Data protection declaration for services from the Offerista Group

A – Scope of application, data controller, data protection officer

I SCOPE OF THE DATA PROTECTION DECLARATION

This data protection declaration informs you of the type, purpose and scope of the collection and processing of personal data for the following services.
Applications: Marktjagd App | Barcoo App | Wunderkauf App | Offerista App
Websites: Offerista.com  Barcoo.com | Marktjagd.de | Barcoo.at | Offerista.fr

II Name and address of the data controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) is the Offerista Group GmbH, Schützenplatz 14 in 01067 Dresden, Managing Directors Tobias Bräuer and Benjamin Thym, Fax: +49(0)351 – 418 894 – 99, datenschutz@offerista.com.

III Name and address of the data protection officer

The data protection officer for the data controller is Anja Przybilla, DAPROSEC GbR, Tieckstraße 17, 01099 Dresden, +49 351 31905088, info@daprosec.de.

B – General information on data processing

I Scope

We collect and use our users’ personal data to the extent necessary to provide a functioning website and to perform our services, including the location-based display of advertising from local retailers and service providers.
In order to make our services available to you free of charge, we finance our services through advertising revenue. Therefore it is necessary that we collect, in anonymous form, the data we need to be able to invoice our customers for the adverts.

II Legal basis

Insofar as we obtain the consent of the user, this serves as the legal basis for the processing of personal data pursuant to Art. 6 para. 1 sent. 1 lit. a) GDPR. When processing personal data that is required to fulfil a contract with the user, Art. 6 para. 1 sent. 1 lit. b) GDPR serves as the legal basis. If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests of the user do not prevail, Art. 6 para. 1 sent. 1 lit. f) GDPR serves as the legal basis.

III Storage period and data erasure

The user’s personal data will be deleted as soon as the purpose for its collection has been fulfilled. If the data controller is legally obliged to store the data beyond this time, the data will be blocked from the time that the original purpose is achieved until it is erased. Information on the storage period is provided for each type of processing.

C Data processing for apps

1. Access data (Server log files)

When you use our apps, we collect the data that is automatically sent during your use and that is required for the use of our services. This data includes your IP address, information on the user agent, as well as the date and time of the use of our services.
This data is stored in our system log files. This data is not stored together with other personal data relating to the user. The legal basis for the temporary storage of data is Art. 6 para. 1 sent. 1 lit. f) GDPR. The temporary storage of your IP address by the system is necessary. For these purposes, our legitimate interest in processing the data is also based on Art. 6 para. 1 sent. 1 lit. f) GDPR. The data will be deleted and the IP address anonymized as soon as they are no longer necessary for the purposes for which they were collected. The collection and storage of data in log files is essential for the operation of the apps.

2. Push notifications
2.1 Description and scope of the data processing

Insofar as the user has authorized the sending of push notifications, a corresponding token will be generated via the device’s operating system each time the app is started (for Android via Google’s GCM (Google Cloud Messaging) and for iOS via Apple’s APNS (Apple Push Notification Service)) and sent from the app to an Offerista server (“Barcoo Push-Backend”). There, the token is stored in a database together with the app’s visitor ID.
Using this database, push notifications are sent downstream via the AWS SNS service (Amazon Simple Notification Service), which uses the push token to contact the online services of the device operator (Apple or Google) and deliver the push notification.
We offer to send you push notifications:

  • if your “favourite shops” publish new offers/brochures (automated push notifications),
  • with “exclusive information”, i.e. campaigns from suppliers (manual and geo-based push notifications),
  • on offers from suppliers in your current vicinity (geo-based push notifications).

In order to be able to send you these push notifications with current offers and advertising from local retailers, we obtain the appropriate consent. Consent is requested during the initial app setup and/or later as required.

2.2 Purposes of data processing

The purpose of push notifications is to inform you about products of interest and news in the form of advertising from providers who display advertising on our services.

2.3 Legal basis

The legal basis is the consent given by you pursuant to Art. 6 para 1 sent. 1 lit. a) GDPR.

2.4 Storage period

The data (push token and visitor ID) will be deleted no later than three months after the last time the app is opened, or upon revocation.

2.5 Revocation and erasure

You can revoke your consent at any time by revoking the authorization for notifications in your device’s system settings. For iOS, you will find this option under “settings” > “notifications” > “NAME OF THE APP “. For Android, you will find this option under “settings” > “apps” or “app manager” > “NAME OF THE APP > “view notifications”. For Windows, you will find this option under “settings” > notifications & actions” > “NAME OF THE APP > deactivate tab”. If you revoke your consent in this way, we will stop sending you push notifications. Please note, however, that some of our features (e.g. notification of exclusive offers in the vicinity) will no longer be available. You may reactivate your authorization in the system settings at any time.
You also have the option to deactivate each service individually:

  • Marktjagd| Barcoo| Wunderkauf| Offerista| Wunderkauf Apps/settings/favourite shops
  • Marktjagd| Barcoo| Wunderkauf| Offerista| Wunderkauf Apps/settings/exclusive information
3. Location data
3.1 Description and scope of the data processing

Location data is determined from user input or GPS geo-coordinates, whereby we determine location at postcode level through longitudinal and latitudinal data captured by the device.
In order to be able to send you location-specific offers and so that you only receive information on offers from retailers in the vicinity, we obtain your consent. If, in response to the system query “Allow Marktjagd to access your location?”, you click on the “Always allow” button, you are giving us your consent to collect and process your location, to display offers in the vicinity, and to compile anonymous statistics about the use of our offers. Information on your location is also collected if you are not currently using the app but it is open in the background. If you click on the “When using the app” button, you are giving your consent to the collection of information about your location, but only when you are actively using the app. If you select this option, the app may not be able to alert you to current offers in the vicinity.
Alternatively, you have the option not to allow location tracking, and instead to enter your location manually in the form of your postcode. We will then use the postcode provided to make available brochures, offers and advertising from local retailers at the specified location. Please note that the app may not alert you to current offers in the vicinity based solely on the postcode entered.

3.2 Purposes of data processing

To be able to notify you of suppliers and offers in your vicinity and to send you geolocation-based information via push notifications, we need to know your location. Without the localization of your location – either via manual input of your location or via automatic location determination – you cannot use the services offered by the Marktjagd| Barcoo| Wunderkauf app. To be able to inform you of suppliers’ offers in your vicinity by means of push notifications, we also need your location even if you are not using the app at the time.
In the event that you have given us your consent to capture your location even when you are not using the app, we will also collect information on your location if you approach a shop whose advertising you have viewed through our services.
We also need your location data (postcode level) in order to provide our advertising customers with information on the success rates and local reach of their advertising in the form of anonymous statistics.

3.3 Legal basis

The legal basis for processing location data is the consent given by you pursuant to Art. 6 para. 1. sent. 1 lit. a) GDPR.

3.4 Storage period

We store your data for three years.

3.5 Revocation and erasure

You may revoke your consent to the collection and use of information about your location at any time. If you revoke your consent, we will no longer capture your location. Please note, however, that some of our features (e.g. notification of exclusive offers in the vicinity) will no longer be available. You may reactivate your authorization in the system settings at any time.
You can deactivate automatic location tracking in the apps at any time.
In the apps:

  • Marktjagd my Marktjagd/change my location/determine location when starting -> opt out
  • Barcoo my Barcoo/change my location/determine location when starting -> opt out
  • Wunderkauf my Wunderkauf/change my location/determine location when starting -> opt out

Or via your device settings:

  • iOS/settings/data protection/location services/Marktjagd| Barcoo| Wunderkauf/allow access to location/never or when using the app or always
  • Android/settings/apps/Marktjagd| Barcoo| Wunderkauf/permissions/location
  • Windows/settings/position recognition (setting No. 1) and/or location services (setting No. 2) and apps (setting No. 3)
4. Offerista tracking tool
4.1 Description and scope of the data processing

We collect the following data about your usage behaviour:

  • Actions performed
  • Session ID
  • UUID (randomly generated index number)
  • Time
  • Location data (generally processed to postcode level only)
  • App version
  • Brand
4.2 Purposes of data processing

We use this data to analyze and evaluate the apps’ functions by creating user profiles, to invoice our customers for advertising, and to customize our services as needed.

4.3 Legal basis

The legal basis for this is Art. 6 para. 1 sent. 1 lit. b) GDPR.  

4.4 Storage period

We erase the data after a maximum of 12 months.

5. Google Analytics
5.1 Description and scope of the data processing

We use Google Analytics, a web analytics service from Google Inc. (“Google”). Google Analytics uses what are known as “cookies”, text files which are stored on users’ mobile devices and permit analysis of their use of the website. The information generated by the cookie on the use of our app is usually transferred to a Google server in the USA and stored there. IP anonymization is activated on this website, meaning that Google will first truncate the user’s IP address within the European Union, or in other treaty states of the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server in the US and truncated there.
The following data is captured: Online tags (including cookie identifiers), anonymized IP addresses, device identifiers.

5.2 Purposes of data processing

On our behalf, Google will use this information to evaluate use of the app by you, the user, to collate reports on app activities and to provide the app provider with further services related to website use and internet use.

5.3 Legal basis

The legal basis for processing the data is Art. 6 para. 1 sent. 1 lit. f) GDPR. Our legitimate overriding interest lies in improving the quality of our offerings and their content. We learn how our services are used, and are thus able to constantly optimize our offer.

5.4 Storage period

The data is deleted after 26 months.

5.5 Objection

You can prevent the storage of cookies by using the appropriate setting on your browser software; however we would point out to users that if you do this, you may not be able to use all functions of this website to their full extent. In addition, users can prevent Google from collecting data on their use of the website (including their IP address) generated by the cookie, and also prevent the processing of this data by Google, by downloading and installing the browser plugin available via the following link. The current link is: http://tools.google.com/dlpage/gaoptout?hl=en.

6. Google AdWords – Remarketing
6.1 Description and scope of the data processing

We have integrated Google Remarketing. This allows us to create user-friendly advertising, showing you interest-based ads in other apps in the Google network. To do this, Google Remarketing sets a cookie in your device’s browser.  The cookie allows Google to recognize you when, after leaving our app, you visit other apps that also belong to the Google network. Every time you open an app with integrated Google Remarketing, your device’s browser automatically identifies itself to Google. Google thus receives personal data, such as the user’s IP address and surfing behaviour, which Google uses, among other things, to display interest-based ads. The personal data collected by the cookie every time a visit is made to our apps, including the IP address of the data subject’s device, is transmitted to Google in the United States of America, stored there, and may be passed on to third parties.

6.2 Purpose

The purpose is to display interest-based ads through the Google advertising network or other websites.

6.3 Legal basis

The legal basis for data processing is the consent given by you prior to using our apps pursuant to Art. 6 para. 1. sent. 1 lit. a) GDPR.

6.4 Storage period

The data is deleted after a maximum of 18 months.

6.5 Revocation

You can revoke the use of cookies by Google, effective for the future, at any time.
In the browser:

  • Android Gingerbread, HoneyComb, Ice Cream, KitKat and Lollipop (Android versions 2.3 and above): Google settings / ads / opt out of interest-based ads / opt out
  • iOS (from version 6): Settings / data protection / advertising / no ad tracking / opt in
  • Windows: System applications / advertising ID /opt out

Further information on Google Remarketing and Google’s privacy policy can be found under: http://www.google.com/privacy/ads/ and https://www.google.de/intl/en/policies/privacy/.

7. Google Adwords Conversion Tracking
7.1 Description and scope of the data processing

We use Google AdWords Conversion Tracking, a service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; in the following “Google”). Conversion Tracking is a service that enables us to record what happens after a user clicks on one of our adverts, e.g. whether you afterwards install our app and when you open it for the first time. Furthermore we can record which keywords, adverts, advertising groups and campaigns led to which user action. If you click on one of our adverts in Google search or on a selected Internet site of the Google advertising network, a temporary cookie is saved on your device (conversion cookie). If you complete an action, our system recognizes the (via the code snippet inserted by you) and records a conversion. Cookies for conversion tracking are only valid for 30 days. No personal data is collected and/or saved by the cookies. Accordingly we cannot assign conversion data to a particular user, instead we only have access to the complete data for adverts and keywords.

7.2 Purpose

The purpose of the data processing is to measure the success of our services and offers, and to improve them for both our users and our advertising customers.

7.3 Legal basis

The legal basis for data processing is the consent given by you prior to using our apps pursuant to Art. 6 para. 1. sent. 1 lit. a) GDPR.

7.4 Storage period

Cookies for conversion tracking are only valid for 30 days. No personal data is collected and/or saved by the cookies.

7.5 Objection and erasure

You can, at all times, object to conversion tracking with future effect, or deactivate the function in your device’s browser:

  • Android Gingerbread, HoneyComb, Ice Cream, KitKat and Lollipop (Android versions 2.3 and above): Google settings / ads / opt out of interest-based ads / opt out
  • iOS (from version 6): Settings / data protection / advertising / no ad tracking / opt in
  • Windows: System applications / advertising ID /opt out

Further information on Google remarketing and Google’s data protection declaration can be found under: http://www.google.com/privacy/ads.

8. AdSense mobile application
8.1 Description and scope of the data processing

We use the online service Google AdSense, which facilitates the placement of advertising on third-party apps. Through this service, the ads displayed on third-party apps are selected according to the content of the respective third-party app by means of an algorithm, which enables an interest-based approach of visitors to the app. When you visit our services listed above, Google AdSense sets a cookie on your device, allowing the service provider to analyze how you use our apps. Every time you visit one of our apps, the AdSense cookie automatically causes your device’s browser to submit personal data to Alphabet Inc. for online advertising and commission invoicing purposes. Data is used to track visitor origin and clicks, and subsequently to enable commission invoicing. The data collected by the cookie, to the extent necessary to capture the ads displayed and enable invoicing, is transferred to Alphabet Inc. in the United States of America, stored and, if necessary, passed on to third parties. Google AdSense is explained in more detail here: https://www.google.de/intl/en/adsense/start/.

8.2 Purpose

The purpose of the Google AdSense component is to integrate commission-based advertising into our website in order to earn advertising revenue.

8.3 Legal basis

The legal basis for data processing is the consent given by you prior to using our apps pursuant to Art. 6 para. 1. sent. 1 lit. a) GDPR.

8.4 Storage period

The data is deleted after a maximum of 18 months.

8.5 Revocation

You can, at all times, revoke the use of cookies with future effect, or deactivate the function in your device’s browser.

  • Android Gingerbread, HoneyComb, Ice Cream, KitKat and Lollipop (Android versions 2.3 and above): Google settings / ads / opt out of interest-based ads / opt out
  • iOS (from version 6): Settings / data protection / advertising / no ad tracking / opt in
  • Windows: System applications / advertising ID /opt out

Further information on Google Remarketing and Google’s privacy policy can be found under: http://www.google.com/privacy/ads/.

9. DoubleClick
9.1 Description and scope of the data processing

We have integrated DoubleClick by Google into our apps. When you are active on our apps, DoubleClick by Google transmits data to the DoubleClick server, which in turn triggers a cookie request in your app.  If your app accepts the request, DoubleClick sets a cookie on your device. DoubleClick cookies contain no personally identifiable information. Instead they contain a cookie ID which is needed, for example, to display ads in the app and, at the same time, track which ads have already been displayed to avoid duplication. In addition, it is useful for tracking conversions for commission invoicing, for example if a DoubleClick ad was served to you and you then go to shop on the advertiser’s website. Every time the app is accessed, DoubleClick transmits this information to Google for online advertising and invoicing purposes. DoubleClick cookies do not contain any personal information.

9.2 Purpose

The purpose of the cookie is to optimize and display commission-based advertising. The cookie is used, among other thing, to serve and display user-relevant ads, as well as to generate reports on advertising campaigns or to improve them. Furthermore, the cookie is used to avoid serving the same ad multiple times.

9.3 Legal basis

The legal basis for the setting of cookies and the associated data processing is the consent given by you pursuant to Art. 6 para. 1 sent. 1 lit. a) GDPR.

9.4 Storage period

The data is deleted after a maximum of 18 months.

9.5 Revocation

You can, at all times, revoke the use of cookies with future effect, or deactivate the function in your device’s browser.

  • Android Gingerbread, HoneyComb, Ice Cream, KitKat and Lollipop (Android versions 2.3 and above): Google settings / ads / opt out of interest-based ads / opt out
  • iOS (from version 6): Settings / data protection / advertising / no ad tracking / opt in
  • Windows: System applications / advertising ID /opt out
10. AppsFlyer
10.1 Description and scope of the data processing

Our services use AppsFlyer, an analytics service from AppsFlyer Ltd., 111 New Montgomery Street San Francisco, California 94105. The information on the use of the apps generated by AppsFlyer is normally transmitted to a server outside Germany and is stored there. The following data is collected via AppsFlyer: anonymized IP address, meta data about user interactions recorded in the apps (e.g. app installation, calling up the app manually or by clicking on a campaign link), AdID or IDFA. In the code we have activated IP anonymization, so that the user’s IP address is truncated before it is stored by AppsFlyer Ltd.

10.2 Purposes of data processing

The anonymous information is used to evaluate use of the apps, and to compile reports on user activities in the apps.  We use these reports to improve our services.

10.3 Legal basis

The legal basis for processing the data is Art. 6 para. 1 sent. 1 lit. f) GDPR. Our legitimate overriding interest lies in improving the quality of our offerings and their content. We learn how our services are used, and are thus able to constantly optimize our offer.

10.4 Storage period

The data is deleted after 3 years.

10.5 Objection and erasure

You can object to the use of AppsFlyer. To do so, send an email to: privacy@appsflyer.com.
You can, at all times, object to the use of IDFA/AdID with future effect, or deactivate the function in your device’s browser:

  • Android Gingerbread, HoneyComb, Ice Cream, KitKat and Lollipop (Android versions 2.3 and above): Google settings / ads / opt out of interest-based ads / opt out
  • iOS (from version 6): Settings / data protection / advertising / no ad tracking / opt in
  • Windows: System applications / advertising ID /opt out
11. Crashlytics
11.1 Description and scope of the data processing

We use “Crashlytics” from Crashlytics Inc,1355 Market Street #900, San Francisco, California 94103. Crashlytics identifies software problems and their causes. Crashlytics collects the following data: Device status information, device type, device identification. This data is stored in anonymous form.

11.2 Purpose

The purpose of the data collection is to identify software errors and their causes.

11.3 Legal basis

The legal basis is our overriding interest in ensuring the ongoing functionality of our apps pursuant to Art. 6 para. 1 sent. 1 lit. f) GDPR.

11.4 Storage period

The data is deleted after 3 years.

11.5 Objection

For further information on Crashlytics’ data protection, go to: http://try.crashlytics.com/terms/privacy-policy.pdf.

12. Mixpanel
12.1 Description and scope of the data processing

Our services use Mixpanel, a service from Mixpanel Inc., 405 Howard St, Floor 2 San Francisco, CA 94105, USA. Mixpanel uses, among others, cookies, small text files that are stored in your device’s browser that enable the analysis of how you use our services. The information generated by the cookie on how you use our services is usually transferred to a Mixpanel Inc. server in the USA and stored there. Mixpanel Inc. may also pass this information on to third parties in so far as is prescribed by law or inasmuch that a processing of this data by third parties takes place. Mixpanel collects the following data: information on the app, information on the device being used. For a full list of data collected, go to: https://help.mixpanel.com/hc/en-us/articles/115004613766.

12.2 Purpose of data processing

Mixpanel will use this information on our behalf to evaluate user usage of the app in order to compile anonymized reports on app activity.

12.3 Legal basis

The legal basis for processing the data is Art. 6 para. 1 sent. 1 lit. f) GDPR. Our legitimate overriding interest lies in improving the quality of our offerings and their content. We learn how our services are used, and are thus able to constantly optimize our offer.

12.4 Storage period

The data is deleted after 3 years.

12.5 Objection

You can prevent the collection and forwarding of the personal data (especially your IP-address) as well as the processing of this data, by deactivating the execution of Java script in your browser or by installing a tool such as “NoScript”.
An opt-out option is available under the following link: https://mixpanel.com/optout/.
For further information on data protection when using Mixpanel go to: https://mixpanel.com/privacy/.

13. Participation in the loyalty programme
13.1 Description and scope of the data processing

In the Marktjagd app (Android, iOS), the Wunderkauf app (Android) and the barcoo app (Android) you can collect loyalty points within the scope of our loyalty programme and exchange these for prizes. To claim prizes, you need to provide us with your first name, surname and email address and, for postal shipment, your postal address.
In order to be able to check your points, we process your UUID (randomly generated index number) as well as your user actions relevant to the loyalty programme.

13.2 Purpose of data processing

Offerista only uses your data for the intended purpose. We only forward your data to cadooz GmbH Osterbekstrasse 90b, 22083 Hamburg for the purpose of contract fulfilment – shipment of prizes. Further information on the data protection provisions at Cadooz can be found under: https://www.cadooz.com/datenschutz/.

13.3 Legal basis

The legal basis for the data processing is Art. 6 para. 1 sent. 1 lit. b) GDPR, i.e. the processing of personal data necessary for the performance of a contract.

13.4 Processing duration

We will erase your first name and surname, email address, and postal address 30 days after the voucher (or prize) has been sent. We store UUIDs and user actions in anonymous form for a period of three years.

14. Information exclusively for iOS apps
14.1 Using Apple iCloud
14.1.1 Description and scope of the data processing

In your iOS apps Offerista uses the iCloud for the storage of an unambiguous, anonymous user ID. The user ID is a randomly generated but unambiguous number. Offerista guarantees that the user ID is only stored within the scope of your personal iCloud account. Data protection provisions apply to the storage of data in the iCloud. Information from Apple on data protection for the iCloud can be found under: https://support.apple.com/de-de/HT202303 und https://www.apple.com/de/privacy/.
The user ID is stored in a special directory, in your personal iCloud directory, to which Offerista has no access.

14.1.2 Purpose of data processing

The storage of the user ID in the iCloud serves exclusively for the synchronization of data between more than one device on which you execute iOS apps.

14.1.3 Legal basis

The legal basis for processing the data is Art. 6 para. 1 b) of the GDPR.

14.1.4 Objection and erasure

iCloud functionality can be deactivated using the system settings of your iOS device:
After deactivation, data is no longer stored in your personal iCloud directory, and the synchronization of data between your personal iOS devices no longer takes place.

14.2 Synchronization via the programming interface

If you add or delete a favourite shop in an app, we will use your user ID to synchronize this between your iCloud and the app by means of a programming interface. We can thus ensure cross-device access to your favourite shops without being able to assign this data to you as a person.

15. Information exclusively for Windows apps
15.1 Using Microsoft OneDrive
15.1.1 Description and scope of the data processing

In your Windows 10 apps, Offerista uses an unambiguous, anonymous user ID for the synchronization of personal settings and data between various Windows 10 devices which have Microsoft OneDrive functionality. The user ID is a randomly generated, unambiguous number. The storage of the user ID in OneDrive serves exclusively for the synchronization of data between more than one device on which you execute Windows 10 apps. Offerista guarantees that the user ID is only stored within the scope of your personal OneDrive account. Data protection provisions apply to the storage of data in Microsoft’s OneDrive. The user ID is stored in a special directory in your personal OneDrive directory, to which Offerista has no access.

15.1.2 Purpose of data processing

The storage of the user ID in the OneCloud serves exclusively for the synchronization of data between more than one device on which you execute Windows apps.

15.1.3 Legal basis

The legal basis for processing the data is Art. 6 para. 1 lit. b) GDPR.

15.1.4 Objection and erasure

This functionality can be deactivated using the system settings of your Windows 10 device: After deactivation, data is no longer stored in your personal OneDrive directory, and the synchronization of data between your personal Windows 10 app devices no longer takes place.

15.2 Synchronization via the programming interface

If you add or delete a favourite shop in the Windows 10 app, we will use your user ID to synchronize this with our API in your OneDrive. We can thus ensure cross-device access to your favourite shops without being able to assign this data to your as a person.

16. Barcoo app – QR code/barcode scanner
16.1 Description and scope of the data processing

If you wish to use our QR code/barcode scanner, we need access to the camera in your device. After clicking on the “Scan barcode” icon, we will ask you whether you would like to give us the following consent.
Android:
“Enable barcoo to record photographs and videos?”
iOS:
“May Barcoo access your camera? Don’t worry! We ONLY need access to your camera to scan barcodes and QR codes. We won’t be spying on you;)”.
We also have to collect the scanned code and your visitor ID. After a code has been scanned the corresponding product page is opened. For this we use cookies. Cookies are text files that are saved in your device’s browser.

16.2 Purpose of data processing

The data is required to use the QR code/barcode scanner function.

16.3 Legal basis

The legal basis for the data processing is Art. 6 para. 1 sent. 1 lit. b) GDPR, i.e. the processing of personal data necessary for the performance of a contract. Nevertheless we also obtain your consent (Art. 6 para. 1 sent. 1 lit. a) GDPR).

16.4 Processing duration

We delete your data immediately after the scan has been completed.

16.5 Revocation

You can revoke this consent at any time with future effect using your browser settings.

  • iOS/settings/data protection/camera/Barcoo/opt out
  • Android/settings/apps/Barcoo/permissions/opt out
  • Windows/settings/data protection/camera//opt out
17. Email contact
17.1 Description and scope of the data processing

In our apps, we can be contacted via the email address provided. In this case, the personal data transmitted in your email (email address, UUID, version of the operating system, name of the device, information on whether location tracking was authorized and, where appropriate, most recent location information) is stored. In this context, data is not disclosed to third parties.

17.2 Purpose of data processing

The data is used exclusively to process the conversation. The processing of your personal data serves us solely to process the contact request.

17.3 Legal basis

The legal basis for the data processing is the consent given by you through sending us an email pursuant to Art. 6 para. 1 sent. 1 lit. a) GDPR.

17.4 Processing duration

The data will be deleted after 30 days, i.e. as soon as it is no longer necessary for the purposes for which it was collected. This is the case when the respective conversation with you comes to an end i.e. when it can be inferred from the circumstances that the relevant facts have been conclusively clarified.

17.5 Objection

You can erase the information regarding the browser version from the subject line before sending the email. You can object to the storage of your personal data at any time. In such a case, the conversation cannot take place. In such a case, personal data stored in the course of making contact will be deleted.

18. Advertisers’ pixels

In advertising materials (brochures etc.) served on our apps, pixels from the respective retailer or service provider may be integrated. Pixels capture, for example, how often a brochure is clicked on. This information is forwarded to the respective retailer. To do so, IP addresses are processed exclusively in truncated and therefore anonymous form. It is therefore impossible to identify individuals personally from this information. The advertiser is responsible for the anonymous processing of the data. The point of contact for users remains Offerista.

D – DATA PROTECTION DECLARATION FOR WEBSITES

1. Access data (Server log files)
1.1 Scope

When you use our websites, we collect the data that is automatically sent by your browser during your use and that is required for the use of our services. This data especially includes the URL, the type of browser, the browser version, the requesting provider, the IP address and the date and time when our services were used. This data is stored in our system log files. This data is not stored together with other personal data relating to the user. The IP addresses of the user are not affected by this. We store these in exclusively anonymized form.

1.2 Purpose

The temporary storage of IP addresses by the system is necessary to enable delivery of the website to the user’s computer. To do this, the user’s IP address must be stored for the duration of the session.

1.3 Legal basis

For these purposes, our legitimate interest in processing the data is also based on Art. 6 para. 1 sent. 1 lit. f) GDPR.

1.4 Storage period

The data will be deleted as soon as it is no longer necessary for the purposes for which it was collected. In the case of data collection in order to serve the website, this is when the respective session ends.

2. Newsletter – Offerista.com
2.1 Description and scope of the data processing

On the Offerista.com website, you have the opportunity to subscribe to our free newsletter on current trends in digital retail marketing. Upon signing up for the newsletter, the name and email address entered in the input field are sent to us. In addition, the IP address of the computer making the request, date and time are also collected during the sign-up process. Your consent to the processing of data is obtained as part of the sign-up process, and reference is made to this privacy policy. In the context of data processing to enable the sending of newsletters, there is no disclosure of data to third parties. Data is solely used to enable the sending of newsletters.

2.2 Purpose

The collection of your email address serves to enable the delivery of the newsletter. The collection of other personal data in the context of the sign-up process serves to prevent misuse of the services and the email address supplied.

2.3 Legal basis

The legal basis for data processing after you sign up for the newsletter is the consent given by you when signing up pursuant to Art. 6 para. 1 sent. 1 lit. b) GDPR.

2.4 Storage period

The data will be deleted as soon as it is no longer necessary for the purposes for which it was collected, that is to say when you unsubscribe from the newsletter.

2.5 Revocation

You can cancel your subscription to the newsletter at any time by clicking on the “unsubscribe” link in the newsletter.

3. Use of technically necessary cookies
3.1 Description and scope of the data processing

Our website uses technically necessary cookies. Cookies are text files that are stored in your Internet browser or placed on your computer system by the Internet browser. When you visit a website, a cookie may be stored in your operating system. This cookie contains a string of characters that allow the browser to be uniquely identified when the website is revisited.

3.2 Purpose

The purpose of using technically necessary cookies is to facilitate the use of websites by users. Some features of our website cannot be offered without the use of cookies. For these features, the browser must be recognizable even after the user has changed websites.

3.3 Legal basis

The legal basis for processing data through the use of cookies is our interest in providing a functioning Internet service pursuant to Art. 6 para. 1 sent. 1 lit. f) GDPR.  

3.4 Storage period

The data transferred by the cookie is deleted after 2 months.

3.5 Erasure

You can disable or restrict the transmission of cookies by changing your Internet browser settings. Cookies already stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to make full use of all its functions.

4. Google Analytics
4.1 Description and scope of the data processing

We have integrated Google Analytics (with the anonymization function) into this website. Thereby, what are known as ‘cookies’ (text files) are stored on your computer to facilitate the analysis of how you use our website. As a general rule, the information collected by the cookie is transmitted to a Google server in the USA where it is stored. In order to avoid this, we use IP anonymization. This means your IP address will be truncated within the member states of the European Union or in other countries that have signed the Agreement on the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server in the US and truncated there. Google will used the information collected on our behalf to evaluate use of the website, compile reports on website activity, and provide other related services. The IP address transmitted by your browser will not be merged with any other Google data.

4.2 Purpose

The purpose is to improve our offer based on the data collected.

4.3 Legal basis

The legal basis for processing the data is Art. 6 para. 1 sent. 1 lit. f) GDPR. Our legitimate overriding interest lies in improving the quality of our offerings and their content. We learn how our services are used, and are thus able to constantly optimize our offer.

4.4 Storage period

The data is deleted after 26 months.

4.5 Objection and erasure

You can prevent cookies being stored on your computer by selecting the appropriate settings in your browser. If you do so, however, you may not be able to use all the features of this website to their full extent. In addition, you as the user can prevent Google from collecting, transferring and processing the data on your use of the website (including your IP address) generated by the cookie by downloading and installing the browser plugin available via the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

5. Google AdWords Remarketing
5.1 Description and scope of the data processing

We have integrated Google Remarketing. This allows us to create user-friendly advertising, showing you interest based ads on other websites in the Google advertising network. To do this, Google Remarketing sets a cookie in your device’s browser.  The cookie allows Google to recognize you when, after leaving our website, you visit other websites that also belong to the Google advertising network. Every time you open a website with integrated Google Remarketing, your device’s browser automatically identifies itself to Google. Google thus receives personal data, such as the user’s IP address and surfing behaviour, which Google uses, among other things, to display interest-based ads. For every visit to our website, the personal data collected by the cookie, including the IP address of the data subject’s device, is transmitted to Google in the United States of America, where it is stored and may be passed on to third parties.

5.2 Purpose

The purpose is to display interest-based ads through the Google advertising network or other websites for the purpose of generating advertising revenue.

5.3 Legal basis

The legal basis is the consent given by you through visiting the app pursuant to Art. 6 para. 1 sent. 1 lit. a) GDPR.

5.4 Storage period

The data is deleted after a maximum of 18 months.

5.5 Erasure

You can, at any time, revoke the use of cookies by Google with future effect. You can access the deactivation function via the following links, and following the instructions given there.
https://www.google.com/settings/u/0/ads/authenticated or
https://support.google.com/ads/answer/2662922?hl=de
doubleclick:
https://www.google.com/settings/u/0/ads/authenticated?hl=de#display_optout.
Alternatively, you can deactivate use of cookies from third parties by bringing up the deactivation page on the network advertising initiative:
http://www.networkadvertising.org/choices/ and using the opt-out function there.
You can also prevent the installation of cookies by selecting the appropriate setting in your browser. The use of our website and services is then, however, perhaps only possible to a limited extent.
You can find more information on Google and data protection at:
https://support.google.com/adwordspolicy/answer/6020956.

6. Google AdWords Conversion Tracking
6.1 Description and scope of the data processing

We use Google AdWords Conversion Tracking, a service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; in the following “Google”). Conversion Tracking is a service that enables us to record what happens after a user clicks on one of our adverts. Furthermore we can record which keywords, adverts, advertising groups and campaigns led to which user action. If you click on one of our adverts in Google search or on a selected Internet site of the Google advertising network, a temporary cookie is saved on your device (conversion cookie). If you complete an action, our system recognizes the cookie (via the code snippet inserted by you) and records a conversion. Cookies for conversion tracking are only valid for 30 days. No personal data is collected and/or stored by the cookies. Accordingly we cannot assign conversion data to a particular user, instead we only have access to the complete data for adverts and keywords.

6.2 Purpose

The purpose is to optimize our Internet services in order to provide a more interest-based design, and to improve the conversion rate.  

6.3 Legal basis

The legal basis for the collection and transmission of data is the consent given by you at the start of your visit to our websites pursuant to Art. 6 para. 1 sent. 1 lit. a) GDPR.

6.4 Storage period

Cookies for conversion tracking are only valid for 30 days. No personal data is collected and/or stored by the cookies.

6.5 Erasure

You can, at all times, revoke conversion tracking with future effect, or deactivate the function in your device’s browser.
https://www.google.com/settings/u/0/ads/authenticated
https://support.google.com/ads/answer/2662922?hl=de
You can also completely prevent the installation of cookies by selecting the appropriate setting in your browser. The use of our website and services is then, however, perhaps only possible to a limited extent.

7. Google AdSense
7.1 Description and scope of the data processing

We use the online service Google AdSense, which facilitates the placement of advertising on third-party websites. Through this service, the ads displayed on third-party websites are selected according to the content of the respective third-party website by means of an algorithm, which enables an interest-based approach of visitors to the website. When you visit our websites, Google AdSense sets a cookie on your device, allowing the service provider to analyze how you use our websites. Every time you visit one of our websites, the AdSense cookie automatically causes your device’s browser to submit personal data to Alphabet Inc. for online advertising and commission invoicing purposes. Data is used to track visitor origin and clicks, and subsequently to enable commission invoicing. The data collected by the cookie, to the extent necessary to capture the ads displayed and enable invoicing, is transferred to Alphabet Inc. in the United States of America, stored and, if necessary, passed on to third parties. Google AdSense is explained in more detail here: https://www.google.de/intl/de/adsense/start/.

7.2 Purpose

The purpose of the Google AdSense component is to integrate interest-based advertising into third-party websites in order to earn advertising revenue through commission fees.

7.3 Legal basis

The legal basis for the collection and transmission of data is the consent given by you at the start of your visit to our websites pursuant to Art. 6 para. 1 sent. 1 lit. a) GDPR.

7.4 Storage period

The data is deleted after a maximum of 18 months.

7.5 Revocation and erasure

You can, at all times, revoke the use of cookies with future effect, or deactivate the function in your device’s browser. You can, at any time, permanently revoke the use of cookies with future effect. You can access the deactivation function via the following links, and following the instructions given there: https://www.google.com/settings/u/0/ads/authenticated
https://support.google.com/ads/answer/2662922?hl=de.
Alternatively, you can deactivate use of cookies from third parties by bringing up the deactivation page on the network advertising initiative:
http://www.networkadvertising.org/choices/ and using the opt-out function there.
You can also prevent the installation of cookies by selecting the appropriate setting in your browser. The use of our website and services is then, however, perhaps only possible to a limited extent.
More information on data protection and cookies for advertising in Google AdSense can be found in Google’s data protection declaration, especially under the following links:
http://www.google.de/policies/privacy/partners/
http://www.google.de/intl/de/policies/technologies/ads.

8. DoubleClick
8.1 Description and scope of the data processing

We have integrated DoubleClick by Google into our websites. When you are active on our websites, DoubleClick by Google transmits data to the DoubleClick server, which in turn triggers a cookie request in your browser.  If your browser accepts the request, DoubleClick sets a cookie on your device. DoubleClick cookies contain no personally identifiable information. Instead they contain a cookie ID which is needed, for example, to display ads on the website and, at the same time, track which ads have already been displayed to avoid duplication. In addition, it is useful for tracking conversions for commission invoicing, for example if a DoubleClick ad was served to you and you then go to shop on the advertiser’s website from the same browser. Every time the website is accessed, DoubleClick transmits this information to Google for online advertising and invoicing purposes. DoubleClick cookies do not contain any personal information.

8.2 Purpose

The purpose of the cookies is to display interest-based advertising with high conversion rates in order to generate advertising revenue. The cookie is used, among other thing, to serve and display user-relevant ads, as well as to generate reports on advertising campaigns or to improve them. Furthermore, the cookie is used to avoid serving the same ad multiple times and for commission invoicing.

8.3 Legal basis

The legal basis for the setting of cookies and the associated data processing is the consent given by you pursuant to Art. 6 para. 1 sent. 1 lit. a) GDPR.

8.4 Storage period

The data is deleted after 26 months.

8.5 Erasure

You can, at all times, revoke the use of cookies with future effect, or deactivate the function in your device’s browser. You can, at any time, permanently revoke the use of DoubleClick-cookies with future effect. You can access the deactivation function via the following links, and following the instructions given there.
https://www.google.com/settings/u/0/ads/authenticated?hl=de#display_optout. Alternatively you can deactivate the use of cookies by third parties by calling up the deactivation page of the network advertising initiative: http://www.networkadvertising.org/choices/ and using the opt-out possibilities mentioned there. You can also prevent the installation of cookies by selecting the appropriate setting in your browser. The use of our website and services is then, however, perhaps only possible to a limited extent. For more information on DoubleClick-cookies go to: https://support.google.com/adsense/answer/2839090.

9. Email contact
9.1 Description and scope

On our websites, we can be contacted via the email address provided. In this case, the personal data transmitted via your email will be stored. In this context, data is not disclosed to third parties.

9.2 Purpose of processing

The data is used exclusively to process the conversation.

9.3 Legal basis

The legal basis for the data processing is the consent given by you pursuant to Art. 6 para. 1 sent. 1 lit. a) GDPR.

9.4 Processing duration

The data will be deleted as soon as it is no longer necessary for the purposes for which it was collected. This is the case when the respective conversation with you comes to an end i.e. when it can be inferred from the circumstances that the relevant facts have been conclusively clarified.

9.5 Erasure

You can object to the storage of your personal data at any time. In such cases, the conversation cannot take place. In such cases, personal data stored in the course of making contact will be deleted.

10. Notes exclusively for Marktjagd.de, Barcoo.at and Offerista.fr
10.1 Location data
10.1.1 Description and scope of the data processing

After opening the website you will be asked whether we may determine your location. You can agree or decline. If you agree your location will be determined using a positioning service. By doing so, you may give the following consent: “Allow this website to access your location?”
If you decline you can enter your location manually.
If you have reached our website by clicking on a banner on a third-party site, we will determine your approximate location based on your truncated IP address.

10.1.2 Purposes of data processing

In order to be able to show you offers and prices in your vicinity we need your location. Without the localization of your location – either via manual input of your location or via automatic location determination – you will only be able to make limited use of the services offered on our websites.

10.1.3 Legal basis

The legal basis for processing location data is the consent given by you pursuant to Art. 6 para. 1. sent. 1 lit. a) GDPR.

10.1.4 Storage period

Data is stored for a period of three years, and is deleted if consent is revoked.

10.1.5 Objection and erasure

You can deactivate automatic location detection at any time as follows.
“Auto-location” button/”Never forward location to this website”

10.2. Offerista tracking tool
10.2.1 Description and scope of the data processing

We use a tracking tool to collect data on your usage behaviour. To do so we use what is called a cookie. This is a small text file that we place in your browser. We collect the following data:
Actions performed

  • Session ID
  • UUID (randomly generated index number)
  • Time
  • Location data (processed to postcode level)
  • Browser version
10.2.2 Purposes of data processing

We use this data to analyze and evaluate the functionality of our websites, to deliver interest-based advertising, and to invoice our advertising clients.

10.2.3 Legal basis

The legal basis is our interest in generating advertising revenue pursuant to Art. 6 para. 1 sent. 1 lit. f) GDPR. This interest is overriding, as we provide our service free of charge and finance ourselves through advertising revenue.

10.2.4 Storage period

We erase the data a maximum of 12 months after it is collected.

11. Advertisers’ pixels

In advertising materials (brochures etc.) served on our portals, pixels from the respective retailer or service provider may be integrated. Pixels capture, for example, how often a brochure is clicked on. This information is forwarded to the respective retailer. To do so, IP addresses are processed exclusively in truncated and therefore anonymous form. It is therefore impossible to identify individuals personally from this information. The advertiser is responsible for the anonymous processing of the data. The point of contact for users remains Offerista.  

E Rights of data subjects

If your personal data is processed, you are the data subject within the meaning of the GDPR, and you have the following rights with regard to the data controller.

1. Right of access

You have the right to obtain information from the data controller about the extent to which we are processing your personal data. If processing is taking place, you can ask the data controller for the following information:
(1) the purposes for which personal data is processed;
(2) the categories of personal data processed;
(3) the recipients or categories of recipients to whom your personal data has been or will be disclosed;
(4) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(5) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning you, the data subject, or to object to such processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) where the personal data was not collected from you, any available information as to its source;
(8) the existence of automated decision-making, including profiling, pursuant to Art. 22 paras. 1 and 4 GDPR and meaningful information on the logic involved as well as the significance and the envisaged consequences of such processing for you.
You also have the right to be informed whether your personal data has been transferred to a third country or to an international organization. If this is the case, you have the right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.

2. Right to rectification

You have a right to request the rectification and/or completion of your personal data by the data controller if the personal data being processed is incorrect or incomplete. The data controller must make the rectification without delay.

3. Right to restriction of processing

Under the following conditions, you may request the restriction of processing of your personal data:
(1) if you contest the correctness of your personal data for a period of time that enables the data controller to verify the correctness of the personal data;
(2) if the processing is unlawful, you decline your right to the erasure of your personal data and instead demand that the use of your personal data be restricted;
(3) if the data controller no longer needs your personal data for the purposes of processing, but you need it to establish, exercise or defend legal claims, or
(4) if you have filed an objection to the processing of your personal data pursuant to Art. 21 para. 1 GDPR and it is not yet clear whether the legitimate grounds of the data controller outweigh your own grounds.
If the processing of your personal data has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If the processing of your personal data has been restricted pursuant to the above conditions, you will be notified by the data controller before the restriction is lifted.

4. Right to erasure
a) Obligation to erase

You may require the data controller to promptly erase your personal data if any of the following conditions are met:
(1) if your personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
(2) if you revoke your consent to the processing of personal data pursuant to Art. 6 para. 1 sent. 1 lit. a) or Art. 9 para. 2 sent. 2 lit. a) GDPR and there is no other legal basis for processing;
(3) if you lodge an objection to the processing of your personal data pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for processing, or you lodge an objection against the processing of your personal data pursuant to Art. 21 para. 2 GDPR;
(4) if your personal data has been unlawfully processed;
(5) if your personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the data controller is subject;
(6) if your personal data was collected in relation to the information society services offered pursuant to Art. 8 para. 1 GDPR.

b) Information to third parties

In the event that the data controller has made your personal data public and is obliged to erase your personal data pursuant to Art. 17 para. 1 of the GDPR, then the data controller will take the appropriate measures to inform other data processors involved in processing the disclosed personal data that you have requested the erasure of all links to your personal data, as well as the erasure of all copies or replications of your personal data. Such measures include measures of a technical nature, taking into account the available technology and the implementation costs.

c) Exceptions

You do not have the right to erasure if processing of your data is necessary
(1) to exercise the right to freedom of expression and information;
(2) to fulfil a legal obligation requiring the data to be processed under the law of the Union or the Member States to which the data controller is subject, or to perform a task in the public interest, or in the exercise of official authority vested in the data controller;
(3) for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h) and i) and Art. 9 para. 3 GDPR;
(4) for archival purposes in the public interest, for scientific or historical research purposes, or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the law referred to in Section A is likely to render impossible or seriously prejudice the achievement of the objectives of such processing, or
(5) for the establishment, exercise or defence of legal claims.

5. Right to information

If you have asserted your right to rectification, erasure or restriction of processing with regard to the data controller, the data controller shall communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. With regard to the data controller, you have a right to be informed about these recipients.

6. Right to data portability

You have the right to receive the personal data you made available to the data controller in a structured, common and machine-readable format. In addition, you have the right to transmit this data to another data controller without hindrance from the data controller to which the personal data has been provided, insofar as
(1) processing is based on consent provided pursuant to Art. 6 para. 1 sent. 1 lit. a) GDPR or Art. 9 para. 1 lit. a) GDPR, or on a contract pursuant to Art. 6 para. 1 sent. 1 lit. b) GDPR, and
(2) processing is carried out by automated means.
Furthermore, when exercising this right, you have the right to have the personal data transmitted directly from one data controller to another, where technically feasible. This should not affect the rights and freedoms of other persons. The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

7. Right to object

You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 para. 1 sent.1 lit e) or f), including profiling based on those provisions. The data controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. Where your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes. You are also free to exercise your right to object to the use of the data for services provided by information societies by means of automated procedures using technical specifications.

8. Right to revoke consent under data protection law

You have the right to revoke your consent to data processing at any time. The revocation of consent does not affect the legality of processing carried out prior to the revocation on the basis of your consent.

9. Automated decision-making in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
(1) is necessary for the conclusion or performance of a contract between you and the data controller,
(2) is permitted by Union or Member State legislation to which the data controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or
(3) is made with your express consent.
However, these decisions must not be based on particular categories of personal data pursuant to Art. 9 para. 1 GDPR unless Art. 9 para. 2 lit a) or g) applies, and appropriate measures have been taken to protect your rights and freedoms and/or legitimate interests. In the cases referred to in points (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the decision, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.