Privacy Policy

1. Introduction

This Privacy Policy (“Policy”) describes how H2CPA NETWORK LIMITED (“H2CPA”, “we”, “us”, or “our”) collects, uses, stores, discloses, and otherwise processes personal data in connection with our websites, applications, partner onboarding, advertising and affiliate network operations, and related services (collectively, the “Services”).

Our public site is available at https://h2cpamedia.com. By accessing the Services or submitting personal data to us, you acknowledge that you have read this Policy and understand how we will handle your information in accordance with applicable law.

1.1 Who should read this Policy

This Policy applies to:

• visitors to our websites and marketing landing pages;
• publishers, affiliates, media partners, and their representatives;
• advertisers, agencies, and their representatives;
• individuals who communicate with us by email, telephone, or instant messengers; and
• individuals whose data may be processed through tracking, measurement, reconciliation, or anti-fraud technologies deployed in connection with campaigns run on our network.

2. Legal framework

We are established in Hong Kong. Where we process personal data in Hong Kong, we aim to comply with the Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”), including the Data Protection Principles concerning lawful and fair collection, accuracy, retention, security, openness, access, and correction.

Because our network operates globally, additional laws may apply depending on your location and the nature of processing (for example, laws governing electronic marketing, cookies, or sector-specific obligations). Where multiple regimes apply, we apply the standard that provides the higher level of protection to data subjects, except where a stricter local rule is incompatible with Hong Kong law.

3. Personal data we collect

The categories of personal data we process depend on your relationship with us and the Services you use. They may include:

3.1 Identity and contact data

Name, company name, job title, work email address, telephone number, messenger identifiers (such as Telegram, Skype, or WhatsApp), country or region, time zone, and billing or tax identifiers where required for contracting or invoicing.

3.2 Account, commercial, and network data

Login identifiers, internal account or publisher IDs, offer or campaign identifiers, postback URLs, API keys or tokens (stored using appropriate technical controls), traffic source descriptions, pricing or cap information, compliance questionnaires, know-your-business materials, and records of contractual correspondence.

3.3 Technical, usage, and performance data

IP address, device or browser type, operating system, language preferences, approximate location derived from IP, timestamps, referral URLs, click or impression identifiers, conversion or event payloads, cookie or similar identifiers, session logs, and diagnostic information used to secure and improve the Services.

3.4 Marketing and communications data

Newsletter or webinar subscriptions, event registrations, preference centres, and records of marketing communications and your responses.

3.5 Payment-related data

Bank account details, payment addresses, or payment instrument references where we or our payment partners process payouts or receive settlement information, strictly as required by applicable payment rules and segregation of duties.

4. How we collect personal data

We obtain personal data through:

• forms, applications, and chat widgets on our websites;
• contracts, insertion orders, statements of work, and onboarding workflows;
• cookies, pixels, software development kits, server-to-server integrations, and similar technologies;
• email, telephone, video calls, and approved messaging channels;
• fraud-prevention, brand-safety, analytics, hosting, CRM, or identity vendors acting on our documented instructions where permitted by law; and
• referrals or introductions from existing partners, subject to appropriate notices where required.

5. Purposes of processing

We process personal data for the following purposes:

• evaluating applications, performing due diligence, and onboarding;
• operating the affiliate and performance marketing network, including attribution, reporting, optimisation, invoicing, and commission calculations;
• detecting, investigating, and mitigating fraud, invalid traffic, policy breaches, and security incidents;
• complying with legal, regulatory, tax, and audit obligations, and responding to lawful requests from public authorities;
• improving our products, conducting analytics, training staff, and developing new features;
• sending service notices, security alerts, and (where permitted) marketing communications that may be of professional interest; and
• exercising or defending legal claims and enforcing our agreements, including collections where permitted.

We collect personal data only for purposes that are lawful and directly related to our functions. We take practicable steps to ensure data accuracy, limit retention, and protect data against unauthorised or accidental access, processing, erasure, loss, or use.

6. Cookies and similar technologies

We use cookies, pixels, local storage, session storage, and similar technologies to operate the Services, remember preferences, measure performance, and (where configured) support advertising measurement. You may control cookies through your browser or device settings; disabling certain cookies may impair authentication, reporting, or anti-fraud features.

Where required by law, we will obtain consent before using non-essential cookies or similar technologies, and we will provide granular information about categories and retention in a dedicated cookie notice or preference centre when deployed on our sites.

7. Disclosure and international transfers

We may disclose personal data to: members of our corporate group; hosting, communications, CRM, analytics, ticketing, and security vendors; payment processors; fraud and brand-safety partners; professional advisers; prospective purchasers in a merger or acquisition subject to confidentiality obligations; and counterparties where disclosure is necessary to perform a contract or comply with law.

Our infrastructure and subprocessors may be located in Hong Kong and in other countries. Where personal data is transferred outside Hong Kong, we implement appropriate safeguards—such as contractual clauses, adequacy findings, or other mechanisms recognised under applicable law—to ensure an adequate level of protection.

8. Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy, including resolving disputes, enforcing agreements, and satisfying legal, regulatory, tax, and accounting requirements. Retention periods vary by category of data, the nature of the relationship, and jurisdictional rules. When retention ends, we will delete or anonymise personal data in accordance with our retention schedules, unless a longer period is required by law or legitimate archival interests.

9. Security

We implement administrative, technical, and organisational measures designed to protect personal data against unauthorised or accidental access, loss, alteration, or disclosure. Measures may include access controls, encryption in transit where appropriate, logging, vulnerability management, and staff training. No method of transmission over the Internet or electronic storage is completely secure; we encourage you to use strong passwords and protect your credentials.

10. Your rights

Subject to the PDPO and other applicable laws, you may have the right to request access to personal data we hold about you and to request correction of inaccurate data. Depending on your jurisdiction, you may also have rights to object to or restrict certain processing, withdraw consent where processing is consent-based, request erasure or portability, or lodge a complaint with a supervisory authority.

We will respond to verifiable requests within the timelines required by law. We may need to verify your identity before fulfilling a request. If we decline a request, we will explain our reasons where the law requires.

11. Marketing communications

Where permitted, we may send professional updates about products, events, or industry developments. You may opt out of marketing emails at any time using the unsubscribe link or by contacting us using the details below. Operational messages relating to security, billing, or contractual performance may continue where permitted by law.

12. Children

The Services are directed to businesses and professionals. We do not knowingly collect personal data from children under 16 (or the age specified in your jurisdiction) without verifiable parental or guardian consent. If you believe we have collected such data, please contact us and we will take prompt steps to delete it.

13. Automated decision-making

We may use automated systems—including rules-based scoring and machine learning models—to assess fraud risk, traffic quality, or account eligibility. Significant decisions that affect you legally or similarly will be subject to human review where required by law, and you may have the right to obtain meaningful information about the logic involved and to contest the decision under applicable rules.

14. Changes to this Policy

We may update this Policy to reflect operational, legal, or regulatory changes. The “Last updated” date at the top of this page will be revised accordingly. Where changes are material, we will provide additional notice as required (for example, by email or a prominent banner on our website). Continued use of the Services after the effective date constitutes acceptance of the updated Policy where permitted by law.

15. Contact

For privacy questions, data protection enquiries, or to exercise your rights in relation to personal data processed by H2CPA NETWORK LIMITED, please contact us using the channels published on our website (including https://h2cpamedia.com/contact) or through your account representative.

Postal address: A27 2/F HING YIP CENTRE, 31 HING YIP STREET, KWUN TONG, HK

Email: partnerships@h2cpamedia.com

D-U-N-S® Number: 663845240