Privacy Policy
I. Introductory Provisions
These Principles set the rules for privacy protection and the processing of personal data of users of the Wantend platform (hereinafter referred to as the “Platform”). The controller and processor of personal data is Waib Corp s.r.o., ID No.: 08409081, with its registered office at Korunní 2569/108, Vinohrady (Prague 10), 101 00 Prague (hereinafter referred to as the “Controller”). Contact email: info@wantend.com.
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as the “User” or “Users”). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to identifiers such as name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
These Principles have been developed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2025 (GDPR) and other personal data protection regulations. By using the Platform, you confirm that you have read and fully accept these Principles.
II. Collected Data and Their Sources
The Controller only processes data that are necessary for the provision of services on the Platform, ensuring its functionality, security, and development. The data collected comes directly from Users or from their activity on the Platform. Specifically:
1. Registration data
- Contact email address, gender, country, and region.
- In the case of age or identity verification, also a phone number, photograph, and an identity document (ID card or passport).
2. Voluntarily provided data
- The User may provide additional information in their profile, e.g. profile photo, date of birth, height, weight, eye color, hair color, phone number, Skype, sexual orientation or partner preferences.
3. Data about activity on the Platform
- Information about User behavior on the website (pages visited, time spent, search queries, etc.).
- Analytical data used to improve and personalize the services of the Platform (e.g. number of profile views, content interaction).
4. Payment information
- If the User makes payments, the Controller processes payment data and information necessary to identify the payer.
5. Device information
- Hardware model, operating system version, unique device identifier, and other technical data necessary for correct display or operation.
6. Server logs
- IP address, date and time of access, browser type, information about events on the device.
7. Location data
- Only if the User sets the location themselves (e.g. during registration), or it may be determined approximately from the IP address.
8. Cookies and similar technologies
- Necessary cookies for basic functionality and security (e.g. session retention).
- Preference cookies for remembering settings (language, region).
- Analytical cookies (e.g. for measuring traffic and improving services).
- Marketing cookies (only based on the User’s consent, if used).
9. The User may restrict or disable the storage of cookies in their browser settings, but in such a case, some Platform features may not function properly.
10. Metadata related to uploaded content
- For example, photos may contain EXIF data, which can reveal additional sensitive information (e.g. the exact location where the photo was taken). The User has the option to remove this data before uploading.
III. Legal Basis and Purpose of Personal Data Processing
1. Legal basis for processing
- User’s consent (Art. 6(1)(a) GDPR): Especially for the use of voluntarily provided information, marketing cookies, and sending commercial communications where consent is required.
- Performance of a contract (Art. 6(1)(b) GDPR): The processing of personal data is necessary for the provision of Platform services (registration, account management, communication).
- Controller’s legitimate interest (Art. 6(1)(f) GDPR): Ensuring the security of the Platform, protection of the Controller’s rights and interests, direct marketing in the case of an existing relationship with the User.
- Compliance with a legal obligation (Art. 6(1)(c) GDPR): For example, verifying the User’s age or archiving billing data.
2. Purposes of processing
- Provision of Platform services: Ensuring operation, managing user accounts, delivering content.
- Customer support: Addressing inquiries, suggestions, and issues reported by Users.
- Content and marketing personalization: Customizing offered content, ads, and products according to the User’s preferences.
- Analysis and statistics: Monitoring traffic, performance, and trends to improve services.
- Functionality and security: Preventing illegal activities, ensuring the secure operation of the Platform, resolving incidents and terms violations.
- Legal compliance: Fulfilling legal obligations, enforcing terms of service, and protecting the Controller’s rights.
IV. Data Retention Period
1. Personal data are retained for the period necessary to fulfill the purposes for which they were collected, or for the period required by law.
- Registration and basic data: For the duration of the user account. Upon account cancellation, data that are no longer required for legal reasons (e.g. accounting or tax laws) will be deleted or anonymized.
- Marketing purposes: Until the User withdraws consent or until the User objects if processing is based on legitimate interest.
- Age or identity verification: Data are retained for the time necessary for verification and thereafter only where archiving is required to fulfill legal obligations or protect the Controller’s legitimate interests.
- Deletion process: In the event of complete account and data deletion, the process may take up to 6 months due to technical reasons (e.g. cache, backups, synchronization).
V. Sharing of Collected Data
The Controller does not share personal data without a legal basis or the User’s consent, except in the cases listed below:
1. Public
- Content marked as public by the User (e.g. public profile, photos, etc.) is accessible to other Platform Users or may be displayed to non-registered visitors (if allowed by the User in settings).
2. Service providers
- For example, payment institutions (for payment processing and verification), IT partners ensuring Platform operation, analytical tools. These entities always process data only according to the Controller’s instructions and in accordance with data processing agreements.
3. Legal successors
- In the event of a change in ownership structure (sale, merger, restructuring), personal data may be transferred to the legal successor for the purpose of service continuity.
4. Protection of rights
- The Controller may provide data to competent authorities (e.g. courts, law enforcement) for the purpose of protecting its rights, preventing illegal activities, or upon lawful request.
The Controller does not sell or otherwise commercially share personal data with third parties outside the above-mentioned purposes.
VI. Data Subject Rights
Users have the following rights regarding their personal data, as derived from the GDPR:
1. Right of access
- The User may request confirmation of whether the Controller processes their personal data, and if so, obtain a copy of such data and further information about the processing.
2. Right to rectification
- If the data are inaccurate or incomplete, the User has the right to request their correction or completion.
3. Right to erasure
- Under certain circumstances (e.g. if the data are no longer necessary for the purposes for which they were collected, or if the User withdraws consent and no other legal basis for processing exists), the User may request deletion of their personal data.
4. Right to restriction of processing
- The User may request restriction of processing under certain conditions (e.g. if the User contests the accuracy of the data for the period necessary to verify their accuracy).
5. Right to data portability
- The User may request their personal data in a commonly used, machine-readable format and request their transfer to another controller.
6. Right to object
- The User may object at any time to processing based on the Controller’s legitimate interest or for direct marketing purposes.
To exercise these rights, the User may use the Settings section in their user account or contact the Controller at info@wantend.com. If the User requests deletion of data necessary for registration or identification (e.g. email, phone), the user account will also be deleted.
VII. Data Controller and Statement
Data Controller:
Waib Corp s.r.o.
ID No.: 08409081
Registered Office: Korunní 2569/108, Vinohrady (Prague 10), 101 00 Prague
Email: info@wantend.com
The Controller declares that it has taken all appropriate technical and organizational measures to secure personal data (including communication encryption, access restrictions, and regular security checks) and that only authorized persons have access to such data.
VIII. Final Provisions
1. Validity and Effectiveness
These Principles are effective as of 1 January 2025 and replace any previous agreements regarding personal data protection on the Platform.
2. Changes to the Principles
The Controller reserves the right to amend or supplement the wording of these Principles at any time. Users will be informed of any changes in an appropriate manner (e.g. via the Platform or by email).
3. Supervisory Authority
The supervisory authority for personal data protection in the Czech Republic is the Office for Personal Data Protection (www.uoou.cz). The User has the right to contact this authority with a complaint regarding the processing of their personal data.
