Privacy Policy

Dyninno Group Privacy Policy

Effective as of January 1st, 2023 GENERAL PROVISIONS The privacy of Dyninno Group (“we”,“us”, “our” etc.) clients, employees and other data subjects is of significance to us and we are committed to the highest standards of legal and social responsibility, as well as the ethical conduct regarding protection of personal data (also means “personally identifiable information” or “personal information”), as well as to process as minimum data as its absolutely necessary for achievement of our purposes or providing services on request of our clients, taking into consideration proportionality principle. We go beyond mere compliance with the law by drawing upon internationally recognized standards to advance responsibility in protecting personal data. Dyninno Group outlines expectations for its suppliers and business partners regarding privacy matters and its management practices. This policy applies to our employees, suppliers and their subsidiaries, affiliates, and subcontractors providing goods or services to Dyninno Group, or for use in or with Dyninno Group products. We process your personal data in material compliance with the following principal provisions:

• we respect and comply with the requirements of California Consumer Privacy Act, General Data Protection Regulation (GDPR), Data Protection Act 2018 (UK) and other national and international laws (“LAWS”). Compliance level and choice of LAWS depends on territorial scope of each Business Division of Dyninno Group.
• We are fair and maximally transparent with you regarding your data processing and protection.
• All the information is being provided to you in concise, transparent, intelligible and easily accessible form, using plain and clear language.
• We will not process your data without having specified, explicit and legitimate purposes.

• By default, we are processing only a personal data, which:

• Is necessary to achieve the current purpose.
• Is accurate, and where necessary, kept up to date.

• Upon achievement of a purpose we are either deleting your personal data or anonymizing it, so it is impossible to identify you. When data is being processed for security, statistical and analytical purposes, we are applying anonymization or additional safeguards preventing any undue impact on your person (functional separation).
• We perform and constantly improve organizational and technical measures ensuring your data protection against any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to the data.

• We conduct staff training on a regular basis regarding data protection matters.
• We carry out all the necessary measures, so the relevant safeguards to be included in agreements with other data controllers and processors, as well as responsibilities are clearly shared subject to the requirements of LAWS.
• We use LAWS-compliant information and communication technologies (ICT) in processing your data, ensuring ICT integrity, confidentiality, availability and resilience in line with relevant risk levels.
• Our employees hold accountable for any breaches of this Privacy policy.

SCOPE OF POLICY AND AMENDMENTS This privacy policy aims to give you information on how Dyninno Group collects and processes your personal data, including any personal data you may provide through the Platforms (websites, online forms and services etc.), via phone, email or onsite contact (e.g., when you apply for work, purchase a product or service or sign up to our newsletter etc.). This privacy policy is a general guide for all Business Divisions of Dyninno Group. It is important that you read this privacy policy together with any other privacy policy of each Business Division (usually there is a link on current website), notice or fair processing policy we may provide on specific occasions, when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your personal data. This privacy policy supplements other notices and privacy policies and is not intended to override them. We keep our privacy policy under regular review.  Dyninno Group might make amendments to this Privacy policy. In case of material changes Dyninno Group might publish such amendments and amended policy on our website and, as far as possible, notify you either by email or by pop-up windows when you are using our Platforms next time. We recommend that you revisit this privacy policy periodically to ensure that you are aware of our current privacy practices. Your continued use of our services and products following the posting of changes will mean that you accept the actual privacy policy. Amendments shall enter into force on the Effective Date. Actual version of the Privacy policy is published on our website. THE CATEGORIES OF DATA SUBJECTS Dyninno Group processes personal data of the following main categories of data subjects:

• customers of each Business Division (Travel, Finance, Entertainment);
• candidates and employees of Dyninno Group;
• service providers - natural persons;
• representatives of business partners.

PERSONAL DATA WE COLLECT Depending on Business Division you interacted with and which data subject category you related to we may process personal data which we have grouped together as follows:

• Identifiers or Identity Data such as a first/ middle/ last name, alias, postal address, unique personal identifier (cookie), date of birth, online identifier Internet Protocol address,  or other similar identifiers.
• Contact Data includes (billing address, delivery address, email address and telephone numbers).

• Commercial Information, including requested price quotes, products or services purchased or other purchasing or consuming histories or tendencies, as well as Financial Data (bank account and payment card details) and Transaction Data (details about payments to and from you and other details of products and services you have purchased from us).
• Network Activity Information, including , but not limited to Technical Data (your login data, browser type and version, browsing history, search history, time zone setting and location, browser plug-in types and versions, operating system and Platform, and other technology on the devices you use to access our Platforms), and information regarding your interaction with our Platforms (Usage Data).
• Geolocation data (country, state or city).
• Audio (e.g. call records) and Electronic (e.g. email threads) information.
• Inferences (conclusions) drawn from any of the personal data collected by Dyninno Group, including, but not limited to Profile Data (your preferences, characteristics, psychological trends, behavior, attitudes, intelligence, feedback and survey responses) and Marketing Data (your preferences in receiving marketing from us and our partners and your communication preferences).

• HR data. If you apply for work or you are the employee of Dyninno Group, we process additional information required under local labour laws or necessary for the legitimate interests of your current employer.
• Aggregated data means statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data, but is not considered a personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Network Activity Information to calculate the percentage of users accessing a specific Platform feature.
• Customer support. If you choose to contact our customer support services we will collect any inquiries, complaints or other information that you may submit to our support team.

IF YOU FAIL TO PROVIDE PERSONAL DATA Where we collect personal data required by law or under the terms of a contract, and you fail to provide that data when requested, we may not be able to comply with your request or to perform the contract we have or are trying to enter into with you (for example, to hire you, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time. HOW WE COLLECT YOUR PERSONAL DATA Mostly we collect personal data directly from you (using life chat, online forms or via voice call/ messenger). For example, when you provide us with your personal data by applying for work, requesting a quote, registering or booking travels, purchasing our goods/services, contacting our customer support, subscribing to newsletters, providing your feedback. We also collect your personal data passively. For example, we collect information about you over time and across different Websites. We also use tracking tools like cookies. As you interact with our Platforms, we will automatically collect Network Activity Information about your equipment, browsing actions and patterns. For additional information, please, refer to our Cookie policy. Platform features may make use of your device attributes and settings that will allow us to determine your physical location (country, state). We use this information to enhance and personalize your experience and provide you with offers and services that may be of interest to you. We also collect your personal data using service providers. This can include when you log in using a service provider platform, such as Facebook. In addition, we also integrate service providers' software that collects information about users for security reasons. FOR WHAT PURPOSE WE USE YOUR PERSONAL DATA We process your personal data for the following main group of purposes:

• Selling our products and services;
• Sending marketing newsletters and advertising relevant to your preferences;

• Recruitment and employment relationships;
• Managing of your feedback, complaints and customer support queries;
• Complying with laws and regulations;
• Protecting, exercising and establishing our legal claims;
• Maintaining and protecting our property, systems, services and infrastructure;

• Managing incidents and breaches;
• Ensuring communication with you and your representatives;
• Providing services on your request.

We may rely on your consent to use your personal data for certain purposes. Each Business Division may have its own data processing purposes provided within specific privacy policy or privacy notice. HOW WE SHARE YOUR PERSONAL DATA Corporate affiliates and change of control. We may share your personal data with our corporate affiliates and if Dyninno Group itself (or part of its business) is sold or otherwise changes control, owners would have access to your personal data for the uses set out herein. Service providers. We may share your personal data with suppliers who perform services on our behalf and have agreed in writing to protect and not further disclose your information. Payment service providers. If you purchase our products and services through the Platforms, we may share your personal data with the payment service providers, acquirer banks and other service providers involved in the current transaction. Business partners. We may share your personal data with various business partners. Some of these business partners may use your personal data for fraud detection, also to detect, prevent, or otherwise address security or technical issues. We may also share your personal data to ask our partner to create a survey, form, application, or questionnaire, so we know the degree of your satisfaction with our services. Some of these business partners may use your personal data for online behavioral advertising purposes, or to offer you services or products that we believe you may be interested in. We may also share your information as otherwise described to you at the time of collection. Information shared in public. If you provide us a review of your experience with our products and services, you authorize us to publish it on all our Platforms under the screen name you provided. You also authorize us to aggregate it with other reviews. Authorities. We may disclose personal data if required by law, for example to law enforcement or other authorities. This includes court orders, subpoenas and orders arising from legal processes, and administrative or criminal investigations. We may also disclose your personal data if the disclosure is necessary for the prevention, detection or prosecution of criminal acts or to prevent other damage, or in response to a legal action or to enforce our rights and claims. HOW WE STORE AND PROTECT YOUR PERSONAL DATA Our servers are located in the U.S and EU, also our service providers may be located there and in other countries. By providing us personal data, you agree that your personal data may be transferred to and stored in these countries. These countries may have different and/or less stringent privacy/data protection and data security rules than those of your own country. As a result, your personal data may be subject to access requests from governments, courts, or law enforcement in those countries according to laws in those countries. Subject to the applicable laws of such countries, we will provide the necessary safeguards to maintain protections of your personal data, e.g. by obtaining from the personal data recipients contractual commitments based on the EU standard contractual clauses. Dyninno Group has a security program intended to keep the personal data stored in our systems protected from unauthorized access and misuse. Our systems are configured with data encryption, or scrambling technologies and firewalls constructed to industry standards. We also use Secure Socket Layer (SSL) technology that protects the personal data you send over the Internet. personal data may only be accessed by persons within our organizations, or our service providers to carry out the uses indicated in this Privacy Policy. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other service providers who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. RETENTION PERIODS We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. 3RD PARTY WEBSITES If you click through to third party (not Dyninno Group or its Affiliates) websites or other platforms, Dyninno Group’s privacy policy does not apply. REQUESTS AND COMPLAINTS Under certain circumstances set by applicable law, you are entitled to:

• Request access to your personal data (commonly known as a “data subject access request”).
• Request correction of the personal data that we hold about you. This enables you to request any incomplete or inaccurate personal data to be corrected, though we may need to verify the accuracy of the new personal data you provide to us.
• Request to delete. You are able to submit a verifiable request and ask us to delete your PI. Please, be aware, there are some cases when we might reject your request (e.g. when we shall comply with legal obligation or complete a transaction requested by you).

• Request to opt out from personal data sales.
• Exercise other data subject rights eligible to your status and location, e.g. restriction, objection.
• Submit the complaint to the relevant supervisory authority, in case we are not able to resolve the dispute (cure possible violation) in amicable way.

VERIFICATION. Due to the remote nature of our services, our main communication channel to manage your requests and complaints is email address (Verified Email), which was used by you initially, when applied for work, requested a price quote or purchased our products and other related services. The Verified Email is the key communication channel for us, so we can give quick answers and not divulge your data to any malicious person. You might also submit a request through the voice call, but still we must use the Verified Email to reply, due to law requirements and in order to protect our legal claims. FEES and DENIALS: You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive (more than twice in a 12-month period) or excessive. Alternatively, we could refuse to comply with your request in these circumstances. We might also refuse to act on your request, when we are not in a position to identify you and/ or verify your request and/ or the requested fee was not paid. We may need to request specific information from you to help us confirm your identity and ensure your ability to exercise rights inherent to your person as a data subject. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you (via email, phone or messenger) to ask you for further information in relation to your request to speed up our response. TERMS: We try to respond to all legitimate requests within the time period from 30 till 45 days. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. The maximum response time shall not exceed 90 days. CONTACTS You can submit your complaint/ request to our global Data Protection Officer at privacy@dyninno.com.

Dyninno Group Cookie Policy

Cookies are a small piece of data sent from a website and stored on your device (computer, smartphone etc.) by your web browser while you are visiting our websites. Without Cookies it would be impossible to provide you information and services you are requesting through the Internet. Cookies remember stateful information (such as items added in the shopping cart in an online store) or record your browsing activity. They can also be used to remember arbitrary pieces of information that the user previously entered into form fields such as names, addresses, passwords and billing address. By using Platforms, you agree to the use of any of the cookies and tracking tools mentioned in this policy, unless you opted out (not available for essential cookies). Additional information about cookie processing can be found on the current website of each Business Division of DYNINNO GROUP. CATEGORIES OF COOKIES USED BY DYNINNO GROUP Technical and strictly necessary Cookies In most cases our Platforms use cookies in order to ensure technical feasibility to connect our Platform with your device and provide services requested by you. These cookies are integrated by default into our Platforms. In case, you try to block/  turn off any of such cookies you might not receive some essential part of services requested by you. Some examples of such cookies are:

• User input cookies (session-id), e.g. when you are filling an online form (submitting CV, ticket purchasing, making payment, applying for a loan, registering an account  etc.).
• Authentication cookies, used for authenticated services, e.g. when You are logging into your online account within any of information systems integrated with our Platform.
• Security cookies used to detect authentication abuses and prevent malicious attacks.
• Multimedia content player session cookies, such as flash player cookies.
• Load balancing session cookies (faster processing of your requests).
• Third party social plug-in content sharing cookies.

Functionality and Preferences Cookies Such Cookies help us to optimize and make more user-friendly our Platforms, enhance security level, facilitate faster and more convenient use of Platforms, and receive valuable statistics. In case we are collecting Cookies for statistical purposes, we are committed to apply a “functional separation” principle, so the results of the processing shall be without any negative impact to Your privacy or there should not be any decisions made against you. Retention period of Functionality Cookies usually is very short. In case of longer periods, please, be aware that we always assess the risk level of such processing, so it does not adversely affect your privacy. Under the strict supervision we might allow service providers to collect Functionality Cookies on our Platforms in order to provide us with aggregated statistics. In such cases we require service providers to aggregate or erase data obtained from your device. Advertising and Targeting Cookies We and our third party vendors, including Google and Facebook, use Advertising cookies to serve ads based on a Your prior visits to our Platforms. For example:

• To make use of cross-device tracking in order to optimize our advertising activities. As part of cross-device tracking, Dyninno Group may combine information collected from a particular browser or mobile device with another computer or device linked to the computer or device from which the information was collected. By changing your cookie settings on your device you can change your cross-device tracking settings for advertising purposes.
• To work with online advertising companies to display targeted advertising on our Platforms and third party platforms that you visit. This targeting may be based on information collected bu us or third party platforms. This targeting may also be based on your activities or behaviors on our Platforms or those of third parties. We may also obtain information about your browsing history from our business partners.
• We may use Google Analytics to collect demographic and interest data about you (such as age, gender, and interests), including through Google Analytics Demographics and Interest Reporting. We may use the information collected about you through Google Analytics for Google services such as Remarketing with Google Analytics and Google Display Network Impression Reporting. Choices you make are browser and device specific. Some aspects of our site use cookies to function. You may not be able to use these features if you set your device to block cookies. We anonymize IP addresses in Google Analytics.

We and our advertising partners may also use web beacons (single pixel GIF images). These web beacons are placed in the code of a Web page or an email newsletter. When you access a partner site within our mobile applications, we may track your activity on that site. OPT-OUT FROM COOKIES Your browser gives you the ability to control cookies. How to do this varies from browser to browser. You should view the Help menu on the browser you use for further information. Your opt out choice is stored in opt out cookies only in that browser, so you should separately set your preferences for other browsers, computers, or devices you may use. If your browser blocks cookies, your opt out preferences may not be effective. Deleting browser cookies can remove your opt out preferences, so you should visit this page periodically to review your preferences. If you block or delete cookies or opt out of online behavioral advertising, not all of the tracking that we have described in this policy will stop. Please also note that opting out of a third party cookie does not mean that you will no longer receive or be subject to online advertising or marketing. It means that the third party service from which you opted out will no longer deliver ads tailored to your web preferences and online behavioral. You may also opt out of third party cookies by visiting opt-out website like www.aboutads.info or https://cookies.insites.com/disable-cookies/.