Privacy Policy & Cookies

Wayfindr values your privacy and only collects personal information you consent to provide as a user of this website. This Privacy Policy explains what information is collected and recorded by wayfindr.io and how we use it.

1. Introduction

This policy applies to information collected through this website. It does not apply to information collected offline or via channels other than this website.

This policy is designed to comply with the EU General Data Protection Regulation (GDPR), UK GDPR, the UK Data Protection Act 2018, the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), the US CAN-SPAM Act, and other applicable data protection laws. Where requirements differ between jurisdictions, we apply the standard most protective of your rights.

2. Consent

By using our website, you hereby consent to this Privacy Policy and agree to its terms. Where we rely on consent as the legal basis for processing your personal data (for example, for marketing or advertising purposes), you have the right to withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of any processing carried out before you withdrew it.

3. Information We Collect

The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide it.

If you contact us directly, we may receive additional information about you such as your name, email address, phone number, the contents of your message and/or attachments, and any other information you choose to provide.

When you register for an Account, we may ask for your contact information, including your name, company name, address, email address, and telephone number.

When you submit a contact form on wayfindr.io, the information you provide is stored in our Customer Relationship Management (CRM) system. See Section 5 for full details.

4. How We Use Your Information

We use the information we collect in various ways, including to:

Provide, operate, and maintain our website
Improve, personalise, and expand our website
Understand and analyse how you use our website
Develop new products, services, features, and functionality
Communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information relating to the website, and for marketing and promotional purposes
Send you emails where you have provided your contact details through our contact form or account registration, and where you have not objected to receiving communications from us
Find and prevent fraud
Manage and follow up on business enquiries submitted through our contact form (stored in our CRM)
Build advertising audience profiles on Google Ads, using contact data for which you have provided explicit consent (see Section 6)

5. Contact Form Data and CRM Storage

When you submit a contact form on wayfindr.io, the personal information you provide is stored securely in our Customer Relationship Management (CRM) system. The information collected includes your name, email address, company name, phone number, and the contents of your message.

Legal basis for processing

We process this data on the basis of legitimate interests (Article 6(1)(f) EU GDPR and UK GDPR). Our legitimate interest is to respond to your enquiry, manage our business relationship with you, and follow up on potential service arrangements. Where we send you direct marketing communications based on this data, we will rely on consent (Article 6(1)(a)) or, where applicable, the soft opt-in provisions under the UK Privacy and Electronic Communications Regulations (PECR).

How long we keep your data

We retain contact form submissions and associated CRM records for a maximum of three years from the date of last contact, unless a shorter retention period is required by law or you request earlier deletion. If no active business relationship or ongoing enquiry exists, we review records for deletion on an annual basis.

Requesting removal from our CRM

If you wish to have your personal data removed from our CRM, please email us at marketing@wayfindr.io with the subject line “Data Removal Request.” We will acknowledge your request promptly and confirm deletion within one calendar month, in accordance with your rights under Article 17 of the EU GDPR and UK GDPR. In some circumstances we may be unable to delete all data immediately (for example, where retention is required to comply with a legal obligation), in which case we will explain the reason and confirm the earliest date deletion can be completed.

6. Google Ads Audience Data

To improve the relevance of our advertising, we may share a limited set of contact details with Google LLC via the Google Ads Customer Match feature. This allows us to build audience profiles and identify similar audiences on Google’s advertising platform.

What data we share

We share email addresses only. We do not share phone numbers, postal addresses, financial data, sensitive personal data, or the contents of contact form messages with Google for this purpose.

Legal basis for processing

We rely on your explicit consent (Article 6(1)(a) EU GDPR and UK GDPR) as the legal basis for sharing your data with Google for audience-building purposes. We will only include your email address in a Google Ads audience list if you have provided clear and informed consent for your data to be used for marketing and advertising purposes. You may withdraw this consent at any time (see below).

How Google uses your data

Google uses the data solely to match your email address to an existing Google account for targeted advertising. Google does not share your data with other advertisers. For full details, see Google’s Privacy Policy and the Google Ads Customer Match policy.

International data transfers

Google may process your data on servers located outside the UK and the European Economic Area (EEA). Such transfers are safeguarded by Standard Contractual Clauses (SCCs) approved by the European Commission and, where applicable, the UK International Data Transfer Agreement (IDTA), ensuring your data receives an equivalent level of protection wherever it is processed.

Data retention by Google

Email addresses are retained in active Google Ads audience lists for a maximum of 180 days from the date of upload, after which they are automatically removed by Google. We may re-upload data only where valid consent remains in place.

Withdrawing consent

You may withdraw your consent at any time by emailing marketing@wayfindr.io with the subject line “Ads Audience Opt-Out.” We will remove your data from active audience lists within one calendar month of your request. Withdrawing consent does not affect the lawfulness of prior processing.

7. Data Retention

We retain personal data only for as long as is necessary for the purposes for which it was collected:

Contact form and CRM records: up to three years from the date of last contact, or until a removal request is received
Log files: up to 12 months from collection
Google Ads audience data: maximum 180 days from the date of upload, or until an opt-out request is received
Cookie and analytics data: in accordance with the specific retention periods disclosed in our cookie consent tool

At the end of the applicable retention period, personal data is securely deleted or anonymised.

8. Log Files

Wayfindr.io follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this as a standard part of hosting services analytics. The information collected by log files includes internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any personally identifiable information. The purpose of the information is to analyse trends, administer the site, track users’ movement on the website, and gather demographic information.

9. Cookies and Web Beacons

Like any other website, Wayfindr.io uses cookies. These cookies are used to store information including visitors’ preferences and the pages on the website that the visitor accessed or visited. The information is used to optimise the user’s experience by customising our web page content based on visitors’ browser type and/or other information.

You can choose to disable cookies through your individual browser options. Check your browser settings for more detailed information about cookie management with specific web browsers.

10. Advertising Partners Privacy Policies

Third-party ad servers or ad networks use technologies like cookies, JavaScript, or Web Beacons in their advertisements and links that appear on Wayfindr.io. They automatically receive your IP address when this occurs. These technologies are used to measure the effectiveness of their advertising campaigns and/or to personalise the advertising content that you see. Wayfindr.io has no access to or control over the cookies used by third-party advertisers. You may consult the Privacy Policy for each of our advertising partners to understand how they handle your data.

11. Third Party Privacy Policies

Wayfindr.io’s Privacy Policy does not apply to other advertisers or websites. We advise you to consult the respective Privacy Policies of these third-party ad servers for more detailed information, including their practices and instructions about how to opt out of certain options.

12. Commercial Emails and CAN-SPAM (US)

If we send you commercial emails, we comply with the US CAN-SPAM Act. Specifically:

Every commercial email we send will clearly identify itself as a commercial message
We will not use false or misleading header information or deceptive subject lines
Every commercial email will include a clear and easy way to opt out of receiving future emails from us. You can unsubscribe by clicking the unsubscribe link included in each email or by emailing us directly at marketing@wayfindr.io
We will honour all opt-out requests within 10 business days
Our commercial emails will include our valid physical postal address: C&B Investment Partners Limited, Hong Kong

Please note: CAN-SPAM applies to commercial messages. Transactional or relationship messages (such as direct responses to your enquiries) are not subject to the same opt-out requirement, though we will always honour removal requests.

13. GDPR Data Protection Rights (EU and UK)

If you are located in the European Economic Area (EEA) or the United Kingdom, the following rights apply to you under the EU GDPR and UK GDPR respectively.

The right to access: You have the right to request copies of your personal data. We may charge a small administrative fee for this service.

The right to rectification: You have the right to request that we correct any information you believe is inaccurate, and to request that we complete information you believe is incomplete.

The right to erasure: You have the right to request that we erase your personal data, under certain conditions. To request erasure from our CRM or Google Ads audience lists, see Sections 5 and 6.

The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.

The right to object to processing: You have the right to object to our processing of your personal data where we rely on legitimate interests as the legal basis. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

The right to data portability: You have the right to request that we transfer the data we have collected to another organisation, or directly to you, under certain conditions.

The right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

The right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. For EU residents, this is the data protection authority in your country of residence. For UK residents, this is the Information Commissioner’s Office (ICO) at ico.org.uk. We would, however, appreciate the opportunity to address your concerns before you contact a supervisory authority.

If you make a request, we have one calendar month to respond. To exercise any of these rights, please contact us using the details in Section 16.

14. CCPA/CPRA Privacy Rights (California)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). These rights include:

The right to know: You have the right to request that we disclose the categories and specific pieces of personal data we have collected about you, the categories of sources from which we collected it, our purpose for collecting it, and the categories of third parties with whom we share it.

The right to delete: You have the right to request that we delete personal data we have collected from you, subject to certain exceptions.

The right to correct: You have the right to request that we correct inaccurate personal data we hold about you. We will use commercially reasonable efforts to action your correction request.

The right to opt out of sale or sharing: We do not sell your personal data for monetary consideration. However, to the extent that sharing personal data with Google Ads for audience-building purposes constitutes “sharing” under the CPRA, you have the right to opt out. To exercise this right, email us at marketing@wayfindr.io with the subject line “Do Not Sell or Share My Personal Information.”

The right to limit use of sensitive personal information: You have the right to direct us to limit our use and disclosure of sensitive personal information to those uses necessary to provide the services you request or as otherwise permitted by law.

The right to non-discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise any of your CCPA/CPRA rights, please contact us using the details in Section 16. We will verify your identity before processing your request and aim to respond within 45 calendar days (extendable by a further 45 days where reasonably necessary).

15. US Multi-State Privacy Rights

In addition to California, residents of certain other US states have rights under applicable state privacy laws, including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and Texas (TDPSA), among others. Where these laws apply, residents of those states generally have rights to access, delete, correct, and obtain a portable copy of their personal data, and to opt out of certain uses of their data for targeted advertising.

These laws typically apply to businesses that process personal data of a specified minimum number of consumers. Wayfindr may or may not meet the applicable thresholds for your state; however, we extend the same data rights to all users regardless. To exercise any of these rights, please contact us using the details in Section 16.

16. Contact Us

For any data protection enquiries, to exercise your rights under GDPR, CCPA/CPRA, or applicable US state privacy laws, or to request removal from our CRM or Google Ads audience lists, please contact us at:

Email: marketing@wayfindr.io

Website: wayfindr.io/contact-us/

Company: C&B Investment Partners Limited, trading as Wayfindr, Hong Kong

For UK data subjects wishing to raise a concern with the supervisory authority: Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Website: ico.org.uk.

17. Children’s Information

Wayfindr.io does not knowingly collect any Personally Identifiable Information from children under the age of 13 (or under 16 where required by local law). If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.

Submit a request