Wemates P2P Risk-sharing Network Privacy Policy

Welcome to Wemates' Privacy Notice

At Wemates, we deeply value and respect your privacy. As an embodiment of our core principles—transparency, decentralization, and inclusivity—our commitment to protecting your personal data remains unwavering. This privacy notice serves to keep you informed about how we handle your personal data when you interact with our website and our platform, ensuring you're equipped with essential knowledge about your privacy rights and the legal safeguards in place.

We've crafted our privacy policy with clarity and ease of comprehension in mind. You can navigate through the specific segments detailed below. Furthermore, to promote clarity, we've provided a Glossary to help you grasp the nuances of the terminologies used within this privacy notice.

1. Crucial Information and Our Identity

Purpose of this Privacy Notice

The essence of this privacy notice is to enlighten you about the ways Wemates gathers and processes your personal data during your usage of our platform—whether you're obtaining a quote, availing a product or service, or engaging in any activity therein.

We've designed our platform primarily for adults; thus, we don't intentionally gather data concerning children.

For a complete understanding, we urge you to peruse this notice in conjunction with any other privacy-related documents or processing notifications we might offer on occasions when we're handling your personal data. This document is supplementary to others, not intended to supersede them.

Data Controller

"Wemates" is an officially recognized trademark of Radarme Sp. z o.o. All rights reserved. Usage of the Wemates name, logo, and associated branding elements are under the exclusive purview of Radarme Sp. z o.o. Any unauthorized use or replication without express permission is strictly prohibited.

Wemates P2P Risk-sharing Network stands as the chief controller and caretaker of your personal data, referred to as "Wemates", "we", "us", or "our" throughout this notice.

Understanding the importance of data privacy, we have instituted a dedicated Data Privacy Officer (DPO) to address all queries related to this privacy notice. Should you harbor any concerns, seek clarifications, or wish to exercise your legal rights, kindly reach out to our DPO via the contact details provided further below.

Contact Information

Our exhaustive details are as follows:

Data Privacy Officer - privacy@wemates.ai

Data Privacy Officer,

Wemates P2P Risk-sharing Network,

ul. PLAC KONESERA, nr 8, lok

Warszawa, 03-736

For serious concerns regarding data protection, you're entitled to forward a complaint to the local Data Protection Authority. Nevertheless, we urge you to initially address any apprehensions to us, allowing us the opportunity to duly address them before you engage with higher authorities.

Updates to the Privacy Notice & Your Obligation to Notify Changes

This policy's current version was updated on 17.10.2023

To ensure our records remain up-to-date and relevant, we kindly request you to inform us about any alterations in your personal data during your association with Wemates.

Links to Third-party Websites

Our platform might host links to external websites, plugins, or applications. Activating these links or connections might permit these third-party entities to amass or disseminate data about you. Wemates does not oversee these third-party interfaces and, thus, cannot be held accountable for their privacy practices. Consequently, once you navigate away from our platform, we strongly advocate that you acquaint yourself with the privacy policies of the sites you access.

2. The Data We Gather About You

At Wemates, your understanding of the data we collect about you is paramount. This section serves to explain the nature of this data and the intention behind its collection.

Defining Personal Data

Personal data is any piece of information that allows an individual to be recognized. However, if the information is modified such that the individual's identity is concealed (thus making it anonymous), it is not considered as personal data.

During our interactions, we might accumulate, utilize, store, and even transfer various kinds of personal data about you, which we have categorized as:

- Identity Data covers aspects like first name, middle name, last name, username or any equivalent identifier, marital status, title, date of birth, and gender.

- Contact Data encompasses your billing address, delivery address, email address, and phone numbers.

- Financial Data pertains to details like bank account and payment card information.

- Transaction Data is about the payments made to and by you, and other specifics of products and services you've acquired from Wemates.

- Technical Data captures details such as device IMEI, serial number, IP address, login credentials, browser type and version, geographical settings, browser plugins, operating system and platform, and other tech specifications of devices you employ to access our platform.

- Profile Data includes your login details, the purchases or orders you've placed, your inclinations, feedback, and any survey responses you've given.

- Usage Data pertains to insights on how you navigate our platform, products, and services.

- Marketing and Communications Data concerns your choices regarding receiving marketing content from us, our partners, and your preferred modes of communication.

Beyond the individual data, we also gather and share Aggregated Data, which is statistical or demographic data employed for numerous purposes. By its nature, Aggregated Data is sourced from your personal data but isn't regarded as personal data legally since it doesn't expose your identity either directly or indirectly. An instance would be us analyzing your Usage Data to determine the proportion of users leveraging a particular feature on our platform. However, if this Aggregated Data is combined with your personal data in a manner that it reveals your identity, then we classify this merged data as personal data and it is processed under the guidelines of this privacy policy.

Importantly, Wemates does not seek or store any Special Categories of Personal Data about you. This encompasses sensitive details related to race, religious beliefs, sexual orientation, political views, trade union affiliations, health status, and genetic or biometric data. Additionally, we don't gather any information about criminal activities or offenses.

Consequences of Not Providing Personal Data

In instances where we're legally mandated to procure personal data or need it under a contract we're executing with you, and you don't provide this data when solicited, it might hinder our ability to fulfill our contractual obligations. For instance, this might prevent us from delivering the services or products you've sought. Should such a situation arise, we will promptly inform you about any modifications or cancellations related to products or services you have with Wemates.

3. Methods of Personal Data Collection at Wemates

Wemates leverages a diverse array of avenues to amass data about you. This chapter outlines the methodologies we employ to ensure complete clarity:

Direct Engagements: By directly engaging with Wemates, you share specific data types with us. This encompasses situations where you:

- Register for our risk-sharing services or products.

- Establish an account on our platform.

- Opt for receiving marketing communications.

- Participate in our contests, promotions, or surveys.

- Offer feedback or insights to us.

Such engagements might lead to the sharing of your Identity, Contact, and Financial Data. This data might be shared through various mediums, be it online forms, postal mail, telephonic conversations, emails, or any other direct correspondence.

Automated Technologies and Interactions: As you navigate and interact with our platform, there's an automatic data collection process in place. This primarily captures Technical Data pertaining to the device you're using, your browsing behavior, and patterns. We harness cookies, server logs, and akin technologies to facilitate this data collection. Additionally, should you browse other platforms that employ our cookies, we may gather Technical Data from those interactions as well.

Third-party or Public Sources: Wemates' data collection isn't restricted to direct or automated means. We often receive data about our users from external third parties and public databases. This includes:

- Technical Data from entities like:

- Analytical service providers (e.g., Google) that might be based outside your jurisdiction.

- Advertising consortiums, such as Facebook, that are typically located outside the EU.

- Information search providers, again like Google, operating outside the EU.

- Contact, Financial, and Transaction Data from technical solution providers and payment platforms, like PayHere and Stripe, both situated within the EU.

- Identity and Contact Data can also be sourced from data brokers or aggregators that collate and provide such details.

We continually aim for transparency and trust, so it's crucial for you to know the various channels through which we gather information. Understanding these methods ensures you are in control and aware of your digital footprint with Wemates.

4. Utilization of Your Personal Data by Wemates

Wemates holds a steadfast commitment to safeguarding your privacy. We process your personal data in line with legal provisions and ensure clarity in our approach.

Legal Basis for Processing:

Your personal data is processed under various circumstances:

1. To honor the agreement or contract you've entered into or are about to enter into with us.

2. When our legitimate interests align, ensuring they don’t infringe upon your rights and primary liberties.

3. To abide by legal or regulatory obligations.

4. While we seldom depend on explicit consent for data processing, it's imperative when reaching out with third-party marketing updates via email or text. Remember, withdrawing from marketing communications is your prerogative, achievable by contacting us.

Utilization Rundown:

Outlined below is a comprehensive breakdown of the purpose, nature, and legal grounds under which your data is processed:

Marketing Insights:

Our objective is to keep you in the loop about offerings that resonate with your needs:

- Wemates' Promotions: Based on the data (like Identity, Contact, Technical, Usage, and Profile), we might suggest products or services we believe align with your interests. If you've interacted with us previously (like making a purchase or showing interest in a promotion) and haven't declined marketing communications, you'll receive these suggestions.

- Third-party Collaborations: Only with your explicit agreement do we share your data with external entities for marketing. This is beyond the scope of Wemates' network.

- Opt-out Flexibility: Adjust your marketing preferences anytime via our platform settings, or utilize the opt-out link in our communications. Contact us for any clarifications or actions. Opting out of marketing doesn't affect data shared during transactions or service experiences.

Cookies Reminder: You can customize your browser's cookie settings. Restricting cookies might impede some website functionalities.

Purpose Alterations: Your data is exclusively used for its initial collection purpose unless another purpose arises that's compatible with the original. For clarity on how new data usage aligns with the initial purpose, please get in touch. On rare occasions where data processing occurs without your awareness, it’s always in legal accordance.

Our mission is transparency. Reach out for any inquiries or clarifications regarding our data processing practices.

5. Sharing Your Personal Data within Wemates' Network

Wemates believes in maintaining the sanctity of your privacy. At times, it may be essential to share your personal data with particular entities, but always with a defined purpose in mind:

Collaborations and Partnerships:

- Associated External Entities: As detailed in the Wemates Glossary, certain external third parties might need access to your data, but always within the parameters outlined in Section 4.

- Business Transitions: As Wemates continues to evolve, there might be occasions where parts of our business are sold, transferred, or merged. Conversely, we might acquire or merge with other entities. Should such business transformations occur, the successor or new management may have access to your personal data. Nevertheless, the guiding principles for its use would remain consistent with the ethos detailed in this privacy policy.

Our Commitment:

All third-party collaborators are mandated to uphold the confidentiality and security of your personal data. They're strictly prohibited from using this data for self-serving purposes. Their processing of your personal data is always aligned with the specified objectives and as per Wemates' explicit directives.

Our ambition is to keep you in the loop, ensuring your trust remains unwavering. For any further queries regarding data sharing or any other aspect of our privacy policy, please don't hesitate to reach out.

6. Cross-border Data Transfers within Wemates' Network

Wemates operates in a globally interconnected environment, and our collaborations might sometimes involve entities located outside the European Economic Area (EEA). This means there could be instances where your personal data gets transferred beyond the EEA borders.

In such circumstances, Wemates is dedicated to ensuring that your data is treated with utmost care and protection, mirroring the standards within the EEA. Here’s how we guarantee this:

- Adequate National Data Protections: We initiate data transfers only to nations that the European Commission recognizes as having a satisfactory data protection regime. More about this can be explored at the European Commission's portal on data protection in non-EU nations.

- Standardized Contracts: When partnering with certain service providers, Wemates might leverage contracts that the European Commission has endorsed. These contracts mandate the service providers to protect your data to EEA standards. Further insights can be found on the European Commission's guidelines about model data transfer contracts.

- EU-US Privacy Assurance: In scenarios where we collaborate with US-based entities, we ensure that these organizations are enrolled under the Privacy Shield. This framework demands US companies to uphold data protection standards that are on par with European norms. Dive deeper into the specifics at the European Commission's dedicated EU-US Privacy Shield page.

Your trust is our priority. If you seek any additional information regarding how we manage international data transfers, please get in touch with our team – privacy@wemates.ai

7. Ensuring Your Data's Security within Wemates Network

Wemates understands the inherent value of your personal information, and we're deeply committed to ensuring its safety. Here's how we've fortified our defenses:

- Robust Protective Measures: We employ cutting-edge security protocols to shield your data from unintentional loss, unauthorized access, modifications, or unwarranted disclosures.

- Selective Access: Within our ecosystem, your data is accessible only to personnel and partners who require it for legitimate operational purposes. Every individual with this privilege is bound by our directive to handle your data with utmost respect, always processing it under our strict guidelines and preserving its confidentiality.

- Prompt Response to Data Breaches: In the unlikely event of any discrepancies or potential data breaches, our response mechanism springs into immediate action. Not only have we set up processes for swift identification and containment of such incidents, but we also ensure timely notifications to you and relevant regulatory bodies, as mandated by law.

8. Retention of Your Data within Wemates Network

Duration of Data Storage:

It's essential to understand that regulatory requirements mandate us to retain foundational details about our network members—this encompasses Contact, Identity, Financial, and Transaction Data—for a duration of seven and a half years post the cessation of their membership with Wemates.

Your Right to Erasure:

We respect the principle of 'data minimization', and in certain contexts, you possess the right to request the deletion of your personal data. Kindly refer to the 'Request Erasure' section to understand this process in detail or contact our team – privacy@wemates.ai

Anonymization for Research & Analytics:

To continually enhance our services, there may be instances where we transform your personal data such that it becomes unidentifiable, ensuring complete anonymity. When data is anonymized in this manner, it can be utilized for research and statistical evaluations. This anonymized data is retained indefinitely, given its nature that ensures no individual can be identified from it.

At Wemates, we strive to uphold a balance between regulatory obligations and your privacy rights, ensuring that your data is managed judiciously.

9. Upholding Your Legal Privileges within the Wemates Network

Understanding Your Rights:

As a member of the Wemates Network, you are endowed with specific rights in accordance with data protection legislation. Familiarize yourself with these rights by exploring the links provided:

- Gaining Access to Your Personal Data (1)

- Initiating Corrections to Your Personal Data (2)

- Invoking the Erasure of Your Personal Data (3)

- Expressing Objections to Data Processing (4)

- Seeking Restrictions on Processing Your Data (5)

- Initiating the Transfer of Your Personal Details (6)

- Exercising the Right to Revoke Consent (7)

For action on any of the rights delineated above, reach out to privacy@wemates.ai

Fee-Free Process, Generally:

Typically, you aren't burdened with fees to access your personal data or to action any of the rights aforementioned. Nonetheless, should we find your request to be evidently groundless, excessive, or recurrent, a nominal fee may be levied. In certain instances, we might also choose to deny your request under these conditions.

Information Verification:

In our pursuit to uphold the security of data, we might solicit specific details from you. This assists us in affirming your identity, ensuring that the disclosure of personal data is confined to those rightfully entitled to it. Additionally, for the sake of expediting our response, we may reach out for more clarity related to your request.

Our Commitment to Timely Responses:

While we endeavor to address all genuine inquiries within a span of one month, there could be occasions where intricate or multiple requests push the timeline slightly further. In such scenarios, rest assured that you'll be apprised of the status and any updates.

10. Wemates Network Glossary & Guide

Understanding Lawful Grounds

1. Legitimate Interest: At the heart of our operations is your best service experience, ensuring it's both outstanding and secure. We diligently weigh our operational interests against your rights and potential impacts, whether favorable or adverse. Without your explicit consent or if not driven by legal imperatives, we refrain from actions that might compromise your interests. For a deeper understanding or clarifications on this subject, please reach out to privacy@wemates.ai

2. Performance of Contract: Engaging in an agreement with us or contemplating one necessitates processing your data for the contract's seamless execution.

3. Legal or Regulatory Compliance: At times, it becomes imperative to process your data in alignment with legal or statutory obligations.

Collaborative Partners

- Consultation Allies: This encompasses professionals such as legal advisors, banking affiliates, auditors, and insurers located within the EEA, who offer varied services, from legal advice to insurance solutions.

- Regulatory Entities: Organizations like the respective Revenue & Customs bodies and other regulatory institutions within the EEA might necessitate certain processing details.

- Digital Solution Providers: SAAS partners operating from within the EEA or other countries in the UK or the US.

- Claims Administration: Entities within the EEA addressing and facilitating claim procedures.

- Fraud and Insurance Oversight Bodies: EEA-based agencies monitoring insurance and potential fraudulent activities.

- Financial Channels: Partners overseeing payment structures, merchant facilities, and related banking services within the EEA.

Empowering Your Rights

You possess the entitlement to:

(1) Access Your Stored Data: Often referred to as a "data subject access request", it grants you the privilege to peruse and acquire the data we've archived about you.

(2) Amend Your Data: Ensure the accuracy of your data is upheld. In case of any inconsistencies, we're committed to rectifying them after necessary verification.

(3) Erase Your Data: Propose the deletion of your data unless a compelling rationale mandates its retention. There may be situations where deletion isn't feasible, and these will be transparently communicated.

(4) Challenge Data Processing: Particularly relevant if our actions, rooted in legitimate interests, seem to encroach upon your fundamental rights. This also extends to opposing data processing meant for direct marketing endeavors.

(5) Pause Data Processing: Under defined scenarios, you can advise a temporary cessation of data processing, be it due to data accuracy disputes or perceived illegal processing.

(6) Migrate Your Data: To you or a chosen third party. We facilitate this in an industry-standard digital format, focusing on automated data which had garnered initial consent or was foundational for a contract's execution.

(7) Withdraw Prior Consent: For activities hinging on your approval, you can rescind this consent. This action won't impact prior processing. If such a decision affects our ability to serve you, we'll duly inform you.

For queries or to action any of these rights, always consider connecting with privacy@wemates.ai.