Privacy Policy

The purpose of this Privacy Policy (hereinafter referred to as the "Policy") is to inform you about EXTE's processing of your personal data:

This Policy will explain how EXTE collects, processes and protects your personal data, so that you can freely and voluntarily decide whether you wish to provide your personal data to EXTE.

EXTE will process your data in accordance with the obligations and guarantees set out in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter, GDPR), as well as in Organic Law 3/2018 of 5 December on the Protection of Personal Data and the Guarantee of Digital Rights and in accordance with the applicable data protection regulations in force.

The following Policy affects natural persons and interlocutors or representatives of companies whose personal data may be processed by EXTE.

You should read the Policy carefully and periodically as it may be subject to change due to new developments, legislative and jurisprudential requirements, or business needs.

1.- GLOSSARY OF TERMS.

For a better understanding of the Policy, the following terms are listed below:

Encryption: Procedure by which information is transformed into an apparently unintelligible set of data by means of various techniques.
Customer: The natural person, individual entrepreneurs and liberal professionals and legal entities that formalize a contractual relationship on the services offered by EXTE, of which EXTE, retains or processes personal data for the development of the provision of the service (example: Companies that require advertising services).
Communication or transfer of data: Any communication by transmission and/or dissemination of personal data to a third party, whether a natural or legal person other than the data subject, Data Controller and/or Data Processor.
Commercial communications: The processing of customer or potential customer data for marketing and advertising purposes.
Personal data: Personal data is any information relating to a living, identified or identifiable natural person. In determining whether a natural person is identifiable, account should be taken of any means, such as singling out, that may reasonably be used by the controller(s) or any other person to directly or indirectly identify the natural person.
Pseudonymous data: A set of data that cannot be attributed to a data subject without the use of additional information, as it requires that such additional information is separately identified and, in addition, is subject to technical and organisational measures designed to ensure that the personal data are not attributed to an identified or identifiable natural person.
Processor: A natural or legal person who processes personal data on behalf of a controller.
IAB: Interactive Advertising Bureau. Global association for communication, advertising and digital marketing.
Data Subject: The natural person, whether customer or user, who can be identified, directly or indirectly, through personal data.
Media for advertising campaigns (including electronic and digital): The media, whether telephone, email, SMS or any other electronic and digital media through which commercial communications are made.
Websites, Apps, and Platforms used by EXTE: The websites, apps and platforms used by EXTE to offer its services.
Supplier: The legal entity that provides services to EXTE and that, among others, may be publishers of their own websites (Publisher).
Data Controller: The legal entity within the EXTE companies that determines the purposes and means of the processing, either independently or jointly with other Data Controllers.
User: Natural person who browses through any of the websites of the Data Controller, as well as users who browse the websites of EXTE's suppliers and customers, as well as those who use EXTE's services.

2.- IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLERS.

The party responsible for the processing of the user's or data subject's personal data is Snapupp Technologies, S.L.U. with Tax Identification Number B87102760 and registered office at Paseo de la Castellana, nº 130, 4ª Planta, (28046) Madrid, España (hereinafter, “EXTE”).

To contact the Data Controller and the DPO (data protection officer), to make any enquiry in relation to the processing of personal data carried out by EXTE, or to exercise any of the rights set out in section 9 of this Policy, you can send an e-mail to gdpr@exte.com or a letter by ordinary mail to the following postal address: Paseo de la Castellana, nº 130, 4ª Planta, (28046) Madrid, Spain.

3.- PERSONAL DATA THAT WE PROCESS

EXTE, by way of example and not exhaustively, may process the following categories of data of its interested parties and users:

Identification data: Name and surname; DNI/NIF, identification document; address; e-mail; telephone; customer number; signature; electronic signature; user name.
Personal characteristics: gender; nationality; age.
Financial data: Bank details; debt.
Transactions in goods and services: contracts for the provision of a service, sale of a product, etc.
Employment details: job/position; professional category or group; department; company; corporate contact details.
Browsing data: IP address; device identifier; browser details, and those collected in the Cookies Policy.

4.- PURPOSES AND LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA COLLECTED

EXTE will process your personal data, depending on your activity and the services you request from us through our different websites or by contracting our services.

In this regard, EXTE undertakes to process only the personal data strictly necessary to fulfil the purposes indicated below and to guarantee their confidentiality.

The personal data that the Data Controller may process, obtained directly, are as follows:

Purpose	Description	Personal Data	Legitimising basis
Relationship with suppliers and customers	Processing of the personal data of the employees of suppliers and customers for the purpose of entering into a contractual relationship for the provision of services and, where appropriate, debt collection.	Identification data: Name, surname and ID number, email address and telephone number. Employment data: Position held in the supplier or client. Economic financial data Data on the debt generated by customers are processed.	Execution of a contract (Article 6.1.b GDPR)
Attention to your rights	Attention to the exercise of your data protection rights (access, rectification, opposition, deletion, limitation of processing and portability).	Identification data: Name and surname, ID card or identification documents, address, e-mail address and telephone number. Personal characteristics: Sex; Nationality; Age. Transactions of goods and services: Contracts for the provision of a service, sale of a product etc. Other data: Those that are necessary to meet the requests of each right as the case may be.	Compliance with a legal obligation applicable to the data controller (Article 6.1.c of the GDPR)
Management of administrative files and judicial proceedings.	Attention and management of administrative and judicial files initiated by the different bodies at all stages.	Identification data: Name, surname, first name, telephone number and corporate email address. Transactions of goods and services: Products and services contracted. Other data: Those necessary to fulfil this purpose.	Compliance with a legal obligation applicable to the data controller (Art. 6.1 c) of the GDPR).
Complaints channel	Management of the complaints channel for the inspection and investigation of those complaints that, in accordance with current legislation, are successful.	Identification data: Name and surname(s); DNI / CIF / identification document; Address; E-mail; Telephone; IP address; Voice. Personal characteristics: Sex; Nationality; Age; Work permit. Job details: Position/position; Category or occupational group; Department; Company; Corporate contact details; Transactions of goods and services: Contracts for the provision of a service, sale of a product etc Economic and financial data: Bank details; Business activity data; Taxes; Other data: Any necessary to fulfill this purpose.	Fulfilment of a legal obligation applicable to responsible for the processing (Art. 6.1 c) of the RGPD).
Sending of commercial communications from EXTE	Sending of commercial communications from the data controller to the user by various means, including electronic means.	Identifying data: Names and surnames, telephone number and e-mail address.	Satisfaction of legitimate interests pursued by the data controller with opposition to processing (Art. 6.1 f) of the RGPD).
Newsletter	Processing of personal data for the purpose of sending the EXTE commercial newsletter	Identifying data: first and last names and e-mail address.	Consent of the data subject (Art. 6.1 a) of the GDPR)
Management of users of EXTE's Websites	Management of users who enjoy the services offered on the EXTE websites (answering requests for information, browsing, etc.).	Identifying data: Name and surname and e-mail address, IP Address Browsing data.	The implementation of pre-contractual measures at the request of the data subject (Art. 6.1 b) of the GDPR). The satisfaction of legitimate interests pursued by the controller (Art. 6.1 f) of the GDPR).
Video surveillance	Security of the installations, property and persons at EXTE's different sites.	Identifying data: Image.	Satisfaction of legitimate interests pursued by the data controller (Art. 6.1 f) of the GDPR).
Implementation of first-party and third-party cookies	Use cookies and similar tools on the EXTE Websites and on the websites of our publishers to remember certain information to automatically adapt certain aspects of your browsing and personalise your experience and to track and analyse your behaviour on the website.	Identifying data: IP address, Device identifier and IAB Privacy Consent String.	Prior consent of the data subject except for the use of technical cookies, considered strictly necessary for the functioning of the website (Art. 6. 1 a) of the GDPR).

In relation to the data you provide us with, by clicking on "accept", "send" or equivalent, you declare that the information and data you have provided are accurate and truthful.

The user and interested party shall be solely responsible for the veracity of all the information provided to EXTE for the management and contracting and use of the services. EXTE is not responsible for the use of false, inaccurate, incomplete or outdated data provided by the user and interested party.

Additionally, during the term of the contractual relationship, other data may be incorporated for these or other purposes, in which case the interested parties and users will be duly informed at the time of collection. In this sense, before carrying out any additional processing not foreseen in this Policy, we will inform you in the "Privacy Policy" or in the privacy clause of the contracts signed with the companies that make up EXTE.

5.- DATA RETENTION

In compliance with the principle of limiting the period of retention of personal data, they will be processed and kept in such a way that it is possible to identify the data subject, solely and exclusively for the time necessary for the purposes for which they have been collected at any given time and for the management of any possible liabilities that may arise from the purpose, in addition to the periods established in the applicable regulations.

At the end of the indicated period of conservation, EXTE will keep your data duly blocked during the period of prescription of possible legal actions, with the sole purpose of attending to the responsibilities of any kind that may arise. Once such liabilities have expired, your personal data will be definitively deleted.

6. RECIPIENTS OF PERSONAL DATA AND INTERNATIONAL DATA TRANSFERS

EXTE will only communicate your personal data with third party recipients, for any of the purposes described in section 4 of this Policy, and these communications can be:

Necessary for the provision of the service: EXTE has contracted for the management of some of the functions necessary for the provision of the service, trusted suppliers who may have access to personal data and who will act as data processors and will be contractually obliged to comply with their legal obligations as data processors, to maintain the confidentiality and secrecy of the information.
- In the event that it is necessary for third parties to access your data in order to provide a service subcontracted by EXTE, the necessary documents will be signed to guarantee the security of your personal data and the correct exercise of your rights.
- Under no circumstances will personal data be shared with third parties without your prior consent, unless the communication of your data is necessary for to ensure the maintenance of the contractual relationship, as well as in the cases provided for by the regulations in force at any given time.
Communication of data to third party companies for which the user and interested party have given their consent: Identification and contact data may be transferred.
Fulfilling a legal obligation: EXTE may also communicate your personal information to third parties duly authorised by law when it is necessary to comply with the law, for example, lawyers and solicitors in the event of a legal case that requires it. The data will be communicated to credit and payment institutions to the extent necessary for the management of the collection or payment of contracted services.

EXTE may communicate the personal data of the interested party and user to the various public authorities by virtue of a legal obligation, such as the tax and customs authorities, the judicial authorities, the competent consumer or data protection authorities, the judicial police and any others that may be applicable according to the applicable regulations in force.

In the event that EXTE transfers your personal data to third parties residing outside the European Economic Area for the provision of the services you have requested, such transfer will be based on an adequacy decision of the Spanish Data Protection Agency or compliance with any of the appropriate safeguards set out in the GDPR, and customers and suppliers will be informed of such transfers.

EXTE companies that are members of IAB Europe (see section 2) comply with the Policies and Specifications of the Transparency & Consent Framework TCF. For more information see https://iabeurope.eu/tcf-for-vendors/

7.- AUTOMATED DECISIONS ENTAILING LEGAL CONSEQUENCES FOR THE DATA SUBJECT

You are informed that the processing of your data for the purposes indicated will only involve the implementation of automated decisions that produce legal effects for the user or data subject when the user or data subject has explicitly consented to it.

However, if it is necessary for the provision of any of the contracted services, it will be adequately informed in the sections of the EXTE Websites or in the corresponding contract.

8.- FURTHER PROCESSING

If EXTE requires the further processing of your personal data for a purpose other than those stated in this Policy, the data subject and user will be informed in advance, including all legally required information, as well as the purposes foreseen for such processing.

9.- RIGHTS OF USERS AND DATA SUBJECTS.

In accordance with the provisions of current legislation, EXTE informs you that you have the following rights derived from the applicable regulations on data protection:

Access: Allows the owner of the data to obtain information on whether or not EXTE processes personal data concerning you and, if so, the right to obtain information on your personal data subject to processing.
Rectification: Allows you to correct errors and modify data that are inaccurate or incomplete.
Deletion: Allows data to be deleted and no longer processed by EXTE, unless there is a legal obligation to keep them and/or there are no other legitimate reasons for their processing by EXTE. For example, if personal data is no longer required for the purposes for which it was collected, the data subject and user may request that we delete such data without undue delay.
Limitation: Under the legally stipulated conditions, this allows the processing of data to be stopped in such a way as to prevent future processing by EXTE, which will only retain the data for the purpose of exercising or defending claims.
Opposition: In certain circumstances and for reasons relating to their particular situation, data subjects may object to the processing of their data. EXTE will stop processing the data, except for compelling legitimate reasons, or the exercise or defence of possible claims.
Portability: Allows the data subject to receive personal data concerning him/her that he/she has provided to EXTE and to transmit it directly to another data controller in a structured, commonly used and machine-readable format. In order to exercise this right, the customer must provide a valid e-mail address.

As established by law, the exercise of these rights will be dealt with by EXTE within a maximum period of one month. However, depending on the complexity of the request, the full implementation of certain rights may require a longer period of time, which in no case will exceed two additional months.

You may exercise your rights of access, rectification, opposition, deletion, limitation and portability at any time by sending a written communication to EXTE by e-mail to gdpr@exte.com and accompanied by your ID card. In the same way, you can revoke the consent given for the processing of your personal data.

You can also file a complaint before the Spanish Data Protection Agency C/ Jorge Juan, 6 - 28001 Madrid (Spain) in the event that you consider that EXTE has processed your personal data in breach of the applicable regulations.

10.- SECURITY MEASURES

EXTE will process your personal data as strictly confidential. EXTE has implemented appropriate technical and organisational measures to ensure the security of your personal data and to prevent its unlawful destruction, loss, access or alteration. In determining these measures, we have taken into account criteria such as the scope, context and purposes of the processing, the state of the art and the existing risks. EXTE guarantees the following security measures:

Pseudonymization and encryption of personal data.
The ability to ensure the permanent confidentiality, integrity, availability and resilience of processing systems and services.
The ability to restore availability and access to personal data quickly in the event of a physical or technical incident.
The process of regular verification, evaluation and assessment of the effectiveness of technical and organisational measures to ensure the security of the processing.

11.- MINORS

EXTE contractually requires its Customers and Suppliers to comply with the highest levels of compliance with the regulations that protect minors and that entail the need for age verification to access any element that involves a risk to minors (such as access to adult content and services, contact with people who may endanger them, the contracting of products and services, the monetisation of their personal data or the induction of addictive behaviour).

Insofar as EXTE is unable to reasonably control whether or not the users of its Websites or its Customers and Suppliers are minors, it is advised that parents and guardians must provide the necessary mechanisms to prevent minors from accessing these websites and/or providing personal data without their supervision, and EXTE accepts no liability in this regard.

In those cases of processing of personal data carried out directly by EXTE in its capacity as the party responsible, whose legitimate basis is consent, such consent shall only be obtained from persons over 18 years of age and only when they confirm it.

12. COOKIES

Like other websites, the EXTE Websites and the websites of its suppliers and customers use a technology called "cookies" to collect information about users' interactions with and use of the Websites. If, as a user of the EXTE Websites, you accept cookies from our sites, you also agree that EXTE may identify you as a user and process your information for internal analysis and for any processing that you have permitted or authorised as a user, customer or supplier. This Privacy Policy applies in addition to the provisions of the Cookie Policy.

For detailed information on how EXTE uses cookies, you can review the Cookie Policy here.

In addition, for the advertising marketplace service offered by EXTE, which enables the dissemination and optimisation of advertising in the media of our partners, various information may be collected. However, this information does not allow the identification of any particular person. The information we collect on these platforms is set out below:

Device Identifiers: for the purpose of monitoring the frequency and delivery of campaigns.
Device-related Information: for the purpose of targeting advertising to appropriate devices and for statistical purposes.
Non-precise Location Information (IP): for the purpose of targeting advertising to services and products available only in your country.
Precise Location Information (App only): Provided that the user has authorised the application to access this data, for the purpose of targeting advertising to services available in the geographical area.
Ad-related Events: in order to monitor the dissemination of campaigns, number of ad impressions, interaction with ads, etc.
Events related to the ad execution environment: information on the website, content, page views, etc. in order to monitor the campaign execution environment and to be able to apply Brand Safety measures.
Public IP: The user's full IP is only used on a transactional basis with our advertising partners (Bid Platforms, Demand Platforms and Brand Safety tools). In all other cases, we work with the anonymised IP, removing the last set of information. For example, 192.168.10.100 is anonymised in the system as follows: 192.168.10.xxx or 192.168.10.0.

Therefore, as EXTE works with other advertising companies and website publishers, different types of cookies may be inserted during their activities. To manage this targeting, we use a CMP registered by IAB EUROPE through its Transparency and Consent Framework initiative. Click on the following link to view the vendors and intended uses https://iabeurope.eu/tcf-for-vendors/

Information collected within the advertising marketplace services may be about your preferences, devices and generally does not directly identify the user but may provide a more personalised web experience, and we process it for the following purposes:

Analytical: Aggregate measurement of the data of each advertising action (number of impressions, clicks, interactions, etc.) in order to inform EXTE's partners and customers.
Ad Serving and Frequency Control: In order to limit the delivery and the number of exposures of a user to the same ad (e.g. 3 times a day).
Re/Targeting: EXTE uses data to segment the campaign to users based on the information collected (e.g., location, device, content visited, etc.).
Data shared with third parties: In order for independent companies to help EXTE analyse results, measure delivery, target ads, prevent fraud and generally audit the quality of service.

If you wish to reject all the cookies we work with in EXTE within the Framework of Transparency and Consent when you browse other websites, please consult our cookies policy. Please note that this action will include a cookie called opt-out that collects information about this decision in the domains: noddus.com.

Below, we inform you of the advertising cookies that EXTE uses in its advertising marketplace services:

12.1. ADVERTISING COOKIES

NAME	DESCRIPTION	DOMAIN	DURATION	TYPE	OWNER

_ga _gid	They are used to distinguish users when obtaining site usage statistics.	.noddus.com	30 days	advertising cookie	1st party
_fbp	This cookie tracks a user’s visits across different websites and reports that behavior to Facebook. Facebook can then use the data it collects to understand that user better and show better, more relevant advertising.	.noddus.com	180 days	advertising cookie	1st party
testcookie, receive-cookie-deprecation	Test cookie used by Google DoubleClick to check that cookies can be set.	.doubleclick.net	180 days	advertising cookie	Third party
_noddus_session	Technical cookie used to keep user session information	.noddus.com	Session	advertising cookie	Third party
AEC, APISID, HSID, NID, SAPISID, SEARCH_SAMESITE, SID, SIFCC, SOCS, SSID	We use Google cookies to ensure form security, personalize user experience, and display relevant ads. Some of these cookies are essential for the site to function (technical cookies), while others require your explicit consent (advertising and personalization cookies).	.google.com	6 months - 2 years	advertising cookie	Third party

13. MISCELLANEOUS

EXTE informs you that the Privacy Policy of the interested parties and users of EXTE is made up of this document, as well as the specific privacy conditions of each of the services of the companies that make up EXTE, which will be completed and interpreted in a coherent and systematic manner, respecting, in any case, the will of the interested party with respect to the general processing included here, without affecting the specific conditions of the services contracted.

In the event that any provision of these terms and conditions, or any part thereof, is declared illegal, invalid or unenforceable by a competent administrative or judicial body, it shall be deemed not to have been applied, without affecting the other provisions.

EXTE's delay or failure to exercise any legal action or any right described in these terms and conditions shall in no way imply a waiver of such rights.

Likewise, failure to claim a breach of the obligations set out in these conditions shall not constitute a waiver of any subsequent claim.

14. UPDATES

EXTE may update this Privacy Policy at any time. Said update will be made public by EXTE in any case, and will be communicated directly to the interested party and user in the event that it affects their rights or freedoms.

All notifications, modifications and communications to the user and interested party related to EXTE's Privacy Policy that affect their rights and freedoms will be made with the necessary legal notice, to the e-mail address provided.

The use of our services once this change has been communicated and browsing the EXTE Websites will imply the knowledge of the same by the interested party and users in the terms set out in the new Privacy Policy published. Therefore, every time you access the Websites of EXTE companies, you should review this Policy so that you are adequately informed about the type of information collected and its treatment.

The Spanish version of the Privacy Policy is the actual EXTE Privacy Policy. This document thereof is a translation of it. Any interpretation of it must be made in accordance with the Spanish language terms.

This Privacy Policy was last updated on July 1, 2025.