GENERAL CONDITIONS OF USE WEBSITE WWW.JOINTRIPLE.COM

IDENTIFYING DATA OF THE OPERATOR OF THE SERVICES

TRIPLE TECHNOLOGIES LTD (“TRIPLE”) Tax Identification Number: 12354376, Address: 20-22 Wenlock Road, London, England, N1 Registered with the Mercantile Registry of England and Wales, in volume 46500, Section 53, Sheet 8,. Mail: info@jointriple.com

1. ACCESS TO AND USE OF SERVICES OFFERED BY TRIPLE

1.1. Accessing the Website

These general conditions (hereinafter, the “General Conditions”) regulate the access and use of the website offered by TRIPLE through www.jointriple.com (hereinafter, the “Website"). Trough this Website, TRIPLE, provides the users with information of its services, activities, whitepapers and other related information.

1.2. Acceptance of General Conditions and of Specific Conditions where Applicable

Access to the Service requires acceptance of these General Conditions by Users, and as a result we ask that Users read them carefully before using the Service. If you do not accept these General Conditions, we ask that you abstain from using the Website and its content.

The subscription of the products or some of the related services may be subject to specific conditions which TRIPLE may establish at any given moment. These conditions may complete, amend or substitute the General Conditions, as the case may be. Hereinafter, any such conditions, or any other specific conditions from other services offered by TRIPLE at any given moment, will be referred to as “Specific Conditions”.

In addition, TRIPLE hereby informs Users that these General Conditions and any Specific Conditions, where applicable, may be adapted or modified at any time without prior notification. As a result, the User will have to read and accept any new versions of the General Conditions and, where applicable, the Specific Conditions.

1.3. Registration and Identification of the User in TRIPLE (Electronic Signature)

TRIPLE does not require prior subscription or registration to simply browse or access some of the services offered on the Website. Nevertheless, to actively use the TRIPLE Service requires prior registration and creation of a profile by the Users.

During the registration process, the User will be required to accept the Privacy Policy, the current General Conditions and, where necessary, any applicable Specific Conditions.

In particular, the User shall provide an email address and a personal password in order to make full use of TRIPLE. These identifying mechanisms and their use via the platform of TRIPLE which the User will have to download will serve as an electronic signature for the User in all its interactions with TRIPLE and with the retailers and financial entities that join TRIPLE (hereinafter, “Electronic Signature”).

Every User’s Electronic Signature will be personal and non-transferable. It will be the obligation of the User to communicate any changes to their personal information to TRIPLE. It is the responsibility of the User to take due care to prevent access and/or unauthorized use by third parties that may access or use the Electronic Signature in its name. In addition, the User will have sole responsibility for the selection, loss, theft or unauthorized use of any identifying password or code and for any consequences thereof.

In any case, the User shall be fully responsible for the proper use of the Electronic Signature. The User must refrain from using these for purposes that are illegal or contrary to the provisions of these General Conditions or any Specific Conditions

2. TRIPLE’S RESPONSIBILITY REGARDING INFORMATION CONTAINED ON THE WEBSITE

2.1. Operation of the Website

TRIPLE does its best to keep the Website in good working order, avoiding errors or repairing them when necessary, and keeping Website content up to date. Nevertheless, TRIPLE does not guarantee the availability and continuity of access to the Website, or the absence of errors in its content; neither does it guarantee that these will always be updated in a timely fashion. The User accepts this and shall undertake to exercise maximum diligence and prudence when accessing and browsing on the Website, or when using the content, information and services available therein.

2.2. Amendments to the information on the Website

TRIPLE reserves the right to amend, delete or update the information contained on the Website, its configuration or presentation at any time and without need for prior warning.

2.3. Website Content

Users are committed and undertake not to use the information available on the Website in any way that may constitute a violation of regulations or that may be contrary to common decency or morality or to the image and good professional name of TRIPLE and its collaborators.

TRIPLE shall not be held responsible for the possible consequences that may result from any inappropriate use or negligence on the part of Users regarding such content.

2.4. Use of information of the Website

Both access to the Website and the use of any information contained therein are the sole responsibility of the User. As a result, TRIPLE is not responsible for any damages, whether direct or indirect, which may arise from access to or use of the information contained on the Website.

Furthermore, TRIPLE is not responsible for any damage to Company software or hardware that may result from their use of the Website.

2.6. No liability for Damages

In addition to what has already been stated, and to the extent permitted by Law and excluding what may be stated elsewhere in the remaining General Conditions or Specific Conditions, under no circumstances will TRIPLE be responsible for personal damages, whether accidental, special, direct or indirect, including but not limited to damages for loss of profits, loss of data, interruption to business or any other commercial damages or losses related to the use or unavailability of the application, whatever the cause may be, and regardless of the theory of responsibility (contractual, extra-contractual or of any other type), and even if the User or Reviewer has been warned of the risk of such damages. Under no circumstances will responsibility for any damages (unless stated otherwise in applicable legislation) exceed five thousand euros (€5,000).

3. USER RESPONSIBILITY

The User is aware of and willingly accepts that it is exclusively responsible for the use it makes of the Service. As a result, it will be responsible for any damages of any nature that TRIPLE may suffer as a result of a failure to comply with any of the obligations which the User accepts as a result of these General Conditions, Specific Conditions, the Privacy Policy or any legislation applicable to the use of this Service.

4. POLICY REGARDING HYPERTEXT LINKS

TRIPLE is not responsible in any way for the use or content of hypertext links to third-party websites, nor does their existence imply that TRIPLE endorses, agrees with, guarantees or recommends the linked websites.

In addition, third parties who intend to use a hypertext link leading to TRIPLE’s website must first obtain prior, express, written consent from TRIPLE. Either way, TRIPLE does not accept any manner of responsibility arising from the use or content of third-party hypertext links.

5. PRIVACY AND COMMERCIAL CORRESPONDENCE POLICY

5.1 Both in the event that you provide us with your email address so that we keep you informed of TRIPLE products and services, as in the event that, while browsing, asking questions, making requests or conducting simulations through the Website or by purchasing TRIPLE products and services, the User provides us with information of a personal nature, the provisions of TRIPLE’s Privacy and Commercial Communications Policy, which will have to have accepted beforehand.

6. INDUSTRIAL AND INTELLECTUAL PROPERTY

6.1. All Website content (including, but not limited to, databases, images, photographs, patents, utility and industrial models, drawings, computer graphics, software, audio, video and text files) is the property of TRIPLE or of its content providers, and in the latter case, they have been licensed or transferred by said providers, and are protected by Spanish and international law regarding industrial and intellectual property. The compilation (meaning collection, design, organization and preparation) of all the Website content is the exclusive property of TRIPLE and is protected by applicable regulations regarding intellectual and industrial property.

6.2. All software involved in the use and development of the Website is the property of TRIPLE or of its software providers and is protected by industrial and intellectual property laws.

6.3. The brands, signs, identifying symbols or logos that appear on the Website are the property of TRIPLE or of its content providers, and have been duly registered or are in the process of being registered. The names of other products, services and companies that appear in this document or on the Website may be brands or other registered identifying symbols of their respective and legitimate owners.

6.4. All texts, images, videos or audio media are the property of TRIPLE or of its content providers, and may not be subject to subsequent modification, copying, alteration, reproduction, adaptation or translation by the User or by third parties without the express authorization of the owners of the content in question.

6.5. Under no circumstances does the provision to Users of access to databases, images, photographs, patents, utility and industrial models, drawings, computer graphics, software, audio, video and text files that are the property of TRIPLE or its content providers included on the Website, constitute the transfer of their property rights or the granting of the right to use them to the User, apart from what is strictly necessary for their use as intended as part of the Service.

6.6. Any use of Website content without the authorization of TRIPLE is expressly forbidden, including its exploitation, copying, publication, transformation, distribution, transmission by any means, subsequent publication, exhibition, public communication or total or partial reproduction. Any of these will constitute violations of TRIPLE’s intellectual property rights, and will be punishable under applicable legislation.

7. LICENCE OF USE OF THE WEBSITE

7.1. TRIPLE grants the User a right or license for use, not to sell, for the use of the Service through the Website, to which the terms included herein shall apply (hereinafter, the “Licence”). TRIPLE reserves any rights not expressly granted.

7.2. The Licence for the use of the Service through the Website is a non-transferable licence for the use of this Website on any compatible device the Company possesses or controls, in accordance with what is permitted in the regulations established in these General Conditions.

7.3. The User may not rent, lease, borrow, sell, redistribute or sub-license the Website. The User may not copy, disassemble, reverse engineer, decompile, attempt to identify the source code thereof, modify or create employment derived from the Website, any of its upgrades, or any part of it (except where this restriction is limited by applicable laws or by any of the terms of the license of use or of any of the open source components included in the License). Any attempt to do so will constitute a violation of the rights of TRIPLE. Should the User fail to comply with these restrictions, it may result in legal action being taken against them, and the obligation to pay for damages. The terms of the License also cover any updates carried out by TRIPLE that substitute and/or complement the Service, unless that update includes an individual license, in which case the terms of that license will apply.

7.4 The License shall remain in force until it is terminated by the User or by TRIPLE. The rights granted under this License will be cancelled without prior warning should the User fail to comply with any of the terms of the General Conditions, Specific Conditions or the Privacy Policy. Upon termination of the license, the Company shall be compelled to cease the use of the Website and to uninstall or destroy any total or partial copies thereof.

8. ACCESSING THE WEBSITE FROM MOBILE DEVICES

8.1. All terms put forth in these Conditions for Access and Use will be applicable to any use of the Services by the User using a mobile telephone, other mobile devices or computer devices that enable access to the Website.

8.2. To this end, the User is hereby informed that TRIPLE does not charge for mobile access to the content or services of the Website, but that User’s telephone service provider will apply whatever charge was agreed upon for receiving and sending data.

8.3. TRIPLE is not responsible for any of the restrictions that the telephone service provider may apply and that may result in the content or services offered on the Website not being easily accessible.

9. APPLICABLE LEGISLATION AND JURISDICTION

9.1. Access to and use of the Service will be governed by and interpreted in accordance with Spanish legislation.

9.2. Any dispute that may arise between TRIPLE and Users will be settled by the Courts of Law of the City of Barcelona (Spain), and both parties expressly waive any right to any other jurisdiction they may be subject to.

LOYALTY PROGRAMME AUTOMATION SERVICE SPECIAL CONDITIONS

1. LOYALTY PROGRAMS SPECIFIC CONDITIONS THROUGH TRIPLE AND ACCEPTANCE

1.1 These special conditions of engagement of loyalty programs through TRIPLE (hereinafter, “Special Conditions”) govern the access and use of the service offered by TRIPLE, consisting on the automation of loyalty programs of the retailers selected by the user (hereinafter "Retailers"), and which connects these Retailers with the financial institutions, through the corresponding API of TRIPLE (hereinafter “TRIPLE SERVICE”) through the technological platform of TRIPLE (hereinafter “TRIPLE Platform”), and shall be accepted by users (hereinafter referred to as "Users") who wish to use them.

1.2. These Special Conditions, which must be accepted by the Retailer prior to its adherence to TRIPLE, are complemented by the [General Terms and Conditions* insert link] of TRIPLE (hereinafter, “General Conditions”).

1.3. Retailer will be responsible to check, regularly, any changes or modifications to these Special Conditions or General Terms and Conditions, and to comply at all times with the terms and conditions contained therein.

2. CONTRACTUAL DOCUMENTATION AND ORDER OF PRECEDENCE

2.1. In case of discrepancy or contradiction, the order of precedence of the contractual documents that conform the agreement between the Retailer and TRIPLE will be as follows:

(i) The present Special Conditions.

(ii) The General Conditions

2.2. These contractual documents replace any other previous agreement between the Retailer and TRIPLE on the same subject.

3. CONTENT OF THE TRIPLE SERVICE TO RETAILERS

3.1. By subscribing to these Special Conditions, the Retailer will have access to the TRIPLE SERVICE TO RETAILERS, which will allow it enjoying the following advantages:

(i) A service for the automation of loyalty programs of the Retailers selected by the Retailer, and which connects these Retailers with the financial entities, through the corresponding API of TRIPLE.

(ii) The Retailer will register for the TRIPLE SERVICE TO RETAILERS through a fintech application with which TRIPLE collaborates. This fintech application will have access to the information on the Retailer's transactions with the selected Retailers, having been authorized to do so by the Retailer.

(iii) When making a transaction with a specific Retailer, TRIPLE will link, through its API, the data relating to the transactions made by the User in that Retailer.

(vi) User, by means of the corresponding loyalty program of each Retailer, will accumulate the rewards generated at any given time.

4. ACCESS TO THE CONTENT OF THE TRIPLE SERVICE TO RETAILERS

4.1. User may access the TRIPLE SERVICE TO RETAILERS by means of prior identification through the use of the corresponding Electronic Signature mechanisms.

4.2. User will have a personal space in TRIPLE, where he/she will have access to all the information related to the transactions carried out in each of the activated Retailers.

4.3. Once the amounts specified by the corresponding Retailer have been reached, the User may unblock them through his personal space at TRIPLE.

4.4. The subscription to the TRIPLE SERVICE TO RETAILERS is unipersonal and non-transferable to third parties. If an abusive use of the service is detected or in non-compliance with the conditions set forth herein or in the General Conditions, TRIPLE reserves the right to cancel the User's subscription by notifying him/her by e-mail.

5. RIGHT OF WITHDRAWAL

5.1. Given that these services are provided online, during the first fourteen days after entering into the contract, subscription to the TRIPLE SERVICE TO RETAILERS may be cancelled at any time by completing this cancellation form [insert link to the form] and sending it to the email address info@jointriple.com, the User being entitled to a refund of the amount of said purchase.

5.2. Due to the nature of our services (subscription to the TRIPLE SERVICE TO RETAILERS), the User is informed of the loss of this right to cancel when access to the content of the TRIPLE SERVICE TO RETAILERS has begun with his/her express consent, as this is immediately accessible digital content for permanent use.

5.3. In addition to the legal right to cancel indicated above, the User may also cancel the TRIPLE SERVICE TO RETAILERS subscription for the following monthly period if they should so wish, from which time they will no longer have access to the content of the TRIPLE SERVICE TO RETAILERS and, as a result, the content and services established in these Special Conditions.

6. PERSONAL DATA

6.1. TRIPLE's Privacy Policy establishes the general conditions that will govern, in general, the processing of User’s personal data while using the TRIPLE Platform and the services contained therein (hereinafter, "Privacy Policy").

6.2. In addition to the provisions of the Privacy Policy, this clause contains the specific conditions that will govern the processing of the User's personal data during trhe ∫access to the TRIPLE SERVICE.

6.3. TRIPLE stores and processes the information provided by the User in accordance with applicable personal data legislation. This information includes the IP address and authentication data of the User associated with the identity of this, among others, name, email address.

6.4. TRIPLE collects and processes the transactions carried out in each of the activated Retailers. To this purpose, it will have access to the data of these Retailer, as well as the bank account or credit card used in each transaction.

6.5. For the purposes of the above, the User consents to TRIPLE transmitting information to the Internet banking interface selected by the User and to the merchant with which the User contracts.

7. PRICE AND PAYMENT CONDITIONS

7.1. In the event that TRIPLE decides to establish a price for the TRIPLE SERVICE TO RETAILERS, which must be previously communicated to and accepted by the User (hereinafter, "Price"), the User undertakes, from now on, to pay said Price to TRIPLE

7.2. TRIPLE shall have no obligation to provide the TRIPLE SERVICE TO RETAILERS if the User has not paid the Total Cost in full or does not comply with the Payment Conditions.

7.3. Should the User violate their obligations regarding the Price, Payment Conditions or any other condition set out herein or in the General Terms and Conditions, TRIPLE reserves the right to suspend the TRIPLE SERVICE TO RETAILERS or terminate the contractual relationship with the User.

7.4. TRIPLE may change the Price at any time, notifying the User 15 days in advance. Should the User not accept any new Price, they may cancel their subscription free of charge.

8. SUSPENSION IN CASE OF FRAUDULENT USE AND SIMILAR

8.1 TRIPLE reserves the right to take appropriate measures, register, block or suspend the User's transactions in the event of doubt of criminal or illegal activity, unauthorised or fraudulent use of the service or any other act or omission, such as a serious anomaly or improper use of the TRIPLE SERVICE TO RETAILERS, which may involve damage to the User or to TRIPLE, regardless of the nature of such potential damage.

9. DELIVERY OR EXECUTION OPTIONS

9.1. Since the TRIPLE SERVICE is offered online, the delivery or execution will always be in electronic format, through the TRIPLE Platform.

10. COMPLAINTS

10.1 Any claim arising from the TRIPLE SUBSCRIPTION SERVICE should be addressed to

TRIPLE TECHNOLOGIES LTD Address: 20-22 Wenlock Road, London, England, N1 Email: info@jointriple.com

11. LANGUAGES OF THE CONTRACTS

11.1 The contract between TT and the User may be concluded in [Spanish or English].

TRIPLE SERVICE TO RETAILERS SPECIAL CONDITIONS

1. SPECIAL CONDITIONS TO RETAILERS AND ACCEPTANCE

1.1. These special conditions for contracting the service that TRIPLE offers to retailers (hereinafter, “Special Conditions”) govern the access and use of the service offered by TRIPLE, consisting on the automation of loyalty programs of the retailers that have joined TRIPLE (hereinafter "Retailers"), and which connects such Retailers with the financial institutions, through the corresponding API of TRIPLE (hereinafter “TRIPLE SERVICE TO RETAILERS”) through the technological platform of TRIPLE (hereinafter “TRIPLE Platform”).

1.2. These Special Conditions, which must be accepted by the Retailer prior to its adherence to TRIPLE, are complemented by the [General Terms and Conditions* insert link] of TRIPLE (hereinafter, “General Conditions”).

1.3. Retailer will be responsible to check, regularly, any changes or modifications to these Special Conditions or General Terms and Conditions, and to comply at all times with the terms and conditions contained therein.

1.4. TRIPLE and Retailer may be referred to jointly as the "Parties”.

2. CONTRACTUAL DOCUMENTATION AND ORDER OF PRECEDENCE

2.1. In case of discrepancy or contradiction, the order of precedence of the contractual documents that conform the agreement between the Retailer and TRIPLE will be as follows:

(i) The present Special Conditions.

(ii) The General Conditions

2.2. These contractual documents replace any other previous agreement between the Retailer and TRIPLE on the same subject.

3. CONTENT OF THE TRIPLE SERVICE TO RETAILERS

3.1. By subscribing to these Special Conditions, the Retailer will have access to the TRIPLE SERVICE TO RETAILERS, which will allow Retailer to enjoy the following advantages:

(i) A service for the automation of loyalty programs of the Retailers with its clients, and which connects the Retailer with the financial entities, through the corresponding API of TRIPLE.

(ii) To boost sales and increase OF client’s retention, through the management of automated loyalty programs.

(iii) Increase the visibility of the Retailer’s trademark, by being present in the most relevant financial applications.

(iv) To have all the information related to its loyalty programs on the TRIPLE Platform, duly centralized on a user-friendly dashboard.

3.2. Retailer’s clients will be registered in TRIPLE through a fintech application with which TRIPLE cooperates. This fintech application will have access to the information of the Retailer’s transactions with its clients, having been authorized by the clients themselves.

3.3. TRIPLE will link, through its API, the data relating to transactions made by the Retailer with its clients.

3.4. Retailer’s clients will accumulate all prizes generated from time to time through the corresponding Retailer loyalty program.

4. ACCESS TO THE CONTENT OF THE TRIPLE SERVICE TO RETAILERS

4.1. Retailer may access the TRIPLE SERVICE TO RETAILERS by means of prior identification through the use of the corresponding Electronic Signature mechanisms.

4.2. Retailer will have a personal space in TRIPLE, where he/she will have access to all the information related to the transactions carried out in each of the activated Retailers.

4.3. Once the amounts specified by the corresponding Retailer have been reached, the Retailer may unblock them through his personal space at TRIPLE.

4.4. The subscription to the TRIPLE SERVICE TO RETAILERS is individual and non- transferable to third parties. If misuse of the service is detected or in non-compliance with the conditions set forth herein or in the General Conditions, TRIPLE reserves the right to cancel the Retailer's subscription by notifying it by e-mail.

5. PERSONAL DATA

5.1. Due to the nature of this Agreement, in the course of providing the Services, TRIPLE may process personal data on behalf of the Retailer (“Personal Data”).

5.2. To this respect, the Parties agree to comply with the provisions set forth in the (EU) REGULATION 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”), or regulations replacing it, signing as many documents as necessary to regulate such access to files containing personal data.

5.3. In particular, the Parties may sign the Data Processing Addendum (DPA), that forms part of the TRIPLE SERVICE TO RETAILERS and that sets out the subject-matter and duration of the processing, the nature and purpose of the processing, the type of Personal Data and categories of data subjects, and the obligations and rights of both Parties with respect to any Personal Data, each acting reasonably and in good faith.

6. CONFIDENTIALITY

6.1. Both Parties undertake to respect the confidential nature of the information referring to business information, financial information, customers and information on prices, sales and products and/or services (hereinafter, "Confidential Information") exchanged in the course of the TRIPLE SERVICE TO RETAILERS, undertaking not to disclose them, nor to publish them or, directly or indirectly, make them available to third parties, without the prior and express consent of the party concerned.

6.2. TRIPLE and Retailer will use the Confidential Information received with the sole objective and purpose of providing and receiving the service covered by these Special Conditions, to which the provisions herein shall apply unless modified by another subsequent agreement.

6.3. The Confidential Information received may not be reproduced or disclosed in any way except for internal use when this is necessary for the fulfilment of the object described above, and provided that suitable measures are adopted to ensure strict compliance with the duties of confidentiality and use assumed.

6.4. Should TRIPLE and the Retailer are legally required to deliver or disclose, to a competent Public Administration, Judges and Courts, information or data considered as Confidential Information, the party concerned will be notified in advance by writing, with the greatest possible urgency and with a copy of the relevant documents and information, whenever legally possible.

6.5. The confidentiality duty established in this stipulation shall produce effects between the Parties even after the termination of the legal relationship under these Special Conditions.

7. PRICE AND PAYMENT CONDITIONS

7.1. In the event that TRIPLE decides to establish a price for the TRIPLE SERVICE TO RETAILERS, which must be previously communicated to and accepted by the User (hereinafter, "Price"), the User undertakes, from now on, to pay said Price to TRIPLE

7.2. TRIPLE shall have no obligation to provide the TRIPLE SERVICE TO RETAILERS if the User has not paid the Total Cost in full or does not comply with the Payment Conditions.

7.3. Should the User violate their obligations regarding the Price, Payment Conditions or any other condition set out herein or in the General Terms and Conditions, TRIPLE reserves the right to suspend the TRIPLE SERVICE TO RETAILERS or terminate the contractual relationship with the User.

7.4. TRIPLE may change the Price at any time, notifying the User 15 days in advance. Should the User not accept any new Price, they may cancel their subscription free of charge.

8. SUSPENSION IN CASE OF FRAUDULENT USE AND SIMILAR

8.1. TRIPLE reserves the right to take appropriate measures, register, block or suspend the Retailer's transactions in the event of doubt of criminal or illegal activity, unauthorised or fraudulent use of the service or any other act or omission, such as a serious anomaly or improper use of the TRIPLE SERVICE TO RETAILERS, which may involve damage to the Retailer or TRIPLE, regardless of the nature of such potential damage.

9. TECHNICAL SUPPORT

9.1. Any claim arising from the TRIPLE SUBSCRIPTION SERVICE should be addressed to info@jointriple.com.

9.2. TRIPLE undertakes to provide the Retailer the appropriate technical support to resolve issues related to the TRIPLE Platform at no cost to the Retailer. TRIPLE will make available, as soon as possible, personal and material means to solve any incidents related to the TRIPLE SERVICE TO COMMERCE.

9.3. All incidents must be communicated by email as soon as possible to info@jointriple.com. The Retailer must provide the necessary data, if available, needed by the technical support service.

9.4. All claims shall be made in writing within thirty (30) days from the date of the provision of the services that are the subject of the claim. TRIPLE’s responsibility will be limited to correct or redo the service that has been provided in disagreement, this being the only right that may be claimed by the Retailer.

ADDENDUM ON DATA PROCESSING BY THE SUPPLIER

This Data Processing Addendum ("Addendum") is part of the TRIPLE SERVICE TO BUSINESSES regulated in the particular conditions of this service ("Main Contract") entered into between (i) the Business subscribed to the TRIPLE Platform ("BUSINESS"), which is acting in its own name and on behalf of each Affiliate of the Company; and (ii) TRIPLE TECHNOLOGIES LTD "TRIPLE" ("Supplier "or" TRIPLE") acting in its own name and as representative for each of the Supplier's Affiliates.

By signing the Main Contract, the Supplier enters into this Data Processing Agreement in its own name and, to the extent required by applicable data protection laws, in the name and on behalf of any authorised Subcontractor.

In the course of providing the Services to the BUSINESS under this Agreement, the Supplier may process Personal Data on behalf of the BUSINESS and the Parties agree to comply with the following provisions with respect to any Personal Data; each of them shall act reasonably and in good faith.

The terms used in this Addendum will have the meaning indicated therein. Capitalised terms that are not defined in this document will have the meaning given to them in the Main Contract. Except as amended below, the terms of the Main Contract will remain in full force and effect.

In consideration of the mutual obligations established herein, the parties hereby agree that the terms and conditions established below will be added as an Addendum to the Main Contract. Consequently, except where the context otherwise requires, any reference to the Main Contract shall be understood to refer to the Main Contract including the modifications made by this Addendum.

1. PURPOSE

1.1. This Addendum regulates the terms and conditions that will apply to the processing of the Personal Data to which the Supplier may have access by virtue of the Services.

1.2. For the purposes of this Addendum, the terms will have the meaning that appears in Annex 1.2.

2. PURPOSES OF PROCESSING

2.1. The Supplier undertakes to process the personal data on behalf of the Company in accordance with the conditions established in this Data Processing Agreement. The processing will be carried out exclusively within the framework of the Agreement and for all purposes that are subsequently agreed.

2.2. The Supplier shall refrain from using the personal data for any purpose other than that specified by the Company. The Company shall inform the Supplier of any purpose that is not covered by this Data Processing Agreement.

2.3. All personal data processed on behalf of the Company will be the property of the Company and/or the relevant Data Subjects.

2.4. The supplier shall not make any unilateral decision about processing the personal data for other purposes, including decisions regarding providing them to third parties and the duration of the data storage.

2.5. In Annex 2.5 of this Addendum, certain information is established regarding the Processing of the Company's Personal Data by the Data Controllers, as required by article 28, paragraph 3, of the General Data Protection Regulation (GDPR) (and, possibly, equivalent requirements of other Data Protection Laws). The Company may make reasonable modifications to Annex 2.5 through written notification to the Supplier, in accordance with what the Company deems reasonably necessary in order to comply with these requirements. Nothing in Annex 2.5 confers any right or imposes any obligation on any of the parties with respect to this Addendum.

3. OBLIGATIONS OF THE SUPPLIER

3.1. The Supplier shall ensure compliance with the applicable laws and regulations, including laws and regulations governing the protection of personal data.

3.2. The Supplier shall provide the Company promptly, upon request, details of the measures it has adopted to comply with its obligations under this Addendum.

3.3. The Supplier's obligations under the terms of this Addendum also apply to whoever processes the Company's Personal Data in accordance with the Supplier's instructions.

4. STAFF OF THE SUPPLIER AND THE AFFILIATES OF THE SUPPLIER

4.1. The Supplier and each of the Affiliates of the Supplier shall take reasonable measures to ensure the reliability of any employee, agent or contractor of any Data Controller who may have access to the Company's Personal Data; in each case they shall ensure that access is strictly limited to those people who need to know or access the Company's Personal Data, when this is strictly necessary for the purposes of the Main Contract, and to comply with the Applicable Laws in the context of this person's duties with respect to the Data Controller. They must ensure that all these people are subject to non-disclosure commitments or professional or statutory confidentiality obligations.

5. SECURITY

5.1. Taking into account the state of the art, the costs of application and the nature, scope, context and purposes of the Processing, as well as the risk that the rights and freedoms of natural persons vary in terms of their probability and severity, the Supplier and each of the Supplier's Affiliates shall implement the appropriate technical and organisational measures to (i) protect the Data against accidental or unlawful destruction, and (ii) prevent the loss, alteration, unauthorised disclosure or access to the Data (a "Security Incident"). As a minimum, these measures shall include the security measures identified in Annex 5.1.

5.2. When assessing the appropriate level of security, the Supplier and each of the Supplier's Affiliates shall take into account, in particular, the risks posed by the Processing, particularly those risks arising from a Personal Data Breach.

6. SUB-CONTRACTING

6.1. The Company is aware of and agrees to the Supplier using subcontractors (including Affiliates of the Supplier) for the provision of its services; these subcontractors shall at all times be included in the list of subcontractors accessible in the list.

6.2. The Supplier must sign a written contract with each subcontractor that includes terms that offer at least the same level of protection for the Company's Personal Data as those established in this Addendum. The Supplier shall only maintain a contractual relationship with subcontractors that can reasonably guarantee protection of the privacy, confidentiality and security of the Personal Data.

7. RIGHTS OF THE DATA SUBJECT

7.1. Taking into account the nature of the Processing, the Supplier and each of the Affiliates of the Suppliers shall assist each Member of the Group of Companies, implementing the appropriate technical and organisational measures, insofar as this is possible, to comply with the obligations of the Members of the Group of Companies, as reasonably understood by the Company, in order to respond to requests from Data Subjects to exercise their rights in accordance with the Data Protection Law.

7.2. he Supplier must:

7.2.1. Immediately notify the Company if any Data Controller receives a request from a Data Subject under any Data Protection Law with respect to the Company's Personal Data.

7.2.2. Ensure that the Data Controller only responds to that request in accordance with the documented instructions of the Company or the Affiliate of the relevant Company, or as required by the Applicable Laws to which the Data Controller is subject; in this case the Supplier shall inform the Company, to the extent permitted by the Applicable Laws, of this legal requirement before the Data Controller responds to the request.

8. PERSONAL DATA BREACH

8.1. When the Supplier or any of its Subcontractors becomes aware of a Personal Data Breach affecting the Company's Personal Data, the Supplier must notify the Company without undue delay and provide the Company with sufficient information so that each Member of the Group of Companies is able to comply with its obligations to notify or inform Data Subjects of the Personal Data Breach pursuant to the Data Protection Laws.

8.2. The Supplier shall cooperate with the Company and with each of the Members of the Group of Companies and take reasonable commercial measures stipulated by the Company in order to assist in the investigation, mitigation and resolution of each of these Personal Data Breaches.

9. ASSISTANCE BY THE SUPPLIER

9.1. The Supplier shall assist the Company in complying with its obligations under articles 32 to 36 of the GDPR, taking into account the nature of the processing and the information available to the Supplier.

10. REMOVAL OR RETURN OF THE COMPANY'S PERSONAL DATA

10.1. Upon termination or expiration of the Contract, the Supplier must (at the Company's choice) either destroy or return to the Company all the Company's Personal Data (including all copies of the Data) in its possession or control (including any data subcontracted to a third party for processing). This requirement will not apply to the extent that the Supplier is bound by any applicable law to retain part or all of the Data, in which case the Supplier must isolate and protect the Data from any further processing, except to the extent required by such law.

10.2. At the Company's request, the Supplier shall provide a written certification that it has complied with the requirements of this Section, signed by a representative of the Supplier.

11. DEMONSTRATION OF COMPLIANCE

11.1. The Supplier shall make available to the Company all the information necessary to demonstrate its compliance with the obligations established in article 28 of the GDPR and, if necessary, allow and contribute to the performance of audits by a non-competitor of the Supplier.

12. RESTRICTED TRANSFERS

12.1. Each Member of the Group of Companies (as "data exporter") and each Data Processor, as applicable, (as "data importer") subscribes, through this Addendum, to the Standard Contractual Clauses with respect to any Restricted Transfer of that Member of the Group of Companies to that Data Processor.

12.2. The Standard Contractual Clauses will enter into force no later than:

12.2.1 The time when the data exporter becomes a party to them.

12.2.2 The time when the data importer becomes a party to them.

12.2.3 When the relevant Restricted Transfer begins.

12.3. Section 12.1 will not apply to a Restricted Transfer unless its effect, together with other reasonably practicable compliance measures (which, for the avoidance of doubt, do not include obtaining consent from the Data Subjects), is to allow the relevant Restricted Transfer to take place without infringing the applicable Data Protection Law.

12.4.The Supplier represents and warrants that, prior to starting any Restricted Transfer to a Subcontractor that is not an Affiliate of the Supplier, the adherence by the Supplier or the respective Affiliate of the Supplier to the Standard Contractual Clauses, and compliance with the variations to those Standard Contractual Clauses, in the name and on behalf of that Subcontractor, will have been duly and effectively authorised (or subsequently ratified) by this Subcontractor.

13. GENERAL TERMS AND CONDITIONS

13.1 Applicable law and jurisdiction

13.1.1. The Addendum and its application will be governed by Spanish law.

13.1.2. Any dispute that may arise in relation to this Addendum and/or derives from it will be governed by the courts of the city of Barcelona (Spain).

13.2. Order of precedence

13.2.1 Nothing in this Addendum reduces the obligations of the Supplier or any Affiliate of the Supplier under the Main Contract in relation to the protection of Personal Data or allows the Supplier or any Affiliate of the Supplier to process (or permit the processing of) Personal Data in a manner that is prohibited in the Main Contract. In the event of conflict or inconsistency between this Addendum and the Standard Contractual Clauses, the Standard Contractual Clauses will prevail.

13.2.1. Subject to the provisions of section 13.2, regarding the purpose of this Addendum, in the event of discrepancies between the provisions of this Addendum and any other contracts signed between the parties, including the Main Agreement and also including (unless explicitly agreed otherwise in writing and signed on behalf of the parties) contracts signed or supposedly signed after the date of this Addendum, the provisions of this Addendum shall prevail.

13.3 Severability of provisions

13.3.1 If any provision of this Addendum is invalid or unenforceable, the remainder of this Addendum will remain valid and in force. The invalid or unenforceable provision will be: (i) modified as necessary to ensure its validity and enforceability, preserving the intentions of the parties as strictly as possible or, if this is not possible, (ii) interpreted as if the invalid or unenforceable part had never been contained therein.

ANNEX 1.2: DEFINITIONS

In this Addendum, the following terms shall have the meanings indicated below and related terms shall be construed accordingly:

1. "Applicable Laws" means: a) the laws of the European Union or its Member States with respect to any of the Company’s Personal Data in relation to which any Member of the Group of Companies is subject to the Data Protection Laws of the EU; and b) any other applicable law with respect to any of the Company’s Personal Data in relation to which any Member of the Group of Companies is subject to any other Data Protection Law;

2. "Affiliate of the Company" means an entity that owns or controls, is owned or controlled by, or is or comes under the control or common ownership of the Company, where control is defined as directly or indirectly having the power to direct or controlling the management of an entity's administration and policies, whether through ownership of voting securities, by contract or otherwise;

3. "Member of the Group of Companies" means the Company or any Affiliate of the Company;

4. The "Company's Personal Data" means any Personal Data Processed by a Data Controller on behalf of a Member of the Group of Companies in accordance with or connected to the Main Contract;

5. "Data Controller" means a Supplier or a Subcontractor;

6. "Data Protection Laws" means the Data Protection Laws of the EU and, to the extent applicable, the data protection or privacy laws of any other country;

7. “EEA” means the European Economic Area;

8. "EU Data Protection Laws" means Directive 95/46/EC of the EU, incorporated into the national legislation of each Member State and modified, superseded or replaced as appropriate, including the GDPR and the laws that apply or complement the GDPR;

9. "GDPR" means the General Data Protection Regulation of the EU 2016/679;

10. "Restricted Transfer" means:

(i) a transfer of the Company's Personal Data from any Member of the Group of Companies to a Data Controller; or

(ii) a subsequent transfer of the Company's Personal Data from one Data Controller to another Data Controller, or between two establishments of the same Data Controller.

In each case, when such a transfer is prohibited by the Data Protection Laws (or by the terms of the data transfer contracts established to address the data transfer restrictions of the Data Protection Laws) in the absence of (i) the Standard Contractual Clauses, or (ii) a self-certification of Privacy Protection (which will be maintained as long as the Supplier processes the Company's Personal Data), assuming that the scope of said self-certification covers all the Company's Personal Data that the Supplier processes by virtue of the Contract and this Addendum, and the Supplier agrees to comply with the Privacy Protection Principles when processing the Company's Personal Data;

11. "Services" means the services and other activities provided or carried out by the Supplier or provided or carried out on its behalf for the Members of the Group of Companies in accordance with the Main Contract;

12. “Standard Contractual Clauses” mean the contractual clauses approved by the Commission or by a supervisory authority in accordance with the provisions of articles 28.7 and 28.8 of the GDPR;

13. "Subcontractor" means any person (including any third party and any Affiliate of the Supplier, but excluding employees of the Supplier or any of their subcontractors) designated by the Supplier or by any Affiliate of the Supplier, or on their behalf, to process Personal Data on behalf of any Member of the Group of Companies in relation to the Main Contract; and

14. "Affiliate of the Supplier" means an entity that owns or controls, is owned or controlled by, or is or comes under the control or common ownership of the Supplier, where control is defined as directly or indirectly having the power to direct or controlling the management of an entity's administration and policies, whether through ownership of voting securities, by contract or otherwise;

1.2. The terms "Commission", "Processor" or "Data Processor", "Data Subjects", "Member State", "Personal Data", "Personal Data Breach", "Processing" and "Supervisory Authority" they will have the same meaning as in the GDPR, and their related terms will be interpreted accordingly.

1.3. The word "includes" shall be construed as to include without limitation, and related terms shall be construed accordingly.

ANNEX 2.5: DETAILS OF THE PROCESSING OF THE COMPANY'S PERSONAL DATA

This Annex 2.5 includes certain details about the Processing of the Company's Personal Data as required by article 28, section 3, of the GDPR.

Purpose and duration of the Processing of the Company's Personal Data

The purpose and duration of the Processing of the Company's Personal Data are established in the Main Contract and in this Addendum.

Nature and purpose of the Processing of the Company's Personal Data

The provision of services to the BUSINESS by the Supplier in accordance with the provisions of the Main Contract

The types of the Company's Personal Data to be processed

Personal data of clients of the BUSINESS who have registered with TRIPLE through a fintech application with which TRIPLE collaborates.

The categories of Data Subjects to which the Company's Personal Data refers

Clients of the BUSINESS who participate in the loyalty programs managed through the TRIPLE Platform

The obligations and rights of the Company and Affiliates of the Company

The obligations and rights of the Business are stipulated in the Main Contract and this Addendum.

ANNEX 5.1

DESCRIPTION OF THE MINIMUM TECHNICAL AND ORGANISATIONAL SECURITY MEASURES TO BE APPLIED BY THE SUPPLIER

1. Information Security Program (ISP)

The Supplier shall maintain an ISP designed to (a) help the BUSINESS to protect the Personal Data against accidental or illegal loss, access or disclosure, (b) identify internal and reasonably foreseeable risks relating to security and unauthorised access to the Network Providers (defined below) and (c) minimise security risks, including through regular risk assessment and testing. The Supplier shall designate an employee to be responsible for the ISP.

The ISP will include the following measures:

1.1. Network Security

The Supplier Network will be accessible to employees, contractors and any other person who is necessary to provide the data processing services. The Supplier shall maintain access controls and policies to manage access to the Supplier Network from each network connection and user, including the use of authentication controls, firewalls or Intrusion Detection systems. The Supplier shall have in place response plans for security incidents in order to manage possible security incidents.

1.2. Physical Security

The physical components of the Supplier Network are housed in facilities ("Facilities") controlled by an ISO 27001 certified Company or in facilities that meet or exceed all of the following physical security requirements:

(i) Physical Access Controls. Physical barrier controls are used to prevent unauthorised entry to facilities both at the perimeter and at points of access to the building. Passing through the physical barriers at the facility requires electronic validation of the access control (e.g., card access systems, etc.) or validation by human security personnel (e.g., internal or contract security guard service, receptionist, etc.). Employees and contractors are issued photo identification cards that they must wear while they are in any of the Facilities. Visitors are required to check-in in the presence of designated personnel, must show proper identification, will be assigned a visitor identification card to wear while in any of the Facilities, and will be escorted at all times by authorised employees or contractors while visiting the Facility. 


(ii) Limited Access for Employees and Contractors. The Supplier provides access to the Facilities to those employees and contractors who have a legitimate business need for such access privileges. When an employee or contractor no longer needs the access privileges assigned to them, the access privileges will be revoked promptly, even if the employee or contractor remains an employee of the Supplier or its affiliates. 


(iii) Physical Security Protections. All access points (except the main entrance doors) are kept locked. The access points to the Facilities are monitored by surveillance video cameras designed to record all persons who access the Facilities. The Supplier also maintains electronic intrusion detection systems designed to detect unauthorised access to the Facilities, including monitoring vulnerable points (e.g., main entrance doors, emergency exit doors, roof hatches, loading dock doors, etc.) with door contacts, glass break sensors, interior motion detection or other devices designed to detect persons attempting to gain access to the Facilities. All physical access to the Facilities by employees and contractors is routinely recorded and audited.

1.3. Security of Personal Information. Controls for the Protection of Personal Data.

The Supplier shall have in place appropriate technical and organisational measures to protect the security (including protection against unauthorised or illegal processing and accidental or illegal destruction, loss, alteration or damage, unauthorised disclosure or access to the Personal Data), confidentiality and integrity of the Personal Data according to the risk. These will include, as appropriate: (i) pseudonymisation and encryption of the personal data; (ii) the ability to ensure the permanent confidentiality, integrity, availability and resilience of the treatment systems and services; (iii) the ability to restore the availability of the personal data and access to it in a timely manner in the event of a physical or technical incident; (iv) a process to regularly check, evaluate and assess the effectiveness of the technical and organisational measures aimed at guaranteeing the security of the processing. The Supplier regularly monitors compliance with these measures. The Supplier shall not significantly reduce the general security of the data processing services during the subscription period.

1.4. Business Continuity and Disaster Recovery

1.5. The Supplier shall maintain a risk-based Disaster Recovery and Business Continuity plan. Recovery plans are tested at least once a year to ensure full recovery is possible in order to comply with the expected Service-Level Agreements (SLAs).

Security of employees

The Supplier shall sign confidentiality agreements with employees and contractors. For positions with access to personal information, background checks will also be performed. In addition, all employees and contractors shall have a standard method for reporting incidents approved by the organisation and shall attend at least one safety awareness training course a year.

2. Ongoing assessment

The Supplier must regularly re-assess and update its security policies. Changes must be documented and change controls employed.

TRIPLE PRIVACY POLICY AND COMMERCIAL COMMUNICATIONS POLICY WWW.JOINTRIPLE.COM

TRIPLE is committed to protecting and respecting your privacy. In this privacy policy ("Privacy Policy"), we explain how TRIPLE collects, uses, discloses and protects the Personal Information you submit to us, including, for example, when accessing and using TRIPLE websites, participate in one of the loyalty programs that you have requested (and in which the retailer and financial entity selected also participate) or applying for job offerings.

Our Privacy Policy has been drafted to comply with applicable data privacy laws, in particular, the EU General Data Protection Regulation (“GDPR”). If the GDPR does not apply to you, not all terms of this Privacy Policy may be relevant to you.

As used in this Privacy Policy,

(i) “TRIPLE”, "we," "our" and "us" means TRIPLE TECHNOLOGIES LTD and its affiliates.

(ii) “Controller” for the purposes of the GDPR, other data protection laws applicable in member states of the European Union and other provisions related to data protection is TRIPLE TECHNOLOGIES LTD, with address at 20-22 Wenlock Road, London, England, N1.

(iii) “Personal Information” generally has the same meaning as personal data or personal identifiable information (PII). Personal Information is defined in the data privacy laws applicable in your country. It includes any information relating to an identified or identifiable natural person. This means any individual who can be identified directly or indirectly by reference to an identifier such as name, identification number, location data, online identifiers (for example, IP addresses – if they can be used to identify you) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Put simply, this includes data which either by itself or with other data held by us or available to us, can be used to identify you. TRIPLE is committed to the following key principles:

PRINCIPLE 1. WE LIMIT HOW, AND WITH WHOM, WE SHARE YOUR PERSONAL INFORMATION.

TRIPLE will only share your Personal Information with others for the following purposes:

(i) At your request.

(ii) To process or service a transaction or product authorized or requested by you. For example, it may include sharing your Personal Information with the retailer or financial entity selected by you in connection with the fidelity program you have requested.

(iii) When required by law to disclose such information to appropriate authorities.

(iv) To companies that assist us in marketing, recruiting, placement and servicing our products and services; for example, in order to support our information technology or to handle mailings on our behalf.

(v) To our professional advisers.

PRINCIPLE 2. PURPOSE AND LEGAL BASIS OF THE PROCESSING

Personal Information

Information we receive from you when (i) you visit www.jointriple.com and other TRIPLE websites, (ii) contracting of any of our services, (iii) any other information you subsequently provide to us orally, in writing or through the TRIPLE platform: this may include your full name, postal address, e-mail address, email, loyalty program (including retailer’s data and transactions with that retailer and with the financial entity, as well as bank account or credit card in which the transfer can be made) employer/business and professional information, job titles, telephone, demographic information, IP address.

Name, address, e-mail address and other information about your transactions and communications with us.

Name, address, e-mail address and other contact information

IP address and other information submitted by your browser

Application data, including your name, address, CV, birthdate

All of the above

Purpose

The Personal Information is used in providing the website and answering requests from you. For instance, (i) if you choose to register to receive information about our products and services, (ii) to participate in one of the loyalty programs that you have requested (and in which the selected retailer and financial entity also shall participate), (iii) to contract other products or services offered by TRIPLE or (iv) if you contact us through the section “contact”, we will use your Personal Information in order to respond).

The Personal Information is used to process or review a transaction or product or service authorized or requested by you.

To periodically contact you to inform you of new products and/or services we provide or that we consider to be of interest to you.

To diagnose any problems with our server and administer our website.

Processing is required to enable us to administer the recruiting process, including the set-up of an electronic job applicant HR file, managing your application, organizing interviews. We may retain your Personal Information following your unsuccessful application so that we may contact you in case of future job vacancies. Your data may also be shared with other TRIPLE group companies to consider your application for other job openings.

For compliance with legal and regulatory requirements and corporate governance obligations.

Legal Basis

The processing is necessary for the performance of a contract to which you are party or in order to take steps at the request of you prior to entering into a contract. Processing is necessary for the purposes of our legitimate interests, i.e. providing a website for information and use, or to attend to your request for information, purchase of products/services or if you contact us through the section “contact”.

The processing is necessary for the performance of a contract to which you are party or in order to take steps at the request of you prior to entering into a contract.

Your consent

Processing is necessary for the purposes of our legitimate interests, that is to say, providing a website for information and use.

Primarily, the processing is necessary to take steps for entering into a contract with you. We also have a legitimate interest to (i) store your data for a period of up to 6 years following the conclusion of an unsuccessful application and/or (ii) to share it with the TRIPLE group of entities and/or (iii) to retain and use your data as far as necessary for the establishment, exercise or defense of legal claims.

Processing is necessary for compliance with legal obligations to which we are subject.

Where you wish to provide us with Personal Information about another person, including the persons you act on behalf of, you must ensure that you have their prior permission to do this. You must also share with them a copy of this Privacy Policy as well as any other relevant privacy statements (see above) before you ask them for this permission.

We collect Personal Information for the purposes described above when you visit www.jointriple.com and other website owned by TRIPLE, as well as the data provided by the retailer or financial institution you have selected in connection with the requested loyalty programs .

PRINCIPLE 3. WE ESTABLISH SAFEGUARDS TO HELP ENSURE THE SECURITY AND CONFIDENTIALITY OF YOUR INFORMATION.

TRIPLE restricts access to your company’s information to our employees or providers who need it to do their job. Employees with access to your information are required to strictly maintain the confidentiality of such information.

TRIPLE maintains physical, electronic and procedural safeguards that comply with Industry standards to protect your information. We routinely test our information systems and websites to help ensure that unauthorized access does not occur.

PRINCIPLE 4. WE KEEP YOUR PERSONAL INFORMATION FOR AS LONG AS IT IS NECESSARY TO DO SO TO FULFIL THE PURPOSES FOR WHICH IT WAS COLLECTED.

The criteria we use to determine data retention periods for Personal Information includes the following: (i) Retention in case of queries: We will retain it for a reasonable period after the relationship between us has ceased in case of queries from you; (ii) Retention in case of contracting our products/services or contacting our customer support service: We will retain it for the time necessary to deliver our product/service to you according to the contract conditions, as well as to attend any of your questions; (iii) Retention in case of claims: We will retain it for the period in which you might legally bring claims against us; (iv) Retention in accordance with legal and regulatory requirements: We will consider whether we need to retain it because of a legal or regulatory requirement, e.g. to comply with the product warranty period or to comply with tax or fiscal duties; (v) Retention in case of job applications: If you applied for a job offering with TRIPLE and have not been successful, your application data will be retained in our talent pool for a limited period as defined in Principle 2.

1. Give Us Your Feedback

Our goal is to protect your privacy. To comment or help us improve, please contact us via email (info@jointriple.com). We may ask you to provide a copy of your proof of identity.

If you consider that we are in breach of our obligations under data protection laws, you may lodge a complaint with the competent Data Protection Authority, which may be the supervisory authority in your country of residence, place of work or of an alleged infringement of data protection laws.

2. Changes to this Privacy Policy

This privacy policy may be modified from time to time to comply with applicable laws or to conform to our current business practices. We will post any changes to this on our website and will endeavor to notify you via your contact email. When notifying such changes to you, we will also explain what the likely impact of those changes on you will be, if any. We encourage you to revisit our website from time to time to check for updates.

3. Additional information we want you to know:

(i) Transfers outside the EU/EEA. We also transfer the Personal Information we process to countries outside the European Economic Area (”EEA”) (e.g., when one of our service providers or equipment is based outside the EEA, such as for hosting your Personal Information). We have put in place adequate safeguards with respect to the protection of your privacy, fundamental rights and freedoms, and the exercise of your rights, e.g. we establish an adequate level of data protection, usually through EU Standard Contractual Clauses based on the EU commission’s model clauses.

(ii) Provision of Personal Information / Automated decision making. Please note that the Personal Information we collect from you is necessary to providing the services and the website to you, as well as to allow the purchase of our services. Failure to provide such data may not enable us to provide our services to you or make our website accessible or to proceed with your request to contract TRIPLE services. We do not use automatic decision-making or profiling of individuals.

(iii) Your Rights. You have various rights under data privacy laws in your country. These may include (as relevant): the right to request access to the Personal Information we hold about you; the right to rectification including to require us to correct inaccurate Personal Information; the right to request restriction of processing concerning you or to object to processing of your Personal Information, the right to request the erasure of your Personal Information where it is no longer necessary for us to retain it; the right to data portability including to obtain Personal Information in a commonly used machine readable format in certain circumstances such as where our processing of it is based on a consent; the right object to automated decision making including profiling (if any) that has a legal or significant effect on you as an individual; and the right to withdraw your consent to any processing for which you have previously given that consent.

(iv) Marketing Information. With your consent, where relevant, we will keep your name, address and contact details (including telephone numbers and email addresses) in our databases and may from time to time use that information to make you aware of our related products and services as well as updates on developments in our industry sector generally which may be of interest to you. We may contact you in writing, by telephone or email for this. If at any time you decide that you do not want your contact details used for these purposes, you may object or revoke your consent for receiving marketing communications by following the instructions in the relevant marketing communication (e.g., clicking on the “Unsubscribe” button) or by contacting us (see “Give Us Your Feedback” above).

(v) Security Statement. We take reasonable precautions to protect your information. In particular, we implemented appropriate technical and organisational measures designed to ensure a level of security appropriate to the risk, including as appropriate: (a) pseudonymisation (such as where data is separated from direct identifiers so that linkage to an identity is not possible without additional information that is held separately) and encryption, (b) protecting the ongoing confidentiality, integrity, availability and resilience of systems and services used to process your Personal Information, (c) providing the ability to restore the availability and access to Personal Information in a timely manner in the event of a physical or technical incident; and (d) maintaining a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational security measures. When you submit information to us through our website, your information is protected both online and offline. All data transferred to/from the TRIPLE internal network, from/to an external entity, is encrypted to industry standards. Please keep in mind that messages you send to us by Internet e-mail may not be secure. We maintain appropriate physical, electronic and procedural safeguards to ensure the security, integrity and privacy of your personal information within our company. Only those employees who may require your information to perform a specific job are granted access to your organization’s identifiable information. Furthermore, all employees are kept up-to-date on our security and privacy practices.

(vi) Our Use of Cookies and Analytic Tools. TRIPLE uses “cookies” and analytic tools as further described in our Cookie Policy.

(vii) Third Party Websites. Our websites may contain links to third-party websites. If you follow these links, you will exit our websites. This privacy policy does not apply to websites of third parties. TRIPLE cannot accept liability for the use of your Personal Information by these third parties. Your use of these websites is at your own risk. For more information on how these third parties treat your Personal Information, please check their privacy policy (if available).

WWW.JOINTRIPLE.COM COOKIES POLICY

At TRIPLE, as in most other of Internet web sites, in order to improve our users’ experience, at , we use cookies on our website www. jointriple.com (hereinafter, the “Website”).

On your first visit to our website, you will be informed of the use of cookies and of this Cookies Policy. On future visits, you can consult our Cookies Policy at any time at the bottom of the web page “Cookies Policy”. By registering on our website and by simply making use of them, you are consenting to the installation of the cookies mentioned in this “Cookies Policy” (unless you have configured your browser settings to reject cookies).

Below, you will find information on what “cookies” are, what type of cookies are used by this website, how you can deactivate cookies on your browser and how to specifically disable third-party cookies. If you are unable to find the specific information you are looking for, please write to at info@jointriple.com.

1. WHAT ARE COOKIES, AND WHAT ARE THEY FOR?

A cookie is a file that is downloaded onto the User’s device when they access certain content on websites, electronic media and/or applications. Cookies enable an application or a website, among other things, to store and recover information on the browsing habits of a User or their device and, depending on the information they contain and the manner of using the device, they may be used to identify the User.

Cookies are safe, as they can only store the information used by the browser, the information that the user has introduced into the browser or that they enter into the page search function.

Some “cookies” are strictly necessary for a website and/or application to work properly, and they cannot contain viruses or damage your device.

Others have different purposes, such as facilitating browsing between pages and applications, storing the user’s language preferences, storing other user preferences and detecting if the user has already visited.

Cookies are essential for the Internet to work properly, and provide innumerable advantages in the provision of interactive services, making browsing and use easier. Cookies cannot damage your device, and having cookies enabled helps to identify and correct possible errors.

2. WHAT TYPES OF COOKIES DO WE USE AT TRIPLE?

2.1. Depending on the entity managing them, cookies used can be classified as:

(i) Own cookies: These are Cookies sent to your device and managed exclusively by us to improve the performance of TRIPLE. The information that is collected is used to improve the quality of our service and your experience as a user.

(ii) Third-party cookies: These are cookies deposited by a server from a different domain, with the authorization of the site you are visiting (for example, when you press buttons for social networks or view videos located on another site). We cannot access the information stored in the cookies belonging to other websites when you browse on those websites.

If cookies are installed from a device or domain managed by TRIPLE, but the information collected using these cookies is managed by a third party, they cannot be considered own cookies.

2.2. According to the period of time during which they remain active, a distinction can be made between the following types of cookies:

(i) Session cookies: These are temporary files that remain in the browser's cookie history until leaving the website, and as a result, they are not stored on the computer’s hard drive or on the user’s mobile device. The data obtained using these cookies serves to analyse aspects relating to visitor traffic and data communication. They allow for an improved user experience, thus improving content and facilitating use.

(ii) Persistent cookies: These are stored on the hard drive, and websites read them every time the User visits. In spite of their name, persistent cookies have an established expiry date. The cookie will cease to function after that date. They are generally used to facilitate the different services offered by websites.

2.3. According to the purpose of the cookie:

(i) Sign-up cookies: When the user signs up at TRIPLE, cookies are generated which identify them as a registered user and indicate when they identified themselves on the portal.

These cookies are used to identify the user’s account and their associated services. These cookies are maintained as long as the user does not log off, close their browser or shut down their device.

(ii) Analytical cookies: These cookies can be used in combination with analytical data to individually identify users’ preferences at TRIPLE.

(iii) Performance cookies: This type of cookies saves user preferences for certain tools or services, so that they do not need to be reconfigured every time the user visits and, in some cases, they may be provided by third parties. Some examples are: volume of audiovisual players, preferences for the management of articles or compatible video playback speeds.

(iv) Advertising cookies: These cookies enable the management, in the most efficient way possible, of advertising spaces which the editor may have included on the website or platform from which they provide the requested service, and relate to criteria such as edited content or the frequency with which advertisements are shown.

(v) Behavioural advertising cookies: These cookies enable the management, in the most efficient way possible, of advertising spaces which the editor may have included on the website or platform from which they provide the requested service. These cookies store information regarding users’ behaviour which is obtained through continued observation of their browsing habits, and which enables the development of a specific profile so that advertising can be shown in accordance with that profile.

(vi) Geolocation cookies: These cookies are used by programs that attempt to geographically locate the computer, smartphone, tablet or television used to connect, in order to offer more appropriate services and content in full anonymity.

(vii) Other third-party cookies: On some of our pages, third-party cookies can be installed which enable the services they provide to be managed and improved. One example of this is links to social networks that enable our content to be shared.

3. HOW CAN USERS BLOCK OR DELETE COOKIES?

Users can permit, block or delete the cookies installed on their computer by adjusting their preferences on their web browser. Should the user decide to block them, certain services requiring their use may not be available to the user.

We will now provide a series of links in which users can find information on how to modify their preferences on the most commonly used web browsers:

(i) Internet Explorer: Tools > Internet Options > Privacy > Settings.

For more information, you can consult Microsoft support or Help on your browser.

(ii) Firefox: Tools > Options > Privacy > History > Personal Settings.

For more information, you can consult Mozilla support or Help on your browser.

(iii) Chrome: Settings > Show Advanced Options > Privacy > Content Settings.

For more information, you can consult Google support or Help on your browser.

(iv) Safari: Preferences > Security.

For more information, you can consult Apple support or Help on your browser. Finally, you can visit the Your Online Choices website, where, besides finding useful information, you can set your preferences on third-party advertising cookies for each provider. If you have any doubts regarding this cookie policy, you can contact by email at info@jointriple.com.

4. CONSENT

The User may revoke their previously-provided consent for the installation of cookies at any time by deleting the cookies installed on their device by changing their settings on their browser, as indicated in the “Cancelling and Deleting cookies” section. Nevertheless, this may affect the working features of the website, or the applications used by the User, making the user experience less satisfactory.