Personal Data Protection FAQ

Introduction

Welcome to The Wallet Crew Data Protection FAQ, designed to address the most common queries regarding our data processing practices and how we ensure compliance with global data protection standards.

The Wallet Crew is uniquely positioned to help global retail companies navigate the complexities of data protection in-store across the globe. Our platform is engineered to simplify data collection and enhance customer autonomy, enabling consumers to interact with their favorite brands through tailored forms. These forms are adaptable based on brand needs, store locations, regions, and localizations, ensuring that data handling is both effective and respectful of customer preferences.

The Wallet Crew collaborates with a dedicated Data Protection Officer (DPO) from Deta Consulting, a Data Privacy Specialist, to oversee and ensure the highest standards of data protection are maintained. Additionally, whenever possible, we involve the brand or retailer’s DPO in the project implementation phases to align our processes closely with the client’s specific data protection needs and policies.

Should you have any questions about how The Wallet Crew processes and protects personal data, or if you require assistance with specific data protection issues, please do not hesitate to reach out to our DPO at the contact details provided below: contact@deta-consulting.com

1. Personal Data Processing

Does The Wallet Crew process personal data in providing its services?

Yes, The Wallet Crew processes personal data as part of its service offerings, covering operations such as collection, recording, organization, structuring, storage, adaptation, retrieval, use, and erasure of personal data.

What are The Wallet Crew obligations as a data processor?

The Wallet Crew is committed to:

• Processing personal data solely for the contracted purposes.
• Following the client’s documented instructions and immediately notifying the client if an instruction is believed to violate any data protection regulations.
• Ensuring the confidentiality of the personal data it processes.
• Deleting or returning all personal data at the end of the contract unless required to retain it by law.
• Assisting the client in ensuring compliance with data protection obligations, including facilitating audits and inspections.
• Implementing appropriate technical and organizational measures to ensure data processing meets GDPR requirements, particularly regarding data security.

2. Processing Description

What are the nature and purpose of The Wallet Crew data processing activities?

Processing activities include collecting, reading, displaying, and transferring data to/from CRM tools, mainly for managing customer accounts and integrating loyalty cards into digital wallets.

How long does The Wallet Crew retain processed data?

The Wallet Crew retains customer identifiers only for the duration necessary to facilitate the intended transactions. No other personal data is stored permanently.

What are the client’s obligations in the data processing agreement?

The client is responsible for ensuring that data subjects are informed about the processing activities and that data collection is compliant with applicable data protection laws. This includes securing consent where required, particularly for promotional communications.

3. Data Subjects & Personal Data

Who is affected by The Wallet Crew data processing activities?

The processing activities primarily affect the customers and prospects of The Wallet Crew clients.

What types of personal data does The Wallet Crew process?

The types of personal data processed can include names, email addresses, opt-in/out preferences, language preferences, and loyalty information, subject to client requirements.

Does The Wallet Crew process any sensitive personal data?

The Wallet Crew does not process sensitive personal data by default. Any sensitive data processing would be performed in strict compliance with legal requirements and client consent.

Does The Wallet Crew use cookies or other tracking technologies?

The Wallet Crew does not use cookies or trackers. Clients can customize forms to include third-party data tracking if necessary, using tools like Google Tag Manager.

4. Personal Data Protection

Are The Wallet Crew staff subject to confidentiality obligations?

Yes, all The Wallet Crew staff and external contractors are bound by confidentiality obligations and follow stringent data protection protocols.

What measures are in place to secure the personal data?

The Wallet Crew has implemented technical and organizational measures that ensure the security of personal data, protecting against unauthorized or unlawful processing, accidental loss, destruction, or damage. This includes ensuring data confidentiality, integrity, availability, and resilience of processing systems and services.

What happens to the data at the end of the contract?

The Wallet Crew will delete or return all personal data at the end of the agreement, except where required to retain the data by European Union or Member State law.

5. Sub-processors

Can The Wallet Crew subcontract parts of its data processing responsibilities?

Yes, with general authorization from the client, The Wallet Crew can subcontract parts of the data processing. The Wallet Crew ensures that its subprocessors are bound by contractual terms that are at least as protective as those stipulated in The Wallet Crew own agreement with its clients.

Who are the main subcontractors?

The Wallet Crew uses Microsoft Azure for hosting and Cloudflare for security, ensuring that all data processing remains within EU boundaries.

How does The Wallet Crew ensure compliance from its sub-processors?

Sub-processors are selected based on their technical capabilities and commitment to data protection, verified through certifications like SOC 2 and ISO 27001.

How does The Wallet Crew ensure the lawfulness of subcontracting?

The Wallet Crew signs contracts with its subprocessors that impose obligations comparable to those The Wallet Crew undertakes with its clients, ensuring appropriate security measures and compliance with GDPR.

6. Data Subject Rights

How does The Wallet Crew handle requests concerning data subject rights?

The Wallet Crew facilitates access and modification of data through its platform, ensuring data subjects can manage their information effectively.

How does The Wallet Crew manage unsubscribes and opt-outs?

The Wallet Crew includes options for unsubscribing in all communications, which can be managed directly by the data subjects through their device settings.

7. Incident and Complaint Management

What is The Wallet Crew approach to data breaches?

The Wallet Crew is committed to promptly notifying clients of any data breaches, detailing the nature, potential impact, and measures taken to address the breach.

Has The Wallet Crew experienced any data breaches or received complaints in the last five years?

There have been no reported data breaches or formal complaints regarding data processing by The Wallet Crew in the last five years.

8. Compliance and Regulations

How does The Wallet Crew ensure compliance with local and international data protection regulations?

The Wallet Crew CRM tool is designed to be flexible, allowing for alignment with local data protection regulations, including mechanisms for managing consent and ensuring accurate data handling.

9. The Wallet Crew Data Protection Features

How does The Wallet Crew incorporate the privacy by design concept in its platform?

The Wallet Crew integrates privacy by design principles to ensure compliance with global data protection regulations such as GDPR, CCPA, and LGPD. This approach minimizes personal data processing while maintaining effective customer interactions. For example, The Wallet Crew uses technologies that do not require directly identifying information to send push notifications or manage loyalty cards.

What is Zero-party data and how does The Wallet Crew facilitate its collection?

Zero-party data, or Earned data, is information that customers voluntarily and proactively share with brands in a trusted environment. The Wallet Crew promotes the collection of this type of data, enabling brands to gather authentic insights directly from customers without relying on third-party data.

How does The Wallet Crew help minimize personal data processing?

The Wallet Crew allows brands to collect only the data they truly need from customers via customizable forms. This minimizes unnecessary data collection and builds trust, aligning with data minimization principles required by various regulations. The Wallet Crew does not impose specific data collection requirements, ensuring flexibility and compliance.

How does The Wallet Crew manage data storage and duplication?

The Wallet Crew does not store customer data collected through its platform. Instead, data is immediately transferred to the client’s system or CRM tools like Cegid Retail or Salesforce. For clients subject to local data storage laws, such as in Russia or China, The Wallet Crew can adapt to store data directly on local servers.

How does The Wallet Crew support transparent information collection and consent management?

The Wallet Crew enables clients to implement consent mechanisms, such as opt-in checkboxes, within their The Wallet Crew layout, accompanied by clear informational notices. This helps comply with laws like CCPA by including options such as “Do not sell my personal information” checkboxes. Consent logs can be integrated into the client’s CRM tool, providing evidence of GDPR-compliant consent collection.

What tools does The Wallet Crew provide to support clients’ cookie policies?

While The Wallet Crew encourages minimizing the use of third-party data, it supports the implementation of Consent Management Platforms (CMPs) within its layout for clients who choose to maintain a cookie policy.

How does The Wallet Crew assist customers in managing their rights over their personal data?

The Wallet Crew platform facilitates customers’ ability to exercise their rights, such as data modification, deletion, or objection. This feature encourages proactive management of personal data directly by customers through the platform.

Can The Wallet Crew help in auditing and compliance demonstration?

Yes, The Wallet Crew commits to assisting clients in demonstrating compliance with their data protection obligations. This includes supporting audits and inspections by allowing an independent auditor, appointed by the client, to conduct annual audits. The Wallet Crew helps ensure that these audits are informed and efficient, contributing to overall transparency and compliance efforts.

These FAQs are designed to help The Wallet Crew clients understand how the platform supports compliance with data protection regulations and enables effective and secure customer data management. For further information or specific queries, clients are encouraged to contact The Wallet Crew privacy team at privacy@neostore.cloud