Legal

Privacy Policy

Last updated: 23 May 2026

Who we are

This privacy policy describes how Yolko Media Ltd ("Yolko Media", "we", "us", or "our") collects, uses and protects personal data when you visit yolkomedia.com or engage with us as a traffic, agency or advertising partner.

For the purposes of the EU General Data Protection Regulation (GDPR) and the Maltese Data Protection Act, Yolko Media Ltd is the data controller of the personal data described in this policy.

Registered address: Yolko Media Ltd, 86 Main Street, St. Julian's STJ 1015, Malta.

What we collect

We collect the following categories of personal data:

  • Contact information — name, email address, company name, phone number, role and country, where you send these to us via email or a partner form.
  • Partner due-diligence information — company registration details, certificates, billing address and bank details, where required by anti-money-laundering regulations to which we are subject.
  • Communications — the content of emails, messages and meeting notes you exchange with us.
  • Technical information — IP address, browser type and version, operating system, referring URL, pages visited, time and date of visit, and similar diagnostics collected automatically when you use our website.
  • Campaign & tracking data — click identifiers, conversion events and aggregated performance metrics associated with traffic and campaigns you operate or fund through us.

We do not deliberately collect "special category" data (e.g. data revealing racial or ethnic origin, religious beliefs, health or biometric data). Please do not submit such data to us unless we have specifically asked for it.

How we use your data

We use personal data to:

  • Operate, maintain and improve our website and services.
  • Respond to enquiries and provide information you have requested.
  • Negotiate, agree and perform contracts with traffic, agency and advertising partners (including issuing Insertion Orders, reconciling spend and paying invoices).
  • Comply with our legal obligations, including those relating to anti-money-laundering (AML), counter-terrorism financing (CFT), tax and accounting.
  • Detect, investigate and prevent fraud, abuse and security incidents.
  • Send service-related and, where you have opted in, marketing communications.
  • Analyse aggregated traffic to understand how our site and campaigns perform.

Under the GDPR, we rely on one or more of the following legal bases when processing your personal data:

  • Performance of a contract — where processing is necessary to enter into or perform a partner agreement with you.
  • Legitimate interests — where processing is necessary for our legitimate interests in running, securing and growing the business, provided those interests are not overridden by your rights.
  • Legal obligation — where processing is necessary to comply with laws applicable to us, including AML/CFT, tax and accounting regulations.
  • Consent — where you have given us your specific consent (for example, to receive marketing emails or to set non-essential cookies). You can withdraw consent at any time.

Cookies & tracking

Our website uses a small number of cookies and similar technologies. These fall into the following categories:

  • Strictly necessary cookies required for the site to function (for example, to remember your cookie preferences).
  • Analytics cookies that help us understand how visitors use the site in aggregate. We only set these with your consent.
  • Campaign & tracking cookies used in connection with partner campaigns, again only with your consent or where set by partners through their own platforms.

You can control non-essential cookies through the cookie banner shown on your first visit, and you can clear or block cookies at any time via your browser settings.

Sharing your data

We do not sell your personal data. We may share it with:

  • Service providers who process data on our behalf under written agreements — for example hosting, email, accounting, analytics and identity-verification providers.
  • Partners where strictly necessary to operate a campaign or reconcile billing under a signed Insertion Order or Service Level Agreement.
  • Professional advisers such as lawyers, auditors and accountants.
  • Regulators and law enforcement where we are required to do so by law, or where disclosure is necessary to protect our rights or those of others.
  • Successors in the event of a merger, acquisition or restructuring of Yolko Media Ltd.

International transfers

Some of our service providers are based outside the European Economic Area (EEA). Where we transfer personal data outside the EEA, we use appropriate safeguards such as the European Commission's Standard Contractual Clauses, adequacy decisions or other lawful mechanisms permitted by the GDPR.

Data retention

We retain personal data only for as long as is necessary for the purposes set out in this policy and to comply with our legal obligations. In practice:

  • Partner records, contracts, invoices and AML/KYC documentation are retained for the period required by applicable Maltese tax, accounting and AML legislation (typically a minimum of five years after the end of the business relationship).
  • Enquiry emails are kept for as long as needed to handle the enquiry and a reasonable period afterwards.
  • Website logs and analytics data are kept in identifiable form for a limited period and then anonymised or deleted.

Security

We apply organisational and technical measures designed to protect personal data against unauthorised access, alteration, disclosure or destruction. These measures include access controls, encrypted transport (HTTPS) for our website, and contractual controls on third-party processors. No system is perfectly secure, but we take this responsibility seriously and review our controls regularly.

Your rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your data ("right to be forgotten") where one of the legal grounds applies.
  • Restrict or object to certain processing, including direct marketing.
  • Port data you have provided to us to another controller in a structured, commonly used, machine-readable format.
  • Withdraw consent at any time, where we are relying on consent to process your data.
  • Lodge a complaint with the Office of the Information and Data Protection Commissioner in Malta (idpc.org.mt) or another EU supervisory authority.

To exercise any of these rights, email us at [email protected]. We will respond within the timeframes required by the GDPR.

Children's privacy

Our services are intended for businesses and adult professionals. We do not knowingly collect personal data from children under the age of 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

Changes to this policy

We may update this policy from time to time to reflect changes to our practices or applicable law. We will post the updated version on this page and update the "Last updated" date at the top. Where changes are material, we will notify you by reasonable means.

Contact us

If you have questions about this privacy policy or how we handle your personal data, please contact us at:

Yolko Media Ltd
86 Main Street
St. Julian's STJ 1015
Malta
[email protected]