1. Controller

The data controller under the GDPR is:

WYND Capital GmbH
Schöne Aussicht 24
22085 Hamburg
Germany
Email: info@wynd.world

2. Scope of This Policy

This Privacy Policy explains how we collect, use, disclose, and protect personal data when you:

• visit or use the Platform,
• create an account,
• contact us,
• book or participate in Activities,
• use membership features,
• use token-related features (if applicable),
• receive communications from WYND.

This Policy applies to Platform processing as controller. Some third parties (e.g., payment providers) may act as independent controllers.

3. Categories of Personal Data We Process

Depending on your interaction, we may process:

3.1 Identity & Contact Data

• name, email, phone number, address, country of residence,
• date of birth (where required for eligibility or safety).

3.2 Account & Profile Data

• username, login status, preferences, settings.

3.3 Booking & Participation Data

• chosen Activity, dates, accommodation allocation,
• preferences (e.g., dietary preferences), emergency contact,
• travel-related details necessary for operational planning.

3.4 Payment & Transaction Data

• payment status, transaction IDs, invoices, receipts,
• chargeback/dispute status.
  (We generally do notstore full card data; payment providers handle it.)

3.5 Communications

• emails, support tickets, chat messages, feedback.

3.6 Technical & Usage Data

• IP address, device identifiers, browser type,
• logs, approximate location derived from IP,
• pages visited, clicks, timestamps, performance metrics.

3.7 Cookies & Consent Data

• cookie IDs, consent state, preference settings.

3.8 Media Data

• photos/videos created during Activities (where applicable), subject to notices and opt-out mechanisms.

3.9 Special Category Data

• health-related data (e.g., allergies) only if voluntarily providedand only to the extent necessary for safety/operations, with appropriate safeguards.

4. Sources of Data

We collect data:

• directly from you (forms, bookings, emails),
• automatically via the Platform (logs, cookies),
• from partners/providers (payment confirmation, fraud signals),
• from event partners where required to deliver the Activity.

5. Purposes of Processing

We process data for:

5.1 Platform Operation

• account creation, authentication, troubleshooting, service functionality.

5.2 Contract Performance

• processing bookings, organizing participation, delivering Activities,
• communicating about schedules, requirements, safety, and changes.

5.3 Customer Support

• responding to inquiries, handling complaints, assisting with issues.

5.4 Payments, Accounting, Compliance

• invoicing, payment reconciliation, statutory retention, audits.

5.5 Security & Fraud Prevention

• detecting suspicious activity, protecting accounts and transactions,
• incident response and security monitoring.

5.6 Marketing (Where Lawful)

• newsletters, updates, offers (with consent where required),
• measurement of campaign effectiveness (only with consent where required).

5.7 Service Improvement

• analytics, performance, UX optimization, product development.

6. Legal Bases (GDPR)

We rely on the following legal bases:

• 6(1)(b)contract performance (bookings, account operation)
• 6(1)(c)legal obligation (tax/accounting retention)
• 6(1)(f)legitimate interests (security, fraud prevention, improvement)
• 6(1)(a)consent (marketing, non-essential cookies)
• 9(2)(a)explicit consent (special category data where applicable)

You can withdraw consent at any time without affecting processing prior to withdrawal.

7. Cookies and Similar Technologies

We use cookies and similar tools for:

• essential functionality (login, security),
• analytics (performance, usage),
• marketing (only where enabled and consented).

You can manage or withdraw cookie consent via the cookie banner/settings.

8. Recipients and Data Sharing

We share data only when necessary:

8.1 Processors

• hosting/infrastructure providers,
• analytics and security service providers,
• customer support tooling.

8.2 Independent Controllers

• payment service providers (processing transactions),
• certain platforms/tools where you interact directly.

8.3 Operational Partners

• event logistics partners, crew coordination, on-site providers (only to deliver the Activity).

8.4 Legal / Authorities

• auditors, legal advisors, authorities where required by law.

All processors are bound by data processing agreements where required.

9. International Transfers

WYND operates internationally. If data is transferred outside the EEA/UK:

• we implement appropriate safeguards (e.g., EU SCCs),
• and apply additional measures where required.

10. Data Retention

We retain data only as long as needed for:

• contract performance,
• legitimate purposes (security, dispute handling),
• legal obligations (tax/accounting).

Retention periods vary by category. You may request details at info@wynd.world.

11. Data Security

We apply appropriate technical and organizational measures, including:

• access controls, least-privilege access,
• encryption where appropriate,
• monitoring and incident response.

No system is fully secure; we continuously improve safeguards.

12. Your Rights

Subject to GDPR conditions, you have rights to:

• access, rectification, erasure,
• restriction, objection,
• portability,
• withdrawal of consent.

Requests can be sent to info@wynd.world.

13. Complaints

You may lodge a complaint with a supervisory authority in your country of residence/work or where a GDPR infringement is alleged.

14. Changes to This Policy

We may update this Policy due to legal, technical, or operational changes. The “Last updated” date will reflect changes.