Privacy Policy
Protecting Your Privacy, Our Top Priority
The company Wolet d.o.o., Sremska Mitrovica, registration number: 22133659, is the controller of personal data (hereinafter: the "Controller") collected through the "Kinta" application (hereinafter: the "App") and the website www.kinta.finance (hereinafter: the "Website"). Respecting your right to privacy, this Privacy Policy — in accordance with the Law on Personal Data Protection ("Official Gazette of RS", no. 87/2018), as well as European Union laws and standards — informs you of the following: the types of personal data we collect and process; the purpose of data collection and processing; the legal basis for data processing; the data retention period; data security; the rights of data subjects; transfer of data to third parties; cookies and tracking technologies; the Controller's contact details; and amendments to this Privacy Policy.
This Privacy Policy is an integral part of the Terms & Conditions of our App and Website. Definitions used in this document have the same meanings as in our Terms & Conditions.
This Privacy Policy applies to all persons who download the App on their device, as well as all persons who access our Website.
Types of Personal Data We Collect and Process
Technical Data and Usage Data. By merely accessing the Website or downloading the App, the following data is automatically collected: the device used to access the service, the operating system and its version, the device brand and type, information about the internet network used, location data (Internet Protocol address), duration of App use, and settings and performance data — all collected through cookies and tracking technologies. Technical data and usage data enable the functionality, stability, and security of the App and Website.
Personal Data Collected When Subscribing to the Newsletter. In the event of subscribing to the Newsletter on our Website, the data we collect includes your first name, last name, and email address.
Personal Data Collected When Creating a User Account. When creating a User Account, the data we collect includes your first name, last name, and email address. Each account is automatically assigned a randomly generated 6-character ID code used for internal identification within the App. In this way, we apply a pseudonymisation measure, significantly increasing the level of protection of your privacy and data security.
Fiscal Receipt Data. When scanning a fiscal receipt in the App, the data contained on the receipt is retrieved and securely stored in a Firebase database. The App requires access to the camera solely for the purpose of scanning QR codes and the contents of fiscal receipts. Images are not used to identify users nor are they shared with third parties for advertising purposes; they are used exclusively to provide the services you request from us.
Data on Interactions with Penny AI. The App uses artificial intelligence technology to provide interactive analysis at the User's request and real-time query responses. When using Penny AI, the content of the messages you send, as well as basic session data, are collected exclusively for the purpose of providing the services you request from us.
User Behaviour Data During Use of the App and Website. In order to improve the performance of the App and Website, and to personalise and enhance the user experience, we collect data on user behaviour during use. We collect this type of data exclusively with your explicit consent. When collecting analytical data in the App, we use Google Analytics for Firebase.
Note: If you wish to use additional features of our App that are subject to a separate charge, payment service providers collect the information necessary to process payments for our services. We do not process your credit or debit card data, as payment is made through the App Store or Google Play platform. The App uses automated analysis (profiling) via Penny AI to provide you with insights into your expenses, while we use Google Analytics to analyse usage of the App itself. This processing is solely for the purpose of improving your user experience.
Purpose of Data Collection and Processing
Wolet d.o.o., Sremska Mitrovica, as the personal data controller, collects and processes personal data exclusively for the following purposes: providing the services you request in connection with the use of the App; enabling the functionality, stability, and security of the App and Website; sending the Newsletter (if you have subscribed); creating a User Account; and improving and personalising your user experience.
Legal Basis for Data Processing
The legal basis for processing your personal data is: your consent; performance of a contractual obligation; pursuit of the Controller's legitimate interests; and compliance with legal obligations to which we are subject.
Data Retention Period
Your data may be processed for as long as the purpose of processing exists — that is, until the withdrawal of consent or approval for processing, the fulfilment of a contractual obligation, or the submission of an objection where the legal basis is the Controller's legitimate interest. We will also delete all your data provided to us during the use of the App or Website if you request this, exercising your right to erasure (see "Rights of Data Subjects" below). In the event of the company ceasing operations or the service being discontinued, your data will be permanently deleted. Receipt data is retained until you delete it or until you delete your User Account. Analytical data is retained in aggregated, non-identified form for up to 14 months.
Data Security
Wolet d.o.o., as the personal data controller, applies appropriate technical and organisational protection measures to ensure that your data is secure. These measures include data encryption during transmission, secure storage of data in our databases, restricting access to personal data to authorised personnel only, and regularly monitoring and improving our security procedures in order to maintain a high standard of data protection. If your personal data is compromised in any way, the Controller will notify you in accordance with applicable regulations.
Rights of Data Subjects
As a User, in accordance with the Law on Personal Data Protection and the EU General Data Protection Regulation (GDPR), you have the following rights: the right to request from the Controller information as to whether it is processing your personal data, as well as access to such data; the right to request that inaccurate personal data be corrected without undue delay, as well as the right to have your personal data completed, and the right to erasure of data; the right to restriction of processing of your personal data; the right to receive from the Controller the personal data you have previously provided, in a structured, commonly used, and electronically readable format, and to have such data transferred to another controller; the right to object at any time to the processing of your personal data, in which case processing will be discontinued unless there are compelling legal grounds that override your interests; the right to withdraw consent where data is processed on the basis of consent, it being understood that withdrawal does not affect the lawfulness of processing carried out prior to its withdrawal; and the right to lodge a complaint with the local supervisory authority. The supervisory authority in the Republic of Serbia is the Commissioner for Information of Public Importance and Personal Data Protection.
Transfer of Data to Third Parties
In processing data, we also use the support of external processors, who may have access to your data solely on the basis of our authorisation and in accordance with our instructions. We engage only those processors who provide sufficient guarantees of the application of appropriate technical and organisational data protection measures. Your data may also be transferred to other countries and international organisations. Google LLC (Google Cloud, Firebase, Google Gemini), as our processor, is listed among organisations certified under the Data Privacy Framework. In the event of data transfer to other processors in the USA, Standard Contractual Clauses on data protection will apply.
Cookies and Tracking Technologies
Our Website and App use cookies and tracking technologies adapted to mobile platforms. These enable recognition of your device, and the tracking and analysis of your behaviour. In order to continuously make improvements, information is collected such as how you use the Website, your interests, pages you have visited, data about the logged-in User, interaction with content, measurement of certain aspects of the Website's performance, information about the device used to access the Website, the location from which the Website is accessed, and the operating system.
Our Website and App use the Google Analytics and Google Analytics for Firebase tools. These technologies enable analysis of how you use the Website and App, and the compilation of reports and the provision of additional services in connection with their use.
For more details on how Google processes and uses data, please visit: https://policies.google.com/technologies/partner-sites
We use different sets of cookies, categorised as follows:
Necessary Cookies — These cookies are necessary for the proper functioning of the Website and cannot be disabled.
__cf_logged_in — Cloudflare (security & authentication) — Duration: 1 month cfuvid — Cloudflare (rate limiting & abuse prevention) — Duration: Session CF_VERIFIED_DEVICE* — Cloudflare (bot & device verification) — Duration: 1 year crisp-client/session/* — Crisp (maintains live chat session) — Duration: 6 months
Analytical Cookies (with your consent) — Help us understand how visitors interact with our Website.
_ga — Google Analytics (distinguishes unique users) — Duration: 2 years _ga_QR0QES6K4R — Google Analytics GA4 (session tracking) — Duration: 2 years cfz_google-analytics_v4 — Cloudflare Zaraz / Google Analytics (GA4 data cache) — Duration: 1 year cfz_amplitude — Cloudflare Zaraz / Amplitude (event tracking) — Duration: 1 year sparrow_id — Cloudflare Zaraz (device/user identification) — Duration: 6 months
Marketing Cookies (with your consent) — Used for advertising and marketing purposes.
_fbp — Meta / Facebook Pixel (ad targeting & conversion tracking) — Duration: 90 days cfz_facebook-pixel — Cloudflare Zaraz / Meta (Facebook Pixel cache) — Duration: 1 year gcl_au — Google Ads (conversion linking) — Duration: 90 days cfz_adobe / kndctr* — Adobe Experience Cloud (user identity for Adobe analytics) — Duration: 1 year _biz_flagsA / _biz_nA / _biz_pendingA / _biz_uid — Bizible / Microsoft (B2B marketing attribution) — Duration: 1 year
Apart from necessary cookies, we use analytical and marketing cookies only if you give us explicit consent through the banner on the Website or by giving consent after creating a user account in the App. You can manage your preferences at any time through the settings available in the App under "Settings."
Controller's Contact Details
The controller of your personal data is Wolet d.o.o., Sremska Mitrovica. Registered address: Kralja Petra I, 81A, 22000 Sremska Mitrovica, Republic of Serbia. Registration number: 22133659. Tax ID (PIB): 115252746. Legal representative: Tijana Gvozdenović. All questions regarding the processing of your personal data and the exercise of your rights may be directed to: hello@kinta.finance
Amendments to the Privacy Policy
This Privacy Policy may be amended and adapted in order to comply with applicable regulations, as well as in the event of changes in business practices relating to personal data protection. We will inform you of any material changes by means of a prominent notice on our Website and within the App.
