Privacy Policy
Last Updated: 17.02.2024
INTRODUCTION
Welcome to our Wishpicks.com service!
The website https://wishpicks.com is owned by the individual entrepreneur Anton Sushchevskyi («Owner», «we»), who is responsible for processing your personal data during your use of the Website.
In this Privacy Policy («Policy»), we would like to inform you about all the details of collecting and processing your personal data, as your privacy is very important to us, and we strive to protect the individuals who visit our Website and use its features.
Therefore, this Policy describes how we process your personal data when you visit our Website, create wishlists, view, and reserve gifts in other users' wishlists (together — «Service»).
TABLE OF CONTENT
In Which Cases Do We Collect Personal Data?
DISCLOSURE OF DATA TO THIRD-PARTY SERVICE PROVIDERS
PERSONAL DATA RETENTION PERIODS
When processing your personal data in the situations described in this Policy, the individual entrepreneur Sushchevskyi Anton acts as the personal data controller according to the Law of Ukraine «On Personal Data Protection»:
Our email: support@wishpicks.com
You may be a visitor, user, or potential partner of the Website:
● You are a visitor of the Website if you browse the Website and provide us with your personal data through cookies, contact us via online chat or messengers (such as Telegram), email, our social media accounts (like Instagram), subscribe to our Telegram channel and comment on news there, or fill out online forms on the Website (including subscribing to newsletters);
● You are a user if you have registered an account on our Website and use it to create wishlists, view and reserve gifts from other users' wishlists, contact us about the Service through online chat or messengers (such as Telegram), email, our social media accounts (like Instagram), subscribe to our Telegram channel and comment on news there, or fill out online forms on the Website (including subscribing to newsletters, or leaving feedback about our Service through the feedback form, on our social media pages, or in the comments of the Telegram channel).
You can also act as an anonymous user if you do not register an account using your email (or alternative methods using services like Google, Facebook), which does not prevent you from using the Service: in this case, data about your actions while using the Service will be stored anonymously, and in case of later registration — will be transferred to your account.
● You are a potential partner if you contact us regarding collaboration and commercial activities in any convenient way.
We ask you to carefully review this Policy to understand our approach to processing your personal data.
The definitions used in this Policy are according to the Law of Ukraine "On Personal Data Protection" (hereinafter referred to as «the Law»), including:
● «controller» — a natural or legal person who determines the purpose of personal data processing, establishes the composition of this data, and the procedures for their processing;
● «processor» — a natural or legal person who is authorized by the controller of personal data or by law to process these data on behalf of the controller;
● «data subject» — a natural person whose personal data is processed;
● «personal data» means information or a set of information about a natural person who is identified or can be specifically identified (for example, name, email, address, etc.);
● «processing» — any action or set of actions, such as collection, registration, accumulation, storage, adaptation, modification, updating, use and dissemination (distribution, sale, transfer), anonymization, destruction of personal data, including using information (automated) systems;
● «Law» — Law of Ukraine «On Personal Data Protection».
We receive your personal data when you visit our Website and interact with it. The extent of data collected depends on your actions on the Website.
We may also (though not necessarily) receive data from third parties (external service providers). This depends on your browser settings, your consent to use cookies, and the actions you perform on the Website.
The law provides an exclusive list of legal grounds that allow us to process your personal data. We rely only on four of them, namely:
● Consent (par. 1 of part 1 of Art. 11 of the Law)
We collect information that you choose to provide to us and process it with your consent (for example, the use of analytical cookies). You can revoke your consent to process personal data at any time by sending us an email at support@wishpicks.com or by contacting us in any other convenient way.
Please remember that revoking consent does NOT mean that the data processing that took place BEFORE the revocation is considered illegal.
● Legitimate Interest (par. 6 of part 1 of Art. 11 of the Law)
We process your personal data to protect our legitimate interests, which include: ensuring the security and functionality of our Website; improving the Website; email newsletters in cases where you have a potential interest in receiving news from us about the Service, selections of products available on the Website.
We collect and use only those data that are strictly necessary for achieving these goals and do not infringe on your fundamental rights and freedoms.
● Performance of a Contract (par. 3 of part 1 of Art. 11 of the Law)
When you provide us with personal data for registration on our Website and for creating wish lists, booking gifts in other users' wish lists, this may be considered as a request to enter into a contract (agreement) between you and us. However, in case of any doubts, we may ask you to provide consent for such data processing.
● Legal Obligation (par. 5 of part 1 of Art. 11 of the Law)
We process your personal data to fulfill our legal obligations, such as compliance with tax or other legislative requirements.
We collect your personal data if you:
● visit our Website;
● register your account on the Website, create wish lists, book gifts in other users' wish lists using our Website;
● contact us via online chat, email, Telegram channel, or our social media accounts;
● fill out online forms on the Website;
● subscribe to newsletters;
● seek assistance;
● leave reviews and comments;
● voluntarily provide your personal data, including in any other cases on the Website when you consciously decide to share your personal data.
As the Controller of Your Personal Data, We:
● Do NOT sell your data;
● Do NOT use it for automated decision-making, including profiling, that has legal implications for the data subject or similarly significantly affects the data subject.
We May Collect the Following Personal Data from Visitors:
|
Type of Data |
Categories |
Purpose of Processing |
Legal basis |
|
Cookies |
Necessary cookies |
Authorization, authentication |
Performance of a contract |
|
Website security and functionality |
Legitimate interest |
||
|
Analytical cookies |
To understand website interaction (anonymously collected) |
Your consent |
|
|
Marketing cookies |
For personalized advertising and service improvement |
Your consent |
|
|
Preference cookies |
For specific website features like language selection |
Your consent |
|
|
Automatically Collected Data |
IP address, browser type and version, service logs |
Website security and functionality |
Legitimate interest |
|
Website improvement |
|||
|
Contact Information (if provided) |
Telegram or Instagram username, phone number |
Communication and response to inquiries |
Your consent |
|
|
Communication and response to inquiries |
Your consent |
|
|
Sending service-related news (marketing newsletters) |
Your consent |
||
|
Data Storage |
|||
|
Cookies |
Stored according to the terms specified in the Cookie Policy. |
||
|
Automatically collected data |
Stored for the period necessary to achieve the purposes stated in this Policy. |
||
|
Telegram/Instagram usernames, phone numbers |
Stored for 60 days from the date of inquiry |
||
|
Smails (for contact) |
Stored for 60 days from the date of inquiry |
||
|
Emails (for marketing newsletters) |
Stored until consent withdrawal |
||
You can find the complete list of cookies in the Cookie Usage Policy.
Please note that cookies and automatically collected data are gathered and processed not only for visitors but also for users, anonymous users, and potential partners, if they visit the Website.
We may collect the following personal data from Users:
|
Type of Data |
Categories |
Purpose of Processing |
Legal basis |
|
Account Data |
User ID |
For user identification |
Performance of a contract |
|
Name, surname |
For account creation, maintenance, and user identification |
Performance of a contract |
|
|
|
For account creation, maintenance, user identification |
Performance of a contract |
|
|
For sending service-related news (marketing newsletters) |
Legitimate interest |
||
|
Google, Facebook authentication tokens |
For account creation, maintenance, and user identification |
Performance of a contract |
|
|
Photo (if provided) |
For account data personalization |
Performance of a contract |
|
|
Contact Information (if provided) |
Email, Telegram or Instagram username, phone number |
For communication during user support, handling inquiries, complaints, etc. |
Legitimate interest |
|
Information provided by the user in the message (including through forms on the Website) |
|||
|
Subscription Payment Data |
Information on payment facts (processed by an external service provider) |
For providing an extended range of services |
Performance of a contract |
|
Data Storage |
|||
|
Account data |
Stored for the duration of the account's existence and 2 days after a request for its deletion |
||
|
Contact information (if provided) |
|||
|
Payment fact data |
|||
We May Collect the Following Personal Data from Anonymous Users:
|
Type of Data |
Categories |
Purpose of Processing |
Legal basis |
|
Anonymous Account Data |
Anonymous user ID |
For identification of the anonymous user |
Performance of a contract |
|
Cookies (applicable only to anonymous users) |
Necessary cookies |
For creating an access token and storing actions of the anonymous user |
Performance of a contract |
|
Data Storage |
|||
|
Anonymous account data |
Stored until the user account registration, but in any case, no longer than 1 year from the last activity of the anonymous account. |
||
|
Cookies that provide access token creation and are applicable only to anonymous users |
Stored according to the lifespan of the cookie, ensuring the creation of the access token. The storage terms of cookies are specified in the Cookie Usage Policy. |
||
We may collect the following personal data from Potential Partners:
|
Type of Data |
Categories |
Purpose of Processing |
Legal basis |
|
Contact Information |
Name, surname |
For communication regarding collaboration and commercial activities |
Your consent |
|
Company name |
|||
|
Position |
|||
|
Phone number |
|||
|
Username (if available) |
|||
|
|
|||
|
For sending news about the Service (marketing newsletters) |
Legitimate interest |
||
|
Data Storage |
|||
|
Contact details for communication – name, surname, company name, position, email, phone number, username (in social networks, messengers – if available)
|
Stored for 1 year from the last communication |
||
|
Contact details for sending news about the Service (marketing newsletters) – email
|
Stored until unsubscribing from the marketing newsletter, but not longer than 1 year from the last communication. |
||
As the data controller, we may transfer your personal data to data processors or third parties in accordance with the Law.
We may transfer your personal data for processing outside of Ukraine. In such cases, we act in accordance with the Law and ensure that the respective country provides an adequate level of data protection.
We may disclose your personal data to data processors who provide services on our behalf based on our instructions ("service providers"), if it is reasonably necessary for risk management, obtaining professional advice, and providing services.
Additionally, we may transfer and disclose your personal data to other service providers:
● Amazon RDS (Amazon.com, Inc., USA): for storing personal data and information ensuring the operation of the Website. You can review its privacy policy here;
● Amazon S3 (Amazon.com, Inc., USA): for storing media files uploaded to the Website. You can review its privacy policy here;
● AWS CloudWatch (Amazon.com, Inc., USA): for storing Website logs. You can review its privacy policy here;
● Facebook (Meta Platforms, Inc., USA): Facebook services are integrated into this Website. You can review its privacy policy here;
● GoDaddy (GoDaddy.com, LLC, USA): for email setup. You can review its privacy policy here;
● Google Ads (Google LLC, USA): for displaying personalized ads. You can read their privacy policy here;
● Google Analytics (Google LLC, USA): for analytical purposes. You can read their privacy policy here.
● Instagram (Meta Platforms, Inc., USA): Instagram services are integrated into this Website. You can review its privacy policy here;
● LiveChat (Text SA, Poland): for operating online chat on the Website. You can review its privacy policy here;
● SendGrid (Twilio, Inc., USA): for creating marketing newsletters. You can review its privacy policy here;
● Sentry.io (Functional Software, Inc., USA): for fixing technical errors in the Website's operation. You can review its privacy policy here;
● Slack (Slack Technologies, Inc., USA): for communication with contractors during Website maintenance. You can review its privacy policy here;
● Telegram (Telegram Messenger Inc, British Virgin Islands): Telegram services are integrated into this Website. You can review its privacy policy here;
Links to Third-Party Websites
This Policy applies only to this Website. We recommend reviewing the privacy policies of any websites you may access through hyperlinks. We do not control the content and policies of other websites and are not responsible for the actions of third-party websites.
As the data controller, we store and process your personal data as long as they are needed for any of the purposes defined in the section "In Which Cases Do We Collect Personal Data?" of this Policy, unless a longer retention period is required or expressly provided by law.
Data stored in a user account on our Website will be deleted 2 days after you request its deletion. During this period, you have the opportunity to change your mind and ask us not to delete your account.
You can request the deletion of your personal data using this link: I want to delete all my personal data.
Additionally, you can send us an email at support@wishpicks.com or contact us in any other convenient way for you.
Protecting the information you provide to us or that we obtain about you is our priority.
We have implemented appropriate organizational, technical, administrative, and physical security measures to ensure the ongoing security, integrity, and availability of systems and services that process your personal data. This includes mandatory two-factor authentication, TLS encryption, restricted database access (only through VPN or Bastion), and established access level separation in AWS, collectively ensuring the security of the Website and the processed data.
This section summarizes your rights under the Law of Ukraine "On Personal Data Protection".
You can exercise your rights by sending a request to the email address: support@wishpicks.com.
|
Right to be Informed (par. 1-2 of part 2 of art. 8 of the Law) |
|
● know about the sources of data collection, location of your personal data, purpose of processing, location or residence of the data controller or processor, except as provided by law; ● receive information about the conditions of access to personal data, including information about third parties who receive your personal data. |
|
Right of Access (par. 3-4 of part 2 of art. 8 of the Law) |
|
● access your personal data; ● receive a response within 30 calendar days from the request date about whether your personal data is being processed, and the content of such data. |
|
Right to Object (par. 5 of part 2 of art. 8 of the Law) |
|
● submit a reasoned demand to the data controller with objections against the processing of your personal data. |
|
Right to Rectification (par. 5 of part 2 of art. 8 of the Law) |
|
● present a reasoned demand for the modification or destruction of your personal data by any controller or processor if the data is processed unlawfully or is inaccurate. |
|
Right to File Complaints (par. 8 of part 2 of art. 8 of the Law) |
|
● lodge complaints about the processing of your personal data to the Ombudsman or to the court. |
|
Right to Legal Remedies (par. 9 of part 2 of art. 8 of the Law) |
|
● use legal remedies in case of violation of personal data protection laws. |
|
Right to Data Protection (par. 7 of part 2 of art. 8 of the Law) |
|
● protect your personal data from unlawful processing, accidental loss, destruction, damage due to deliberate concealment, failure to provide, or untimely provision, as well as from providing information that is inaccurate or defamatory. |
|
Right to Restrictions (par. 10 of part 2 of art. 8 of the Law) |
|
● make reservations about restricting the right to process your personal data when giving consent. |
|
Right to Withdraw Consent (par. 11 of part 2 of art. 8 of the Law) |
|
● withdraw consent to the processing of personal data. |
|
Rights Related to Automated Processing (par. 12-13 of part 2 of art. 8 of the Law) |
|
● know the mechanism of automated personal data processing; ● be protected from an automated decision that has legal consequences.
We do NOT use automated decision-making for profiling. |
We do not knowingly collect personal data from individuals under 18 years of age. By providing us with your personal data, you confirm that you have reached the age of 18 and have all the rights to provide us with your personal data for processing.
If you have reason to believe that personal data provided to us belongs to a person under the age of 18, please contact us at support@wishpicks.com.
We invite you to express your opinion and leave feedback on any issue related to the processing of your personal data. You can send your feedback and suggestions to this address: support@wishpicks.com.
In cases provided by the Law, you have the right to lodge complaints about the processing of your personal data with the Authorized Human Rights Representative of the Verkhovna Rada of Ukraine or to the court.
We will cooperate with the relevant authorities to resolve any complaints related to confidentiality. You can learn more about the Department for the Protection of Personal Data of the Secretariat of the Authorized Representative via the link.
We may update this Policy from time to time due to the implementation of new technologies, legislative requirements, or other reasons, by publishing a new version on our Website.
Such changes become effective immediately after publication on this Website. We recommend that you regularly review this Policy and check for any changes.
If changes significantly alter your rights or obligations, we will make reasonable efforts to notify you of these changes. For example, we might send you an email, display a pop-up message when you first visit the Website after such significant changes, or provide information in any other way.
Your continued use of our Website after the updated Policy becomes effective indicates your agreement with the new Policy terms.
You can contact us with questions regarding the processing of your personal data:
Individual Entrepreneur Anton Sushchevskyi
● Email: support@wishpicks.com.
We always encourage and highly value your feedback, any comments, and suggestions that can help improve the quality of our work.
Thank you for choosing Wishpicks!