Privacy Policy

Privacy Policy for Wishence

Last Updated: 27-November-2025

Welcome to Wishence. We are committed to safeguarding your personal data and handling it in full compliance with the UK GDPR, the Data Protection Act 2018, and all applicable privacy laws.

This Privacy Policy explains what personal information we collect, how we use it, how we keep it secure, and the rights you have over your data.

If you have any questions, contact us at: [Insert Email Address].

1. Who We Are

Wishence (“we”, “us”, “our”) is a UK-based gifting concierge platform providing automated event reminders and curated gift delivery.

We act as the Data Controller for all personal data collected through our website, app, and services.

2. Personal Data We Collect

We collect data that you provide directly as part of account creation, identity verification, and service use.

2.1 Identification & Personal Details

• Full name

• Date of birth

• Home address or delivery address

• Email address

• Phone number

2.2 Identity Verification Data (If Required)

For account validation, fraud prevention, or payment and delivery security, we may collect:

• Government-issued ID (passport, driving licence, national ID card)

• ID numbers

• ID photographs or scans

• Verification checks provided by trusted third-party partners

This data is processed securely and only when strictly necessary.

2.3 Event & Relationship Data

• Recipient names

• Dates of birthdays, anniversaries, and personal events

• Custom notes or preferences

• Gift occasions and history

2.4 Payment Data

• Billing information

• Transaction history

Full payment card details are not stored by Wishence and are processed via PCI-DSS compliant third-party payment providers (e.g., Stripe, PayPal).

2.5 Technical Data

• IP address

• Device and browser type

• Cookies and tracking data

• Usage behaviour and interaction logs

3. How We Use Your Personal Data

We use your data for:

• Account creation and secure user authentication

• Identity verification and fraud prevention

• Storing and managing event reminders

• Recommending and delivering gifts

• Processing orders and payments

• Providing customer support

• Sending service notifications

• Complying with legal, regulatory, and tax requirements

• Platform improvement and personalisation

We do not use ID documents for marketing or profiling.

4. Legal Basis for Processing (UK GDPR)

We process your personal data based on:

• Consent – when you provide event information or sign up

• Contractual necessity – to fulfil orders or deliver services

• Legitimate interests – platform security, service improvement, fraud prevention

• Legal obligations – verifying identity, financial reporting, preventing misuse

• Processing of ID documents is carried out under legitimate interests and legal obligation, ensuring security and preventing fraudulent activity.

5. Sharing Your Information

We may share your data with:

• Verified identity-check partners

• Payment processors (e.g., Stripe)

• Delivery and logistics partners

• Cloud hosting and IT providers

• Legal, regulatory, and compliance authorities (only when required)

We never sell your personal data.

Third-party partners only process data on our instructions and in accordance with GDPR.

6. International Data Transfers

Some providers may operate outside the UK. When data is transferred internationally, we ensure lawful protection measures such as:

• UK-approved Standard Contractual Clauses

• Adequacy decisions

• Additional security safeguards

7. How Long We Keep Your Data

• Account information – kept while your account is active

• ID verification data – stored only as long as legally required or necessary for security

• Event and gifting data – until you edit or delete it

• Transactional data – retained for 6 years for tax and legal compliance

• Marketing preferences – updated or deleted upon request

When no longer needed, your data is securely erased or anonymised.

8. Security Measures

We implement strong technical and organisational security controls, including:

• Encrypted data storage

• HTTPS/SSL secure transmission

• Identity verification through approved partners

• Multi-factor authentication (where available)

• Firewalls and intrusion monitoring

• Strict access controls

No system is 100% secure, but we take all reasonable steps to protect your information.

9. Your GDPR Rights

You have the right to:

• Access your personal data

• Request correction of inaccurate data

• Request deletion ("right to be forgotten")

• Restrict or object to processing

• Withdraw consent at any time

• Receive your data in a portable format

• Refuse automated decision-making

• Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise any rights, contact us at: [Insert Email].

10. Cookies

Wishence uses cookies to:

• Improve performance

• Personalise recommendations

• Support analytics and marketing

• Retain login states

You may configure cookie preferences through your browser settings.

11. Children’s Privacy

Wishence is not intended for use by individuals under 18. We do not knowingly collect children’s personal data.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in law or service offerings. We will notify users of significant updates.

13. Contact Us

For privacy questions, data requests, or complaints:

Wishence Data Protection Officer Email: Info@wishence.com

Thank you for trusting Wishence. 

Set it once, celebrate forever — with privacy and protection you can depend on.