RESÈT

Privacy Policy

Last updated: April 4, 2026

This Privacy Policy describes how MB Elzee group, registered at Balčikonio g. 3, Vilnius, Lithuania("Company," "we," "us," or "our"), collects, uses, stores, and protects personal data in connection with the RESÈT Affiliate Program Platform ("Platform") at https://affiliate.resethomecare.com.

We are committed to protecting your personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR") and applicable Lithuanian data protection legislation.

1. Data Controller

The data controller responsible for your personal data is:

MB Elzee group
Balčikonio g. 3
Vilnius, Lithuania
Email: info@resethomecare.com
Phone: +37067617797

Data Protection Officer (DPO): info@resethomecare.com

2. Personal Data We Collect

2.1. Data Provided by You

  • Application data: full name, email address, social media handles (Instagram, TikTok, YouTube), and biographical information.
  • Profile data: updates to your name, social accounts, and bio after enrollment.
  • Financial data: bank name, account holder name, IBAN, and SWIFT/BIC code for commission payouts.
  • Content submissions: images, videos, and reels you upload as UGC, along with titles and descriptions.

2.2. Data Collected Automatically

  • Authentication data: email address used for magic link sign-in, session tokens, and authentication timestamps.
  • Click tracking data: when end-users click your affiliate links, we collect hashed IP addresses (SHA-256, truncated and non-reversible), user agent strings, referrer URLs, and timestamps.
  • Order attribution data: Shopify order IDs, order totals, discount codes used, and order timestamps — solely for commission calculation.
  • Platform usage data: pages visited, features used, and interaction timestamps within the affiliate dashboard.

2.3. Data from Third Parties

  • Shopify: order and discount code usage data via webhooks for commission attribution.
  • Meta (Facebook/Instagram): ad performance metrics (impressions, clicks, spend, conversions) for UGC content promoted through Meta Ads.
  • Supabase: authentication provider processing your sign-in requests.

3. Legal Basis for Processing

We process your personal data on the following legal bases under GDPR Article 6(1):

  • Contract performance (Art. 6(1)(b)): processing necessary for the performance of the Affiliate Program agreement — including account management, commission calculation, payouts, and content submissions.
  • Legitimate interest (Art. 6(1)(f)): fraud prevention, platform security, analytics for program improvement, and click tracking for accurate commission attribution.
  • Legal obligation (Art. 6(1)(c)): tax reporting, accounting records, and compliance with applicable financial regulations.
  • Consent (Art. 6(1)(a)): where explicitly obtained, such as for marketing communications. You may withdraw consent at any time without affecting the lawfulness of prior processing.

4. How We Use Your Data

  • Processing and evaluating your affiliate application.
  • Managing your affiliate account and dashboard access.
  • Tracking clicks, referrals, and sales for accurate commission attribution.
  • Calculating, confirming, and processing commission payouts.
  • Reviewing, approving, and distributing your submitted UGC content.
  • Creating and managing Meta Ads featuring your UGC content.
  • Detecting and preventing fraud, self-referrals, and policy violations.
  • Communicating program updates, policy changes, and account notifications.
  • Complying with tax, accounting, and legal obligations.
  • Improving the Platform, analyzing performance, and developing new features.

5. Data Sharing and Third-Party Processors

We may share your personal data with the following categories of recipients:

  • Supabase Inc. — database hosting and authentication services (servers in EU/US).
  • Shopify Inc. — e-commerce platform for order tracking and discount code management.
  • Meta Platforms, Inc. — advertising platform for UGC ad campaigns. Your submitted content (including name attribution) may appear in Meta Ads.
  • Vercel Inc. — website hosting and deployment.
  • Payment providers — for processing commission payouts to your bank account.
  • Professional advisors — accountants, auditors, and legal counsel as required.
  • Regulatory authorities — where required by law, court order, or government regulation.

We do not sell your personal data. All third-party processors are bound by data processing agreements compliant with GDPR Article 28.

6. International Data Transfers

Some of our processors operate outside the European Economic Area (EEA). Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, including:

  • EU Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Adequacy decisions by the European Commission (where applicable).
  • The EU-U.S. Data Privacy Framework (where certified by the recipient).

7. Data Retention

  • Active account data: retained for the duration of your participation in the Program plus 6 months after termination.
  • Financial records: retained for 10 years after the last transaction, as required by Lithuanian tax and accounting legislation.
  • Click tracking data: IP hashes and user agents are retained for 12 months, then automatically deleted.
  • UGC content: retained indefinitely under the perpetual license granted in the Terms of Service, unless you request deletion and the content is not actively used in advertising.
  • Rejected applications: retained for 6 months, then deleted.

8. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of access (Art. 15): obtain a copy of your personal data and information about how it is processed.
  • Right to rectification (Art. 16): correct inaccurate or incomplete personal data via your profile or by contacting us.
  • Right to erasure (Art. 17): request deletion of your personal data, subject to legal retention requirements and the content license in the Terms of Service.
  • Right to restriction (Art. 18): restrict processing in certain circumstances, such as during a dispute about data accuracy.
  • Right to data portability (Art. 20): receive your personal data in a structured, machine-readable format.
  • Right to object (Art. 21): object to processing based on legitimate interest, including profiling.
  • Right to withdraw consent (Art. 7(3)): where processing is based on consent, withdraw at any time.
  • Right to lodge a complaint: file a complaint with the State Data Protection Inspectorate of Lithuania (Valstybinė duomenų apsaugos inspekcija, vdai.lrv.lt).

To exercise any of these rights, contact us at info@resethomecare.com. We will respond within 30 days.

9. Cookies and Tracking Technologies

The Platform uses the following cookies:

  • Authentication cookies: session cookies set by Supabase for maintaining your logged-in state. Strictly necessary.
  • Affiliate attribution cookie (__affiliate_ref): set when an end-user clicks an affiliate link. Contains only the discount code (no personal data). Expires after 30 days. Used for commission attribution.

We do not use third-party advertising or analytics cookies on the affiliate Platform.

10. Security Measures

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS) and at rest.
  • IP address hashing (SHA-256, truncated) — we never store raw IP addresses.
  • Role-based access control with strict admin/affiliate separation.
  • Supabase Row Level Security (RLS) ensuring affiliates can only access their own data.
  • Secure magic link authentication (no passwords stored).
  • Regular security reviews and dependency updates.

11. Children's Privacy

The Platform is not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a person under 18, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or a prominent notice on the Platform at least 14 days before taking effect. Continued use of the Platform after the effective date constitutes acceptance.

13. Contact

For privacy-related inquiries, data subject requests, or complaints:

MB Elzee group
Data Protection Officer
Balčikonio g. 3
Vilnius, Lithuania
Email: info@resethomecare.com
Phone: +37067617797