SELLA PLATFORM
PRIVACY POLICY
1. Introduction
Sella Platform ("SELLA," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy ("Policy") explains how we collect, use, disclose, and safeguard personal information when you register for and use the Sella Platform affiliate marketing platform (the "Platform"), as well as the choices available to you.
This Policy applies to all Publishers, applicants, and visitors to our Platform. It does not apply to the practices of third-party Advertisers whose offers are listed on our Platform. Please review Advertiser privacy policies independently.
Where we are required to obtain your consent for a specific processing activity (for example, non-essential cookies or marketing communications), we will do so through a separate, specific consent mechanism at the relevant point. The use of the Platform alone does not constitute consent to processing activities that require your express agreement under applicable law.
2. Information We Collect
We collect information in the following categories:
2.1 Information You Provide Directly
- Account registration data: full name, email address, username, password (hashed), country of residence, time zone
- Payment information: bank account details, PayPal email, tax identification numbers (e.g., National Insurance number, EIN, VAT number)
- Promotional channel information: website URLs, social media handles, mobile app details, email list information
- Communications: messages you send to our support team, feedback, and survey responses
2.2 Information We Collect Automatically
- Device and technical data: IP address, browser type and version, operating system, device identifiers
- Usage data: pages visited, features used, time and date of access, referring URLs, session duration
- Tracking and performance data: clicks, impressions, conversions, and other affiliate performance metrics generated through our tracking technology
- Cookies and similar technologies: session cookies, persistent cookies, web beacons, and pixel tags (see Section 6 for details)
2.3 Information From Third Parties
- Fraud detection and identity verification services
- Payment processors and financial institutions
- Social media platforms, where you connect your account to our Platform
Where we receive personal data about you from third parties, we will process such data only where we have a valid legal basis to do so under applicable Data Protection Laws, as set out in Section 4.
3. How We Use Your Information
We use collected information for the following purposes:
- Account Management: to create and manage your Publisher account, verify your identity, and communicate with you about your account
- Platform Operations: to display Advertiser offers, track your promotional activities, calculate earned commissions, and process payments
- Performance Analytics: to provide you with reporting on your campaign performance and help you optimize your promotional activities
- Legal Compliance: to comply with applicable laws, including tax reporting obligations, anti-money laundering (AML) requirements, and know-your-customer (KYC) verification
- Fraud Prevention and Security: to detect, investigate, and prevent fraudulent activity, unauthorized access, and violations of our Terms of Service
- Communication: to send transactional emails (account notifications, payment confirmations) and service announcements. Where you have opted in, we may also send marketing communications; you may withdraw this consent at any time
- Platform Improvement: to analyze usage patterns, troubleshoot issues, and improve the functionality and user experience of our Platform
- Legal Defence: to establish, exercise, or defend legal claims
4. Legal Basis for Processing (GDPR / UK GDPR)
If you are located in the European Economic Area ("EEA"), the United Kingdom ("UK"), or Switzerland, we are required to identify a legal basis for processing your personal data under the EU General Data Protection Regulation 2016/679 ("GDPR") and/or the UK General Data Protection Regulation ("UK GDPR"), as applicable. We process your personal data under the following legal bases:
- Contract Performance (Art. 6(1)(b) GDPR / UK GDPR): processing necessary to fulfil our agreement with you as a Publisher, including account management, commission calculation and payment, and providing access to the Platform
- Legal Obligation (Art. 6(1)(c) GDPR / UK GDPR): processing necessary to comply with applicable legal requirements, including tax reporting, AML obligations, and data retention requirements under applicable law
- Legitimate Interests (Art. 6(1)(f) GDPR / UK GDPR): processing necessary for our legitimate interests, including fraud prevention, platform security, internal analytics, and service improvement, where such interests are not overridden by your fundamental rights and freedoms. We carry out a balancing assessment before relying on this basis
- Consent (Art. 6(1)(a) GDPR / UK GDPR): where we rely on consent, for example for marketing communications or non-essential cookies, we will obtain your consent through a clear and affirmative act. You may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal
5. Information Sharing and Disclosure
We do not sell your personal information to third parties. We share information only in the following circumstances:
- With Advertisers: we share limited performance data (e.g., conversion counts, campaign metrics) necessary for billing and offer management. We do not share your full name or payment details with Advertisers
- Service Providers: we engage trusted third-party vendors to assist with platform operations, including payment processors, cloud hosting providers, fraud detection services, email delivery services, analytics tools, and customer support platforms. These vendors are contractually bound to process data only as instructed and to implement appropriate technical and organizational security measures
- Legal Requirements: we may disclose information if required by a valid legal process (court order, subpoena, government request), or where we believe in good faith that disclosure is necessary to protect our rights, prevent fraud, or protect the safety of any person
- Business Transfers: in connection with a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of the transaction, subject to the same privacy protections described in this Policy
- With Your Consent: for any other purpose with your explicit consent
6. Cookies and Tracking Technologies
We use cookies and similar technologies to operate and improve our Platform. The categories of cookies we use include:
- Strictly Necessary Cookies: required for basic platform functionality, authentication, and security. These cannot be disabled as they are essential to the operation of the Platform
- Performance and Analytics Cookies: collect aggregated data about Platform usage to help us understand how Publishers interact with the Platform. We will seek your consent before placing these cookies where required by applicable law
- Preference Cookies: remember your settings and preferences to enhance your experience
You can manage your cookie preferences through your browser settings or our cookie management tool. Note that disabling certain cookies may affect Platform functionality.
Please note that our tracking technology also operates through the placement of affiliate tracking cookies on end-user browsers when they interact with promotional content published by you. As a Publisher, you are independently responsible for ensuring that your promotional channels implement a compliant cookie consent mechanism for end-users prior to deploying our tracking technology, in accordance with the ePrivacy Directive 2002/58/EC, the UK Privacy and Electronic Communications (EC Directive) Regulations 2003, and applicable national implementing legislation. This responsibility is further set out in your Publisher Terms of Service.
7. Data Retention
We retain your personal information for as long as necessary to fulfil the purposes described in this Policy, and in accordance with our legal and contractual obligations. Our standard retention periods are as follows:
- Account data: retained for the duration of your account plus 5 years following account closure, to comply with legal and contractual obligations
- Payment and financial records: retained for a minimum of 7 years as required by applicable tax and financial regulations (including the UK Companies Act 2006 and equivalent EU member state legislation)
- Tracking and performance data: retained for 3 years to support dispute resolution and audit requirements
- Communication records: retained for 2 years
When data is no longer required for any applicable purpose or retention obligation, we securely delete or anonymize it in accordance with our internal data retention procedures.
8. Data Security
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, disclosure, alteration, or destruction, in accordance with our obligations under applicable Data Protection Laws. These measures include:
- Encryption of data in transit (TLS/HTTPS) and at rest
- Hashing of passwords using industry-standard algorithms
- Role-based access controls restricting employee access to personal data on a need-to-know basis
- Regular security assessments and penetration testing
- Incident response procedures, including breach notification processes
However, no method of transmission over the Internet or electronic storage is entirely secure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the applicable supervisory authority within the timeframes required by applicable Data Protection Laws (72 hours under the GDPR and UK GDPR where feasible).
9. International Data Transfers
Sella Platform is incorporated in the United Kingdom. Where we transfer personal data outside the UK or the EEA to countries not recognized as providing an adequate level of protection, we ensure that appropriate safeguards are in place, which may include:
- EU Standard Contractual Clauses (SCCs): as approved by the European Commission under GDPR, for transfers from the EEA
- UK International Data Transfer Agreement (IDTA): as approved by the UK Information Commissioner's Office (ICO), for transfers from the UK
- EU-US Data Privacy Framework: where applicable, for transfers to certified US recipients
You may request further information about the safeguards we have in place for international data transfers by contacting us using the details in Section 14.
10. Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal information. We will respond to verified requests within the timeframes set out below.
10.1 Rights under GDPR / UK GDPR (EEA and UK residents)
- Right of Access (Art. 15): request a copy of the personal data we hold about you
- Right to Rectification (Art. 16): request correction of inaccurate or incomplete data
- Right to Erasure / "Right to be Forgotten" (Art. 17): request deletion of your data, subject to legal retention requirements
- Right to Restriction of Processing (Art. 18): request that we restrict processing of your data in certain circumstances
- Right to Data Portability (Art. 20): receive your data in a structured, commonly used, machine-readable format
- Right to Object (Art. 21): object to processing based on legitimate interests or for direct marketing purposes
- Right to Withdraw Consent (Art. 7(3)): withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing
We will respond to requests within one (1) month of receipt. Where requests are complex or numerous, we may extend this period by a further two (2) months, in which case we will notify you within one month of the reason for the extension.
10.2 Rights under CCPA (California residents)
- Right to Know: request disclosure of the categories and specific pieces of personal information we have collected about you
- Right to Delete: request deletion of your personal information, subject to certain exceptions
- Right to Opt-Out of Sale: we do not sell personal information; this right is not applicable
- Right Not to be Discriminated Against: you will not receive discriminatory treatment for exercising your CCPA rights
We will respond to verifiable CCPA requests within forty-five (45) days of receipt. We may extend this period by a further forty-five (45) days where necessary, with prior notice.
10.3 How to Exercise Your Rights
To exercise any of the above rights, please submit a verifiable request to: [email protected]. We may need to verify your identity before processing your request. There is no charge for submitting a request, except where requests are manifestly unfounded or excessive.
If you are located in the EEA or UK and you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local supervisory authority. In the UK, this is the Information Commissioner's Office (ICO): www.ico.org.uk. In the EEA, you may contact the supervisory authority in your country of residence.
11. Children's Privacy
The Sella Platform is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected personal information from a person under 18, we will take immediate steps to delete such information. If you believe we have inadvertently collected information from a minor, please contact us at [email protected].
12. Third-Party Links and Services
Our Platform may contain links to third-party websites or services, including Advertiser landing pages. This Privacy Policy does not apply to such third-party sites. We are not responsible for the privacy practices of third parties and encourage you to review their privacy policies before providing any personal information.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Where changes are material, we will provide prior notice by posting the updated Policy on our Platform with a revised "Last Updated" date and, where required by applicable law or where the changes are significant, by sending you a notice via email to your registered address. Your continued use of the Platform after the expiry of the notice period constitutes your acceptance of the updated Policy.
14. Contact Information and Data Controller
The data controller for personal information collected through the Sella Platform is:
Company name: Standoon Limited
Registered address: Unit G25 W Waterfront Studios, 1 Dock Road, London, United Kingdom, E16 1AH
Legal & Compliance: [email protected]
As Sella Platform is incorporated in the United Kingdom and primarily processes personal data of EEA residents through its platform, we are monitoring our obligations under Article 27 GDPR regarding the appointment of an EU representative. We will update this Policy and notify affected users if an EU representative is designated.
For any questions about this Privacy Policy or our data protection practices, please contact us at [email protected].
