1. General provisions

1.1. This Privacy Policy (hereinafter referred to as the "Policy") defines the procedure for processing and protecting personal data of individuals and legal entities (hereinafter referred to as "Data Subjects") who use the services of the 1ADK platform (hereinafter referred to as the "Platform"), managed by the limited liability company SIA "FinMV", registered in accordance with the legislation of the Republic of Latvia, registration number: 40203378371, legal address: Vesetas iela 10–95, Rīga, LV-1013, Republic of Latvia (hereinafter referred to as the "Company").

1.2. The company processes personal data in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, hereinafter referred to as "GDPR"), as well as the national legislation of the Republic of Latvia in the field of data protection.

1.3. Within the Platform's operations, the Company typically acts as a data processor, while Clients purchasing Leads are data controllers. In certain cases, when the Company independently determines the purposes and means of personal data processing (for example, regarding Client data), the Company acts as a data controller.

1.4. This Policy applies to all data collected by the Company through the Platform, as well as through its subdomains, widgets, forms, calculators, and APIs.

2. Personal data subject to processing

2.1. The company may collect and process the following categories of data:

• Lead data: first and last name (if provided), phone number, email address, geographic data (country, city), language of communication, request text or other content of the inquiry.
• Client data: company name or individual's name, contact email address, legal address, invoicing details, auction filters and bid settings.
• technical data: IP address, browser and operating system information (User-Agent), session data, cookies, log files.

2.2. The company does not collect special categories of data (such as information about health, racial origin, political views), except when such information is voluntarily provided by the data subject.

3. Data processing goals

3.1. Processing of personal data is carried out solely for the following purposes:

• Transfer of Leads to selected Clients based on the auction algorithms of the Platform;
• Ensuring the operation of the Platform, its services, and analytics.
• calculation and accounting operations;
• providing technical support and notifications to clients;
• Compliance with legislative requirements, including tax and financial regulation.

3.2. Lead's personal data is processed only until they are transferred to the Client, and then stored in an anonymized form solely for statistical and analytical purposes.

4. Legal grounds for processing

4.1. The legal grounds for processing personal data within the framework of this Policy are:

• Data subject's consent expressed at the moment of filling out a form or application on the Platform (Art. 6(1)(a) GDPR);
• performance of the contract concluded between the Client and the Company (Art. 6(1)(b) GDPR);
• Legitimate interests of the Company and/or Clients related to organizing the transfer of Leads and ensuring their quality (Art. 6(1)(f) GDPR).

5. Data transmission

5.1. Full personal data of Leads are transmitted exclusively to one Client selected by the auction system and cannot be transferred to other individuals.

5.2. The company may transfer data to third parties only in the following cases:

• payment providers (Paddle, Stripe) - for processing payments;
• Infrastructure providers (Scaleway, Keycloak) - for authentication purposes;
• Mail service providers (Brevo) - for delivering notifications.

5.3. Transfer of data outside the European Union is only allowed if standard contractual clauses (SCCs) are applied or if another legal mechanism provided by the GDPR is in place.

6. Data storage

6.1. Lead's personal data is stored in full until they are transferred to the Client. After the transfer, they are deleted or anonymized (removal of name, phone number, email, and other identifiers).

6.2. Anonymized data can be stored and used for statistics, analytics, and improving Company's services.

6.3. Customer data is stored throughout the term of the contract and for at least five (5) years after its termination for accounting and tax purposes.

7. Data subjects' rights

7.1. Each Data Subject has the right at any time:

• access to your personal data;
• demand correction of inaccurate or outdated data;
• to demand the deletion of their data ("right to be forgotten");
• limit data processing;
• withdraw consent for data processing
• File a complaint with the supervisory authority - the State Data Inspectorate (Datu valsts inspekcija, Latvia).

8. Safety measures

8.1. The company takes all necessary organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, alteration, blocking, copying, and distribution.

8.2. Data transmission is carried out using the secure TLS protocol.

8.3. Access to data within the Company is restricted and provided only to authorized employees within the scope of their official duties.

9. Data Processing Agreement (DPA)

9.1. In cases where the Client acts as the data controller and the Company acts as the data processor, the parties may enter into a separate Data Processing Addendum (DPA) in accordance with Article 28 of the GDPR.

9.2. The DPA template is provided to the Client upon their written request and is an integral part of the contractual relationship when working with personal data.

10. Google authentication

10.1. For user convenience, we support platform login using a Google account (Google Sign-In / OAuth 2.0).

10.2. When logging in for the first time through Google, you are redirected to the Google authorization page, where you give consent to transfer the following data to us:

• name (title),
• email address,
• URL of your avatar.

10.3. We use the data received from Google solely for authentication and creating a user profile on the platform.

10.4. Data processing and transmission is carried out in accordance with Google's privacy policy.

• https://policies.google.com/privacy

10.5. The terms of use of Google APIs are governed by a separate agreement.

• https://developers.google.com/terms

11. Privacy Policy Updates

11.1. The company reserves the right to unilaterally change this Policy at any time.

11.2. The current version of the Policy is published on the website of Platform 1adk.com. Continued use of the Platform after the publication of a new version of the Policy is considered as the Client's agreement to the changes made.

12. Contact information

12.1. For questions related to the processing and protection of personal data, you can contact the Company:

• Email: office@1adk.com