Kuponex

Privacy Policy

Effective as of December 24, 2025

  1. General provisions

    This Privacy Policy (hereinafter the "Privacy Policy") sets out the principles and rules governing the processing of Personal Data of Users (hereinafter the "User" or the "Users") of the Kuponex Platform, including the Kuponex website, mobile apps and related digital services (hereinafter the "Platform").

    1. The controller of Personal Data processed through the Platform is Kuponex (hereinafter the "Kuponex"), acting in its capacity as a Data Controller within the meaning of applicable data protection laws.

    2. The processing of Users' Personal Data on the Platform is carried out in accordance with applicable data protection legislation, including, but not limited to:

      • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the General Data Protection Regulation, hereinafter the "GDPR");

      • applicable national laws and regulations of any member state of the European Union (EU) and state of the European Economic Area (EEA) adopted pursuant to, supplementing or implementing the GDPR;

      • applicable national electronic communications laws and regulations of any member state of the European Union (EU), insofar as they relate to electronic communications, the use of cookies, and the protection of Personal Data;

      • applicable data protection laws and regulations of any state of the European Economic Area (EEA), insofar as they apply to the processing of Personal Data;

      • the United Kingdom General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 of the United Kingdom, as applicable within the United Kingdom;

      • the Norwegian Personal Data Act, implementing the GDPR within the Kingdom of Norway pursuant to the EEA Agreement.

    3. Kuponex acts exclusively as a Platform operator and intermediary providing the User with classified listing and communication services. Kuponex does not provide payment processing services, escrow services, money transmission services, or financial intermediation of any kind, does not act as a payment intermediary and does not process or store User's financial Transaction data (such as payment card numbers, bank account details or Transaction execution data). Any agreements regarding Transactions and payment arrangements are concluded directly between Users outside the Platform, without the involvement of Kuponex.

    4. Any agreements regarding:

      • the conclusion of a Transaction;

      • the payment method;

      • the payment amount;

      • the timing of payment;

      • or other financial arrangements;

      are entered into directly between Users, at their own discretion and responsibility, outside the Kuponex Platform and without the involvement of Kuponex. Kuponex does not collect, store, process or have access to User's payment card data, bank account details or other financial Transaction data related to such payments.

    5. Kuponex processes only such Personal Data as is necessary, relevant and proportionate for the purposes of:

      • Account registration and authentication;

      • listing and managing listings;

      • facilitating communication between Users;

      • ensuring Platform security, abuse prevention and fraud mitigation;

      • complying with applicable legal obligations.

    6. By registering on the Platform, creating an Account and using the Platform in any manner, the User:

      • acknowledges that he (she) has read and understood this Privacy Policy;

      • confirms awareness of the purposes and legal bases of data processing;

      • accepts that Personal Data will be processed in accordance with this Privacy Policy and the applicable Terms and Conditions.

    7. Where Personal Data is processed on the basis of the User's consent, such consent may be withdrawn at any time, without affecting the lawfulness of processing carried out prior to such withdrawal.

    8. Kuponex may update or amend this Privacy Policy from time to time to reflect:

      • changes in Applicable Laws, including but not limited to the European Union, the United Kingdom or Norwegian law;

      • regulatory guidance;

      • changes in Platform functionality;

      • internal data processing practices;

      • or other operational practices.

      Where required by law, Users will be informed of material changes via the Platform. Continued use of the Platform after such changes constitutes acceptance of the updated Privacy Policy.

    9. This Privacy Policy shall be interpreted in accordance with applicable data protection laws. In the event of any inconsistency between this Privacy Policy and mandatory legal provisions, the latter shall prevail.

  2. Definitions

    For the purposes of this Privacy Policy, the following terms shall have the meanings set out below. Unless otherwise expressly stated, definitions used herein shall be interpreted in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR), relevant national laws and established marketplace practice. The following definitions apply:

    1. The Platform (Kuponex) - an online classified advertisements portal and (or) mobile application operated by Kuponex that enables the User to list the Coupon's or Event Ticket's advertisement or advertisements, communicate with other Users via the Platform's internal messaging function - Chat (hereinafter the "Chat") and independently negotiate the terms of Transactions (hereinafter the "Platform" or "Kuponex").

    2. The User - any natural person or legal entity that accesses, registers on or uses the Platform, regardless of whether such the User is listing the Coupon's or Event Ticket's advertisement or advertisements, communicates via Chat or merely browses content (hereinafter the "User").

    3. Account - an individual User profile created on the Platform, secured by authentication credentials, through which the User may manage Listings, communicate with other Users and access Platform functionalities without Kuponex acting as a party to any Transaction (hereinafter the "Account").

    4. Listing - content published by the User on the Platform offering a Coupon or Event Ticket for sale, exchange or other lawful disposition, including descriptions, images and related information.

    5. Transaction - a potential or completed agreement concluded directly and independently between Users concerning a Coupon or Event Ticket, the terms and payment conditions of which are agreed outside the Platform and without Kuponex acting as a party, intermediary or payment service provider (hereinafter the "Transaction").

    6. Gift coupon, gift voucher or gift card - a valid and unused digital or physical gift coupon, gift voucher or gift card and discount voucher granting its holder the right to receive goods or services from a third party merchant, which is listed by the User on the Platform for sale, exchange or other lawful disposition, without Kuponex acting as a seller, issuer, intermediary, payment service provider or party to any Transaction relating thereto (hereinafter the "Coupon").

    7. Event Ticket - a valid and unused digital or physical ticket granting its holder the right to attend a specific event, including but not limited to cultural, entertainment, sports or leisure events, which is listed by the User on the Platform for sale or other lawful disposition, without Kuponex acting as a seller, organiser, intermediary, payment service provider or party to any Transaction relating thereto (hereinafter the "Event Ticket").

    8. Personal Data - any information relating to an identified or identifiable natural person, as defined in Article 4(1) GDPR, including but not limited to identification data, contact details, online identifiers, communication data and usage data, as further supplemented by applicable national laws (including in the United Kingdom and Norway) and corresponding laws of any member state of the European Union (EU) or any state of the European Economic Area (hereinafter the "Personal Data").

    9. Data Controller - Kuponex, as the legal entity determining the purposes and means of the processing of Personal Data within the Platform, within the meaning of Article 4(7) of Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR), the United Kingdom General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 of the United Kingdom, the Norwegian Personal Data Act, implementing the GDPR within the Kingdom of Norway and the European Economic Area (EEA) (hereinafter - the "Data Controller").

    10. Data Processor - any natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Data Controller, including but not limited to providers of hosting services, cloud computing solutions, IT infrastructure, analytics services, communication tools, email delivery systems or customer support solutions, in accordance with Article 4(8) of Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR), the United Kingdom General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 of the United Kingdom, the Norwegian Personal Data Act, implementing the GDPR within the Kingdom of Norway and the European Economic Area (EEA) (hereinafter - the "Data Processor").

    11. Chat - the internal messaging functionality provided by the Platform, enabling Users to communicate with each other in relation to Advertisements and potential Transactions.

    12. Third Party - any natural or legal person other than the User and Kuponex, including external service providers, merchants, authorities or other Users of the Platform.

    13. EEA (European Economic Area) - the European Union member states together with Iceland, Liechtenstein and Norway.

    14. Applicable Law - all applicable data protection, consumer protection and digital services laws and regulations, including but not limited to the GDPR, the United Kingdom General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 of the United Kingdom, the Norwegian Personal Data Act and any other applicable national laws and regulations of any member state of the European Union (EU), relating to data protection, consumer rights, and digital platform services.

    15. Privacy Policy - document, which sets out the principles, scope, purposes and conditions of the processing of Personal Data by the Data Controller in connection with the use of the Platform.

  3. Categories of data collected and purposes of processing

    1. Contact details of the Data Controller. The data subject, the User, may contact the Data Controller on all matters relating to the processing of Personal Data by contacting support@kuponex.com, in accordance with Articles 12–14 GDPR, the United Kingdom GDPR, and applicable national implementing laws in Norway and any member state of the European Union (EU) or any state of the European Economic Area (EEA).

    2. Data Protection Officer. The Data Controller may appoint a Data Protection Officer (hereinafter - DPO) in accordance with Article 37 of the GDPR, the United Kingdom GDPR and the Data Protection Act 2018, and the Norwegian Personal Data Act. Where a DPO is appointed, the contact details of the DPO shall be published on the Platform without undue delay.

    3. Data minimisation principle. The Data Controller processes Personal Data in accordance with the principles of lawfulness, fairness, transparency, purpose limitation and data minimisation as set out in Article 5(1)(a)–(c) of the GDPR and corresponding national legislation of member states of European Union, the United Kingdom and Norway. Accordingly, the Data Controller collects and processes only such Personal Data as is strictly necessary for the proper provision, security, administration and improvement of the Kuponex Platform services.

    4. Categories of Personal Data collected and purposes of processing. The categories of Personal Data collected and processed by the Platform include, but are not limited to, the following:

      Category Examples of data Purpose of processing
      Account data Name, surname, email address, encrypted password To create, maintain and secure the User's Account
      Identification data (optional) Phone number To verify Account authenticity, prevent fraud and abuse
      Tech and log data IP address, device type, browser version, operating system, login timestamps To ensure the Platform functionality, detect abuse, and maintain security
      Communication data Messages and attachments exchanged via Platform Chat To enable User-to-User communication, to handle dispute and maintain the Transaction evidence
      The Coupon's, Event Ticket's metadata Date and time of listing, price, Coupon or Event Ticket details, status To ensure the operation of listings and to monitor User activity
      Cookies and analytical data Session ID, preferences and page interactions. To improve Platform performance, usability and User experience.

    5. Special categories of data. The Data Controller does not collect or process special categories of Personal Data within the meaning of Article 9(1) of the GDPR, unless such processing is required by Applicable Law or the data subject, the User, has provided explicit consent in accordance with Article 9(2)(a) of the GDPR and corresponding national legislation of member states of European Union, the United Kingdom and Norway.

    6. Sources of Personal Data. Personal Data is obtained directly from the User during registration of an Account, login to the Platform, creation of advertisements, communication through the Platform Chat. In certain cases, Personal Data may be generated automatically (e.g. server logs) or obtained from technical service providers acting as Data Processors (e.g. hosting, analytics or security service providers), in accordance with Article 28 of the GDPR and equivalent national laws and provisions of the European Union member states, as well as the United Kingdom's and Norwegian laws and provisions.

    7. Automated decision making and profiling. The Platform does not carry out fully automated decision making or profiling within the meaning of Article 22 of the GDPR, equivalent the European Union member states national laws and provisions, the UK GDPR or the Norwegian Personal Data Act. Limited automated processing may be applied solely for purposes of fraud prevention, Platform security or Account integrity checks, without producing legal effects concerning the User or similarly significantly affecting the User.

    8. Combination of data categories. The Data Controller may combine different categories of Personal Data solely for legitimate purposes such as ensuring system security, preventing fraud and abuse, improving Platform performance, ensuring compliance with Applicable Laws. Such processing is carried out in accordance with Article 6(1)(f) of the GDPR (legitimate interests) and corresponding provisions of any member state of the European Union (EU), UK and Norwegian data protection laws.

  4. Data retention, security and storage

    1. General data retention principles. The Data Controller retains Personal Data only for as long as is necessary to fulfil the purposes for which such data was collected and processed, in accordance with the principle of storage limitation set out in Article 5(1)(e) of Regulation (EU) 2016/679 (GDPR), corresponding data protection laws and regulations of any member state of the European Union (EU), as well as the United Kingdom General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 of the United Kingdom, the Norwegian Personal Data Act.

    2. Criteria for determining retention periods. Personal Data retention periods are determined by the following criteria:

      • the duration of the contractual or legal relationship between the User and the Platform operator;

      • statutory obligations imposed on the Data Controller under applicable European Union law, the United Kingdom, the Kingdom of Norway and equivalent laws of any member state of the European Union (EU);

      • the necessity to establish, exercise or defend legal claims, in accordance with Article 17(3)(e) of the GDPR;

      • technical, security and operational requirements of the Platform, including the maintenance of system logs for the purposes of cybersecurity and abuse prevention.

    3. Deletion and anonymisation of data. Upon expiry of the applicable retention period, Personal Data shall be securely deleted or irreversibly anonymised, unless further retention is required by Applicable Law or is necessary for the establishment, exercise or defence of legal claims.

    4. Retention period by data categories:

      Category Retention period
      Account data Stored for as long as the Account is active. Deleted within 30 (thirty) days after Account closure, unless longer retention is required
      Login and access logs 1 (one) year from collection date
      Technical and log data IP address, device type, browser version, operating system and login timestamps law retained for up to 1 (one) year
      The Chat communication data 3 (three) years from message date for fraud prevention, moderation and dispute resolution purposes
      Listing and the Transaction metadata. 3 (three) years after last User activity
      Fraud monitoring and security data Up to 5 (five) years from the date of detection or reporting of suspicious activity
      Cookies and analytical data Up to 13 (thirteen) months or until consent is withdrawn in accordance with applicable cookie regulations

    5. Security measures. The Data Controller implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR, the United Kingdom GDPR and the Data Protection Act 2018, the Norwegian Personal Data Act and corresponding provisions of any member state of the European Union (EU). Such measures include, inter alia, access control mechanisms, encryption, regular security assessments and internal data protection procedures.

    6. Personal data breaches. In the event of a Personal Data breach, the Data Controller shall act in accordance with Articles 33 and 34 of the GDPR, as well as equivalent provisions of the Law on Legal Protection of Personal Data of the United Kingdom GDPR and the Data Protection Act 2018, the Norwegian Personal Data Act and other Applicable Laws of European Union member states. The competent supervisory authority and, where required, affected data subjects shall be notified without undue delay.

    7. Data storage location. Personal Data is stored on secure servers located within the European Economic Area (EEA), primarily in data centres operated by certified service providers compliant with recognised information security standards, including ISO/IEC 27001 or equivalent standards.

    8. No sale or commercialisation of Personal Data. The Kuponex Platform and the Data Controller do not sell, rent, lease or otherwise commercially exploit the User's Personal Data.

    9. Disclosure of Personal Data. Any disclosure of Personal Data shall be carried out strictly in accordance with Articles 28 and 29 of the GDPR and equivalent national legislation, ensuring that all recipients act on the basis of written data processing agreements providing safeguards equivalent to those required under the GDPR, the United Kingdom GDPR, the Data Protection Act 2018, the Norwegian Personal Data Act and corresponding laws of any member state of the European Union (EU). Personal Data may be disclosed to competent public authorities, supervisory bodies or law enforcement agencies only where such disclosure is required by Applicable Law or a binding legal request, including but not limited to cases involving:

      • the investigation, detection or prevention of suspected criminal offences, including fraud, abuse or circulation of counterfeit coupons and counterfeit Event Tickets;

      • compliance with accounting, taxation or financial reporting obligations imposed by law;

      • execution of court judgments, administrative decisions or legally binding orders.

  5. Data subject rights, obligations and liability

    1. Each Data subject (the User) shall have the rights set out in Chapter III of Regulation (EU) 2016/679 (GDPR) (Articles 12–23), the United Kingdom General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 of the United Kingdom, the Norwegian Personal Data Act implementing the GDPR within the Kingdom of Norway and the European Economic Area (EEA) as well as corresponding data protection laws and regulations of any member state of the European Union (EU). Where applicable, the exercise of rights and the handling of requests shall also be assessed in light of relevant rules on digital services, electronic communications and consumer protection, including Regulation (EU) 2022/2065 (Digital Services Act) and relevant national implementing provisions.

    2. Kuponex ensures that all Data subject (the User) rights are exercised free of charge, fairly, transparently, without undue delay and in any event within 1 (one) month from the receipt of a valid request, as required by Article 12(3) GDPR and, where relevant, by the United Kingdom GDPR and the Data Protection Act 2018 of the United Kingdom, the Law on Legal Protection of Personal Data of the Norwegian Personal Data Act.

    3. If the User's request is complex, manifestly unfounded, excessive or repetitive, Kuponex may extend the response period by an additional two (2) months, in accordance with Article 12(3) of Regulation (EU) 2016/679 (GDPR), as implemented and supplemented by the Law on Legal Protection of Personal Data and the corresponding data protection laws of any member state of the European Union (EU). Kuponex shall inform the User of any such extension and the reasons for it without undue delay. Where a request is manifestly unfounded or excessive, in particular because of its repetitive character, Kuponex may refuse to act on the request or charge a reasonable fee, in accordance with Article 12(5) GDPR, the United Kingdom General Data Protection Regulation (UK GDPR), without prejudice to the User's right to lodge a complaint with a competent supervisory authority.

    4. The User has the right to obtain confirmation as to whether their Personal Data is being processed and, if so, to access the information listed in Article 15 GDPR, including:

      • the purposes of processing;

      • the categories of Personal Data concerned;

      • the recipients or categories of recipients to whom the data have been or will be disclosed;

      • the envisaged period for which the data will be stored;

      • the existence of rights to rectification, erasure, restriction or objection;

      • the source of the data (if not obtained directly from the User);

      • the existence of automated decision-making, including profiling.

    5. The User has the right to request the rectification or completion of any inaccurate or incomplete Personal Data held by Kuponex without undue delay, in accordance with Article 16 of Regulation (EU) 2016/679 (GDPR), as further implemented and supplemented by the Law on Legal Protection of Personal Data and corresponding provisions of data protection laws and regulations of member states of the European Union, as well as equivalent rights under the United Kingdom General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 of the United Kingdom and the Norwegian Personal Data Act. Kuponex shall take reasonable and proportionate measures to verify the accuracy of the Personal Data prior to making any rectification or completion, including, where necessary, requesting additional information or documentation from the User, provided that such verification does not result in excessive or disproportionate processing.

    6. The User has the right to request the deletion of his or her Personal Data (the "right to erasure") in accordance with Article 17 of Regulation (EU) 2016/679 (GDPR), the United Kingdom General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 of the United Kingdom, the Norwegian Personal Data Act and corresponding data protection laws and regulations of any member state of the European Union, where:

      • the Personal Data is no longer necessary for the purposes for which it was collected or otherwise processed;

      • the User withdraws consent on which the processing is based and there is no other legal ground for the processing;

      • the User objects to the processing pursuant to Article 21 GDPR and there are no overriding legitimate grounds for the processing;

      • the Personal Data has been unlawfully processed;

      • the erasure of the Personal Data is required to comply with a legal obligation applicable to Kuponex under European Union law or the laws of the United Kingdom, Norway or any member state of the European Union, as applicable.

    7. This right does not apply to the extent that the processing of Personal Data is necessary for compliance with a legal obligation to which the Data Controller is subject or for the establishment, exercise or defence of legal claims, in accordance with Article 17(3) of Regulation (EU) 2016/679 (GDPR), the United Kingdom General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 of the United Kingdom, the Norwegian Personal Data Act and corresponding data protection laws and regulations of any member state of the European Union.

    8. The User may request restriction of processing in accordance with Article 18 of Regulation (EU) 2016/679 (GDPR), the United Kingdom General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 of the United Kingdom, the Norwegian Personal Data Act and corresponding data protection laws and regulations of any member state of the European Union, where:

      • the accuracy of the Personal Data is contested by the User, for a period enabling the Data Controller to verify the accuracy of such data;

      • the processing is unlawful and the User opposes the erasure of the Personal Data and requests the restriction of its use instead;

      • the Data Controller no longer needs the Personal Data for the purposes of the processing, but the User requires it for the establishment, exercise or defence of legal claims;

      • the User has objected to processing pursuant to Article 21(1) GDPR, pending the verification whether the legitimate grounds of the Data Controller override those of the User.

    9. The User has the right to receive the Personal Data concerning him or her, which he or she has provided to Kuponex, in a structured, commonly used and machine-readable format, and has the right to transmit those data to another Data Controller without hindrance from Kuponex, where applicable, in accordance with Article 20 of Regulation (EU) 2016/679 (GDPR), the United Kingdom General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 of the United Kingdom, the Norwegian Personal Data Act and corresponding data protection laws and regulations of any member state of the European Union. Where technically feasible, the User shall also have the right to have the Personal Data transmitted directly from Kuponex to another Data Controller, provided that such transmission does not adversely affect the rights and freedoms of others.

    10. Where the processing of Personal Data is based on the User's consent, the User shall have the right to withdraw such consent at any time, without affecting the lawfulness of processing carried out prior to the withdrawal, in accordance with Article 7(3) of Regulation (EU) 2016/679 (GDPR), the United Kingdom General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 of the United Kingdom, the Norwegian Personal Data Act (and corresponding data protection laws and regulations of any member state of the European Union. The withdrawal of consent shall not affect the lawfulness of processing carried out prior to such withdrawal. The User may exercise the right to withdraw consent at any time by contacting Kuponex via email at support@kuponex.com.

    11. The User has the right to lodge a complaint with the competent supervisory authority concerning the processing of his/her Personal Data, including but not limited to:

      • in the European Union member states: the State Data Protection Inspectorate, acting pursuant to the Law on Legal Protection of Personal Data;

      • in the United Kingdom: the Information Commissioner's Office (ICO), acting pursuant to the United Kingdom General Data Protection Regulation and the Data Protection Act 2018;

      • in Norway: Datatilsynet, acting pursuant to the Norwegian Personal Data Act, implementing Regulation (EU) 2016/679 within the European Economic Area (EEA);

      • and or with any other competent supervisory authority in the User's country of residence, place of work or place of the alleged infringement within the European Union or the European Economic Area, in accordance with Articles 77–79 of Regulation (EU) 2016/679 (GDPR), or equivalent provisions under the UK GDPR where applicable.

    12. The User must ensure that all personal and transactional data provided to Kuponex is accurate, complete and up to date.

    13. Providing false, misleading or unauthorised third party information constitutes a violation of the Terms and Conditions and may result in Account restrictions, temporary suspension or permanent termination of the User's Account. Such conduct may also be reported to competent supervisory, regulatory or law enforcement authorities where fraud, identity misuse, impersonation or other unlawful conduct is suspected, in accordance with Applicable Laws and regulations of the United Kingdom, Norway and member states of the European Union and the European Economic Area, including but not limited to criminal, administrative and consumer protection legislation. For the avoidance of doubt, any reference to legal bases under Article 6(1)(f) of Regulation (EU) 2016/679 (GDPR) and equivalent provisions under the United Kingdom GDPR relates to Kuponex's legitimate interests in ensuring the security and integrity of the Platform, preventing fraud and abuse, enforcing the Terms and Conditions, and protecting the rights, property and safety of Users and third parties.

    14. The Platform operator reserves the right to verify the accuracy, completeness and lawfulness of information provided by the User and to request additional documentation and or perform identity verification in cases of suspected irregularities, fraud, abuse or security risks, in accordance with Article 6(1)(f) and Article 32 of Regulation (EU) 2016/679 (GDPR), as well as corresponding provisions under the UK General Data Protection Regulation and the Data Protection Act 2018 of the United Kingdom, the Norwegian Personal Data Act and other applicable data protection, digital services and consumer protection laws of any member state of the European Union or any state of the European Economic Area.

    15. By using the Platform, the User undertakes to:

      • use the Kuponex Platform solely for lawful purposes;

      • refrain from engaging in any fraudulent, misleading or deceptive conduct;

      • respect the rights of other Users and third parties;

      • comply with all Applicable Laws and regulations, including but not limited to data protection, consumer protection, digital services, electronic communications and anti-fraud laws and regulations applicable in the United Kingdom, Norway, the European Union and the European Economic Area, as well as corresponding national laws and regulatory requirements of any member state of the European Union.

    16. The User is strictly prohibited from:

      • listing, selling, or promoting counterfeit, expired, or invalid Coupons or Event tickets;

      • attempting to access Kuponex systems without authorisation;

      • distributing malware, phishing content or any malicious code;

      • engaging in harassment, abuse or unauthorised data collection;

      • impersonating another individual or entity.

    17. Any User found to be offering such items may be permanently banned from the Platform and, where appropriate, reported to competent law enforcement, supervisory or judicial authorities for investigation and further proceedings, in accordance with applicable criminal, civil and administrative laws and regulations of the United Kingdom, Norway, the European Union and the European Economic Area, as well as corresponding national laws of other relevant jurisdictions.

    18. The Platform operator may monitor listings and Platform usage for suspicious activity and may cooperate with competent authorities and rightsholders, including brand representatives, where necessary to verify authenticity, prevent fraud and enforce legal rights, in accordance with Applicable Law and subject to data minimisation and proportionality requirements.

    19. The User is encouraged to report suspected fraudulent listings or suspicious behaviour directly to fraud@kuponex.com.

  6. Cookies and tracking

    The Kuponex Platform uses cookies and similar tracking technologies to ensure the proper functioning of the Platform, enhance the User experience, analyse usage patterns, ensure security and prevent fraud, in accordance with applicable data protection and electronic communications laws. The use of cookies and similar technologies is governed in particular by Regulation (EU) 2016/679 (GDPR), Directive 2002/58/EC on privacy and electronic communications (ePrivacy Directive), as implemented and supplemented by the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR) of the United Kingdom, the Norwegian Electronic Communications Act, as well as corresponding laws and regulations of member states of the European Union and the European Economic Area.

    1. Types of cookies used:

      Type of cookie Purpose Retention period
      Strictly necessary cookies Required for the operation of the Platform, including User authentication, session management, security and fraud prevention Session based or up to 12 (twelve) months
      Functional cookies Enable the Platform to remember User preferences, such as language, region or consent settings Up to 12 (twelve) months
      Analytical and performance cookies Collect aggregated and anonymised statistical data on how Users interact with the Platform in order to improve its performance, usability and design Up to 13 (thirteen) months
      Marketing and advertising cookies Used to measure the effectiveness of marketing campaigns and deliver relevant content, where applicable and subject to User consent Up to 13 (thirteen) months

    2. Cookie consent. Upon the User's first visit to the Platform, a cookie consent banner is displayed in accordance with Article 6(1)(a) GDPR, Article 5(3) of the ePrivacy Directive and equivalent national provisions, allowing the User to:

      • accept all cookies;

      • reject non-essential cookies;

      • customise individual cookie preferences.

      No non-essential cookies shall be placed on the User's device prior to obtaining valid consent.

    3. Withdrawal and management of consent. The User may change or withdraw his or her cookie consent at any time via the cookie settings section available on the Platform or by adjusting the settings of his or her web browser without affecting the lawfulness of processing carried out prior to withdrawal.

    4. Impact of cookie refusal. Refusal or deletion of certain cookies may affect the availability, functionality or performance of certain features of the Platform, particularly those related to personalisation or analytics.

    5. Third party tools. The Platform may use third-party analytics, security and advertising tools, including but not limited to:

      • Google Analytics - for aggregated statistical and performance analysis;

      • Hotjar - for the User experience and usability analytics;

      • Facebook Pixel / Meta Business Suite - for measuring advertising effectiveness;

      • Cloudflare - for security, traffic filtering and performance optimisation.

    6. Role of third parties. Such third parties may act either as independent Data Controllers or as Data Processors on behalf of Kuponex, within the meaning of Articles 4(7) and 4(8) of Regulation (EU) 2016/679 (GDPR), the United Kingdom General Data Protection Regulation (UK GDPR), as well as corresponding national data protection laws, including the Data Protection Act 2018 of the United Kingdom, the Norwegian Personal Data Act implementing the GDPR within the Kingdom of Norway and the European Economic Area (EEA) and the applicable data protection laws and regulations of members states of the European Union and the European Economic Area. Where such third parties act as Data Processors, Kuponex ensures that Personal Data is processed solely on the basis of documented instructions of the Data Controller, in accordance with Article 28 GDPR, the United Kingdom GDPR and equivalent national implementing provisions and that appropriate data processing agreements are concluded. Where such third parties act as independent Data Controllers, they process Personal Data in accordance with their own privacy policies and legal obligations, and Kuponex shall not be responsible for their independent processing activities, except to the extent required by Applicable Law. In all cases, Kuponex implements appropriate technical and organisational measures, contractual safeguards and, where applicable, international data transfer mechanisms, to ensure an adequate level of protection of Personal Data, consistent with Articles 24, 28, 32 and Chapter V GDPR, the UK GDPR and corresponding national laws.

    7. Browser level cookie management. The User may disable or delete cookies directly via his/her browser by following the instructions provided by the browser vendor, including but not limited to:

      • Chrome: https://support.google.com/chrome/answer/95647

      • Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data

      • Firefox: https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop

      • Edge: https://support.microsoft.com/en-us/help/4027947

    8. The Kuponex Platform updates its cookie policy regularly to reflect changes in technology or legal requirements and such updates take effect upon publication on the Platform.

  7. Promotional communication

    1. Kuponex may send the User promotional communications, including newsletters, service updates or personalised offers, only where permitted by Applicable Law, and in particular on the basis of the User's prior explicit and freely given consent, in accordance with Article 6(1)(a) GDPR, Article 7 GDPR, the United Kingdom GDPR, the Data Protection Act 2018 of the United Kingdom, the Norwegian Personal Data Act, the Law on Legal Protection of Personal Data and equivalent data protection laws of any member state of the European Union or where a prior business relationship exists and promotional communication relates to similar services, in accordance with Article 13(2) of Directive 2002/58/EC (ePrivacy Directive), the Privacy and Electronic Communications Regulations (PECR) 2003 (UK), the Norwegian Electronic Communications Act and corresponding provisions of any member state of the European Union (EU) or any state of the European Economic Area (EEA).

    2. Consent for receiving promotional communications may be withdrawn at any time and free of charge, without affecting the lawfulness of prior processing, by:

      • clicking the "Unsubscribe" link included in the message;

      • adjusting communication preferences in the User's Account settings;

      • contacting Kuponex at support@kuponex.com.

    3. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal, in accordance with Article 7(3) GDPR, the UK GDPR, the Norwegian Personal Data Act and equivalent provisions of any member state of the European Union (EU) or any state of the European Economic Area (EEA).

    4. Kuponex does not request sensitive information, including but not limited to passwords, authentication credentials, payment details or banking information, via email, SMS or the Platform Chat. Any such request shall be treated as a potential phishing or fraud attempt and should be immediately reported to fraud@kuponex.com, in accordance with applicable anti fraud and cybersecurity regulations in United Kingdom, Norway and the European Union member states.

    5. For transparency, security, fraud prevention and dispute resolution purposes, Kuponex may retain logs of communications conducted via the Platform's internal Chat system for a limited period, in accordance with Article 6(1)(f) GDPR, Article 5(1)(e) GDPR, the United Kingdom GDPR, the Norwegian Personal Data Act and corresponding national laws of any member state of the European Union (EU) or any state of the European Economic Area (EEA).

    6. The User is strictly prohibited from using Kuponex communication channels to send:

      • unsolicited commercial communications (spam);

      • misleading, deceptive or fraudulent messages;

      • offensive, abusive or unlawful content;

      • content that infringes the Applicable Laws of the United Kingdom, Norway any member state of the European Union or any state of the European Economic Area

    7. Any misuse of Kuponex communication tools may result in:

      • temporary suspension or permanent termination of the User's Account;

      • restriction of Platform functionalities;

      • reporting to competent supervisory or law enforcement authorities, where required or permitted by applicable criminal, consumer protection or electronic communications laws in United Kingdom, Norway and other relevant jurisdictions.

    8. Kuponex reserves the right to amend or update this promotional communication policy in order to reflect changes in Applicable Law, regulatory guidance, technological developments or Platform functionality. Any amendments shall take effect upon publication on the Platform. Continued use of the Platform following such publication constitutes acceptance of the updated provisions.

  8. Governing law

    1. This Privacy Policy, its interpretation, validity and enforcement, as well as any disputes, claims or legal proceedings arising out of or in connection with this Privacy Policy or the processing of Personal Data, shall be governed by and construed in accordance with the laws of Lithuania, including applicable national data protection legislation of Lithuania and directly applicable European Union data protection law.

    2. For the avoidance of doubt, Lithuanian law shall prevail for the purposes of interpretation of this Privacy Policy. Any disputes arising out of or in connection with this Privacy Policy shall, as a rule, be subject to the jurisdiction of the competent courts of Lithuania, without prejudice to mandatory data protection rights, consumer protection rights and jurisdictional protections available to data subjects under applicable European Union or European Economic Area law.

    3. This clause shall be interpreted without prejudice to any mandatory data protection rights, remedies and supervisory mechanisms available to data subjects under Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR), as well as under national laws implementing or supplementing the GDPR, including but not limited to the Law on Legal Protection of Personal Data of Lithuania, the United Kingdom General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 of the United Kingdom, the Norwegian Personal Data Act implementing the GDPR within the European Economic Area (EEA) and corresponding mandatory data protection and consumer protection laws of any member state of the European Union.

  9. Final provisions

    1. The Platform operator maintains a documented version history of this Privacy Policy and records the date of each amendment or revision, in compliance with the accountability principle set out in Article 5(2) of Regulation (EU) 2016/679 (GDPR), as implemented and supplemented by the Law on Legal Protection of Personal Data of the United Kingdom General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (UK), the Norwegian Personal Data Act, as well as corresponding data protection laws and regulations of any member state of the European Union (EU) or any state of the European Economic Area (EEA).

    2. Previous versions of the Privacy Policy may be retained for a period of up to 3 (three) years for evidentiary, compliance, audit and accountability purposes, including but not limited to demonstrating compliance with applicable obligations under the GDPR, the United Kingdom GDPR, national implementing legislation of Norway and equivalent data protection laws of any member state of the European Union (EU) or any state of the European Economic Area (EEA).

    3. Upon request, the User may obtain an archived copy of an earlier version of the Privacy Policy by contacting the Platform operator at support@kuponex.com, in accordance with the principles of transparency and fairness set out in Articles 12 and 13 GDPR, the United Kingdom GDPR, the Norwegian Personal Data Act and corresponding provisions of applicable data protection laws of any member state of the European Union (EU) or any state of the European Economic Area (EEA).

    4. Material changes to this Privacy Policy shall be communicated to Users via the Platform. Continued use of the Platform after the effective date of an updated Privacy Policy constitutes acknowledgement of the revised version without prejudice to the User's statutory rights under applicable data protection laws of Lithuania, the United Kingdom, Norway and any member state of the European Union (EU) or any state of the European Economic Area (EEA).