Partner Room Affiliate Privacy Policy

Partner Room values your integrity and privacy immensely and is committed to managing all your personal data in a transparent, fair and lawful manner. This affiliate privacy policy (together with the sets out the basis upon which Partner Room collects, stores, and uses your personal data when you register as an affiliate with our partner website (, as well as what your rights are, and how the law protects those rights (“Affiliate Privacy Policy”).


(a) Purpose of Policy

This Affiliate Privacy Policy aims to give you a thorough understanding of how we process your personal data which is gathered through your use of this website, and which includes any data which you may provide us with upon registration and through the establishment of our business relationship.

Unless otherwise defined within this Affiliate Privacy Policy, capitalised terms contained herein shall have the same meaning as set out in the Affiliate Terms & Conditions.

This Affiliate Privacy Policy must be read in conjunction with any other privacy notices we may provide you with from time-to-time. This Affiliate Privacy Policy is supplementary to other such notices and is not intended to override them.

We vow to protect your personal data and to always respect your privacy in accordance with the best business practices and applicable laws. You are responsible to provide us with personal data that is correct and inform us of any changes occurring in your data in writing, in order that we may take all reasonable measures to keep our records in your regard correct and up to date.

(b) Data Controller

Partner Room, is the data controller and is therefore responsible for your personal data (“Company” or “we”, “us”, “our” in this Affiliate Privacy Policy).

Since we take your privacy seriously, we have appointed a representative within the European Union to address any issues related to the processing of your personal data on our behalf. Should you have any queries about this policy, including any request to exercise your legal rights, please contact our representative within the European Union using the details provided below:

Full Name of Legal Entity Partner Room
Postal Address Europa Business Centre, Level 3-701, Dun Karm Street, Birkirkara, BKR 9034, Malta
Email Address [email protected]

You also have the right to file a complaint with the Information and Data Protection Commission (“IDPC”) at any time, being the main Supervisory Authority for data protection matters in Malta. However, we would truly appreciate the opportunity to address your issues before you contact the IDPC, so kindly contact us in the first instance.


(a) What is personal data?

The General Data Protection Regulation (“GDPR”) defines personal data as:

“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”

You, as the Company’s Affiliate, provided that you are a natural person, are the ‘data subject’ in relation to this Affiliate Privacy Policy. In short, this means that any personal data relating to you as a data subject is protected under data protection law. However, it does not include data where the identifiers relating to the data subject have been removed (meaning anonymous data).

(b) The important stuff – what, how, and why?

We may collect, use, store, and transfer different kinds of personal data. In this section we explain the following:

(i) what kind of data we collect;

(ii) how we collect such data – do we get the data directly from you? Do we get it from other sources?;

(iii) for which purposes we collect the data – how and why do we use this data?; and

(iv) what our legal basis for processing such data is – the possible legal bases we could rely on are:

a. Legal Obligations – are we required by law or regulations to process this data? Do we need to process this data to satisfy a legal obligation?

b. Legitimate interest – when relying on this legal ground, it means that we process your data in the interest of conducting and managing our business to ultimately provide you the best service and experience we possibly could. Before relying on this ground, we ensure that we evaluate that potential impact such processing may have on you and your rights. Therefore, we do not rely on this ground where your rights and interests as a data subject override our interests to process such data;

c. Performance of contract – the processing of personal data is necessary for the performance of contractual obligations we enter into with you and which you are a party to (i.e. the Affiliate Agreement)

d. Consent – Where consent is used as a legal basis for processing your data, we only process your data in such a manner for as long as we have your consent to do so. If, at any time, you feel that you no longer wish for us to process your data in such a manner, we will no longer do so. However, this will not affect any processing of personal data that we carried out with your consent prior to the removal of your consent. Please see Section 7 of this Privacy Policy for further information on how you can remove your consent.

Data collected How do we collect your data? Purpose for collection Legal basis for processing data
Identification data –this includesfull name, username of choice, date of birth, company name (if applicable) Requested upon registration

(1) Affiliate identification and creation of unique Affiliate profile

(2) Identification of Affiliate when contact is made

(3) Date of birth is used to ensure that the affiliate over 18 years of age

(1) Performance of contract

(2) Performance of contract

(3) Performance of contract

Contact details – this includes email address, physical address, contact number, Skype username. Requested upon registration

(1) Affiliate identification and creation of unique affiliate profile

(2) Contacting Affiliate for support purposes

(3) Used to pass on the material to be used by Affiliate as agreed under the Affiliate Agreement

(1) Performance of contract

(2) Performance of contract

(3) Performance of contract

Financial data – this would include your bank details as are necessary to carry out the payment of the commission to you, as well as any preferred minimum payout limits you may set. These details may also include your tax details for invoicing purposes. Collected upon Affiliate’s voluntary input of necessary details in Affiliate account (1) Required to carry out transfer of commission to Affiliate as agreed under the Affiliate Agreement (1) Performance of contract
Transaction data – this includes details relating to payments of commissions made to you. Automatically generated when payments of affiliate commission are made to you (1) Required as per the terms of the Affiliate Agreement (1) Performance of contract
Data relating to your communications with us (depending on preferred communication method, such as email or Skype) Email and Skype correspondence is collected automatically upon contact being made (1) Required for discussions relating to our ongoing business relationship (1) Performance of contract
Technical data – this includes your registration internet protocol (IP) address, your login data (last login date) These are automatically collected through the browser making the request

(1) Your registration IP address is collected by us as a security measure – it is a security feature which ensures that the Affiliate logging in is the same Affiliate who signed up for the Affiliate Account;

(2) Your last login date is used by us to monitor your account activity

(1) Legitimate interest

(2) Legitimate interest

Your personal data shall not be processed for purposes other than those it was collected for; should further processing be required, you will be informed of that purpose and provided with all necessary information.


We do not share or transfer any of your personal data or personally identifiable information with any third parties (whether located within or outside of the European Union) for the purposes outlined in this Affiliate Privacy Policy.


In establishing and carrying out our business relationship, we generally do not make use of fully automated decision making. If we use this procedure in individual cases, we shall inform you of this separately, provided it is a legal requirement.


Partner Room always strives to ensure that your data is safe, both in our hands and in the hands of any third-party to whom we may disclose your data. Internally, we have put in place a number of security measures, both from a technical aspect as well as from an organisational aspect, to ensure that your data is not accidentally lost, used, accessed in an unauthorised manner, altered, or disclosed. We also ensure that access to your personal data is determined on a ‘need-to-know’ basis, meaning that only the persons who have a direct need to access your personal data will have access to it. Furthermore, anyone having access to your personal data is subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected or actual personal data breaches. We will notify both you as an affected data subject and the supervisory authority concerned of any such data breach whenever we are legally required to do so, and we shall maintain a log of any such breaches.


Partner Room shall only retain your personal data for as long as necessary in view of the purposes for which they were collected. Such purposes could include the satisfaction of any legal, accounting, or reporting requirements.

When determining the appropriate retention period applicable to your data, we take several factors into consideration, such as the nature and sensitivity of the personal data, the potential risks surrounding the unauthorised use or disclosure of such data, the purposes for which we collect and process such data, and the applicable laws and/or regulatory requirements imposed on us. We will retain all data relating to our business relationship for at least five (5) years following the end of our business relationship, as we have a legitimate interest to do so.

Please feel free to contact our representative within the European Union on the contact details provided above for further information on our retention periods.


Data protection law gives you, as a data subject, certain rights in certain circumstances. In accordance with law, you have a right to:

(i) Request access to your personal data – This means that you have a right to request, free of charge, a copy of the personal data we hold about you;

(ii) Request the correction of your personal data – This means that if any personal data we hold about you is incomplete or incorrect, you have a right to have this corrected. Keep in mind, however, that we may need you to provide evidence and documentation (such as your ID documentation or proof of address) to support your request;

(iii) Request the erasure of your personal data – This means that you may request the erasure of your personal data where we no longer have a legitimate reason to continue processing it or retaining it. Please be aware that this right is not absolute – meaning that we are not able to satisfy your request where we are obliged under a legal obligation to retain the data, or where we have reason that the retention of data is necessary for us to defend ourselves in a legal dispute;

(iv) Object to the processing of your personal data where we rely on our legitimate interests (or those of a third party) to process your data and you feel that our processing of your data in such a manner impacts your fundamental rights and freedoms. However, in some cases, we may be able to demonstrate that we have a compelling legitimate ground to process your data which may override your rights and freedoms. You may submit your objections to processing of your personal data on the grounds of the above-mentioned legitimate company interests by contacting our representative within the European Union on the details provided above;

(v) Request the restriction of the processing of your personal data – You may ask us to temporarily suspend the processing of your personal data in one of the following scenarios: (a) where you want us to establish the accuracy of the data, (b) where our use of the data is unlawful but you do not wish for us to delete it, (c) where you need us to retain your data even when we no longer need it in order for you to establish, exercise, or defend legal claims, or (d) where you have objected the use of your data but we need to verify whether we have overriding legitimate grounds to use it;

(vi) Request the transfer of your personal data (i.e. data portability) – This means you may request us to transfer certain data we process about you to a third party. This right only applies to data acquired through automated means which you initially provided consent for us to use, or where we used the data to perform our obligations under a contract with you;

(vii) Withdraw your consent at any time where we rely on your consent to process the data – ‘Opting out’ or withdrawing your consent will not affect the lawfulness of the processing carried out by us up until the time you withdrew your consent. Withdrawing your consent means that, going forward, you no longer wish for us to process your data in such a manner. This means that you may no longer consent for us to provide you with certain services. You may withdraw your consent at any time through the Privacy Dashboard, found on “Your Account” on the website;

(viii) File a complaint with a supervisory authority – as explained in section 1(b) of this Privacy Policy.

In order to exercise your rights as explained above, we may need to request specific information about you to help us verify your identity. This is a security measure to ensure that we are certain that the person to whom we disclose your personal data is really you.

We will do our utmost to respond to all legitimate requests within a one-month timeframe from the submission of a request. If your request is particularly complex, or if you have made multiple requests in a certain time period, it may take us a little longer. In such a case, we will notify you of this extension.

Policy Version No. Date of Issue
1.0 29.05.2018