Introduction:

This privacy notice explains what information we collect when you access our website, how the information is used and disclosed, how you can control the use and disclosure of your personal information and how we protect it. Also this notice discloses the privacy practices for https://astraone.io . This privacy notice applies solely to information collected by this web site. It will notify you of the following:

1. What personally identifiable information is collected from you through the web site, how it is used and with whom it may be shared.
2. What choices are available to you regarding the use of your data.
3. The security procedures in place to protect the misuse of your information.
4. How you can correct any inaccuracies in the information.

Purpose of this notice:

This Privacy Notice provides mandatory information as required under Articles 13 and 14 of the European General Data Protection Regulation (GDPR) regarding the transparency of personal data processing. Definitions of certain terms within this notice are explained in the appendix.

Who we are?

AstraOne LLC and its affiliates, including Hybrid Adtech Inc, Hybrid Adtech GmbH, Hybrid Adtech sp. z o.o. and services offered on third-party sites, such as advertising services. AstraOne LLC Hybrid Adtech Inc, Hybrid Adtech GmbH, Hybrid Adtech sp. z o.o. are subsidiaries company of Konglomerat LTD

What information do we collect?

We have a lot of sites connected to our systems. We show ads on the site, by integrating our codes there. Also we are connected with other different ad companies on a tech level, to get audience segmentation of each user, and to provide sites with demand if we don‟t have enough. We do use audience targeting in our Advertising Dasboard to show right ads to right users

We do not collect any Personal Identifiable Information (PII) data from our user or visitor. We may collect the following categories of information for the purposes explained below.

• Advertiser website activity: This is data about your browsing activity on the Advertiser's website. For example, which pages you visited and when, and what items you placed into your online shopping cart.
• Device and browser information: This is technical information about the device or browser you use to access the Advertiser's website. For example, your device's IP address, cookie string data and (in the case of mobile devices) your device type and mobile device's unique identifier such as the Apple IDFA or Android Advertising ID.
• Ad data: This is data about the online ads we have served (or attempted to serve) to you. It includes things like how many times an ad has been served to you, what page the ad appeared on, and whether you clicked on or otherwise interacted with the ad.
• Data from Advertising Partners: This is data that we receive from other digital advertising companies that we work with (“Advertising Partners”) to help us deliver ads to you and recognize you across browsers and devices. This may include pseudonymous advertiser identifiers that some Advertisers or other third party ad platforms choose to share with us, such as your "Customer ID" with an Advertiser. We may work with these Advertising Partners to synchronize their unique, anonymous identifiers to our own to enhance data points about a particular unique browser or device.

How We Collect Your Information?

Personal Data should be collected only from the Data Subject unless one of the following apply:

• The nature of the business purpose necessitates collection of the Personal Data from other persons or bodies.
• The collection must be carried out under emergency circumstances in order to protect the vital interests of the Data Subject or to prevent serious loss or injury to another person.
• If Personal Data is collected from someone other than the Data Subject, the Data Subject must be informed1 of the collection unless one of the following apply:
• The Data Subject has received the required information by other means.
• The information must remain confidential due to a professional secrecy obligation.
• A national law expressly provides for the collection, Processing or transfer of the Personal Data.
• Where it has been determined that notification to a Data Subject is required, notification should occur promptly, but in no case later than:
• One calendar month from the first collection or recording of the Personal Data.
• At the time of first communication if used for communication with the Data Subject.
• At the time of disclosure if disclosed to another recipient.

How do we use collected information?

We use this data to help our Advertisers identify and serve ads to you that are more relevant to you. We also use this data to operate, improve and enhance our services including enhancing the data points we or our Advertising Partners have about a particular user, browser, or device, or to target, optimize, cap, or synchronize advertising.

We, as well as Third Parties that provide content, advertising or other functionality on our Services, may use Cookies, pixel tags and other technologies (“Technologies”) to automatically collect information through the Services. We use Technologies that are essentially small data files placed on your computer, tablet, mobile phone or other devices (referred to collectively as a "device") that allow us to record certain pieces of information whenever you visit or interact with our sites, services, applications, messaging, and tools and to recognize you across devices.

• Cookies. Cookies are small text files placed in visitors‟ computer browsers to store their preferences. Most browsers allow you to block and delete .You can set your web browser to warn you about attempts to place Cookies on your computer or limit the type of Cookies you allow. Flash Cookies operate differently than browser Cookies, and cookie management tools available in a web browser may not remove flash Cookies.Please be advised that if you disable Cookies, you may lose some of the features and functionality of our Services because the Cookies are necessary to track and enhance your game activities.
• Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded on the Site that collects information about users‟ engagement on that web page. The use of a pixel allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement.
• Analytics. We may also use Google Analytics and Google Analytics Demographics and Interest Reporting to collect information regarding visitor behavior and visitor demographics on some of our Services and to develop website content. This Analytics data are not tied to any Personal Information. The Information generated by Google Analytics about the use, including the current but truncated user's IP address, is transmitted to a Google server in the United States and stored there. Since we have activated IP anonymization, your IP address will be truncated by Google within an European Union member state or a member state of the European Economic Area before transmission in the United States. For more information about Google Analytics, please visit www.google.com/policies/privacy/partners/. You can opt out of Google‟s collection and processing of data generated by your use of the Services by going to http://tools.google.com/dlpage/gaoptout.

How do we Share and Process collected information?

We will not share your information with any third party outside of our organization and affiliates, other than as necessary to fulfill your request,

a. Data Processing

AstraOne provides targeted advertising services for our advertiser clients ("Advertisers"). When Identifiable Natural Person visits a website operated by an Advertiser or a third party site where we could serve an ad to you, we may collect some or all of the data described in 3.3.1. hybrid.ai uses that data as well as other data described below to help Advertisers provide ads to Identifiable Natural Persons that are more relevant to them.

AstraOne uses the Personal Data of its Contacts for the following broad purposes:

• The general running and business administration of hybrid.ai Entities.
• To provide advertising services to AstraOne customers.

The use of a Advertiser‟s information should always be considered from their perspective and whether the use will be within their expectations or if they are likely to object. For example, it would clearly be within a Advertiser‟s expectations that their details will be used by hybrid.ai to respond to a Advertiser request for information about the products and services on offer. However, it will not be within their reasonable expectations that AstraOne would then provide their details to Third Parties for marketing purposes. Each AstraOne Entity will Process Personal Data in accordance with all applicable laws and applicable contractual obligations. More specifically, AstraOne will not Process Personal Data unless at least one of the following requirements are met:

• The Data Subject has given Consent to the Processing of their Personal Data for one or more specific purposes.
• Processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract.
• Processing is necessary for compliance with a legal obligation to which the Data Controller is subject.
• Processing is necessary in order to protect the vital interests of the Data Subject or of another natural person.
• Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller.
• Processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a Third Party (except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject, in particular where the Data Subject is a child).

There are some circumstances in which Personal Data may be further processed for purposes that go beyond the original purpose for which the Personal Data was collected. When making a determination as to the compatibility of the new reason for Processing, guidance and approval must be obtained from the hybrid.ai representative before any such Processing may commence.

In any circumstance where Consent has not been gained for the specific Processing in question, AstraOne will address the following additional conditions to determine the fairness and transparency of any Processing beyond the original purpose for which the Personal Data was collected:

• Any link between the purpose for which the Personal Data was collected and the reasons for intended further Processing.
• The context in which the Personal Data has been collected, in particular regarding the relationship between Data Subject and the Data Controller.
• The nature of the Personal Data, in particular whether Special Categories of Data are being Processed, or whether Personal Data related to criminal convictions and offences are being Processed.
• The possible consequences of the intended further Processing for the Data Subject.
• The existence of appropriate safeguards pertaining to further Processing, which may include Encryption, Anonymisation or Pseudonymisation.

b. Special Categories of Data

AstraOne will only Process Special Categories of Data (also known as sensitive data) where the Data Subject expressly consents to such Processing or where one of the following conditions apply:

• The Processing relates to Personal Data which has already been made public by the Data Subject.
• The Processing is necessary for the establishment, exercise or defence of legal claims.
• The Processing is specifically authorised or required by law.
• The Processing is necessary to protect the vital interests of the Data Subject or of another natural person where the Data Subject is physically or legally incapable of giving consent.

Further conditions, including limitations, based upon national law related to the Processing of genetic data, biometric data or data concerning health.In any situation where Special Categories of Data are to be Processed, prior approval must be obtained from the Office of Data Protection and the basis for the Processing clearly recorded with the Personal Data in question. Where Special Categories of Data are being Processed, Meta Privacy will adopt additional protection measures. Each Meta Privacy Entity may also adopt additional measures to address local custom or social expectation over the Processing of Special Categories of Data.

c. Children’s Data

Children are unable to Consent to the Processing of Personal Data for information services. Consent must be sought from the person who holds parental responsibility over the child. However, it should be noted that where Processing is lawful under other grounds, Consent need not be obtained from the child or the holder of parental responsibility. Should any AstraOne Entity foresee a business need for obtaining parental consent for information society services offered directly to a child, guidance and approval must be obtained from the hybrid.ai representative before any Processing of a child‟s Personal Data may commence.

d. Data Quality

Each AstraOne Entity will adopt all necessary measures to ensure that the Personal Data it collects and Processes is complete and accurate in the first instance, and is updated to reflect the current situation of the Data Subject.

The measures adopted by AstraOne to ensure data quality include:

• Correcting Personal Data known to be incorrect, inaccurate, incomplete, ambiguous, misleading or outdated, even if the Data Subject does not request rectification.
• Keeping Personal Data only for the period necessary to satisfy the permitted uses or applicable statutory retention period.
• The removal of Personal Data if in violation of any of the Data Protection principles or if the Personal Data is no longer required.
• Restriction, rather than deletion of Personal Data, insofar as:
  • i. a law prohibits erasure.
  • ii. erasure would impair legitimate interests of the Data Subject.
  • iii. the Data Subject disputes that their Personal Data is correct and it cannot be clearly ascertained whether their information is correct or incorrect.

e. Digital Marketing

As a general rule hybrid.ai will not send promotional or direct marketing material to an AstraOne website visitors or platform users through digital channels such as mobile phones, email and the Internet, without first obtaining their Consent. Any AstraOne Entity wishing to carry out a digital marketing campaign without obtaining prior Consent from the Data Subject must first have it approved by AstraOne representative. Where Personal Data Processing is approved for digital marketing purposes, the Data Subject must be informed at the point of first contact that they have the right to object, at any stage, to having their data Processed for such purposes. If the Data Subject puts forward an objection, digital marketing related Processing of their Personal Data must cease immediately and their details should be kept on a suppression list with a record of their opt-out decision, rather than being completely deleted. It should be noted that where digital marketing is carried out in a „business to business‟ context, there is no legal requirement to obtain an indication of Consent to carry out digital marketing to individuals provided that they are given the opportunity to opt-out.

Who receives your Personal Data?

• Authorized persons working for or on behalf of AstraOne;
• AstraOne SAS, on a need-to-know basis for the purposes outlined in this privacy notice;
• Our agents, Affiliates, Co-Organization, Service Providers and Advisers (e.g. third-party service providers and advisers providing the variety of products and services we need, such as IT maintenance and support, procurement services, logistic services, etc.);
• Law enforcement or government authorities where necessary to comply with applicable law

Using data for Profiling Purposes:

As a matter of principle, your personal data will not be processed automatically with the objective of evaluating certain personal aspects (profiling). In the event that we should process your personal data with the objective of conducting profiling, we will, if required by law, specifically inform you of this and of your rights in this respect.

YOU CAN OPT-OUT OF PERSONALIZED AD:

You may Opt-Out of any future contacts from us at any time by clicking the following button

Disable(opt-out) personalized ads Enable(opt-out) personalized ads

What Data Protection Principles we follow?

AstraOne has adopted the following principles to govern its collection, use, retention, transfer, disclosure and destruction of Personal Data:

• Principle 1: Lawfulness, Fairness and Transparency

Personal Data shall be processed lawfully, fairly and in a transparent manner in relation to the Data Subject. This means, AstraOne must tell the Data Subject what Processing will occur (transparency), the Processing must match the description given to the Data Subject (fairness), and it must be for one of the purposes specified in the applicable Data Protection regulation (lawfulness).

• Principle 2: Purpose Limitation

Personal Data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. This means AstraOne must specify exactly what the Personal Data collected will be used for and limit the Processing of that Personal Data to only what is necessary to meet the specified purpose.

• Principle 3: Data Minimisation

Personal Data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. This means AstraOne must not store any Personal Data beyond what is strictly required.

• Principle 4: Accuracy

Personal Data shall be accurate and, kept up to date. This means AstraOne must have in place processes for identifying and addressing out-of-date, incorrect and redundant Personal Data.

• Principle 5: Storage Limitation

Personal Data shall be kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data is Processed. This means hybrid.ai must, wherever possible, store Personal Data in a way that limits or prevents identification of the Data Subject.

• Principle 6: Integrity & Confidentiality

Personal Data shall be processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorized or unlawful Processing, and against accidental loss, destruction or damage. AstraOne must use appropriate technical and organizational measures to ensure the integrity and confidentiality of Personal Data is maintained at all times.

• Principle 7: Accountability

The Data Controller shall be responsible for, and be able to demonstrate compliance. This means AstraOne must demonstrate that the six Data Protection Principles (outlined above) are met for all Personal Data for which it is responsible.

What legal basis do we have for processing your personal data?

According to Article 6 of the GDPR at least one of these must apply whenever your personal data is processed:

• Consent: the individual has given clear consent for the processing of their personal data for a specific purpose.
• Contract: the processing is necessary for compliance with a contract.
• Legal obligation: the processing is necessary to comply with the law (not including contractual obligations).
• Vital interests: the processing is necessary to protect someone‟s life.
• Public task: the processing is necessary to perform a task in the public interest, and the task or function has a clear basis in law.
• Legitimate interests: the processing is necessary for the legitimate interests of the Data Controller unless there is a good reason to protect the individual‟s personal data which overrides those legitimate interests.

How do we secure personal data?

No data transmissions over the Internet can be guaranteed to be 100 percent secure. Consequently, we cannot ensure or warrant the security of any information you transmit to us and you understand that any information that you transfer to AstraOne is done at your own risk. However, AstraOne uses website security measures consistent with current best practices to protect its website, email and mailing lists. These measures include technical, procedural, monitoring and tracking steps intended to safeguard data from misuse, unauthorized access or disclosure, loss, alteration or destruction.

We realize there can be incidents of misuse or unauthorized program incursions, as almost every website, service and user encounters. In those instances, our goals are to move quickly to isolate the problem, ensure or restore proper functionality and minimize any inconvenience to our users. As appropriate and necessary, AstraOne will notify the relevant authorities of these incidents of misuse or unauthorized program incursions of the AstraOne website. We use technical and organizational security measures to protect the data we have under our control against accidental or intentional manipulation, loss or destruction and against access by unauthorized persons. Our security procedures are continually enhanced as new technology becomes available.

We take precautions to protect your information. When we collect any information via the website, your information is protected both online and offline. Wherever we collect any information that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a closed lock icon at the bottom of your web browser, or looking for "https" at the beginning of the address of the web page.

While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.

Data Transfers (Internal and Within Third Parties):

We may transfer the information we collect about you to countries other than the country where we originally collected it for the purposes of storage and processing of data and operating our services. Those countries may not have the same data protection laws as your country. However, when we transfer your information to other countries, we will protect that information as described in this Privacy Notice and take steps, where necessary, to ensure that international transfers comply with applicable laws. For example, if we transfer your information from the European Economic Area to a country outside it, such as the United States, we will seek to take additional steps such as entering into EU compliant data transfer agreements with the data importer where necessary.

AstraOne entities may transfer Personal Data to internal or Third Party recipients located in another country where that country is recognized as having an adequate level of legal protection for the rights and freedoms of the relevant Data Subjects. Where transfers need to be made to countries lacking an adequate level of legal protection (i.e. Third Countries), they must be made in compliance with an approved transfer mechanism AstraOne Entities may only transfer Personal Data where one of the transfer scenarios list below applies:

• The Data Subject has given Consent to the proposed transfer.
• The transfer is necessary for the performance of a contract with the Data Subject.
• The transfer is necessary for the implementation of pre-contractual measures taken in response to the Data Subject‟s request.
• The transfer is necessary for the conclusion or performance of a contract concluded with a Third Party in the interest of the Data Subject.
• The transfer is legally required on important public interest grounds.
• The transfer is necessary for the establishment, exercise or defense of legal claims.
• The transfer is necessary in order to protect the vital interests of the Data Subject.

Each AstraOne Entity will only transfer Personal Data to, or allow access by, Third Parties when it is assured that the information will be processed legitimately and protected appropriately by the recipient. Where Third Party Processing takes place, each hybrid.ai Entity will first identify if, under applicable law, the Third Party is considered a Data Controller or a Data Processor of the Personal Data being transferred.

Where the Third Party is deemed to be a Data Controller, the AstraOne Entity will enter into, in cooperation with the Office of Data Protection, an appropriate agreement with the Controller to clarify each party‟s responsibilities in respect to the Personal Data transferred.

Where the Third Party is deemed to be a Data Processor, the AstraOne Entity will enter into, in cooperation with the Office of Data Protection, an adequate Processing agreement with the Data Processor. The agreement must require the Data Processor to protect the Personal Data from

further disclosure and to only Process Personal Data in compliance with AstraOne instructions. In addition, the agreement will require the Data Processor to implement appropriate technical and organizational measures to protect the Personal Data as well as procedures for providing notification of Personal Data Breaches.

When a hybrid.ai Entity is outsourcing services to a Third Party (including Cloud Computing services), they will identify whether the Third Party will Process Personal Data on its behalf and whether the outsourcing will entail any Third Country transfers of Personal Data. In either case, it will make sure to include, in cooperation with the Office of Data Protection, adequate provisions in the outsourcing agreement for such Processing and Third Country transfers. Meta Privacy has a „Standard Provisions for Outsourcing Agreement‟ document that should be used for guidance. ##How Long Do We Retain Your Personal Data?

We retain Personal Data about you for as long as need for legal basis or you consent to do so or as otherwise necessary to provide the Services to you and improve the Services for all users generally. In some cases we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. Afterwards, we retain some information in a depersonalized or aggregated form but not in a way that would identify you personally. If your personal data is no longer required for the performance of contractual or regulatory obligations, it will be erased on a regular basis unless further processing is necessary, for instance, for preserving particular evidence under the applicable data protection laws and regulations or in the context of legal statutes of limitation.

What Rights Do You Have Regarding Your Personal Data?

You have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights, or to submit a request, please email . Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.

• Access: You can request more information about the Personal Data we hold about you and request a copy of such Personal Data by emailing us at [email protected]
• Rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such Personal Data by emailing us at [email protected]
• Erasure: You can request that we erase some or all of your Personal Data from our systems.
• Withdrawal of Consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such Personal Data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
• Portability: You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the Personal Data to another controller where technically feasible.
• Objection: You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes.
• Restriction of Processing: You can ask us to restrict further processing of your Personal Data.
• Right to File Complaint: You have the right to lodge a complaint about our practices with respect to your Personal Data with the supervisory authority of your country or EU Member State.

AstraOne will always fully respect your rights regarding the processing of your personal data, and has provided below the details of the person to contact if you have any concerns or questions regarding how we process your data, or if you wish to exercise any rights you have under the GDPR. All requests received for access to or rectification of Personal Data must be directed to the AstraOne representative, who will log each request as it is received. A response to each request will be provided within 30 days of the receipt of the written request from the Data Subject. Appropriate verification must confirm that the requestor is the Data Subject or their authorised legal representative. Data Subjects shall have the right to require AstraOne to correct or supplement erroneous, misleading, outdated, or incomplete Personal Data.

Complaints Handling:

Data Subjects with a complaint about the Processing of their Personal Data, should put forward the matter in writing to the Office of Data Protection. An investigation of the complaint will be carried out to the extent that is appropriate based on the merits of the specific case. The hybrid.ai representative will inform the Data Subject of the progress and the outcome of the complaint within a reasonable period. If the issue cannot be resolved through consultation between the Data Subject and the hybrid.ai representative, then the Data Subject may, at their option, seek redress through mediation, binding arbitration, litigation, or via complaint to the Data Protection Authority within the applicable jurisdiction.

Breach Reporting

Any individual who suspects that a Personal Data Breach has occurred due to the theft or exposure of Personal Data must immediately notify AstraOne representative providing a description of what occurred. Notification of the incident can me made via e-mail , or by using the anonymous incident reporting form at . AstraOne representative will investigate all reported incidents to confirm whether or not a Personal Data Breach has occurred. If a Personal Data Breach is confirmed, the AstraOne representative will follow the relevant authorised procedure based on the criticality and quantity of the Personal Data involved. For severe Personal Data Breaches, the AstraOne management will initiate and chair an emergency response team to coordinate and manage the Personal Data Breach response.

How to contact us?

If you have any questions about this GDPR Privacy Notice or our data practices generally, please contact us using the following information:

Address: KONGLOMERAT LTD 4-6 STAPLE INN BUILDINGS LONDON WC1V 7QH

For all request concerning the security of your data you can contact our data protection officer at [email protected]

External Data Protection Officer and contact information:

If you have a particularly sensitive request, please contact our Data Protection Officer by postal mail, as communication by e-mail can always be flawed by security vulnerabilities.