GDPR Policy

This document was last updated on December 9, 2025

PromoToken (PRT) and our affiliated future branded companies are dedicated to protecting your privacy. We value the safeguarding of your personal information and are committed to preventing any unauthorized use of it.

This privacy policy (referred to as the Policy) is designed to align with the Regulation (EU) 2016/679 on the protection of individuals concerning the processing of personal data and its free movement, commonly referred to as GDPR.

Entities Responsible for Processing Your Personal Data

The Policy governs how PromoToken (PRT) processes personal data, including cases where non-European entities under GDPR jurisdiction may handle such data. In accordance with this Policy and GDPR, any entity mentioned here that processes your personal data in relation to the described use cases will be considered a data controller. In certain situations, we may act as a data processor, managing personal data on behalf of our clients. The distinction between these roles has been explicitly clarified within this Policy.

Purpose of This Policy

This Policy outlines our practices for collecting, using, and processing personal data, whether obtained through our website (referred to as the Site) or from other interactions with you. It details the purposes for which your personal information is used and describes your rights regarding this data. In addition, this Policy provides information on the types of personal data we process, how you can request updates to it, transfer it, delete it, or access it, and how you can object to its use for specific purposes.

Types of Personal Data We Collect and Process

Personal data refers to any information that identifies or could identify a living individual. Such identifiers may include a name, identification number, location details, or an online identifier like an IP address.

Categories of personal data we may process include:

  • Contact details such as your name, physical address, phone number, and email address
  • Your image
  • Online identifiers like cookie IDs
  • Any additional identifiable information you may provide to us

For more detailed insight into the types of personal data collected, please see the sections on How We Use Personal Data and Cookies.

Personal Data of Minors

We do not intentionally or knowingly collect personal information from children.

How We Collect Personal Data

We may obtain your personal data through several methods:

  1. Personal data you provide directly: You might provide information when contacting us with inquiries, filling out forms on our Site, signing up for marketing communications, providing feedback, or interacting with us in other ways.

  2. Personal data collected automatically: When visiting or using our Site, we gather technical data regarding your equipment and browsing patterns using cookies and similar tracking tools.

How We Use Personal Data

Our primary objectives in collecting and processing your personal data include:

  • Providing services to clients
  • Improving our Site, products, services, and developing new offerings
  • Addressing requests or inquiries you make
  • Resolving disputes or handling investigations
  • Complying with legal obligations or regulatory requirements
  • Enforcing agreements between us
  • Safeguarding the rights, property, or safety of our organization or third parties (including clients or users of the Site)
  • Supporting service delivery efforts
  • Using the data in ways otherwise required or permitted by law

Our legal basis for processing

Processing personal data in this context is aligned with our legitimate interests (and those of our clients) to ensure effective and efficient service delivery. When conducted on behalf of clients as a data processor, we are not required to establish a separate legal basis for such activities.

Social media

We may collect or process the personal data of individuals who interact with us through our social media channels, whether by visiting our pages or communicating with us via these platforms. Additionally, we may manage social media pages, accounts, or channels on behalf of our clients. Legal basis for processing: We process personal data for this purpose based on our legitimate interests, allowing us to promote our services and engage with the public effectively. When acting on behalf of clients as a data processor, we do not require a separate legal basis for this type of processing. With whom do we share personal data? Personal data collected for this purpose may be shared with our clients, group companies, affiliates, third-party vendors (such as IT service providers), professional advisers, or other third parties as outlined in the DATA SHARING section below.

Interactive areas and fan pages

We may offer interactive spaces such as message boards, fan pages, chat rooms, forums, or other closed communities where users can voluntarily participate. These interactive areas may be provided with partners, including platforms like Facebook and other social media services. While we advise users against sharing personally identifiable information in these spaces, there may be instances where we process such data due to participation in these interactive areas. Legal basis for processing: Any personal data processing in relation to these interactive areas is based on our legitimate interests. This helps us gain insights into industry-related topics, share relevant content, and provide services to our clients and users. For activities carried out as a data processor on behalf of our clients, no separate legal basis for processing is required. With whom do we share personal data? Personal data processed in these contexts may be shared with parties such as our clients, group companies, affiliates, partners (for example, Facebook), third-party vendors (including IT service providers), professional advisers, or other third parties as specified in the DATA SHARING section below.

Confidentiality and Security of Your Personal Data

We are dedicated to ensuring the security of the personal data you share with us and take reasonable steps to protect it from loss, misuse, or alteration. To prevent unauthorized access by external third parties, all electronic personal data in our possession is stored on systems equipped with modern secure network architectures, including firewalls and intrusion detection mechanisms. Server data is regularly backed up to separate storage media to mitigate risks of accidental erasure, destruction, or loss. These servers are housed in secure facilities with restricted access controls, advanced fire detection and response systems, and physical measures to prevent unauthorized entry. The exact locations of these servers are known only to a select group of employees.

We have established robust information security policies, rules, and technical safeguards to protect the personal data under our management from:

  • Unauthorized access
  • Improper use or disclosure
  • Unauthorized alteration
  • Illegal destruction or accidental loss

All personnel involved in handling or processing your personal data—including employees and data processors acting on our behalf—are required to uphold strict confidentiality and safeguard your information in accordance with our policies. Your Data Protection Rights Under certain circumstances, you are entitled to exercise the following rights concerning your personal data: – To confirm whether we are processing your data, gain access to it, and obtain copies along with details about how we process your information. – To request corrections if necessary. If the personal data we hold about you is inaccurate or incomplete, you may ask for it to be updated. However, it is also your responsibility to provide accurate information and notify us promptly about any changes—such as a new home address or updated name—so we can ensure your data remains current.

To request the deletion of your personal data

Where applicable, you must demonstrate that the processing of your data is no longer legal or justified. In such cases, your data will be deleted unless we are legally required to retain it or have other valid reasons to do so. If your data has been shared with external parties, we will notify them about its deletion whenever feasible. Upon request, and where it is both lawful and possible, we can also share details about the third parties with whom we have shared your data, allowing you to contact them directly.

If you wish to request restrictions on the processing of your personal data, for example, if you dispute its accuracy while we investigate your concern, we will comply where appropriate. Restricting processing does not prevent us from storing your data, and we will inform you before any such restriction is lifted. Similarly, if your data has been shared with external parties, we will notify them about the restriction if it is reasonable for us to do so. Upon your request, provided it is lawful and feasible, we can also inform you about the third parties with whom your personal data has been shared.

If the processing of your personal data is based on your consent, you may request to receive it in a commonly used electronic format or for it to be transferred to another provider, provided your request pertains to the data you provided directly to us and it is technically possible to accommodate. You also have the right to object to the processing of your personal data when we rely on legitimate interests (ours or a third party’s) or when the processing is for direct marketing purposes. We retain personal data only as long as necessary for the purposes outlined in this policy. Once personal data is no longer required, it is removed from our systems. For data processed in connection with our services, we typically retain it for up to six years from the service date to meet GDPR requirements (or equivalent global legislation). After this period, such files may be securely destroyed without prior notice. For other types of personal data, we generally retain it for up to three years after our last interaction with you unless a justified need requires us to keep it longer.

When personal data serves only a short-term purpose, such as during a specific event, marketing activity, or recruitment process, it will be deleted once that purpose is fulfilled. In cases where candidates are unsuccessful during recruitment, we may retain their information temporarily. If you have opted out of marketing communications, certain details will remain on our suppression list to ensure you are not contacted again for marketing purposes in the future.

Modifications to the Policy

We retain the right to update this Policy as necessary, particularly to address changes in laws, regulations, or directives issued by Data Protection Authorities (DPAs). Such changes will require approval from our designated privacy representatives, the corporate legal department, or their appointed delegates. These individuals will seek input, as deemed appropriate, from relevant corporate executives before implementing the amended Policy.

Any updates to this Policy will undergo a renewed approval process in line with applicable legal provisions. We will notify data subjects of any significant changes and ensure the updated Policy is accessible via relevant internal and external platforms.

With the adoption of this Policy, all pre-existing EU company privacy guidelines related to the collection and processing of personal data that conflict with the terms outlined herein will be overridden. Similarly, no other internal policy that contradicts this Policy will apply to the processing of personal data handled by us in the EU. We encourage you to periodically review this Policy to stay informed about how we manage your personal data.

Contact Details

If you have any questions or concerns regarding this Policy, wish to raise issues about our approach to collecting, managing, or processing personal data, or would like to exercise your rights, please reach out to the contact person identified below:

contact@promo-token.com
https://promo-token.com/contact