Privacy Policy

1. Information We Collect

1.1 Personal Information

When you create a DiWallet account, we collect:

• Identity Information: Full name, date of birth, nationality, government-issued ID details
• Contact Information: Email address, phone number, postal address
• Verification Documents: Identity documents, proof of address, selfie photos for KYC compliance
• Financial Information: Bank account details, payment method information, transaction history

1.2 Transaction Data

We collect information about your DiWallet transactions, including:

• Virtual card creation and usage details
• Payment amounts, dates, and merchant information
• Transfer details and recipient information
• Cryptocurrency transaction data (where applicable)
• Account balance and funding sources

1.3 Technical Information

We automatically collect technical data when you use our services:

• Device Information: Device type, operating system, unique device identifiers
• Usage Data: App interactions, feature usage, session duration
• Location Data: IP address-based location (for security and compliance)
• Security Data: Login attempts, security events, fraud prevention information

1.4 Communication Data

When you contact us, we may collect:

• Customer service inquiries and responses
• Feedback and survey responses
• Marketing preferences and communications

2. How We Use Your Information

2.1 Service Provision

We use your information to:

• Create and manage your DiWallet account
• Process virtual card requests and transactions
• Facilitate payments, transfers, and other financial services
• Provide customer support and respond to inquiries
• Send important service notifications and updates

2.2 Security and Compliance

We process your data to:

• Verify your identity and comply with KYC/AML regulations
• Detect and prevent fraud, money laundering, and other illegal activities
• Monitor transactions for suspicious patterns
• Maintain the security and integrity of our platform
• Comply with legal obligations and regulatory requirements

2.3 Service Improvement

We analyze usage data to:

• Improve our services and develop new features
• Personalize your user experience
• Conduct research and analytics
• Optimize platform performance and reliability

2.4 Marketing and Communications

With your consent, we may:

• Send promotional emails about new features and services
• Provide personalized offers and recommendations
• Conduct market research and surveys
• Share news and updates about DiWallet

3. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

3.1 Contractual Necessity

Processing necessary to provide DiWallet services and fulfill our contractual obligations to you:

• Account creation and management
• Transaction processing and virtual card services
• Customer support and service communications

3.2 Legal Compliance

Processing required to comply with legal obligations:

• Anti-money laundering (AML) and counter-terrorism financing checks
• Know Your Customer (KYC) identity verification
• Financial services regulations and reporting requirements
• Tax reporting and record-keeping obligations

3.3 Legitimate Interests

Processing necessary for our legitimate business interests:

• Fraud prevention and security monitoring
• Service improvement and product development
• Business analytics and performance measurement
• Risk management and operational efficiency

3.4 Consent

Processing based on your explicit consent:

• Marketing communications and promotional offers
• Optional features and personalization
• Market research and surveys
• Cookie usage beyond essential functionality

4. Data Sharing and Disclosure

4.1 Service Providers

We share limited data with trusted third-party service providers who assist us in:

• Payment Processing: Visa, MasterCard, and payment gateways
• Identity Verification: KYC/AML compliance service providers
• Cloud Services: Secure data storage and hosting providers
• Customer Support: Help desk and communication platforms
• Analytics: Service usage and performance monitoring

All service providers are bound by strict confidentiality agreements and may only use your data for specified purposes.

4.2 Regulatory and Legal Disclosures

We may disclose your information to:

• Financial regulatory authorities for compliance purposes
• Law enforcement agencies when legally required
• Tax authorities for reporting obligations
• Courts and legal proceedings when compelled by law

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

4.4 What We Don't Do

5. Data Security

5.1 Technical Safeguards

We protect your data using industry-leading security measures:

• Encryption: AES-256 encryption for data at rest and TLS 1.3 for data in transit
• Access Controls: Role-based access with multi-factor authentication
• Network Security: Firewalls, intrusion detection, and DDoS protection
• Monitoring: 24/7 security monitoring and threat detection

5.2 Organizational Safeguards

Our security practices include:

• Regular security training for all employees
• Strict background checks for personnel with data access
• Incident response procedures and breach notification protocols
• Regular security audits and penetration testing

5.3 Compliance Certifications

DiWallet maintains the following security certifications:

• SOC 2 Type II compliance
• PCI DSS Level 1 certification
• ISO 27001 information security management
• GDPR compliance certification

6. Data Retention

6.1 Retention Periods

We retain your personal data for different periods depending on the type of information and legal requirements:

• Account Data: For the duration of your account plus 7 years (regulatory requirement)
• Transaction Records: 7 years from the transaction date (financial regulations)
• KYC Documents: 5 years after account closure (AML compliance)
• Marketing Data: Until you withdraw consent or request deletion
• Support Communications: 3 years for quality assurance and training

6.2 Secure Deletion

When retention periods expire, we securely delete your data using:

• Cryptographic erasure methods
• Multi-pass overwriting for physical storage
• Certificate of destruction for hardware disposal
• Audit trails to verify complete deletion

6.3 Legal Holds

Data may be retained beyond normal periods if required for:

• Ongoing legal proceedings or investigations
• Regulatory inquiries or audits
• Fraud prevention and security incidents

7. Your Privacy Rights

7.1 GDPR Rights

Under the General Data Protection Regulation, you have the following rights:

7.2 How to Exercise Your Rights

To exercise any of these rights:

• Email us at privacy@diwallet.app with your request
• Use the privacy controls in your DiWallet account settings
• Contact our Data Protection Officer through the details below
• Submit a request through our customer support channels

7.3 Response Times

We will respond to your privacy requests:

• Within 30 days of receiving a valid request
• Free of charge for most requests
• With identity verification to protect your data
• In a clear and plain language format

7.4 Right to Complain

If you're not satisfied with our response, you have the right to lodge a complaint with:

• Your local data protection authority
• The Romanian Commission for Personal Data Protection
• Any EU supervisory authority where you reside

8. Cookies and Tracking

8.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website or use our app. They help us provide a better user experience and improve our services.

8.2 Types of Cookies We Use

8.3 Managing Cookies

You can control cookies through:

• Browser settings to block or delete cookies
• Our cookie preference center in the app
• Opt-out tools provided by third-party analytics providers
• Privacy settings in your DiWallet account

8.4 Third-Party Tracking

We may use third-party services for:

• Website analytics (with anonymized data)
• Fraud detection and security monitoring
• Customer support and live chat functionality
• Performance monitoring and error tracking

9. International Data Transfers

9.1 Data Processing Locations

Your personal data may be processed in:

• European Union: Primary data processing and storage
• Romania: Main operational headquarters and compliance
• Other Countries: Limited processing by service providers with adequate protections

9.2 Transfer Safeguards

When we transfer data outside the EU/EEA, we ensure protection through:

• Adequacy Decisions: Countries recognized by the EU as providing adequate protection
• Standard Contractual Clauses: EU-approved contracts with data recipients
• Binding Corporate Rules: Internal policies ensuring consistent protection
• Certification Schemes: Industry-recognized privacy and security certifications

9.3 Your Rights Regarding Transfers

You have the right to:

• Know about any international transfers of your data
• Request information about transfer safeguards
• Object to transfers that don't meet adequate protection standards
• Request a copy of the safeguards in place

10. Children's Privacy

10.1 Age Restrictions

DiWallet services are intended for users who are:

• 18 years of age or older
• The legal age of majority in their jurisdiction
• Legally capable of entering into financial contracts

10.2 No Collection from Children

We do not knowingly collect personal information from children under 18. If we discover that we have collected such information:

• We will delete the information immediately
• We will close any accounts created by minors
• We will notify parents or guardians if possible
• We will implement additional safeguards to prevent future occurrences

10.3 Parental Rights

If you believe your child has provided information to DiWallet:

• Contact us immediately at privacy@diwallet.app
• Provide proof of your parental relationship
• We will work with you to remove the information promptly

11. Changes to This Policy

11.1 Policy Updates

We may update this Privacy Policy to reflect:

• Changes in our services or business practices
• New legal or regulatory requirements
• Technology improvements and security enhancements
• User feedback and privacy best practices

11.2 Notification Process

We will notify you of material changes through:

• Email notification to your registered address
• In-app notifications and alerts
• Prominent notices on our website
• Updates in your account dashboard

11.3 Your Choices

When we make significant changes:

• You'll have 30 days to review the updated policy
• Continued use of our services indicates acceptance
• You can close your account if you disagree with changes
• We'll help you exercise your data rights before account closure

12. Contact Us

12.1 Privacy Inquiries

For questions about this Privacy Policy or our data practices, contact us:

12.2 Supervisory Authority

You also have the right to contact the The National Supervisory Authority for the Processing of Personal Data: