Privacy policy

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “Regulation”), and Act No. 18/2018 Coll. on the Protection of Personal Data and on Amendments and Supplements to Certain Acts (hereinafter referred to as the “Personal Data Protection Act”)

(hereinafter referred to as the “Privacy Policy”)

1. INTRODUCTORY PROVISIONS

1.1. These Privacy Policy terms of WageNow, s.r.o., with its registered office at Horná 37, 97401 Banská Bystrica, Slovak Republic, Company ID (IČO): 54 392 276, registered with the Commercial Register of the District Court Banská Bystrica, Section: Sro, File No.: 44892/S, as the Provider, govern the principles of personal data protection related to the collection and processing of data arising from contractual and related relationships between the Provider and the Recipient, as defined below.

1.2. This Privacy Policy outlines which information the Provider of WageNow TM Benefits, as the data controller, collects and processes from the Recipient, and describes the security measures in place to ensure the necessary protection of the Recipient’s personal data.

1.3. By activating an Account and using the Application, the Recipient consents to the processing of personal data and agrees to this Privacy Policy.

1.4. In accordance with Article 6(1)(b) of the Regulation, the Provider also processes the Recipient’s personal data without the Recipient’s explicit consent, as such processing is necessary for the performance of contracts to which the Recipient is a party.

1.5. The Provider’s contact details are: Phone: +421 918 445 694, Email: pomoc@wagenow.sk

2. DEFINITIONS

The terms defined in this section shall have the meanings set forth herein for the purposes of this Privacy Policy or in any other documents referred to by this Privacy Policy, unless otherwise stated in such documents:

Application refers to the Provider’s application under the name WageNow, which can be used either as a mobile application (hereinafter also “Mobile Application”) after being installed on a Device, or as a web application accessible through the Website (hereinafter also “Web Application”). The Application serves the following purposes:

a) creating the Recipient’s personal Account,
b) logging into the Recipient’s Account,
c) submitting Requests by the Recipient,
d) displaying the Available Balance,
e) displaying Statements.

WageNow TM Benefit is the set of products and services provided by the Provider and third-party partners, particularly the benefit that allows flexible access to wages—i.e., granting the Recipient a portion of their wage before the official payday based on the Recipient’s Request, or the provision of funds from the Provider to the Recipient in the form of an interest-free and cost-free loan.

Account refers to the user account created for the Recipient by the Provider and subsequently activated by the Recipient in the Application. It is protected by the Recipient’s login credentials (email and password) and is used to access the Application and the services provided through it.

Personal Data refers to the data defined in Article 3.1 of this Privacy Policy.

Statement is the information about the WageNow TM Benefits provided, including repayment information. Statements are visible to the Recipient in the Application under the “Withdrawal History” section after logging into their Account.

Recipient means a natural person who is either employed by an Employer or otherwise cooperates with the Employer based on a different contractual relationship and, upon meeting the agreed conditions, is entitled to draw the WageNow TM Benefit.

Provider refers to the administrator and provider of the WageNow TM Benefits. The Provider owns the copyright and other intellectual property rights related to the Application and acts as the controller of Personal Data. The Provider is WageNow, s.r.o., with its registered office at Horná 37, 97401 Banská Bystrica, Slovak Republic, Company ID (IČO): 54 392 276, registered with the Commercial Register of the District Court Bratislava I, Section: Sro, File No.: 158682/B.

Complaint refers to the Recipient’s submission via the Application asserting a claim regarding the accuracy or quality of the services provided by the Provider that are subject to Other Agreements.

Website means the Provider’s website: www.wagenow.sk.

Device refers to a mobile phone, tablet, PC, or any other device with internet access that meets the hardware and software requirements necessary to use or install the Application.

Employer refers to the company that employs the Recipient and/or cooperates with the Recipient under another contractual arrangement, and which has entered into a cooperation agreement with the Provider concerning the rights and obligations related to the provision of the WageNow TM Benefit to its employees or associated persons.

Request is a submission by the Recipient via the Application to receive the WageNow TM Benefit in an amount determined by the Recipient, up to a maximum amount defined by the Provider based on pre-established criteria that form part of the Agreements.

Agreements refer to the contracts concluded between the Recipient and the Provider. If the Recipient is an employee of the Employer, these include especially (i) the Framework Agreement between the Provider and the Recipient outlining mutual rights and obligations and the conditions for drawing the WageNow TM Benefit, and (ii) the Wage Deduction Agreement between the Recipient and the Employer, which defines the terms of repaying the granted WageNow TM Benefits to the Provider via payroll deductions by the Employer. If the Recipient cooperates with the Employer under a different contractual relationship (non-employment), the Agreement is mainly a Framework Agreement concluded among the Recipient, the Employer, and the Provider, which defines the rights and obligations related to the provision and repayment of the WageNow TM Benefit.

3. PROCESSED PERSONAL DATA

3.1. The Provider processes the following categories of personal data:

a) Identification data of the Recipient provided by the Employer (e.g., first and last name, date of birth, personal identification number)
b) Contact details (e.g., email address, phone number)
c) Information from communication between the Recipient and the Provider, if such information qualifies as personal data under the Regulation or the Personal Data Protection Act (e.g., email, chat, SMS messages, notifications)
d) Data related to the use of the Application and services provided through it (e.g., statistical data on how the Application is used; information on Account usage)
e) Transaction data (e.g., the Recipient’s bank account number)
f) Economic data (e.g., salary information, hours worked, amounts of WageNow TM Benefits already received, amounts of WageNow TM Benefits already repaid to the Controller, total income or regular expenses of the Recipient)
g) Other data and information necessary to generate Statements (to the extent of the data included in such Statements)
h) Technical data about the device from which the Recipient logs in and manages the Account through the Application (e.g., IP address, device operating system, browser settings, Application settings, cookies)
i) Other Personal Data if the Recipient voluntarily enters additional personal information in their Account.

3.2. The Recipient’s Personal Data is provided to the Provider either by the Recipient themselves or by the Employer.

3.3. The Recipient acknowledges that they are obliged to always provide accurate and truthful Personal Data and to inform the Provider and their Employer without undue delay about any changes.

4. PURPOSES OF PROCESSING AND RETENTION PERIOD OF PERSONAL DATA

4.1. The Provider processes the Recipient’s Personal Data under the Regulation on the basis of:
(i) performance of Agreements,
(ii) compliance with legal obligations,
(iii) the Provider’s legitimate interests, and/or
(iv) the Recipient’s legitimate interests.

4.2. In accordance with the Regulation, the Provider processes the Recipient’s Personal Data mainly for the following purposes:

(i) Identification and verification of the Recipient’s identity: The Provider must identify and verify the Recipient to provide services under the Agreements through the Application. Personal Data is processed as part of contract performance. Data is retained for the duration of the Agreements and for three years after their termination.
(ii) Use of the Application and handling of Requests: Personal Data is processed as part of contract performance. Data is retained for the duration of the Agreements and for three years after their termination.
(iii) Communication with the Recipient and handling complaints and claims: The Provider processes Personal Data for handling Recipient inquiries, suggestions, complaints, and claims. Data is processed as part of contract performance and retained for the duration of the Agreements and three years thereafter.
(iv) Fraud monitoring and prevention: The Provider processes Personal Data of the Recipient and potentially of other individuals to monitor Application usage and detect fraud, in order to protect both its own and the Recipient’s interests. Data is processed based on the Provider’s legitimate interest and retained during the Agreements and for three years thereafter, or longer if a fraud case is being resolved.
(v) Improvement of the Application: Data is processed based on the Provider’s legitimate interest and retained for the duration of the Agreements.
(vi) Resolution of legal disputes involving the Provider: The Provider may process Personal Data of the Recipient and others to assert, enforce, or defend legal claims. Data is processed based on the Provider’s legitimate interest and retained for the duration of any dispute.
(vii) Direct marketing: The Provider processes the Recipient’s Personal Data to inform them about its services and products. Data is processed based on the Provider’s legitimate interest and retained for the duration of the Agreements.
(viii) Resolution of Recipient’s disputes (based on consent): The Provider may process the Recipient’s Personal Data to assert or enforce the Recipient’s claims against the Employer in case of unpaid wages. Data is processed based on the Recipient’s legitimate interest and retained for the duration of any dispute.
(ix) Activities related to the Provider’s archiving obligations.

4.3. When processing Personal Data based on the Provider’s legitimate interest, all necessary steps will be taken to ensure that the impact on the Recipient’s privacy is minimized and that a balance is maintained between the Provider’s legitimate interests and the Recipient’s right to privacy.

4.4. The Provider will retain data, including Personal Data, for the periods mentioned above, unless a longer retention period is required by law. Once the retention period expires, the Provider will delete the Personal Data.

4.5. If the Recipient does not complete Account activation, their Personal Data will be deleted no later than 365 (three hundred sixty-five) days after the last step in the incomplete registration process, provided that the Agreements have expired.

4.6. Personal Data is processed either electronically in an automated manner or in paper form manually. The Provider does not carry out automated individual decision-making within the meaning of Article 22 of the Regulation.

5. COOKIES

5.1. The Provider uses so-called cookies when the Application is used. Cookies are small data files that are stored on the Recipient’s Device upon visiting the Website or logging into the Account. These files enhance the user experience and help the Provider deliver better services. Cookies do not harm the Recipient’s Device, cannot be assigned to a specific individual, do not contain personal data, and cannot be used to collect personal information.

5.2. As part of cookie usage, the Provider records the Recipient’s URL address, IP address, browser type and language, hostname, screen resolution, location and time zone, type of Device, and the date and time of the Application visit, as well as information on which part of the Application the customer visited.

5.3. If the Recipient visits the Website and logs into the Application using a browser with settings that allow the storage of cookies, the Provider considers such settings as consent to the use and storage of cookies. If the Recipient does not wish to have cookies stored on their device, they can disable this function in their device settings.

6. DISCLOSURE OF PERSONAL DATA

6.1. The Provider may disclose Personal Data to other trusted entities if necessary for the performance of Agreements, if the Recipient has given consent for such disclosure, or if there is another legal basis for sharing the Personal Data—such as the Provider’s legal obligations. These trusted parties may include, for example:

the Employer,
payment service providers involved in managing WageNow TM Benefit disbursements,
accounting, tax, and/or legal service providers,
cloud service providers,
providers of other services used by the Provider to implement software tools that contribute to the efficiency and effectiveness of cooperation between the Provider and the Recipient or Employer, and who ensure an adequate level of data protection through appropriate measures and compliance with the Regulation,
web analytics and evaluation tool providers,
SMS gateway providers (for handling phone numbers),
customer service providers.

6.2. Personal Data will be shared only to the minimal and necessary extent required for the stated purposes.

6.3. The Provider does not share Personal Data it processes with entities located outside the European Union or with international organizations. However, Personal Data may be subject to cross-border transfers to third countries outside the EU that provide an adequate level of data protection.

7. DATA SECURITY

7.1. The Recipient’s Personal Data is adequately protected against loss, destruction, alteration, misuse, unauthorized disclosure, transmission, and/or processing through appropriate technical and organizational measures. These measures are implemented with consideration for the current state of technology, the costs of implementation, the nature, scope, context, and purposes of processing, as well as the level of risk to the rights and freedoms of natural persons.

7.2. To ensure the required level of security, the Provider has implemented the following technical and organizational measures, internal control systems, and IT protection mechanisms, including but not limited to:

Device security (e.g., use of usernames and passwords),
Data encryption (e.g., SSL certificates),
Restrictions on the retention, handling, and/or disposal of data,
Regular data backups and restoration procedures, etc.

8. RECIPIENT’S RIGHTS RELATED TO THE PROCESSING OF PERSONAL DATA

8.1. In connection with the processing of Personal Data, the Recipient has the following rights:

(i) Right of access to Personal Data (Article 15 of the Regulation):
The Recipient has the right to request information from the Provider about whether or not their Personal Data is being processed, as well as details regarding the purposes of the processing, the categories of processed Personal Data, recipients or categories of recipients, etc. The Recipient also has the right to request a copy of the Personal Data being processed.

(ii) Right to rectification or completion of Personal Data (Article 16 of the Regulation):
The Recipient has the right to request the correction of inaccurate or the completion of incomplete Personal Data.

(iii) Right to erasure of Personal Data – the “Right to be forgotten” (Article 17 of the Regulation):
The Recipient has the right to request that the Provider erase their Personal Data without undue delay in specific cases, such as when the data is no longer necessary for the purposes for which it was collected or otherwise processed; when consent is withdrawn; when the data has been processed unlawfully; or when there is a legal obligation to delete the data. The Provider will carry out such deletion upon review and validation of the Recipient’s request.

(iv) Right to restriction of processing (Article 18 of the Regulation):
The Recipient may request restriction of Personal Data processing, for example: if the accuracy of the Personal Data is contested (for the period during which the Provider verifies its accuracy); if the Provider no longer has a legal basis for processing but the Recipient requests restriction instead of erasure; or if the data is needed by the Recipient for the establishment, exercise, or defense of legal claims.

(v) Right to data portability (Article 20 of the Regulation):
The Recipient has the right to receive their Personal Data in a structured, commonly used, and machine-readable format, and to transfer it to another controller, provided that the data was collected based on a contract or the Recipient’s consent and is processed by automated means.

(vi) Right to object (Article 21 of the Regulation):
The Recipient has the right to object, on grounds relating to their particular situation, to the processing of Personal Data where it is based on a legitimate interest or carried out in the public interest, including profiling based on such grounds.

(vii) Right not to be subject to automated individual decision-making, including profiling (Article 22 of the Regulation):
The Recipient has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or significantly affects them. This right does not apply if the decision:
a) is necessary for entering into or performing a contract between the Recipient and the Provider,
b) is authorized by EU or Member State law with appropriate safeguards,
c) is based on the Recipient’s explicit consent.

(viii) Right to withdraw consent (Article 7 of the Regulation):
The Recipient has the right to withdraw their consent to the processing of Personal Data at any time, provided the data was originally processed based on consent.

(ix) Right to lodge a complaint with a supervisory authority (Article 77 of the Regulation):
The Recipient has the right to submit a complaint to the Office for Personal Data Protection of the Slovak Republic at:

Office for Personal Data Protection of the Slovak Republic
Hraničná 4826/12
820 07 Bratislava
Phone: +421 2 3231 3214
Email: statny.dozor@pdp.gov.sk

8.2. The Recipient may contact the Provider at any time to inquire about the processing of their Personal Data via email at pomoc@wagenow.sk.

8.3. The Provider will only provide information regarding the processing of Personal Data upon receiving a request from the Recipient that includes all necessary information and supporting documents required for processing the request and verifying its legitimacy. The Provider must also be able to reliably verify the identity of the Recipient. Without successful identity verification, the Provider is not obligated to provide any information regarding Personal Data processing. This procedure is in place to prevent unauthorized access to the Recipient’s Personal Data and to protect their rights from being violated by unauthorized parties.

9. FINAL PROVISIONS

9.1. The Provider reserves the right to update this Privacy Policy at any time, particularly in connection with changes in legislation. The current version of the Policy will always be available on the Website and within the Application. In the event of a significant change to personal data protection—especially in the methods of data processing—the Controller will fulfill its information obligation by clearly notifying users of such changes (both in the Application and on the Website) before they are implemented.

9.2. The Provider handles the Recipient’s Personal Data with the utmost care and respect, processes it in accordance with applicable legal regulations, and applies available technical safeguards. If the Recipient has any questions regarding Personal Data protection that are not answered in this Privacy Policy, they are entitled to contact the Provider at: pomoc@wagenow.sk.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
elementor	never	The website's WordPress theme uses this cookie. It allows the website owner to implement or change the website's content in real-time.
pll_language	1 year	The pll _language cookie is used by Polylang to remember the language selected by the user when returning to the website, and also to get the language information when not available in another way.
rc::a	never	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
rc::c	session	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_clck	1 year	Microsoft Clarity sets this cookie to retain the browser's Clarity User ID and settings exclusive to that website. This guarantees that actions taken during subsequent visits to the same website will be linked to the same user ID.
_clsk	1 day	Microsoft Clarity sets this cookie to store and consolidate a user's pageviews into a single session recording.
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
CLID	1 year	Microsoft Clarity set this cookie to store information about how visitors interact with the website. The cookie helps to provide an analysis report. The data collection includes the number of visitors, where they visit the website, and the pages visited.
MR	7 days	This cookie, set by Bing, is used to collect user information for analytics purposes.
SM	session	Microsoft Clarity cookie set this cookie for synchronizing the MUID across Microsoft domains.

Cookie	Duration	Description
ANONCHK	10 minutes	The ANONCHK cookie, set by Bing, is used to store a user's session ID and verify ads' clicks on the Bing search engine. The cookie helps in reporting and personalization as well.
MUID	1 year 24 days	Bing sets this cookie to recognise unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.