Privacy Policy
PRIVACY POLICY
1. INTRODUCTION
At Wynwallet, we respect your privacy and are committed to protecting Users’
personal data, in accordance with the General Data Protection Regulation (EU)
2016/679 (GDPR) and Greek Law 4624/2019.
This Policy describes:
• what data we collect,
• for what purposes and on what legal basis,
• with whom we share it,
• how long we retain it,
• and your rights.
This Policy forms a single and integral part of the Terms of Use.
2. DATA CONTROLLER
The Data Controller is:
Wynwallet Single-Member Private Company (IKE), registered office at PLATEIA
IPPODAMEIAS 8, 18531 PIRAEUS,
G.E.MI. 186908201000, Tax ID (A.F.M.) 802990812.
Contact email: support@wynwallet.app
3. CATEGORIES OF DATA WE COLLECT
(A) Account Data
Email, password (in encrypted/hashed form), mobile number (where required),
account identification details, and technical identifiers.
(B) Receipt & Transaction Data (Receipt Logs)
When you submit receipts, we collect/process:
• receipt image/photo,
• data extracted from the receipt (such as merchant and total amount),
• purchase and submission date/time,
• unique identifiers (e.g., QR code/codes) where available,
• technical logs related to submission and validity/fraud checks.
�(C) Payment Data (SEPA)
IBAN and information necessary to execute a SEPA transfer, as well as payment
history / failed-payment history.
We do not collect/store payment card details, as payouts are made only via
SEPA.
(D) Usage & Technical Data
IP address, device identifiers, operating system, app version, usage events, error
logs, where applicable.
(E) Communications & Support
Data you provide when you contact us (e.g., email, request content,
attachments).
(F) Camera & Image Data
The Wynwallet app uses your device camera solely to allow you to
photograph/scan the receipt you wish to submit. Wynwallet does not access
your camera or your photos without your own action/instruction (e.g., when you
choose to take a photo or upload an image from your gallery).
The receipt images you choose to submit are uploaded to our servers (or to
infrastructure of service providers acting as processors) for the purposes of:
• processing/reading the receipt content (e.g., merchant, total amount,
date/time),
• validating authenticity and preventing fraud,
• displaying the “instant win check” result and maintaining a submission
history.
Wynwallet does not collect images or video from your camera in the background
and does not use the camera for facial recognition or biometric identification
purposes.
Where technically feasible, we limit the collection/retention of image metadata
(e.g., EXIF such as geolocation) to what is strictly necessary for the operation and
security of the Service.
4. APP PERMISSIONS
To operate, the Wynwallet app may request access to certain device
functions/data, depending on your operating system and the settings you
choose:
� • Camera: Used to photograph/scan receipts for submission and to
perform the “instant win check”.
• Photos/Files (Gallery/Storage) (where applicable): If you choose, you
may upload a receipt image from your device gallery.
• Internet/Connection Data: Required to communicate with Wynwallet
systems (receipt submission, receiving results, syncing history, and
account operation).
• Notifications (Push Notifications) (if enabled): For updates regarding
receipt submission status, the “win check” result, and/or payout status.
You can disable notifications from your device settings.
Granting the above permissions is optional; however, refusing certain
permissions (in particular camera access or access to photos/files, and internet
access) may limit or make it impossible to use core features of the Service, such
as submitting receipts. Wynwallet does not gain access to the User’s entire
photo library—only to images the User explicitly selects to upload/submit.
5. PURPOSES OF PROCESSING & LEGAL BASES
We process data for the following purposes:
1. Provision of the Service (account creation/management, receipt
submission, displaying the win check result, maintaining receipt history,
including photographing/scanning receipts via the camera and/or
uploading an image from the User’s device, and technical processing of
images to extract receipt data).
Legal basis: Article 6(1)(b) GDPR (performance of a contract).
2. Payouts via SEPA
Legal basis: Article 6(1)(b) and, where required, Article 6(1)(c).
3. Security, fraud prevention, compliance, and protection of legitimate
interests (validity checks, abuse prevention, investigation of violations)
Legal basis: Article 6(1)(f) GDPR (legitimate interest).
4. Legal/tax/accounting obligations
Legal basis: Article 6(1)(c) GDPR.
5. Operational communications (e.g., notifications about submission
status/payouts)
Legal basis: Article 6(1)(b) and/or Article 6(1)(f), as applicable.
� 6. Marketing / promotional communications (if provided)
Legal basis: Article 6(1)(a) GDPR (consent), where required.
6. AUTOMATED DECISION-MAKING
The “instant win check” result and/or validity checks may be based on
automated processing. In cases of rejection due to technical inability or security
checks, you may contact support@wynwallet.app to request a review, where
feasible.
7. RECIPIENTS OF DATA
We may share data only to the extent necessary:
• with technology/hosting/support/analytics providers acting as
processors,
• with banks and/or providers involved in executing SEPA payments,
• with advisors (legal/accounting) in the context of lawful operation,
• with public authorities following a lawful request or obligation.
Where possible, we share data in pseudonymized or aggregated form.
8. TRANSFERS OUTSIDE THE EEA
If providers outside the EEA are used, we apply appropriate safeguards (e.g.,
standard contractual clauses) where required by law.
9. RETENTION PERIOD
We retain data only for as long as necessary:
• Account data: as long as the account remains active.
• Receipt/history data: as required for operation, dispute resolution,
security and fraud prevention, and any legal obligations.
• Payment data: as required to execute/prove payments and comply with
accounting/tax obligations.
After retention periods expire, data is deleted or anonymized.
�10. SECURITY
We implement appropriate technical and organizational measures to protect
data. Despite these measures, you acknowledge that transmission over the
internet may not be completely secure.
11. DATA SUBJECT RIGHTS
You have the right to:
• information/access,
• rectification,
• erasure (where applicable),
• restriction,
• objection,
• data portability,
• withdrawal of consent (where processing is based on consent),
• lodge a complaint with the Hellenic Data Protection Authority.
To exercise your rights, contact: support@wynwallet.app. We will respond
within one (1) month, unless an extension is required by law.
Hellenic Data Protection Authority: Kifisias 1-3, 115 23 Athens, Tel. +30 210
6475600, email: contact@dpa.gr
12. CHILDREN’S PRIVACY
The Service is not intended for persons under 18. We do not knowingly collect
data from minors. If we become aware of such collection, we will delete it.
13. POLICY UPDATES
This Policy may be amended. The latest version will be posted on the
Website/App.
�