Device — the device used by the Visitor to access the Website (computer, tablet, mobile phone, etc.).
DPO — the data protection officer of Wallester (email: dpo@wallester.com).
GDPR — General Data Protection Regulation — the legal act that sets the rules for the processing of personal data in the European Economic Area.
Visitor — the natural person (i.e. human) who accesses the Materials on the Website.
Visitor Data — the personal data of the Visitor that is covered by this Privacy Policy.
Wallester — Wallester AS, the owner of the Website and data controller regarding the Visitor Data.
Wallester Service — services that Wallester provides to its clients, such as Wallester Business and Wallester White‑Label.
Website — this public website of Wallester (business.wallester.com).
Privacy Policy — Main
This Privacy Policy (hereinafter: Policy) outlines the general principles of personal data processing, including the information Wallester AS (hereinafter: Wallester) collects about you, how we use it, and when we disclose it to third parties. Specific details regarding personal data processing may also be included in agreements entered into or to be entered into between you and Wallester, and are reflected in the Wallester app (hereinafter: App) and/or on our website wallester.com/business (hereinafter: Website).
Wallester ensures, within the framework of applicable law, the confidentiality of your personal data. For this purpose, Wallester has implemented appropriate technical and organisational measures to protect your personal data and provide transparent data protection rules.
Wallester reserves the right to update or amend this Policy at any time. Wallester will notify you of any changes via the App and/or the Website, as well as directly. The personal data Wallester collects and processes includes the following: Personal Data — your personal details and contact data, including full name, date of birth, personal identification code, citizenship, residency, residential address, tax residency, email address, mobile phone number, occupation, identification document data, and photo and/or video footage that you have submitted to Wallester to verify your identity. Due Diligence Data — Data Wallester collects from you and appropriate databases to conduct due diligence under applicable anti-money laundering laws. Transaction and Payment Card Data — Details of any transfers made to and from a Payment Account, including the name and account number of the payer and the payee, the date, time, currency, amount and explanation of the transaction, merchant and ATM locations, payment card number, cardholder name, payment card expiry date and CVV number. Device Data — Information regarding the device you use to access the App and/or Website, including the device’s model, name, or any other identifier, and the IP address of the network from which you access the App and/or Website, including location information. Preference Data — Your preferences in the App and/or on the Website (language preferences, transaction limits, etc.) Customer Support Data — Communication between you and Wallester customer support (telephone conversations, emails and chats) Other Data — Other data not listed above, generated as a result of using the App and/or the Website. Compliance Purposes — to perform any obligation under applicable laws, including the obligation to: Contractual Purposes — to perform or enter into an agreement between you and Wallester. Fraud Monitoring Purposes — to monitor and prevent payment fraud. Analytical Purposes — to better understand the preferences of Wallester’s customers and how they interact with the App and/or the Website. Marketing Purposes — to provide you with marketing offers for Wallester’s services and additional features. Wallester collects and processes your personal data on the following legal basis: Contractual compliance — we require certain personal data to provide our services and cannot do so without it. Legal obligations — in some cases, we have a legal responsibility to collect and store your personal data (for example, under anti-money laundering laws we must hold certain information about our customers). Legitimate interests — we sometimes collect and use your personal data or share it with other organisations and/or institutions, since we have a legitimate reason to use it, which is reasonable when balanced against your right to privacy. Consent — an agreement in which you have consented to the processing of your personal data (for example, for marketing purposes). Wallester does not process your personal data for automated decision-making. Wallester is, however, legally obliged to assess the risk of money laundering, terrorist financing and fraud associated with you and your transactions. This assessment is partly conducted by automated means and involves profiling. If Wallester makes an automated decision about you, you have the right to request a manual review by a person. In connection with the processing of your personal data, you have the following rights: Right to Information — you have the right to receive the information provided in this Policy. The valid version of this Policy will be available in the App and/or on the Website at any given time. Right to Access — you have the right to ask Wallester to provide you with a copy of your personal data processed by Wallester. Right to Rectification — you have the right to ask Wallester to rectify your personal data if the data is incorrect or incomplete. Right to Erasure — you have the right to ask Wallester to delete your personal data unless Wallester is obliged to continue processing it by law or under your agreement with Wallester, or if Wallester has other lawful grounds for continued processing. Wallester will, in any case, delete your personal data as soon as it no longer has lawful grounds to process it. Right to Restriction — you have the right to ask Wallester to restrict the processing of your personal data if the data is incorrect or incomplete, or if your personal data is processed unlawfully. Right to Data Portability — you have the right to ask Wallester to provide you or, where technically feasible, a third party, with the personal data you have supplied to Wallester, which is processed in accordance with your consent or under the agreement between you and Wallester Right to Object — you have the right to object to the processing of your personal data if you believe Wallester has no lawful grounds to process it. For any processing conducted in accordance with your consent, you can always withdraw your consent. Right to File Complaints — you have the right to file complaints regarding the processing of your personal data. To exercise any of your rights established in the previous section, you may contact us by email at dpo@wallester.com. For security reasons, we cannot process your request if we are unsure of your identity, so we reserve the right to request proof of ID. Wallester will make its best efforts to respond to your application within 1 week. Under GDPR Article 12(3), Wallester must respond to your application within 1 month. Where necessary due to the number and complexity of applications submitted, Wallester may, under GDPR Article 12(3), respond to your application within 3 months. When processing your personal data, Wallester may share elements of your personal data with the following third parties: The partners listed above may be located within and outside the European Economic Area. We use a variety of physical and technical measures to keep your personal data safe and prevent its unauthorised access, use and disclosure. Electronic data and databases are stored on secure computer systems with information access control using both physical and electronic means. Our staff receive data protection and information security training. We maintain detailed security, IT infrastructure use and data protection policies based on need-to-know and least-privileged access principles. Wallester staff are required to follow these policies when handling your personal data. We encrypt personal data, deploy firewalls, intrusion detection and prevention systems to ensure that all your personal data is confidential and safe. While we take all reasonable steps to ensure that your personal data will be kept secure from unauthorised access, we cannot guarantee it will be secure during transmission by you to our App, to the Website or other services. We use HTTPS (HTTP Secure) with encrypted communication protocol for the Wallester App, the Website and the payment-processing services. We regularly test our system and review applicable policies to ensure that our IT security measures are one step ahead of any threat. If you use a password for the Wallester App and/or the Website, you must keep this password confidential in accordance with the terms of the Client Agreement. Please do not share it with anyone. In accordance with anti-money laundering laws or regarding Tax Residency Data under relevant tax information exchange laws, we generally keep your personal data for 5 years from the end of the financial year in which the relationship between you and Wallester was terminated and your payment account was closed. At the request of the Estonian Financial Intelligence Unit, this period may be extended by up to another 5 years. This period may be longer if required by applicable local laws; for example, Wallester stores transaction data for 8 years from the end of the financial year in which the relationship between you and Wallester was terminated and your payment account was closed. We may keep your personal data for longer due to a potential or ongoing legal claim or another legal reason. After the periods stipulated in this Section above, Wallester will delete your personal data. Wallester uses cookies to analyse the way you use our website. Please refer to the Cookies Policy for more information about cookies. The data controller of your personal data is Wallester AS, a company established under the laws of Estonia with registry code 11812882, registered at Ahtri 6, 10151, Tallinn, Estonia. If you have any enquiries, requests or complaints regarding the processing of your personal data, you may forward them to dpo@wallester.com. If you have complaints regarding the processing of your personal data, you may file them with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) or the Data Protection Authority in your country of permanent residence. Appendix 1 of the Privacy Policy 1.1 This Appendix 1 of the Privacy Policy provides detailed descriptions of certain use cases of the Clients’ personal data in the course of providing the Wallester Service. The purpose of this Appendix 1 is to: 1.1.1 ensure that Clients have a complete overview regarding the processing of their personal data by Wallester, including more complex use cases where abstract descriptions may not provide full clarity, 1.1.2 to fulfil the requirements of external parties involved in the provision of the Wallester Service, who may from time to time request detailed descriptions of the personal data processing relevant to their role 1.2 The detailed descriptions of personal data use cases in Appendix 1 serve only to further clarify the personal data processing principles provided in the main Privacy Policy document. Appendix 1 does not introduce any additional personal data processing principles beyond those included in the main Privacy Policy document. 2.1 If the Client initiates a client-to-client payment within the Wallester Service via the mobile app, they may be offered the option to use their mobile device’s contact book to find the beneficiary’s phone number. If the Client uses this option, in addition to the standard data required to process any client-to-client payment (e.g., beneficiary’s name, beneficiary’s phone number, payment amount, and payment description), the contact data in the mobile device’s contact book is processed to locate the beneficiary’s phone number. 2.2 The contact data from the mobile device’s address book is processed only locally on the device to copy the beneficiary’s phone number to the mobile app. No other personal data from the address book is stored in the app, nor is it forwarded to Wallester. 2.3 Depending on the rules of the app store through which the mobile app is provided, the Client’s prior approval may be requested before this feature can be used. Such approval can later be withdrawn via the relevant menu in the device’s operating system.1. Your Personal Data
1.1 What personal data does Wallester collect about me?
1.2 What are Wallester’s legal purposes and basis for using my personal data?
1.3 Does Wallester process my personal data for profiling or automated decision-making?
2. Your Rights
2.1 What are my rights?
2.2 How do I exercise my rights?
3. Wallester and Your Personal Data
3.1 Does Wallester share my personal data with anyone else?
3.2 How does Wallester protect my personal data?
3.3 How long will Wallester keep my personal data?
3.4 Does Wallester use cookies on the Wallester Website?
3.5 Who is the data controller of my personal data?
Special personal data use cases
1. Introduction
2. Client-to-client payments via mobile apps
