Privacy Policy

This Privacy Policy (hereinafter: Policy) contains general principles of personal data processing, including the information Wallester AS (hereinafter: Wallester) collects about you, what we do with it, and when we disclose it to third parties. Specific details on the personal data processing might be also included in agreements entered or to be entered between you and Wallester and are reflected in the Wallester app (hereinafter: App) and/or on our website business.wallester.com (hereinafter: Website).

Wallester ensures, within the framework of applicable law, the confidentiality of your personal data. For this purpose, Wallester has implemented appropriate technical and organizational measures to protect your personal data and provide transparent data protection rules.

Wallester has the right to improve or make changes to this Policy regularly and at any time. Wallester will inform you about any changes in the App and/or on the Website, as well personally.

1. Your Personal Data

1.1 What personal data does Wallester collect about me?

The personal data Wallester collects and processes includes the following:

Personal Data — your personal details and contact data, including full name, date of birth, personal identification code, citizenship, residency, residential address, tax residency, e-mail address, mobile phone number, occupation, identification document data, photo and/or video footage which you have forwarded to Wallester for the purpose of identifying yourself.

Due Diligence Data — Data that Wallester collects for the purpose of conducting due diligence under applicable anti-money laundering laws from you and appropriate databases.

Transaction and Payment Card Data — Details of any transfers made to and from Payment Account, including the name and account number of the payer and the payee, the date, time, currency, amount and explanation of the transaction, merchants’ and ATMs’ locations, payment card’s number, cardholder name, the expiry date of payment card and the CVV number of payment card.

Device Data — Information regarding the device on which you are using the App and/or Website, including the device’s model, name, or any other identifier and the IP address of the network from which you are using the App and/or the Website, including location information.

Preference Data — Your preferences in the App and/or on the Website (language preferences, transaction limits, etc).

Customer Support Data — Communication between you and Wallester customer support (telephone conversations, emails, and chats).

Other Data — Other data not listed above, generated as a result of using the App and/or the Website.

1.2 What are Wallester’s legal purposes and basis for using my personal data?

Compliance Purposes — to perform any obligation under applicable laws, including the obligation to:

  • avoid money laundering, terrorist financing, and fraud;
  • ensure the fulfilment of international financial sanctions;
  • ensure the security of payment services;
  • provide tax authorities data as required under tax information exchange laws;
  • comply with the lawful inquiries and orders of public authorities Wallester is obliged to cooperate with under applicable laws, such as courts, bailiffs, trustees in bankruptcy, the police, financial supervisory authorities, financial intelligence units, tax authorities, etc;
  • other financial institutions Wallester is obliged to cooperate with under applicable laws, including, upon your prior authorization, payment information service providers and payment initiation service providers.

Contractual Purposes — to perform or enter into an agreement between you and Wallester.

Fraud Monitoring Purposes — to monitor and prevent payment fraud.

Analytical Purposes — to gain a better understanding of the preferences of Wallester’s customers and the way customers interact with the App and/or the Website.

Marketing Purposes — to provide you with marketing offers of Wallester’s services and additional features.

Wallester collects and processes your personal data on the following legal basis:

Contractual compliance — we need certain personal data to provide our services and cannot provide them without this personal data.

Legal obligations — in some cases, we have a legal responsibility to collect and store your personal data (for example, under anti-money laundering laws we must hold certain information about our customers).

Legitimate interests — we sometimes collect and use your personal data or share it with other organizations and/or institutions, since we have a legitimate reason to use it, which is reasonable when balanced against your right to privacy.

Consent — an agreement in which you have consented to the processing of your personal data (for example, marketing purposes, etc.).

1.3 Does Wallester process my personal data for profiling or automated decision-making?

Wallester does not process your personal data for automated decision-making. Wallester is, however, obliged under law to assess the risk of money laundering, terrorist financing, and fraud associated with you and your transactions. This assessment is partly conducted by automated means and involves profiling. If Wallester makes an automated decision about you, you will have the right to ask to review it manually by a person.

2. Your Rights

2.1 What are my rights?

In connection with the processing of your personal data, you have the following rights:

Right to Information — you have the right to receive the information provided in this Policy. The valid version of this Policy will be available in the App and/or on the Website at any given time.

Right to Access — you have the right to ask Wallester to provide you with a copy of your personal data processed by Wallester.

Right to Rectification — you have the right to ask Wallester to rectify your personal data in case the data is incorrect or incomplete.

Right to Erasure — you have the right to ask Wallester to delete your personal data unless Wallester is obliged to continue processing your personal data under the law or under the agreement between you and Wallester, or in case Wallester has other lawful grounds for the continued processing of your personal data. Wallester will, in any case, delete your personal data as soon as it no longer has lawful grounds for processing your personal data.

Right to Restriction — you have the right to ask Wallester to restrict the processing of your personal data in case the data is incorrect or incomplete, or in case your personal data is processed unlawfully.

Right to Data Portability — you have the right to ask Wallester to provide you or, in case it is technically feasible, a third party, your personal data provided by yourself to Wallester and processed in accordance with your consent or under the agreement between you and Wallester.

Right to Object — you have the right to object to processing your personal data in case you believe Wallester has no lawful grounds for processing your personal data. For any processing conducted in accordance with your consent, you can always withdraw your consent.

Right to File Complaints — you have the right to file complaints regarding processing your personal data.

2.2 How do I exercise my rights?

To exercise any of your rights established in the previous section, you may contact us by email at [email protected]. For security reasons, we can’t deal with your request if we are not sure of your identity, so we have the right to ask you for proof of your ID.

Wallester will make its best efforts to respond to your application within 1 week. Under GDPR art 12 (3) Wallester must respond to your application within 1 month. In case it is necessary due to the number and complexity of applications filed with Wallester, Wallester may, under GDPR art 12 (3), also respond to your application within 3 months.

3. Wallester and Your Personal Data

3.1 Does Wallester share my personal data with anyone else?

Upon processing your personal data, Wallester may share elements of your personal data with the following third parties:

  • Public authorities and other financial institutions — Wallester is obliged to disclose your personal data to under the law;
  • Server hosts — hosting Wallester’s servers;
  • Payment processors and payment network operators — processing your transactions;
  • Identification service providers — helping Wallester to verify your identity and acquire Due Diligence Data;
  • Payment Card manufacturers — manufacturing your payment card;
  • Communication service providers — facilitating the emails, calls, SMS messages, and other communication between you and Wallester;
  • Couriers — helping Wallester to deliver letters (e.g. letters with your payment card and PIN codes) to you;
  • Other parties — involved with the provision of Wallester’s services.

The partners listed above may be located within and outside of the European Economic Area.

3.2 How does Wallester protect my personal data?

We use a variety of physical and technical measures to keep your personal data safe and prevent unauthorized access to your personal data, its use and disclosure. Electronic data and databases are stored on secure computer systems with information access control using both physical and electronic means. Our staff receives data protection and information security training. We have detailed security, IT infrastructure use, and data protection policies based on the need-to-know and less-privileged access principles. Wallester staff are required to follow the policies when handling your personal data.

We encrypt personal data, deploy firewalls, intrusion detection, and prevention systems to ensure that all your personal data is confidential and safe. While we take all reasonable steps to ensure that your personal data will be kept secure from unauthorized access, we cannot guarantee it will be secure during transmission by you to our App, to the Website, or other services. We use HTTPS (HTTP Secure) with encrypted communication protocol for the Wallester App, the Website, and the payment-processing services. We regularly test our system and review applicable policies to make sure that our IT safety measures are one step ahead of any threat.

If you use a password for the Wallester App and/or the Website, you will need to keep this password confidential according to terms of the Client Agreement. Please do not share it with anyone.

3.3 How long will Wallester keep my personal data for?

According to anti-money laundering laws or with regard to Tax Residency Data under relevant tax information exchange laws, we generally keep your personal data for 5 years from the end of the financial year when the relationship between you and Wallester was terminated and your payment account was closed. Upon Estonian Financial Intelligence Unit request, this period may be extended up to another 5 years. Such a period may be longer, as it may be required by applicable local laws, for example, the transaction data stored by Wallester for 8 years from the end of the financial year when the relationship between you and Wallester was terminated and your payment account was closed. We may keep your personal data for longer due to a potential or ongoing court claim or another legal reason.

After the periods stipulated in this Section above, Wallester will delete your personal data.

3.4 Does Wallester use cookies on Wallester Website?

Wallester uses cookies to analyze the way you use our website. Please refer to the Cookies Policy for more information about cookies.

3.5 Who is the data controller of my personal data?

The data controller of your personal data is Wallester AS, a company established under the laws of Estonia, registry code 11812882, address F. R. Kreutzwaldi 4, 10120, Tallinn, Estonia.

In case you have inquiries, requests, or complaints regarding the processing of your personal data, you may forward them to [email protected].

In case you have complaints regarding the processing of your personal data, you may file them with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) or the Data Protection Authority of the state of your permanent residence.

Appendix 1 of the Privacy Policy

Special personal data use cases

1. Introduction

1.1 This Appendix 1 of the Privacy Policy provides detailed descriptions of certain use cases of the Clients’ personal data in course of providing the Wallester Service. The purpose of this Appendix 1 is to:

1.1.1 assure that the Clients have complete overview regarding the processing of their personal data by Wallester, incl. more complicated use cases where abstract descriptions may not provide full clarity,

1.1.2 to fulfil requirements of the external parties involved in provision of the Wallester Service who from time to time may request that detailed personal data processing descriptions are provided regarding the personal data processing that concerns their role regarding provision of the Wallester Service.

1.2 The detailed descriptions of the personal data use cases in this Appendix 1 only serve to further clarify the personal data processing principles provided in the main Privacy Policy document. The Appendix 1 does not provide additional personal data processing principles compared to what is included in the main Privacy Policy document.

2. Client-to-client payments via mobile apps

2.1 If the Client initiates a client-to-client payment within the Wallester Service via the mobile app, then the Client may be provided with the option to use the contact book of the mobile device to find the beneficiary’s phone number. If the Client uses this option, then, in addition to the universal set of data required to carry out any client-to-client payment (e.g., beneficiary’s name, beneficiary’s phone number, payment amount, payment description), the contact data in the contact book of the mobile device is processed to find the beneficiary’s phone number.

2.2 The contact data from the contact book of the mobile device is processed only locally in the mobile device to copy the beneficiary’s phone number to the mobile app. No other personal data from the contact book of the mobile device is stored in the app nor is it forwarded to Wallester.

2.3 Depending on the rules of the app store through which the mobile app is provided, the Client’s prior approval may be requested before this feature can be used. Such approval can be withdrawn via the respective menu in the device’s operation system later.

Device — the device used by the Visitor to access the Website (computer, tablet, phone etc.).

DPO — the data protection officer of Wallester (e-mail: [email protected]).

GDPR — General Data Protection Regulation — the legal act that sets the rules for processing of personal data in the European Economic Area.

Visitor — the natural person (i.e., human) who accesses the Materials on the Website.

Visitor Data — the personal data of the Visitor that is covered by this Privacy Policy.

Wallester — Wallester AS, the owner of the Website and data controller regarding the Visitor Data.

Wallester Service — services that Wallester provides to its clients, such as Wallester Business and Wallester White Label.

Website — this public website of Wallester (business.wallester.com).