← Home

Privacy Policy

Last updated: 11 May 2026

1. Data controller

The data controller for personal data collected through the Puncheo platform is Thalamuscorp (hereinafter "Puncheo" or "we"), contact address: arco@thalamus.global.

2. Data we collect

We collect the following personal data when you register and use Puncheo:

  • Identification data: first name, last name, mobile phone number and email address.
  • Profile data: country, language and communication preferences.
  • Business data (retailers only): business name, country, address and tax details.
  • Technical data: IP address, browser type, operating system and session data.

3. Purposes and legal basis

We process your data for the following purposes and legal bases:

  • Service provision (Art. 6(1)(b) GDPR — contract performance): account management, authentication, loyalty programme management.
  • Legal obligations (Art. 6(1)(c) GDPR): retention of records required by applicable law.
  • Marketing communications (Art. 6(1)(a) GDPR — consent): sending news and promotions, only if you have given explicit consent.

4. Retention

We will retain your personal data for as long as your account remains active. After account deletion, data will be erased within a maximum of 3 years, unless applicable law requires a longer retention period.

5. Recipients and international transfers

Puncheo uses Google Cloud (region europe-west1, Belgium) for platform hosting and Google Maps for business geolocation. These services provide appropriate safeguards under Chapter V GDPR.

We do not sell or share your data with third parties for commercial or advertising purposes.

6. Your rights

Under the GDPR, you have the right to:

  • Access your personal data.
  • Rectify inaccurate or incomplete data.
  • Request erasure of your data ("right to be forgotten").
  • Object to processing or request restriction.
  • Request data portability.
  • Withdraw consent at any time.

To exercise any of these rights, write to us at arco@thalamus.global. If you are not satisfied, you may lodge a complaint with your national supervisory authority.

7. Security

We apply appropriate technical and organisational measures to protect your data against unauthorised access, loss or disclosure, including encryption in transit (TLS) and at rest.

8. Changes to this policy

We may update this policy periodically. The date of the last update is shown at the top of this document. We will notify you of material changes via a notice on the platform or by email.

See also our Terms and Conditions.