Last Updated: October 1st 2025

This Privacy Policy applies exclusively to the use of the G‑OFFICE platform provided by GOOMOOD DIGITAL CONSULTING LTD (“GMDC”, “we”, “us”, or “our”) to registered Promoters of Happydemy®.

“Customer”: Means a user or client who registers with Happydemy® after being referred by a Promoter through G‑OFFICE. All Customer Data remains the exclusive property of GMDC and is only made visible to the referring Promoter for contractual purposes.

“Data Controller”: Means the entity that determines the purposes and means of the processing of Personal Data. For this Policy, GMDC is the Data Controller for all data processed within G‑OFFICE.

“Data Processor”: Means a third party that processes Personal Data on behalf of the Data Controller. GMDC may engage such processors for technical, hosting, security, or analytical functions.

“Data Protection Officer” or “DPO”: Means the person internally appointed by GMDC to oversee data protection compliance and act as the point of contact for Promoters, Customers, and supervisory authorities.

“GDPR”: Refers to the United Kingdom General Data Protection Regulation (UK GDPR), as retained in the Data Protection Act 2018, and the European Union General Data Protection Regulation (EU GDPR), where applicable.

“G‑OFFICE”: Means the private and secure platform operated by GMDC, through which registered Promoters can manage their business activities, view referral data, track commissions, and interact with the Happydemy® system.

“GIPA” or “Global Independent Promoter Agreement”: Means the binding agreement entered into between GMDC and each Promoter, which governs their rights, obligations, and participation in the Happydemy® affiliate program. This Privacy Policy forms an integral part of the GIPA.

“GMDC”: Refers to GOOMOOD DIGITAL CONSULTING LTD, a private limited company registered in England and Wales with Company Number 15053534 and registered office at 167–169 Great Portland Street, 5th Floor, London, W1W 5PF, United Kingdom. GMDC acts as the Data Controller under this Policy.

“Happydemy®”: Refers to the digital ecosystem operated by GMDC through which customers can register and interact with products, services, and affiliate programs.

“ICO”: Refers to the Information Commissioner’s Office, the United Kingdom’s independent authority for data protection and privacy rights.

“Personal Data”: Has the meaning defined under Article 4(1) of the UK GDPR and EU GDPR, referring to any information relating to an identified or identifiable individual.

“Policy”: Refers to this G‑OFFICE Privacy Policy, including all of its sections and any future amendments.

“Processing”: Refers to any operation performed on Personal Data, whether automated or not, including collection, recording, storage, consultation, use, disclosure, or erasure.

“Promoter”: Means any natural or legal person who has entered into a valid GIPA with GMDC and is authorised to use G‑OFFICE in accordance with its terms.

“Subprocessors”: Means the third‑party technical service providers engaged by GMDC under written agreements to process Personal Data on GMDC’s behalf within the scope of the G‑OFFICE platform.

This Privacy Policy governs the collection, use, and protection of personal data within the G‑OFFICE platform, a secure digital environment developed and operated by GOOMOOD DIGITAL CONSULTING LTD (“GMDC”) for the exclusive use of registered Promoters participating in the Happydemy® affiliate program.

The G‑OFFICE system serves as a private and professional interface through which Promoters can manage their affiliate activities, track performance, access referral information, and view relevant data regarding Customers they have directly invited to the platform. Additionally, G‑OFFICE collects and processes data about Promoters themselves to enable authentication, performance tracking, compliance, and financial operations.

This Policy sets out:

• What personal data is processed within G‑OFFICE,
• For what purposes the data is used,
• The rights of Promoters and Customers under applicable law,
• The technical and legal protections in place to safeguard that data,
• The limitations imposed on Promoters in the use of Customer data.

It applies to all data processed within the G‑OFFICE environment, including Promoter registration data, technical access data, and Customer data transmitted by Happydemy® to GMDC for legitimate affiliate tracking and program execution.

Use of G‑OFFICE constitutes express agreement with the terms of this Policy, which forms an integral part of the contractual relationship established through the Global Independent Promoter Agreement (GIPA).

The entity responsible for determining the purposes and means of processing personal data within the G‑OFFICE platform is:

GOOMOOD DIGITAL CONSULTING LTD

Company Number: 15053534

Registered Office: 167-169 Great Portland Street, 5th Floor, London W1W 5PF, UK

Email: privacy@goomood.com

Data Protection Officer (Internal): privacy@goomood.com

As the Data Controller, GMDC holds full responsibility for ensuring that all processing of personal data—whether relating to Promoters or Customers—is carried out in accordance with applicable laws, including the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR) (where applicable), and the UK Data Protection Act 2018.

GMDC establishes the scope and purpose of each data flow within the G‑OFFICE environment, including:

• the collection and management of Promoter profile information,
• the controlled display of Customer data (received from Happydemy),
• the use of technical and behavioural data for compliance, auditing, and platform optimisation.

To ensure compliance and promote best practices in data protection, GMDC has appointed an internal Data Protection Officer (DPO). The DPO oversees internal governance frameworks, provides guidance on GDPR obligations, and acts as a point of contact for Promoters, Customers, and supervisory authorities in matters relating to privacy.

The DPO can be contacted directly for any inquiries, complaints, or requests related to the processing of personal data. All communications will be handled confidentially and in line with applicable response timeframes under data protection law.

The G‑OFFICE platform processes two primary categories of personal data: (1) data directly related to the Promoter, and (2) data of Customers invited by the Promoter to Happydemy. In addition, we process specific technical and behavioural data required to ensure the security and proper functioning of the platform.

All data collected is processed in compliance with applicable legal frameworks and solely for purposes defined under the Global Independent Promoter Agreement (GIPA) and this Privacy Policy.

Upon registration and throughout the Promoter’s use of G‑OFFICE, we collect and process the following types of personal and professional information:

• Full name and surname
• Email address and contact number
• Residential or business address
• Country of registration and tax residency
• Tax/VAT identification number and other business credentials (if applicable)
• Banking or payout information (for commission disbursements)
• G‑OFFICE login credentials (username, encrypted password)
• Identity verification data (if required for compliance)
• Records of commissions, bonuses, and performance metrics
• Communications with support teams, including emails and tickets
• Internal notes or status information linked to the Promoter account

This data is essential for fulfilling the contractual relationship, managing account operations, processing payments, and ensuring traceability within the platform.

Providing the above data is required to fulfil the Promoter Agreement. Failure to provide such data may result in the inability to access G‑OFFICE or receive compensation

When a Promoter successfully invites a user to register on Happydemy, the following Customer data is automatically and lawfully transmitted to G‑OFFICE for the sole purpose of enabling the Promoter to follow up within the platform:

• Full name
• Email address
• Phone number
• Postal address (if provided)
• Date of registration on Happydemy
• Subscription or purchase history (type, value, frequency)
• Current account status (e.g., active, inactive, deleted)

This data is not collected by the Promoter, but is received by GMDC from Happydemy under a lawful basis (contract and legitimate interest), and then displayed to the Promoter in a read-only, non-exportable format.

The Promoter must not extract, store, copy, or use this data in any way outside the G‑OFFICE system. Any attempt to do so constitutes a material breach of both this Policy and the GIPA.

In addition to the above, GMDC processes specific technical and behavioural data related to the use of G‑OFFICE, including but not limited to:

• Login timestamps and session durations
• IP address and geolocation metadata
• Device type, browser version, and operating system
• Activity logs within the platform (page views, clicks, navigational flows)
• Authentication attempts and security-related events (e.g. failed logins)
• System diagnostics and usage trends (for performance optimisation)

This data helps us secure the platform, detect suspicious behaviour, conduct audits, and improve the overall user experience.

All data categories listed above are processed using appropriate technical safeguards and under clearly defined purposes, which are outlined in the next section.

The processing of personal data within the G‑OFFICE platform is carried out for specific, legitimate, and clearly defined purposes, in accordance with the principles of lawfulness, transparency, and purpose limitation established by the UK GDPR and EU GDPR.

The data processed falls into two distinct categories: Promoter data (collected directly by GMDC) and Customer data (received from Happydemy). In both cases, the data is used strictly within the scope of the affiliate relationship defined by the Global Independent Promoter Agreement (GIPA).

Promoter data is processed for the following purposes:

• Account creation and verification: to register the Promoter as a contractual party and enable access to the G‑OFFICE system.
• Authentication and secure login: to ensure only authorised access through credential and device verification.
• Operational and financial management: to calculate and disburse commissions, process invoices, and maintain internal accounting records.
• Communication and support: to contact the Promoter with updates, alerts, or support responses as part of the service delivery.
• Compliance and auditing: to comply with legal obligations, including tax reporting, anti-fraud monitoring, and internal controls.
• Performance tracking: to display and monitor the Promoter’s affiliate performance and results within the system.

Customer data received from Happydemy is processed by GMDC on the legal basis of contract and legitimate interest, and displayed to the relevant Promoter for the following purposes:

• Referral and attribution: to confirm the Customer’s registration originated from the Promoter and attribute potential commissions accordingly.
• Follow-up and onboarding: to enable the Promoter to monitor the status of their referred Customers and support their journey on Happydemy (within the platform only).
• Internal reporting and compliance: to ensure transparent tracking of Promoter performance, prevent fraud, and comply with legal or tax requirements.

This data is provided to the Promoter in a view-only interface. The Promoter is prohibited from contacting the Customer outside authorised tools, extracting or replicating the data, or using it for any purpose beyond the scope of the GIPA.

We also process system-related data for the following purposes:

• Platform security and access control: to protect accounts and data against unauthorised access or malicious activity.
• Usage analysis and system improvement: to understand how the platform is used and improve its design, speed, and reliability.
• Anomaly detection and forensic auditing: to monitor for signs of misuse, breach attempts, or policy violations.
• Regulatory compliance: to meet statutory obligations in data security, log retention, and breach management.

All data is processed in accordance with the principles of data minimisation and proportionality, and no personal data is processed beyond what is strictly necessary to fulfil the purposes outlined above.

No automated decision-making or profiling is performed within the G‑OFFICE platform that would produce legal effects or similarly significant impact on individuals.

All personal data processed within the G‑OFFICE platform is handled in accordance with one or more of the lawful bases established by the UK General Data Protection Regulation (UK GDPR) and, where applicable, the EU General Data Protection Regulation (EU GDPR).

GMDC ensures that each processing activity has a clearly identified legal justification and is carried out with full respect for the data subject’s rights and the principle of necessity.

Data collected from or about Promoters is processed primarily based on:

• Contractual necessity – processing is required to enter into, manage, and fulfil the obligations set out in the Global Independent Promoter Agreement (GIPA). This includes authentication, performance tracking, commission management, and communication.
• Legal obligation – specific data must be processed and retained to comply with legal requirements, including tax reporting, recordkeeping, and regulatory compliance in the jurisdictions where GMDC operates.
• Legitimate interest – GMDC may process Promoter data to ensure the security, functionality, and lawful operation of the G‑OFFICE platform. For example, access logs and activity data are used to prevent fraud and unauthorised use.

Where optional data is collected (e.g. for surveys, product feedback, or marketing preferences), Promoters may be asked to provide explicit consent, which can be withdrawn at any time.

GMDC processes customer data received via Happydemy for the Promoter’s benefit based on:

• Contractual necessity – the processing is required to correctly attribute the customer referral to the appropriate Promoter and calculate commission entitlements under the GIPA.
• Legitimate interest – GMDC has a legitimate interest in enabling Promoters to view limited Customer information within G‑OFFICE to support referral-based activities, provided that such access is strictly limited, proportionate, and compliant with data protection law.

The Customer grants consent to Happydemy for this data flow upon registration through a Promoter’s invitation. GMDC processes the data under that framework without requiring a separate consent process.

System, usage, and diagnostic data are processed under the lawful basis of:

• Legitimate interest – to ensure the security, stability, and operational integrity of the G‑OFFICE platform, including access control, fraud prevention, and anomaly detection.

In all cases, GMDC commits to evaluating and balancing its legitimate interests against the rights and expectations of data subjects. Where the balance cannot be justified, alternative legal bases such as consent or legal obligation are used, or the processing is avoided altogether.

All personal data processed within G‑OFFICE—whether related to Promoters or to Customers referred through Happydemy—remains under the exclusive ownership and control of GOOMOOD DIGITAL CONSULTING LTD (“GMDC”).

No Promoter shall acquire, claim, or assume any right of ownership, control, or independent processing authority over such data by virtue of their access to the platform.

All data collected and displayed within G‑OFFICE, including Customer referral data, Promoter performance data, account usage logs, and technical metadata, is and remains the intellectual and legal property of GMDC.

This includes, but is not limited to:

• Customer identity and contact data received from Happydemy
• Subscription and purchase data
• Commission records and promotional metrics
• Any derivative data produced through the use of G‑OFFICE

GMDC acts as the sole Data Controller, and no data accessed by Promoters shall be considered their property, nor processed beyond the terms explicitly allowed by this Policy and the Promoter Agreement (GIPA).

Each Promoter is granted a strictly limited, revocable license to access and view specific personal data of their directly referred Customers through the G‑OFFICE platform. This license is:

• Personal – it may not be transferred, shared, or sublicensed
• Conditional – it is valid only while the Promoter remains in good standing
• Operational – it exists solely to enable fulfilment of the Promoter’s role under GIPA
• Restricted – it does not permit export, duplication, or reprocessing of the data

The data is made available exclusively in read-only format within the G‑OFFICE interface and is subject to strict technical controls to prevent copying, downloading, scraping, or screen capturing.

Promoters accessing Customer data via G‑OFFICE are required to comply with the following obligations:

• Non-exportation: Promoters may not export, download, or replicate Customer data in any way, whether manually or using tools or scripts.
• Non-contact: Promoters may not contact Customers outside of the tools provided by the platform, unless explicitly permitted by GMDC.
• Non-disclosure: Promoters may not share Customer data with third parties, colleagues, or external systems (e.g. spreadsheets, CRMs).
• Purpose limitation: Data may be used only for internal purposes directly related to the Happydemy referral program, and never for personal business or unrelated ventures.
• Confidentiality: Promoters must treat all data accessed via G‑OFFICE as confidential and take reasonable steps to protect it from unauthorised disclosure or misuse.

Any violation of the above conditions constitutes a material breach of the GIPA and may result in immediate suspension or termination of the Promoter’s access, as well as legal liability for any resulting damage or regulatory exposure.

The Promoter does not become a Data Controller, Joint Controller, or Processor with respect to Customer data accessed via G‑OFFICE. The Promoter is not authorised to define processing purposes or methods, nor to retain or repurpose any data for uses outside the platform.

This limitation is essential to ensure data protection compliance and to maintain the trust of Customers and other stakeholders in the Happydemy ecosystem.

GMDC adopts a policy of strict non-disclosure and controlled internal access regarding all personal data processed within the G-Office platform.

Under no circumstances is personal data sold, leased, shared for advertising purposes, or disclosed to external third parties without a legal or contractual basis.

We operate under the principle that all data flows must be necessary, traceable, and compliant, and only those parties with a legitimate, role-based need may access personal data.

GMDC does not share Promoter or Customer data with third parties for marketing, profiling, or advertising purposes.

We do not sell data, rent user lists, or authorise any partner or affiliate to use data collected via G‑OFFICE for their own benefit.

All processing remains internal to GMDC or its strictly bound technical partners, and is executed solely to support the performance and security of the platform.

Where necessary for the operation of G‑OFFICE, specific categories of data may be processed by carefully selected and contractually bound technical partners, such as:

• Cloud infrastructure providers (e.g. hosting, servers, storage)
• Payment and accounting processors (for Promoter commissions)
• Security or audit service providers (e.g. intrusion detection, backups)

These subprocessors operate under written agreements that require them to act exclusively on GMDC’s instructions, maintain complete confidentiality, and implement appropriate security measures in line with the UK/EU GDPR.

A complete list of active subcontractors may be made available upon request by a Promoter or supervisory authority.

At present, no data processed within G‑OFFICE is transferred outside of the United Kingdom or the European Economic Area (EEA). All systems, servers, and backups are maintained within GDPR-aligned jurisdictions.

If a cross-border transfer ever becomes necessary, GMDC commits to implementing appropriate safeguards, such as:

• Standard Contractual Clauses (SCCs)
• Data transfer impact assessments (DTIAs)
• Encryption and access control during transit
• Local storage or pseudonymisation techniques

GMDC will not engage in any international data transfer unless such measures are entirely in place and compliant with applicable law.

In rare cases, GMDC may be required to disclose data to competent authorities (e.g. tax agencies, courts, data protection regulators) when legally compelled to do so.

Such disclosures will be limited to the minimum required and, where possible, the data subject will be informed in advance, unless prohibited by law.

GMDC retains personal data processed within the G‑OFFICE platform only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable legal, fiscal, or regulatory obligations.

Retention periods vary depending on the type of data involved, the nature of the contractual relationship, and the applicable legal requirements for accounting, taxation, auditing, or dispute resolution.

All data is periodically reviewed and, where no longer needed, is either securely deleted or irreversibly anonymised in accordance with industry best practices.

Data related to Promoters—including identity, contact, tax and payment information, contractual records, and performance history—is retained for the entire duration of the Promoter’s active relationship with GMDC, and for an additional period of at least six (6) years after termination, to comply with:

• UK accounting and tax retention rules
• Obligations under contract and civil law (e.g. to resolve disputes or defend legal claims)
• Internal audit and reporting needs

During this period, data may be archived and restricted from active use, but will remain securely stored and accessible only to authorised personnel.

Customer data received from Happydemy and made visible to Promoters in G‑OFFICE is retained and displayed:

• Only for the duration of the Promoter’s active status, and
• Only for Customers directly referred by that Promoter

Once the Promoter’s access is terminated, or if the referral relationship ends (e.g. the Customer is reassigned or deleted), GMDC will remove the link between the Promoter and the Customer, and the Promoter will no longer be able to access such data.

The data itself may continue to be stored within Happydemy or GMDC’s internal systems, subject to the applicable retention policy of the leading platform. Still, it will no longer be accessible via G-Office.

System logs, authentication records, session data, and other technical metadata are retained:

• For up to 12 months for operational, audit, and forensic purposes
• Longer only if required by law or as evidence in ongoing investigations

Once the retention period expires, such data is either deleted or aggregated into non-identifiable statistical formats.

When personal data reaches the end of its retention period, GMDC uses secure deletion protocols, including:

• Permanent deletion from active systems and encrypted backups
• Overwriting or destruction of physical media (if applicable)
• Anonymisation or pseudonymization (where appropriate for statistical use)

These procedures ensure that no data remains accessible, recoverable, or usable after deletion, in compliance with the data minimisation and storage limitation principles of the UK/EU GDPR.

GMDC is committed to maintaining the highest standards of data security across the G‑OFFICE platform, in accordance with Article 32 of the UK GDPR and EU GDPR.

We implement a combination of technical, organisational, and procedural measures to protect all personal data from unauthorised access, loss, alteration, or misuse—whether caused by internal risk, external attack, or human error.

Security is not treated as an add-on, but as an integral part of the platform’s design and operational philosophy.

All data processed within G‑OFFICE is hosted on secure, GDPR-compliant infrastructure, including:

• ISO/IEC 27001-certified data centres
• Secure cloud environments with encryption-at-rest
• Role-based access control (RBAC) systems
• Segregation of duties and data partitioning by Promoter
• 24/7 monitoring of access, availability, and performance

Only authorised personnel with a defined operational need may access sensitive data, and all access is recorded and reviewed periodically.

• All data in transit between the user and the platform is protected using Transport Layer Security (TLS 1.2 or higher).
• All stored data (at rest) is encrypted using industry-standard algorithms (e.g., AES‑256).
• Access to administrative areas of G‑OFFICE is protected by multi-factor authentication (MFA).
• Passwords and authentication tokens are hashed using strong cryptographic algorithms and are never stored in plaintext.

G‑OFFICE employs advanced controls to prevent unauthorised access or misuse:

• Secure login with email + password combination
• Optional two-factor authentication (2FA) for enhanced access protection
• Session timeout and reauthentication requirements after periods of inactivity
• Detailed activity logging per Promoter, including login timestamps, actions performed, and data viewed
• Real-time alerts for anomalous behaviour, such as excessive data views, failed login attempts, or access from unknown IPs

These logs are retained and monitored to detect, investigate, and prevent attempts at misuse or breaches.

GMDC maintains a structured incident response protocol, including:

• Real-time alerts and log correlation
• Designated data protection leads for incident triage
• Containment, resolution, and remediation workflows
• Notification to the DPO and, where necessary, to supervisory authorities and affected individuals within GDPR timelines

Regular internal audits and penetration tests are conducted to verify the platform's security and ensure ongoing compliance with privacy and cybersecurity standards.

While GMDC implements robust protections, each Promoter also has a responsibility to:

• Keep their credentials confidential and secure
• Refrain from sharing accounts or accessing G‑OFFICE from insecure devices or networks
• Report any suspected unauthorised access or anomaly immediately to GMDC
• Log out of their session when access is no longer needed

Security is a shared responsibility, and Promoter cooperation is essential to maintain the integrity of the system.

Under the UK GDPR and EU GDPR, individuals whose personal data is processed—referred to as data subjects—have certain rights regarding how their data is collected, used, stored, and deleted.

Within the scope of G‑OFFICE, this applies both to:

• Promoters, whose data is collected directly by GMDC during registration and use of the platform, and
• Customers, whose data is transmitted from Happydemy and displayed (read-only) to the Promoter via G‑OFFICE.

While G‑OFFICE operates in a B2B professional context, GMDC respects the fundamental data rights of all individuals and is committed to enabling their proper exercise, within the limits set by law and legitimate interest.

As a registered Promoter, you may exercise the following rights at any time:

• Right of access – to obtain confirmation of whether your personal data is being processed and to receive a copy of that data.
• Right to rectification – to request correction of any inaccurate or incomplete personal data.
• Right to erasure – to request deletion of personal data where there is no longer a legal basis for its retention.
• Right to restriction of processing – to request a pause on processing where there is a dispute over accuracy, purpose, or legality.
• Right to object – to object to processing based on legitimate interest, where you believe your fundamental rights override those interests.
• Right to data portability – to receive your personal data in a structured, commonly used format (where technically applicable).
• Right to withdraw consent – where any processing is based on consent, you have the right to withdraw that consent at any time.

Note: Some of these rights may be limited or refused where the data is required to fulfil contractual or legal obligations, such as financial or tax-related recordkeeping.

Customers whose data is displayed in G‑OFFICE are considered data subjects of Happydemy as the originating platform. However, GMDC processes their data under legitimate interest and contract, and recognises their rights under GDPR, including:

• Right to access, rectification, and erasure
• Right to restriction or objection
• Right to lodge a complaint

Such Customers should direct their requests to Happydemy, as the primary controller, but GMDC will cooperate fully and promptly with any validated request received or forwarded.

All data subject requests must be sent in writing to: privacy@goomood.com

Please include:

• Your full name
• The nature of your request
• Proof of identity (if required)
• Any reference to your Promoter ID (if applicable)

GMDC will respond to your request within one calendar month, with an additional two months allowed for cases of complexity, in accordance with GDPR timelines.

Suppose you believe that your rights have been violated, or that your personal data is being processed unlawfully. In that case, you have the right to complain to the relevant supervisory authority.

For the United Kingdom, this is:

Information Commissioner’s Office (ICO)

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Website: https://ico.org.uk

The integrity of personal data within G‑OFFICE is of critical importance. Any unauthorised access, misuse, or violation of this Privacy Policy—particularly in relation to Customer data accessed by Promoters—will be treated with the utmost seriousness.

This section outlines how breaches are identified, the measures GMDC may take in response, and the legal and financial responsibilities that Promoters assume by accepting the terms of use.

A data breach may occur through:

• Unauthorised access to personal data by an individual or system
• Unauthorised copying, downloading, or extraction of data
• Use of personal data for non-permitted purposes
• Sharing or transmitting data to third parties without approval
• Negligence or failure to follow security procedures
• Use of automated tools or scripts to collect data from the platform
• Failure to report known or suspected misuse of data

A breach can result from intentional misconduct or accidental negligence and is not limited to large-scale incidents.

GMDC maintains continuous monitoring and activity logging across the G‑OFFICE environment to detect:

• Abnormal data access patterns
• Repeated access to restricted records
• Use of unauthorised tools or extensions
• Multiple logins from inconsistent IPs or locations

If suspicious activity is detected, access may be immediately suspended pending investigation, and the Promoter may be contacted for clarification or verification.

In the event of a confirmed or strongly suspected violation, GMDC reserves the right to take any of the following measures, individually or in combination:

• Immediate suspension or revocation of access to G‑OFFICE
• Termination of the Promoter Agreement (GIPA) with or without notice
• Reporting the incident to the competent Data Protection Authority (e.g. ICO, DPC)
• Initiation of legal action to seek compensation, penalties, or enforcement
• Public notification to affected individuals, if required under GDPR

The severity of enforcement will be proportional to the nature and impact of the breach.

Promoters are personally liable for any breach of data protection obligations arising from their access to or handling of data within G‑OFFICE.

By accepting the Promoter Agreement and this Policy, each Promoter agrees to:

• Indemnify and hold harmless GMDC from any claim, fine, loss, cost, or damage—whether legal, financial, or reputational—arising directly or indirectly from their actions or omissions.
• Cooperate fully with any internal or external investigation following a breach or complaint.
• Provide relevant evidence or explanation, if requested, in the event of irregular access or policy violations.

This indemnification obligation survives the termination of the contractual relationship and applies regardless of whether the breach was intentional, negligent, or due to failure to act.

Promoters are expected to:

• Report any known or suspected misuse of Customer or platform data immediately to GMDC
• Refrain from attempting to investigate or resolve the issue on their own
• Comply with all reasonable requests during any forensic, legal, or regulatory inquiry

GMDC is committed to transparency in how incidents are handled and will take all appropriate steps to minimise harm to data subjects, in line with its obligations under data protection law.

This Privacy Policy is a living document. It may be updated or amended by GMDC from time to time in response to changes in the law, technological advancements, security updates, or modifications to the operational or contractual structure of the G-OFFICE platform.

GMDC reserves the right to modify this Policy at its discretion, while maintaining transparency and compliance with applicable laws.

We may revise this Privacy Policy in the event of:

• Changes to UK or EU data protection laws (e.g., new guidance, case law, or regulatory requirements)
• Updates to our internal data practices, infrastructure, or subprocessors
• Introduction of new features, services, or tools within G‑OFFICE
• Clarifications or refinements to improve readability and interpretation
• Changes to the structure of the Promoter Agreement (GIPA) affecting data handling

All changes will be made in good faith and with the intention of protecting both GMDC and the data subjects involved.

Where changes are material (e.g. new processing purposes, new categories of data collected, new third-party sharing), we will:

• Provide prior notice to all active Promoters via email or notification within G‑OFFICE
• Clearly indicate the effective date of the new version
• Offer, where applicable, the opportunity to review and accept the new terms before continuing use of the platform

Where changes are non-material (e.g. editorial improvements or clarification of legal language), we may update the Policy without formal notification.

The current version will always be accessible in the G‑OFFICE legal section or through the footer of the platform.

By continuing to use the G‑OFFICE platform after any such updates come into effect, the Promoter is deemed to have read, understood, and accepted the revised version of this Privacy Policy.

Suppose a Promoter does not agree to the updated terms. In that case, their only recourse is to discontinue use of G‑OFFICE and terminate their Promoter Agreement, in accordance with the applicable terms.

This section contains general legal provisions that ensure the clarity, enforceability, and contractual alignment of this Privacy Policy within the broader framework of the Promoter’s relationship with GMDC.

These clauses are standard in professional agreements and form an integral part of the legal structure governing the use of G‑OFFICE.

This Privacy Policy forms an integral and binding part of the Global Independent Promoter Agreement (GIPA) entered into between GMDC and the Promoter.

By accepting and using G‑OFFICE, the Promoter acknowledges having read, understood, and accepted the terms of this Privacy Policy as a contractual condition of participation in the Happydemy® affiliate program.

In case of conflict between the terms of this Policy and any other public or promotional material, the terms of this Privacy Policy shall prevail.

This Privacy Policy shall be governed by and construed in accordance with the laws of England and Wales, without regard to its conflict of law provisions.

Any dispute arising out of or in connection with this Policy—including issues relating to data protection, security incidents, or Promoter access—shall be subject to the exclusive jurisdiction of the courts of London, United Kingdom, unless otherwise stated in the Promoter Agreement.

Suppose any provision of this Privacy Policy is found to be invalid, unlawful, or unenforceable by a court or regulator. In that case, such provision shall be severed from the remaining provisions, which shall continue to be valid and enforceable to the fullest extent permitted by law.

Failure or delay by GMDC in exercising any right or remedy under this Policy shall not constitute a waiver of that or any other right or remedy.

Any waiver must be expressly granted in writing by an authorised representative of GMDC.

This Policy is provided in English and may be translated into other languages for convenience.

In the event of inconsistency or interpretation conflicts, the English version shall prevail.