A Spanish company Tradler Vacations S.L. with registered office at Carrer de Provença, 288, 08008 Barcelona, Spain, (hereafter: "[Tradler co]", "we" or "us" ) provided with NIF B-67.076.562 and registered at the Mercantile Registry of Barcelona under Volume 46,090, Sheet 186, Page B-509 134, as the Responsible of the data processing on [https://tradler.io] (hereafter: "Platform"). In this privacy and cookie policy we will outline how we handle the personal data we collect from you.

We respect the privacy of the users on this Platform and we ensure that the personal data you share with us is processed in compliance with the applicable law and regulation for the protection of personal data and that these are handled confidentially.

During our processing we comply with the requirements as stipulated by the data protection law. This means among other things that:

• We clearly state for which purposes we process personal data. We do this through this privacy policy;
• We limit our gathering of personal data to only the personal data deemed necessary for legitimate purposes;
• We will first ask you for explicit consent to process your personal data in instances where your consent is required;
• We take appropriate security measures to protect your personal data and also demand the same from other parties that process personal data for us;
• We respect your right to offer you your personal data for inspection upon request and to correct, relocate, limit the processing of, or delete your personal data entirely.

It is possible that this privacy and cookie policy will be extended or amended in the future. We will notify you of this by placing an updated version of this privacy and cookie policy on the Platform. We recommend you to regularly check this privacy and cookie policy so you will be aware of these changes.

This privacy and cookie policy was last amended on [18/07/2019].

Why do we process personal data within the Platform?

Within the Platform, we make it possible for you to collect points as a way to reward you for your daily activities. These points can eventually be redeemed for a gift of your own choosing. You collect these points by performing well on your daily tasks. To make this all possible, we process your personal data within the Platform. We only process the data you have given us yourself through the Platform, or those we collect from you when you use the Platform. As summarized below, we will only process these personal data for the following different purposes:

1. To keep track of your performance when executing your activities;
2. To give you recognitions you have received from supervisors and/or coordinators;
3. To assign you milestones at important moments during your work or during the working week;
4. To keep track of your average productivity based on your performances and the milestones you have achieved.
5. To measure your state of mind based on optional questions, asked by your supervisor, and answered by you;
6. To offer you the option to create a profile within the Platform;
7. Functional and technical cookies to improve the use of the Platform.
8. To provide you with the necessary email communication too, for example, deliver the gifts you\'ve purchased or updates on the platform. For updates regarding Milestones and other important information, you are able to set your own preference in your account settings to either receive these updates or not.

The questions asked by your supervisor about your state of mind (5) are as mentioned optional, and do not require answering. The answers can however give a better insight into how you feel and what your supervisor can do to make you feel better about the activities you execute.

We will not process your personal data for any other than the aforementioned purposes unless you have given us permission to do so beforehand, or if it is necessary for the execution of the contract we have entered into with you, or if we may or must do this in accordance with the law.

Use of personal data

We process the following personal data categories for the aforementioned purposes:

• Name and address (optional in some instances);
• Date of birth;
• Email address;
• Start and end date (date entry and post employment);
• Contract type (type of employment contract);
• Employee number;
• Contact ID used within the Platform;

Your performance against metrics set by your organization, these metrics can be found on the homepage and your organization can change these metrics over time.

Personal data is collected for specified, explicity, and legitimate purposes and kept for no longer than necessary for the purposes of processing.

Security

The services of AWS are used within the Platform. For more information about the procedure on how they secure a safe storage of your data, you can refer to AWS's privacy and cookie policy.

In addition to these measures, additional measures are taken within the Platform that contribute towards a safe processing of your personal data. This can, among other things, include deleting your personal data upon your request and/or when you end the use of the service. Also by implementing a strict authorisation policy, where access to your data only takes place on a 'need-to-know' basis, your personal data are properly secured.

Disclosure of data with third parties

We will not sell your personal data to third parties and we will not disclose your data to third parties without your prior consent. It is possible however that we may or must share these data in accordance with the law.

Storage period of your data

We store your data so you can use the Platform. There are however periods associated with how long we will process your data. We process your data until:

• 30 days after you have resigned with the employer that uses the Platform;
• 30 days after you choose to leave the Platform, this can be done with your employer's tools;
• Your employer decides to no longer use the Platform.

Your rights as concerned party

Based on the current data protection law, you have several rights you can exercise on your personal data. This includes the following rights:

• The right to request insight into your personal data;
• The right to correct your personal data, or to have them corrected;
• The right to transfer your personal data;
• The right to (temporarily) limit the processing of your personal data;
• The right to, under certain circumstances, delete your personal data, or have them deleted.

Do you wish to exercise these rights, or do you have any questions about them? Please contact us through the contact details below. It is also possible to view, correct and delete your personal data through your personal settings page.

Responsible disclosure policy

Principles

We consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present.

If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. We would like to ask you to help us better protect our clients and our systems.

Please do the following:

• E-mail your findings to info@tradler.co. If your findings include critical information you can let us know by email, we will provide you with an encrypted SFTP so you can share your findings safely to prevent this critical information from falling into the wrong hands;
• Do not take advantage of the vulnerability or problem you have discovered, for example by downloading more data than necessary to demonstrate the vulnerability or deleting or modifying other people's data;
• Do not reveal the problem to others until it has been resolved;
• Do not use attacks on physical security, social engineering, distributed denial of service, spam or applications of third parties;
• Do provide sufficient information to reproduce the problem, so we will be able to resolve it as quickly as possible. Usually, the IP address or the URL of the affected system and a description of the vulnerability will be sufficient, but complex vulnerabilities may require further explanation.

What we promise:

• We will respond to your report within 3 business days with our evaluation of the report and an expected resolution date;
• If you have followed the instructions above, we will not take any legal action against you in regard to the report;
• We will handle your report with strict confidentiality, and not pass on your personal details to third parties without your permission;
• We will keep you informed of the progress towards resolving the problem;
• In the public information concerning the problem reported, we will give your name as the discoverer of the problem (unless you desire otherwise);
• We strive to resolve all problems as quickly as possible, and we would like to play an active role in the ultimate publication on the problem after it is resolved.

Contact us?

Our customer service team are happy to help you whenever you have questions or comments in connection with this privacy and cookie policy, or if you wish to gain knowledge on the data that we specifically process about you, or whenever you wish to exercise your rights as a concerned party subject to the current data protection law. You can contact:

It goes without saying that we will also help you if and when you have a complaint about the processing of your personal data. In accordance with the data protection law, you also have the right to file a complaint with the Data Protection Authority about how we process your personal data. To do so you can contact the Data Protection Authority.

Tradler
Carrer de Provença, 288,
08008 Barcelona, Spain
legal@tradler.io
support@tradler.io

For further Information

If you have any further questions regarding the data Tradler collects, or how we use it, then please feel free to contact us by email at: info@tradler.co, or in writing at:

Tradler
Carrer de Provença, 288,
08008 Barcelona, Spain