Data protection and privacy policy

Last updated: September 10, 2024

Please read this privacy policy carefully before using Our Service.

The purpose of this data protection and privacy policy (hereinafter the “Policy”) is to explain the purposes, terms and conditions for carrying out the processing of personal data by the following company acting as data controller (hereinafter the “Data Controller”):

WIZEM, a company registered under Spanish law, registered at Barcelona.

In the context of their use of the mobile applications (hereinafter the “App”), the data controller collects and processes personal data concerning users of the App (hereinafter the “Users” or the “Data Subjects”).

The Data Controller is concerned about protecting the privacy and personal data of Data Subjects; and ensures to adopt and respect a Policy compliant with the applicable regulation.

Upon their use of the App, the Users can access this Policy at any time at the following link: https://www.wizem.xyz/privacy-policy

The Data Controller may modify this Policy at any time. The most current version applies to your visit.

1. Data Controller

Wizem is the Data Controller of personal data collected and processed concerning Users, as part of their use of the App.
The Data Controller is the person or entity (here Wizem) which determines the terms and purposes of the processing of personal data. The Data Controller takes responsibility for the processing of personal data that it implements and is the main contact for Data Subjects so that they can obtain information or assert their rights.

The Data Controller can be contacted using the contact details provided at article 10 “Contact” of this Policy.

2. Collect of personal data

2.1. Source of personal data

The Data Controller collects the personal data concerning the Users directly from the Users:

-       When they download the App,
-       When they register or log in on the App,
-       When they use the App,
-       When they reach out to the Data Controller

 Furthermore, personal data can be collected from our partners and third parties on their own behalf. You can check their privacy policy directly on their website.

 We may use third-party service providers to monitor and analyze the use of our Service such as:

Google Analytics
Their Privacy Policy can be viewed at https://policies.google.com/privacy

Firebase
Their Privacy Policy can be viewed at https://policies.google.com/privacy

We may also use Service Providers to show advertisements to you to help support and maintain our Service:

AdMob by Google
Their Privacy Policy can be viewed at https://policies.google.com/privacy

Vungle
Their Privacy Policy can be viewed at http://vungle.com/privacy/

Unity Ads
Their Privacy Policy can be viewed at https://unity3d.com/legal/privacy-policy

IronSource
Their Privacy Policy can be viewed at https://developers.is.com/ironsource-mobile/air/ironsource-mobile-privacy-policy/

Digital Turbine
Their Privacy Policy can be viewed at https://www.digitalturbine.com/privacy-policy/

Mintegral
Their Privacy Policy can be viewed at https://www.mintegral.com/en/privacy

Meta
Their Privacy Policy can be viewed at https://www.facebook.com/privacy/policy/

2.2. Compulsory nature of the provision of personal data

The provision of certain data is required in order to register and use the App.

The mandatory information to provide is indicated on the registration form by an asterisk or by the mention “required information”. Failing to provide this information, the Data Controller will not be able to provide the services and therefore registration and use of the App will not be permitted.

Other data are optional and are only processed by the Data Controller when they are communicated spontaneously by the Data Subject.

2.3. Data accuracy

The Data Controller makes its best efforts to keep the personal data of Data Subjects accurate and complete. To ensure that the data concerning them is up to date, Data Subjects can either consult and modify their profile directly on the App, or contact the Data Controller using the contact details mentioned at article 10 “Contact” of this Policy.

3. Purposes and legal basis for data processing

The Data Controller processes personal data of Data Subjects pursuant to the following legal basis and for the purposes described hereunder:

As part of the performance of a contract with the Data Subject or in order to take steps at the request of the Data Subject prior to entering into a contract:

·      the registration on the App;

·      the communication and acceptance of the terms and conditions of service and of the present Policy;

·      the provision of pursuant to the terms services and conditions of service;

·      the calculation of loyalty coins;

·      the payment of User’s reward;

·      the communication with Users, including following up on any potential complaints;

·      the administrative Users management.

As part of the Data Controller’s legal obligations:

·      the compliance with any legal or regulatory obligations to which the Data Controller may be subject, such as (without limitation) the tax declaration relating to transactions and the retention of invoices;

·      accounts keeping;

·      the prevention of money laundering, fraud terrorist financing and the fight against corruption;

·      the training of teams under the legal obligations to which the Data Controller may be subject as an employer;

·      the management of Data Subjects requests regarding their rights pursuant to the applicable data protection regulation;

·      the response to any request or order from a judicial or administrative authority.

As part of the legitimate interest pursued by the Data Controller, while respecting the rights and freedoms of the Data Subject:

·      the contacts between the Data Controller and the Users or the prospective Users who have reached out to the Data Controller (the Data Controller’s legitimate interest is to promote and improve its services by responding to questions and communications from Data Subjects);

·      the sending of newsletter, push notification and other marketing communications to existing or past Users (the Data Controller’s legitimate interest is to promote its services);

·      the provision, maintenance and improvement of the App (the Data Controller’s legitimate interest is to develop its activity and improve its services by developing commercial and marketing strategies);

·      the detection, investigation, prevention or actions regarding illegal activities, abuse, suspected fraud or situations involving potential threats to the security or rights of a person or entity (the Data Controller’s legitimate interest is to prevent fraud and prohibit any illegal activities, as well as to enforce and execute its rights);

·      the collect of proof in case of any litigation (the Data Controller’s legitimate interest is to enforce and execute its rights);

·      the protection and defense of its rights and interests before the competent courts, jurisdictions or authorities (the Data Controller’s legitimate interest is to enforce and execute its rights);

·      the training of its employees, interns, temporary workers and other agents (the Data Controller’s interest is to maintain a high level of skills and enrich the knowledge of its teams);

·      the conduct of compliance, security, accounting and/or legal audits (the Data Controller’s legitimate interest is to maintain a high level of quality and compliance with regulations, as well as developing business strategies, including in case of potential merger and acquisition operations).

 With the User’s consent:

·      In extraordinary circumstances, if the Data Controller wishes to process personal data for purposes other than those mentioned above, the Data Controller will do so on the basis of the Data Subject’s consent.

4. Categories of personal data

The Data Controller may collect and process the following categories of personal data:

·      When communicating with the Data Controller: first and last name, email, and any other information communicated spontaneously by the Data Subject.

·      When downloading the App: required information are transmitted to the app store chosen. In particular, IP address, location, date and time, time zone, mobile device identifier, advertising identifier (e.g. Google advertising ID) . you can find the stores privacy policies directly on their website.

·      When registering on the App: first and last name, email, address, or any user profile information from any third-party account with which you are connected.

 ·      In order to receive payment of payout: first and last name, bank information. The purpose is to pass this information to the external payment service provider. The payment providers are either PayPal: 2211 N 1st St, San Jose, CA, USA,  (https://www.paypal.com/us/legalhub/privacy-full), Other payment providers as required based on the platform and region. Please note that we do not process your payment data and bank account details but use external providers that handle the payments.

The App requests access to your device’s camera for security purposes. We can ask Data Subject to make a selfie in order to confirm their identity and confirm that they are not bots or create multiple accounts. This is facilitated via Facetec which help us verify the account authenticity.

 ·      For the provision of services via the App: first and last name, email.

·      For marketing communications: first and last name, email.

·      When using the App: information regarding the type of device, IP address and location, and other information. In order to detect fraud and prevent it, gaming behaviour and ip address are evaluated. If we detect a fraudulent behaviour, Data Subcject are partially or completely excluded from using the App. Usage

We collect automatically information such as IP address (including approximate location and country), exact geolocation data (including longitude and latitude), mobile device identifier, advertising identifier (e.g. Google advertising ID) or other unique identifiers, data about your operating system, device model and device language, log data.

This can be modified using your settings in your device and in the App.

5. Recipient of personal data

 The personal data collected and processed by the Data Controller may be transferred to:

·      authorized individuals among partners, employees, interns, temporary workers, mandataries and other agents of the Data Controller;

·      service providers and data processor used by the Data Controller to achieve the purposes described at article 3 of this Policy (within the limits of the data and of the processing necessary to achieve these purposes);

·      police services as well as administrative and/or judicial authorities (or in general any public bodies when the Data Controller is under a legal obligation to do so;

·      Data Controller’s insurance company, lawyers and legal advisors as needed and in order to enforce and execute its rights and protect its interests;

·      any new owner or partner in case of any merger or acquisition operation.

6. Data hosting and transfer outside the European Economic Area

The personal data collected and processed by the Data Controller are hosted by an external service provider.
As an entity based in the European Economic Area (hereinafter the “EEA”), the Data Controller must comply with GDPR standard.
If the personal data, for which the Data Controller is responsible, is transferred outside the EEA (for instance to a service provider or data processor), where the GDPR is not applicable, in order to ensure a data protection equivalent to that offered in the EEA, data transfer outside the EEA would be either:

-       In destination to a country having received an equivalence decision by the European Commission;
-       To an entity that has adopted binding rules compliant with GDPR; or
-       Regulated by contractual provisions based on the standard clauses required by the European Commission.

7. Data retention

 The Data Controller retains the personal data of Data Subjects for the time necessary to achieve the purposes pursued, if applicable increased by the legal periods for archiving and retention, and/or increased by the limitation periods if needed. At the end of these periods, personal data will be either deleted or irreversibly anonymized by the Data Controller.

The retention period depends on the type of personal data and the purpose pursued. The retention period is determined in particular according to the following criteria:

-       The duration of the contractual relationship with the User;

-       The regularity of the use of the App by the User;

-       The regularity of the contacts with the Data Controller;

-       The existence of legal or contractual obligations requiring the Data Controller to retain the data;

-       The existence of a retention period specially defined by the applicable regulations (for example requirement to keep invoices for 10 years); and

-       The type of personal data in particular those requiring special attention and precautions (such as banking information).

 In this context, the Data Controller applies the following retention periods:

·      Data concerning Users are kept for the entire duration of the contractual relationship with the Client.

·      Data concerning Users will be kept at the latest for three years following the end of the contract and/or following the last interaction with the Data Controller for marketing purposes.

·      The data will then be irreversibly deleted or anonymized by the Data Controller, unless this data must be retained for accounting purposes, in the context of legal obligations, dispute resolution, recovery or fraud prevention. In those cases, the data will be kept for the period required by law or for the applicable limitation periods.

·      Invoices are kept for a period of ten (10) years from their date of issue.

·      Bank information will only be kept for the duration of the contractual relationship.

For more information regarding the retention period of personal data, Data Subjects are invited to contact the Data Controller using the contact details provided at article 10 below.

8. Data Subjects rights

Data Subjects have the following rights pursuant to applicable regulation:
Right to information: Data Subjects have the right to obtain information from the Data Controller relating to the processing of personal data concerning them. Right of access: Data Subjects have the right to obtain confirmation from the Data Controller that their personal data are or are not processed, and when they are, access to the personal data that is processed, as well as information relating to the purposes of such processing.
Right of rectification: Data Subjects have the right to obtain from the Data Controller, as soon as possible, the rectification of their personal data that they consider to be inaccurate.
Right to erasure: Data Subjects have the right to obtain from the Data Controller the erasure of their personal data, except when the processing is based on a legal obligation. In addition, when the processing is necessary for the execution of a contract, the Data Controller will not be able to execute the said contract nor to implement the services concerned in the event of erasure.
Right to limitation of processing: Data Subjects may obtain from the Data Controller the limitation of the processing of their personal data, except when the processing is based on a legal obligation. In addition, when the processing is necessary for the execution of a contract, the Data Controller will not be able to execute the said contract nor to implement the services concerned in the event of limitation of the processing.
Right to object: Data subjects have the right to object at any time, for reasons relating to their particular situation, to the processing of their personal data, except when the processing is based on a legal obligation. In addition, when the processing is necessary for the execution of a contract, the Data Controller will not be able to execute the said contract nor to implement the services concerned in the event of opposition to the processing of personal data.
Right to portability: Data Subjects have the right to receive from the Data Controller, the personal data concerning them, or to ask the Data Controller to send to a third party the personal data concerning them, in a structured, commonly used and machine-readable format.
Right to withdraw consent: Data Subjects have the right to withdraw their consent to the processing of their data if this processing is based on consent. Withdrawal of this consent does not affect the lawfulness of processing based on consent given before its withdrawal.
Right to organize the fate of their personal data after their death: Data Subjects can define general or specific post-mortem instructions, relating to the conservation, erasure and/or communication of their personal data after their death.
Right to lodge a complaint with a supervisory authority: Without any prejudice to any other administrative or judicial remedy, Data Subjects have the right to lodge a complaint with a supervisory authority if they consider that the processing personal data concerning them constitutes a violation of the applicable regulations.

Users are however invited to contact the Data Controller prior to making any complaint to a supervisory authority or before initiating any other administrative or legal action.

Data Subjects may exercise these rights through the Data Controller (at the contact details indicated at Article 9 “Contact” below), free of charge, except in case of manifestly unfounded, excessive or repeated requests, in which case charges may be applied.

9. Contact

For more information on the data processing concerning them or to exercise their rights, the Data Subjects may contact the Data Controller using the following contact details:

Email: contact@wizem.xyz