PRIVACY POLICY AND PERSONAL DATA PROCESSING

WESCA Last updated: March 5, 2026

1. Scope and Responsibility

This Privacy Policy governs the collection, use, and protection of the personal information of users who interact with the WESCA website and services.

  • Data Controller: WESCA.
  • Legal and Privacy Contact: empresa@wesca.com.

2. Categories of Data Collected

We collect data exclusively under the principle of minimization:

  • Identification and Contact: Name, email address, telephone number, address, and identity document.
  • Credentials: Encrypted username and passwords.
  • Financial: Billing and payment processing data.
  • Technical and Usage: IP addresses, device identifiers, and platform behavior.
  • Sensitive Data: Only under explicit consent and strict operational necessity.

3. Purposes and Legal Bases

All data processing at WESCA is based on a specific legal ground to avoid audit ambiguities:

  • Contract Execution: To provide services, manage user accounts, and process payments.
  • Legitimate Interest: For fraud prevention, platform security, and statistical product analysis.
  • Implied Consent: By accessing, interacting with, and continuing to navigate our platform, you consent to the deployment of cookies and tracking technologies for analytics and marketing, as detailed in our Cookie Policy.
  • Legal Compliance: To address rights requests and authority requirements.

4. Data Retention

Data will be kept under strict timeframes to minimize risk exposure:

  • Billing and Transaction Data: 5 years, in strict compliance with tax regulations.
  • Inactive Account Data: Will be deleted or anonymized after 24 continuous months of inactivity.
  • Operational Data: For the duration of the commercial relationship with the user.

5. Third Parties and Sub-processors

We share information under data processing agreements (DPA) to ensure confidentiality. Our categories of sub-processors include:

  • Infrastructure and Hosting: (e.g., AWS, Google Cloud).
  • Payment Processors: (e.g., Stripe, PayPal).
  • Analytical and CRM Tools: (e.g., Google Analytics, HubSpot).
  • Corporate Operations: In the event of a merger or acquisition, data will be transferred with prior notification to users.

6. Regulatory Compliance (United States and Venezuela)

WESCA operates under a layered compliance model:

  • United States: Compliance with state regulations and federal regulations (FTC, COPPA).
  • Venezuela: Protection based on Article 60 of the National Constitution, the Law on Protection of Privacy of Communications, and the Special Law against Computer Crimes.

7. User Rights

Every user, regardless of jurisdiction, may exercise the following rights:

  • Access, Rectification, and Deletion: To know, correct, or request the deletion of their data.
  • Limitation and Portability: To restrict use or export their data.
  • Execution Channel: Via empresa@wesca.com or through our portal https://www.wesca.com/contact. We require prior identity verification.

8. Security and Incident SLA
We apply encryption in transit, access controls, and audits to protect your information.

  • Security Breach SLA: In the event of a confirmed breach that compromises the viability of personal data, WESCA will notify affected users and relevant authorities within a maximum period of 72 hours.

9. Protection of Minors 
Our services are not directed at children under 13. Any accidental collection will be deleted immediately upon detection, in compliance with regulations such as COPPA.

10. Complementary Policies

For a comprehensive understanding of our legal operation, this policy should be read in conjunction with:

  • Cookie Policy: Details the use of trackers and their configuration.