Sign up
Legal · Version 1.0

Privacy Policy

Last updated: 16 June 2026 · Registered office: Mercury Digital Limitada, San José, Costa Rica

This Privacy Policy explains how Mercury Digital Limitada (“Mercury Digital Limitada”, the “Company”, “we”, “us” or “our”), which operates the Carin Partners affiliate programme (the “Programme”), collects, uses, discloses and protects your personal data, and your rights in relation to it. Please read it together with our Terms and Conditions. In this Policy, “you” and “your” refer to the affiliate or applicant using the Programme.

01General

1.1 Your privacy is important to us. This Policy sets out what personal data we collect, why and how we process it, with whom we may share it, how long we keep it, and the rights available to you. Where you do not provide personal data we request, we may be unable to provide the Programme or certain aspects of it.

1.2 For the purposes of the GDPR and other applicable data protection laws, the Company is the data controller in respect of the personal data described in this Policy.

02Personal Data We Collect

2.1 We collect and process the following categories of personal data. This list is not exhaustive, and we may request or collect further information where necessary and lawful:

  • Identification data — such as your name, date of birth, tax or registration number, and information from identity documents.
  • Contact data — such as your postal address, email address and telephone number.
  • Account and entity data — such as your company details, beneficial ownership and authorised representatives where you are an entity.
  • Financial and payment data — such as your payment-method details, account numbers, invoices, and records of payments made to you.
  • Technical and usage data — such as your IP address, device and browser type, operating system, time-zone and location data, and information about your use of the Programme website (including pages viewed, clickstream, and interaction data).
  • Marketing and communications data — such as your preferences and records of communications with us.

2.2 We use the personal data you provide to create and administer your Affiliate Account and to operate the Programme, as well as for security, compliance and marketing purposes.

03Legal Bases and Purposes for Processing

3.1 We process your personal data where one or more of the following legal bases applies: (i) the processing is necessary to enter into or perform our agreement with you; (ii) the processing is necessary to comply with our legal obligations; (iii) the processing is necessary for our legitimate interests or those of a third party, provided these are not overridden by your rights; and/or (iv) you have given your consent.

3.2 We process personal data principally for the following purposes:

  • to operate the Programme and provide our services to you;
  • to verify your identity and carry out due-diligence, fraud-prevention, anti-money-laundering and risk-management checks;
  • to calculate and pay commission and to maintain accurate records;
  • to send administrative and service communications, including changes to our terms or policies;
  • to send marketing communications where permitted, from which you may opt out at any time;
  • to comply with our legal and regulatory obligations and to respond to requests from competent authorities; and
  • to establish, exercise or defend legal claims and otherwise protect our legitimate interests.

04Retention Period

4.1 We retain personal data only for as long as necessary for the purposes for which it was collected, taking into account our contractual relationship with you, our legitimate interests, and our legal and regulatory obligations (including those relating to anti-money laundering, tax and accounting). When personal data is no longer required, we will securely delete or anonymise it.

05International Transfers

5.1 We operate internationally, and your personal data may be transferred to, stored in, or processed in countries outside the European Economic Area (EEA), including in connection with the operation of the Programme, our contractual obligations, our legal obligations and our legitimate interests.

5.2 Where we transfer personal data outside the EEA, we implement appropriate safeguards as required by the GDPR and other Applicable Laws, such as the European Commission’s standard contractual clauses or transfers to jurisdictions recognised as providing an adequate level of protection.

06Your Rights

6.1 Subject to and in accordance with applicable data protection laws, you have the following rights in respect of your personal data:

6.1.1 Right of access

To obtain confirmation of, and a copy of, the personal data we hold about you.

6.1.2 Right to rectification

To have inaccurate or incomplete personal data corrected.

6.1.3 Right to erasure

To have your personal data deleted, except where we are required or entitled to retain it on another legal basis.

6.1.4 Right to restriction

To request that we restrict the processing of your personal data in certain circumstances.

6.1.5 Right to object

To object to processing based on our legitimate interests, and to object to automated decision-making where applicable.

6.1.6 Right to data portability

To receive certain personal data in a structured, commonly used and machine-readable format, and to have it transmitted to another controller.

6.1.7 Right to withdraw consent

To withdraw any consent you have given, without affecting the lawfulness of processing before withdrawal.

6.2 To exercise your rights, please contact us using the details in Section 11. We will respond within one (1) month, which we may extend by up to two (2) further months where necessary, taking into account the complexity and number of requests. Where a request is manifestly unfounded or excessive, in particular because it is repetitive, we may charge a reasonable fee or decline to act.

07Third Parties and Disclosure

7.1 We do not sell your personal data. We may share your personal data only as described in this Policy and only with appropriate safeguards in place. We may disclose your personal data to:

  • our Group Companies, irrespective of their location;
  • service providers acting on our behalf under written agreement, such as IT, hosting and cloud providers, identity-verification and due-diligence providers, payment processors, analytics and marketing-support providers;
  • the operators of the brands you wish to promote, where relevant to the Programme; and
  • governmental, regulatory, tax or law-enforcement authorities where required by Applicable Laws or to protect our rights.

7.2 Our website may contain links to third-party resources that we do not control. We are not responsible for the privacy practices of such third parties, and we encourage you to review their privacy policies.

08Cookies and Similar Technologies

8.1 When you use the Programme website, we and selected third parties may place cookies and similar technologies on your device. Cookies help us operate, secure and improve the website and understand how it is used.

8.2 We use the following categories of cookies:

8.2.1 Strictly necessary cookies

Required to operate the website and provide the services you request; consent is not required for these.

8.2.2 Performance and analytics cookies

Help us understand how the website is used so that we can improve it.

8.2.3 Functionality cookies

Remember your choices and preferences, such as language and location.

8.2.4 Targeting and advertising cookies

May be used by us or by third parties to deliver relevant advertising.

8.3 Session cookies remain on your device only until you close your browser, while persistent cookies remain until they expire or you delete them. You can manage cookies through your browser or device settings; disabling certain cookies may affect the functionality of the website.

09Security

9.1 We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, and unauthorised disclosure or access. However, no system is completely secure, and we cannot guarantee the security of data transmitted to or stored outside our systems.

9.2 You are responsible for keeping your account credentials confidential and for using the Programme securely. You should change your credentials periodically and notify us immediately of any suspected unauthorised access.

10Marketing Preferences

10.1 Where we send you marketing communications, you may opt out at any time by following the unsubscribe link in the relevant communication or by contacting us. Administrative and service-related communications that are necessary to provide the Programme are not subject to opt-out.

11Contact and Complaints

11.1 If you have any questions, comments or requests regarding this Policy or your personal data, please contact us at partners@carinbet.com (marked “ATTN: Data Protection”) or by post at Mercury Digital Limitada, Ofident Building, Office 3, Costa Rican North American Cultural Center, 200M North and 50M East, San Pedro, Barrio Dent, San José, Costa Rica.

11.2 If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority. We ask that you first raise your concerns with us so that we may seek to resolve them.

12Changes to this Policy

12.1 We may update this Policy from time to time. The updated version will be posted on the Programme website, and where the changes are material we will provide a prominent notice. Your continued use of the Programme after an update constitutes acceptance of the revised Policy. This Policy was written in English; where a translated version conflicts with the English version, the English version prevails.