Wemply privacy policy

Definitions

In order for you to better understand our privacy policy, we will explain the main data protection terms we use here.

GDPR means the General Data Protection Regulation (EU) 2016/679), implementation of which started on 25 May 2018 and which is directly applicable in all European Union member states.

Personal data means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, by a name, an identification number, location data, an online identifier or by one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Controller means the entity that decides why and how the personal data is processed.

Processor means the entity that processes personal data on behalf of the controller.

This privacy policy applies to the processing of personal data if: you use Wemply's services as a representative of our client on behalf of the client; you are a representative or contact person of our client or other business partner; you simply request information through our online environment or via email.

1. Controller of the personal data

Wemply OÜ

Registry code: 14261247

Address: Silgu 8-1, Tallinn, Estonia 13516

E-mail: info@wemply.com

2. Which type of data we collect and from which sources?

As stated above, Wemply is a B2B company, so we use your personal data primarily to communicate with the client for the purpose of providing services. Therefore, the processing of your personal data is based on our legitimate interest - you are the representative through which our customer communicates with us and vice versa.

When using our services, you will usually provide us with the following data: Your first and last name, e-mail address, geographical area, position in the company (i.e. with our client), language preferences. You may provide this information by registering as a user of our services, using our services through the web or a mobile application, giving us feedback or leaving us a message to contact you or otherwise by contacting us.

We assume that such information is for professional and business use/communication and does not include private contact information.

Data collected automatically: When you use our services as a user or visit our website, we may automatically store certain information about your device using various technologies, such as cookies and web beacons. The information collected automatically may include: IP addresses (to determine the user's location), information about browsers and the user's device, browsing activity on various sites, pages or other content you view or interact with while using our service, dates and times of visit, access or use of our service.

Data from public sources: We may also obtain information (including personal information) from public sources, such as business registers, the Internet, and third parties, such as credit registers, to analyze client background and credit information.

Data collected by the clients of Wemply: When using our services, our clients (i.e. the company you represent / work for) upload and process various data (including personal data of their employees, customers, business partners, etc.) through our services and platform. In this case, the personal data is under the control of our client and Wemply processes the personal data only for the purpose and to the extent necessary to provide the services to the customer. In this case, Wemply acts as a data processor in accordance with the data processing agreement entered into with the client.

3. What are the purposes and legal basis for processing of your personal data?

As explained above, we use your data primarily to provide the services that the client you represent has ordered from us and to communicate with the client you represent or on whose behalf you use our services. We therefore use your data for (i) business (service management, maintenance, feature enhancement, client communication), (ii) business development (analysis of usage statistics, preferences, new service and product development trends), (iii) marketing (news and offers related to our services and products).

The legal basis for the processing of data by Wemply for the above purposes is our legitimate interest - we must communicate with the legal entity and if you act as the client's representative, we assume that there is a balance of interests and we do not conflict with your interests, rights and freedoms. Where the processing of personal data is based on a legitimate interest, the data subject shall always have the right to object to such processing. When filing an objection, we will notify our client by asking to provide us a new contact person or otherwise comment on your objection.

In connection with your work or area of ​​responsibility, we may sometimes send you direct marketing offers and notices, for example, if your employer is our client or if you have previously subscribed to our services as a representative of your company. Such direct marketing activities are also based on Wemply's legitimate interest. If you receive such direct marketing messages from us, you always have the right to opt out by clicking the opt-out link at the end of the message.

4. With whom we may share your data?

In Wemply, your personal data is only available to those employees who need the data to perform their duties (on need-to-know basis). Outside of Wemply, we may share your data with the following persons to the extent necessary in the following cases:

Service providers: Your data may be accessible by the persons providing services to us and processing your data on our behalf (data processors) and to the extent needed to perform such services. These include, for example, data hosting and backup service providers; accounting, billing, support and analytics software providers; development and marketing service providers.

Public authorities and state institutions (e.g. police, data protection authorities): we will only disclose your data when and to the extent we are legally obliged to do so.

Professional advisors: we may need to share your data with our professional advisors, such as auditors, attorneys.

Third parties in connection with Wemply´s transactions: We may share your data with third parties in connection with Wemply's transactions, for example in connection with the sale of Wemply's shares or its assets to other persons. Also in the context of the creation of a joint venture, merger or other restructuring.

As a general rule, we do not store or transfer your personal data outside the European Economic Area. However, if such transfer is necessary, we will comply with the requirements set out in Chapter 5 of the GDPR.

5. How long do we retain your data?

We will keep your data for as long as is necessary for the processing described in this privacy policy and to comply with the statutory requirements: we keep user account data as long as the client is an active user of our services and for 6 months after that; we are required by law to retain invoicing data and the underlying documents for 7 years; we keep our backups for 24 months; we retain information about legal transactions between us and our client during the statutory limitation period for civil claims (3 years, 10 years in the case of willful misconduct) so that we can defend ourselves against any legal claims and make legal claims in our defense.

In addition, we may process data in an aggregated or anonymous format, for example for analytical and statistical purposes, and to improve and develop our services. If you would like to know more about the storage of your personal data, please send an inquiry to the e-mail address provided in Section 1 of the privacy policy.

6. What are your rights in connection with your data?

Right of access - You have the right to know what data we collect about you, for what purpose we process it, to whom we disclose the data, how long we store the data and what your rights are in terms of restricting, correcting, deleting and processing you personal data. In order to respond to your request, we must first identify you to prevent the information from being shared with unauthorized persons. We have the right to respond to your request within 30 days.

Right of rectification – you have the right to require corrections to your personal data in case they are inaccurate or incomplete.

Right to data deletion – you have the right under certain conditions to request the deletion of your personal data including in situations where the processing of your personal data is no longer necessary for the purposes for which it was collected, or if the processing of your personal data was based on your consent and you wish to withdraw your consent, and there are no other grounds for processing your personal data.

Right to restrict processing – you have the right under certain circumstances to forbid or restrict the processing of your personal data for a certain period (e.g. when you have submitted an objection concerning data processing).

Right to object – You have the right to object to data processing which is based on our legitimate interest. Wemply will stop processing your personal data upon such objection, unless we can demonstrate compelling legitimate grounds for the processing or processing is needed for the establishment, exercise, or defense of legal claims. You also have the right to object at any time to processing of your personal data for direct marketing. Upon receiving such objection, we shall stop processing your personal data for direct marketing.

Right to data portability – In case processing the personal data is based on your consent or on a contract between Wemply and you and data is processed automatically, you have the right to access data concerning you which you have given to us in a structured, generally usable and in machine readable form. You also have the right to ask Wemply to send such data directly to another service provider if that is technically possible (that means the other service provider is capable of receiving the data in the forwarded format).

If you wish to exercise any of the above rights, please contact us at the e-mail address provided in Section 1 of the privacy policy.

For the sake of clarity, the provisions of this Section 6 do not apply to personal data that Wemply processes on behalf of its clients, for example, data that a client enters into our online software using Wemply's services. In this case, the personal data is controlled by the client and managed according to client´s privacy terms. Hence, all data subject´s request related to such data should be made to Wemply´s client liable for uploading and storage of such data into the service.

7. The right to submit a complaint to the supervisory authority and the court

If you would like further information regarding your personal data or the exercise of your rights, please contact us at the e-mail address provided in section 1 of the privacy policy.

If you find that the processing of your personal data violates the requirements of the GDPR, you have the right to apply to the supervisory authority or a court to protect your rights and interests.