Global Data Privacy Addendum

Dear Affiliate,
Please read below the CCPA, CPRA, and GDPR Conditions.
According to the jurisdictions you are based in Section 1 (for the USA) or Section 2 (for the UK and Europe) will apply when you check the box in the signup form.

Section 3 applies to all affiliates.
We are not fond of legal language, so we tried to keep it this page to a minimum. The 3 sections below are 100% compliance common sense, and if you behave ethically and respect the user’s privacy, there is nothing you should worry about.

Section 1: CCPA/CPRA Service Provider Addendum

Between: Once-More (“Company”) and the Affiliate (“Service Provider”).

1.1 Purpose and Scope

This Addendum applies to the “Personal Information” of “Consumers” (as defined by the CCPA) processed by the Affiliate on behalf of Once-More. This document ensures compliance with the California Consumer Privacy Act of 2018 and its subsequent amendments (CPRA).

1.2 Restrictions on Processing

The Affiliate is prohibited from:

  • Selling or Sharing Personal Information provided by Once-More.
  • Retaining, using, or disclosing Personal Information for any purpose other than the specific business purpose of performing the services specified in the Affiliate Agreement.
  • Retaining, using, or disclosing the information outside of the direct business relationship between the Affiliate and Once-More.
  • Combining Personal Information received from Once-More with Personal Information received from other sources, except as permitted by the CCPA.

1.3 Compliance and Audits

  • Notification: Affiliate shall notify Once-More immediately if it determines it can no longer meet its obligations under the CCPA.
  • Right to Audit: Once-More reserves the right to take reasonable and appropriate steps to ensure that Affiliate uses Personal Information in a manner consistent with CCPA obligations.
  • Subprocessors: Affiliate must ensure any sub-affiliates or technical partners used in the performance of the services are bound by written contracts that provide the same level of privacy protection required by this Addendum.

1.4 Consumer Rights Requests

Affiliate shall provide reasonable assistance to Once-More for the fulfillment of its obligation to respond to consumer requests to exercise their rights (e.g., requests to delete or opt-out), including providing necessary information within five (5) business days of a request.

Section 2: GDPR Data Processing Addendum

Between: Once-More (“Data Controller”) and the Affiliate (“Data Processor”).

2.1 Subject Matter and Scope

This Addendum governs the processing of personal data by the Affiliate for the sole purpose of tracking referrals, managing campaign performance, and preventing fraud for Once-More.

  • Permitted Data: IP addresses, device IDs, click IDs, and referral timestamps.
  • Prohibited Data: The Affiliate shall not be granted access to, nor shall they process, any highly sensitive user information stored within the app, including but not limited to geolocation data, user profiles, chat logs, or matchmaking preferences.

2.2 Obligations of the Processor (Affiliate)

The Affiliate agrees to:

  • Process strictly on instructions: Handle personal data only on documented instructions from Once-More, unless required to do so by European Union or Member State law.
  • Confidentiality: Ensure that any personnel authorized to process the data have committed themselves to strict confidentiality.
  • Security Measures: Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption of referral data in transit.
  • Sub-processors: Not engage another processor (e.g., sub-affiliates or third-party tracking pixels) without prior written authorization from Once-More. If authorized, the sub-processor must be bound by the same strict data protection obligations.

2.3 Data Subject Rights

The Affiliate must assist Once-More through appropriate technical and organizational measures to fulfill obligations to respond to data subject requests. This includes the Right to Access, Rectification, and Erasure (“Right to be Forgotten”). If an affiliate receives a request directly from a user, they must forward it to Once-More within three (3) business days.

2.4 Personal Data Breach

In the event of a personal data breach affecting Once-More referral data, the Affiliate shall notify Once-More without undue delay, and in no event later than 48 hours after becoming aware of the breach.

2.5 International Data Transfers

If the Affiliate is located outside the European Economic Area (EEA) or the UK, and processes data of EU/UK citizens, the processing shall be governed by the standard contractual clauses (SCCs) approved by the European Commission, which are incorporated by reference into this Addendum.

2.6 Deletion or Return of Data

Upon termination of the Affiliate Agreement, the Affiliate shall automatically delete all personal data processed on behalf of Once-More within thirty (30) days, unless applicable law requires continued storage.

Section 3: Marketing Standards, Audits, and Right of Refusal

3.1. Right to Audit and Review Once-More reserves the right, at its sole discretion and at any time, to monitor, audit, and review all Affiliate traffic sources, custom landing pages, pre-landers, ad copy, creatives, and promotional methods (“Promotional Materials”) used to direct traffic to the Once-More application. The Affiliate agrees to provide Once-More with direct links, screenshots, or access to these Promotional Materials upon request.

3.2. Absolute Right of Refusal (Veto) Once-More holds the absolute right to veto the use of any Promotional Materials. If Once-More determines that an Affiliate’s Promotional Materials are off-brand, deceptive, low-quality, or in violation of these Terms or applicable laws (including but not limited to data privacy regulations and truth-in-advertising standards), Once-More will issue a takedown or modification notice. Upon receipt, the Affiliate must immediately pause the associated campaigns and remove or modify the Promotional Materials.

3.3. Prohibited Marketing Tactics To ensure brand safety and regulatory compliance, the following tactics are expressly prohibited and constitute grounds for an immediate veto and account suspension:

  • Deceptive UI: The use of fake user profiles, simulated “new message” pop-ups, fabricated match notifications, or false geolocation claims.
  • Trademark Infringement: Bidding on Once-More trademarked terms, branded keywords, or registering confusingly similar domain names (brand-bidding).
  • Missing Disclosures: Failure to clearly and conspicuously label the Promotional Materials as an “Advertorial,” “Sponsored,” or “Ad” in compliance with FTC (US), ASA (UK), or other applicable regulatory guidelines.
  • Privacy Violations: Capturing user data, utilizing tracking pixels, or dropping cookies on Affiliate-owned pages without fully compliant GDPR/CCPA consent mechanisms in place prior to redirecting traffic to Once-More.

3.4. Enforcement and Forfeiture of Commissions Failure to immediately comply with a veto request, or the discovery of severe brand safety or privacy violations, grants Once-More the right to:

  • Permanently withhold, reverse, or forfeit any pending or unpaid commissions generated through the non-compliant Promotional Materials or unauthorized traffic sources.
  • Immediately deactivate the Affiliate’s tracking links without prior notice.
  • Terminate the Affiliate Agreement immediately.