Privacy Policy — iWallet Capital

Effective Date: July 28, 2025

Company: iWallet OÜ

Registration Number: 17088186

Registered Office: Tartu mnt 67/1-13b, 10115 Tallinn, Estonia

1. Introduction

iWallet OÜ (“Company”, “we”, “our”, or “us”) is committed to safeguarding the privacy and personal data of our clients, partners, website visitors, and any data subjects whose information we may process. This Privacy Policy explains how we collect, use, store, transfer, and protect your personal data in accordance with the General Data Protection Regulation (EU Regulation 2016/679, “GDPR”) and applicable Estonian law.

2. Scope

This Policy applies to:

Visitors of our website iwallet.capital/;
Users of our services;
individuals whose data is processed in connection with our business;
Clients who provide us with third-party data during service delivery. By using our website and services, you confirm that you have reviewed and accepted the data practices described in this Policy.

3. Data We Collect

We may collect the following categories of data:

a. Personal Identification Information (e.g., full name, date of birth, nationality, identification documents such as passports or ID cards, and digital signatures)
b. Contact Details (e.g., email address, phone number, and physical address)
c. Business & Financial Data (e.g., company registration numbers, VAT numbers, payment history, IBAN and banking details if needed for service execution)
d. Technical Information (e.g., IP address, browser type and version, device identifiers, language preferences, geographic location, and website interaction data)
e. Communications (e.g., email correspondence, completed contact forms, and meeting notes when applicable)

4. How We Collect Data

Directly from you (via forms, onboarding, contracts, etc.)
Automatically through cookies and analytics tools
From third parties (referrals, public registers, business partners)
During contract execution or pre-contractual communications

5. Purposes and Legal Bases for Processing

We process personal data based on legitimate purposes and applicable legal grounds under Articles 6 and 9 of the GDPR.

Purpose	Legal Basis
Communication and responding to inquiries	Consent / Legitimate Interest
Contract initiation and fulfillment	Contractual Necessity
KYC/AML compliance (if applicable)	Legal Obligation
Invoicing and financial reporting	Legal Obligation / Contractual Necessity
Website analytics and improvements	Legitimate Interest / Consent
Preventing fraud or abuse	Legitimate Interest

6. Cookies and Tracking

We use cookies to enhance functionality, analyze site usage, and tailor our services:

Essential cookies: Necessary for site performance and user login
Analytical cookies: Track site performance and visitor behavior (e.g., page visits)
Marketing cookies: Used in connection with advertising campaigns (only if consented)

You may accept, manage, or reject cookies through your browser settings. For more details, see our [Cookie Policy]. Ensure you are using the most recent version.

7. Data Sharing and Disclosure

We do not sell personal data. However, we may share it with:

Professional advisers (e.g., accountants, auditors, legal counsel)
Trusted technology vendors (e.g., hosting providers, CRM, cloud storage)
Government bodies or regulators when legally required
Partners or collaborators when your data is necessary for cooperation

All third parties are subject to strict confidentiality and data processing agreements under Article 28 GDPR.

8. International Transfers

When data is transferred outside the European Economic Area (EEA), we apply adequate safeguards such as:

European Commission adequacy decisions
Standard Contractual Clauses (SCCs)
Binding Corporate Rules (BCRs), if available

We do not transfer data to jurisdictions lacking proper data protection measures.

9. Data Retention

We retain personal data only as long as necessary for:

Performance of a contract
Fulfillment of legal obligations (e.g., tax, accounting, record-keeping)
Protection of our legitimate interests (e.g., resolving disputes or defending claims)

Data that is no longer needed will be securely deleted or anonymized. For example:

Contact forms: up to 12 months
Contracts and invoices: up to 7 years (per legal requirements)

10. Your Rights

You have the following rights under GDPR:

Access your personal data
Rectify inaccurate or outdated data
Request erasure (“right to be forgotten”)
Restrict or object to certain processing activities
Request data portability in a structured, machine-readable format
Withdraw consent at any time (without affecting prior processing)
File a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)

To exercise your rights, contact us at: [email protected]

11. Security Measures

We take data protection seriously and implement robust security measures, including:

Data encryption (in transit and at rest)
Firewalls and access control protocols
Regular employee training and access limitation
Pseudonymization and data minimization when feasible

In the event of a personal data breach, we will notify the relevant authority and affected individuals within 72 hours, as required under GDPR Articles 33 and 34.

12. Children’s Privacy

Our services are intended for adults. We do not knowingly collect data from individuals under the age of 18.

13. Automated Decision-Making and Profiling

We do not process personal data through automated decision-making that produces legal or similarly significant effects.

14. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted here with a new "Effective Date." Where appropriate, we may also notify you via email or an in-app banner.

15. Contact Us

For questions about this Policy or how we handle personal data:

Data Protection Contact

iWallet OÜ [email protected] Tartu mnt 67/1-13b, Tallinn, Estonia

Tartu mnt 67/1-13b, Tallinn, Estonia [email protected] +372 5601 4487