Privacy Policy

INFRAME AFFILIATES LTD. - PRIVACY POLICY

Last Updated: [Date of Last Update - 2025-06-02]

INFRAME AFFILIATES LTD. ("INFRAME," "we," "us," or "our") is committed to protecting and respecting Your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard Your information when You use our website, platform, and associated services (collectively, the "Services").

We are INFRAME AFFILIATES LTD., a company registered in England and Wales with company number 16332640 and registered office at 71-75, Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ. We are the data controller for the Personal Data we process, unless otherwise stated.

This Privacy Policy should be read in conjunction with our Terms and Conditions (available at [Link to Your Terms and Conditions]). By accessing or using our Services, You signify Your understanding of the terms set out in this Privacy Policy.

If You have any questions about this Privacy Policy or our data protection practices, please contact our Data Protection Officer (DPO) at [email protected].

1. DEFINITIONS

Terms capitalized in this Privacy Policy and not otherwise defined shall have the meanings ascribed to them in our Terms and Conditions.

  • "Personal Data" means any information relating to an identified or identifiable natural person ("Data Subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This includes information You provide to us and information which is collected about You when You use our Services.
  • "Processing" means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • "Data Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
  • "Data Processor" means a natural or legal person, public authority, agency or other body which Processes Personal Data on behalf of the Controller.
  • "UK GDPR" means the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (as amended).

2. INFORMATION WE COLLECT

We collect Personal Data in the following ways:

2.1. Information You Provide to Us: _ For Brands: When You register as a Brand, subscribe to our Services, or communicate with us, we may collect: _ Company details (name, registration number, address). _ Contact information of Your representatives (name, email address, phone number). _ Shopify Store details (store URL, API keys necessary for integration). _ Payment information (credit/debit card details, Google Pay information, billing address), processed by our third-party payment processors. _ Communications with us (e.g., support tickets, feedback). _ For Creators: When You register as a Creator or communicate with us, we may collect: _ Personal details (name, email address, contact information). _ YouTube channel details (channel name/URL, subscriber count, content categories, and other publicly available information or information accessible via YouTube API upon Your authorization). _ Payment information for commission payouts (bank account details, tax identification information as required). _ Communications with us. 2.2. Information We Collect Automatically When You Use Our Services: _ Log and Usage Data: We may collect information about Your access to and use of the Services, such as Your IP address, browser type, operating system, device information, pages viewed, links clicked, the referring URL, and dates and times of access. _ Cookies and Similar Tracking Technologies: We use cookies and similar tracking technologies to track activity on our Services and hold certain information. Specifically for Brands using our Shopify App, cookies or similar mechanisms (e.g., UTM parameter tracking facilitated by the app) are used on the Brand's Shopify Store to track sales and conversions originating from Affiliate Links. This is essential for Commission calculation. Our website may also use cookies for functionality, performance, and analytics. You can instruct Your browser to refuse all cookies or to indicate when a cookie is being sent. However, if You do not accept cookies, You may not be able to use some portions of our Services (especially the affiliate tracking for Brands). _ Information from Third Parties: We may receive information about You from third-party services, such as YouTube (when Creators link their accounts) or Shopify (for Brands, regarding their store and sales data necessary for commission tracking). 2.3. Information We Do Not Intentionally Collect: _ Data from Clickers of Affiliate Links: INFRAME does not directly collect Personal Data from individuals who click on Affiliate Links, other than the technical data (like IP addresses in server logs which are necessary for security and basic operation) and the referral data (UTM parameters) passed by the Brand's Shopify store which is necessary to attribute sales. The Brand is the controller of their customers' data. _ Sensitive Personal Data: We do not intentionally collect sensitive Personal Data (e.g., information about race, ethnic origin, political opinions, religious beliefs, health, or sexual orientation) unless You explicitly provide it (e.g., in a support request, though we advise against this).

3. HOW WE USE YOUR INFORMATION

We use Your Personal Data for the following purposes:

3.1. To Provide and Manage the Services: _ To create and manage Your Account. _ To enable You to access and use the Services, including matching Brands with Creators, generating Affiliate Links, tracking Commissions, and processing payments. _ To integrate with Your Shopify Store (for Brands) or YouTube account (for Creators). _ To provide customer support and respond to Your inquiries. 3.2. To Improve and Personalize the Services: _ To understand how Users use our Services and to improve and develop new features and offerings. _ To personalize Your experience on our Services. _ For analytics and market research purposes. 3.3. For Marketing and Communications (with Your consent where required): _ To send You updates, newsletters, marketing materials, and other information about our Services or promotions that may be of interest to You. You can opt-out of marketing communications at any time by following the unsubscribe link in the emails or contacting us. _ To inform You about changes to our Services or Terms. 3.4. For Legal, Security, and Compliance Purposes: _ To comply with our legal obligations (e.g., tax laws, fraud prevention). _ To enforce our Terms and Conditions and other policies. _ To protect the security and integrity of our Services, our Users, and the public. * To resolve disputes and troubleshoot problems.

4. LEGAL BASIS FOR PROCESSING PERSONAL DATA

We process Your Personal Data based on the following legal grounds under UK GDPR:

  • Performance of a Contract: Much of our processing of Personal Data is necessary to perform our contractual obligations to You as set out in our Terms and Conditions (e.g., providing the core Services, processing payments, calculating commissions).
  • Legitimate Interests: We process some Personal Data based on our legitimate interests, provided that such interests are not overridden by Your rights and interests. Our legitimate interests include:
    • Improving and developing our Services.
    • Marketing our Services (where consent is not required).
    • Ensuring the security and operability of our Services.
    • Enforcing our legal rights and defending against legal claims.
  • Consent: For certain types of processing (e.g., some marketing communications, use of certain non-essential cookies), we will obtain Your consent before processing Your Personal Data. You can withdraw Your consent at any time.
  • Legal Obligation: We may process Your Personal Data if necessary to comply with a legal obligation (e.g., tax reporting, responding to lawful requests from authorities).

5. DISCLOSURE OF YOUR INFORMATION

We may share Your Personal Data with the following categories of third parties:

5.1. Service Providers: We engage third-party companies and individuals to perform services on our behalf, such as payment processing (e.g., Stripe, PayPal if used), cloud hosting (e.g., AWS, Google Cloud), data analytics, email delivery, customer support tools, and exchange rate APIs. These service providers only have access to Your Personal Data to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. 5.2. Brands and Creators: We share information between Brands and Creators as necessary to facilitate the affiliate partnerships. For example: _ Brands may see profile information of Creators who apply to or are matched with their programs. _ Creators may see information about Brands whose programs they join. * Performance data related to Affiliate Links is shared to enable Commission tracking and payment. 5.3. Shopify (for Brands): We share and receive data with Shopify to enable the core functionality of tracking sales and commissions from Your Shopify Store. 5.4. YouTube (for Creators): If You link Your YouTube account, we share and receive data with YouTube (via their API) as necessary to verify Your channel and access relevant channel information as authorized by You. 5.5. Legal Requirements: We may disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency), to protect our rights or property, prevent fraud, or protect the safety of our users or the public. 5.6. Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company, Your Personal Data may be transferred as part of that transaction. We will notify You via email and/or a prominent notice on our Services of any change in ownership or uses of Your Personal Data. 5.7. Aggregated or Anonymized Data: We may share aggregated or anonymized information that does not directly identify You with third parties for research, marketing, analytics, or other purposes.

We do not sell Your Personal Data to third parties.

6. INTERNATIONAL DATA TRANSFERS

Your Personal Data is primarily processed and stored within the United Kingdom (UK) and the European Economic Area (EEA). We do not intend to transfer Your Personal Data outside the UK/EEA.

If, in the future, we need to transfer Your Personal Data outside the UK/EEA to a country not deemed to provide an adequate level of data protection, we will ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO) or other relevant authorities, or rely on other lawful transfer mechanisms.

7. DATA RETENTION

We will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy, including:

  • To provide the Services to You and maintain Your Account.
  • To comply with our legal obligations (e.g., for tax and accounting purposes, typically 6-7 years).
  • To resolve disputes and enforce our agreements.
  • For our legitimate business interests (e.g., for analytics and service improvement, data is often anonymized or aggregated for longer-term use).

When Your Personal Data is no longer required, we will securely delete or anonymize it.

8. YOUR DATA PROTECTION RIGHTS

Under UK GDPR and other applicable data protection laws, You have certain rights regarding Your Personal Data. These may include:

  • Right of Access: You have the right to request copies of Your Personal Data that we hold.
  • Right to Rectification: You have the right to request that we correct any information You believe is inaccurate or complete information You believe is incomplete.
  • Right to Erasure (Right to be Forgotten): You have the right to request that we erase Your Personal Data, under certain conditions.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of Your Personal Data, under certain conditions.
  • Right to Object to Processing: You have the right to object to our processing of Your Personal Data, under certain conditions, particularly where we are relying on legitimate interests as our legal basis.
  • Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to You, under certain conditions.
  • Right to Withdraw Consent: If we are processing Your Personal Data based on Your consent, You have the right to withdraw Your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of Your habitual residence, place of work, or place of the alleged infringement if You consider that the processing of Personal Data relating to You infringes the UK GDPR. The supervisory authority in the UK is the Information Commissioner's Office (ICO). You can contact them at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Website: https://www.ico.org.uk.

To exercise any of these rights, please contact our DPO at [email protected]. We will respond to Your request within one month, as required by law. We may need to request specific information from You to help us confirm Your identity and ensure Your right to access Your Personal Data (or to exercise any of Your other rights).

9. DATA SECURITY

We have implemented appropriate technical and organizational security measures designed to protect the security of any Personal Data we process. These measures include, but are not limited to, encryption, access controls, secure software development practices, and regular security assessments.

However, please also remember that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect Your Personal Data, transmission of Personal Data to and from our Services is at Your own risk. You should only access the Services within a secure environment.

10. COOKIES AND TRACKING TECHNOLOGIES

As mentioned in Section 2.2, we use cookies and similar tracking technologies.

  • What are cookies? Cookies are small text files placed on Your device to store data that can be recalled by a web server in the domain that placed the cookie. We use cookies and similar technologies for storing and honoring Your preferences and settings, enabling You to sign in, combating fraud, analyzing how our products perform, and fulfilling other legitimate purposes.
  • Our Use of Cookies: Specifically, for Brands, cookies or similar mechanisms are essential for tracking conversions from Affiliate Links via the Shopify App installed on Your store. Our website may use cookies for functionality (e.g., remembering Your login), performance analytics (e.g., Google Analytics to understand site traffic), and potentially for marketing purposes (e.g., to show relevant ads, with Your consent where required).
  • Your Choices Regarding Cookies: Most web browsers are set to accept cookies by default. If You prefer, You can usually choose to set Your browser to remove cookies and to reject cookies. If You choose to remove cookies or reject cookies, this could affect certain features or services of our website and could impact the functionality of affiliate tracking for Brands.
  • For more detailed information on the cookies we use, their purpose, and how You can manage them, please refer to our [Link to Cookie Policy - if you create a separate one, otherwise this section can be expanded].

11. CHILDREN'S PRIVACY

Our Services are not directed to individuals under the age of 18 (or the age of majority in their jurisdiction). We do not knowingly collect Personal Data from children under 18. If You are a parent or guardian and You are aware that Your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

12. LINKS TO OTHER WEBSITES

Our Services may contain links to other websites that are not operated by us. If You click on a third-party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. We will also provide notice to You via email or through a prominent notice on our Services prior to the change becoming effective.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

14. CONTACT US

If You have any questions, comments, or concerns about this Privacy Policy or our privacy practices, or if You wish to exercise Your data protection rights, please contact our Data Protection Officer:

Data Protection Officer INFRAME AFFILIATES LTD. 71-75, Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ Email: [email protected]

[END OF PRIVACY POLICY]