GDPR Compliance Policy – LiveNow Affiliate Software LTD

1. Purpose

This GDPR Compliance Policy outlines how LN ensures lawful, fair, and transparent processing of personal data across all LN software and services, including the Lifestyle App, Affiliate Backoffice, Business Manager, and all related subscription platforms.

2. Data Controller & Contact

LiveNow Affiliate Software LTD is the Data Controller.

Address: Igoumenou Gerasimou 12, 2863 Kampos, Nicosia, Cyprus

Email: [email protected]

Phone: +357 7008 8044

LN currently does not appoint a Data Protection Officer (DPO), but follows strict GDPR protocols and may assign one in the future.

3. Scope

This policy applies to: - Lifestyle Members (LM), including BLM and PLM - Merchants and Third-Party Merchants - Affiliates (Standard, PRO, Agency, Influencer) - Employees and Admin users - Visitors and users interacting with LN digital platforms

4. Lawful Bases for Processing

LN processes personal data under: - Art. 6(1)(a) Consent - Art. 6(1)(b) Contractual Necessity - Art. 6(1)(c) Legal Obligation - Art. 6(1)(f) Legitimate Interests

Consent is collected explicitly during registration and feature access, including for marketing communications.

5. Data Minimization & Purpose Limitation

Only essential data is collected and processed for specified, legitimate purposes. LN prohibits the reuse or export of user data outside its ecosystem by merchants or affiliates.

6. Transparency & Information Access

Users can access detailed privacy terms via in-app links, LN websites, and onboarding steps. Key points are communicated in plain language, and data policies are accessible 24/7.

7. Rights of Data Subjects

All users have the right to: - Access personal data - Rectify inaccurate data - Request deletion - Restrict or object to processing - Withdraw consent - Data portability

LN provides support via live chat or email within 24 hours. Identity verification is required before executing any right.

8. Data Retention Policy

User and merchant data is retained for up to: - 365 days post-deactivation (for transactional reasons) - 730 days total, with the second year for legal and compliance purposes - Permanent deletion after expiry of retention periods

9. Technical & Organizational Security Measures

LN enforces: - End-to-end HTTPS encryption - Microsoft Azure secure infrastructure (EU-based) - Regular access auditing and permission controls - Subprocessor vetting and NDA compliance

10. Subprocessors

LN may share data with GDPR-compliant subprocessors: - Microsoft Azure - Stripe - Viva Wallet - Zapier - Typeform - Google - Meta - Microsoft

All subprocessors are bound by EU-standard contractual clauses (SCCs) or equivalent safeguards.

11. Data Protection Impact Assessments (DPIA)

LN performs DPIAs when introducing new technologies or processing operations likely to result in high risk. Examples include affiliate commission tracking, QR code validation, or payment integrations.

12. Breach Notification

In the event of a data breach, LN will notify the Cypriot supervisory authority within 72 hours and inform affected users without undue delay, where applicable.

13. Updates

This GDPR Policy will be reviewed annually or upon material change. Users will be notified via the platform and/or email where relevant.

Supervisory Authority Contact:

Office of the Commissioner for Personal Data Protection

1 Iasonos Str., 1082 Nicosia, Cyprus

Email: [email protected]

Website: www.dataprotection.gov.cy