Privacy Policy & Data Protection

What personal information do we process?

When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use.

Do we process any sensitive personal information?

We do not process sensitive personal information.

Do we collect any information from third parties?

We may collect information from public databases, marketing partners, social media platforms, and other outside sources.

How do we process your information?

We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.

When and with whom do we share personal information?

We may share information in specific situations and with specific categories of third parties.

How do we keep your information safe?

We have adequate organizational and technical processes and procedures in place to protect your personal information.

What are your rights?

Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information.

Wishlist Data and Content

No Account Required: Pingwish operates without user accounts. When you create a wishlist, it is identified by a unique link rather than personal login credentials.

Wishlist Content: The information we store in your wishlists may include:

• Product names, descriptions, and links you add to your wishlist
• Any personal notes or comments you include with wishlist items
• Names or personal identifiers you choose to include in wishlist titles or descriptions
• Wishlist creation and modification timestamps

Data Storage and Lifecycle: Wishlists are stored in secure cloud databases and remain accessible via their unique links until:

• You explicitly delete them using the delete function
• 24 months of complete inactivity (no views or modifications)
• You request deletion by contacting us directly

Personal Data in Wishlists: While we don't require personal information, you may choose to include personally identifiable information in your wishlist content. Under GDPR, you have rights regarding this data including access, rectification, and deletion.

Contact Information

We may collect email addresses when you contact us for support or exercise your data subject rights. We do not require registration or account creation for basic service use.

Sensitive Information: We do not knowingly process sensitive personal information.

Information Automatically Collected

In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information includes:

• Log and Usage Data: Service-related, diagnostic, usage, and performance information our servers automatically collect
• Device Data: Information about your computer, phone, tablet, or other device you use to access the Services
• Location Data: Information about your device's location, which can be either precise or imprecise

Google API: Our use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Information Collected from Other Sources

In Short: We may collect limited data from public databases, marketing partners, social media platforms, and other outside sources.

Third-Party Service Providers

We may share your personal information with third-party service providers that perform services for us or on our behalf, including:

• Google Analytics: For website analytics and performance monitoring
• Google AdSense: For displaying targeted advertisements
• Cookiebot: For cookie consent management and compliance
• Hosting and Infrastructure Providers: For website hosting and technical operations

Affiliate Partners

We participate in affiliate marketing programs, including:

• Amazon Associates Program: When you click on Amazon product links, Amazon may track your activity for commission purposes
• Other Retail Partners: We may share anonymized or aggregated data with other affiliate partners to track referrals and commissions

These partnerships do not involve sharing your personal identifying information, but may involve sharing anonymized usage data and referral information.

Legal Requirements and Business Transfers

We may disclose your personal information if required to do so by law or in response to valid requests by public authorities, or in connection with a merger, acquisition, or sale of all or a portion of our assets.

Google Analytics

We may share your information with Google Analytics to track and analyze the use of the Services. To opt out of being tracked by Google Analytics, visit Google Analytics Opt-out.

Your Rights Under GDPR and Other Privacy Laws

In regions covered by GDPR (EEA, UK, Switzerland) and other privacy laws, you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete personal data
• Right to Erasure (Right to be Forgotten): Request deletion of your personal data
• Right to Restrict Processing: Request limitation of how we process your data
• Right to Data Portability: Request your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for cookies and analytics at any time
• Right to Lodge a Complaint: File complaints with your local data protection authority

How to Exercise Your Rights

Wishlist Data Management: Since Pingwish operates without accounts:

• Direct Deletion: Use the delete function available on your wishlist page
• Request Assistance: Email us at privacy@pingwish.com with your wishlist link
• Data Access: Contact us to request information about data associated with your wishlist link

Cookie and Analytics Rights:

• Update preferences through our Cookiebot consent banner
• Access cookie settings via the floating button or footer link
• Use browser settings to delete existing cookies

Data Subject Request Process:

1. Contact us at privacy@pingwish.com
2. Specify which right(s) you wish to exercise
3. Provide sufficient information to identify your data (wishlist links, contact details, etc.)
4. We will respond within 30 days (or 1 month under GDPR)
5. Verification may be required to protect against unauthorized access

No Cost: Exercising your rights is free of charge unless requests are manifestly unfounded or excessive.

Complaints and Data Protection Authorities

If you believe your privacy rights have been violated, you can lodge a complaint with:

• Austria: Datenschutzbehörde (DSB) - dsb.gv.at
• Your local EU data protection authority if you reside elsewhere in the EEA
• Contact us first: We encourage contacting us directly to resolve issues quickly

What Are Cookies?

Cookies are small data files that are placed on your computer or mobile device when you visit a website. They are widely used by website owners to make their websites work more efficiently, and to provide reporting information.

Cookies set by the website owner are called "first-party cookies". Cookies set by parties other than the website owner are called "third-party cookies". Third-party cookies enable third-party features or functionality to be provided on or through the website.

Types of Cookies We Use

We use both first-party and third-party cookies for several reasons:

Strictly Necessary Cookies: These cookies are essential for the website to function properly. They enable core functionality such as page navigation and access to secure areas. The website cannot function properly without these cookies.

Performance and Analytics Cookies: These cookies collect information about how visitors use our website, such as which pages are visited most often. We use Google Analytics to help us understand user behavior and improve our service. All information collected is aggregated and anonymous.

Functionality Cookies: These cookies allow the website to remember choices you make and provide enhanced, more personalized features. For example, they remember your language preferences and wishlist data stored locally in your browser.

Marketing and Advertising Cookies: These cookies are used to deliver advertisements more relevant to you and your interests. They also limit the number of times you see an advertisement and help measure the effectiveness of advertising campaigns. We use Google AdSense for displaying advertisements.

Cookie Consent Management

We use Cookiebot as our cookie consent management platform to ensure compliance with EU cookie laws and GDPR requirements. Cookiebot automatically scans our website for cookies and categorizes them according to their purpose.

Your Cookie Choices: When you first visit our website, you will see a cookie consent banner powered by Cookiebot. You can:

• Accept all cookies by clicking "Allow all"
• Customize your preferences by clicking "Cookie settings"
• Decline non-essential cookies by clicking "Decline"
• Change your preferences at any time by accessing cookie settings

Cookie Categories: Through Cookiebot, you can control the following categories:

• Necessary: Cannot be disabled as they are essential for website functionality
• Statistics: Analytics cookies (Google Analytics) - can be disabled
• Marketing: Advertising cookies (Google AdSense) - can be disabled

Local Storage and Wishlist Data

In addition to cookies, we store wishlist references locally in your browser's storage. This is not technically a cookie but serves a similar function:

• Wishlist references (not the wishlist content) are stored locally on your device
• This data helps you access your wishlists even if you lose the direct link
• Local storage data remains on your device until you clear it manually
• We do not access this data remotely unless you explicitly share your wishlist

Important: If you use Pingwish on a shared or public computer, other users may access your wishlist data through the same browser. To protect your privacy, clear your browser data after use.

Third-Party Services and Data Processing

We integrate with the following third-party services that may collect, process, and use your personal data:

Google Analytics and International Data Transfers: We use Google Analytics, a web analytics service provided by Google LLC (or Google Ireland Limited if you are located in the European Economic Area). Google Analytics uses cookies and similar technologies to collect and analyze information about how you use our website, including your IP address, browser type, operating system, referring website, pages visited, time spent on pages, and other usage information.

Data Transfer Risk Notice: This data is transmitted to and stored by Google on servers in the United States and other countries outside the European Economic Area. We want to transparently inform you that recent rulings by European data protection authorities (including Austria's DSB and France's CNIL) have raised concerns about Google Analytics' compliance with GDPR due to potential access by US authorities to personal data transferred to the United States. While we implement appropriate safeguards and rely on Google's Standard Contractual Clauses and the EU-US Data Privacy Framework where applicable, we cannot guarantee complete protection against such access.

Your Choices Regarding Analytics: You have several options to limit or prevent Google Analytics data collection:

• Install the Google Analytics opt-out browser add-on
• Decline analytics cookies through our Cookiebot consent banner
• Use browser settings to block third-party cookies
• Use privacy-focused browsers or browser extensions

Legal Basis: Our use of Google Analytics is based on your explicit consent obtained through Cookiebot for users in the European Economic Area, and legitimate interest for essential analytics functions. For more information about Google Analytics' privacy practices, please visit Google's Privacy Policy and How Google uses information from sites or apps that use our services.

Google AdSense and Personalized Advertising: We display advertisements on our website through Google AdSense, an advertising service provided by Google LLC (or Google Ireland Limited if you are located in the European Economic Area). Google AdSense uses cookies, device identifiers, and other tracking technologies to serve advertisements that may be personalized based on your interests and browsing behavior.

How Personalized Advertising Works: Google AdSense may use information about your visits to our website and other websites across the Internet to provide advertisements about goods and services that may be of interest to you. This includes:

• Creating interest profiles based on your browsing history
• Showing ads based on previous visits to our site and other participating websites
• Using demographic information and inferred interests
• Cross-device tracking to serve consistent ad experiences
• Retargeting you with relevant ads on other websites in the Google Display Network

Data Collection for Advertising: The types of information Google may collect through AdSense include your IP address, browser type, operating system, device identifiers, the content of pages you view, search terms, time spent on pages, click behavior, and information about your interactions with advertisements. This data may be combined with information from other Google services you use.

Consent and Control for EEA Users: For users in the European Economic Area, we obtain explicit consent for personalized advertising through our Cookiebot consent management platform. You have the following choices:

• Accept Personalized Ads: Allow Google to use your data for personalized advertising
• Decline Marketing Cookies: Receive only non-personalized ads based on general content and location
• Opt-out Completely: Block all advertising cookies through your consent preferences

Managing Your Advertising Preferences: You can control your advertising experience through multiple channels:

• Visit Google Ad Settings to manage personalized advertising preferences
• Use Google My Ad Center to control the ads you see across Google services
• Opt-out via Digital Advertising Alliance or Your Online Choices
• Update your consent preferences through our cookie settings

EU User Consent Policy Compliance: Our implementation complies with Google's EU User Consent Policy by:

• Obtaining explicit consent before serving personalized ads to EEA users
• Providing clear information about data use for advertising
• Offering granular consent choices through Cookiebot
• Allowing users to withdraw consent at any time
• Serving only non-personalized ads when consent is not provided

For more information about Google's advertising practices and privacy policy, please visit Google's Privacy Policy, Google's Advertising Policy, and Google's EU User Consent Policy.

Amazon Affiliate Program: We participate in the Amazon Services LLC Associates Program and other Amazon affiliate programs. When you click on Amazon product links on our website, Amazon may set cookies to track your activity and we may earn a commission on qualifying purchases. This does not affect the price you pay. Amazon's use of cookies is governed by Amazon's Privacy Policy, which you can review at Amazon Privacy Notice.

Cookiebot: Our cookie consent management is provided by Cookiebot A/S. Cookiebot may set necessary cookies to remember your consent preferences and ensure compliance with applicable data protection laws. For more information about Cookiebot's privacy practices, please visit Cookiebot's Privacy Policy.

Data Transfers: Please note that some of these third-party services may transfer your personal data to countries outside of the European Economic Area, including the United States. These transfers are made in accordance with appropriate safeguards, such as Standard Contractual Clauses or other legally recognized transfer mechanisms.

Managing and Deleting Cookies

You have several options for managing cookies:

Browser Settings: Most web browsers allow you to control cookies through their settings preferences. You can usually find these settings in the "options" or "preferences" menu of your browser.

Our Cookie Settings: You can update your cookie preferences at any time by accessing the cookie settings on our website (usually available in the footer or through a floating button).

Opt-out Links: For specific services, you can use these opt-out mechanisms:

• Google Analytics: Google Analytics Opt-out Browser Add-on
• Google Ads: Google Ad Settings
• Industry opt-out: Digital Advertising Alliance

Note: Disabling cookies may limit your ability to use certain features of our website. Strictly necessary cookies cannot be disabled as they are essential for basic website functionality.

Legal Basis for Cookie Processing

Under GDPR and other applicable privacy laws, our legal basis for processing cookies is:

• Strictly Necessary Cookies: Legitimate interest (essential for website functionality)
• Analytics Cookies: Your explicit consent obtained through Cookiebot
• Marketing Cookies: Your explicit consent obtained through Cookiebot
• Functionality Cookies: Legitimate interest (improving user experience)

Data Retention

Different types of cookies have different retention periods:

• Session Cookies: Deleted when you close your browser
• Persistent Cookies: Remain until their expiration date or until manually deleted
• Analytics Cookies: Typically expire after 2 years
• Advertising Cookies: Usually expire after 30 days to 2 years
• Consent Cookies: Expire after 12 months (you will be asked to renew consent)

Updates to This Cookie Policy

We may update this Cookie Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the updated policy on our website with a new effective date.

Minimum Age Requirements

Service Age Limit: Pingwish is not intended for use by children under the age of 13. Users must be at least 13 years old to use our services. Users between 13 and 16 years old (or the age of digital consent in their country) should have parental guidance when using our service.

For Users in the European Economic Area: The minimum age for using our service may be higher in your country based on local laws regarding digital consent (typically 16 in many EU countries).

Children's Data Protection

COPPA Compliance: We do not knowingly collect, use, or disclose personal information from children under 13 years of age without verifiable parental consent, in compliance with the Children's Online Privacy Protection Act (COPPA).

GDPR Compliance for Minors: We do not knowingly process personal data of children under the age of digital consent in their respective EU member state without parental consent.

If We Discover Child Data: If we become aware that we have collected personal information from a child under the applicable age limit without appropriate consent, we will take steps to delete such information promptly.

Parental Rights: Parents or guardians who believe their child has provided personal information to us may contact us at privacy@pingwish.com to request review, deletion, or to stop further collection of their child's information.

Safe Usage Guidelines

Parental Guidance: We recommend that parents or guardians supervise minors' use of our service and ensure they understand:

• Not to include personally identifiable information in wishlists
• To keep wishlist links private and only share with trusted individuals
• To understand that affiliate links may lead to third-party shopping sites
• To seek parental permission before clicking on any external links

International Data Transfer Risks

Transparency Notice: We believe in full transparency about potential privacy risks associated with our services. While we implement appropriate safeguards and rely on legal mechanisms such as Standard Contractual Clauses and the EU-US Data Privacy Framework, we want to inform you of ongoing legal developments that may affect your privacy rights.

Google Analytics GDPR Concerns: Recent decisions by European data protection authorities, including Austria's Datenschutzbehörde (DSB) and France's Commission Nationale de l'Informatique et des Libertés (CNIL), have found that the use of Google Analytics may violate GDPR due to the transfer of personal data to the United States, where it could potentially be accessed by US authorities under surveillance laws like FISA 702.

Our Response and Safeguards: In response to these concerns, we have implemented additional measures:

• Obtained explicit consent through Cookiebot for all analytics processing in the EEA
• Provided clear opt-out mechanisms including browser add-ons
• Disclosed the international transfer risks in this privacy policy
• Continuously monitor legal developments and adjust our practices accordingly

Your Rights and Choices: If you are concerned about these risks, you can:

• Decline analytics cookies through our consent banner
• Use the Google Analytics opt-out browser extension
• Contact us to exercise your right to object to data processing
• File a complaint with your local data protection authority if you believe your rights have been violated

Affiliate Marketing Financial Relationships

Material Connections Disclosure: We want to be completely transparent about our financial relationships. Pingwish participates in affiliate marketing programs, which means we may receive financial compensation when you purchase products through certain links on our website. This creates a material connection that could potentially influence our product recommendations and content.

Editorial Independence: While we earn commissions from affiliate relationships, we maintain editorial independence and only recommend products we genuinely believe will provide value to our users. However, you should be aware that financial incentives exist and may influence which products we choose to feature or recommend.

User Protection: This disclosure is made to comply with:

• FTC Guidelines on Endorsements and Testimonials
• EU Consumer Rights Directive
• Amazon Associates Program requirements
• Austrian and European consumer protection laws

Third-Party Service Dependencies

Service Reliability Disclaimer: Our website relies on various third-party services (Google Analytics, Google AdSense, Amazon affiliate tracking, Cookiebot) for functionality and revenue generation. Changes to these services' terms, privacy policies, or availability could affect our service delivery and your privacy rights.

Regulatory Compliance Updates: Privacy laws and regulations are continuously evolving. We commit to updating our practices and policies to maintain compliance, but there may be periods where legal uncertainty exists regarding the best practices for international data transfers and consent management.

Technical and Organizational Security Measures

Data Protection: We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:

• Encryption: All connections to our website use HTTPS encryption
• Secure Hosting: Our services are hosted on secure cloud infrastructure with industry-standard security practices
• Access Controls: Limited access to personal data on a need-to-know basis
• Regular Updates: We maintain current security patches and updates
• Data Backups: Secure backup procedures to prevent data loss

Limitations: While we implement reasonable security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

Privacy by Design Principles

Minimal Data Collection: Pingwish is designed with privacy in mind:

• No User Accounts: We don't require registration or personal information to use our basic service
• Private by Default: Wishlists are private and accessible only via unique links
• Local Storage: Wishlist preferences are stored locally in your browser when possible
• Data Minimization: We collect only the minimum data necessary for functionality
• Transparency: This comprehensive privacy policy explains all data practices

User Control: You maintain control over your data through:

• Granular cookie consent choices via Cookiebot
• Direct wishlist deletion capabilities
• Easy contact methods for data subject requests
• Clear opt-out mechanisms for analytics and advertising

Data Breach Procedures

Incident Response: In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

• Assess and contain the breach promptly
• Notify relevant supervisory authorities within 72 hours where required by law
• Notify affected users without undue delay if high risk to individual rights
• Implement measures to prevent future incidents
• Document all incidents for regulatory compliance