Privacy Policy

WWT Privacy Policy

This version of WWT Privacy Policy is valid from 1st day of April 2025.

Wolf & Wolf Technologies LTD is a company duly organized under the laws of Cyprus, having its
principal place of business at Spyrou Kyprianou, 19, SILVER HOUSE BUSINESS CENTER, 4th floor
3070, Limassol, Cyprus (Hereinafter: WWT or Company).

Company is committed to protect and respect your privacy in compliance with EU General Data
Protection Regulation (GDPR) 2016/679 as well as in compliance with Cyprus Law (125(I)/2018). ”You”
means you as a customer, a potential customer, our customer’s employee or other relevant person such
as our customer’s authorized representative, director or beneficial owner as well as our customer’s
customer when using our services. This Privacy Policy explains how the Company collects and uses
your personal data. It also describes your rights towards Company and how to exercise them.

Company process individuals’ personal data for several reasons, in the capacity of the data controller
and/or data processor.

Persons under the age of 18 cannot provide any personal data. We do not accept users under the age of
18 and no part of our website is structured to attract anyone under 18. If you are a person under the age
of 18 and if, despite the previous warning, you intend to undertake any activities on this website, before
any activities you must obtain the consent of your legal guardians (parents, adoptive parents, guardians, careers).

The terms used in this Privacy Policy are understood as defined in the EU General Data Protection
Regulation (GDPR) 2016/679.

This Privacy Policy explains the following:

1. What personal data we collect and how your personal data is collected;
2. How we may use your personal data and the lawful basis for doing so;

3. Who we may disclose your personal data to;
4. How we protect your personal data;
5. Your GDPR Rights;
6. Cookies;
7. How long we keep your personal data;
8. Changes to this Privacy Policy;
9. How to contact us;
10. Do You Need Extra Help?


1. What personal data we collect and how your personal data is collected

In order to provide our services, we need to process your personal data as described below. In the
course of our business, we collect personal data in a variety of ways. We collect personal data directly
from data subjects, via data subject’s usage of this site, of our service and through our customers. You
may directly or indirectly give us information about yourself in a variety of ways, such as when you
contact us, use our portal or any other service of ours where you submit personal data.

Below we give you a list of all personal data that, depending on the specific case, we may collect:

• Personal and contact information: name, date of birth, national identification number,
government identification numbers such as: driver’s license, state identification, passport,
social security or tax identification number, address, e-mail address, mobile and landline
telephone number, title, billing and shipping address. We are under legal obligation to collect
documentation of such information, for example in the form of copies of your passport or driver’s
license;
• Payment information: bank account number, invoice information and debit card data;
• Financial information: your income, turnover, negative payment remarks, type of agreement,
transactional data;
• Information related to legal requirements: country of taxation or foreign tax payer reference,
customer due diligence and anti – money laundering requirements;
• Technical information, including the Internet protocol (IP) address used to connect your
computer to the Internet, your login information, browser type and version, time zone setting,
browser plug-in types and versions, operating system and platform;
• Information about your visit, including the full Uniform Resource Locators (URL) clickstream to,
through and from our site (including date and time), page response times, download errors,
length of visits to certain pages, page interaction information (such as scrolling, clicks, and
mouse-overs), and methods used to browse away from the page and any phone number used
to call our customer service number;
• Geo-Location Information, some devices allow applications to access real-time location-based
information (for example GPS). Our applications may collect such information from your device
at any time while you download or use our services. We may use this information to optimize
your experience.


Special categories of data:

Company collects and processes biometric data (a photocopy of a passport or other personal document
with a photo) as a special category of personal data only in the case we are under legal obligation to
collect such data and when the data subject has given explicit consent to the processing of those
personal data.

Personal data we may collect from third parties:

We may collect your personal data from third party services either publicly available or engaged by us to verify you against sanction lists (EU, UN and UK sanction lists or OFAC lists) and registers held by tax
authorities, company registration agencies and other commercial or non-commercial information
providers on beneficial owners and politically exposed persons. We also collect information from
remitters, shops, banks, payment service providers and others. Our legal basis for collecting, processing, and sharing such information about you with third party services as explained in this paragraph is fulfilling our legal obligations, such as preventing, detecting and investigating money
laundering, terrorist financing and fraud prevention.

2. How we may use your personal data and the lawful basis for doing so

We use your personal data for a variety of reasons and based on different legal basis.

Collecting personal data based on consent:

We may use your personal data to send you marketing communication which you requested. These
may include information about our services, events, activities and promotions of our associated
partners’ products or services. This communication is subscription based and requires your consent.
The collection of personal data is based on consent, the data subject will give his/her consent by using
“Consent Forms” that will store documentation related to the consent given by the individual. Individual
consent will always be stored and documented in our system. If you have given consent to the
processing of your personal data, you can always withdraw the consent by sending the e-mail to the e-
mail address given below in the contact details (see “How to contact us” below). Withdrawal of consent
does not affect the admissibility of processing before the withdrawal. In case of withdrawal of consent,
we will not process your data, unless we have legal obligation for processing. We will respond to each
request as soon as possible, and in any case no later than within 30 days of receiving the request.

Collecting personal data based on contractual necessity:

We use your personal data for fulfilling our contractual obligations towards you. It is impossible for us to
perform our service to you without collecting and processing your personal data (contractual necessity as legal basis). Examples of contractual necessity as legal basis for your personal data collection and
processing are using our services, invoicing, etc.

Collecting personal data based on legal obligations:

In some cases, we are under legal obligation to process your personal data as part of our KYC
requirements, preventing, detecting and investigating money laundering, terrorist financing and fraud
prevention, sanction screening, reporting to tax authority, police authorities, supervisory authorities,
payment service requirements.

We may also send you information about the services that you have purchased from us and replies to a
“Contact me” or other web forms you have completed on our website. We will follow up on incoming
requests (customer support, emails, chats or phone calls). We will notify you of every disruption to our
services (system messages).

We also have a legitimate interest to use profiling. Profiling is any form of automated processing of
personal data in the form of analysis and assessment of specific aspects. Based on that analysis, some
cases of atypical behavior can be established, which are then examined, one by one, in order to
determine whether fraudulent behavior exists or not.

Please keep in mind that we will not be able to provide our services to you in case you fail to provide the
necessary personal data as described in this Privacy Policy.

3. Who we may disclose your personal data to

We do not share, sell, rent or trade your personal data with any third parties without your consent, except from what is described below:

• Our affiliates, including companies within the Company group.
• Third party service providers We may pass your personal data on to our suppliers, acquirers, payment service providers, banks,
clearing and settlement mechanisms and other business partners if necessary for providing our service
to you. Before sharing your personal data, we will always ensure that we respect relevant financial
industry secret obligation.
• Authorities
We disclose personal data to authorities to the extent we are under statutory obligation to do so. Such
authorities may include tax authorities, police authorities, AML authorities, law enforcement authorities
and supervisory authorities in relevant countries.
• Sub-contractors (processors and sub-processors)
We may use sub-contractors (data processor) to process personal data on our behalf, we are
responsible for making sure they commit themselves to adhere to this Privacy Policy and applicable
data protection legislation by signing the Data Processing Agreement. You can obtain further information about specific companies indicated in this section that could be provided with your personal data by reaching us using the contact details provided in this Privacy Policy.
• Third country transfer
We may transfer personal data to organizations outside the EU/EEA area. If the sub-contractor (data
processor) processes personal data outside the EU/EEA area, these transfers are subject to special
rules under all applicable data protection laws and such processing is done in accordance with the EU Standard Contractual Clauses for transfer to third countries.


If you would like further information, please contact us (see “How to contact us” below).

4. How we protect your personal data

Company has taken a number of steps in order to provide an extremely secure service. We use
appropriate technical, organizational and administrative security measures to protect any information
we hold from loss, misuse, unauthorized access, disclosure, alteration and destruction.

The information is encrypted using secure socket layer technology (SSL) and is stored with AES-256
encryption. Although no method of transmission over the Internet or electronic storage is 100% secure,
we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Where we have provided you (or where you have chosen) a password or access code which enables
you to access certain parts of our site, you are responsible for keeping this password confidential. We
ask you not to share any passwords with anyone, you authorize the Company to act upon instructions
and information from any person that enters your user ID or password.
Please note that once you leave our website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy.

5. Your GDPR Rights

You have the following rights in regard to your personal data:

• Right of Access

You have the right to request information about whether we process your personal data, access to that
data and all other data related to the processing of your data, in accordance with the regulations. In most of the cases this information is already presented to you in your online services from us. Your right to access may, however, be restricted by legislation and protection of other person’s privacy rights.

• Right to Rectification

You have the right to request from us to correct your personal data if inaccurate, incomplete, or out of
date.

• Right to be Forgotten

You have the right to request that your personal data is deleted when it is no longer necessary for us to
retain such data. Please note that due to the legislation we are in many cases under statutory obligation
to retain personal data on you not only during the customer relationship but also for many more years
after.

• Right to Restriction of Processing

If you contest the correctness of the data which we have registered about you or lawfulness of
processing, or if you have objected to the processing of the data in accordance with your right to object, you may request us to restrict the processing of this data to storing purposes only. The processing will
only be restricted to storing until the correctness of the data can be established, or it can be checked
whether our legitimate interests overwrite your interests. If you are not entitled to deletion of the data
which we have registered about you, you may instead request that we restrict the processing of this data to storing purposes only. If the processing of the data which we have registered about you is solely
necessary to assert a legal claim, you may also demand that other processing of this data be restricted
to storing purposes only. We may process your data for other purposes if this is necessary to assert a
legal claim or if you have granted your consent to this.
We will inform you on any correction or deletion of personal data or limitation of their processing unless
this is impossible or requires an excessive expenditure of time and resources.

• Right to Object

You have the right to object when the processing of your data is based on legitimate interest or when
your data is processed for public interest. You can always object to the processing of your personal data
for direct marketing band profiling in concern to such marketing.

• Right to Data Portability

You have the right to receive the personal data that you provided to us in a machine-readable format.
This right applies to personal data processed only by automated means and on the consent or fulfilling a
contract basis. Where secure and technically feasible the data can also be transmitted to another data
controller by us.

• Right to Complain to Supervising Authority

If you are not satisfied with the way in which we process your personal data, you may in the first instance contact us at privacy@wolf-wolf.net. If you remain dissatisfied, then you have the right to apply directly to your national supervisory authority for a decision. To find your national supervisory body please go to https://www.edpb.europa.eu/about-edpb/about-edpb/members_en.

• Automated individual decision-making and profiling

Please be informed that you have the right not to apply to you a decision made solely based on
automated processing, including profiling, if that decision produces legal consequences for you or that
decision significantly affects your position.

• Right to Withdraw your Consent

In the case you want to withdraw your consent, please make use of the link to manage your subscription
included in our communication. Regarding the e-marketing please note that you may still receive system
messages and notifications about your account activities.

• Personal data breach notification

Please be informed that we will notify you without undue delay of any breach of personal data if that
breach may cause a high risk to your rights and freedoms.

Your request to exercise your rights as listed above will be assessed given the circumstances in an
individual case. Please bear in mind that we may also retain and use your personal data as necessary to
comply with legal requirements, resolve disputes and or enforce our agreements.
Any query about your privacy rights should be sent to privacy@wolf-wolf.net.

6. Cookies

What the cookies are?
As is common practice on almost all professional websites, this website uses cookies. Cookies are small
files that are stored on your computer in order to provide certain functionality and improve your
experience on the site. This page describes what information they collect and how we use it. For general
information about cookies, see the Wikipedia article on https://en.wikipedia.org/wiki/HTTP_cookie

We collect, process and analyze data regarding the use of our webpages. This includes standard
information from your web browser, such as browser type and browser language, your Internet Protocol
(“IP”) address, the actions you take on our websites, such as the webpages viewed, and links clicked.
We use cookies and similar technologies to deliver our services to you, provide a secure online
environment, to manage marketing and provide a better online experience and to make our website
content more relevant to you.

If used alone, cookies do not personally identify you.

You can set or amend your web browser controls to accept or reject cookies. If you choose to reject
cookies, you may still use our sites and some services, however your access to some functions and or
website areas might be restricted.

7. How long we keep your personal data

Your data will be kept as long as it is necessary for the purposes for which the data was collected and
processed or as long as it is required by law.

When it comes to job candidates in our Company, we inform you that we will retain your personal data
for a period not exceeding 6 months from the submission date, for potential selection for any future
positions. After this period, all documentation will be securely destroyed.

8. Changes to this Privacy Policy

We may change the Privacy Policy from time to time, we will not diminish your rights under this Privacy
Policy. We kindly ask you to review our Privacy Policy from time to time, however if the changes we
make are significant, we will provide you with prominent notice.

9. How to contact us

Please contact us and/or our Data Protection Officer by post or email if you have any questions about
this Privacy Policy or the information we hold about you.

Our contact details are shown below:

Spyrou Kyprianou, 19, SILVER HOUSE BUSINESS CENTER, 4th floor
3070, Limassol, Cyprus

privacy@wolf-wolf.net

10. Do You Need Extra Help?

If you would like this notice in another format (for example: audio, large print, braille) please contact us
(see “How to contact us” above).