Privacy Policy for wishti.com

1. Introduction

This Privacy Policy ("Policy") describes how wishti.com ("we," "us," or "our") collects, uses, stores, and protects your personal data when you use our website https://wishti.com. This Policy is prepared in accordance with the requirements of Federal Law No. 152-FZ of July 27, 2006 "On Personal Data" and the EU General Data Protection Regulation (GDPR).

1. The Operator's most important goal and condition for its activities is to respect the rights and freedoms of individuals when processing their personal data, including the protection of privacy rights, personal and family secrets.
2. This Policy applies to all information that the Operator may obtain about visitors to the website https://wishti.com.

2. Data Controller and Contact Information

Data Controllers: Nikita Andreevich Komissarov and Alexey Sergeevich Koshelev
Email: privacy@wishti.com

3. Personal Data We Collect

1. First name and last name;
2. Collection and processing of anonymized data about visitors (including "cookie" files) using services:
   • Yandex Metrica (LLC "Yandex") — for analyzing website usage based on anonymous data.
   • Yandex SmartCaptcha (LLC "Yandex.Cloud", data processing notice) — for protection against bots and automated requests.

4. How We Use Your Personal Data (Purposes and Legal Bases)

We process your personal data based on the following legal grounds under GDPR:

1. Performance of Contract (Art. 6(1)(b)):
   • Providing access to our services and website functionality
   • Operating the Wishlist service
   • User identification and authentication
2. Legitimate Interests (Art. 6(1)(f)):
   • Communication with users and handling requests
   • Website analytics and improvement
   • Security and fraud prevention
3. Consent (Art. 6(1)(a)):
   • Optional communications and newsletters
   • Non-essential cookies and tracking

5. Data Sharing and International Transfers

1. Data Processors: We use the following service providers who act as data processors:
   • Yandex Cloud LLC (Russia) - hosting infrastructure
   • Yandex LLC (Russia) - analytics and security services
   All processors are bound by contractual obligations to protect your data.
2. Data Sharing with Other Users: The Author and Visitors of a Wishlist may see the first and/or last names of Users who have booked a Gift, according to the Wishlist's visibility settings.
3. Legal Requirements: We may disclose your data if required by law or governmental authorities.
4. International Transfers: Your personal data is stored and processed in the Russian Federation. We ensure protection through appropriate technical and organizational security measures.

6. Your Data Protection Rights

Under GDPR, you have the following rights:

1. Right of Access - to know what personal data we hold about you
2. Right to Rectification - to correct inaccurate or incomplete data
3. Right to Erasure ("Right to be Forgotten") - to delete your personal data
4. Right to Restriction of Processing - to limit how we use your data
5. Right to Data Portability - to receive your data in a structured format
6. Right to Object - to object to certain processing activities
7. Right to Withdraw Consent - at any time, without affecting prior processing

To exercise these rights, contact us at privacy@wishti.com.

7. Data Security and Retention

The security of personal data processed by the Operator is ensured by implementing legal, organizational and technical measures necessary to fully comply with data protection requirements.

1. We implement appropriate security measures to prevent unauthorized access to personal data.
2. Personal data is stored on secure servers in the Russian Federation.
3. Data is transmitted in encrypted form via HTTPS protocol.
4. Data processing is carried out using the infrastructure of Yandex Cloud (LLC "Yandex.Cloud").
5. Data Retention: We retain personal data only for as long as necessary:
   • Active user accounts: Until deletion request or 2 years of inactivity
   • Wishlist data: Until deleted by the Author or 3 years of inactivity
   • Analytics data: 26 months

8. Wishlist Confidentiality and User Responsibilities

1. Wishlist Security Features:
   • Complex unique links that prevent guessing
   • Protection from search engine indexing
2. Responsibilities:
   • We provide technical protection of Wishlist links
   • The Author controls link distribution and is responsible for its sharing
   • Data privacy depends on Wishlist settings and Author actions
3. Data Management:
   • Authors can delete or modify Wishlists at any time
   • Users can delete information about their Bookings

9. User Content and Limitations

1. Prohibited Content: Users are prohibited from:
   • Posting any personal data not specified in Section 3
   • Publishing information containing confidential data or special categories of personal data under Article 9 of GDPR
2. Content Moderation:
   • We technically cannot monitor all user content for undeclared personal data categories
   • We do not pre-screen user content but will immediately remove prohibited data upon detection

10. Cookies and Tracking Technologies

We use cookies and similar technologies for essential website functionality, analytics, and security. You can control cookies through your browser settings. For non-essential cookies, we obtain your consent.

11. How to Contact Us and Supervisory Authority

1. For any questions about this Policy or to exercise your rights, contact us at: privacy@wishti.com
2. You have the right to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

12. Changes to This Policy

1. We may update this Policy to reflect changes in our practices or legal requirements.
2. The current version is always available at: https://wishti.com/en/privacy
3. We will notify users of significant changes through our website or email.

Last updated: October 11, 2025