Version 1.0



In compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”) as well as any other applicable regulations on Data Protection, Wooeen (“we”, “us” or “our”) provide you with information regarding our Privacy Policy



The data collected are identifying and correspond to a reasonable minimum to be able to carry out the activity carried out. In no case will the data be used for purposes different or contrary to the purpose for which they were collected.

If you have any questions about the processing of your personal data or wish to exercise your rights, you can contact us at any time by e-mail directly at [email protected] or by contacting our Data Protection Officer: [email protected].



Summary of WOOEEN’s Privacy Policy:


1. Purposes

1.1. To provide the service.

1.2. Preparation of reports and statistics.

1.3. Develop new products and services.

1.4. Analyze the use and impact of our services on our users.

1.5. Fraud prevention.


2. Legitimacy

2.1. The explicit and free consent of the user.

2.2. Contractual obligations to provide the service to the user.

2.3. Our obligations for fraud detection and prevention.

2.4. Our Legitimate Interest


3. Addressees

3.1. Data Processors in the European Union.

3.2. Our Group Companies

3.3. National or European competent authorities when requested by them.


4. Conservation

4.1. The conservation of Personal Data will always be subject to current Spanish and EU legislation.


5. Rights

5.1. Access, rectification, opposition, erasure, limitation of processing, portability, objection, not being subject to automated decisions, revocation and filing a complaint/complaint with the supervisory authority.


Text of the Privacy Policy


1. Data collected and processed

1.1. The data collected and processed are Personal Data. A personal data is any information relating to a person, for example: name, email, address, telephone number, NIF/NIE, confirmation of the age of majority.

1.2. Each time you visit our website, we may store certain information such as the browser you are using, your computer’s operating system, the IP address assigned by your Internet service provider, the pages you have been shown, search terms used, products viewed, uncompleted purchases, data identifying your device and language settings. 

1.3. When you use a service offered by us, our system records the media you have used and from which web pages you have used it as well as data derived from the actions you take through the utilities of the service provided by us.

1.4. We will limit the collection and processing of Personal Data to the purposes of the Personal Data Processing detailed in the relevant clause of this privacy policy statement and under the terms of Spanish and EU law. 


2. How we collect personal data:

2.1. We collect and process personal data that you provide to us in the following cases:

  • Completing registration in our cashback area;
  • Completing online forms (e.g., for cashback withdrawal);
  • Using our browser and our services;
  • Contacting our team;
  • Requesting to receive our offers by email.


2.2. Important note about the bank details you provide! All cashback payments are processed by external payment intermediaries such as Unlimint, Payoneer, Wise transfer or others.


3. When your personal data is processed:

3.1. They are processed in one or more of the following cases:

  • Execution of the contract or preliminary proceedings and dealings related to the contract to which you are a party;
  • After the consent of the data subject (you);
  • Compliance with our legal obligations; 
  • Fulfillment of actions in favor of our legitimate interests or those of third parties. 

3.2. We reserve the right to continue processing personal data obtained for any of the purposes described below, including other purposes that are appropriate to the original purpose or that are permitted or prescribed by law (e.g., compliance with legal or regulatory obligations). 


4. Purposes of treatment

4.1. The personal data collected will be processed for the purpose of:

a) Providing the service. The service provided by us is to offer its users a refund right (which varies according to product), known as cashback, which accumulates in your virtual wallet in your personal area which can be accessed here, after the user has purchased products or services promoted on the same website and / or mobile application of us and you can request to be reimbursed in various ways depending on the country in which the account has been created.

b) Develop reports and statistics based on user activity and behavior for:

  • Fraud detection and prevention: We may use personal information to detect and prevent fraud and other illegal or unwanted activities.  
  • Development and improvement of our products, services and user experience.
  • Market research: We sometimes invite our customers to participate in market research. The personal information you provide to participate in such research will only be used with your consent. 

c) Sending advertising and promotions via e-mail.

d) Manage the user’s participation in sweepstakes, campaigns and promotions launched by us.

e) Send commercial communications to the user, in the form of periodic newsletters or occasional electronic communications about services or similar, via e-mail or notification in the mobile application. 

The user, by checking the appropriate box in the registration process, or by exercising their rights, may stop receiving these electronic communications. As established by Spanish law, “WOOEEN” undertakes not to send commercial communications without identifying them as such. For these purposes, information sent to customers for the maintenance of the existing contractual relationship will not be considered as commercial communication.

f) Make the cashback payment to the user, for which you must share your data with Unlimit.

g ) Communicate and keep you informed about our latest updates, such as:

  1. Notice of changes to our Terms and Conditions or our Privacy Policy;
  2. Notification of the progress of your cashback;

h ) To contact you in response to your request for contact.

i ) To help and solve the problems of our services and answer your questions.

  1. j) We offer customer support services via email [email protected] 365 days a year and 24 hours a day (i.e. all year round). We share your information with our Customer Service staff to assist you whenever you need us and to answer any questions regarding your experience with us.
  2. k) In the case of candidates for access to employment, for the purpose of managing the data subject’s participation in current and future selection processes at us, we declare that it complies with the applicable data protection regulations, in particular in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and in the Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights, as well as any other applicable regulations regarding Data Protection. 

4.2. The information provided by you will, in any case, be considered confidential, and will not be used for purposes other than those described herein. 

4.3. All data that we request or may request are necessary for the purposes described in this Privacy Policy, so the user’s refusal to provide them would mean the impossibility of providing the Service or manage the request that the user makes to us. Therefore, we reserve the right not to respond or process requests that do not include the data that are requested.

4.4. On our websites and apps, the user will find useful information about the Services offered by us.


5. Legal basis for processing

5.1. The legal bases for the processing of the user’s Personal Data in accordance with the purposes set out above are:

a) The explicit and free consent of the user at all times in accordance with applicable Spanish and European legislation on the Protection of Personal Data and the Right to Honor and Privacy.

b) Contractual obligations to provide the service to the user, to manage the relationship with the user and respond to requests for information on the Service offered by us, to formalize the relationship between us and the user through the acceptance of the General Terms and Conditions of Use and the various policies relating to Privacy and Cookies and for the case that the user contacts our Customer Service in order to process requests.

c) Our obligations regarding the detection and prevention of all types of fraud and the provisions of the Money Laundering Act. 

In this case, our legitimate interest is to preserve the security of its operations and prevent fraud.

d) Our legitimate interest to:

– The sending of commercial communications related to our products and services by any means, a legitimate interest that is recognized in the GDPR, which expressly allows the processing of personal data for direct marketing purposes. 

– The sending of commercial communications to non-customers, with the consent that has been requested, which may be revoked at any time.

– The treatment of the curriculum vitae with the consent that the candidate gives us when sending it to participate in selection processes.

In these cases the legitimate interest of us is based on keeping the user informed and updated on products, services or promotions that may be of interest.

– The realization of tests to correct possible errors, as well as to carry out business process automation projects.

– The preparation of internal analysis and reports to evaluate the results of different campaigns or promotions launched by us. 

In both cases, our legitimate interest is to improve the products and services offered and the productivity and efficiency of our activity.

– Elaborate user profiles to evaluate the predisposition to acquire or enjoy the products and services as well as to carry out commercial actions.

In this case, our legitimate interest is, again, to improve the products and services offered and the productivity and efficiency of our business.


6. Form and duration of the processing of your personal data:

6.1. Personal data is processed and stored in accordance with the following regime:

6.2. The data is stored on our secure servers and for the time necessary to achieve the purposes described (maximum of 5 years after the deletion of the account), time that can be anticipated AT THE EXPRESS REQUEST OF THE USER in case of withdrawal of consent or any other exercise of the right involving the suspension or deletion of the data. 

6.3. In determining the appropriate storage period for your data, we will take into account the amount, nature, sensitivity, potential risk of harm from unauthorized use or disclosure of your data, the specific purpose and whether we can achieve those purposes through other means, observing applicable legal requirements.

6.4. Following YOUR EXPRESS REQUEST for withdrawal of consent or following the exercise of the right involving the suspension or deletion of data from the storage system, your data will be transferred to our “block list”. This means that, in accordance with art. 32 of the LGPD your personal data will only be processed for the fulfillment of our legal obligations (making the data available to judges and courts, the Public Prosecutor’s Office or the competent Public Administrations). After the period of five (5) years, such data will be deleted from the storage system, unless the user again expressly consents to the processing of his data;

6.5. In the event that personal data is no longer required for the intended purpose, we ensure that such data is securely deleted.


7. Data storage and security

7.1. Personal data are stored in a database server at the time they are provided by the user. This server allows you to securely send your personal data through the contact forms on the website and complies with all security measures corresponding to current legal standards to prevent the loss, misuse, alteration, unauthorized access and theft of data, being protected against physical and computer attacks through password access control to the cashback area, the security “2-Steps” with Google Authy token, and communication with the encrypted text server thus ensuring the confidentiality, integrity and quality of the information contained therein.

7.2. It is important to note, however, that while we make every technical and human effort to ensure maximum security of your data on the system, the Internet does not allow for absolute protection.


8. Rights of interested parties:

8.1. In accordance with the provisions of the Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights and with the GDPR you have the following rights relating to data protection:

  • Right of access (art. 15, GDPR): you have the right to request and obtain information about the personal data stored about you, including the sources and recipients of your data, as well as the purposes of its further processing, to the other information set forth in that article and to the other rights set forth therein.
  • Right of rectification (art. 16, GDPR): you have the right to demand rectification of any incorrect or inaccurate personal data we hold regarding you.
  • Right of erasure (art. 17, GDPR): you have the right to have your personal data erased if: (i) the data are no longer necessary in relation to the purposes for which they were collected or processed; (ii) you have withdrawn your consent or objected to their processing; or (iii) the data have been unlawfully processed and (iv) the other cases set forth in said article.
  • Right to restriction of processing (art. 18, GDPR): the right to obtain from the controller the restriction of data processing when any of the conditions set out in that article are met.
  • Right to withdraw consent (art. 7, GDPR): you have the right to withdraw your consent at any time, which will not affect the lawfulness of the processing based on the consent prior to its withdrawal. It will be as easy to withdraw consent as to give it.
  • Right to data portability (art. 20, GDPR): the right to receive personal data concerning him/her that he/she has provided to a controller in a structured, commonly used and machine-readable format and to transmit it to another controller without being prevented from doing so by the controller to whom the data had been provided. 
  • Right to object (art. 21, GDPR): you have the right to object, on grounds relating to your particular situation, without any formal requirement, to the processing of your personal data unless for legitimate reasons or the exercise or defense of possible claims they should continue to be processed in accordance with that article. When the data subject objects to the processing for direct marketing purposes, the personal data will no longer be processed for such purposes.
  • Right to review automated decisions: the right not to be subject to decisions based solely on automated processing of your data.

8.2. We undertake to execute all these rights within one month.

8.3. If you understand that there is a problem in the way we are handling your data, you can direct your complaints to the Security Officer or the appropriate data protection authority. In the case of Spain the competent is the Spanish Data Protection Agency.

8.4. To exercise the aforementioned rights, you must send your request by e-mail at any time and whenever you wish to the data protection agent whose electronic mailbox is [email protected]. Your request must be accompanied by a copy of your ID card or equivalent document proving your identity or representation.


9. Personal data of minors 

9.1. We do not promote Wooeen Browser, Wooeen Search or cashback to minors. Therefore, we do not process the personal data of minors. In the event that a minor uses or interacts with us, as soon as we detect this fact, the data entered by the minor will only be stored and taken into account for the purposes of a request from the official Spanish authorities, in accordance with Spanish law and EU regulations.


10. Third party sites

10.1. Please be advised that third party links to other websites and online services that we provide to you are subject to the terms of use and privacy policy of those third parties. This Privacy Policy does not apply to or pre-determine the legality of the privacy and data protection practices of third parties even if we have included links to them on our website or browser.


11. Variations in the Privacy Policy

11.1. We reserve the right to change this privacy policy in accordance with the applicable laws relating to Data Protection in Spain and the EU. In this case we will indicate by a notice on our website the date of the changes and provide you with access to archived versions in case you are interested in their analysis and comparison. If the changes are significant, we will provide a more prominent notice, which may include an e-mail notification to the e-mail address you have provided to us or a notification in your user area.

11.2. In any case, the date of the last update will appear in the heading of this privacy policy.

11.3. You should therefore read about the update in order to know your rights and obligations at all times in this matter.

11.4. Upon such changes or updates, your continued access to or use of our services will be subject to the revised privacy policy.


12. Accuracy of the data provided by the user

12.1. The user declares that all the data provided by him are true and undertakes to keep them updated and to inform us when there is any change in them.


13. Recipients of personal data

13.1. We will not transfer or communicate your data to any third party, except in the cases provided by law at the request of the official Spanish or Community authorities or when the provision of a service implies the need for a contractual relationship with a processor. Thus, the user accepts that certain personal data collected are provided to these processors (payment platforms, agency, intermediaries, etc.), when necessary for the effective performance of a contracted service or product purchased. The user also accepts that, in case of provision of services, these may be, in whole or in part, subcontracted to other persons or companies, which will be considered Processors, with which we hav agreed the relevant confidentiality agreement, or adhered to their privacy policies, set out in their respective websites.

13.2. The user may refuse the transfer of his/her data to the Data Processors, upon written request, by exercising the aforementioned rights.

13.3. We may have companies outside the European Economic Area that in any case must comply with the measures designed by EU regulations to protect personal data except in cases where the European Commission has determined that the country where the recipient is located provides an adequate level of protection of personal data.

13.4. In addition, in those cases in which it is necessary, customer data may be transferred to certain agencies, in compliance with a legal obligation: Spanish Tax Agency, banks, Labor Inspection, etc.


14. Time of conservation of data stored and processed by us 

14.1. The data provided to send you information about our products and services will be retained as long as you do not request the exercise of rights to delete your personal data and will be used respecting your wishes at any time, which you may modify by exercising your rights under the GDPR and which are indicated under the relevant heading of this statement.

14.2. The data provided for the procurement of our services and products will be retained for the minimum time necessary until the end of the contractual relationship. Subsequently, they will only be retained for compliance with legal obligations.

14.3. In the case of participation in selection processes, if not selected, we may keep your resume stored for a maximum of two years to incorporate it into future calls, unless the candidate states otherwise. 

14.4. As for the rest of your personal data, they will be kept for the period necessary for the exercise or defense of potential claims, to comply with legal obligations as long as permitted by applicable law. After the legal limitation periods have elapsed, we will destroy or anonymize your personal data.


15. Social Networking 

15.1. We have a profile in some of the main social networks on the Internet, recognizing us, in these, as responsible for the processing of personal data of their followers, for whose treatment will apply this privacy policy of personal data.

15.2. The purpose of such treatment by us, when the law does not prohibit it, will be to inform their followers through the networks about their activities and offers as well as to provide personalized customer service. 

15.3. The legal basis that legitimizes this treatment will be the consent of the person concerned, which may be revoked at any time. 

15.4. We will not extract personal data from social networks.