PROXY UNLIMITED LTD.

DATA PROTECTION INFORMATION

1. INTRODUCTION

1.1 This data protection information document (the "Data Protection Information") of Proxy Unlimited Ltd. ("Proxy Unlimited","we," "us," or "our") applies to the collection and processing of personal data in connection with the provision of Proxy Unlimited's web browser extensions to you as the user of such web-browser extensions ("you", "your").

1.2 This Data Protection Information covers all web-browser extensions provided by Proxy Unlimited. Currently, the following web-browser extensions are available from us: AdsKiller, Full AdBlock, AdBlock360, Privacy Adblocker, YouTube™ AdBlocker, Ultimate Ad Eraser, Blocksly, Awesome Blocker, Video Adblocker, Browse Keeper, AdsFight. All web-browser extensions provided by Proxy Unlimited Ltd. are hereinafter referred to as the "Services". Further web-browser extensions may be added at a later stage; in this case, the Data Protection Information will be updated accordingly.

2. CONTROLLER AND DATA PROTECTION OFFICER CONTACT INFORMATION

2.1 Unless expressly stated otherwise, Proxy Unlimited Ltd. is the controller of the personal data collected and processed in connection with the provision of the Services.

2.2 If you have any questions about this Data Protection Information or our processing of your personal data, or if you wish to exercise any of your rights, you may contact us at:

Proxy Unlimited Ltd.
International House, Mdina Road
Mriehel, Birkirkara BKR 3000
Malta
E-mail: info@proxyunlimited.com

Alternatively, you may also contact our data protection officer at the contact details provided below

2.3 You may contact our data protection officer ("DPO") at:

Proxy Unlimited Ltd.
Data Protection Officer
International House, Mdina Road
Mriehel, Birkirkara BKR 3000
Malta
E-mail: dataprotection@proxyunlimited.com

3. OVERVIEW OF PURPOSES, LEGAL BASES AND CATEGORIES OF PERSONAL DATA

3.1 Purposes of the Services and of our data processing

The overall purpose of the Services is to remove intrusive elements from the websites displayed in your browser.

If you give us your consent, you will also have access to an optional free-of-charge advertisement replacement function. If this function is enabled, the ad blockers will display alternative, less intrusive" advertisements. The alternative, less intrusive elements that will be displayed are generally selected based on context, but also by using certain personal data as described herein below.

Your personal data will be processed mainly for the provision of the Services, i.e., so the web-browser extensions can function as designed. See Section 4 below for details on these purposes, the respective legal basis and the categories of personal data processed.

Additional processing activities may take place in specific situations (such as when required for complying with applicable laws or other legal obligations, e.g., disclosure of relevant personal data to courts or criminal prosecution authorities), or if we have separately informed you about such purposes. More details (including the respective legal basis and the categories of personal data affected) on processing in this regard are described in more detail in Section 5 below.

3.2 Legal bases on which personal data are processed

Generally, in connection with the provision of the Services, we collect and process your personal data to the extent necessary for provision of the Services based on the usage agreement between you and us (Art. 6 para. 1 lit. b) GDPR), or to the extent to which the processing is necessary for the purposes of our legitimate interests or the legitimate interest of a third party (Art. 6 para. 1 lit. f) GDPR).

With respect to certain processing activities, we may process your personal data to the extent necessary for compliance with a legal obligation to which we are subject (Art. 6 para. 1 lit. c) GDPR), or where we have obtained your prior consent to the relevant processing of your personal data for a specific purpose (Art. 6 para. 1 lit. a) GDPR).

3.3 Sources of personal data we process

Unless otherwise expressly stated in this Data Protection Information, the personal data listed in Sections 4 and 5 below are provided to us directly from you or your computer when you use the Services.

3.4 Your right to not provide your personal data

Generally, you have the right to not provide your personal data to us. However, for the optional advertisement replacement function of the Services to function properly, the browser extensions need to analyse the web traffic generated while you use your web browser. If you do not wish to use the optional advertisement replacement function after giving consent, you can opt out at any time by disabling the advertisement replacement in the extension’s settings.

4. PROCESSING IN CONNECTION WITH THE PROVISION OF THE SERVICES

The Services help to improve your web browsing experience by either removing advertisements entirely or replacing them with less intrusive advertisements if you have given consent to the provision of the advertisement replacement function.

4.1 Removing of advertisements

The Services are provided through the locally installed browser extension by processing the web traffic you initiate by entering an URL ("website address") in your browser's address bar. To identify the advertisements to be removed, the Services use local "filtering lists" which we regularly update and which the local browser extension downloads from a remote host.

For this purpose, the following categories of personal data are processed: For the actual removal step: no data is sent to us or our servers. All processing of the website data to remove the intrusive advertisements is done locally by the browser extension of your browser.

For updating the filtering lists: your IP-address is sent to the remote host storing the filtering list to request and download the updated filtering list, furthermore, your IP address is evaluated to roughly determine the country where you are based to select the most suitable filtering list; your IP-address is then anonymized by removing (i) the last octet if you are using an IPv4-adress or (ii) the last segments if you are using an IPv6-adress

Legal basis: Processing is necessary for the performance of the agreement on the provision of the Services that you have concluded with us (Art. 6 para. 1 lit. b) GDPR).

4.2 Replacing advertisements with less intrusive advertisements

The Services subsequently replace the removed advertisements with less intrusive advertisements if you have given consent to the provision of the advertisement replacement function.

The alternative, less intrusive advertisements are selected locally on your computer by the browser extension you installed. The selection of the less intrusive advertisements to be displayed is based on your estimated location, the header and context of the website you opened and the search terms you entered during your browser session.

We do not use more detailed data-based user profiles to address individuals with "targeted ads".

For this purpose, the following categories of personal data are processed: The country in which you are located is estimated based on the IP-address and is used to select ads that may be relevant for your country. In addition, also the header and the context of the website you opened are evaluated to ensure that the advertisements displayed are relevant to you and that the rules provided to the browser extensions are compatible with the browser extension. Further, the following data are processed: attached search links: Partner search links assigned to a user based on distribution logic; [•].

Legal basis: The processing is necessary for the performance of the agreement on the provision of the Services that you have concluded with us (Art. 6 para. 1 lit. b) GDPR).

4.3 Monetization

As we offer our services to you without the obligation to pay a fee, we cooperate with the advertisers to monetize the display of the less intrusive advertisements.

For this purpose, the following categories of personal data are processed: Unique User ID (UID) as generated upon extension installation; IP-address; Sub-ID (an internal identifier for the traffic source from which the user was acquired, collected during installation and linked to the UID); Click ID (a unique token generated for tracking specific click-out actions with advertising partners);

Legal basis: The processing is necessary to fulfil our legitimate interests in building an economically stable and sustainable business (Art. 6 para. 1 lit. f) GDPR).

4.4 Usage Statistics

To determine the interest in our Services and the usage thereof as well as the effectiveness of our marketing and promotional campaigns, we generate usage statistics regarding our Services and regarding the interest in the ads the Services displayed on the websites you accessed if the Services do not remove certain advertisements according to Section 4.1 or display alternative advertisements according to Section 4.2. In particular, we collect data to assess the number of DAU (daily active users).

For this purpose, the following categories of personal data are processed: Unique User ID (UID) as generated upon extension installation; IP-address; Sub-ID (an internal identifier for the traffic source from which the user was acquired, collected during installation and linked to the UID); uninstall data, namely information logged when a user uninstalls the extension, namely browser, country, hostname, IP address, Sub-ID and UID; user behaviour metrics: metrics derived from collected data, churn rate; ad reporting interactions: information about domains where users report ads or disable ad blocking is collected, including client info, link and type of interaction (such as clicking the report button in the UI or disabling the extension).

Legal basis: The processing is necessary to fulfil our legitimate interests in improving our Services (Art. 6 para. 1 lit. f) GDPR).

5. OTHER PROCESSING ACTIVITIES

In addition to the processing activities set out in Section 4 above, we may also process your personal data for the following purposes:

5.1 Data sharing and use of third-party services

Details about our sharing of your personal data with third parties are provided in Section 6 below.

5.2 Communication, customer support and feedback

We may process your personal data to communicate with you in relation to the Services or to provide customer support.

When you contact us via available communication channels (e.g., via a contact form on our website), we may process your personal data to handle your request and communicate with you accordingly in relation to your request.

For this purpose, the following categories of personal data are processed: Data provided in the contact form or in the e-mail you sent (e.g. contact details such as name, e-mail address), further information provided by you in relation to the relevant request; technical information on the client system used (browser type and version, OS, platform), timestamp.

Legal basis: The processing is necessary for the performance of the agreement on the provision of the Services that you have concluded with us (Art. 6 para. 1 lit. b) GDPR), or for the purpose of fulfilling the legitimate interests pursued by us (Art. 6 para. 1 lit. f) GDPR). Our legitimate interests are: providing the best possible service for our customers by appropriately answering and processing our customers’ requests.

5.3 Security and fraud prevention

We store data concerning the requests sent to our IT-systems for security purposes, i.e. to be able to trace attacks on our platforms. We store this data, namely the time and date of the request and the IP address from which it originated, for a period of 7 days and then delete the IP addresses and supplemental data stored with it in relation to a specific request.

The legal basis for the processing and subsequent storage of the IP address is a legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR, namely our interest in maintaining the operability of our IT systems by identifying attacks thereon and by collecting the required data to be able to pursue legal actions against the people behind the attacks.

5.4 Legal Compliance

We may process certain categories of the personal data referred to above (e.g., records of any consents that you have given, together with the date and time, as well as content and means of consent) to comply with applicable laws, directives, recommendations, or requests from regulatory bodies (e.g., requests to disclose personal data to courts or regulatory bodies, including the police).

Legal basis: Such processing may be necessary: (i) for compliance with a legal obligation to which we are subject (Art. 6 para. 1 lit. c) GDPR); or (ii) for the purpose of our legitimate interests (Art. 6 para. 1 lit. f) GDPR). Our legitimate interests are: ensuring our compliance with applicable legal obligations.

5.5 Legal Proceedings and Investigations

We may process certain categories of the personal data referred to above to assess, enforce and defend our rights and interests.

Legal basis: The processing is necessary for the purpose of the legitimate interests pursued by us (Art. 6 para. 1 lit. f) GDPR), namely for protecting our interests and enforcing our rights.

6. RECIPIENTS OF PERSONAL DATA; THIRD PARTY SERVICES USED

6.1 Internal data processing

We restrict any access to your personal data to those individuals of our company that have a need to know to fulfil their respective job responsibilities.

6.2 Third Party Recipients

Service providers acting as data processors – We may disclose your personal data to certain third parties, whether affiliated or unaffiliated, that process such data as our service providers on our behalf under appropriate instructions as processors and as necessary for the respective processing purposes (Art. 28 (3) GDPR). These processors are subject to contractual obligations requiring them to implement appropriate technical and organisational security measures, to safeguard the personal data and to process the personal data only in accordance with our instructions. Our service providers include:

• The service provider for the technical infrastructure used for the provision of the Services, which are:
• Amazon Web Services, Inc., having its registered office at 410 Terry Ave. N., Seattle, WA 98109-5210, United States ("AWS"): We have concluded a data processing agreement with AWS which contains the EU standard contractual clauses on international data transfers. The processing agreement can be found under the following URL: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf;
• CCloudflare, Inc., having its registered office at 101 Townsend St., San Francisco, CA 94107, United States:We have concluded a data processing agreement with Cloudflare, Inc. which contains the EU standard contractual clauses on international data transfers. The processing agreement can be found under the following URL: https://www.cloudflare.com/cloudflare-customer-dpa/;
• Heroku, Inc., having its registered office at Salesforce Tower, 415 Mission Street, Suite 300, San Francisco, CA 94105, United States; We have concluded a data processing agreement with Heroko, Inc. which contains the EU standard contractual clauses on international data transfers. The processing agreement can be found under the following URL: https://www.salesforce.com/en-us/wp-content/uploads/sites/4/documents/legal/Agreements/data-processing-addendum.pdf;
• Google Cloud EMEA Limited, having its registered office at 70 Sir John Rogerson’s Quay, Dublin 2, Ireland ("Google Cloud"): We have concluded a data processing agreement with Google Cloud which contains the EU standard contractual clauses on international data transfers. The processing agreement can be found under the following URL: https://cloud.google.com/terms/data-processing-addendum;
• InfluxData Inc., having its registered office at 548 Market St., PMB 77953, San Francisco, CA 94104, United States: We have concluded a data processing agreement with InfluxData Inc. which contains the EU standard contractual clauses on international data transfers. The processing agreement template can be found under the following URL: https://assets.ctfassets.net/o7xu9whrs0u9/3opmhyb0Q6IEVM9UJOZYxr/8b0b5e95fb0b84c1e081883dd3960305/InfluxData_DPA_Rev2.0_June_2023.pdf
• The service provider for conversion tracking in relation to the monetization which is Voluum, Commerce Media Tech sp. z o.o., having its registered office at ul. Lubicz 17G, 31-503 Kraków, Poland.

The respective service provider is responsible for the technical and organisational aspects of the provision of the Services, as well as for keeping the Services operational.

Otherwise, no data will be passed on to third parties, unless we are legally obliged to do so by mandatory legal provisions, particularly to supervisory authorities or law enforcement agencies.

7. CROSS-BORDER DATA TRANSFER

Unless explicitly specified otherwise herein, all data processing as described herein takes place within the European Union and the United States as we transfer your personal data to the service providers located there, as mentioned in Section 6 of this Data Protection Information. Data will only be transferred to the United States if this is necessary for the performance of a contractual obligation, is required by law or if you have given us your consent.

he European Commission has certified certain third countries, inter alia the United States, as having data protection standards comparable to those of the European Union through so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en).

Where data recipients are based outside the European Union in a country for which the European Commission has not yet made an adequacy decision, we have concluded contracts based on the EU standard contractual clauses for international data transfer in order to ensure the required safeguards for the personal data when it is transferred to and processed outside the European Union.

See Section 6 for further details for each data recipient.

8. DATA RETENTION

Your personal data is stored by us and/or our service providers for no longer than is necessary for the purposes for which the personal data is collected as set out above.

When we no longer require your personal data for such purposes, we will erase it from our systems and/or records and/or take steps to properly anonymise it so that you can no longer be identified from it (unless we are required to retain the relevant personal data to comply with legal or regulatory obligations to which we are subject; e.g. personal data contained in contracts, communications and business letters may be subject to statutory retention requirements, which may require retention for up to 10 years).

9. DATA SECURITY

We have implemented appropriate technical and organisational security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful forms of processing.

However, as the internet is an open system, the transmission of data via the internet is not completely secure. While we constantly improve our security measures in line with technical developments and to ensure an appropriate level of security for any of your personal data that we process, we cannot guarantee the security of your data transmitted to us using the internet.

10. YOUR RIGHTS

10.1 Overview

Where data processing is based on your consent, you may withdraw your consent at any time.

You have the right to obtain access to your personal data (Art. 15 GDPR), to have incorrect personal data rectified (Art. 16 GDPR), to have your personal data erased (Art. 17 GDPR), to have the processing of your personal data restricted (Art. 18 GDPR), to data portability (Art. 20 GDPR) and to object to the processing of your personal data (Art. 21 para. 1 and para. 2 GDPR).

You also have the right to lodge a complaint with the competent data protection authority (Art. 77 GDPR).

Please note that, in order to respond to your enquiries in accordance with legal requirements, we must be able to clearly identify you. Therefore, when submitting your enquiry, please provide us with your individual UID. You can view your UID via these links, depending on the Services you are using:

• AdsKiller: https://api.killadsapi.com/uid
• AdBlock360: https://update.adblock360.org/uid
• Privacy Adblocker: https://api.privacy-protector-adblocker.com/uid
• YouTube™ AdBlocker: https://api.freevideoguard.org/uid
• Ultimate Ad Eraser: https://api.ultimateaderaser.com/uid
• Blocksly: https://api.blocksly.org/uid
• Awesome Blocker: https://api.awesomeblocker.com/uid
• Video Adblocker: https://api.vid-adblocker.com/uid
• VideoAdBlocker: https://api.noadsnow.com/uid
• Browse Keeper: https://api.browsekeeper.com/uid
• AdsFight: https://api.adsfight.com/uid

Please also note that these rights could be subject to certain limitations under applicable local data protection laws. In particular, please note that we do not maintain user accounts or do not always generate UIDs and thus may be unable to establish an unambiguous link between your request and the data stored on our systems. In this case, your rights under Art. 15 to Art. 20 GDPR (sections 10.3 to 10.7 below) may be restricted pursuant to Art. 11 para. 2 GDPR.

10.2 Withdrawal of consent

Where we process your personal data based on yourconsent, you have the right to withdraw your consent at any time (Art. 7 para. 3 GDPR). The withdrawal of your consent will not affect the lawfulness of processing based on such consent before its withdrawal.

10.3 Right of access

You have the right to obtain from us confirmation as to whether personal data concerning you is processed, and, where that is the case, to request access to the personal data and certain additional information. Such information includes – inter alia – the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipients to whom the personal data has been or will be disclosed. However, please note that where the interests of other individuals are affected your right of access may be restricted in this regard.

You have the right to obtain a copy of the personal data undergoing processing. For further copies requested by you, we may charge a reasonable fee based on administrative costs.

10.4 Right to rectification

You have the right to obtain from us the rectification of inaccurate personal data concerning you. Subject to the relevant purposes of the processing, you may have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

10.5 Right to erasure ("right to be forgotten")

Under certain circumstances, you have the right to obtain from us the erasure of personal data concerning you and we may have the obligation to erase such personal data.

10.6 Right to restriction of processing

Under certain circumstances, you have the right to obtain from us restriction of processing your personal data. In this case, the respective data will be flagged accordingly and may only be processed by us for certain purposes.

10.7 Right to data portability

Under certain circumstances, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and you may have the right to transmit this data to another controller without hindrance from us.

10.8 Right to object

Under certain circumstances and where the processing is based on legitimate interests (Art. 6 para. 1 lit. f GDPR), you have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us. We will then cease to process your personal data based on legitimate interests, unless we can demonstrate in accordance with the GDPR that our interests in continuing the processing outweigh your interests in the termination of the processing.Furthermore, where your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling, to the extent that it is related to such direct marketing. In this case your personal data will no longer processed for such purposes by us.

11. AUTOMATED DECISION MAKING, INCLUDING PROFILING

We do not make any decisions based on algorithms or other automated processing that have significant consequences for you.

12. UPDATES

This Data Protection Information may be amended or updated from time to time to reflect changes in our processing of personal data, or changes in applicable law. We encourage you to read this Data Protection Information carefully, and to regularly review any changes we might make in accordance with the terms of this Data Protection Information.

We will publish the updated Data Protection Information on our websites and on the website where the web browser extensions can be downloaded. The date of the last update is mentioned below at the end of this Data Protection Information.

Last updated: September 2025