Device — the device used by the Visitor to access the Website (computer, tablet, mobile, etc.).
DPO — the Data Protection Officer of Wallester (email: dpo@wallester.com).
GDPR — General Data Protection Regulation — the legislation governing the processing of personal data in the European Economic Area.
Visitor — the natural person (i.e. human) who accesses the Materials on the Website.
Visitor Data — the Visitor’s personal data covered by this Privacy Policy.
Wallester — Wallester AS, the owner of the Website and data controller regarding the Visitor Data.
Wallester Service — services provided by Wallester to its clients, such as Wallester Business and Wallester White-Label.
Website — Wallester’s public website (wallester.com).
Privacy Policy
This Privacy Policy covers the processing of personal data for Website Visitors.
This Privacy Policy does not apply to personal data processed whilst providing Wallester Services. Such processing is governed by the client agreements between Wallester and its clients.
The data controller of the Visitor Data is Wallester AS, a company established under the laws of Estonia, registration number 11812882, address Ahtri 6, 10151, Tallinn, Estonia.
Please send any enquiries regarding this Privacy Policy to: dpo@wallester.com.
1. Definitions of personal data processing
This Privacy Policy covers the processing of the Visitor’s personal data by Wallester, defined as follows:
Personal Data — means information relating to a natural person who is identified or identifiable.
Information — means any data relating to a natural person, such as name, date of birth, address, place of work, etc.
Natural person — refers to a living individual, excluding companies and other legal entities.
Identifiable — means that information refers to a person either:
- directly — e.g. the data includes the person’s identification code or
- indirectly — e.g. the IP address of a computer can be traced to a person by combining it with additional data.
Processing — means any operation performed on personal data. In the context of this Privacy Policy, this includes collecting Visitor Data, storing it on Wallester’s servers, using the data for the purpose for which it was collected, and subsequently erasing it.
2. Personal data we collect
We collect visitor data as follows:
- cookies — are placed on the Visitor’s device in accordance with the consent granted by the Visitor,
- contact forms — the personal data the Visitor submits via contact forms on the Website.
2.1. Cookies
Cookies are small data files stored on your device when you access the website. Standard across the internet, this technology enables us to remember your preferences and analyse your activity on the site.
The two main types of cookies are:
- essential — also known as strictly necessary cookies, are required for the website to function properly and do not require Visitor consent in accordance with the law,
- non-essential cookies — serve various functions, such as enhancing the Visitor’s browsing experience, providing Wallester with data to optimise the Website, and delivering targeted advertisements. These cookies are stored on the Device only with the Visitor’s prior consent.
The Cookie Policy details the different types of cookies used on the Website.
For clarity, cookies identify only the IP address of the Device used to visit the Website, not the person using it (the Visitor). Identifying the Visitor requires combining cookie data with other sources. Wallester does not identify Visitors based on cookie data.
2.2. Contact forms
Visitors can use the website’s contact forms to communicate with Wallester, for example, to submit a request to become a client. To respond to these enquiries, we require the Visitor’s contact details, such as name, telephone number, email address, and company information.
If the Visitor submits personal data regarding third parties to Wallester via the website contact forms, the Visitor must ensure that such disclosure is authorised by law.
3. Purposes of personal data processing
The Cookie Policy details the purpose of each cookie type.
The purpose of processing personal data submitted via the Website’s contact forms is to manage Visitor requests (e.g. becoming a Wallester client) and respond to enquiries.
Wallester may use Visitor Data for profiling to:
- better understand its potential clients to optimise Wallester Services and communication,
- assess the suitability of a potential client to use Wallester Services.
Wallester does not make decisions based solely on automated processing that affect the Visitor’s rights. Visitor Data provided via contact forms on the Website may be used to automatically assess the suitability of potential clients (companies).
4. Legal basis for processing personal data
In the case of cookies, Visitor Data is processed on the following legal basis:
- essential cookies — legitimate interest (GDPR Art. 6(1) (f)),
- non-essential cookies — the Visitor’s consent (GDPR Art. 6.1 (a)).
The Visitor Data submitted via contact forms on the Website is processed on the following legal basis:
- the Visitor’s consent (GDPR Art. 6.1(a)) — applies to all Visitor Data submitted via the contact forms,
- for the performance of a contract (GDPR Art. 6.1(b)) — applies where Visitor Data forms part of a request to start using Wallester Services,
- Legitimate interest (GDPR Art. 6.1(f)) — if communication initiated via the contact form gives rise to the possibility of claims against Wallester, relevant Visitor Data is retained for as long as necessary to defend against potential claims.
More than one legal basis for personal data processing may apply to the same set of data, either simultaneously or in succession. For example, personal data is often retained for a period after a contractual relationship ends to ensure defence against possible claims in connection with the past contractual relationship.
5. Personal data retention periods
Wallester adheres to the principle that personal data must not be retained longer than necessary to fulfil the purpose for which it was collected.
As an exception to the above, Wallester retains personal data for a longer period if mandatory under applicable law, erasing it immediately thereafter.
6. Who we share your personal data with
Wallester processes Visitor Data obtained via the Website solely for Wallester’s own business purposes.
Wallester does not collect Visitor Data via the Website to sell or share with third parties for profit.
Wallester shares Visitor Data with third parties in the circumstances listed below.
6.1. Partners
Wallester may make Visitor Data available to third parties who:
- assist Wallester in processing Visitor Data (e.g. analytics or marketing service providers) or
- otherwise require the Visitor Data to safeguard Wallester’s interests (e.g. business or legal consultants).
In all such instances, Wallester determines how Visitor Data is processed (acting as the Data Controller), and third parties process Visitor Data solely in accordance with Wallester’s instructions (acting as Data Processors).
Please direct requests regarding data processor details to the DPO.
6.2. Third-party cookies
As a specific instance of sharing Visitor Data with partners, the Website places certain third-party cookies on the Visitor’s Device, provided the Visitor has granted prior consent. Where third-party cookies are used, data regarding the Visitor’s activities on the Website is transmitted directly to the third party placing the cookie. These cookies are utilised to deliver personalised advertisements, connect to social media platforms, and similar functions.
The third-party cookies placed on the Device are listed in the Cookie Policy.
6.3. Legal obligations
Wallester shares Visitor Data with state institutions and other bodies not in a contractual relationship with Wallester only under the following conditions:
- sharing personal data is mandatory under applicable law,
- the submitted request complies fully with applicable law,
- no more personal data is disclosed than is mandatory in accordance with applicable law.
7. The Visitor’s rights
The Visitor has the following rights regarding Visitor Data processed by Wallester:
Right to be informed — Wallester provides the Visitor with clear and transparent information regarding data processing activities. This Privacy Policy is the primary source for this information; please direct any further queries to the DPO.
Right of access — the Visitor has the right to request the following information from Wallester regarding the Visitor Data processed by Wallester: (a) which personal data is processed, and (b) the conditions under which the processing takes place. Additionally, the Visitor has the right to request a copy of the aforementioned Visitor Data.
Right to rectification — if the Visitor Data processed by Wallester includes inaccuracies or is incomplete, the Visitor has the right to request that Wallester rectifies these errors.
Right to erasure — the Visitor has the right to request the erasure of Visitor Data by Wallester where there is no legal basis for processing.
Right to restriction of processing — the Visitor has the right to request that Wallester restricts the processing of Visitor Data, unless explicitly permitted by applicable law, where any of the following applies: (a) the Visitor contests the accuracy of the Visitor Data; (b) the processing is unlawful, but the Visitor opposes the erasure of the relevant Visitor Data; © Wallester no longer requires the Visitor Data, but the Visitor needs it for the establishment, exercise, or defence of legal claims; (d) the Visitor has objected to the processing of Visitor Data in accordance with the section below.
Right to object — the Visitor has the right to object to the processing of Visitor Data by Wallester if (a) the sole legal basis for processing the Visitor Data is Wallester’s legitimate interest, which is outweighed by the Visitor’s particular situation, or (b) where the Visitor Data is used for direct marketing purposes.
Right to data portability — the Visitor has the right to request a copy of Visitor Data from Wallester in a structured, commonly used, and machine-readable format, provided Wallester processes the relevant data by automated means.
To exercise the rights listed above or request further information, please contact the DPO.
8. Complaints
If the Visitor believes that Wallester has breached their rights regarding the processing of Personal Data, the Visitor is encouraged to contact the DPO in the first instance.
Additionally, the Visitor has the right to lodge a complaint with a supervisory authority, particularly in the EEA member state of their habitual residence, place of work, or the place of the alleged infringement.
9. Miscellaneous
If a Visitor submits personal data regarding other individuals via the Website contact forms, the rights set out in this Privacy Policy apply to those persons whose data is processed by Wallester.
The original language of this Privacy Policy is English. In the event of any discrepancy between the English version and its translations, the English version shall prevail.
Wallester may update this Privacy Policy from time to time. The current version of the Privacy Policy is published on the Website.
