Last updated: December 14, 2021
In addition to the definitions contained elsewhere in the text of this Policy, the following terms and expressions shall have the following meaning ascribed to them for use in this Policy:
“Affiliate” means, with respect to any person, any other person directly or indirectly controlling, controlled by or under common control with such person.
“AML” means Anti-Money Laundering and refers to a set of procedures, laws and regulations designed to stop the practice of generating income through illegal actions.
“App” means an application owned and operated by the Company or its Affiliate, available for download through Apple App Store, Google Play store or other application platforms (if applicable). This definition also may include the Desktop Version (if applicable).
“Company Parties” means the Company and its respective past, present and future employees, officers, directors, contractors, consultants, attorneys, accountants, financial advisors, equity holders, parent companies, subsidiaries, Affiliates, agents, representatives, predecessors, successors and assignors. A "Company Party" means one of the foregoing, as the case may be.
“Data Protection Law” means any applicable law relating to the processing of Personal Data and/or privacy, including the Swiss Federal Act on Data Protection, as amended from time to time and the GDPR when and if applicable.
“EU Persons” means individuals (natural persons) who are the citizens of the countries with membership in the European Union.
“Financial Institution” means a third-party bank or other regulated financial institution that Waller partners for the purposes of providing the Services.
“General Terms and Conditions” means the terms and conditions promulgated by the Company for the purpose of governing the relationships between the Company and the User in relation to the Services within the Waller Platform.
“GDPR” means the Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
“KYC” means Know Your Client and refers to the process of a business verifying the identity of its clients and assessing potential risks of illegal intentions for the respective business relationship.
“Non-User” means a person who is not a current User of the Waller Platform.
“Personal Data” means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. “Process”, “Processed” and other similar terms shall be construed accordingly.
“Telegram” means third-party cross-platform cloud-based instant messaging software and application service with additional features that may be added by the company it is operated by, from time to time.
“User”, “your” or “you” means the person or persons, using the Website and/or the App and/or using the Services via the Waller Platform.
“WALLER”, “Waller”, “we”, “us”, “our” or “the Company” means Waller Swiss AG, the company registered under the laws of Switzerland with registered number CHE-177.908.722, located at Bahnhofstrasse 29, 6300 Zug, Switzerland.
“Waller Platform” means the technology platform connecting social media, Users and Financial Institutions, available through the App.
“Wallet” means additional feature added to the Telegram interface within the Waller Platform to proceed with payment tools supported by a relevant Financial Institution.
“Website” means https://waller.swiss owned and operated by the Company or its Affiliate.
All capitalized terms not otherwise defined in this Policy shall have the meanings ascribed to them in Section 1 of the General Terms and Conditions.
2. COLLECTION OF PERSONAL DATA AND SCOPE OF THIS POLICY
2.2 Waller collects personal information for the only purpose of providing you with the Services offered through the relevant Financial Institution infrastructure when it is necessary to do so due to the configuration of the relationship with such Financial Institution and in order for the User to make transactions and perform other operations using the Waller Platform.
2.4 Waller will collect information you provide directly only in the case defined in Section 2.2. of this Policy.
2.4.1 When You Download the App
When installing the App, you are requested to provide your mobile telephone number in order for us to check your details against the identification details of a relevant Telegram user account linked to the provided mobile telephone number.
We will use the information that we collect about you to:
• allow you to use additional features added to the Telegram interface within the Waller Platform to proceed with payment tools supported by a relevant Financial Institution.
2.4.2 When You Sign Up to Use the Wallet
If you sign up to use the Wallet, we collect basic information about you including your name (first name and surname) and e-mail address. We will use the information that we collect about you to:
• allow you to log in to the Wallet;
• allow you to execute and/or receive transactions.
2.4.3 When You Provide Information to Build Your Profile (if applicable subject to the configuration of the relationship with a Financial Institution)
Once you have signed up to use the Wallet, we may ask you on behalf of the relevant Financial Institution to provide additional optional information about yourself to complete your “Profile” for the purpose of using the full set of our Services provided in any particular jurisdiction. The information we ask for may include your gender, date of birth, place of birth, addresses, nationality, national insurance number (or other government-issued identification number), citizenship and residency status, tax ID and other details or questions as may be required in the Profile creation process which may be amended by us from time to time.
We will not use the information you provide in your Profile and we will only transfer this information to a relevant Financial Institution.
For the avoidance of any doubt, depending on the configuration in every particular jurisdiction, all or part of this information may be requested and Processed by the Financial Institution only, with or without being transferred to the Company.
2.4.4 When you Contact Us
If you contact us by telephone, e-mail, post or use another function offered by Waller, such as the chat feature, we will collect any information about the communication and any additional information that you choose to give us. We will use this information to review, investigate and respond to any comment or question that you may raise. Please note that we may record and retain all telephone calls and other communication with us and may use it in our dealings with you including any dispute resolution or legal proceedings.
2.4.5 When a Waller User Invites a Telegram user to Use Waller Platform
Users of Waller can invite their contacts from Telegram to sign up for an account with us. Please refer to the Section 3 of this Policy for the purpose of dealing with Non-User’s personal information in this case.
2.4.6 When a Waller User Requests a Transaction Outside the Waller Platform
Users of Waller can initiate money transfers to the bank account of an individual (or a legal entity, as the case may be) which is not the User of the Waller Platform and/or not a client of a relevant Financial Institution.
Please refer to the Section 3 of this Policy for the purpose of dealing with Non-User’s personal information in this case.
2.5 We may collect information about your use of the Services and geo-location.
2.5.1 Automatically Collected Information
When you access or use our Services, we automatically collect information about you, including:
• Log Information;
• Device Information;
• Activities on the Website;
• Location Information;
• Information Collected by Cookies or Other Tracking Technologies.
2.5.2 Information We Collect from Other Sources
We collect your Telegram ID (it is an internal Telegram account identification number), your Telegram username and your mobile phone number from Telegram when you download the App.
We collect the confirmation that you are a current client of a Financial Institution being the Waller’s partner from a relevant Financial Institution.
3. NON-USER’S PERSONAL DATA
3.1 For the reasons mentioned in Sections 2.4.5. and 2.4.6. of this Policy Waller may receive Personal Data of the individuals not being the Users of Waller as well as not being clients of a relevant Financial Institution.
3.2 If a new user is invited to join Waller as per Section 2.4.5. of the Policy, we receive Non-User’s Telegram nickname and Telegram ID directly through Telegram.
We will use the information that we collect about Non-User to:
• notify you that you may join Waller;
• match your details when you decide to join Waller.
3.3 In case of any money transaction initiated by a Waller User outside of the Waller Platform in favour of a Non-User as per Section 2.4.6. of the Policy, we receive name, surname, address and bank account details of an individual (the list of details is defined by a relevant Financial Institution subject to its internal rules and requirements) from a relevant Waller User.
We will use the information that we collect about Non-User to:
• initiate the transaction and assign its execution to a relevant Financial Institution;
• prove the correctness of a Non-User’s bank account details in case of any doubts or mistakes.
3.4 We require each of our Users to have lawful rights to collect, use, and share any Personal Data as defined in Sections 3.2. and 3.3. before providing any information to us.
4. PURPOSE AND LEGAL GROUNDS FOR PERSONAL DATA PROCESSING
4.1 The purpose of Personal Data collection, storage and processing shall be the identification of the User.
4.2 We Process your Personal Data on the basis that it is:
• necessary for the performance of a contract, therefore, if we have a contract with you, we will process your Personal Data in order to fulfil that contract (in particular, to provide you with the Services);
• authorized by your Consent, which you give us as it is set out in Section 6 (Consent to Personal Data Processing) hereof;
• assigned to do by a relevant Financial Institution;
• necessary to comply with our legal obligations, in particular, when we are obliged to respond to a court order or a regulator;
• necessary for performing our legitimate interests; or
• permitted by applicable legislation, if the respective legal ground for Personal Data Processing is not mentioned in, or contradicts, the provisions of this Policy.
4.3 Please contact us for further information on the legal grounds that we rely on in relation to any specific Processing of your Personal Data.
4.4 We do not knowingly and deliberately collect personally identifiable information from children and any person under the age of 18 for the reason that the use of the Services is not allowed for a person under the age of at least 18 years.
4.5 We may Process the Personal Data for a number of legitimate interests, including: to provide and improve the Services, administer our relationship with you and our business, for marketing purposes and in order to exercise our rights and responsibilities. In particular, we may Process the Personal Data for the following purposes:
• set up your Wallet, provide technical and customer support and training, verify your identity and send important account, subscription and Service information;
• we analyse the way you use our Services to make suggestions to you for features or Services that we believe you will also be interested in, and so that we can make our Services more user-friendly;
• providing, maintaining, delivering or improving the Website, the App, the Services or other products or services provided through the Website and/or the App;
• personalize your experience with our Services: we may retain your browsing and usage information to make your searches within our Services more relevant and use those insights to target advertising to you online on our Website and/or App;
• contact you in relation to, and conduct, surveys or polls you choose to take part in and to analyse the data collected for market research purposes;
• verifying that you are a unique individual or entity;
• answering your enquiry or responding to a communication from you;
• conduct internal research and development, as well as improve, test and enhance the features and functions of our Services;
• provide you with marketing materials as permitted by law;
• meet our internal and external audit requirements, including our information security obligations;
• exercise, protect and/or enforce our rights, privacy, safety, networks, systems and property, or those of other persons;
• prevent, detect or investigate a crime, fraud or other breach of law or requirement;
• prevent or detect any loss incurred by the Company or third persons;
• comply with requests from courts, law enforcement agencies, regulatory agencies and other public and government authorities, including where they are outside your country of residence;
• indemnify the Company and Company parties against claims;
• comply with laws and regulations that apply to us or third parties we work with.
4.6 Where we rely on legitimate interests as a lawful ground for Processing your Personal Data, we balance those interests against your interests, fundamental rights and freedoms. For more information on how this balancing exercise has been carried out, please contact us by sending an e-mail to: email@example.com.
5. CONSENT TO PERSONAL DATA PROCESSING
§1. EU Persons Consent to Personal Data Processing
5.1 If you are an EU Person we need to receive your consent in order to Process your Personal Data, as it is prescribed by the GDPR, we will process your Personal Data provided that we have received from you a freely given, specific, informed and unambiguous indication of your wishes by which you signify agreement to the processing of your Personal Data ("Consent").
5.2 You may give your Consent as per requirements of the GDPR by the way of opt-in consent, including by ticking a box when visiting the Website and/or the App or otherwise upon the configuration of the particular interface. In case you tick the respective box or otherwise, you irrevocably and unconditionally consent and agree that the Company and/or the Company Parties shall be entitled to Process your Personal Data as it is indicated in your Consent.
5.3 Your Consent covers all Processing activities with your Personal Data carried out for the same purpose or purposes. When the Processing has multiple purposes, your Consent should be deemed given for all of them.
5.4 You have the right to withdraw your Consent at any time. You can submit such request by sending us an e-mail to: firstname.lastname@example.org. Your withdrawal of Consent shall not affect the lawfulness of your Personal Data Processing based on Consent before its withdrawal. For the avoidance of doubt, we may not have the possibility to withdraw your Consent if your Personal Data was provided by you to an independent third party, e.g., Telegram or a Financial Institution.
5.5 Except as required or enabled by law (including, for the avoidance of doubt, the laws of the member states of the European Union), we will not use or disclose your Personal Data for any purpose for which you refuse Consent or later withdraw your Consent. If you withdraw Consent, you agree that in spite of this withdrawal, we may continue to use this Personal Data previously provided to us to the extent that we are contractually or otherwise legally obliged to do so and to the extent necessary to enforce any contractual obligation you may have towards the Company or in any other way permitted by law. You also understand that we need certain Personal Data, including data linked to the fact of payment or involving an ongoing relationship withour partners. If you refuse to provide us with Personal Data we require or later withdraw your consent, we may no longer be able to maintain any contractual relations with you.
§2. Non-EU Persons Consent to Personal Data Processing
5.6 If you are not an EU Person, by transferring to us your Personal Data you irrevocably and unconditionally consent and agree that the Company shall be entitled, in accordance with this Policy to Process in any manner, including to collect, store, use, disclose, share and transfer (including cross-border), your Personal Data provided to us.
6. USE OF PERSONAL DATA
6.1 We use Personal Data for the purposes that are in our legitimate interests, as well as for compliance purposes.
6.2 We will use the Personal Data for the same purposes as defined in Section 4.5. of this Policy.
7. DISCLOSURE OF PERSONAL DATA
7.1 The Company treats Personal Data as confidential and may not transmit or use any such data without valid legal grounds.
7.2 We will only disclose your Personal Data in the following ways:
a) with your Consent or at your instruction;
b) to our current or future Company Parties and to other companies under common control or ownership with us or our offices internationally;
c) to third parties or service providers that perform work for us;
d) to a relevant Financial Institution, banks, other financial institutions in the process of business of the Company;
e) in connection with a merger or sale of our company assets, or if we do a financing or are involved in an acquisition, or any other situation where Personal Data may be disclosed or transferred as one of our business assets;
f) in response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law, regulation or legal process;
g) if we believe your actions are inconsistent with our user agreements, policies or legislation, or to protect the rights, property and safety of any assets of the Company Parties or third parties;
h) to third parties where aggregated Personal Data is disclosed which cannot reasonably be used to identify you.
7.3 Company Parties may without limitations share aggregated or anonymised information, which cannot reasonably be used to identify you.
8. TRANSMISSION OF PERSONAL DATA
8.1 The transmission of Personal Data or any other information (including communications by e-mail) via the Internet or other publicly accessible networks is not one hundred percent secure. Company Parties are not liable for the security of any Personal Data or any other information you are transmitting over the Internet, or third-party content.
8.2 Transmission of Personal Data of EU Persons to recipients, both internally or externally, is subject to the authorization requirements and pursuant to the defined purposes. Personal Data of EU Persons transmitted to a recipient outside the European Economic Area must be subject to protection at least equivalent to that sought by the GDPR. Intragroup transfers of Personal Data of EU Persons to third countries are subject to the safeguards provided by the legislation requirements.
9. PROTECTION OF PERSONAL DATA. SECURITY MEASURES
9.1 We take appropriate security, organizational and technical measures to protect any Personal Data you provide regarding the collection, storage and Processing of Personal Data, including the Personal Data of Non-Users.
9.2 Personal Data is safeguarded from unauthorized access and unlawful Processing or disclosure, as well as accidental loss, modification or destruction, through state-of-the-art technical and organizational measures. These are adjusted and updated continuously to reflect technical developments and organizational changes. Additionally, Personal Data protection audits and other controls are carried out on a regular basis.
9.3 We take reasonable steps to protect the security of the Personal Data. However, no computer security system is entirely secured and the Internet is not one hundred percent secure method of transmitting information. As a result, we do not assume any responsibility for the integrity of the Personal Data sent over the Internet, and we cannot and do not guarantee that information you communicate to us or we send to you will be received, or that it will not be altered before or after it has been transmitted to us. You agree to hold any Company Party harmless against any loss or damage of any sort incurred as a result of any misappropriation, interception, modification, deletion, destruction or use of information provided through the Internet.
9.4 Personal Data provided to us is stored in accordance with applicable laws of the jurisdiction of the Company. The period for which the Personal Data will be stored is determined by the applicable laws of the jurisdiction of the Company. The Company has ensured that appropriate security standards are in place regarding the safeguarding, confidentiality and security of Personal Data.
10. RETAINMENT OF INFORMATION
10.1 In accordance with applicable laws the Company may store your Personal Data. This requirement is conditioned by the need to comply with legal obligations and resolve possible disputes.
10.2 The Company may retain your Personal Data until it is indispensable for the Company to have relevant information to respond to any issues that may arise later.
11. EU PERSONS' RIGHTS
11.1 The Company values the protection of all users' rights relating to their Personal Data; hence, the Company is committed to making sure you can exercise your respective rights effectively and free of charge. The Company will ensure each of your requests related to your Personal Data to be reviewed in a timely fashion. You shall be informed that the Company will require you to verify your identity before responding to any requests to exercise your rights.
11.2 EU Persons shall acknowledge, that their rights relating to Personal Data are provided in the GDPR and other applicable laws of the member states of the European Union. In particular, EU Persons have the following rights relating to their Personal Data:
11.2.1 right to access. You can request access to your Personal Data and obtain a copy of such Personal Data in a from which is the most suitable for you (e.g., PDF, DOC, DOCX). You can submit such request by sending an e-mail to: email@example.com. After your request is received, our privacy team reviews the form and conducts requestor's identity verification without undue delay. Upon successful verification, you are provided with a copy of your Personal Data;
11.2.2 right to data portability. You have the right to receive your Personal Data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another service provider (controller) without hindrance from us;
11.2.3 right to erasure ("Right to be forgotten") and right to rectification. You are entitled to request erasure or rectification of your Personal Data by sending us a respective request to firstname.lastname@example.org. We will handle requests for Personal Data to be rectified or deleted, unless there is a legal requirement that prohibits such request to be fulfilled. When your request is fulfilled, you will be informed that your Personal Data has been changed or erased and is no longer being collected, however, to fulfil our legal requirements the Company will store information about each requestor for the purposes of providing an evidence that a request has been fulfilled;
11.2.4 right to object. At all times, you are entitled to object to Processing of your Personal Data. Right to object can be exercised by sending an e-mail to email@example.com. Upon receipt of the request, the Company ceases the Processing, unless there is a legal or statutory ground for such Processing;
11.2.5 right to be informed. If you submit a request about Processing activities conducted with respect to your Personal Data, the Company, without undue delay, will provide information about: (i) purposes of Processing; (ii) categories and types of Personal Data; (iii) retention period; (iv) source of the relevant Personal Data; (v) privacy rights and information on Data portability. However, all information about the categories of Personal Data and Processing conducted by Company is available in this Policy;
11.2.6 right to opt out. You have the right to opt out of newsletters, marketing communications or notifications we send you at any time. You can exercise this right by clicking on the "unsubscribe" or "opt out" link in the marketing e-mails we send you. To opt out of other forms of marketing, please contact us by e-mailing firstname.lastname@example.org; and
11.2.7 the right to lodge a complaint with a supervisory authority. Supervisory authority means an independent public authority which is established by an EU member state pursuant to Article 51 of the GDPR.
11.3 If we have collected your information by obtaining your consent, you also have the right to withdraw that consent at any time by contacting us, provided however that, in case you remain a User of the Waller Platform, you will not be able to withdraw your consent for all the data in general, denying us to hold any of your information at all. In other words, in case you withdraw your consent for us to collect, use, store, compile your information, you will no longer be User of the Waller Platform from the moment of the consent withdrawal as we shall no longer be able to interact with you. Additionally, we may not be able to withdraw your consent if your consent is provided to another independent Company Party. In this situation you may need to interact with such Company Party and as a result of the withdrawal of your consent your participation within the Waller Platform may also be cancelled.
11.4 You should be informed that some information may not be rectified or deleted due to mandatory AML/CFT requirements.
12. AUTOMATED DECISION-MAKING
12.1 We do not envisage that any decisions will be taken about you or a Non-User using fully automated means.
13. DATA PROTECTION OFFICER
13.1 The Company has appointed an expert on data privacy who works independently to ensure that the Company is adhering to the policies and procedures set forth in the Data Protection Law (data protection officer). The data protection officer assists the Company in monitoring internal compliance, informs and advises on data protection obligations, provides advice regarding data protection impact assessments (DPIAs) and acts as a point of contact for data subjects and supervisory authorities.
13.2 The contact information of the Data Protection Officer is email@example.com.
Waller Swiss AG
Address: Bahnhofstrasse 29, 6300 Zug, Switzerland
+41 41 501 08 08