Privacy policy

Privacy policy

Privacy policy

Wairo Creative AI Studio Ltd. ("Wairo," "we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website (wairo.mt) or use our services.


This policy complies with the General Data Protection Regulation (GDPR) and Malta's Data Protection Act.


1. Data Controller


Wairo Creative AI Studio Ltd.
132, ix-Xatt, Ta' Xbiex, Malta
Email: [email protected]
Phone: +356 9994 2339

We are the data controller responsible for your personal data.


2. What Information We Collect


2.1 Information You Provide

  • Contact Information: Name, email address, phone number, company name

  • Project Information: Brief descriptions, requirements, content specifications

  • Payment Information: Billing address, payment method details (processed securely by Stripe and PayPal)

  • Communication Records: Emails, messages, and other correspondence


2.2 Information Collected Automatically

  • Usage Data: IP address, browser type and version, pages visited, time spent on pages, referring website

  • Device Information: Device type, operating system, unique device identifiers

  • Cookies and Tracking Technologies: See Section 4 below


2.3 Information from Third Parties

We may receive information about you from payment processors (Stripe, PayPal) necessary to complete transactions.



3. Legal Basis for Processing

We process your personal data based on:

  • Contractual Necessity: To provide services you've requested

  • Legitimate Interest: To improve our services, communicate with prospects, and conduct business operations

  • Consent: When you've given explicit permission (e.g., marketing emails)

  • Legal Obligation: To comply with tax, accounting, and legal requirements


4. Cookies and Tracking Technologies


4.1 Cookies We Use

  • Essential Cookies: Required for website functionality

  • Analytics Cookies: Google Analytics to understand website usage and improve user experience

  • Payment Cookies: Stripe and PayPal cookies for secure payment processing


4.2 Managing Cookies

You can control cookie preferences through your browser settings. Disabling cookies may affect website functionality.

For Google Analytics, you can opt out using the Google Analytics Opt-out Browser Add-on.


5. How We Use Your Information

We use your personal data to:

  • Provide Services: Execute projects, deliver AI solutions, communicate about your project

  • Process Payments: Handle invoicing and payment transactions

  • Customer Support: Respond to inquiries and provide technical support

  • Service Improvement: Analyze website usage to enhance user experience

  • Marketing Communications: Send newsletters, updates, and promotional content (with your consent)

  • Legal Compliance: Meet tax, accounting, and regulatory obligations



6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We may share data with:



6.1 Service Providers

  • Payment Processors: Stripe and PayPal for secure payment processing

  • Cloud Services: Amazon Web Services (AWS) for data hosting in EU servers

  • Analytics: Google Analytics for website analytics

All third-party providers are GDPR-compliant and bound by data processing agreements.



6.2 Legal Requirements

We may disclose data when required by law, court order, or to:

  • Protect our legal rights

  • Prevent fraud or security threats

  • Comply with regulatory obligations


6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity, subject to the same privacy protections.


7. International Data Transfers

Your data is stored on EU-based servers (Amazon Web Services EU regions). If data is transferred outside the EU, we ensure adequate safeguards through:

  • Standard Contractual Clauses approved by the European Commission

  • Adequacy decisions by the European Commission

  • Explicit consent where required


8. Data Retention

We retain personal data for:

  • Active Clients: Duration of business relationship plus 1-3 years for legal and tax purposes

  • Prospective Clients: Up to 3 years after last contact

  • Website Visitors: Analytics data retained according to Google Analytics settings (typically 26 months)

  • Financial Records: 7 years minimum to comply with Maltese tax law

After retention periods expire, data is securely deleted or anonymized.


9. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption: Data encrypted in transit (SSL/TLS) and at rest

  • Access Controls: Restricted access to personal data on a need-to-know basis

  • Secure Infrastructure: EU-based AWS servers with industry-standard security

  • Regular Backups: Secure backup procedures to prevent data loss

While we take security seriously, no internet transmission is 100% secure. We cannot guarantee absolute security.


10. Your Rights Under GDPR

You have the following rights regarding your personal data:


10.1 Right of Access

Request a copy of the personal data we hold about you.


10.2 Right to Rectification

Request correction of inaccurate or incomplete data.


10.3 Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data, subject to legal retention requirements.


10.4 Right to Restriction

Request that we limit processing of your data in certain circumstances.


10.5 Right to Data Portability

Receive your data in a structured, machine-readable format and transfer it to another controller.


10.6 Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.


10.7 Right to Withdraw Consent

Withdraw consent for processing at any time (where consent is the legal basis).


10.8 Right to Lodge a Complaint

File a complaint with the Malta Information and Data Protection Commissioner or your local supervisory authority.

Exercising Your Rights


To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.


11. Marketing Communications

With your consent, we may send:

  • Newsletter updates

  • Service announcements

  • Promotional offers

  • Industry insights


You can opt out at any time by:

  • Clicking "unsubscribe" in any email

  • Emailing [email protected] with "unsubscribe" in the subject

  • Contacting us via phone



12. Children's Privacy

Our services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe we've collected data from a child, contact us immediately for deletion.


13. Third-Party Links

Our website may contain links to external websites. We are not responsible for the privacy practices of third-party sites. Review their privacy policies before providing personal information.


14. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect:

  • Changes in our practices

  • Legal or regulatory requirements

  • New features or services


Significant changes will be communicated via:

  • Website notice

  • Email notification to registered users


Continued use of our services after updates constitutes acceptance of the revised policy.


15. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal data:

Wairo Creative AI Studio Ltd.
132, ix-Xatt, Ta' Xbiex, Malta
Email: [email protected]
Phone: +356 9994 2339


Data Protection Inquiries: [email protected]