Privacy Policy | Wishpicks

Updated: December 1, 2025

This Privacy Policy explains how Wishpicks (a brand of Wishes DNA, Lda) collects, uses, and protects your personal data.

It applies to all Wishpicks websites, mobile versions, and other services, including wishlist functionality, price tracking, product collections, invitations, and partner offers.

If you have any questions about this Policy or wish to exercise your rights under data protection law (including Articles 15–22 of the GDPR — the right of access, erasure, restriction of processing, or withdrawal of consent), please contact us at: 📩 privacy@wishesdna.com

You may also write to us to opt out of marketing communications, cancel a subscription, or request information about the data we store about you.

How to Use This Policy

This document is structured into thematic sections that explain how we process your data, for what purposes, and on what legal basis. All sections are interconnected, but each can be read independently.

Which Services This Policy Covers

The Wishpicks Privacy Policy applies to all services we provide to users within and outside the European Union, including:

the website wishpicks.com;
the progressive web application (PWA);
emails and push notifications;
integrations with affiliate partners;
official Wishpicks pages on social media.

In this document, these services are collectively referred to as the “Wishpicks Platform”, “Wishpicks” or simply the “Service”.

Data Controller

The controller of your personal data is Wishes DNA, Lda, registered in Portugal:

Wishes DNA, Lda
Rua Arca de Noé 566, R/C Esq., Vila Nova de Gaia, 4400-367, Portugal
📩 privacy@wishesdna.com

Wishpicks is a brand owned by Wishes DNA, Lda.

We do not transfer control over personal data to third parties.
When service providers are involved (e.g., hosting, analytics, email delivery), they act on our behalf under Data Processing Agreements.

What This Policy Includes

Which data we collect and store.
How and for what purposes we use it.
The legal basis for processing.
Your rights as a user.
Technologies that enable security and personalization.
How advertising and affiliate links operate on the Wishpicks platform.

1. What Data Wishpicks Processes

The Wishpicks platform processes personal data of users who interact with our online services: the website, progressive web application (PWA), email newsletters, push notifications, feedback forms, and integrations with partner networks.
The type and amount of data depend on how the user interacts with the service and which features are being used.

1.1. Personal and Non-Personal Data

“Personal data” refers to any information that directly or indirectly allows the identification of an individual. Examples include: name, email address, IP address, profile image, or any other account identifier.

Information that does not allow identification of a user (even when combined with other data) is considered anonymized (non-personal).

If personal data is combined with anonymized data, the entire dataset is considered personal. If identifying elements are removed or replaced, the remaining information loses its status as personal data. This process is called anonymization and is carried out in accordance with Article 5(1)(c) of the GDPR (data minimization).

Users have the right to decide which data they provide to Wishpicks. However, if certain information is technically required for the provision of the service, failure to provide it may limit functionality (for example, without an email address, it is not possible to send price drop notifications). If specific fields are mandatory, this is indicated during form completion.

Wishpicks does not process or store user passwords (authentication is performed via Google, Apple, Facebook, or a “magic link”), home addresses (except for the country for content localization and a shortened IP address in security logs), payment details, purchase information from third-party stores, or job applicant data.

1.2. Profile Data

Profile data consists of personal and demographic information that the user voluntarily provides during registration or when using the Service.

This includes:

email address (for account creation, login, communication, and notifications);
name, profile image, and nickname;
country, interface language, and currency (for content localization);
account settings (subscriptions, notifications, access permissions).

All of this information is provided voluntarily and can be changed or deleted by the user at any time in the account settings.

Wishpicks does not store passwords, as authentication is performed via third-party identity providers (Google, Apple, Facebook) or through a link sent to the user’s email. The transmitted data is processed solely to enable account functionality and personalize the user experience.

Public Profile Information

A user may voluntarily make parts of their profile public so that other users can view their wishlists, collections, or links to external pages. When editing their profile, the user may add their own links, including links to social networks, blogs, or other web resources.

This information is entirely voluntary and is published by the user at their own discretion. Wishpicks does not verify the content of external links and is not responsible for the privacy policies or terms of use of third-party websites that these links lead to.

The user may modify or delete any published links at any time through their profile settings.

1.3. Contact Data

When a user reaches out to Wishpicks (via email, feedback form, or social networks), we process:

name or nickname (if provided);
email address or social media profile;
message content;
technical metadata (date, time, communication channel, IP address).

This data is used to respond to the inquiry, maintain communication logs, and improve service quality. We do not use contact data for marketing purposes without the user’s separate consent.

1.4. Platform Interaction Data

Wishpicks processes information that arises during the use of the platform’s core features, including:

creating wishlists and collections, adding wishes (title, link, notes, images);
inviting other users (email address of invited persons);
marking statuses (“reserved”, “completed”);
subscribing to price-drop notifications.

As part of partner integrations, Wishpicks may receive information from affiliate networks or stores regarding an actual purchase of an item that a user visited through Wishpicks. Such technical notifications (postbacks) contain only the transaction ID, date, and product identifier, without any personal or payment data of the buyer.

The received data is used exclusively for:

updating the item’s status in the wishlist (e.g., “purchased”);
analyzing the effectiveness of partner referrals;
accounting for affiliate program commissions.

Wishpicks does not have access to users’ financial information (payment details, amounts, shipping addresses, etc.) and does not process payment data within such transactions.

1.5. Interest Data

When using the Wishpicks platform, we process data that helps us better understand user interests and make content more relevant. This includes information about items added to wishlists or collections, the frequency and types of pages viewed, interactions with shared lists and curated selections, as well as aggregated activity metrics. Based on such data, Wishpicks may determine which product categories, brands, or topics are most relevant to the user and display corresponding suggestions in personalized sections of the service.

In addition to the information directly provided, Wishpicks may infer user interests based on behavioral signals. For example, if a user regularly views or adds certain types of products, the system may treat these categories as priorities. Such inferences are used solely to improve recommendations and do not affect access to features or the use of the service.

To analyze trends and improve personalization algorithms, Wishpicks may receive aggregated, anonymized statistical data from analytics or advertising partners. This data does not allow identification of any specific user and is used exclusively for audience research and service improvement.

Wishpicks may carry out profiling within the meaning of Art. 4(4) GDPR, i.e., automated processing of personal data to analyze or predict the user’s interests, preferences, or behavior for content personalization (e.g., product or collection recommendations).

Wishpicks does not engage in automated decision-making within the meaning of Art. 22 GDPR — meaning decisions that produce legal effects or similarly significantly affect the user. Personalization is used solely to enhance service convenience and the overall user experience.

The user has the right to object to profiling in accordance with Art. 21 GDPR.

1.6. Messages and Communication Content

We process the content of all messages received via email, support forms, or social networks, including any attached files.

If technical contractors are involved in resolving a request, data is shared strictly within the scope of Data Processing Agreements (DPA).

Wishpicks does not share message content with external retailers or brands and does not use it for marketing purposes.

1.7. Social Media Data

If a user interacts with Wishpicks’ official social media pages or uses social logins, we may receive the following data from the platform operator:

public profile information (name, avatar, account ID);
messages or comments addressed to Wishpicks.

The processing of such data is governed by the privacy policy of the respective social network. Wishpicks does not have access to any other user data except what is voluntarily provided as part of the interaction.

1.8. Location Data

Wishpicks processes the user’s truncated IP address to determine approximate geographic location (city or region level). This is used to localize content, display prices in the appropriate currency, and detect potential misuse.

Wishpicks does not request precise device coordinates (GPS or Location Services) and does not create movement profiles of users.

1.9. Photos and Other Personal Content

Users may voluntarily upload images or other content (e.g., a product photo in a wishlist or a collection cover). Wishpicks stores such files along with associated technical metadata (upload time, format).

The visibility of the content is determined by the user’s access settings. Wishpicks does not use personal images for marketing purposes without prior written consent.

1.10. Device and Access Data

Each time the website or mobile interface is used, technical data is automatically processed:

device type and model, operating system, interface language;
browser data (version, user-agent, access time, referrer, IP address);
cookie identifiers, session tokens, consent preferences;
error logs and technical diagnostics.

This data is used to ensure the operation of the service, maintain information security, detect malfunctions, analyze performance, and improve system stability.

2. How Wishpicks Uses My Data

Wishpicks processes personal data in accordance with the requirements of European data protection law. We follow the principles of lawfulness, transparency, data minimization, and purpose limitation. We use your data exclusively for the purposes defined in this Policy or directly communicated at the moment of collection.

Wishpicks does not process personal data for other, incompatible purposes, and does not expand the scope of processing without prior user notification or obtaining consent where required by law.

The main purposes of data processing are:

ensuring the operation and security of the service;
creating, maintaining, and personalizing the user account;
enabling the user to access core features (creating lists, reservations, collaboration, search, etc.);
analytics to improve the performance of the service;
personalization of content, recommendations, and interface;
providing service notifications and transactional emails;
compliance with legal obligations.

Wishpicks may also conduct aggregated and anonymized data analysis to improve the product, enhance features, and optimize platform performance. Such data does not allow identifying a user.

This section also specifies the legal bases for processing (Art. 6 GDPR) as well as user rights, including the ability to object to certain types of processing.

2.1. Provision of the Service and Core Platform Functions

Wishpicks processes personal data primarily to provide users with access to the core features of the platform and to ensure the stable operation of the service. This includes creating and storing wishlists and collections, managing wishes, processing gift statuses, inviting other users for shared access, synchronizing data across devices, displaying change history, and supporting personal account settings. This category also includes processing the user’s email address, which is used for authentication, communication, and delivery of service messages such as price-drop alerts, product updates, and changes to shared lists.

As part of partner integrations, Wishpicks may receive technical notifications (postbacks) from affiliate networks or stores regarding a completed purchase, if such an action was initiated by a click originating from Wishpicks. These notifications contain only the product identifier, a technical transaction number, a technical timestamp not linked to the buyer’s profile, and other information that does not allow identifying the buyer. Such data is used solely for accurate accounting of affiliate commissions and referral statistics. Wishpicks does not receive any financial or personal data related to the purchase and cannot track further actions taken by the buyer in the store.

Additionally, Wishpicks processes necessary technical data such as device information, browser data, IP address, cookie identifiers, and server event logs. This information is required to ensure correct interface loading, optimize performance, synchronize user data, maintain session continuity, and troubleshoot technical issues. Such data is processed in the minimal volume necessary for the operation of the service and is not used to identify the user beyond this purpose.

The processing of these categories of data is necessary to fulfill the terms of service and provide the user with the functionality of Wishpicks. The legal basis is the performance of a contract under Article 6(1)(b) GDPR and Wishpicks’ legitimate interest in ensuring stable and secure platform operation under Article 6(1)(f) GDPR. Wishpicks applies Article 6(1)(f) GDPR only to technically necessary, security-related, and diagnostic processing that is not part of contract performance.

2.2. Personalization of Content and Recommendations

Wishpicks processes user interaction data to deliver personalized content and improve the relevance of displayed products, curated selections, and partner marketing materials. During the use of the service, we analyze information about added wishes, viewed pages, created collections, interactions with shared lists, and other behavioral signals that help determine which product categories or topics may be most relevant to the user. Based on this data, Wishpicks generates personalized recommendations, displays the most relevant products in recommendation feeds, proposes suitable partner offers, and optimizes content ordering.

In addition to analyzing direct user behavior, Wishpicks may infer interests based on aggregated trends among similar profiles or user groups, provided such data is processed in an anonymized form. This may include, for example, popular items among users with similar wishlist themes or similar interaction patterns. These inferences are used solely to improve the quality of recommendations and enhance the user experience.

To improve personalization mechanisms, Wishpicks may employ machine learning algorithms or other automated data analysis technologies. These systems operate within strict technical and legal constraints and do not make decisions that affect the user's rights or legal status. Personalized content does not produce any legal effects and is used exclusively to enhance the user experience.

Wishpicks may also use anonymized statistical information obtained from analytics or advertising partners, such as data on product popularity, general trends, or demographic characteristics of the audience, provided such information does not allow the identification of specific users. All recommendation mechanisms operate in accordance with GDPR, and users can influence personalization through account settings or limit specific types of processing.

The legal basis for this processing is Wishpicks’ legitimate interest in improving service quality and providing relevant content under Article 6(1)(f) GDPR, as well as user consent where explicitly required (e.g., for receiving marketing communications).

2.3. Research, Machine Learning, and Artificial Intelligence

Wishpicks may process user data in anonymized or pseudonymized form for research purposes, the development of new algorithms, and the improvement of technologies underlying service personalization. These processes include analyzing platform interactions, enhancing recommendation mechanisms, optimizing product relevance assessment, and operating machine learning models that help better predict user interests and improve the quality of suggested content.

When conducting research or developing technologies, Wishpicks may use methods such as machine learning, data vectorization, product clustering, text processing, content relevance analysis, and other modern approaches to data analysis. These technologies are used to improve search algorithms, generate AI-powered selections, rank products, increase the accuracy of price alerts, and create a more consistent and personalized user experience.

All such processes are carried out in a way that does not affect users’ rights or freedoms. Wishpicks does not use automated decision-making systems that could have legal or similarly significant effects on individuals within the meaning of Article 22 GDPR. Wishpicks’ algorithmic systems are designed solely to enhance service functionality and are not used for credit scoring, financial evaluation, or any other type of processing that may create external consequences for the user.

To develop new models, Wishpicks may use internal statistical data such as product popularity metrics, general trends in category preferences, or interaction patterns, as well as other aggregated information that does not allow the identification of a specific individual. If certain research purposes require the processing of personal data, Wishpicks performs such processing only to the minimal extent necessary and implements technical and organizational safeguards such as pseudonymization or restricted access.

Wishpicks does not use personal data to train models in any way that enables user identification and does not create individual profiles outside the scope of the service.

The legal basis for this processing is Wishpicks’ legitimate interest in research, innovation, and technological development of the service under Article 6(1)(f) GDPR. If specific features or experimental capabilities require user consent, Wishpicks will request it separately and ensure that consent can be withdrawn at any time.

2.4. Security, Abuse Prevention, and Technical Diagnostics

Wishpicks processes certain technical data and log files to ensure the security of the service, prevent misuse, and maintain the stable operation of the platform. This includes processing access data such as IP address, technical device identifiers, server request logs, error data, as well as information about atypical or potentially harmful activities. Such data is necessary to detect and block attacks, including automated account creation, token brute-forcing, mass reservation attempts, unauthorized access to private wishlists, or manipulation of API requests.

Wishpicks may use automated protection systems such as anomaly detection, rate limiting, suspicious behavior alerts, and third-party cybersecurity services. All such mechanisms operate solely to identify technical risks and are not intended to create user profiles or make decisions that could affect users’ rights or freedoms. If potentially harmful activity is detected, Wishpicks may temporarily restrict access to certain features to protect the platform and other users from threats.

For technical diagnostics, Wishpicks processes event logs, browser and operating system configuration data, interface error reports, and other performance metrics required to analyze issues, fix malfunctions, and improve system stability. Where possible, this data is used in anonymized or pseudonymized form and is not applied to identify the user unless necessary.

Wishpicks also processes technical data to protect users’ personal information, including detecting unauthorized access attempts, preventing session hijacking, or stopping account recovery attempts using stolen email addresses. When required, Wishpicks may correlate technical logs with account information to verify whether security incidents or terms-of-service violations have occurred.

The legal basis for such processing is Wishpicks’ legitimate interest in ensuring the security of network and information systems, protecting users from fraud, and maintaining stable service operation in accordance with Article 6(1)(f) GDPR.

2.5. Analytics, Market Research, and Partner Promotions

Wishpicks processes certain user interaction data for analytics, statistical evaluation, and market research aimed at improving the service, enhancing content relevance, and optimizing partner programs. Such processing includes analyzing product, category, and brand popularity, studying general user behavior patterns, measuring the effectiveness of specific features, and understanding how the service is used across different regions or devices. Data used for these purposes is processed in anonymized or pseudonymized form wherever possible and is not used to identify individual users.

Wishpicks may use analytics tools to evaluate the effectiveness of partner referrals, interactions with promo codes, product views, wishlist additions, and general trends in feature usage across the platform. In collaboration with affiliate networks, Wishpicks may receive aggregated statistical data on conversions or confirmed transactions needed for accurate calculation of partner commissions. This information does not contain personal data about the purchaser and does not allow identification of the individual who completed a transaction in an external store.

Analytical processing may also be used to assess the performance of advertising placements, partner promotions, contextual recommendations, and Wishpicks’ marketing activities. This helps determine which communication formats work best for different audiences, adapt promotional content, and provide more relevant offers. Wishpicks does not share users’ personal data with third-party advertisers and does not provide direct identifiers that could be used for their own advertising purposes.

Analytical processes are not used to make decisions that could produce legal or otherwise significant effects for the user. All statistical and analytical models serve solely to improve the functionality of the service, enhance recommendation quality, increase the value of partner materials, and generate general business insights for the development of Wishpicks.

The legal basis for this processing is Wishpicks’ legitimate interest in conducting market analysis, evaluating service performance, and developing partner integrations in accordance with Article 6(1)(f) GDPR. If specific analytical or marketing functions require consent, Wishpicks obtains it separately and provides an option to withdraw consent at any time.

2.6. Product and Technology Development

Wishpicks processes anonymized, pseudonymized, or technical data to improve platform features, develop new capabilities, and maintain a high level of service quality. Such processes include enhancing navigation, optimizing the logic of creating wishlists and collections, expanding collaboration tools, improving price-tracking mechanisms, and verifying the correct operation of new or experimental features. Wishpicks may perform technical monitoring, assess component performance, analyze interaction patterns, and identify areas for improvement needed to enhance service stability and usability.

To introduce new products and technologies, Wishpicks may test alternative interface designs, algorithms, and data structures, including through A/B testing, simulations, or modeling user behavior based on aggregated information. All such processes aim to make the platform more intuitive, faster, and more reliable, and do not involve decisions that produce legal or similarly significant effects on the user.

Wishpicks may also use data for technical analysis related to updating the service architecture, transitioning to new processing or storage tools, improving API performance, and optimizing synchronization mechanisms. Processing this information helps identify errors, prevent data loss, increase system resilience, and ensure the overall quality of the product.

As part of technology development, Wishpicks may employ research or experimental models, including recommendation algorithms, content analysis, collection generation, or relevance-enhancement mechanisms. These models operate within strict technical and legal constraints, are not used for automated decision-making with external effects, and are not applied to assess user behavioral characteristics outside the product.

The legal basis for processing data for product and technology development is Wishpicks’ legitimate interest in improving the service, increasing stability, and fostering innovation in accordance with Article 6(1)(f) GDPR.

2.7. Service Optimization and Internal Reporting

Wishpicks processes aggregated, technical, and statistical data for internal reporting, evaluating product performance, and optimizing business processes. This data is used to determine system load levels, analyze the stability of key components, assess the frequency of feature usage, measure interface performance, and ensure an appropriate level of platform availability for all users. Internal analytics also assist in infrastructure planning, conducting technical audits, and making informed decisions regarding service modernization.

Wishpicks may use data to generate aggregated reports related to the effectiveness of partner integrations, outbound traffic to stores, interactions with promo codes, user activity in wishlists and collections, and general trends in service usage. Such reports do not contain personal data and do not allow the identification of any individual. The information is used solely for internal business purposes, including financial and operational reporting within partner programs, compliance with affiliate network requirements, and evaluating the performance of Wishpicks’ marketing activities.

The processing of statistical information may also be necessary for risk assessment, internal control, verification of price-tracking mechanisms, identifying systemic issues, and monitoring the overall state of the service. These processes are carried out in anonymized or pseudonymized form and are not intended to evaluate the behavior of specific users.

The legal basis for this processing is Wishpicks’ legitimate interest in performing internal controls, ensuring operational transparency, optimizing service performance, and fulfilling obligations within partner integrations in accordance with Article 6(1)(f) GDPR.

2.8. User Interaction and Content Moderation

Wishpicks provides features that enable user-to-user interaction, including the creation of public wishlists, sharing collections, using collaborative lists, reserving gifts, and sending invitations to others to view or edit content. In this context, Wishpicks processes the data necessary to ensure the proper functioning of these features, including displaying the profile name, avatar, information voluntarily made public by the user, and technical data required for sending invitations or managing access.

If a user chooses to make their profile or a specific wishlist public, the associated content may become accessible to other users or the general public on the internet. Wishpicks does not publish any information without the user's initiative and provides the ability to change access settings or make content private at any time. All information added by the user to their profile or public page, including links to social networks or other personal resources, is published solely at their discretion and under their responsibility.

Wishpicks may moderate content in accordance with applicable law, the Terms of Use, and security policies, including cases where content infringes intellectual property rights, contains inappropriate material, is misleading, or creates risks for other users. For this purpose, Wishpicks may process reports of violations, technical data about the content, the time and circumstances of publication, and any information necessary to analyze and respond to such reports. Upon receiving a complaint, Wishpicks may temporarily restrict access to the relevant material, notify the user, or provide aggregated information to relevant parties if required for the review process.

When users interact through shared lists, Wishpicks may process information about who joined the list, which changes were made, and which statuses were applied to wishes. This data is used exclusively to support collaborative functionality and is not shared with third parties without a legal basis or the user’s own initiative.

The legal basis for this processing is the performance of the service contract under Article 6(1)(b) GDPR, as well as Wishpicks’ legitimate interest in ensuring security, moderation, and proper functioning of the platform’s social features under Article 6(1)(f) GDPR.

2.9. Processing Based on User Consent

In certain cases, Wishpicks processes personal data solely on the basis of consent previously provided by the user. This applies to situations where, under applicable law, data processing cannot rely on contract performance or legitimate interest — for example, when sending marketing communications, using non-essential analytics technologies, applying marketing cookies, displaying personalized partner offers, or enabling specific experimental or AI-powered features that are not necessary for the core operation of the service.

Consent is requested in a clear and unambiguous manner, separately from other terms, and the user has the freedom to decide whether to provide it. Wishpicks retains information about the fact of consent to ensure compliance with legal requirements regarding proof of lawful processing. Data processing in these cases is carried out only to the extent necessary for the relevant purpose and does not involve using the information for additional purposes without the user’s further consent.

The user may withdraw their consent at any time, with the same ease as it was given. Withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal and does not restrict the user's ability to continue using the core functionality of Wishpicks. If some non-essential features become unavailable after consent withdrawal, the user will be informed accordingly.

In cases where processing is based on consent, Wishpicks will not undertake any actions that could affect the user's rights or freedoms without obtaining new, clear, and informed consent. Processing under Article 6(1)(a) GDPR is applied only when explicitly required by law or when certain service functionalities cannot be delivered without the user’s voluntary participation.

2.10. Other Compatible Purposes

Within the limits permitted by data protection law, Wishpicks may process personal data for new or additional purposes without requiring separate user consent, provided such purposes are compatible with those for which the data was originally collected. Compatible processing may occur, for example, in connection with technical development of the service, introduction of new features, changes in legislation, expansion of platform capabilities, or the implementation of new business models related to personalization, analytics, or recommendation services offered by Wishpicks.

To determine compatibility, Wishpicks considers the nature and source of the data, the original purposes of processing, the context of the user’s interaction with the service, and the user’s reasonable expectations regarding how their data may be used. If a new purpose is reasonably foreseeable to the user, proportionate to the original purpose, and does not alter the balance of rights and freedoms, Wishpicks may process data within such an extended scope.

If future processing requires a new or incompatible purpose that is not covered by the original context, Wishpicks will notify users in advance or request separate consent if required by law. All such processes are carried out in accordance with the GDPR principles of transparency, purpose limitation, and data minimization.

Wishpicks does not extend processing to new incompatible purposes without prior user notification or obtaining consent where required by law.

The legal basis for such processing is Wishpicks’ legitimate interest under Article 6(1)(f) GDPR or the fulfilment of a legal obligation under Article 6(1)(c) GDPR, depending on the specific situation.

3. Personalized Services

Personalized services help Wishpicks provide a more convenient, relevant, and effective user experience. By using information about your interaction with the platform, we can tailor the display of products, collections, and recommendations to your needs and interests. All users have access to the full range of content, but personalization helps you discover the materials most aligned with your preferences more quickly.

3.1. What Are Personalized Services?

Wishpicks personalized services are features that use information about your preferences, activity, and interactions with the platform to create an individualized experience. We may show you curated selections, products, or ideas that are highly likely to be of interest to you, as well as adapt the interface and content to your usage style. Personalization allows you to see the most relevant content earlier and makes the service simpler and more efficient to use.

3.2. Why Is an Account Required?

Most personalization features rely on information stored in your account. Having an account enables Wishpicks to synchronize your wishlists, collections, privacy settings, price-tracking data, gift reservations, and other elements across different devices. It is also necessary for retaining personalized recommendations and ensuring stable service operation. Without an account, Wishpicks can only provide basic and limited functionality.

3.3. What Data Is Stored in My Account?

Your Wishpicks account stores the information you provide during registration or while interacting with the platform, including your name, email address, privacy settings, the content of your wishlists and collections, wish statuses, activity history, and any data you choose to make public in your profile. Each account is assigned a unique user identifier, which serves as a pseudonym for linking information to the account.

Wishpicks does not store payment information, shipping addresses, financial details, credit data, or any other sensitive commercial information, as the platform does not function as an online store.

3.4. What Data Is Used for Personalization?

To deliver personalization, Wishpicks uses information from your account as well as data about your activity within the service: creating wishlists and collections, viewing products and categories, interacting with shared lists, the themes of your wishes, added items, reactions to recommended content, and other behavioral signals. These data points may be combined to build a more complete picture of your interests and preferences.

If certain technical data is not stored in the account (e.g., situational device data), it is used in a pseudonymized form during the personalization process and is not linked to your direct identifiers.

Wishpicks does not use the following data for personalization:

financial or payment information (it does not exist within the service),
credit information,
system service notifications,
support requests,
data related to external research or applications.

All personalization algorithms do not create legal effects and do not involve automated decision-making within the meaning of Article 22 GDPR.

3.5. What Options and Settings Do I Have?

Within your account, you can review and manage most of the data used for personalization, as well as adjust privacy and preference settings. You can edit or delete your wishlists and collections, update your profile information, modify the level of personalization, or limit specific personalization mechanisms. In addition, you may disable marketing email notifications or withdraw your consent for non-essential data processing at any time.

A complete opt-out from personalization is possible by deleting certain data or adjusting the relevant settings. In such cases, some features may function less effectively or become limited.

4. Information About the Wishpicks Website and Applications

Wishpicks uses your data to provide access to the website and progressive web application (PWA), maintain their stable operation, personalize content, conduct analytics, improve the service, and ensure security. In addition to device and access data that are technically generated during each visit, the scope of processing depends on which Wishpicks features you use: account, shared lists, price alerts, wishlist sharing, personalized recommendations, and more.

4.1. Service Operator

The operator of the Wishpicks website and PWA is Wishes DNA, Lda.

Detailed legal information, including address, contact details, and registration data, is provided in the “Legal Notice” section of our website.

4.2. What Data Is Collected When Using the Website and PWA

Device and Access Data

Whenever you access Wishpicks servers, so-called device and access data are automatically processed. This information is stored in server log files and may include:

IP address;
date and time of access;
URL of the requested page and referrer;
browser type and version, device type, operating system, interface language;
technical response status and possible error data.

These data are used to provide the service technically, detect and resolve malfunctions, protect against attacks, and for basic statistics. The IP address is stored only for a short period and, whenever possible, is shortened or pseudonymized to minimize the possibility of direct identification.

Marketing or Device Identifiers

If your browser or device provides an anonymous marketing or device identifier, Wishpicks may receive and use it for:

service usage analytics;
content or interface personalization;
improving recommendation relevance.

These identifiers are typically used in cookies or similar technologies and do not contain personal data in plain form.

You may disable or limit such identifiers via your browser settings, device settings, or the cookie preferences panel on the Wishpicks website.

Account Login and Sessions

For users who create an account, Wishpicks provides personalized access. After logging in, you may remain signed in for a certain period so you don’t need to log in again each time you revisit. This is enabled through cookies or similar session-storage technologies.

For security reasons, when performing actions that may affect your account or data (e.g., changing your email, deleting data, managing privacy settings), Wishpicks may require re-authentication.

Social Plugins

Wishpicks currently does not use active social plugins (such as “Like” buttons or embedded widgets that automatically transmit data to third parties upon page load). Only static links to our social media profiles or outbound buttons may appear on the website. Data is transmitted to the respective platform only when you deliberately click such a link.

If integrated third-party widgets or SDKs are implemented in the future, this Privacy Policy will be updated to clearly describe such processing.

Social Logins

Wishpicks may offer the ability to register or log in via a third-party account (e.g., Google or Facebook). In such cases, you will first be redirected to the respective platform where you confirm access to certain data (e.g., name, email address).

Wishpicks does not receive access to your password or other social-network credentials. The information obtained is used to create or identify your Wishpicks account. A permanent link between your Wishpicks account and the third-party account is not maintained unless explicitly required for functionality.

For details on data processing by those platforms, please refer to their respective privacy policies.

Content Personalization

When using Wishpicks, we may analyze your activity in the service (e.g., viewing pages, adding wishes to lists, participating in shared lists) to present content in a more relevant order. This may include:

showing curated selections related to your topics and events;
recommending ideas and products relevant to your wishlists;
prioritizing certain content blocks on pages.

Such processing is further described in the sections on personalized services and advertising.

Cookies and Similar Technologies

Our websites and PWA use cookies and similar technologies for storing identifiers (e.g., localStorage, sessionStorage). Acceptance of strictly necessary cookies is technically required for basic service functionality; other categories may only be used with your consent.

We categorize cookies as follows:

Essential — required for the basic operation of the platform (authentication, session retention, language or country selection, abuse protection). Without them, the website may function incorrectly or with limited features.
Analytics/Performance — help us understand how users interact with the service (which pages are viewed, how quickly content loads, where errors occur). These cookies are used in aggregated or pseudonymized form.
Functional and Personalization — allow saving individual preferences and tailoring the interface (e.g., recently viewed lists or selections).
Marketing — may be used to show more relevant promotional offers from Wishpicks or partners, as well as to measure the effectiveness of such campaigns. This category is applied only with your explicit consent.

Details about specific cookies and management options are provided in the separate Cookie Policy. You may adjust your choices at any time via the privacy/preferences panel on the site.

4.3. Information About Apps and PWA

Wishpicks can be installed as a Progressive Web App (PWA) through your browser. In this case, the application uses the same data-processing mechanisms as the web version, including cookies, local data storage, and technical logs.

Operating systems and browsers may offer additional features, such as:

content sharing (sharing a link to a wishlist or a specific list);
adding a Wishpicks shortcut to the home screen;
managing permissions for notifications.

These features are provided by the browser or operating system itself. Wishpicks does not control how the respective provider (e.g., device manufacturer or browser developer) processes your data in relation to these features. Detailed information can be found in the privacy policies of the respective providers.

If Wishpicks introduces native mobile applications or additional features in the future (such as push notifications through system services), this Policy will be updated to describe the relevant system permissions and processing mechanisms.

4.4. Online Advertising and Retargeting

With your consent to marketing cookies, Wishpicks may use device identifiers and access data to display more relevant ads about Wishpicks features and promotional offers, both within our own service and across other platforms that support compatible advertising networks.

In such cases, advertising partners may gain access to pseudonymized identifiers (such as cookie IDs) and aggregated site-usage data in order to associate ad delivery with specific audiences. Wishpicks does not provide partners with data that directly identifies the user (such as name or email).

You may withdraw your consent to marketing cookies at any time via the privacy settings panel or through your browser/device settings. In this case, ads may still appear, but they will be less relevant.

4.5. Usage Analysis

Wishpicks uses common web technologies to analyze how the service is used, including:

assessing overall user activity;
understanding which pages and features are most popular;
measuring performance (loading speed, errors);
conducting A/B tests and interface experiments.

For these purposes, pseudonymized session identifiers, cookie IDs, and similar technologies may be used. Analysis is performed in an aggregated form, and the resulting insights are used solely to improve the service — not for making any individual decisions with legal effects about users.

You may limit or fully disable usage analysis by turning off analytical cookies in the privacy settings. In this case, core access to the service will remain available, but the accuracy of our internal metrics and the ability to optimize the product may be reduced.

The legal bases for processing the data described in this section are the performance of a contract (Art. 6(1)(b) GDPR), Wishpicks’ legitimate interest in ensuring stability, security, and further development of the service (Art. 6(1)(f) GDPR), as well as your consent — where required by law for the use of cookies and marketing/analytics technologies (Art. 6(1)(a) GDPR).

5. Information About Wishpicks Social Media Pages

Wishpicks operates official profiles on social networks (hereinafter — “fan pages”), including Facebook, Instagram, and Telegram. On these pages, we publish news, recommendations, service updates, and interact with users.

Whenever you engage with fan pages (viewing, commenting, messaging, reacting), the respective social media operators automatically process user data using cookies, SDKs, and other technologies. Wishpicks does not control these processes — they are governed by the policies of the respective platform.

Wishpicks does not have access to your phone number, contact list, or any other data from your Telegram or other social media accounts, except for the information you voluntarily provide to us in messages or comments.

5.1. Responsible Party

The content and administration of Wishpicks’ official social media pages are managed by Wishes DNA, Lda
(contact details are provided in the “Contact Information” section).

Social networks we use:

Facebook and Instagram — Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland
- Facebook Privacy Policy: https://www.facebook.com/privacy/policy
- Instagram Privacy Policy: https://privacycenter.instagram.com/policy
Telegram — Telegram Messenger LLP
- Privacy Policy: https://telegram.org/privacy

The processing of your data by these platforms takes place in accordance with their own privacy policies and terms.
Wishpicks does not control the technical data collection processes of Telegram, Meta, or other social networks.

5.2. What Data Is Collected

Data You Provide Directly to Wishpicks

When interacting with us through social networks, we may receive:

messages you send us (comments, Direct/DM, Telegram chats);
information from your public profile that is visible to other users;
content you publish or send to Wishpicks.

Wishpicks processes this data solely to respond to your requests or to improve the operation of our fan pages.

Data Collected by the Social Network Itself

Platforms (Facebook, Instagram, Telegram) automatically process the following data:

technical device and IP information;
interaction data (views, reactions, comments);
activity logs within their service;
anonymized audience statistics (age, region, activity).

Wishpicks does not have access to personal data used by social networks to generate internal statistics, except for aggregated analytics reports provided by the platforms (e.g., Telegram Channel Analytics or Facebook Page Insights).

Joint Controllership with Meta (Facebook/Instagram)

For the «Page Insights» functionality on Facebook and Instagram, Wishpicks and Meta act as “joint controllers” under the GDPR. Meta is responsible for fulfilling your rights in connection with Page Insights.

Details:
https://www.facebook.com/legal/terms/page_controller_addendum
https://www.facebook.com/legal/terms/information_about_page_insights_data

5.3. What Rights Does the User Have

Your general rights are described in the section “What Data Protection Rights Do I Have?”.

Facebook/Instagram Page Insights

Requests for access, restriction, or deletion of data processed by Meta within Insights should be submitted directly to Meta:

https://www.facebook.com/help/contact/308592359910928

Telegram independently determines:

which technical data is collected;
how it is processed;
the retention periods and purposes.

If you send us a message on Telegram, Wishpicks processes only its content (and your username, if available), in accordance with this Policy.

6. Email Newsletters and Communications

Wishpicks sends different types of emails and notifications. This section explains which messages you may receive, the legal basis for sending them, and how you can manage your preferences.

6.1 Types of emails sent by Wishpicks

Wishpicks may send the following categories of communications:

A. Service and mandatory emails (do not require consent)

These emails are necessary for account operation and for providing core service features:

email verification, magic login links;
price alerts (notifications about price changes on items added to a wishlist);
notifications about actions performed by other users:
- your wish has been reserved;
- a collaborator added a new wish;
- a status has been changed in a shared wishlist;
event reminders if the user has provided a date (e.g., a birthday);
important system and security notifications;
notifications about updates to terms and policies.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract), Art. 6(1)(f) GDPR (legitimate interest).

B. Onboarding emails (do not require separate marketing consent)

Onboarding helps users understand how Wishpicks works and configure their account.
Onboarding emails may include:

instructions on how to create a wishlist;
how to add a first wish;
how price tracking works;
how to share a list;
how wish reservation works;
how to manage wishes in the profile;
how to configure notifications.

These emails do not contain marketing materials and are sent automatically after registration.

Legal basis: Art. 6(1)(b) GDPR (necessary for using the service).

C. Functional recommendations and contextual hints

Wishpicks may send minimal functional prompts that improve service usability, such as:

recommendations to complete an action already initiated by the user;
tips for optimal use of Wishpicks features;
important updates relevant to current use of the service.

These emails are not marketing, provided they do not include promotional materials or offers.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest).

D. Marketing emails (sent only after consent)

If the user provides voluntary consent, Wishpicks may send:

service news digests;
partner promotions and special offers;
product selections and personalised recommendations;
themed gift collections;
content from Wishpicks brands or partners.

Marketing emails are sent only after explicit user consent (opt-in).
Within the EU, Wishpicks uses Double Opt-in, meaning the subscription becomes active only after confirmation via email.

Legal basis: Art. 6(1)(a) GDPR (consent).

6.2 How to manage subscriptions

A user may:

unsubscribe from marketing emails at any time via the “Unsubscribe” link in each email;
adjust settings in their profile (if such an option is available);
send a request to privacy@wishesdna.com.

Unsubscribing from marketing emails does not affect the delivery of service, onboarding, or functional notifications.

6.3 What data is processed when emails are sent

When subscribing to a marketing newsletter, Wishpicks may temporarily store:

the email address you provided;
the IP address used at the moment of subscription;
the date and time of subscription and confirmation (Double Opt-in);
technical records required to document consent.

Technical interaction data:

When opening emails or clicking links, Wishpicks may receive:

information about email opens (via a tracking pixel, if allowed by the email client);
information about link clicks;
the type of device or email client in anonymised form.

This data is used for:

improving email quality;
personalisation (for categories where this is applicable);
statistical engagement analysis.

A user may block tracking by disabling image loading in their email client.

6.4 Push notifications

If you use the mobile application or a PWA with push-notification support, Wishpicks may send:

price alerts;
updates in shared lists;
technical and security notifications;
personalised or marketing push notifications (only with separate consent).

You can manage push-notification preferences in your device or browser settings.

6.5 Legal bases for communications

Wishpicks sends communications on the following legal bases:

Art. 6(1)(b) GDPR – performance of a contract:
service emails, price alerts, onboarding, functional reminders.
Art. 6(1)(f) GDPR – legitimate interest:
technical notifications, guidance on using the service.
Art. 6(1)(a) GDPR – consent:
marketing emails, personalised recommendations, partner content.

7. Individual product recommendations (email and push notifications)

As part of the Wishpicks service, we may send you personalised suggestions and product recommendations that may be relevant to your lists or activity within the service. Such recommendations are generated based on your interactions with Wishpicks (added wishes, viewed categories, participation in shared lists, etc.).

Individual recommendations are sent only with your consent to receive such messages, or as part of functional notifications necessary for operating the service (for example, hints regarding items you have added).

7.1 Managing email recommendations

You may withdraw your consent to receive recommendations at any time:

via the “Unsubscribe” link in the email; or
by contacting privacy@wishesdna.com.

7.2 Push notifications

Push notifications can be disabled in your device or application settings.

7.3 Additional information

For more details on personalisation, see the section “Personalised services.”

8. How Wishpicks uses my data for advertising

Wishpicks may use data about your interactions with the service, as well as information received from advertising partners, to display more relevant ads and to measure their effectiveness.
For this purpose, we and our partners use standard internet technologies such as cookies, pixels, SDKs, and advertising identifiers. These technologies help us better understand user interests and improve the overall service experience.

Wishpicks does not sell personal data, and all processing is carried out strictly in accordance with the GDPR.

8.1 Advertising formats and channels

Wishpicks may display advertisements about our service or partners:

across Google advertising networks (Google Ads, YouTube);
on Meta platforms (Facebook, Instagram);
on third-party websites and apps via online advertising networks;
within Wishpicks interfaces (such as promo blocks or partner offers).

Wishpicks advertising partners do not receive any personal data that could identify a user.
They may receive only anonymised, aggregated information, such as:

number of impressions,
number of clicks,
campaign performance metrics.

8.2 Information that may be used to build audiences

To create user groups (audiences) and improve targeting, we may use:

device technical data;
cookie data and advertising IDs;
information about interactions with Wishpicks (pages viewed, categories visited, clicks);
general demographic data provided by advertising partners in anonymised form;
interests inferred from user actions.

Wishpicks does not share your wishlists, wishes, email, or any other personal information with advertising partners.

8.3 Advertising on the Wishpicks website and personalised content

Wishpicks may use interaction data to:

show more relevant promo codes and offers;
adjust product visibility in collections;
optimise recommendation modules;
display partner offers that may be of interest to you.

This is known as on-site optimisation, which works based on cookies or similar identifiers.
It does not allow Wishpicks to identify you outside the service.

If you disable marketing cookies, the content remains available, but it may be less personalised.

8.4 Advertising on social media

Wishpicks may use standard Meta and Google tools for:

remarketing (showing ads to people who have already visited the site),
creating audiences based on on-site events (e.g., page views).

For this purpose, we may share the following data with partners in hashed/encrypted form:

advertising identifiers;
technical cookie IDs;
hashed email.

This data does not allow advertising platforms to access your wishlists, wishes, or any personal Wishpicks content.

You can disable personalised advertising:

by turning off “Marketing” cookies in the settings;
on Facebook/Instagram — via Meta Ads settings;
on Google — via https://adssettings.google.com.

8.5 Remarketing through advertising networks (retargeting)

Advertising partners may use cookies or similar technologies to show Wishpicks ads on other websites.
This does not give partners access to your personal data — only to pseudonymised behavioural information.

You may opt out of remarketing at any time:

by disabling marketing cookies on Wishpicks;
by opting out via EDAA:
https://www.youronlinechoices.com.

Legal basis:

Art. 6(1)(a) GDPR — consent (marketing cookies, remarketing, personalised advertising)
Art. 6(1)(f) GDPR — legitimate interest (basic analytics and performance measurement without personalisation)

9. Who Wishpicks shares my data with

Wishpicks shares personal data only when permitted under EU law and only when necessary for the operation of the service.

We work with a limited set of trusted service providers who help us deliver Wishpicks functionality, analytics, and user communications. These providers operate strictly under our instructions and may not use the data for their own purposes.

Wishpicks does not sell personal data and does not share it with external sellers, marketplaces, or logistics companies.

9.1 Service-owning company

Wishpicks operates on behalf of Wishes DNA, Lda., a company registered in Portugal.
Administration of the website, mobile web version, business dashboard, and supporting services is carried out exclusively within Wishes DNA, Lda.

9.2 Technical service providers

To operate Wishpicks, we use external technology providers, including:

hosting and data storage (e.g., cloud platforms);
email infrastructure and transactional email services;
analytics tools (e.g., Google Analytics, Google Tag Manager);
tools for error tracking, logging, and performance monitoring;
CDN, caching and load-balancing services.

These companies may access technical or account data only to the extent necessary for the functioning of the service.

When transferring data outside the EU, Wishpicks ensures the use of
Standard Contractual Clauses (SCC) or another mechanism compliant with GDPR.

9.3 Email and push-notification providers

The Wishpicks service logic requires sending transactional and service emails (onboarding, action confirmations, wishlist updates, price alerts, reservations, etc.).

To perform this, we may use external email or push-notification delivery services.
They receive only the minimum necessary information, such as:

the email address,
the user's name (if provided),
details of the event that triggered the notification.

Such providers are not permitted to use your data for their own marketing purposes.

9.4 Analytics, measurement and advertising

Wishpicks may share pseudonymised data with advertising and analytics partners, such as:

cookie identifiers,
advertising identifiers,
aggregated view statistics.

This is necessary for:

measuring advertising effectiveness,
optimizing marketing campaigns,
diagnosing technical issues.

We do not share with partners:

your wishlists,
individual wishes,
your friends list or access to private lists,
your email in plain form.

Legal basis: user consent (Art. 6(1)(a) GDPR) for marketing cookies.

9.5 Social networks

When interacting with our pages on social networks (Instagram, Facebook, Telegram), data is processed according to the policies and mechanisms of the respective platforms.

If you send us private messages or post comments, Wishpicks processes this information solely for responding, user support, and content moderation.

Data sharing for advertising purposes

Wishpicks never shares your email with advertising platforms in plain form.

For advertising tools such as Meta Custom Audiences or Google Customer Match, only a hashed email may be used, generated with a cryptographic function (e.g., SHA-256), and only after you have consented to marketing cookies.

Hashing is performed locally, before any transfer.
The hash does not allow platforms to identify you directly.
Platforms may use it only to match users who already have an account in their systems and have consented to personalised advertising.

Wishpicks does not share any other personal data with social networks for advertising purposes without your explicit and voluntary consent.

9.6 Legal requirements and protection of rights

Wishpicks may disclose personal data to:

government authorities,
regulators,
law enforcement agencies,

only when required by law or a court order, or to protect the legitimate rights of Wishes DNA, Lda.

9.7 Other third parties

Wishpicks may share data with third parties only if:

it is necessary to perform a specific service function,
it is carried out on behalf of Wishpicks,
it complies with the GDPR.

Wishpicks does not share data with external vendors, courier companies, financial institutions or loyalty programs, as we do not sell products and do not operate as a marketplace.

10. What data protection rights do I have?

Wishpicks users have all rights granted under the GDPR and the laws of the European Union.
These rights apply depending on the legal basis of processing and the specific context.

Below is a list of your GDPR rights:

Right of access (Art. 15 GDPR) – you may request confirmation of whether your personal data is being processed and obtain a copy of the data.
Right to rectification (Art. 16 GDPR) – you can request correction of inaccurate or incomplete data.
Right to erasure (“right to be forgotten”, Art. 17 GDPR) – in cases defined by law, you may request deletion of your data.
Right to restriction of processing (Art. 18 GDPR) – you may request that processing of your data be temporarily limited.
Right to data portability (Art. 20 GDPR) – you may obtain your data in a structured format or request its transfer to another controller.
Right to object (Art. 21 GDPR) – you may object to processing based on legitimate interest or for direct marketing purposes.
Right to withdraw consent (Art. 7(3) GDPR) – if processing relies on your consent (e.g., marketing cookies), you may withdraw it at any time.
Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
Right to lodge a complaint (Art. 77 GDPR) – you may contact the data protection authority in your country or the country where the company is registered.

10.1 How to submit a request

You can contact us regarding any matter related to your personal data:

📧 privacy@wishesdna.com

To speed up processing, we recommend writing from the same email address associated with your account.

In some cases, we may request additional identity verification to prevent unauthorised access to your data.

10.2 Managing your data in your account

Most data can be viewed or modified directly in your account:

name and email;
information displayed on your public profile page;
preferences, privacy and notification settings;
deletion of individual wishlists or wishes.

We also plan to introduce buttons for “Download my data” and “Delete account” directly in the profile settings.

10.3 Where to file a complaint

The primary supervisory authority for Wishpicks (Wishes DNA, Lda) is the
Comissão Nacional de Proteção de Dados (CNPD), Portugal.

You may also contact a data protection authority in any EU country, including your country of residence. Any complaint will be automatically forwarded to the competent authority.

10.4 Right to object

You may at any time object to:

processing based on legitimate interest (e.g., basic analytics);
use of your data for marketing purposes, including personalised advertising.

You may submit an objection via email or, where available, through your account settings.

11. When will my data be deleted?

Wishpicks stores your personal data only for as long as necessary:

to provide and maintain the service;
to fulfil contractual obligations towards you;
to comply with legal obligations (where applicable);
to protect the legitimate interests of Wishpicks in the event of potential disputes.

Once the data is no longer needed for these purposes, it is deleted or anonymised.

11.1 Deletion of your account

Upon your request, Wishpicks will fully delete your account and all personal data associated with it.

Deletion includes:

your profile and contact details;
your wishlists and wishes;
settings, saved preferences and related metadata.

After deletion, access to the account and all related data is no longer possible.

11.2 Data retained for a certain period

In some cases, the law requires certain data to be retained temporarily, even after account deletion.

Such cases may include:

tax or accounting requirements (where applicable);
data that may be needed to defend rights in the context of legal disputes;
technical event logs that are retained for a limited period in line with our security policy — typically no longer than 90 days, unless otherwise required by law.

Such data is stored only to the minimal extent necessary and with strictly limited access.

11.3 Anonymised data

Wishpicks may retain anonymised or aggregated data, which:

does not allow identification of any individual user;
is used solely for analytics, statistics and service improvement.

Anonymised data is not subject to GDPR erasure requirements.

11.4 Your rights

You may at any time:

request deletion of all your personal data;
obtain confirmation once the deletion process has been completed.

To do so, simply contact us at: privacy@wishesdna.com.

12. How Wishpicks protects my data

Wishpicks implements modern technical and organisational measures to ensure reliable protection of your personal data from loss, unauthorised access, alteration or destruction.

12.1 Encryption of data transmission

All data transmitted between your device and Wishpicks servers is secured using TLS encryption (Transport Layer Security).

This includes, in particular:

authentication and account login;
transmission of personal data in your profile;
interactions with personal wishlists.

Encryption ensures that third parties cannot intercept or read data during transmission.

12.2 Infrastructure security

Wishpicks operates on a high-security infrastructure that includes:

regular updates of server software;
access segregation for employees (access only when necessary);
access control and logging of critical operations;
data backups to prevent loss;
security monitoring and automatic detection of suspicious activity.

12.3 Organisational security measures

Wishpicks implements internal policies and procedures aimed at protecting data, including:

training employees on privacy and security practices;
granting access to personal data only to authorised personnel and only when necessary;
regular audits and continuous improvement of security measures.

12.4 Protection of your data when using integrations

When using third-party services (analytics, email delivery, hosting, etc.), Wishpicks ensures that such providers are required to maintain a security level equivalent to GDPR requirements.

Data transfers are carried out only under contracts with Standard Contractual Clauses (SCC) or within the EU/EEA.

12.5 Continuous improvement

Wishpicks regularly assesses its processes and adapts security measures:

according to new technical capabilities;
following cybersecurity experts’ recommendations;
based on changes in data protection legislation.

In the event of a security incident that may pose a risk to users’ rights and freedoms, Wishpicks follows Art. 33–34 GDPR and notifies the supervisory authority and affected users within the legally required timeframe.

13. Changes to this Privacy Policy

Wishpicks may periodically update this Privacy Policy due to service improvements, legal changes, or the introduction of new technologies.

All updates will be published on this page with the date of revision indicated. We encourage you to review the Policy from time to time to stay informed about how Wishpicks protects your data.

14. Contact information

If you have questions about data protection, the processing of your information, or if you wish to exercise your GDPR rights, you may contact us at any time:

Privacy-related email: privacy@wishesdna.com
User support email: support@wishesdna.com
Company: Wishes DNA, Lda.
Address: Rua Arca de Noé 566, R/C Esq., Vila Nova de Gaia, 4400-367, Portugal

We will review your request as quickly as possible and provide a response within the time limits established by EU data protection law.

If your request concerns access, correction, or deletion of your data, we recommend writing from the email address associated with your Wishpicks account — this helps verify your identity and accelerates processing.