Login

Privacy Policy

Below you can find the privacy policies of the Awin Group.

Privacy Policy

Below you can find the privacy policies of the Awin Group.

We are committed to protecting and respecting your privacy. The Privacy Policy explains the basis on which personal data we collect from you will be processed by us. Where we decide the purpose or means for which personal data we collect is processed, we are the “data controller.”

Please read this Privacy Policy carefully as it contains important information about the following:

  • What personal data we may collect about you;
  • How we will use personal data we collect about you;
  • Whether we will disclose your details to anyone else; and
  • Your choices and rights regarding the personal data we process.

In this Privacy Policy, the following terms are defined as follows:

  • Awin Network” means the affiliate marketing network operated by Awin.
  • An “Advertiser”, sometimes also referred to as a “merchant” or a “brand”, is a person or entity that has a Product to sell or is such person or entity’s authorized representative.
  • A “Publisher”, sometimes also referred to as an “affiliate”, is a person or entity that promotes an Advertiser’s Product on such person or entity’s website (the “Publisher Website”) through the Awin Network.
  • A “Product” means the product or service promoted in an advertisement.
  • An “Advertiser Website” means the Advertiser’s website that is linked from the advertisement.
  • An “end user” is a person who visits the Publisher Website.
  • A “Transaction” means a designated action made by an end user, such as a purchase, an order, etc.

Awin operates the Awin Network, which comprises Advertisers and Publishers. The Awin Network enables Advertisers and Publishers to deal with each other, whereby Publishers promote Advertisers and their Products by displaying advertisements on the Publisher Website. End users which click on an advertisement are referred from the Publisher Website to the Advertiser Website, where they may make a Transaction. Read our article on what is affiliate marketing to learn more.

We want to get you to the information that is relevant to you as easily as possible. For this purpose, please scroll to the relevant table below or click the relevant category here:

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this Privacy Policy and the data handling of the Awin Group. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact the DPO using the details set out below:

AWIN AG Data Protection Officer
Otto-Ostrowski-Straße 1A
10785 Berlin
Germany

[email protected]

Advertisers and Publishers

Providing our services

We provide our Publishers and Advertisers with an account in our Awin Network interface to access our services. You will need to register or apply for an account in order to obtain access to our technologies, therefore we may collect and process such data before you become an Advertiser or Publisher in order to process such application. We will collect all data which has been provided by you to us (both via the interface or otherwise), which will likely include your name, (company) address, telephone number and email address.

We may collect information on the device you are using to enter our interface pages such as your IP address, operating system, and browser of your device.

We will use such information for providing and/or making our services available under the terms of use of our services (including facilitating relationships between our partners, whether Advertisers and Publishers and/or third-party technology partners engaged by those parties) or in the pursuit of our legitimate interest of the proper administration of our business.

Marketing to you or your company

If you are an Advertiser or Publisher on the Network or a potential client of ours, we use various forms of marketing to provide you with promotional materials about our services or those of Advertisers and Publishers operating on our network. We may process contact information that you provide to us (either via our website, through business cards, at events/conferences, through third parties, or through use of our services) for the purposes of marketing in accordance with our legitimate interests to promote our business. You can always request to be removed from the mailing lists by unsubscribing at the bottom of any marketing email.

We use Salesforce Marketing Cloud Account Engagement (“Pardot”), provided by Salesforce Inc and its affiliate entities, Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 9410, USA, for sending marketing emails and newsletters.

Pardot’s privacy policy can be found here.

We further use "MailChimp", a newsletter platform, to send newsletters. The e-mail addresses of our newsletter recipients, as well as further data described in the context of this information, are being stored on the servers of MailChimp in the USA. MailChimp uses this information to send out and evaluate the newsletters on our behalf. In addition, MailChimp can use this data to optimize or improve its own services, e.g. for the technical optimization of the dispatch and the presentation of the newsletter. However, MailChimp does not use the data of our email recipients to contact them independently or transfer data to other third parties.

Mailchimp's privacy policy can be found here.

Some advertisers may also use GetResponse to contact publishers regarding offers and promotions. The GetResponse privacy policy can be found here.

Improving and optimizing usability for you and others

Our network interface uses cookies and other mechanisms to collect analytical information to help analyze how the interface is used. We process this information to improve our understanding and to compile statistical reports regarding that activity. This information is not used by us to develop a personal profile of you. 

Google will receive hashed email addresses as part of their tracking which we have implemented on awin.com. We use Google Analytics on our website for reporting of website usage. Pseudonymized data, such as your hashed email addresses, may be forwarded to Google Analytics. Please note that Awin is not responsible for the processing of your personal data by Google. If you wish to read more about how Google may process your personal data, please visit their Privacy Policy. If you wish to opt-out of Google Analytics monitoring your behavior on our website please use this link: https://tools.google.com/dlpage/gaoptout/.

Please find some general information on cookies here. Cookies on our interface are listed here.

We process personal data for the legitimate interests of:

  • Carrying out our obligations arising from any contracts entered into between us and you, or us and your employer or organization;
  • Processing which is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;
  • Providing you with information, products and services that you request from us;
  • Administering your account with us, including to identify you and authenticate your identity and your account;
  • Verifying and carrying out financial transactions in relation to payments you make to us, and/or payments we make to you (depending on whether you are an Advertiser or a Publisher), in connection with the Awin Network;
  • Notifying you about changes to our service and products;
  • Providing you with technical assistance and other related information about our services and products;
  • Replying to your queries and troubleshooting problems;
  • Analysing transactions and communications for security purposes, for fraud and crime prevention and to protect our staff, property, site visitors and third parties;
  • For compliance and audit purposes, such as meeting our reporting obligations in our various jurisdictions, and for crime prevention and prosecution;
  • To ensure that the use of our services is lawful and non-fraudulent, does not disrupt the operation of our services, does not harass our staff or other individuals, and to enforce our legal rights and comply with our legal obligations.

Where we reasonably believe that you are or may be in breach of any of the applicable laws, we may use your personal data to inform relevant third parties such as your email/internet provider or law enforcement agencies.

Partners on the Awin network: Your personal data may be shared to the extent necessary for us to facilitate partnerships on our network (i.e., between advertisers and publishers and/or third-party technology partners engaged by those parties).

Group members, personnel, service providers: We keep your personal data confidential, but disclose it to our group members, our personnel, suppliers, or subcontractors insofar as it is reasonably necessary for the purposes set out in this Privacy Policy. However, this is on the basis that they do not make independent use of the personal data and have agreed to safeguard it. Activities which are carried out by third party service providers include: CRM management software, email marketing services website hosting, website analytics, payment services, artificial intelligence, and IT support.

Merger or acquisition: If we are involved in a merger, acquisition or similar transaction with a third party, your information may be transferred to such third party. Where required, you will be notified of the change via email, our user interface and/or a prominent notice on our website, as well as any choices you may have regarding this.

Required by law: In addition, we disclose your personal data to the extent that we are required to do so by law (e.g., to government bodies and law enforcement agencies); in connection with any legal proceedings or prospective legal proceedings; and in order to establish, exercise or defend our legal rights (including providing personal data to others for the purposes of fraud prevention).

Enforcement: We disclose your personal data to third parties in order to enforce or apply the terms of agreements, to investigate potential breaches or to protect the rights, property or safety of Awin, our customers or others.

We will take appropriate technical and organizational precautions to prevent the loss, misuse or alteration of your personal data.

Please be aware that, although we endeavor to provide security for information we process and maintain, no security system can prevent all potential security breaches.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

We will honour your rights under applicable data protection laws. These rights are not absolute and they do not always apply in all cases. You may:

  • request access to your personal data and information related to our use and processing of your personal data;
  • request the correction or deletion of your personal data;
  • request that we restrict our use of your personal data;
  • request a machine-readable copy of your personal data or that your personal data be transferred to other IT systems;
  • object to the processing of your personal data; and/or
  • withdraw your consent to our use of your personal data at any time where we rely on your consent to use or process that personal data.

Please send your requests to [email protected].

If you are unhappy with the way we are processing your personal data, please let us know by contacting us. If you do not agree with the way we have processed your data or responded to your concerns, you can submit a complaint to a Data Protection Supervisory Authority.

We are established in the following countries and in the course of business we may transfer personal data to other entities in our group in those countries. We also transmit your data to our subcontracted service providers, both in and out of the EU.

Where we transfer your personal data to entities in our group or service providers in countries which have not been deemed to have an adequate level of protection under an adequacy decision of the EU Commission, we have put in place specific contracts containing the latest version of the EU Commission’s standard contractual clauses (the “SCCs”) to ensure that your personal data is treated by all parties in a way that is consistent with and which respects laws on data protection, in particular the GDPR.

If you require further information about these protective measures, please contact [email protected].

This Privacy Policy may be updated from time to time. We will notify you of any changes by posting the new policy here and, where feasible, by letting you know by email.

Awin Website Visitors

To address your inquiries

If you contact us about our services, the forms you complete or the emails you send may include information about you, such as your name, your email address and your enquiry.

In line with the legitimate interest we have in promoting and operating our business, we will process your enquiries to reply and provide you with information about the services we offer.

To send you news and updates

If you ask to be added to our mailing list, we will keep you updated with information on news by email unless you would like to be removed from that list (in which case please let us know by clicking unsubscribe at the bottom of any marketing email that you receive).

We use Salesforce Marketing Cloud Account Engagement (“Pardot”), provided by Salesforce Inc and its affiliate entities, Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 9410, USA, for sending marketing emails and newsletters.

Pardot’s privacy policy can be found here.

For the sending of newsletters, we further use "MailChimp", a newsletter platform. The e-mail addresses of our newsletter recipients, as well as further data described in the context of this information, are being stored on the servers of MailChimp in the USA. MailChimp uses this information to send out and evaluate the newsletters on our behalf. In addition, MailChimp can use this data to optimize or improve its own services, e.g. for the technical optimization of the dispatch and the presentation of the newsletter. However, MailChimp does not use the data of our email recipients to contact them independently or transfer data to third parties.

Mailchimp's privacy policy can be found here.

Social plugins

Awin participates in and markets via social networks and has implemented certain social plugins on our websites. All social media plugins are used in the pursuit of our legitimate interest of marketing our business and communicating with our business partners and the public.

Visitors wishing to avoid connecting to plugins used on our websites can install privacy-enhancing browser plugins, such as Ghostery (https://www.ghostery.com/), NoScript (https://noscript.net/) or DoNotTrackMe (https://www.abine.com/index.html).

When you enter a page on our website that contains a social network plugin, your browser or app will establish a direct connection to the social network’s servers. The information that your browser has visited the Awin page will be transmitted to the social network, even if you do not have an account with that social network or are not logged into your account. If you are logged in to your account at the same time, a page impression may be assigned to your profile there.

Our website connects to the following social networks:

Website Analytics

We use Google Analytics on our website for anonymous reporting of website usage.  If you would like to opt-out of Google Analytics monitoring your behavior on our website please use this link: https://tools.google.com/dlpage/gaoptout/.

Website chat functionality
 
We have a live chat functionality in order to provide you with further information on Awin’s services following-up your enquiry and upon your consent. The personal data collected in the course of this chat function are the following: name, email address, website URL. We use Salesforce for this chat functionality. You may find Salesforce’s Privacy Policy here. The consent you provide for this service can be withdrawn at any time via [email protected].

We process personal data for:

  • providing you with information, products, services or assistance that you request from us;
  • analysing usage and improving and optimizing our website;
  • the legitimate interests of ensuring that use of our services is lawful and non-fraudulent, does not disrupt the operation of our services, does not harass our staff or other individuals, and to enforce our legal rights and comply with our legal obligations.

Where we reasonably believe that you are or may be in breach of any of the applicable laws, we may use your personal data to inform relevant third parties such as your email/internet provider or law enforcement agencies.

Group members, personnel, service providers: We keep your personal data confidential, but disclose it to our group members, our personnel, suppliers, or subcontractors insofar as it is reasonably necessary for the purposes set out in this Privacy Policy. However, this is on the basis that they do not make independent use of the personal data and have agreed to safeguard it. Activities which are carried out by third party service providers include: CRM management software, website hosting, website analytics and IT support.

Merger or acquisition: If we are involved in a merger, acquisition, or similar transaction with a third party, your information may be transferred to such third party. Where required, you will be notified of the change via email, our user interface and/or a prominent notice on our website, as well as any choices you may have regarding this.

Required by law: In addition, we disclose your personal data to the extent that we are required to do so by law (e.g. to government bodies and law enforcement agencies); in connection with any legal proceedings or prospective legal proceedings; and in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention).

Enforcement: We disclose your personal data to third parties in order to enforce or apply the terms of agreements, to investigate potential breaches or to protect the rights, property or safety of Awin, our customers or others.

We will take appropriate technical and organizational precautions to prevent the loss, misuse or alteration of your personal data.

Please be aware that, although we endeavor to provide security for information we process and maintain, no security system can prevent all potential security breaches.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

We will honor your rights under applicable data protection laws. These rights are not absolute, and they do not always apply in all cases. You may:

  • request access to your personal data and information related to our use and processing of your personal data;
  • request the correction or deletion of your personal data;
  • request that we restrict our use of your personal data;
  • request a machine-readable copy of your personal data or that your personal data be transferred to other IT systems;
  • object to the processing of your personal data; and/or
  • withdraw your consent to our use of your personal data at any time where we rely on your consent to use or process that personal data.

Please send your requests to [email protected].

If you are unhappy with the way we are processing your personal data, please let us know by contacting us. If you do not agree with the way we have processed your data or responded to your concerns, you can submit a complaint to a Data Protection Supervisory Authority.

We are established in the following countries and in the course of business we may transfer personal data to other entities in our group in those countries. We also transmit your data to our subcontracted service providers, both in and out of the EU.

Where we transfer your personal data to entities in our group or service providers in countries which have not been deemed to have an adequate level of protection under an adequacy decision of the EU Commission, we have put in place specific contracts containing the EU Commission’s standard contractual clauses (the “SCCs”) to ensure that your personal data is treated by all parties in a way that is consistent with and which respects laws on data protection, in particular the GDPR.

If you require further information about these protective measures, please contact [email protected].

This Privacy Policy may be updated from time to time. We will notify you of any changes by posting the new policy here.

Job Applicants

As part of any recruitment process, we collect and process personal data relating to job applicants. Such personal data may include:

  • Your name, address and contact details, including email address and telephone number;
  • your CV or resume with details of your qualifications, skills, experience and employment history;
  • information about your salary expectations and notice period;
  • information about your eligibility and right to work in a certain location;
  • any additional personal data that you may share during the recruitment process.

We may collect this personal data directly from you via the application form and the CV or resume you are required to attach when submitting your application or through interviews and other forms of assessment. In the context of headhunting activities via LinkedIn, Women in Tech or other recruiting platforms, the personal data is directly provided from you to the Awin Group’s personel.

Processing data from job applicants allows us to manage the recruitment process, assess and confirm an applicant’s suitability for employment and decide to whom to offer a job. We also have a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Where applicable, we need to process this personal data to take necessary steps prior to entering into an employment contract with you.

We process your personal data for the purpose of performing pre-contractual measures taken upon your request to evaluate your application, confirm your suitability for employment, and communicate with you in the context of the recruitment process.

Where we reasonably believe that you are or may be in breach of any of the applicable laws, we may use your personal data to inform relevant third parties such as your email/internet provider or law enforcement agencies.

Group members, personnel, processors, or service providers: We keep your personal data confidential, but disclose it to our group members, our personnel, processors, or service providers insofar as it is reasonably necessary for the purposes set out in this Privacy Policy. However, this is on the basis that they do not make independent use of the personal data and have agreed to safeguard it.

Processors/service providers: the application form to apply for vacancies within the Awin Group is powered by an iFrames from Greenhouse. You can find further information on how Greenhouse processes your personal data on behalf of Awin on its privacy policy: https://www.greenhouse.com/privacy-policy.

Merger or acquisition: If we are involved in a merger, acquisition, or similar transaction with a third party, your information may be transferred to such third party. Where required by law, you will be notified of the change via email, our user interface and/or a prominent notice on our website, as well as any choices you may have regarding this.

Required by law: In addition, we disclose your personal data to the extent that we are required to do so by law (e.g., to government bodies and law enforcement agencies); in connection with any legal proceedings or prospective legal proceedings; and in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention).

Enforcement: We disclose your personal data to third parties in order to enforce or apply the terms of agreements, to investigate potential breaches or to protect the rights, property or safety of Awin, our customers or others.

We will take appropriate technical and organizational precautions to prevent the loss, misuse or alteration of your personal data.

Please be aware that, although we endeavor to provide security for information we process and maintain, no security system can prevent all potential security breaches.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Your personal data collected as part of your recruitment process will be retained for 6 months following the notification on an unsuccessful application, for the purpose of complying with applicable legal obligations. If you have provided your consent to further processing, your personal data will be retained for additional 12 months to consider your application and get in contact with you for future job vacancies.

In case of a successful application, your personal data will be retained as part of your personnel records and subsequent employee data retention periods will apply.

We will honor your rights under applicable data protection laws. These rights are not absolute, and they do not always apply in all cases. You may:

  • request access to your personal data and information related to our use and processing of your personal data;
  • request the correction or deletion of your personal data;
  • request that we restrict our use of your personal data;
  • request to receive a machine-readable copy of your personal data and transfer it to other IT systems;
  • withdraw your consent to our use of your personal data at any time where we rely on your consent to use or process that personal data.

 Please send your requests to [email protected].  

If you are unhappy with the way we are processing your personal data, please let us know by contacting us. If you do not agree with the way we have processed your data or responded to your concerns, you can submit a complaint to a Data Protection Supervisory Authority.

We are established in the following countries and in the course of business we may transfer personal data to other entities in our group in those countries. We also transmit your personal data to our subcontracted service providers which are located both within and outside the European Economic Area (EEA).

Where we transfer your personal data to entities in our group or service providers in countries which have not been deemed to have an adequate level of protection under an adequacy decision of the EU Commission, we have put in place specific contracts containing the EU Commission’s standard contractual clauses (the “SCCs”) to ensure that your personal data is processed by all parties in a way that is consistent with and which respects applicable data protection laws, in particular the GDPR.

If you require further information about these safeguard measures, please contact [email protected].

This Privacy Policy may be updated from time to time. We will notify you of any changes by posting the new policy here and, where feasible, by letting you know by email.

If you are a candidate, employee or independent contractor who resides in a jurisdiction in which we are required to provide a separate applicant, employee or independent contractor privacy notice, our collection and use of your personal data is also governed by such separately provided privacy notice. In such case, such separately provided privacy notice shall prevail in the event of any conflict between the terms of such notice and the terms of this Privacy Policy.

Consumers

Awin primarily uses end user data for the purpose of tracking an end user from a Publisher Website to an Advertiser Website. Tracking enables Awin to see that an end user has visited a Website, found a Product, and clicked the link to be taken to the Advertiser Website to review or purchase the Product.

The purpose of tracking is to attribute sales and marketing efforts by a Publisher to a particular Transaction, to enable Advertisers to reward Publishers on a per transaction basis. Tracking also allows Awin to provide Publishers and Advertisers with related reports. The majority of these reports contain only aggregated statistical data.

Awin doesn’t know who the end user is, simply that the same end user started their journey with the Publisher and completed it with the Advertiser and that the affiliate marketing campaign was therefore successful in respect of that end user.

By maintaining a limited user profile which does not reveal an end user’s name or identity, Awin can also understand an end user journey when it starts on one device and ends on a different device. Through this functionality, Awin can understand whether a referral is commenced on one device and completed on another device. The profile is only used to attribute sales and marketing effort to a Publisher, even if the end user has changed devices before completing a transaction.

Awin permits Publishers to enquire as to whether an action by a user ought to have generated a commission for that Publisher. This necessitates the sharing of information between Publishers and Advertisers. Advertisers use the information provided by Publishers to verify against their own records. Awin enables this data sharing and the payment of any commission due to the Publisher as a result.

The main technologies used for Awin’s tracking are Tracking Domain Cookies, Journey Tags and Device Fingerprinting.

Awin Tracking Domain Cookies: These are cookies served by Awin’s own domain when an end user clicks on an advertisement displayed by a Publisher. We use this information to understand which end users are referred by which Publishers to which Advertiser. Please find some general information on cookies here. Our tracking cookies are listed here.

Advertiser Journey Tag: This is JavaScript code integrated into the Advertiser’s service to enable Awin to receive transactional information from Advertisers. Awin uses this information to record, validate and report the completion of transactions, for the purposes of apportioning commissions to Publishers.

Fingerprinting: This is a method by which Awin can uniquely identify a device by considering certain attributes of the browser or the device (incl. screen size/resolution and user configurations).

We take care to collect only the data that we need. The majority of the data Awin uses is machine generated. It lets us single out a device, but it does not reveal who the person that owns the device is. We do not use this data to make predictions or evaluations of users’ interests or personalities.

Awin is one part of the affiliate marketing ecosystem and does not always have absolute control over the personal data that it receives from users, Publishers, or Advertisers.

Awin participates in the IAB Europe Transparency & Consent Framework and complies with its Specifications and Policies. Awin’s identification number within the framework is: 907.

Awin stores an individual sequence of figures in respect of a transaction that does not reveal the name of a particular end user. It contains information on the Advertiser’s campaign, the Publisher, the end user’s action (i.e., a click or a view and in which country it occurred), and the device that is used.

Awin also receives limited transactional information, via the Journey Tag, to confirm that a transaction has occurred and carry out accurate commission allocating, billing, and reporting. Such information includes the order value, whether a voucher has been used, product type, and sales channel.

Awin's data processing activities relating to end user data do not require the direct identification of an individual and therefore Awin mostly holds what is known as “pseudonymous” data in this respect. Pseudonymisation is privacy-enhancing. It is the separation of data from direct identifiers so that data can no longer be attributed to a specific individual without the use of additional data. Pseudonymisation, therefore, reduces the risks associated with data processing, while also maintaining the data’s utility.

We have carried out a balancing test and have identified legitimate interest as a basis for processing user data for the purposes set out in this section of the Privacy Policy.

When assessing Awin’s reliance on legitimate interest, the interests of the full affiliate ecosystem were considered. A balancing test was carried out and it was confirmed that tracking carries a low risk of undue negative impact on the end user’s interests or fundamental rights and freedoms. Legitimate interests are not limited to the interests of Awin but can be legitimate interests of a third party or to society as a whole. In the context of our service, we consider that:

  • Advertisers have an interest in carrying on an online advertising campaign, paid for on a performance basis, whereby third-party referrers of customers or potential customers of the Advertiser are compensated for referrals which generate revenue for the Advertiser, or which undertake another act desired by the Advertiser.
  • Publishers have an interest in monetising their content, services, or other aspects of the Publisher website by generating advertising revenue which is paid on a performance basis.
  • Advertisers and Publishers have an interest in obtaining reports relevant to their respective business revenue generation.
  • Awin has an interest in operating an affiliate marketing network, and to provide technology, services, and reporting, in return for payment from Advertisers.
  • Awin, Advertisers, Publishers and society at large have an interest in preventing fraud, misuse of services, or money laundering.

Awin's affiliate marketing network connects Advertisers and Publishers, as well as third-party technology partners in some instances, so that they can work together to run affiliate marketing campaigns.

In running the campaign each party plays their part in pursuing the common purposes and each party can make certain decisions about the way data is used.

Awin contractually requires that participation in its network is compliant with data protection law and that participants each fulfil their obligations to respond to requests to exercise data subject rights. You can approach each party, if you intend to exercise your rights in respect of the data which that party controls.

Awin works with these Advertisers. For guidance on how to make a request to a Publisher or an Advertiser, please check their respective privacy notices. For more information of how to make a request to Awin, see What rights do you have in respect of user data” below.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

As a general rule, Awin retains tracking data for 36 months after collection.

We will honor your rights under applicable data protection laws. These rights are not absolute and they do not always apply in all cases. If you wish to make a request in respect of your user data, as described in this section of the Privacy Policy, please contact [email protected].

You may:

  • request access to your personal data and information related to our use and processing of your personal data;
  • request the correction or deletion of your personal data;
  • request that we restrict our use of your personal data;
  • request a machine-readable copy of your personal data or that your personal data be transferred to other IT systems;
  • object to the processing of your personal data; and
  • withdraw your consent to our use of your personal data at any time where we rely on your consent to use or process that personal data.

Please note that, as described under “What data do we collect from users?”, Awin mostly holds what is known as “pseudonymous” data in respect of users. Pseudonymisation means that we may not be in a position to identify the individual behind the data we hold and that we therefore cannot provide them with access, rectification, erasure or data portability without the provision of additional data (for example your IP address, or device ID)

We process personal data for:

  • Carrying out our obligations arising from any contracts entered into between us and the Advertisers and Publishers with whom we work;
  • Tracking and verifying Transactions in order to record, validate and report the completion of such Transactions, for the purposes of apportioning commissions to Publishers, and in order to fulfil reporting obligations to the Advertisers and Publishers with whom we work;
  • Analysing Transactions for security purposes, for fraud and crime prevention and to protect our staff, property, site visitors and third parties;
  • For compliance and audit purposes, such as meeting our reporting obligations in our various jurisdictions, and for crime prevention and prosecution;
  • The legitimate interests of ensuring that use of our services is lawful and non-fraudulent, does not disrupt the operation of our services, does not harass our staff or other individuals, and to enforce our legal rights and comply with our legal obligations.

Where we reasonably believe that you are or may be in breach of any of the applicable laws, we may use your personal data to inform relevant third parties such as your email/internet provider or law enforcement agencies.

Your personal data may be shared to the extent necessary for us to provide our services (i.e., with Advertisers and Publishers with whom we work, and/or third-party technology partners engaged by those parties).

Group members, personnel, service providers: We keep your personal data confidential, but disclose it to our group members, our personnel, suppliers, or subcontractors insofar as it is reasonably necessary for the purposes set out in this Privacy Policy. However, this is on the basis that they do not make independent use of the personal data and have agreed to safeguard it.

Merger or acquisition: If we are involved in a merger, acquisition, or similar transaction with a third party, your information may be transferred to such third party. Where required by law, you will be notified of the change via email, our user interface and/or a prominent notice on our website, as well as any choices you may have regarding this.

Required by law: In addition, we disclose your personal data to the extent that we are required to do so by law (e.g., to government bodies and law enforcement agencies); in connection with any legal proceedings or prospective legal proceedings; and in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention).

Enforcement: We disclose your personal data to third parties in order to enforce or apply the terms of agreements, to investigate potential breaches or to protect the rights, property or safety of Awin, our customers or others.

We will take appropriate technical and organizational precautions to prevent the loss, misuse or alteration of your personal data.

Please be aware that, although we endeavor to provide security for information we process and maintain, no security system can prevent all potential security breaches.

We are established in the following countries and in the course of business we may transfer personal data to other entities in our group in those countries. We also transmit your data to our subcontracted service providers, both in and out of the EU.

Where we transfer your personal data to entities in our group or service providers in countries which have not been deemed to have an adequate level of protection under an adequacy decision of the EU Commission, we have put in place specific contracts containing the EU Commission’s standard contractual clauses (the “SCCs”) to ensure that your personal data is treated by all parties in a way that is consistent with and which respects laws on data protection, in particular the GDPR.

If you require further information about these protective measures, please contact [email protected].

This Privacy Policy may be updated from time to time. We will notify you of any changes by posting the new policy here.

Supplemental Notice to Residents of California, Virginia, Colorado, Connecticut, Utah, and Nevada

Introduction. In this section, we provide information for residents of California, Virginia, Colorado, Connecticut, Utah, and Nevada, as may be required under applicable privacy laws of such states from time to time (“State Privacy Laws”). For instance, the California Consumer Privacy Act (“CCPA”), as amended by the California Consumer Privacy Rights Act (“CPRA”), and the Virginia Consumer Data Protection Act (“VCDPA”), require that we provide their respective residents certain specific information about how we handle their personal information. Because certain State Privacy Laws require that we disclose specific information about how we handle certain personal information collected about residents of their states, the scope of this section may be different than the scope of the rest of our privacy policy.

Definitions of key terms. Under State Privacy Laws, subject to certain exceptions, “personal information” is generally any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular resident or household in the applicable state.

A “Sale” of personal information under State Privacy Laws such as CCPA and VCDPA may occur any time a business sells or makes available any personal information to a third party for monetary or other valuable consideration.

A “Share” of personal information under the CPRA generally means disclosing, making available or communicating personal information by a business to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions between a business and a third party for cross-context behavioral advertising for the benefit of a business in which no money is exchanged.

Cross-context behavioral advertising” means the targeting of advertising to a consumer based on the consumer’s personal information obtained from the consumer’s activity across businesses, distinctly branded websites, applications, or services, other than the business, distinctly branded website, application, or service with which the consumer intentionally interacts.

Sensitive information” under State Privacy Laws is generally defined as personal information that reveals sensitive information about a consumer, such as social security, driver’s license, state identification card or passport numbers, account log-in, financial account, debit card or credit card numbers in combination with any required security or access code, password or credentials allowing access to an account, precise geolocation, data revealing racial or ethnic origin, religious beliefs, physical or mental health diagnosis, sexual orientation, or citizen or immigrant status, as well as processing of genetic or biometric data for identification, and personal data collected from a known child.

Rights under applicable laws. Depending on where you reside, you may have additional legal rights with respect to your information under State Privacy Laws, beyond those described in the previous sections of this Privacy Policy. These rights are described below. While some of these rights apply generally, certain rights apply in limited cases. Consistent with State Privacy Laws, this Supplemental Notice provides a way to exercise such rights for residents of the above states. This section does not apply to any matters exempted from State Privacy Laws during the period of exemption, nor to matters covered by an applicable law prior to the relevant portion of the applicable State Privacy Laws going into effect.

Right to Know

You may have the right, depending on your jurisdiction, to request the following about the personal information we have collected about you during the past 12 months:

  • The categories and specific pieces of personal information we have collected about you;
  • The categories of sources from which we collected the personal information;
  • The business or commercial purpose for which we collected the personal information;
  • The categories of third parties with whom we shared the personal information;
  • The categories of personal information about you that we disclosed for a business purpose, and the categories of third parties to whom we disclosed that information for a business purpose;
  • The specific pieces of personal information about you that we collected or disclosed to third parties for a business purposes;
  • The right to receive requested information in a readily usable format if provided electronically; and
  • The right to update or correct any personal information which is out of date or incorrect.

Right of Deletion

You have the right to ask us to delete the personal information we have collected from you, subject to exceptions the law provides.

For example, to the extent permitted by State Privacy Laws, we may deny a deletion request if retaining the information is necessary for us or our service provider(s) to: (a) complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you; (b) detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities; (c) debug products to identify and repair errors that impair existing intended functionality; (d) protect our legal interests, to defend our rights in a case of potential, threatened, or actual litigation, and to enforce our rights; (e) comply with a legal obligation and/or (f) fulfil internal and lawful uses that are compatible with the context in which you provided the information.

Right of Non-Discrimination

You have the right to not be discriminated against if you exercise these privacy rights. We will not discriminate against you, deny, charge different prices for, or provide a different quality of goods or services if you choose to exercise these rights.

Sales and/or Sharing of Personal Information

Under certain State Privacy Laws, you have the right to ask whether we Sell (and/or Share, if you reside in California) your personal information to third parties. We do not Sell or Share your personal information as such terms are defined under State Privacy Laws.

Right to Limit Use & Disclosure of Sensitive Personal Information

We do not collect, use, or disclose information we believe to be sensitive under State Privacy Laws. In the context of the processing of information related to Job Applicants, we may process sensitive information for the purposes indicated in the relevant section in accordance with the provisions of State Privacy Laws.

Notice at Collection

At or before the point of collection, notice must be provided to the individual of the categories of personal information collected and the purposes for which such information is used.

Exceptions to These Rights

The law provides for certain exceptions to the rights described above. We reserve the right to avail ourselves of these exceptions where applicable.

How to Exercise Your Rights.

If you live in a relevant jurisdiction and would like to send us a request to exercise one of your above rights, you may do so by sending an email to [email protected].

You may designate an authorized agent to make a request on your behalf as permitted under law, though before we process that request, we will require that you provide the authorized agent written permission to do so and verify your identity directly with us.

To help protect your privacy and maintain security, we may take steps where required to verify your identity before granting you access to your personal information or complying with your request. We may not be able to respond to your request if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Notice of Categories of Personal Information: Certain terms used in this section have the meanings given to them in the CCPA, as amended by the CPRA. The information reflects our current practices, and our practices during the past 12 months. We collect the following categories of personal information, and may have collected any or all of this information in the preceding 12 months:

If you are an Advertiser or Publisher:

  • identifiers such as name, postal address, email address, account name, social security number, driver’s license number;
  • categories described in the CCPA, such as telephone number, bank, credit card number or other financial information, and
  • commercial information, including records of Awin products or services purchased, obtained, or considered;
  • internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet web site, application, or advertisement.

If you are an Awin website visitor:

  • where you have chosen to provide this information to us, identifiers such as name, postal address, email address;
  • commercial information, including records of Awin products or services purchased, obtained, or considered;
  • internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet web site, application, or advertisement.

If you are a job applicant:

  • identifiers such as name, postal address, email address, account name, social security number, driver’s license number and passport number;
  • categories described in the CCPA, such as telephone number, education, employment;
  • internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet web site, application, or advertisement;
  • professional or employment-related information;
  • education information, defined as information that is not publicly available personally identifiable information (as defined in 20 U.S.C. § 1232g, 34 C.F.R. Part 99).

If you are an end user:

  • identifiers;
  • commercial information, including records of products or services purchased, obtained, or considered;
  • internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet web site, application, or advertisement.

Sources and Use of Personal Information. We collect Personal Information from the sources mentioned in this Privacy Policy. We use Personal Information for the business and commercial purposes listed in this Privacy Policy.

CCPA Metrics for 2023

Pursuant to CCPA Regulation 999.317(g), Awin informs you of the following metrics with respect to the year 2023. Note: The foregoing numbers are based upon requests received from all individuals and not only from “consumers” as defined under the CCPA.

a. In 2023, the number of requests to know that Awin received, complied with in whole or in part, or denied: [8 received, 8 complied with, and 0 denied].

b. In 2023, the number of requests to delete that Awin received, complied with in whole or in part, or denied: [143 received, 143 complied with, and 0 denied].

c. In 2023, the median number of days within which Awin substantively responded to requests to know, requests to delete, and requests to opt-out: [20 days].