Privacy Notice

SIMPLIFIED PRIVACY NOTICE

SMPL PA OP, S.A., (the “Controller”), a company organized under the laws of the Republic of Panama, the jurisdiction where it maintains its corporate domicile and internet portal https://www.palpito.com, is responsible for the use and protection of your Personal Data. The operation of the services, including the processing of Personal Data, is carried out outside the Republic of Panama, through infrastructure and operations located in other jurisdictions. The Controller collects your Personal Data for the following purposes: (i) To identify and contact you (ii) To provide the products and services you request. (iii) To respond to your requests for information, attention, and service. (iv) The creation, study, analysis, updating, and retention of the service file. (v) To verify your identity, address, or other information in order to prevent fraud and to manage risk and regulatory compliance during the relationship with the Controller, including validation processes carried out through providers authorized by the Controller. (vi) To process payments through external payment providers and digital wallets authorized by the Data Subject, as well as to facilitate interaction with authorized providers for the conversion between fiat currency and digital assets. (vii) To verify that there are no conflicts of independence with our employees or operations that breach the terms and conditions of the service. (viiii) To facilitate interaction with the technological infrastructure, digital wallets, and smart contracts necessary for the operation of the services offered by the Controller, including the execution of transactions on blockchain networks. (ix) Archiving of records and files for the follow-up of future services. (x) Financial management, billing, and collection. (xi) To comply with the obligations and commitments we have entered into with you. (xii) To comply with applicable regulations. (xiii) To evaluate the quality of our service.

Additionally, we will use your personal information for the following purposes: (i) For processing for marketing, advertising, or commercial prospecting purposes. (ii) To offer or provide discounts with respect to products or services offered by the Controller or by any business partner. (iii) Conducting quality and satisfaction surveys. (iv) Sending commercial and/or advertising information via email, mobile phone, and electronic means of communication via: SMS, MMS, WhatsApp messages, or social media. (v) Sending information by traditional correspondence to your address (via postal service). (vi) Market studies. (vii) Marketing, advertising, or commercial prospecting purposes. (viii) To offer you products or services of its own or of any of its holding companies, subsidiaries, branches, or affiliates, or of a parent company or any company under the common control of the Controller or its principal shareholder, or any other company within the same group as the Controller that operates under the same internal processes and policies, as provided by the respective legislation, as well as associated companies and commission agents. (ix) To carry out statistical analysis, the generation of information models and/or current and predictive behavioral profiles, it being understood that such purposes of use of your Personal Data shall be secondary and are not necessary for the provision or contracting of the respective services. (x) To generate personalized recommendations of content, campaigns, products, or services based on the interaction and behavior of the Data Subject within the platform. (xi) To manage the participation of the Data Subject in referral programs, ambassador programs, promotions, commercial dynamics, and similar promotional campaigns.

To learn more, the manner in which you may exercise your rights with respect to your Personal Data, and/or to consult the Comprehensive Privacy Notice, you may visit our internet portal https://www.palpito.com/en/privacy and/or contact us via email at the account legal@palpito.com. More information.

Privacy Notice SMPL PA OP, S.A.

1. Identification of the Controller that processes the data.

SMPL PA OP, S.A. (the “Controller”), a company organized under the laws of the Republic of Panama, the jurisdiction where it maintains its corporate domicile, through its website https://www.palpito.com, is responsible for the processing and protection of the Personal Data it collects from the Data Subject for the purposes established in this document, in accordance with the applicable laws on the protection of personal data. The operation of the services, including the processing of Personal Data, is carried out outside the Republic of Panama, through infrastructure and operations located in other jurisdictions. The purpose of this Privacy Notice (the “Notice”) is to inform the Data Subject of the existence and main characteristics of the processing of the data and information that they provide to the Controller, as follows:

2. Definitions.

Privacy Notice or Notice: A document, whether physical, electronic, or in any other format, generated by the Controller and made available to the Data Subject prior to the processing of their Personal Data, the purpose of which is to delimit the scope and general conditions of the processing of that information, as well as to provide Data Subjects with the information necessary so that they may make informed decisions about the use of their Personal Data and maintain control and disposition over it.

Databases: The ordered set of Personal Data referring to an identified or identifiable person.

Blocking: The identification and retention of Personal Data once the purpose for which it was collected has been fulfilled, for the sole purpose of determining possible liabilities in relation to its processing, until the legal or contractual statute of limitations for such liabilities. During such period, the Personal Data may not be subject to processing, and once it has elapsed, it shall be cancelled in the Controller’s Database.

Express Consent: The expression of will manifested by the Data Subject of the Personal Data, whether verbally, in writing, by electronic or optical means, or by any other technology. Sensitive, financial, or asset-related Personal Data shall require the Express Consent of its Data Subject, except for the exceptions provided in the Applicable Laws.

Tacit Consent: When, the Privacy Notice having been made available to the Data Subject, they do not express their opposition to the processing of their Personal Data.

Identification Data: Information concerning a natural or legal person that allows them to be distinguished from others within a collective, such as name, corporate or business name, handwritten signature, digitized handwritten signature, electronic signature, tax identification number or equivalent, population identification number or equivalent, data contained in official identifications issued by the authorities duly empowered to do so, place and date of birth, nationality, photograph, age, date of incorporation, etc.

Personal Data: Any information concerning an identified or identifiable natural person.

Sensitive Personal Data: These are Personal Data that inform the Controller about the most intimate aspects of individuals and whose misuse may give rise to discrimination or place them at serious risk, such as racial or ethnic origin, migratory data, health status (past, present, and future), blood type, genetic information, biometric data, religious, philosophical, and moral beliefs, union membership, political opinions, sexual preference, banking credentials, credit information, occupation, geolocation, among others, which may be obtained directly or indirectly.

Right of Access: The right of the Data Subject to request access to their Personal Data that is held in the Databases, systems, files, records, or dossiers of the Controller that possesses, stores, or uses it, as well as to know information related to the use given to the Personal Data.

Right of Rectification: The right of the Data Subject to request the Rectification or correction of their Personal Data, when it is inaccurate, incomplete, or not up to date.

Right of Cancellation: The right of the Data Subject to request that their Personal Data be deleted from the files, records, dossiers, systems, and Databases of the Controller that possesses, stores, or uses it. However, it must be taken into account that Personal Data may not be deleted in all cases, principally when it is necessary for some legal matter or for compliance with obligations.

Right to Object: The right of the Data Subject to request that their Personal Data not be used for certain purposes, or to require that the use thereof be ceased in order to avoid harm. In this case, it must be considered that it will not always be possible to prevent the use of Personal Data, when it is necessary for some legal matter or for compliance with obligations.

ARCO Rights: Refers to the Rights of Access, Rectification, Cancellation, and Objection, defined in this Notice.

Digital environment: The sphere formed by the combination of hardware, software, networks, applications, services, or any other information technology that allows the computerized or digitized exchange or processing of data;

Official Identification: A document evidencing the identity of the Data Subject, issued by a competent authority with jurisdiction over any Controller or Data Subject.

Applicable Laws: Means (i) any federal, provincial, local, or other law in force; (ii) any rule or regulation issued by any governmental authority with jurisdiction over any Controller or the Data Subject; and (iii) any judicial, governmental, or administrative order, judgment, decree, or ruling, in each case applicable to any Controller or the Data Subject and/or the subject matter or the transactions contemplated by the services provided by the Controller.

Data Subject: The natural person to whom the Personal Data corresponds and who shares it with the Controller.

Transfer: Any communication of Personal Data within or outside the national territory, made to a person other than the Data Subject or the Controller.

Controller: A private natural or legal person that decides on the processing of Personal Data; for the purposes of this Notice, the controller is SMPL PA OP, S.A.

3. Personal Data that will be subject to processing.

By means of this Privacy Notice, the Personal Data and Sensitive Personal Data that the Controller will collect, process, and store for the achievement of the purposes set out in this Privacy Notice are indicated, and under the principles of lawfulness, consent, information, quality, purpose, loyalty, proportionality, and accountability.

The Personal Data that the Controller will collect and that will be subject to processing are the following:

Individuals:

Name and surnames
Gender
Date of Birth
Nationality
Country of Birth
Official identification number (if applicable)
Home address in the country of residence, composed of the name of the street, avenue, or thoroughfare in question, duly specified; exterior number and, where applicable, interior number; neighborhood or development; borough, delegation, municipality, or similar political subdivision that corresponds, where applicable; city or town, federal entity, state, province, department, or similar political subdivision that corresponds, where applicable; postal code and country.
Occupation, profession, activity, or line of business engaged in
Population identification number (if applicable)
Telephone number
Email
IP address and web browsing data including browser type, operating system, pages visited, and access times to the Site
Mobile device information including device type, mobile device identification number, time zone, language setting, and browser type
Financial information related to transactions carried out by means of blockchain technology, including public addresses of digital wallets and records associated with such transactions on blockchain networks, which may be public, decentralized, irreversible, and immutable.

Certain enhanced identity verification processes, including biometric validation mechanisms, supporting documentation, or liveness checks, as well as the request for Sensitive Personal Data, may be carried out directly by external providers authorized by the Controller and processed under their own terms and privacy policies. In such cases, the Controller may only receive the results, validations, or confirmations necessary to enable access to the corresponding services, without directly receiving or storing biometric information derived from such processes.

4. Purposes of the processing

The Personal Data and Sensitive Personal Data that the Controller collects from the Data Subject will be used for the following purposes:

To identify and contact you
To provide the products and services you request.
To respond to your requests for information, attention, and service.
The creation, study, analysis, updating, and retention of the service file.
To verify your identity, address, or other information in order to prevent fraud and to manage risk and regulatory compliance during the relationship with the Controller, including validation processes carried out through providers authorized by the Controller.
To process payments through external payment providers and digital wallets authorized by the Data Subject, as well as to facilitate interaction with authorized providers for the conversion between fiat currency and digital assets.
To verify that there are no conflicts of interest with our employees or operations that breach the terms and conditions of the service.
To facilitate interaction with the technological infrastructure, digital wallets, and smart contracts necessary for the operation of the services offered by the Controller, including the execution of transactions on blockchain networks.
Archiving of records and files for the follow-up of future services.
Financial management, billing, and collection.
To comply with the obligations and commitments we have entered into with you.
To comply with applicable regulations.
To evaluate the quality of our service.

5. Ancillary purposes.

The Personal Data and Sensitive Personal Data that the Controller collects from the Data Subject may additionally be used for the following purposes:

For processing for marketing, advertising, or commercial prospecting purposes.
To offer or provide discounts to Data Subjects with respect to products or services offered by the Controller or by any business partner.
Conducting quality and satisfaction surveys of the Data Subject.
Sending commercial and/or advertising information via email, mobile phone, and electronic means of communication via: SMS, MMS, WhatsApp messages, or social media.
Sending information by traditional correspondence to the Data Subject’s address (via postal service).
Market studies.
Marketing, advertising, or commercial prospecting purposes.
To offer you products or services of its own or of any of its holding companies, subsidiaries, branches, or affiliates, or of a parent company or any company under the common control of the Controller or its principal shareholder, or any other company within the same group as the Controller that operates under the same internal processes and policies, as provided by the respective legislation, as well as associated companies and commission agents;
To carry out statistical analysis, the generation of information models, and/or current and predictive behavioral profiles.
To generate personalized recommendations of content, campaigns, products, or services based on the interaction and behavior of the Data Subject within the platform.
To manage the participation of the Data Subject in referral programs, ambassador programs, promotions, commercial dynamics, and similar promotional campaigns.

6. Mechanism for the Data Subject to express their refusal of the processing of their Personal Data.

When this Privacy Notice is not made known to the Data Subject directly or personally, the Data Subject has a period of five business days within which to, where applicable, express their refusal of the processing of their Personal Data with respect to the purposes listed in the preceding section, in accordance with the procedure established in section VIII of this Privacy Notice.

The rights of the Data Subject to exercise their rights to the revocation of consent or to objection are reserved, in the event that they do not express their refusal of the processing of their Personal Data prior to the delivery thereof or its use.

7. Transfer of Personal Data

The Controller may transfer and/or communicate the Data Subject’s Personal Data within and outside the country, without requiring the consent of the Data Subject to do so, to third parties such as:

Holding companies, subsidiaries, or affiliates under the common control of the same group as the Controller, or a parent company or any company within the same group as the Controller, for the benefit of the Data Subject.
The Controller’s providers, including those necessary for payment services, financial transaction processors, technological infrastructure providers, digital wallet providers, identity verification, authentication, and fraud prevention services, and technology providers necessary for the provision of on-ramp and off-ramp services for digital assets that the Data Subject has authorized, as well as those necessary for compliance with the primary or secondary purposes established in this Privacy Notice.
Commission agents, for the fulfillment of the purpose of the services that the Data Subject has contracted with the Controller.

Additionally, the Controller may transfer the Data Subject’s Personal Data if any law so requires, or when so requested by competent authorities under the terms of the applicable legislation.

In any case, the recipients of Personal Data shall assume the same obligations and/or responsibilities as the Controller, to the extent and degree strictly necessary for the purposes of the specific processing and in accordance with what is described in this Privacy Notice.

The Data Subject’s Personal Data may be transferred to and maintained on servers located outside their country of residence, where data protection laws may differ from those of their jurisdiction. By using the services, the Data Subject consents to the transfer of their information outside their country of residence. In certain circumstances, courts, law enforcement agencies, regulatory bodies, or security authorities of other countries may have the right to access the Data Subject’s Personal Data. The Controller will take all reasonably necessary measures to ensure that the data is processed securely and in accordance with this Privacy Notice, and no transfer of Personal Data will take place to an organization or country unless adequate controls are in place, including data security.

8. Clause of acceptance by the Data Subject for the transfer of Personal Data.

In this act, and this Privacy Notice having been made available to the Data Subject, until such time as the Data Subject of the Personal Data presents their refusal of the transfer of the Personal Data, the Data Subject consents to the transfer of their Personal Data in fulfillment of the purposes indicated in the body of this Privacy Notice.

Notwithstanding, the Controller may carry out the domestic or international transfer of Personal Data without the consent of the Data Subject when any of the following circumstances arise:

When the transfer is provided for in the Applicable Laws;
When the transfer is made to holding companies, subsidiaries, or affiliates under the common control of the Controller, or to a parent company or any company within the same group as the Controller that operates under the same internal processes and policies;
When the transfer is necessary by virtue of a contract entered into or to be entered into in the interest of the Data Subject, by the Controller and a third party;
When the transfer is necessary or legally required for the safeguarding of a public interest, or for the procurement or administration of justice;
When the transfer is necessary for the recognition, exercise, or defense of a right in a judicial proceeding, and
When the transfer is necessary for the maintenance or fulfillment of a legal relationship between the Controller and the Data Subject.

For the purpose of the transfer of Sensitive Personal Data, it will be necessary to obtain the Express Consent of the Data Subject; however, it will not be necessary to obtain such Express Consent when the transfer is in compliance with the provisions of the subsections indicated in the immediately preceding paragraph.

9. Means and procedures for exercising the ARCO Rights.

In order for the Data Subject of the Personal Data to be able at all times to exercise their request for the Right of Access, Rectification, Cancellation, or Objection of their Personal Data, the Controller sets out the following procedure for the exercise of any of the ARCO Rights:

The Data Subject may exercise the aforementioned ARCO Rights vis-à-vis the Controller.

For such purpose, the Controller has enabled the following email address legal@palpito.com so that its designated area may receive and address the request made, which must contain at least the following information:

Full name, an email address or other means to follow up on the request and communicate the corresponding response.
A digitized copy of the Data Subject’s official identification.
A digital photograph (self-portrait) of the Data Subject of the official identification in order to corroborate their identity remotely.
A clear and precise description of the right that is being sought and, where applicable, a description of the facts that gave rise to it.
Any other element or document that facilitates the location of the Personal Data.

The Controller may request additional information or the completion of a form within the 5 (five) business days following receipt of the request, in the event that the information provided in the request is insufficient or erroneous. The Data Subject will have 10 (ten) business days to address this requirement; if no response is given within such period, the corresponding request will be deemed not to have been submitted.

In the case of requesting the rectification of their Personal Data, they may update those related to the identification document or contact data from the Controller’s website; otherwise, the Rectification request must be made in accordance with this procedure and, in addition to complying with the numerals mentioned above, indicate the modifications to be made and provide the documentation that supports the request.

Once the Controller’s area receives the request and it does not contain errors or omissions, the Controller will have a period of twenty (20) business days to respond regarding the admissibility or inadmissibility of the request. In the event that it is admissible, the Controller will have an additional period of fifteen (15) business days to make it effective by providing the information to the Data Subject (electronic documents or evidence that supports the exercise of the right) by the same means of attention.

Any request for the exercise of ARCO rights may be rejected in the following cases:

When the applicant is not the Data Subject.
When the Personal Data is not found in the Controller’s Database.
When the rights of a third party are harmed.
When there is a legal impediment or the resolution of a competent authority that restricts access to the Personal Data or does not permit the rectification, cancellation, or objection thereof.
When the rectification, cancellation, or objection has been previously carried out.

The refusal referred to in the preceding point may be partial, in which case the Controller will carry out the access, rectification, cancellation, or objection required by the Data Subject. In addition, the Controller may reject the cancellation of the processing of the Personal Data at its sole discretion in compliance with the Applicable Laws.

The exercise of the ARCO Rights is simple and free of charge, with the Data Subject of the Personal Data provided being required, where applicable, to cover only the costs of shipping, reproduction, and, where applicable, certification of documents, except for the exception provided in the applicable laws.

10. The mechanisms and procedures for the Data Subject, where applicable, to revoke their consent to the processing of their Personal Data.

In order for the Data Subject to exercise their right to the revocation of Consent, they must address their request with the subject: “Revocation of Consent” and adhere to the procedure and time periods established in section VIII of this Privacy Notice.

11. The options and means that the Controller offers to the Data Subject to limit the use or disclosure of the Personal Data.

In order for the Controller to limit the use or disclosure of the Personal Data, it has implemented administrative, physical, and technical security measures with the aim of preventing the misuse and disclosure of the Personal Data.

The Data Subject may initiate the procedure to limit the processing of their Personal Data, through the exercise of the Right to Object, by following the procedure provided in section VIII of this Privacy Notice.

12. Security breaches.

The security of the Data Subject’s data is important to the Controller; however, no method of transmission over the Internet or method of electronic storage is 100% secure. The Controller has technological, administrative, and physical security measures, including firewalls, data encryption, access controls, and the authorization of access to personal information provided only to personnel who require it for the performance of their duties. Notwithstanding, the Controller is not exempt from suffering breaches to its technological or physical systems; therefore, in the event that a breach of the security of your Personal Data occurs at any phase of the processing and that this significantly affects your rights, you will be notified by means of the email provided, so that you are then in a position to take the necessary measures for the defense thereof. Any transmission of Personal Data is at the Data Subject’s own risk. The Controller is not responsible for the circumvention of the privacy settings or security measures contained in the services.

13. The procedures and means through which the Controller will communicate to Data Subjects the changes to the Privacy Notice.

This Privacy Notice may undergo modifications, changes, or updates derived from new legal requirements; from the Controller’s own needs, due to the products or services it offers; from privacy practices; from changes in the business model; or for other reasons.

Any change to this Privacy Notice will be communicated to the Data Subject through the Controller’s website, which is https://www.palpito.com/en/privacy.

If you consider that your right to the protection of your Personal Data has been harmed by some conduct or omission on the part of the Controller, or you presume some violation of the Applicable Laws, you may object to or report this act before the corresponding authorities under your jurisdiction. If you are located in the European Economic Area, or in other jurisdictions that present a data protection regime granting rights to their residents or citizens, you have the right to lodge a complaint with the corresponding supervisory authority if you consider that the processing of your Personal Data violates the applicable law. The Controller reserves, at its sole discretion, its right to agree to submit to the Applicable Laws of the Data Subject’s jurisdiction.

The provision of any service granted by the Controller in favor of the Data Subject means that the latter has read and understood this Privacy Notice, and has granted their Express Consent for the Processing of their Personal Data for the necessary purposes and transfers established in this Comprehensive Privacy Notice, as corresponds to the type of Data Subject in question and as indicated in such Notice.

With respect to those Personal Data for the dispensable ancillary purposes and transfers established in this Privacy Notice, if the Data Subject does not express their opposition in accordance with the process established in this Comprehensive Privacy Notice for their Personal Data to be Processed for such dispensable ancillary purposes and/or transfers, it will be understood that they have granted their Tacit Consent thereto.

14. Retention of Personal Data:

The retention periods of the Personal Data shall not exceed those that are necessary for the fulfillment of the purposes that justified the processing, and shall comply with the provisions applicable to the matter in question, as well as consider the administrative, accounting, fiscal, legal, and historical aspects of the information.

Once the purposes of the processing have been fulfilled and when there is no legal or regulatory provision establishing the contrary, the Controller will proceed with the cancellation of the Personal Data, after prior blocking of the same, for its subsequent deletion.

15. Jurisdiction.

The services, including the Site, are made available by the Controller from outside Panama. The Controller’s connection to the Republic of Panama is limited to its corporate domicile. The services are not intended to subject the Controller to the laws or jurisdiction of any state, country, or territory other than that of the Republic of Panama with respect to its jurisdiction of incorporation.

16. Minors under 18 years of age.

The services are not intended for minors under 18 years of age. No person under 18 years of age may provide Personal Data to the Controller through the Site. If the Controller obtains actual knowledge that it has collected Personal Data of a person under 18 years of age, it will proceed to delete it immediately, unless there is a legal obligation to retain it. If you consider that the Controller may have mistakenly collected information from or about a minor under 18 years of age, please contact the Controller through the contact information provided in this Notice.

17. Public information on the blockchain.

Certain personal information is public information (this may include the public address of your web3 Wallet, username, and the public transactions in which you have participated), and may be viewed by anyone on the network due to the nature of the blockchain network, regardless of whether or not you have an account with the Controller. The public information may also be accessed, shared, or downloaded through APIs, SDKs, or third-party services that integrate with the Controller’s services.

18. Third-party analytics providers.

In order to improve the quality, usability, and reliability of the services, the Controller engages PostHog Inc., a company incorporated in the United States, as its product-analytics, heatmap, and session-replay provider. The processing carried out by PostHog Inc. is performed in its capacity as a data processor acting on behalf of the Controller, in accordance with the Applicable Laws and the principles of purpose and proportionality established in this Notice.

The Personal Data and behavioral information that PostHog Inc. processes on behalf of the Controller include: (i) the pages of the services visited by the Data Subject and the order in which they are visited; (ii) interactions with the user interface, including clicks and form submissions, the textual content of which is masked prior to transmission; (iii) aggregated data of cursor movement, click density, and scroll depth (“heatmaps”); (iv) reconstructions of the session consisting of document-object-model mutations and interaction events (“session replay”), in which every text node and every form-input value is masked at the software-development-kit level prior to transmission; (v) uncaught application exceptions; and (vi) environment metadata, including browser, device class, country, locale, and deployment environment.

For the purposes of the processing described in the preceding paragraph, the Controller implements the following safeguards: (a) all analytics traffic is routed through a first-party proxy hosted on the Controller’s own domain before reaching the infrastructure of PostHog Inc., for technical reasons of service continuity and not to circumvent the privacy preferences of the Data Subject; (b) form-input values and rendered text content are masked at the client-side software-development-kit level, prior to transmission, such that wallet balances, transaction amounts, identity-verification data, authentication codes, and email addresses appear as placeholder values in the events and recordings transmitted; and (c) the identifier of the Data Subject transmitted to PostHog Inc. is an opaque internal identifier and does not correspond to the wallet address or the email address of the Data Subject.

PostHog Inc. stores a limited set of identifiers in cookies and browser-local storage on the Data Subject’s device. The principal entries are: (i) a persistent pseudonymous identifier (the PostHog distinct_id), stored under ph_<token>_posthog, which ties together pageviews, autocapture interactions, heatmaps, session replays, and the $identify event for the Data Subject across sessions on the device; (ii) a feature-flag evaluation cache, stored in the same record, which holds the server-evaluated configuration of feature flags relevant to the Data Subject; and (iii) session-rotation metadata under __ph_<token>, which holds the current session identifier and its rotation timestamps. These identifiers are not used for advertising purposes and are not shared with advertisers.

The Data Subject may: (i) clear the cookies and browser-local storage associated with the Controller’s domain through the browser’s settings, which removes all PostHog Inc. identifiers stored on the device; (ii) enable strict tracking-protection settings in the browser, in the understanding that, because the analytics traffic is routed through the Controller’s own domain as described above, the default lists of ad-blockers and tracker-blockers will not block this traffic in the same manner in which they block direct requests to the domains of PostHog Inc., and that stricter browser features may still limit or block such analytics; and (iii) request the deletion of their Personal Data from the systems of PostHog Inc. by addressing the request to the email account privacy@palpito.com.

The Controller may, from time to time, engage additional analytics providers — including, without limitation, Vercel Inc. (United States) for aggregate traffic and page-performance metrics — under the same principles of purpose, proportionality, and Data Subject control established in this Notice.

By making use of the services, the Data Subject consents, to the extent permitted by the Applicable Laws, to the processing described in this section.

19. Expression of Express Consent

By means of electronic mechanisms enabled in the platform’s registration flow, including without limitation clickwrap-type agreements, that allow you to express your acceptance of this privacy notice, including by way of example but not limitation, the creation of the account, the selection of acceptance buttons, the checking of a checkbox, or another equivalent electronic mechanism that implies an express expression of will.

Date of update: June 8, 2026