Based on the Personal Data Protection Law (Official Gazette of the Republic of Serbia no. 87/2018) and General Data Protection Regulation of the European Union (2016/679), Aklamator, on (date) 01.Avg 2022. brings the following:

PRIVACY POLICY

1. INTRODUCTORY PROVISIONS

1.1. This act (hereinafter: Privacy Policy / Policy) informs Service users/Website visitors about which personal data is collected by the Aklamator's platform called "Aklamator" located on the Internet domain: www.aklamator.com. The Policy also informs Service users/Website visitors about the purpose and basis of their processing, length of data storage, instructions on the rights of Service user and Website visitor, procedures in case of incidents, as well as the Service user's and Website visitor's consent given to the Website/Platform to collect, process and store their personal data, as prescribed below.

1.2. This act also informs Visitors of the Service user's website about which personal data is collected and processed by the Aklamator who process their data in the capacity of a Processor or Joint Controller all in accordance with this Privacy Policy.

1.3. The Website/Platform uses Service user's\Website visitor's data in accordance with this Privacy Policy, and undertakes to protect the privacy of all users and visitors, to collect only necessary, basic personal data about users and visitors, i.e. data necessary for the operation of the Platform, fulfillment of contractual obligations, informing users and visitors, in accordance with good business practices and to provide quality service, all in accordance with the Privacy Policy.

1.4. By using the Website/Platform, the Service user\Website visitor declares that he/she has read, understood and accepted this Privacy Policy, i.e. that he/she has agreed to the collection, processing and storage of his/her data in the manner prescribed by the Privacy Policy.

1.5. The Service user/Website visitor declares that before accepting the Privacy Policy, he/she has read, understood and accepted the terms and conditions of the Terms of use, which can be found on www.aklamator.com(hereinafter: Terms of use).

1.6. The platform "Aklamator" and website www.aklamator.com is owned and controlled by Aklamator who process and collects Service user's/Website visitor's personal data in the capacity of a Controller.

1.7. The Privacy Policy is made in accordance with the provisions provided by The Personal Data Protection Law of the Republic of Serbia (as the Data subjects are mostly from Republic of Serbia) and the General Data Protection Regulation of the European Union (2016/679). The provisions of previously mentioned documents shall apply to everything that is not regulated by the Privacy Policy.

1.8. This Privacy Policy is harmonized with the Aklamator's Terms and Conditions

2. MEANING OF TERMS

2.1. The terms used in this Privacy Policy have the following meanings:

• CONTROLLER - Aklamator who processes and collects Service user's/Website visitor's personal data;
• PLATFORM AKLAMATOR or PLATFORM - software code used to create a widget;
• WEBSITE AKLAMATOR or WEBSITE - website located at www.aklamator.com through which Website Visitors and Service users can contact Aklamator in order to provide the Service and through which they can be informed about the Platform itself and Services;
• WIDGET - a responsive HTML element on the Service user's website, where the Aklamator is allowed to place distributed content and advertisements ("ad units");
• HOME WEBSITE - the Service user's website where the widget is located;
• DESTINATION WEBSITE - a website page of the Service user or Advertiser or a third party who is not Service user to which the widget refers;
• ADVERTISER - client of the Service user whose advertising units are advertised through the Aklamator Platform;
• CONTENT - ad units (advertisements), text, photos, audio or video recordings, titles, descriptions, trademarks, lists, abstracts, ad target options, domain names, ad content, URLs, as well as all other information place and publish on the Destination site / site of the Service user;
• SERVICE - a service provided by Platform Aklamator, which consists of enabling widgets creation used to exchange and promote content and ad units, then publish ads using Google advertising services and potential direct sales of advertising space;
• "Service to Visitors of the Service User's Website" or "VSUW Service" - a service provided by the Aklamator Platform consisting of enabling visitors of the Service user's website to be directed to the Content of the Service user's Destination Site / Site;
• DIRECT CONTRACT - a document which regulates the rights and obligations between the Aklamator who is service provider and the Service user, which relate to the provision of the service;
• USER ACCOUNT or ACCOUNT - an account that the Service user registers by entering the name and surname, as well as by entering the e-mail address on the Aklamator Website, and entering the password, Internet domain name of the Service user, brief description of the website, reason for creating the account, desired number unique visitors of the website on a monthly basis, the number of views of the user's website by visitors on a monthly basis, which allows the User of the Service to use the Service;
• VISITOR OF THE AKLAMATOR WEBSITE/WEBSITE VISITOR - a natural person who accesses the content of the Aklamator Website www.aklamator.com, but is not a Service user;
• VISITOR OF THE SERVICE USER'S WEBSITE - a natural person who accesses the content of the Service user's website;
• USER OF THE SERVICE/SERVICE USER - Publisher, natural person or representative of a legal entity that is a registrant of the account on the Aklamator website, which uses the Aklamator Platform service;
• PUBLISHER - a legal or natural person registered in the competent register as a media publisher who is also Service user;
• DATA SUBJECT - common name for the Website visitor, Visitor of the Service user's website and Service user;
• TERMS OF USE - a document prescribing the terms and conditions of use of the Aklamator Platform and the Aklamator Website;
• LAW - The Personal Data Protection Law of the Republic of Serbia ((Official Gazette of RS No. 87 of 13 November 2018 );
• GDPR - General Data Protection Regulation of the European Union (2016/679);
• CONSENT - is any freely given, specific, informed and unambiguous indication of Service user/Visitor of the Service user's website/Website visitor wishes by which he or she, by a statement or by clear affirmative action, gives agreement to the processing of personal data relating to him or her;
• PERSONAL DATA - are any information relating to an individual whose identity is identified or identifiable, directly or indirectly, in particular by reference to an identifier such as name and identification number, location data, an online identifiers, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity;
• PERSONAL DATA PROCESSING - is any operation or set of operations which is performed whether or not by automated means related to Service user's/Visitor's of the Service user's website/Website visitor's personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
• PROCESSOR - is a natural or legal person, hired by the controller to process data subject personal data on controller's behalf and for controller's account;JOINT CONTROLLERS - two or more controllers who jointly determine the purpose and method of processing, as well as the responsibility of each of them for compliance with the obligations prescribed by the Law, especially the obligations regarding the realization of the rights of the Data subject;
• THIRD PARTY - is natural or legal person, or authority, which is not the data subject, Controller or Processor, nor the person authorized to process personal data under the direct supervision of the Controller or Processor;
• SUPERVISORY AUTHORITIES - are one or more independent public authorities who are responsible for monitoring the application of the Law, in order to protect the fundamental rights and freedoms of natural persons in relation to processing and to facilitate the free flow of personal data. The supervisory authorities are responsible for preventing, investigating and detecting criminal offenses, as well as prosecuting perpetrators of criminal offenses or criminal sanctions execution, and protection and prevention of threats to public and national security, and legal person responsible for committing the above affairs from a item authorized by the law;
• THE COMMISSIONER or SUPERVISORY BODY - is an independent and autonomous public authority established under the law, which is responsible for supervising the implementation of The Law and performing other law determined tasks.;
• FAST SPRING - an intermediary through which the Service is paid, and through the intermediary platform https://fastspring.com/.

3. DATA CONTROLLER/PROCESSOR

3.1. Aklamatorin the capacity of a Controller, is responsible for personal data collected from the Service user\Website visitor, in the manner and to the extent provided by this Policy, the Law and GDPR.

3.2. Aklamator shall take the necessary technical, organizational and personnel measures to ensure that the processing is carried out in accordance with The Law and GDPR. Aklamator shall be able to present it to the Data subject, taking into account the nature, scope, context and purposes of the processing, as well as the risk occurrence probability and severity for the rights and freedoms of the Service user/Website visitor/Visistors of the Service user's website.

3.3. Information on which Employees at the Aklamator has access to the personal data, and who is their administrator, is contained in the Record of processing activities referred to in Article 13.

3.4. Aklamator process data referred to in Article 4.4. from Visitors of the Service user's website in the capacity of a Processor or Joint Controller on Service user's behalf and for Service user's account.

4. THE SERVICE USERS/WEBSITE VISITORS/VISITORS OF THE SERVICE USER'S WEBSITE DATA THAT ARE COLLECTED AND PROCESSED

4.1. In order to fulfill the rights and obligations established by the Terms of use (hereinafter: Terms of use ), as well as in order to respect the legal obligations or other legitimate reasons and reasons for the improvement, more efficient and lawful work of the Aklamator, or as a result of the given consent of the Service user/Website visitor/Visitor of the Service user's website, the Aklamator collects and processes Service user's/Website visitor's/Visitor's of the Service user's website personal data.

4.2. Aklamator as a Controller collects and processes some of the following Service user's information and data:

• E-mail address;
• Name and surname;
• Address;
• Current account;
• password (code);
• website name;
• short description of the website;
• the reason for creating the account in order to use the Service;
• number of unique visitors to the Service user's website on a monthly basis;
• number of views on the Service user's website on a monthly basis by visitors.

4.3. Aklamator collects and processes IP address (IPv4 and IPv6) from Website visitors and Visitors of the Service user's website.

4.4. Aklamator collects and processes some of the following information and data from the Visitor of the Service user's website in the capacity of a Processor or Joint Controller:

• visitor's browser;
• visitor's browser version;
• operative system of the visitor;
• time and date of the visit;
• type of visitor's device (indirectly through the operating system);
• collection of location data indirectly via IP address;
• screen width;
• visitor's cache memory.

4.5. Aklamator collects and processes e-mail address from The Visitor of the Aklamator's website www.aklamator.com, who leave their e-mail address on their own initiative, for account registration purposes.

4.6. Special categories of personal data

4.6.1. Aklamator does not process personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a person's sex life or sexual orientation.

4.7. Data obtained from the Internet browser of the Visitors of the Service user's website Html hash

4.7.1. For the purposes of creating a widget, Aklamator uses Html hash, which serves to indirectly monitor whether the Visitor of the Service User's website has already been on the Destination site. The reason is to prevent the Service user's website from reloading, and to prevent the Aklamator's service from being overloaded.

4.7.2. The Service Aklamator does not collect cookies from the Visitor of the Service User's website.

4.7.3. The widget created by the Aklamator Service refers to the Destination site whose Content/Ad units is edited through its editorial policy.

5. PURPOSE AND LAWFULNESS (LEGAL BASIS) OF PROCESSING

5.1. The data referred to in Article 4, Aklamator shall process:

• based on the performance of a contract between the Aklamator and the Service user, as stipulated by the Contract, general acts and The Law, referred to in Article 12, paragraph 1, item 2 of The Law;
• based on the compliance with a legal obligation of Aklamator referred to in Article 12, paragraph 1, item 3 of The Law;
• based on the consent given by the Service user/Website visitor for one or more specific purposes, which may take a separate form, in which case consent is considered to be given if he/she agrees to it, in terms of Article 12, paragraph 1, point 1 of The Law, or it may consist of an action from which it can be concluded that the Data subject agrees with certain processing;
• according to the other law stipulated conditions under which Aklamator is obliged to collect, store and process the data of the Service user/Website visitor.

5.2. Personal data referred to in Article 4 is processed by Aklamator for the following purposes:

• Realization of Aklamator and Service user contractual obligations (data referred to in Article 4.2, 4.3 and 4.4) ;
• Fulfillment of the Aklamator's legal obligations (data referred to in Article 4.2) ;
• For the purpose of placing appropriate content intended for Visitor of the Service user's website from specific country (data referred to in Article 4.4, item 6);
• In order to speed up the loading of data, i.e. so that the Service Aklamator would not be unnecessarily burdened. This information is also used indirectly for the purpose of placing different content for the Visitor of the Service user's website (data referred to in Article 4.4, item 8);
• For the purpose of receiving newsletters, i.e. notifications about news and promotional offers at the Aklamator, with the possibility of cancellation at any time, click on the field "unsubscribe" (Data referred to in Article 4.2, item 1 and Article 4.5.);
• For the purpose of keeping statistics for each Service user on the Platform, providing insight into the number of visits, views and number of clicks on the widget (data referred to in Article 4.4, items 1-8);
• For other purposes for which the Service user/Website visitor consent has been given, unless the consent has been withdrawn in accordance with The Law and this Policy;
• For other purposes in accordance with The Law.

5.3. Processing for other purposes

5.3.1. If processing for a purpose is different than the purpose for which the data was collected is not based on the law or on the consent given by the data subject, Aklamator, with due regard to adequate security measures, shall evaluate whether the other purpose of the processing is consistent with the purpose of the processing for which the data were collected, taking particular account of:

• whether there is a connection between the purpose for which the data was collected and the other purposes of the intended processing;
• the circumstances in which the data were collected, including the relationship between the Aklamator and the Data subject;
• the nature of the data, and in particular whether special types of personal data are processed;
• the possible consequences of further processing for the Data subject.

5.4. Aklamator is obliged to constantly apply adequate technical, organizational and personnel measures to ensure that only the personal data necessary for the accomplishment of each individual purpose of processing are processed, which is applicable to the number of data collected, the extent of their processing, the deadline for their storage and their availability.

5.5. Using data referred to in Article 4.2. item 1 and 4.5., for the purposes referred to in Article 5.2 item 5, mainly for marketing purposes, are collected exclusively on the basis of the explicit consent of the Service user/Website visitor, and he/she has the possibility to withdraw the given consent, all in accordance with Article 6.3. and other provisions of the Privacy Policy.

6. CONSENT

6.1. In case that some of the network's ads collect cookies, the Visitors of the Service user's website have to give their consent to see that ads i.e. Content. Consent from the Visitors of the Service user's website is collect by the Publisher/Service user. If the Visitors of the Service user's website has not given consent, the Content will not be displayed..

6.2. Data subject is not conditioned by giving consent to be provided with a service or part of a service for which performance consent is not necessary and it should be considered voluntary unless, it is impossible for the Data subject to exercise his/her right, without the processing for which consent is required.

6.3. Service user/Website visitor has the right to withdraw consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It must be as easy to withdraw as to give consent.

7. DATA SUBJECT'S RIGHTS UNDER THE PERSONAL DATA PROTECTION

7.1. The right to be informed and the right to access information:

7.1.1. Aklamator is obliged to, on Data subject's request, provide them with following information in a concise, transparent, intelligible and easily accessible manner, using clear and plain language:

• the identity and contact details of the Aklamator and the Aklamator's employee responsible for the subject personal data processing;
• the purposes of the processing for which the personal data are intended as well as the legal basis for the processing;
• the existence of a legitimate interest of the Aklamator or a third party, if the processing is based on a legitimate interest;
• the recipient or group of recipients of personal data, if there are any;
• the fact that the Aklamator intends to disclose personal data to another country or international organization;
• period of time for which the personal data will be stored, or if not possible, the criteria used to determine that period;
• the existence of the right to require access, correction or deletion of his or her personal data from the Aklamator, i.e. the existence of the right to limit processing, the right to object, as well as the right to data portability;
• the existence of the right to withdraw consent at any time, and that the withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal;
• the right to lodge a complaint with the Commissioner;
• whether the provision of personal data is a legal or contractual obligation or whether the provision of information is a necessary condition for the conclusion of the contract, as well as whether the data subject has an obligation to provide personal data and the possible consequences of not providing the data;
• the existence of automated decision-making, including profiling, if the Aklamator performs such processing.

7.1.2. At the request referred to in Article 7.1.1. Aklamator must responds within 30 days, but this time limit may be extended by another 60 days if it's necessary, taking into account the complexity and number of requests. Aklamator is obliged to inform the Data subject of the extension of the deadline and the reasons for such extension within 30 days from the day of receipt of the request, and if the Data subject has submitted the request electronically, the information should be provided electronically if possible.

7.2. Right to rectification and amendment

7.2.1. The Service user/Website visitor has the right to ask for a correction of inaccurate personal data concerning him/her, without delay if it is possible. Taking into account the purpose of the processing, the Service user/Website visitor has the right to have incomplete personal data completed, which includes providing a supplementary statement.

7.2.2. If it is possible to make the rectification by correction, deletion and entering of other data by the Service user/Website visitor, he/she will execute the correction referred to in Article 7.2.1. alone.

7.2.3. If the Service user/Website visitor is not able to make the correction in the manner referred to in the Article 7.2.2. he/she will address Aklamator with that request.

7.3. Right to erasure ('right to be forgotten')

7.3.1. If the legal requirements are fulfilled, Aklamator is obliged to erase the personal data referred to in Article 4 at the request of the Data subject without delay in the following cases:

• personal data are no longer necessary, in relation to the purpose for which they were collected or otherwise processed;
• The Data subject withdrew the consent on which the processing was based on, in accordance with the Law, and there is no other legal ground for the processing;
• The Data subject has filed a complaint about processing in accordance with The Law, and there is no other legal ground for processing that outweighs the legitimate interest, right or freedom of the natural person;
• personal data were unlawfully processed;
• personal data must be erased in order to fulfill the legal obligations of the Aklamator;
• Personal data were collected in relation to the IT services within the meaning of The Law.

7.4. Right to restriction of processing

7.4.1. Data subjects have the right to ask Aklamator to limit the processing of data relating to them, if the processing is illegal, if the inaccuracy of the data is indicated, if an objection to processing is submitted in accordance with the Law, as well as if there are other legal reasons for such request.

7.5. Right to object

7.5.1. Depending on the specific case and whether he/she considers it justified, the Data subject shall has the right to object to Aklamator at any time to the processing of his/her personal data based on the consent, and the Aklamator is obliged to suspend the processing of the Data subject's who filed the objection.

7.5.2. Aklamator is not obliged to interrupt the processing in the manner referred to in Article 7.5.1. if it informed the Data subject about legal grounds for processing which outweigh the interests, rights or freedoms of that Data subject or are related to the submission, exercise or defense of legal claims.

8. DATA SUBJECT'S STORAGE OF PERSONAL DATA

8.1. The personal data of the Service user referred to in Article 4.2 are stored on Aklamator's website called www.aklamator.com in electronic form, on the server database where passwords are stored in hashed form, servers are Hetzner GMBH.

8.2. The personal data of the Service user referred to in Article 4.2. item 3,4,5, and 6, collected on the basis of the performance of a contractual obligation through a Direct Contract, stored in electronic form, on the server that are provided by Hetzner GMBH.

8.3. In case of data storage location change from Article 8.1 and 8.2., Aklamator will amend the Privacy Policy and notify to the Data subject and publish the amended version on the website.

9. ACCESS TO DATA BY THIRD PARTIES/ PERSONAL DATA PROCESSORS

9.1. Aklamator is authorized to use the services of accounting agencies, developers, IT consultants and other external and internal associates for the purposes of fulfilling the obligations of the contract, performing payment transactions, legal obligations, maintaining the service, and improving its work, and it is responsible for their work and results, in accordance with The Law.

9.2. Aklamator guarantees that its Processor will implement appropriate technical, organizational and personnel measures, so that the processing is carried out in accordance with The Law and that adequate protection of the Data subject's personal data is ensured.

9.3. For the purpose of providing the conditions referred to in Article 9.2. Aklamator and its Processor may conclude a contract on data processing, which shall be an integral or accompanying part of the basic contract. The contract shall, among other things, has all the accompanying elements provided by The Law.

10. DATA SECURITY

10.1. While assessing of the required level of established security of personal data, Aklamator takes into account and monitors the level of technological achievements as well as the cost of their implementation, the nature, context, circumstances and purpose of data processing and on the basis of these parameters assesses the likelihood of risk occurrence, i.e. potential level of risk to the rights and freedoms of individuals.

10.2. In relation to the circumstances referred to in Article 10.1. Aklamator will implement appropriate technical, organizational and personnel measures to achieve the required level of security in regard to the risk.

10.3. Aklamator is obliged to provide a secure communication channel through which the data travels to its Processors, as well as to make sure that data are securely stored with provided adequate security standards.

10.4. All data are strictly kept and are available only to the persons engaged by the Aklamator who need these data to perform the work. Aklamator is responsible for respecting the principles of privacy protection, in accordance with the Privacy Policy.

10.5. Service user's personal and address data provided to Aklamator when completing the questionnaire are considered confidential, and Aklamator is prohibited from selling, ordering, providing or exchanging Service user's name in any form to any third party, unless it is a competent State authorities.

10.6. When it comes to the security of the Service user's confidential data when he/she paying with payment cards, payment is made through the FastSpring platform as an intermediary, who can be reached on the web page https://fastspring.com/. The Service user leaves his/her data regarding the payment when paying for the Service, Aklamator does not have access to or process this data. With regard to this information and the method of payment, the rules apply according to the Privacy Policy and Terms of Use displayed on the FasSpring website https://fastspring.com/.

10.7. Payment card information is not available to Aklamator at any time during the transaction.

10.8. Personal and address (current account and the address of the Service user) data by the Services provided to Aklamator during the purchase process are considered confidential, and Aklamator is prohibited from selling, ordering, providing or exchanging Service user's name or information on the current account in any form to any third party , unless the third party is a bank or competent state authorities.

11. DATA PROTECTION BREACH PROCEDURE

11.1. If there is a threat to the information referred to in Article 4, security referred to in Article 10, Aklamator shall take all necessary measures of notification and protection provided by The Law, including notification to the competent Supervisory Authority, as well as to Data subject in accordance with the Privacy Policy and The Law.

11.2. In the case of personal data breach that may produce a risk to the Data subject's rights, Aklamator shall, without undue delay, and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the Supervisory authority, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. If the notification to the Supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.

11.3. The notification of Aklamator to the Supervisory authorities referred to in Article 11.2. shall at least:

• describe the nature of the personal data breach including where possible, the categories and approximate number of Data subject and the categories and approximate number of personal data records concerned;
• communicate the name and contact details of the data protection officer or other contact item where more information can be obtained;
• describe the likely consequences of the personal data breach;
• describe the measures taken or proposed to be taken by Aklamator to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

11.4. In case of a personal data breach, Aklamator shall inform Data subjects about the personal data breach that may produce a risk to the rights and freedoms of individuals.

11.5. The communication to the Data subject referred to in Article 11.4. shall describe in clear and plain language the nature of the personal data breach referred to in Article 11.3.

11.6. The communication to the Data subject referred to in Article 11.4 shall not be required if any of the following conditions are met:

• Aklamator has implemented appropriate technical and organizational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorized to access it, such as encryption;
• Aklamator has taken subsequent measures which ensure that the high risk to the rights and freedoms of Data subject is no longer likely to materialize;
• it would involve disproportionate effort. In such a case, there shall instead be a public communication or similar measure whereby the data subjects are informed in an equally effective manner.

11.7. If the Data subject come to find out of any incident that has led or may lead to endangerment of his/her or personal data of third parties, shall immediately notify to Aklamator via the contacts contained in this document.

12. DATA STORAGE LIMITS

12.1. Data referred to in Article 4 shall be kept for as long as is necessary for the purpose for which they are processed, except in the case where the basics of collecting these data is the consent of Services user/Website visitor.

12.2. In the case referred to in Article 12.1. when the legal bases of collecting data about the Service user/Website visitor referred to in Article 4 is his/her consent, this data will be stored until removal of the given approval in accordance with the Article 6.3.

13. RECORD OF PERSONAL DATA PROCESSING ACTIVITIES OF SERVICE

13.1. Aklamator keeps a record of the processing of personal data of the Data subject referred to in Article 4 of this Policy.

13.2. In addition to the name and business data of the Aklamator, the record consists of the following information: the category of person whose data are processed, the category of personal data, the purpose of processing, the third parties to whom the data were disclosed, the length of data storage, the description of protection measures, the form in which the data are stored.

13.3. Record referred to in Article 13.1. is kept in electronic form and it is stored permanently, in accordance with The Law.

14. HOW AKLAMATOR COLLECTS AND PROCESS PERSONAL DATA FROM THE VISITORS OF THE SERVICE USER'S WEBSITE

14.1. "KH"- For domains that serve Aklamator widgets, Aklamator can optionaly activate this feature, enabling if that domain was visited from that browser. Aklamator does not set cookie nor Aklamator can track all visited domains. When this feature is active on Publisher website, Aklamator collects internal_id + domain_id data. This feature enables displaying only Content that Visitor of the Service user's website did not visit yet. Aklamator deletes personal data once a day, and only total number of Visitors of the Service user's website per domain is stored. The purpose of this feature is to measure success when the number of unique visitors is improved.

• Example: If your internal_ID is "FIJM87WE" and that browser has visited partnerdomain1.com and partnerdomain2.com, in Aklamator's server memory Aklamator stores "FIJM87WE,1,2" so when the same browser visits on the same day partnerdomain3.com, in widgets you will not see any articles from partnerdomain1.com and partnerdomain2.com for that calendar day If you delete browser cache (hard refresh CTRL + R) cache is emptied and internal_id is not present anymore. So if you reload partnerdomain3.com you will see the articles from all three domains.

14.2. "HideArticle" - If this feature is activated, Aklamator temporary stores internal_id, article_ids in order not to display articles that are not intended. Aklamator stores previously mentioned data for up to 72hours.

• Example: If your internal_ID is "FIJM87WE" and articles Article2 and Article3 should not be displayed for that browser, Aklamator stores for 72hours in server memory "FIJM87WE,2,3" so when you visit the domain with widget that have content Article1,2,3,4,5... You will not see Article2 and Article3.

14.3. "ConsentCheck"- consent status. If "consent check" is active, usually only necessary if widget contain ads, and if user have denied consent Aklamator uses this information to fullfill users decision and avoid loading/displaying ads. Aklamator stores total count - number of new consent given/denied, and previously given/denied consent per each domain. This data is never stored per browser, only summarized. Once a day, before deleting memory buffer, Aklamator summarizes above data, and have total number of views, clicks, number of different visitors (different internal_ids) for each domain. This essentially does not contain browser ID only summarized number of consent given or not given for the purpose of Ad displaying.

14.4. "GeoTarget" - if feature is active, before displaying widget, articles or ads, Aklamator resolves Visitor's of the Service user's website IP address to the country level, in order to display geotargeted ads. This info is never stored per Visitor of the Service user's website, only used during displaying widget Content.

15. COMMISSIONER / SUPERVISORY AUTHORITY

15.1. For the data subject from Republic of Serbia: The Supervisory Authority for Personal Data Protection in the Republic of Serbia is the Commissioner for Information of Public Importance and personal data protection of the Republic of Serbia. You can contact the authority at Bulevar kralja Aleksandra 15th street, 11000 Belgrade, Republic of Serbia, by email at [email protected] or by phone at +381 11 3408 900.

15.2. If the Data subject is from country of the European Union, he/she can contact the Supervisory Authority from his/her country for information about personal data protection.

15.3. Aklamator cooperates with the Commissioner in the exercise of his powers, in accordance with the obligations prescribed by The Law.

16. CONTACT DATA OF THE AKLAMATOR

16.1. In case of need for interpretation of the Policy's provisions, exercise of the Data subjects rights referred to in Article 4, as well as other issues prescribed by the law, the Data subjects may contact Aklamator using the web form: https://aklamator.com/contact

17. FINAL PROVISIONS

17.1. By accepting the Privacy Policy, i.e. by accession to the Platform, the Service user/Website visitor confirm that he/she has read it and understood it, and agrees with the bases and purposes of data processing, as stipulated by this document.

17.2. All changes to the Privacy Policy shall be publicly available at the designated place on the Aklamator's Platform, of which Data subjects will be informed through the same means of communication, in a way that will allow them to read the new document.

18. APPLICABLE LAW AND JURISDICTION

18.1. The substantive law applicable to the processing of personal data and in connection with the processing by Aklamator is the law of the Republic of Serbia, the Law on Personal Data Protection as well as GDPR where applicable.

18.2. For administrative and judicial proceedings, locally competent are authorities and courts of the Republic of Serbia in accordance with the positive legislation of that country.