Privacy Policy of Alpine Affiliate Partners GmbH

Effective date: 20 May 2026

1. Introduction and company information

This Privacy Policy explains how Alpine Affiliate Partners GmbH, Am Grünen Prater 2/1/12, 1020 Wien, Austria, phone +43 1 587 42 86, email [email protected], as data controller within the meaning of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Austrian Data Protection Act (“DSG”), collects, uses, stores, discloses, and protects personal data.

Alpine Affiliate Partners GmbH operates in the affiliate marketing sector. This means that we may process personal data in connection with website visits, affiliate tracking, lead generation, campaign management, business communications, and related services.

This Privacy Policy applies to personal data processed in connection with our website, business communications, contractual relationships, and any other interaction with Alpine Affiliate Partners GmbH, unless a separate privacy notice applies.

2. Data collection and processing

We may collect and process the following categories of personal data, depending on your interaction with us:

• Identification and contact data: name, business name, email address, telephone number, postal address, and similar contact details.
• Communication data: correspondence by email, telephone, contact forms, and other communication channels.
• Technical data: IP address, browser type and version, device identifiers, operating system, language settings, access times, referring URLs, and log data.
• Usage data: pages visited, clicks, session information, interaction with content, and website navigation data.
• Affiliate and tracking data: cookie identifiers, click IDs, conversion data, campaign identifiers, source/medium data, and attribution-related information.
• Contract and transaction data: details necessary for business relationships, invoicing, payment processing, and contract administration.
• Compliance data: information required to meet legal obligations, prevent fraud, or enforce legal claims.

We generally collect personal data directly from you, from your use of our website and services, from business partners, or from third-party service providers acting on our behalf or independently in accordance with applicable law.

Where required, we use cookies and similar technologies for technical operation, analytics, and affiliate tracking. Non-essential cookies and similar technologies are used only where legally permitted and, where required, after obtaining your consent.

3. Purpose of data processing

We process personal data for the following purposes:

• to provide and operate our website and services;
• to manage business relationships and communicate with clients, partners, and other contacts;
• to administer affiliate marketing activities, including tracking referrals, clicks, leads, and conversions;
• to analyse website performance, campaign effectiveness, and user engagement;
• to respond to inquiries and provide support;
• to perform contractual obligations and pre-contractual measures;
• to comply with legal obligations under Austrian, EU, tax, accounting, and commercial law;
• to detect, prevent, and investigate fraud, misuse, security incidents, and unlawful activity;
• to assert, exercise, or defend legal claims;
• to improve our services, processes, and internal administration.

4. Legal basis for processing

We process personal data only where a lawful basis under the GDPR applies. Depending on the specific processing activity, the legal bases may include:

• Article 6(1)(a) GDPR – Consent: for example, for non-essential cookies, certain tracking technologies, or marketing communications where consent is required.
• Article 6(1)(b) GDPR – Performance of a contract or pre-contractual measures: for processing necessary to establish, perform, or manage contractual relationships.
• Article 6(1)(c) GDPR – Legal obligation: for processing necessary to comply with statutory obligations, including accounting, tax, and record-keeping requirements.
• Article 6(1)(f) GDPR – Legitimate interests: for processing necessary for our legitimate interests or those of third parties, such as website security, fraud prevention, business administration, affiliate tracking, direct business communication, and service improvement, provided your interests and fundamental rights do not override those interests.

Where we process special categories of personal data, if ever applicable, we will do so only where a valid legal basis under Article 9 GDPR exists.

5. Data sharing and third parties

We may disclose personal data to the following categories of recipients where necessary for the purposes described in this Privacy Policy:

• IT and hosting providers;
• website analytics and tracking providers;
• affiliate network and campaign technology providers;
• customer relationship management and communication service providers;
• accounting, tax, legal, and compliance advisors;
• payment service providers and banking partners;
• business partners, advertisers, publishers, and other affiliate ecosystem participants;
• public authorities, courts, and regulatory bodies, where required by law or necessary to protect legal rights.

We only share personal data to the extent necessary and, where required, on the basis of appropriate contractual arrangements such as data processing agreements pursuant to Article 28 GDPR.

Third parties receiving personal data may act as processors or independent controllers depending on the specific context. Where third parties act as independent controllers, their own privacy notices apply.

6. Data transfer to third countries

Some recipients of personal data may be located outside Austria, the European Union, or the European Economic Area. In such cases, personal data is transferred only where permitted under the GDPR and applicable Austrian law.

Where a transfer to a third country takes place, we will ensure an adequate level of protection by relying on one or more of the following safeguards, as applicable:

• an adequacy decision by the European Commission;
• Standard Contractual Clauses approved by the European Commission;
• additional technical and organisational measures where necessary;
• your explicit consent, where legally permitted and appropriate.

Upon request, we can provide further information regarding the safeguards used for specific transfers, subject to legal and contractual limitations.

7. Storage duration

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable law.

• Contractual and business data: retained for the duration of the business relationship and thereafter for statutory limitation periods.
• Accounting and tax records: retained in accordance with Austrian statutory retention obligations, which may require storage for several years.
• Technical and log data: retained for a limited period necessary for security, troubleshooting, and system administration.
• Consent-based processing: retained until consent is withdrawn, unless another legal basis applies or retention is required by law.
• Affiliate tracking data: retained for the period necessary for attribution, fraud prevention, reconciliation, and contractual settlement, subject to applicable legal and contractual requirements.

When personal data is no longer required, it will be deleted or anonymised in accordance with our retention and deletion procedures.

8. User rights

Under the GDPR and applicable Austrian data protection law, you have the following rights, subject to legal limitations and conditions:

• Right of access (Article 15 GDPR): to obtain confirmation as to whether we process your personal data and to receive a copy of that data.
• Right to rectification (Article 16 GDPR): to request correction of inaccurate or incomplete personal data.
• Right to erasure (Article 17 GDPR): to request deletion of your personal data where the legal requirements are met.
• Right to restriction of processing (Article 18 GDPR): to request limitation of processing in certain circumstances.
• Right to data portability (Article 20 GDPR): to receive personal data you have provided to us in a structured, commonly used, machine-readable format and to transmit it to another controller where technically feasible.
• Right to object (Article 21 GDPR): to object, on grounds relating to your particular situation, to processing based on Article 6(1)(e) or 6(1)(f) GDPR, including profiling based on those provisions.

To exercise your rights, please contact us using the contact details provided below. We may need to verify your identity before responding to your request.

9. Withdrawal of consent

Where processing is based on your consent, you have the right to withdraw that consent at any time with effect for the future. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

You may withdraw consent by contacting us at [email protected] or by using any available consent management tools on our website, where applicable.

10. Right to complain

If you believe that the processing of your personal data infringes applicable data protection law, you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

In Austria, the competent supervisory authority is the Österreichische Datenschutzbehörde (Austrian Data Protection Authority).

11. Data security

We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures are designed to ensure a level of security appropriate to the risk.

Such measures may include access controls, encryption where appropriate, network and system security, backup procedures, role-based permissions, confidentiality obligations, and regular review of security practices.

Despite our efforts, no method of transmission over the internet or electronic storage is completely secure. We therefore cannot guarantee absolute security, but we continuously work to improve our safeguards.

12. Contact information

For questions regarding this Privacy Policy, the processing of your personal data, or to exercise your rights, please contact:

Alpine Affiliate Partners GmbH
Am Grünen Prater 2/1/12
1020 Wien
Austria
Email: [email protected]
Phone: +43 1 587 42 86

13. Changes to privacy policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, our processing activities, or operational needs. The current version published on our website applies.

Where changes are material, we will take reasonable steps to inform you in an appropriate manner. We encourage you to review this Privacy Policy periodically to stay informed about how we process personal data.