Privacy Notice of Wenalyze Sync App
This notice explains what data we collect, why we collect it, how we use it and what your rights are.
Introducing the Wenalyze Privacy Notice
Hello! We are the Wenalyze Group ("we," "our," or "us"), and we care deeply about your privacy. This notice explains what data we collect, why we collect it, how we use it, and what your rights are.
What's Inside?
| Section | What You'll Learn |
|---|---|
| Part 1 | Who we are, what data we process, and why. |
| Part 2 | Specific details about when and how we process your data. |
| Part 3 | Your privacy rights and how to exercise them. |
Before diving in, here are a few helpful terms to keep in mind while reading the rest of this notice:
| Term | Definition |
|---|---|
| Applicable Data Protection Laws | Any applicable data protection law, including but not limited to the EU General Data Protection Regulation (GDPR) 2016/679, the UK GDPR, and the UK Data Protection Act 2018. |
| Data Controller | An entity that determines the purposes and means of processing Personal Data. |
| Data Processor | An entity that processes Personal Data on behalf of a Controller. |
| Data Subject | A natural person who is identified or identifiable and is the subject of Personal Data. |
| Personal Data (or simply "Data") | Any information related to (i) an identifiable natural person, and (ii) an identified or identifiable legal entity (when such information is protected similarly to personal or identifying data under the Applicable Data Protection Laws and Regulations). |
| Wenalyze Group | Wenalyze and its subsidiaries. |
| Processing | Has the meaning given under the GDPR and the UK DPA, and "process," "processes," and "processed" shall be interpreted accordingly. It includes, among others, any operation or set of operations performed on Personal Data, such as transmission, storage, use, and deletion. |
| Services | Any product or service provided by Wenalyze to the Client under the Master Service Agreement. |
Part 1: Basics
Who is responsible for your data?
Wenalyze Sync App (operated by Wenalyze S.L.) is responsible for the processing of your personal data. Our registered office is located at: Avenida de Secundino Suazo nº 111, 28055, Madrid (Spain). You can reach us at: wenalyze@wenalyze.com. For any specific questions about how we process your data, you can contact our Data Protection Officer (DPO): albo@exponent.es.
What does "processing" mean, and why do we do it?
The processing means any operation we perform with your data, storing it, using it to provide our services, or deleting it when no longer needed. We only process your data when:
- You use Wenalyze Sync App
- Needed to support you
- We have a legitimate legal reason
What data do we collect and keep?
We collect information necessary to serve you effectively:
- Name and contact details
- Login information
- Expense information provided by the user
- Usage data related to how you interact with the app
How long do we keep your data?
We don't keep your data forever. This is typically how it's handled:
| Reason | Retention period |
|---|---|
| Legal requirements (e.g., tax laws) | As long as required by law |
| Legitimate service-related reasons | Until the purpose is resolved |
| Disputes or investigations | Until the process is completed |
Who can see your data?
We value transparency, so here's a breakdown of who we may share your personal data with, why we do it, and how we keep it safe. Note: We only do this when it is appropriate and compliant with applicable law.
Wenalyze's Enterprises
We may share your data with Wenalyze Group companies, trusted external providers (cloud hosting, support tools), or legal authorities if required. Data is shared only when lawful and secure. There is no other company within the Group now.
Third Parties Acting as Processors
These are organizations that work on our behalf, under our instructions, to help keep things running.
| What they help with | Who they are |
|---|---|
| Technology and hosting | Cloud providers |
| Customer relationship management | Email tools |
| Customer support | Support platforms |
To keep security front and center, we make sure that they:
- Use the data only for the right reasons
- Follow strict confidentiality and security standards
- Do not transfer data without proper safeguards
Legal Authorities (only if required)
Sometimes the law steps in. If necessary, we may need to share your data with:
- Tax authorities
- Police or regulatory agencies
- Financial enforcement bodies
Note: We only share information when it is legally required and include only what's relevant — such as name, address, and card transaction history.
Transfers to third countries (If your data is transferred abroad)
If data is transferred outside the EU/EEA, we rely on adequacy decisions, Standard Contractual Clauses (SCCs), and Transfer Impact Assessments (TIAs). Don't worry, we only do this when it is totally protected. These are the tools we use to ensure the security of your data:
- Countries with adequacy decisions issued by the European Commission
- Standard Contractual Clauses (SCCs) – official contracts adopted by the EU
- Transfer Impact Assessments (TIAs): in-depth checks to ensure your data remains protected
- We ensure that the country or service provider complies with EU-level privacy standards
Data security and integrity
We take security very seriously and have implemented technical and organizational security measures to protect your data. Here is a look at what we do to keep your information safe.
| Security measure | What it means |
|---|---|
| Access controls | Only authorized people can access your data |
| Firewalls & encryption | Keeps data safe during transfer and storage |
| System & facility controls | Physical and digital safeguards |
| Regular audits | Continuous checks for vulnerabilities |
When is it essential to provide data?
Sometimes, we need certain information to:
- Provide access to the app or maintain your account
- Comply with an agreement
- Comply with legal obligations
Without it, we may be unable to offer services or continue an existing contract.
Part 2: Specific details about when and how we process your data
This section breaks down how and when we handle your personal data in different situations, such as visiting our website, using our services, or chatting with us. It covers what we collect, why we need it, and the legal reasons behind it. Let's dive in.
Visiting our website
We collect essential technical data (e.g., IP address, browser type) to ensure the site functions securely. Optional analytics are processed only with your consent.
This is the data that we obtain from you (as a site's visitor without signing in):
- IP address, browser settings, time of visit and referring site
- Anonymous analytics (only with your consent)
- Stored in log files, cookies, and browser storage
When logging in to our user account area
In addition to the above, you must provide your registered email address and password to access our customer portal.
Legal grounds for processing:
- Legal basis: service provision (allowing access to your account)
- Legal obligations (for example, website security)
- Our legitimate interest (making the site available)
Security
We may collect IP addresses and location data to protect our systems and ensure security.
Contact information
We collect data about user contacts to manage relationships with them.
Typical data includes:
- Name, job title, email address, phone number, address, tax information, and compliance checks
Why we process it:
- Legal obligations (for example, tax, fraud prevention)
- Legitimate interests (identity verification, risk assessment)
Recruitment
If you apply for a job at Wenalyze, we process the information you provide in your application to determine whether you may be a good fit.
Data we collect:
- Name, contact information, CV, LinkedIn/GitHub profile, and application content
Why we process it:
- To evaluate your application (contractual step)
- Legal obligations (for example, social security)
- Our legitimate interest (centralized hiring processes)
- With your consent (for example, joining our talent pool — you may withdraw your consent at any time)
Marketing and prospecting
We process personal data to keep you updated or to get in touch if we believe you could benefit from Wenalyze.
Why we use it:
- With your consent (for example, newsletters — you may withdraw consent at any time)
- Our legitimate interest (sharing product information)
Social media
We are active on LinkedIn, YouTube, and other platforms to share the latest news and updates. When you visit our profiles, both Wenalyze and the platforms may process your data. If you contact us through social media, we process the information you provide to respond to your inquiry.
We may be able to see:
- Profile visitor names, page usage statistics, and information in personal messages
Legal basis:
- Performance of a contract (if you contact us regarding a service)
- Our legitimate interest (measuring site visits for marketing purposes and managing inquiries)
Which social platforms do we use? LinkedIn and YouTube.
Contacting us
If you contact us (email, phone, chatbot, or social media), we will respond — and we will only use the data necessary to do so.
Data we typically collect:
- Name, email address, phone number, your message
Legal basis:
- Contractual if related to a service
- Otherwise, based on our legitimate interest in assisting you
Sharing your data
We may share your data for as long as strictly necessary time:
- Within Wenalyze, or if applicable, its subsidiaries; with service providers, advisors, or authorities (when necessary or legally required)
- Some recipients may be located outside the EU (we ensure appropriate protection as described above)
Data retention
We retain your data only for as long as it is necessary:
- Website usage data is deleted once the session ends
- Data from users is stored as long as there is a valid purpose or a legal requirement
- Job applications are kept, on the basis of your consent, for a maximum of 24 months (or less if requested)
Part 3: Your Data, Your Rights
When we use your data, you have rights and we want you to know exactly what they are. Here's a quick summary of what you can ask us for, at any time:
| Right | What You Can Do |
|---|---|
| Right of Access | You can ask if we process your data and request a copy. |
| Right to Rectification | You can ask us to correct or update inaccurate or incomplete data. |
| Right to Erasure | You can request deletion of your data ("right to be forgotten"). |
| Right to Restrict Processing | You can request that we limit how we process your data, only for specific legal reasons. |
| Right to Data Portability | You can request your data in a structured, machine-readable format or transfer it to another provider. |
| Right to Object | You can object to processing based on our legitimate interests. We will stop unless legally required to continue. |
How to exercise your rights
Simply send us an email at wenalyze@wenalyze.com and we'll take it from there. Some rights may be limited under local data laws, but we'll always do our best to help you transparently.
Last updated: November 14, 2025