Privacy Policy Website

PRIVACY POLICY FOR SERVICES PROVIDED BY RELAP

RELAP MEXICO SA DE CV, (hereinafter, “RELAP”) is a Mexican variable capital corporation with the Tax Identification
Number (RFC) FAN1504301J3, and registered address at Calle 45, 321, Colonia Aurea Residencial, 97203, Mérida,
Yucatán, Mexico; privacy policy clearly explains how RELAP processes personal data obtained from its commercial
partners, acting as Data Procesor, in order to be able to provide its services. Hereinafter we will describe how do we
provide our services and also our products and services allow its customers to buy advertising spaces on line and to
use our analysis and measure products.

COLLECTION AND PURPOSES OF PERSONAL DATA PROCESSING.

Whenever the final user visits any of our partner´s sites or any on line add, we assign such user a user unique
identifier (a random and unique combination of characters), “cookie”

Something similar occurs whenever a user watch or interact with an on line add which has been place by RELAP.

The purpose of processing the data we collect is to offer the best advertising campaigns to each user, campaigns
that are of their interest, in order to be able to be accurate, RELAP needs to collect certain information. However,
RELAP will not proceed to sale data to any third party without the express authorization of the owners of the data.

RELAP collects information regarding end user´s devices behavior. There are different ways to obtain user and
device information, and they might vary depending on the device and the environment. The information that we
might collect, process or share also varies according to the collaborator with whom we are working with and the
object of the contract that we have signed with each one of them.

Please find below and explanation of some of the personal data to which we might have access to:
- IP address: a unique set of numbers that identify the location of a device in a network, data that RELAP collects
with the sole purpose of offering adequate content in accordance with the location of such IP.

What data do we not collect?

RELAP, as indicated in this section, does not treat personal data of sensitive categories, only identifiable user data.
RELAP does not have segments targeted at children under 13 years of age
RELAP does not collect any impression-level data through the ad that will be used for subsequent ad targeting
RELAP does do not use hyperlocal geotargeting (especially with mobile ads via GPS)
RELAP does do not use browser packet-sniffing (reading packets of information from the HTTP request)

RELAP does not perform browser/device fingerprinting

Which purposes we do not use personal data for?

End users will not be identified in order to know who they are.
RELAP does not use scanning information reading packets (browser packages of the HTTP request) that allows it to
collect user data.
RELAP does not use any Flash cookies/LSOs (HTTP/browser cookies only)
RELAP does not assist or knowingly permit any 3rd party to set a cookie, or alter/delete a cookie set, on
any Google Owned and Operated domains (e.g. on the DoubleClick domain).
RELAP does not perform impression-level page scraping

PERSONAL DATA RECIPIENT

Personal data collected in the provision of services will not be transferred to other people or companies to be used
for their own purposes.

RELAP does not share cross-client data (clients of licensed technologies need to own data collected from campaigns
and licensed tech vendors can only use aggregated data for system improvements).

However, RELAP will disclose to the competent public authorities the Personal Data and any other information that
is in its power or accessible through its systems and is required in accordance with the legal and regulatory
provisions applicable to the case.

Likewise, personal data may be shared with other companies that will be under-charged with the processing of their
data. You can find an updated list of the sub-processors with which RELAP collaborates here:

– Supply Side Platforms:
o Google, LLC
o Pubmatic, Inc
o Smart AdServer SAS
o Xandr Inc
o TripleLift Inc
o A9.com Inc

– Data management Platform
o Digital Media Technology SLU

Subprocessors shall (i) agree in writing to process data according to the instructions provided by the owner of the
data and/or the data controller, (ii) to implement appropriate technical and organizational measures to protect the
data against any possible security breaches (iii) to ensure full compliance with RGPD requirements.

STORAGE PERIOD

Personal data will be kept for attend the purposes mentioned above based on your consent. Once your consent is
revoke RELAP will keep the personal data duly blocked for a period of 5 years with the sole purpose of attending to
any type of responsibilities that may arise. Once prescribed such responsibilities, your personal data will be delete.

USERS RIGHTS

Any User who wishes to exercise his or her rights of access, rectification, erasure, restriction of the processing, to
data portability or of objection must notify RELAP upon written request send to the email address:
[email protected]. In accordance with GDPR provisions, the contents of the rights that Users are entitled to are
the following: Right of access, Right to rectification, Right to erasure. Right of objection, Right to restrict the
processing, Right to data portability and Right to file a complaint before the relevant Supervisory Authority.

SECURITY MEASSURES

RELAP will treat your personal data in an absolutely confidential way. Likewise, RELAP has implemented adequate
technical and organizational measures to guarantee the security of its personal data and to prevent its destruction,
loss, illegal access or unlawful alteration. When determining these measures, criteria such as the scope, context and
purposes of the treatment and the existing risks have been taken into account. RELAP guarantees the following
security measures:

 – Pseudonymization and encryption of personal data.
 – The ability to guarantee the confidentiality, integrity, availability and permanent resilience of the treatment
systems and services.
 – The ability to restore availability and access to personal data quickly, in case of physical or technical incident.
 – The process of regular verification, evaluation and assessment of the effectiveness of technical and
organizational measures to ensure the safety of treatment.

RELAP is not responsible for any third parties ‘security meassures, for example, its partners. For more information
about their practices regarding the collection and process of personal data, you should consult their privacy
policies.

RELAP does not authorize any third party to install, alter or delete cookies in any domain owned and operated by
third parties, including but not limited to, Google Inc.

RELAP does not use any Flash / LSO cookie (only HTTP / browser cookies).

HOW TO AVOID YOUR PERSONAL DATA TO BE COLLECT AND/OR PROCESS?

You can change the preferences of your browser to choose which cookies it must allow access to. These
preferences are usually in the menu "options" or "preferences" of your browser. You can find more information
here, or in the menu "Help" of your browser:
 – Internet Explorer: Tools -> Internet Options -> Configuration. For more information, consult Microsoft support or
the Help tab.
 – Firefox: Tools > Options -> Privacy > History -> Personalized Configuration. For more information, consult Mozilla
Support or the Help tab.
 – Chrome: Configuration -> Show Advanced Options -> Privacy -> Content Configuration. For more information
consult Google Support or the Help tab.
 – Safari: Preferences > Security. For more information, consult Apple Support or the Help tab.
However, if you change your preferences and block these cookies, some functions of our Website will be annulled
and you will not be able to make the most of the features from our Website.

México, Mérida


Calle 45, Num. 321 por calle 24 Fraccionamiento Aurea, CP 97203, Mérida, México.