← Back to all policies

Walleexer s.r.o.
Data Protection Policy

Effective Date: 01/07/2025
Version: 1.0

1. Introduction

Walleexer s.r.o. (ID: 179 89 124, Perštýně 342/1, Old Town, 110 00, Prague, Czech Republic) acts as the Data Controller for personal data collected from users in the European Union and EEA through our website, apps, and services. This Data Protection Policy outlines how we collect, use, store, and protect your personal data, as well as your rights under the General Data Protection Regulation (GDPR) and related laws.

2. Principles of Data Processing

  • We process personal data only when necessary and on a lawful basis.
  • Data is collected directly from users, automatically through our website/app, and from third-party partners (e.g., banks, KYC/AML providers).
  • Processing is limited to what is necessary for the functioning of our website, apps, and services.

3. Categories of Data Collected

  • General personal data: full name, sex, personal ID, date of birth, nationality, citizenship, location.
  • Biometric data: facial images, face scans, photos/videos with identity documents.
  • Identity document data: document type, issuing country, number, expiry date, MRZ, barcode data, security features.
  • Banking details: cardholder name, expiry, partial card numbers, source of funds documentation.
  • Contact details: address, email, phone number, IP address.
  • Technical information: IP, browser type/version, OS, time zone, activity logs, device info, geolocation.
  • Publicly available data: PEP status, sanctions lists.
  • Unique identifiers: Applicant ID for internal association of user data.

4. Legal Basis for Processing

  • Contract performance: creating/managing accounts, providing services, customer support.
  • Legal obligations: AML/CFT compliance, age restrictions, regulatory reporting, responding to authorities.
  • Legitimate interests: fraud prevention, security, analytics, service improvement, marketing effectiveness.
  • Consent: marketing communications, personalization, biometric processing for KYC/AML, targeted advertising.

5. Automated Processing and Decision-Making

  • Automated systems may be used for account opening, KYC/AML, identity checks, fraud detection, and monitoring.
  • Where only legal obligations or legitimate interests apply, you have the right to request a manual review of automated decisions.

6. Cookies and Tracking Technologies

  • We use session, persistent, first-party, third-party, necessary, authentication, analytics, advertisement, and functional cookies.
  • Cookies are used for usability, analytics, personalization, and security.
  • Analytics and advertising cookies require your consent; you can manage cookie preferences via browser/device settings.

7. Data Sharing and Transfers

  • Personal data may be shared with partners, KYC providers, and service providers, usually as Data Processors under contract.
  • Data may be disclosed to authorities or in case of legal obligations, fraud investigations, or business transfers.
  • All personal data is stored and processed within the EU/EEA and not transferred to countries without adequate data protection.

8. Data Subject Rights

You have the right to:

  • Access and obtain a copy of your personal data.
  • Rectify inaccurate or incomplete data.
  • Request erasure (subject to legal/regulatory exceptions).
  • Restrict processing under certain conditions.
  • Data portability in a machine-readable format.
  • Object to processing (except where overriding legitimate grounds exist).
  • Withdraw consent at any time.
  • Request a manual review of automated decisions.
  • Lodge a complaint with the Czech Data Protection Authority (ÚOOÚ).

9. Data Retention

  • Personal data is stored only as long as necessary for the relevant purpose, legal requirements, or potential litigation.
  • For regulated activities (e.g., KYC/AML), data may be retained for up to ten years after the end of the client relationship.
  • Data is deleted or anonymized when no longer required.

10. Security Measures

  • We implement technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or disclosure.
  • While we strive to secure your data, internet transmission cannot be guaranteed as fully secure.

11. Policy Updates

  • We reserve the right to amend this policy at any time. Updates will be posted on our website and take effect upon publication.
  • Continued use of our services indicates acceptance of changes.

12. Contact Information

For questions, requests, or complaints regarding data protection, contact:

  • Email: privacy@walleexer.com
  • Mail: Data Protection Officer, Walleexer s.r.o, Perštýně 342/1, 110 00, Prague, Czech Republic

This policy is based on the current Privacy Policy and Cookie Policy of Walleexer s.r.o. and is compliant with GDPR and Czech law.