1. Introduction

Wandace UG (haftungsbeschränkt) (“Wandace”, “we”, “us”, or “our”) is committed to protecting the privacy and personal data of its users.

This Privacy Policy explains how we collect, use, store, share, retain, and protect personal data when you access or use the Wandace platform, website, software, pop-ups, widgets, and related services (collectively, the “Service”).

By using the Service, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for processing your personal data is:

3. Scope of This Policy

This Privacy Policy applies to:

• Merchants using the Wandace platform;
• Individuals acting on behalf of a Merchant;
• Users interacting with Wandace websites, pop-ups, or tools;
• End customers, only to the extent that limited data is processed through platform features.

This Policy does not cover data processed directly by third-party services, such as payment service providers or messaging platforms, which are governed by their own privacy policies.

4. Categories of Personal Data We Collect

Depending on how you use the Service, we may collect the following categories of personal data:

4.1 Merchant and User Data

• Name and surname
• Business name (if applicable)
• Country and business type
• Email address
• Phone number (if voluntarily provided)
• Login and authentication data

4.2 Account and Usage Data

• Account identifiers
• Platform usage activity
• Log files, timestamps, and technical events
• IP address and device information

4.3 Content and Catalog Data

• Product names, descriptions, images, prices, and availability
• Store policies (refunds, cancellations)
• Catalog metadata created by Merchants

4.4 Communication and Integration Data

• Data required to connect third-party services (e.g. Meta, Google, WhatsApp Business)
• Business identifiers, catalog references, and integration metadata

4.5 Cookies and Tracking Technologies

• Necessary cookies
• Analytics and performance cookies
• Functional cookies
• Details are provided in our Cookie Policy.

5. Purposes of Processing

We process personal data for the following purposes:

• To provide, operate, and maintain the Service;
• To enable Merchants to manage catalogs, inventory, and storefronts;
• To facilitate integrations with third-party platforms at the Merchant’s request;
• To communicate with Users regarding support, updates, or service-related matters;
• To monitor platform security, prevent misuse, and enforce our policies;
• To comply with legal obligations under applicable laws, including GDPR.

6. Legal Bases for Processing (GDPR)

We process personal data based on one or more of the following legal grounds:

• Performance of a contract (Art. 6(1)(b) GDPR);
• Legitimate interests, such as platform security, analytics, and fraud prevention (Art. 6(1)(f) GDPR);
• Legal obligations (Art. 6(1)(c) GDPR);
• Consent, where required (Art. 6(1)(a) GDPR).

7. Payments and Third-Party Services

Wandace does not process customer payments for Merchant transactions.

Payments are handled by third-party payment service providers (e.g. Stripe, Kushki), who act as independent data controllers. Any payment-related personal data is processed in accordance with their respective privacy policies.

Wandace is not responsible for the data processing practices of third parties.

8. Data Sharing and Recipients

We may share personal data with:

• Cloud infrastructure and hosting providers;
• Analytics and monitoring services;
• Customer support and CRM providers;
• Integration partners explicitly authorized by the Merchant;
• Public authorities, where legally required.

All service providers act under contractual obligations and, where applicable, data processing agreements in accordance with GDPR.

9. International Data Transfers

Wandace is based in Germany but may process data using service providers located outside the European Union.

Where personal data is transferred outside the EU/EEA, we ensure appropriate safeguards, such as:

• EU Standard Contractual Clauses (SCCs);
• Adequacy decisions where applicable.

10. Data Retention and Deletion

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Policy or as required by law.

Inactivity and Data Minimization

• If an account remains inactive for an extended period, certain personal data may be anonymized or deleted;
• If a Merchant resumes use of the Service after inactivity, updated information and renewed consent may be required.

11. Automated Review and Moderation

Wandace may use automated or semi-automated systems to:

• Detect potentially prohibited or misleading content;
• Enforce platform rules and acceptable use policies.

Such systems are used for platform integrity and do not constitute legal or regulatory assessments of products or services.

12. Security Measures

We implement appropriate technical and organizational measures to protect personal data against:

• Unauthorized access;
• Loss or destruction;
• Alteration or misuse.

However, no system can guarantee absolute security.

13. Your Rights Under GDPR

You have the right to:

• Access your personal data;
• Rectify inaccurate data;
• Request deletion (“right to be forgotten”);
• Restrict or object to processing;
• Request data portability;
• Withdraw consent at any time, where processing is based on consent.

Requests can be submitted to admin@wandace.com.

14. Cookies and Tracking

Information about cookies, tracking technologies, and how to manage preferences is available in our Cookie Policy.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The latest version will always be available through the Service and indicated by the “Last updated” date.

Continued use of the Service after changes constitutes acceptance of the updated Policy.

16. Contact

For questions or requests regarding this Privacy Policy, please contact:

admin@wandace.com

Data Retention and Deletion Policy

Last updated: [insert date]

1. Purpose of This Policy

This Data Retention and Deletion Policy explains how Wandace retains, anonymizes, and deletes personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

The purpose of this Policy is to ensure:

Data minimization;

Lawful and transparent processing;

Secure handling of personal data throughout its lifecycle.

2. Scope

This Policy applies to personal data processed by Wandace in relation to:

Merchants and individuals acting on behalf of a Merchant;

Users of the Wandace platform, website, pop-ups, and tools;

Limited personal data of end customers processed through platform features.

This Policy does not apply to data processed independently by third-party service providers acting as separate data controllers.

3. Data Retention Principles

Wandace applies the following core principles:

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected;

Retention periods are determined based on:

contractual obligations;

legal requirements;

legitimate operational needs;

Data that is no longer required is deleted or irreversibly anonymized.

4. Retention Periods

4.1 Active Accounts

For active Merchant accounts, personal data is retained for the duration of the contractual relationship and as necessary to provide the Service.

Certain data may be retained for longer periods where required by law (e.g. accounting or compliance obligations).

4.2 Inactive Accounts

If an account becomes inactive (e.g. no login, no catalog activity, no storefront usage) for an extended period:

Wandace may restrict access to certain features;

Personal data that is no longer necessary may be anonymized or deleted;

Only minimal technical or statistical data may be retained for audit, security, or compliance purposes.

5. Anonymization and Re-Consent

Where personal data is anonymized due to inactivity:

Identifiable personal information is removed or irreversibly transformed;

The remaining data can no longer be attributed to an identifiable individual.

If a Merchant or User later resumes use of the Service after such anonymization:

Updated personal data may be requested;

Acceptance of the current versions of Wandace’s legal documents may be required;

New consent may be collected where applicable.

6. Deletion Requests

Users and Merchants may request deletion of their personal data in accordance with their rights under GDPR.

Upon a valid request, Wandace will:

Verify the request;

Delete or anonymize personal data unless retention is required by law;

Notify the requester once the process is completed.

Certain data may be retained where necessary to comply with legal obligations or to establish, exercise, or defend legal claims.

7. Legal and Contractual Retention Obligations

Notwithstanding the above, Wandace may retain certain data for longer periods where required to:

Comply with applicable laws or regulations;

Fulfill contractual obligations;

Respond to lawful requests from authorities;

Protect Wandace’s legal interests.

Such data will be securely stored and access-limited.

8. Security of Retained Data

All retained data is subject to appropriate technical and organizational security measures designed to protect against unauthorized access, loss, or misuse.

9. Relationship to Other Policies

This Policy should be read together with:

Privacy Policy;

General Terms and Conditions;

Moderation and Enforcement Policy.

In case of conflict, this Policy prevails with respect to data retention and deletion matters.

10. Updates to This Policy

Wandace may update this Data Retention and Deletion Policy from time to time. The latest version will always be available through the Service and indicated by the “Last updated” date.

11. Contact

For questions regarding this Policy or data protection matters, please contact:

admin@wandace.com