7.1.3. Other service providers, such as advertisers, publishers and other partners, accounting and IT services
providers;

2.7.1.4. Public and Governmental Authorities: entities that regulate or have jurisdiction over HTTPOOL such as
regulatory authorities, public bodies, and judicial bodies, including to meet national security or law enforcement
requirements.

2.8. Transfer of personal data

2.8.1. For the purposes explained in this policy, HTTPOOL may transfer personal data to a third country or an
international organization in case of an adequate decision in accordance with Article 45(1) of the General Data
Protection Regulation, without a special permit. In the absence of an adequate decision, the Company shall provide
appropriate safeguards in accordance with Article 46 of the General Data Protection Regulation. In the absence of an
adequacy decision pursuant to Article 45(3) of the General Data Protection Regulation or of appropriate safeguards
pursuant to Article 46 of the General Data Protection Regulation, including binding corporate rules, a transfer or a
set of transfers of personal data to a third country or an international organisation shall take place only on one
of the conditions in Article 49(1) of the General data Protection Regulation.

2.9. Data retention

2.9.1. Generally, we retain personal data for as long as necessary to fulfil purposes described in this policy
subject to our own legal and regulatory obligations.

2.9.2. Our employees and workers processing personal data are instructed to verify the respective national statutory
provisions regarding data retention when processing data.

2.9.3. When personal data is no longer needed, we either irreversibly anonymise the data (and we may further retain
and use the anonymised information) or securely destroy the data.

2.10. Your rights

2.10.1. HTTPOOL enables you to exercise the following rights as determined under the General Data Protection Law and
respective national jurisdiction:

2.10.1.1. Right to access: you may obtain confirmation from HTTPOOL to whether or not your personal data are being
processed, and where that is the case, access to personal data and information;

2.10.1.2. Right to correct: you may request from HTTPOOL to rectify inaccurate personal data concerning and
incomplete personal data completed;

2.10.1.3. Right to erasure: you may obtain erasure of your personal data that we hold as a data controller;

2.10.1.4. Right to restriction of processing: you may obtain from HTTPOOL the restriction of processing;

2.10.1.5. Right of information: we shall communicate any rectification or erasure of personal data or restriction of
processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or
involves disproportionate effort. We shall inform you about those recipients if you request it.

2.10.1.6. Right to data portability: you may request from HTTPOOL to receive personal data concerning you, which you
have provided to us, in a structured, commonly used and machine-readable format and may also request us to transmit
those data to another controller without our hindrance;

2.10.1.7. Right to object: you may object, on grounds relating to your particular situation, at any time to
processing of personal data concerning based on our legitimate interests. In this case, we shall no longer process
the personal data unless we demonstrate compelling legitimate grounds for the processing which override your
interests, rights and freedoms, or for the establishment, exercise or defence of our legal claims;

2.10.1.8. Right to object to direct marketing: you may object at any time to processing of personal data concerning
you for marketing purposes. Should you object to processing for direct marketing purposes, we shall no longer
process your personal data for such purposes;

2.10.1.9. We guarantee your right not to be subject to a decision based solely on automated processing ;

2.10.1.10. Right to be informed of a breach: we shall notify you that there has been a breach of the protection of
your personal data where the infringement of the protection of personal data is likely to pose a high risk to your
rights and freedoms;

2.10.1.11. Right to file a complaint: You have the right to lodge a complaint with a supervisory authority. However,
we hope that you will first consult with us, so that we may work with you to resolve any complaint or concern you
might have.

2.10.2. You may exercise the abovementioned rights through: gdpr@httpool.com. You may also contact this e-mail to
obtain details of the supervisory authorities of the respective HTTPOOL enterprise or to be directed to the
respective privacy officer of the HTTPOOL group enterprise.

2.11. Security

2.11.1. We have implemented reasonable and effective technical and organisational measures and procedures designed to
implement data-protection principles, such as data minimisation, and integrated necessary safeguards into the
processing in order to meet the requirements of the General Data Protection Regulations.

2.11.2. We protect your information by using reasonable physical, technical and administrative security measures,
including limiting access to your information to employees and workers on a need-to-know basis. To make sure your
personal data is secured, we communicate our internal privacy and security rules to all of our employees and
workers, strictly enforce privacy safeguards within HTTPOOL and have also designed our internal software in order to
meet our high security processing standards.

2.11.3. We advise you to protect your AdPlatform account details including your username and password and not to
share this information with any other individual.

2.12. Contact

2.12.1. Should you have any questions or concerns regarding this policy, our use of cookies, or our policies
regarding the collection, use, processing, retention and/or disclosure of your personal data, you may contact us or
our privacy officer as indicated below:

HTTPOOL, Internet Marketing, d.o.o.
Tacenska cesta 26
1210 Ljubljana – Šentvid
Slovenia
Privacy officer: Matic Turk
E-Mail: gdpr@httpool.com
Telephone: +386 1 479 04 81
Fax: +386 1 256 73 37