Wonesuite (“we,” “us,” “our”) is committed to protecting and respecting your privacy. This Comprehensive Privacy Policy (“Policy”) explains how we collect, use, disclose, and safeguard your information when you use our website (Wonesuite.com) and related services (collectively, “Services”).

This Policy has been designed to meet or exceed requirements under global privacy frameworks including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA/CPRA), and other major US state privacy laws effective in 2025 (including Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Tennessee, and Minnesota). We regularly review and update our practices to ensure ongoing compliance with evolving global standards.

By accessing or using our Services, you consent to the practices described in this Policy. We encourage you to read this document carefully to understand our practices regarding your personal data.

2 Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily provide when using our Services, including:

  • Account Information: Name, email address, phone number, business details, and credentials when you create an account or request information
  • Payment Information: Credit card details, billing address, and transaction history (processed through PCI-DSS compliant payment processors)
  • Communications: Contents of messages, emails, chats, and other communications with our team
  • Professional Information: Resume/CV details, work history, education, and professional credentials when you apply for positions
  • Content: Documents, images, comments, and other content you upload or submit through our Services

2.2 Information Collected Automatically

When you use our Services, we automatically collect certain information, including:

  • Device Information: IP address, browser type, operating system, device identifiers, and hardware information
  • Usage Data: Pages visited, features used, time spent, clickstream data, and other usage statistics
  • Location Information: Generalized location derived from IP address or precise location (with your consent)
  • Cookies and Similar Technologies: Information collected through cookies, web beacons, pixels, and similar tracking technologies as described in our Cookie Policy

2.3 Information from Third Parties

We may receive information about you from other sources, including:

  • Business Partners: Service providers, distributors, and resellers who refer you to us or collaborate with us
  • Social Media Platforms: When you interact with us through social media or use social features integrated with our Services
  • Publicly Available Sources: Information from government records, professional networks, and other public databases
  • Service Providers: Analytics providers, advertising networks, and data enrichment services

Table: Categories of Personal Data Collected

Data CategorySpecific ElementsPurpose of Collection
IdentifiersName, email, phone number, IP address, device identifiersAccount creation, service delivery, security
Commercial InformationPurchase history, transaction records, billing detailsOrder processing, customer support
Professional InformationEmployment history, education, skills, certificationsRecruitment processes, service customization
Technical DataBrowser type, operating system, usage patternsService improvement, analytics
Geolocation DataGeneralized or precise location informationService customization, compliance

3 How We Use Your Information

We use your personal information for the following business purposes:

  • Service Delivery: To provide, maintain, and improve our Services; process transactions; and authenticate users
  • Communication: To respond to your inquiries; send service-related announcements; and provide customer support
  • Personalization: To tailor content, recommendations, and offers based on your preferences and usage patterns
  • Marketing: To send promotional communications (with your consent where required by law); administer contests; and conduct market research
  • Analytics: To analyze usage trends; monitor performance; and improve our Services’ functionality and user experience
  • Security: To protect against fraudulent, malicious, or unauthorized activity; and ensure the security of our systems
  • Legal Compliance: To comply with legal obligations; resolve disputes; and enforce our agreements

We implement appropriate data minimization practices, collecting only what is reasonably necessary and proportionate for the purposes disclosed. For processing activities that present heightened privacy risks, we conduct Data Protection Impact Assessments as required under GDPR and similar regulations.

4 Legal Bases for Processing (GDPR and Similar Laws)

For individuals protected by the GDPR and similar frameworks, we process your personal data on the following legal bases:

  • Performance of Contract: When processing is necessary to fulfill our contractual obligations to you
  • Consent: When we have obtained your explicit consent for specific processing activities (e.g., marketing communications)
  • Legitimate Interests: When processing is necessary for our legitimate business interests, provided they are not overridden by your rights
  • Legal Obligation: When processing is necessary to comply with applicable laws and regulations

You may withdraw consent at any time where applicable, without affecting the lawfulness of processing based on consent before its withdrawal.

5 How We Share and Disclose Information

We may share your information in the following circumstances:

5.1 Service Providers

We engage trusted third-party service providers to perform functions on our behalf, including:

  • Payment processing (Stripe, PayPal)
  • Cloud hosting and infrastructure (AWS, Google Cloud)
  • Customer relationship management (Salesforce, HubSpot)
  • Analytics and marketing (Google Analytics, Marketo)

All service providers are subject to strict data processing agreements that limit their use of your information and require appropriate security measures.

5.2 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of the transaction, subject to appropriate confidentiality commitments.

5.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas).

5.4 With Your Consent

We may share your information with third parties when we have obtained your explicit consent to do so.

Table: Categories of Third Parties with Whom We Share Data

Third Party CategoryPurpose of SharingData Elements Shared
Payment ProcessorsTransaction processingPayment information, contact details
Cloud Service ProvidersInfrastructure hostingAll data necessary for service delivery
Analytics ProvidersUsage analysis, improvementTechnical data, usage patterns
Marketing PlatformsCampaign management, advertisingContact information, engagement data
Professional AdvisorsLegal, accounting servicesVaries based on specific need

We do not sell your personal information as defined under the CCPA/CPRA and similar state laws. We also do not engage in targeted advertising (as defined under certain state laws) without providing appropriate opt-out mechanisms.

6 International Data Transfers

As a global company, we may transfer your personal information to countries other than your country of residence, including to the United States and other jurisdictions where our service providers operate. These countries may have data protection laws that differ from those in your country.

When transferring personal data outside the European Economic Area (EEA), United Kingdom, or Switzerland, we implement appropriate safeguards as required by applicable law, including:

  • Adequacy Decisions: Transferring to countries deemed adequate by the European Commission
  • Standard Contractual Clauses: Implementing EU-approved clauses with appropriate supplementary measures
  • Binding Corporate Rules: For intra-organizational transfers
  • Certification Programs: Such as the EU-U.S. Data Privacy Framework for transfers to certified U.S. companies

You may contact us using the details in the Contact Information section to obtain more information about these transfer mechanisms.

7 Data Security

We implement comprehensive technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

  • Encryption: Data in transit (TLS 1.2+) and at rest (AES-256 encryption)
  • Access Controls: Role-based access restrictions, multi-factor authentication, and least-privilege principles
  • Network Security: Firewalls, intrusion detection systems, and regular vulnerability scanning
  • Physical Security: Secure data center facilities with 24/7 monitoring and access controls
  • Security Training: Regular privacy and security awareness training for all employees
  • Incident Response: Established procedures for responding to potential data security incidents

While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. We strive to use commercially acceptable means to protect your personal information but cannot guarantee its absolute security.

8 Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

8.1 Access and Portability

You have the right to request access to and receive a copy of the personal information we hold about you, including details about how we use and share it. In some jurisdictions, you may also request that we provide your information in a portable, machine-readable format.

8.2 Correction

You may request that we correct any inaccurate or incomplete personal information we hold about you.

8.3 Deletion

You may request that we delete your personal information in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected or when you withdraw your consent (where applicable).

8.4 Restriction and Objection

You may have the right to request that we restrict processing of your personal information or object to certain types of processing, such as direct marketing or processing based on legitimate interests.

8.5 Opt-Out Rights

Depending on your jurisdiction, you may have the right to opt out of:

  • Sales of personal information (as defined under applicable laws)
  • Targeted advertising
  • Profiling in furtherance of decisions that produce legal or similarly significant effects

8.6 Withdrawal of Consent

Where we process your personal information based on consent, you have the right to withdraw that consent at any time.

8.7 Appeal Process

If we decline to take action regarding your request, we will inform you of our reasons and provide details about how you may appeal the decision, as required by applicable law.

8.8 Exercising Your Rights

To exercise any of these rights, please contact us using the details provided in the Contact Information section. We will respond to your request within the timeframes required by applicable law, typically within 30-45 days.

We will not discriminate against you for exercising any of your privacy rights. This means we will not deny you goods or services, charge you different prices, or provide a different level or quality of services unless permitted by applicable law (e.g., if the difference is reasonably related to the value provided by your data).

9 Cookies and Similar Technologies

We use cookies and similar technologies (e.g., web beacons, pixels, SDKs) to collect and store information about your use of our Services. These technologies help us:

  • Ensure functionality: Enable essential features and secure areas
  • Analyze performance: Understand how visitors interact with our Services
  • Personalize experience: Remember your preferences and customize content
  • Deliver advertising: Show relevant ads on our Services and third-party platforms

9.1 Cookie Categories

  • Strictly Necessary: Essential for operation of the Services; do not require consent
  • Performance/Analytics: Help us understand how visitors interact with our Services
  • Functional: Enable enhanced functionality and personalization
  • Targeting/Advertising: Used to deliver relevant ads and track campaign performance

9.2 Consent Management

Where required by law (such as under the ePrivacy Directive), we obtain prior consent before placing non-essential cookies or similar technologies on your device. You can manage your cookie preferences at any time through our Cookie Preference Center, accessible via the footer of our website.

10 Children’s Privacy

Our Services are not directed to children under the age of 13 (or 16 in the EEA and UK). We do not knowingly collect personal information from children without appropriate parental or guardian consent.

If we learn that we have collected personal information from a child without verification of parental consent, we will promptly delete that information. If you believe we might have any information from or about a child without proper consent, please contact us immediately.

For residents of certain U.S. states, we extend additional protections to consumers between 13-17 years of age, complying with requirements to obtain affirmative authorization for processing personal data for targeted advertising, sale, or profiling purposes where applicable.

11 Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider:

  • The amount, nature, and sensitivity of the personal data
  • The potential risk of harm from unauthorized use or disclosure
  • The purposes for which we process it and whether we can achieve those purposes through other means
  • Applicable legal requirements

Upon expiration of the applicable retention period, we will securely delete or anonymize your personal information in accordance with our data retention policies.

12 Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, and other factors. When we do, we will update the “Last Updated” date at the beginning of this Policy.

We encourage you to periodically review this page for the latest information on our privacy practices. Material changes to this Policy will be communicated through prominent notices on our website or direct notifications when required by law.

13 Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Wonesuite Data Protection Officer
Email: privacy@Wonesuite.com

For residents of the European Economic Area, you may also lodge a complaint with your local supervisory authority if you believe our processing of your personal information violates applicable law.

14 Additional State-Specific Disclosures

14.1 California Residents

The California Consumer Privacy Act (as amended by the CPRA) provides California residents with specific rights regarding their personal information. See Section 8 (Your Rights and Choices) for information about these rights and how to exercise them.

We collect, use, and share personal information of California residents as described throughout this Policy. Over the preceding 12 months, we have collected the categories of personal information described in Section 2 for the business purposes outlined in Section 3.

We do not “sell” or “share” personal information as defined under the CCPA/CPRA. We also do not process sensitive personal information for purposes other than those specified in the CCPA/CPRA without providing appropriate notice and opt-out rights.

14.2 Other U.S. States

Residents of other states with comprehensive privacy laws (including Virginia, Colorado, Utah, Connecticut, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Tennessee, and Minnesota) have specific rights regarding their personal information as described in Section 8.

Some states require additional disclosures about how we process personal data for targeted advertising, sales, or profiling. We do not engage in activities that qualify as “sales” of personal information under state laws. We may process personal information for targeted advertising as described in our Cookie Policy, but we provide opt-out mechanisms as required by law.

14.3 Nevada Residents

Nevada residents may opt out of the “sale” of certain covered information as defined under Nevada law. We do not engage in such activities, but Nevada residents may still submit opt-out requests to the contact information provided above.