AVATID LIMITED PRIVACY POLICY

(Effective July 21st, 2025)

1) Contents

2) INTRODUCTION....................................................................................................... 2

3) YOUR CONSENT ...................................................................................................... 2

4) OUR PRIVACY PROMISE ........................................................................................... 2

5) DATA CONTROLLER INFORMATION ........................................................................ 3

6) PERSONAL DATA WE COLLECT ................................................................................ 3

7) CHILDREN’S DATA ................................................................................................... 4

8) HOW WE USE YOUR PERSONAL DATA..................................................................... 4

9) LEGAL BASIS FOR PROCESSING ............................................................................... 4

10) DATA SHARING ACTIVITIES .................................................................................. 5

11) RETENTION PERIODS ........................................................................................... 5

12) THIRD-PARTY LINKS............................................................................................. 6

13) MARKETING ......................................................................................................... 6

14) COOKIES AND TRACKING TECHNOLOGIES .......................................................... 7

15) YOUR RIGHTS AS A DATA SUBJECT ...................................................................... 7

16) DATA TRANSFER, EEA, AND SCCs......................................................................... 7

17) NOTICE FOR UK USERS ........................................................................................ 8

18) NOTICE FOR ALBANIA USERS............................................................................... 8

19) SECURITY MEASURES ........................................................................................... 8

20) APP STORE DOWNLOAD NOTICE......................................................................... 9

21) UPDATES TO THIS PRIVACY NOTICE .................................................................... 9

2) INTRODUCTION

AVATID Limited and its affiliated entities (“AVATID,” “we,” “us,” “our”) respect your

privacy. This Privacy Policy describes how the AVATID app collects and processes

personal information via our mobile application and website https://AVATID.com/ (the

“Application”). “User” in this policy refers to “you,” “Service Provider,” or “your.”

This Notice does not apply to any third-party applications or links integrated with our

Service (“Third-Party Services”).

“Personal Information” means any information that identifies or can be used to identify

an individual. This excludes anonymized or public information not combined with non-

public data.

AVATID processes user information in accordance with the UK GDPR (EU 2016/679), the

EU Consumer Rights Directive (2011/83/EU), and the E-Commerce Directive

(2000/31/EC), as well as relevant Balkan and UK regulations.

By using the Application, you agree to the terms described in this Policy.

3) YOUR CONSENT

In line with Article 9(2)(a) GDPR, you explicitly consent to the processing of personal data

submitted through the AVATID App. This consent is voluntary and can be withdrawn

anytime by emailing info@avatid.com.

As a user of the application, you acknowledge and agree to the terms and conditions,

including the processing of your submitted data solely for the purpose of facilitating

booking services. This service enables users and service providers to manage bookings,

reminders, preferences, and historical data related to specific services.

You may withdraw your consent at any time under Article 21 GDPR by writing to

info@avatid.com and clearly requesting your data be deleted.

4) OUR PRIVACY PROMISE

• We prioritize your privacy and data security.

• We do not utilize your data for commercial gain.

• Our practices comply with the UK GDPR, EU GDPR, and applicable Balkan data

protection regulations.

• We guarantee that your data will not be sold.

• You retain full control over your data.

5) DATA CONTROLLER INFORMATION

AVATID Limited (the "Legal Entity") and its wholly owned subsidiaries, operating under

the trade name AVATID, serve as the "Data Controller" responsible for the processing of

your personal data, as outlined below.

AVATID Limited

355a Oxford Road

Reading, RG30 1AY

United Kingdom

For data protection inquiries, please contact us at info@avatid.com or call +44 7493

339823.

6) PERSONAL DATA WE COLLECT

Personal data collection is conducted in accordance with applicable data protection

regulations, including explicit consent as stipulated by Article 9(2)(a) GDPR.

When you complete and submit the registration form provided through our application,

we may collect the following categories of personal information:

• Identification Data: Name

• Email Address (Mandatory)

• Photograph (Optional)

• Phone Number

• Gender

• Location

• Technical Data: IP addresses, browser type, device information, cookies, and

usage analytics

We may also collect sensitive categories of personal data, such as profile photographs,

solely with your explicit, documented consent in accordance with Article 9(2)(a) GDPR.

7) CHILDREN’S DATA

We do not intentionally collect information from individuals under the age of 16. Users

under this age are required to obtain parental consent prior to providing any data. Any

such data inadvertently collected will be promptly deleted.

8) HOW WE USE YOUR PERSONAL DATA

The AVATID application processes your personal data for specific purposes, ensuring

compliance with applicable data protection regulations.

These purposes include:

• Providing, operating, and facilitating access to our services.

• Communicating with users regarding service updates and information.

• Utilizing automated decision-making in certain scenarios to analyze user

engagement and service performance. Such processes do not produce legal

effects or similarly significant consequences. Users have the right to request

human intervention, express their views, and contest decisions, in accordance

with Article 22 of the GDPR.

• Conducting internal analyses to enhance service performance, including

personalization and user experience improvements.

• Responding to inquiries or requests submitted through our application or other

communication channels.

• Ensuring compliance with legal and regulatory obligations, such as the EU

Consumer Rights Directive (2011/83/EU).

• Improving application functionality and user experience through analytics and

feedback mechanisms.

Where required by law or based on user consent, personal data will be processed solely

for the purposes specified above.

9) LEGAL BASIS FOR PROCESSING

Accordingly, we process your information for enhancing and improving application

functionality, provided your User rights do not override these interests.

• Consent: We obtain explicit consent from users prior to processing their data, in

accordance with Article 6(1)(a) of the General Data Protection Regulation (GDPR).

• Legitimate Interests: Data processing may also be justified based on our

legitimate interests, as permitted under Article 6(1)(f) of GDPR, to ensure secure

and reliable application operations.

• Legal Obligations: Processing is conducted when necessary to comply with

applicable legal requirements, including the EU Consumer Rights Directive

(2011/83/EU).

We process user information to enhance and optimize application functionality, provided

that such processing does not override your legal rights and interests.

10) DATA SHARING ACTIVITIES

For the operation of our application and the delivery of our services, AVATID exclusively

transfers data to third parties for service provision purposes and based on User consent.

All third parties receiving User-submitted data operate as independent data controllers

under the GDPR. AVATID Limited does not act as a joint controller (Art. 26 GDPR) or a

processor (Art. 28 GDPR) for their activities:

Advertising Partners: We share personal data with our third-party advertising partners.

• Third-Party Vendors: Vendors assisting us in providing the application and

services (e.g., Google LLC (USA), Data Privacy Framework, Twilio Inc. (USA),

Firebase (Google), a US-based infrastructure). We utilize the EU Standard

Contractual Clause model for data transfer or sharing among these third parties.

• Regulatory Authorities and Law Enforcement: We may disclose personal data if

required by applicable legal provisions or when necessary to comply with legal

obligations.

By using our services, you consent to the use and sharing of your data. You retain the

right to revoke your consent at any time by contacting us via email.`

11) RETENTION PERIODS

We retain your personal data solely for the duration necessary to fulfill the purposes

outlined in this notice or as mandated by applicable law. Upon expiration of the

retention period, we securely delete or anonymize your data. Our data retention

practices are detailed below;

Personal Data Will be deleted 90 days after service provision if no further interaction

occurs

Marketing Data Retained until you withdraw consent

Other-Related

Data

Retained until you withdraw consent or deleted after the results are

delivered to the user

12) THIRD-PARTY LINKS

Our application may include hyperlinks to external services not owned or operated by us.

AVATID provides these links for user convenience. Such links do not constitute an

endorsement or recommendation of the linked services. Each linked service maintains its

own privacy policies, notices, and terms of use. We do not have control over these

external services and assume no responsibility or liability for their collection, use, or

disclosure of personal information, or their security practices. We advise users to review

the privacy policies of all external services they access.

13) MARKETING

Marketing communications will only be sent with your explicit prior consent.

You may unsubscribe from this type of communication at any time through your Email

Account, by following the unsubscribe instructions included in the communication email,

or by contacting us at info@avatid.com.

14) COOKIES AND TRACKING TECHNOLOGIES

The AVATID application utilizes cookies (cookie consent banner) and similar technologies

to obtain user consent in compliance with GDPR and PECR regulations. This cookie

consent mechanism is employed by AVATID to gather user preferences and improve the

overall user experience within the application. For more information regarding your

cookie preferences, please visit our cookie policy page.

15) YOUR RIGHTS AS A DATA SUBJECT

Under the UK and European Union GDPR regulations, you possess the following rights

concerning your personal data:

• Access to information regarding your data stored by us and its processing (Art.

15 GDPR),

• Correction of inaccurate personal data (Art. 16 GDPR),

• Deletion of your data stored by us (Art. 17 GDPR),

• Restriction of data processing when deletion is not permitted due to legal

obligations (Art. 18 GDPR),

• Object to the processing of your data by us (Art. 21 GDPR),

• Data portability, provided you have given consent or entered into a contract with

us (Art. 20 GDPR).

• If you have provided consent, you may revoke it at any time with future effect.

You have the right to file a complaint with a supervisory authority at any time, such as

the competent authority in your federal state or the authority responsible for us as the

data controller.

16) DATA TRANSFER, EEA, AND SCCs

Personal information submitted through our services may be transferred to countries

outside your jurisdiction, such as our servers located in Albania. Additionally, personal

data may be stored locally on your devices used to access the services.

Your personal data may be transferred to jurisdictions with different data protection

laws than those of your initial location.

We utilize various mechanisms to facilitate the transfer of personal data, which are

compliant with: (a) the European General Data Protection Regulation (GDPR), specifically

Chapter V; or (b) applicable UK data privacy legislation. References to GDPR include

amendments and incorporations into UK law. These mechanisms include:

Standard Data Protection Clauses. We transfer personal data in accordance with

Article 46 of the GDPR to recipients with whom we have established contractual

agreements.

• Alternative Transfer Mechanisms. Under Articles 45 and 46 of the GDPR, we

may transfer personal data to countries recognized by the European Commission

or UK authorities as providing an adequate level of data protection, based on

approved certification mechanisms or codes of conduct, supported by binding

and enforceable safeguards to protect data subjects' rights.

We also rely on the Standard Contractual Clauses approved by the European

Commission for data transfers outside the European Economic Area (EEA). Under UK law,

personal data may be transferred to recipients covered by agreements approved by the

UK Information Commissioner's Office, including the UK addendum to the European

Commission's standard contractual clauses.

For further information regarding the safeguards in place, please contact us to obtain

the relevant documentation.

17) NOTICE FOR UK USERS

This section outlines AVATID's privacy policy for users residing in the United Kingdom. If

you are a resident of the UK, you are entitled to the protections provided by UK law,

including the UK GDPR concerning your personal data. To exercise your rights, please

visit our privacy policy page for detailed information.

18) NOTICE FOR ALBANIA USERS

This section details AVATID's privacy policy for users in Albania. If you reside in Albania,

you are protected under the European Union GDPR laws applicable in your country. For

information on exercising your rights, please refer to our privacy policy page.

19) SECURITY MEASURES

AVATID implements comprehensive technical and organizational measures to protect

your personal data from unauthorized access, loss, or misuse, including:

• Establishing policies for secure data management, including SSL/TLS encryption

for data transmission, AES-256 encryption for stored data, restricted access for

employees, and regular security audits;

• Utilizing encryption, authentication, and virus detection technologies to prevent

unauthorized access;

• Monitoring our systems through recognized online privacy and security

organizations;

• Logging all user consents with timestamps, IP addresses, and submission context

to ensure compliance with GDPR Article 7(1);

• Conducting periodic third-party audits of our security practices; and

• Performing background checks on personnel involved in data processing.

For further inquiries regarding our security practices, please contact us at

Info@avatid.com.

20) APP STORE DOWNLOAD NOTICE

These Terms constitute a binding legal agreement between you and AVATID,

independent of any mobile app store such as Apple Inc. or Google LLC. AVATID is solely

responsible for the services, content, and support. If you access or download the

application via an app store, please review their respective terms of service and privacy

policies regarding your data.

21) UPDATES TO THIS PRIVACY NOTICE

This privacy notice may be updated periodically to reflect changes in applicable

regulations, including the EU GDPR, Balkan laws, or UK legislation. The latest version will

always be available within our application. For additional information or questions about

our data processing practices, contact us at Info@avatid.com.