Effective date: Jan 1, 2021
Relevant persons pursuant to the Regulation EU 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, or „GDPR“):
- The Data Controller is
Bimosoft E OÜ
Laki tn 30, 12915 Tallin
(hereafter: the „Controller“ and to be considered equivalent to “Winglio” or “we” or “our” or “us” as defined by the ToS);
- the type of Personal Data we collect
- the legal basis and legal requirements for Personal Data collection,
- the scope, purpose and method of Personal Data collection,
- the security measures to be undertaken to protect any and all collected Personal Data,
- Personal Data management rights,
- the time limit (duration) of storage of collected Personal Data.
We collect Personal Data of natural persons signed up as users of our Service (hereafter: “Users” to be understood as equivalent to “Verified Users” or “Winglio Partners” as defined by the ToS). The Users themselves provide these Personal Data.
We also collect Personal Data of other natural persons (Clients as defined by the ToS as well as other “Third Parties”) provided to us by the User in the process of providing our Services.
We will inform you if providing some Personal Data is optional, including if we ask for your consent to process it. In all other cases, if you fail to provide the requested Personal Data, we may be unable to provide you with our Service.
We collect and/or process Personal Data when the User:
- signs up for our Services;
- browses our sites or uses our apps;
- uses our Services;
A) Personal Data we collect and process when you sign up for our Services:
- First name
- Last name
- E-mail address
- Date of birth
- Phone number
- Postal Code
- Copy of a Users’ passport or national ID (both sides)
- Copy of a Users’ ID card or recent utility bill (electricity bill / phone bill / bank statement)
- User's digital signature
What do we use this Personal Data for?
This is the information we process to enable you to become a “Verified User”. Only a Verified User may enter into an Agreement with Winglio and may use our Services. Without these Personal Data we are unable to provide you with our Services.
These Personal Data may, with your consent, also be used to promote the Winglio Service.
B) Personal Data we collect when you browse our Website or use our apps:
- your IP address through the placement of cookies; and
- location data, which might be gained through your IP address or GPS data
What do we use this Personal Data for?
C) Personal Data we may collect and process while providing our Service:
- Users’ bank account information (name of bank, bank account number SWIFT number)
- amount and currency to be invoiced to a Client for services rendered
- type of service rendered to a Client
Furthermore, at this stage, the User may provide us with the following Client Personal Data (relevant only if a Client is a natural person):
- Clients' first and last name
- Clients' address
- Clients' e-mail address
- Clients' digital signature
Pertinent Personal Data protection information for Clients/Third Parties can be found here.
What do we use this Personal Data for?
This information we collect in order to execute our Agreement with the User, which, in essence, means to provide services to Clients in cooperation with the User.
We may use the Personal Data you provide about yourself to fulfill your requests for our products, programs, and services, to respond to your inquiries about the Service, and to offer you other products, programs, or services we believe may be of interest to you. We may also use your Personal Data to administer sweepstakes and contests.
We may use or disclose your information to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims.
We use information about which links have been followed and whether an action has been taken on another party’s website in order to improve our offerings and customize the Service.
Technical and navigational information, such as computer browser type, IP address, pages visited, and average time spent on our the Winglio Website, may be used, for example, to alert you to software compatibility issues, or it may be analysed to improve our website design and functionality.
The legal basis for processing of Personal Data:
- Processing is necessary for the performance of a contract to which the User is party or in order to take steps at the request of the User prior to entering into a contract;
The processed Personal Data is necessary to enable us to enter into an Agreement with the User, to execute the Agreement and provide our Services pursuant to the Agreement within the scope of the ToS.
- Processing is necessary for compliance with a legal obligation to which the Controller is subject;
Due to the nature of the Services provided by Winglio (payment, financial services, share transfer), we are legally obligated to process, store, and, if needed, reproduce Personal Data pertaining to financial transactions made by the User if so requested by law enforcement agencies; financial regulators and other relevant regulatory authorities; government bodies; tax authorities; courts tribunals and complaints/dispute resolution bodies and other bodies as required by law or regulation if such a request has sound legal basis.
Furthermore, we must process and store certain Personal Data because we are legally obligated to allow the User to exercise his or her rights under the GDPR.
- Processing is necessary for the purposes of the legitimate interests pursued by the Controller;
We collect your Personal Data for the following legitimate interests:
- Provision of our financial products and Services;
- Promotion of ideas and events relating to Services we provide;
- Accuracy of User records;
- Transparency of company ownership structure;
- Maintenance of records of communications and management of your relationship with us;
- To respond to your enquires;
- To comply with any present or future law, rule, regulation, guidance, decision or directive (including those concerning anti-terrorism, fraud, anti-money laundering and anticorruption);
- To carry out, in appropriate cases, KYC checks and other procedures that we undertake prior to you becoming a User;
- Prevention and detection of fraud and other illegal activity or misconduct
- For informing you about compliance with legal and regulatory obligations and provide related guidance.
- The User has given consent to the processing of his or her Personal Data for one or more specific purposes;
Usually, this is the case when you request us to disclose your Personal Data to other people or organizations, or otherwise agree to disclosures.
This is also the case with all Personal Data we collect and process for promotional and marketing purposes.
Due to the sensitive nature of our Service we retain your Personal Data to protect our legitimate business interests and to meet legal obligations for a minimum period required by law, which in any case may be no shorter than 10 years after your User account closure, or after your User Account has been deemed inactive.
Personal Data collected exclusively for promotional purposes shall be retained for no shorter than 3 years after such Personal Data processing consent is given.
After this period has passed your Personal Data (will be automatically deleted, or/and deleted per your request).
We may share your Personal Data with the following types of recipients:
- With any competent law enforcement body, regulatory authority, government agency, court of law or other third party where we believe disclosure is necessary
- as a matter of applicable law or regulation,
- to exercise, establish or defend our legal rights, or
- to protect your vital interests or those of any other person.
- With any other person, such as Clients and Third Parties, with your consent for such disclosure.
During the provision of our Service, the User provides us with Personal Data regarding his/our Client (if the Client is a natural person).
Pursuant to applicable regulations, we provide Clients with the following information:
- identity and contact details of the data controller, and data protection officer
Data controller – Here
Data Protection Officer – Here
- purpose and legal basis for processing Personal Data:
Purpose for processing – Here
Legal basis for processing – Here
- recipients or categories of recipients of Personal Data
Recipients or categories of recipients – Here
- period for which the Personal Data will be stored or criteria used to determine that period
Period for which the Personal Data will be store – Here
- when processing is based on the legitimate interests pursued by the controller or this party
Legitimate interests of the controller – Here
- right to request controller access to, rectification and erasure of Personal Data and/or restriction of processing, right of data portability, right to lodge a complaint with a supervisory authority
Data subject rights – Here
- source of Personal Data – the source of Personal Data of Clients is always the User.
We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your Personal Data against loss, misuse, unauthorized access, disclosure, and alteration. The security measures include firewalls, data encryption, physical access controls to our data centers and information access authorization controls. While we are dedicated to securing our systems and Services, you are responsible for securing and maintaining the privacy of your password(s) and Account/profile registration information and verifying that the Personal Data we maintain about you is accurate and current.
We do not store, transmit, or process any customer credit card information provided to us at any time during, or after the sale. Any payment information provided is transmitted to a 3rd party via a secured socket layer.
You have the following data protection rights:
- To access, correct, update or request deletion of your personal information. You may do so by contacting us using the information in the "Contact Us" section below.
- To object to the processing of your personal information (which is processed on the grounds of legitimate interests), ask us to restrict processing of your personal information or request portability of your personal information. Again, you may do so by contacting us using the information in the "Contact Us" section below.
- To opt out of marketing communications we send you, at any time. You can exercise this right by clicking on the “unsubscribe/opt out” link in the marketing communications we send you or by contacting us using the information in the "Contact Us" section below.
- If we are processing your personal information with your consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted pursuant to lawful processing grounds other than consent. You may do so by contacting us using the details at "Contact Us" heading below.
- You have the right to file a complaint with a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
We use automated data processing (automated decision making) to automatically provide our Users with certain opportunities, bonuses, and amenities based on their use of the Service. Should certain conditions are met (as provided by the ToS), Winglio shall automatically send an e-mail to certain Users giving them an opportunity to access certain Winglio bonuses and amenities.
Users are not under any obligation to accept these offers.
Bimosoft E OÜ
Laki tn 30, 12915 Tallin