Privacy Policy

Last updated: 01-12-2025

1. What data do we collect?

We collect personal data that you voluntarily provide, such as name, email address and date of birth.
For business partners, we collect company name, contact details and registration numbers for contractual purposes.
We automatically collect technical data such as IP address, browser type and operating system for analysis and security.
Usage data, such as viewed deals and interactions, is collected to improve our platform.
Location data (city, country) is needed to show geographically relevant deals.
We do not use sensitive personal data (race, religion, health), unless explicitly and legally permitted.
Providing incorrect information may lead to restriction or termination of your account.
Data from minors is not knowingly collected without parental consent.

2. Why and how do we use your data? (Legal bases)

The primary purpose of data collection is to personalise your experience and offer relevant special offers.
Data is also used for account management, communication and platform security.
The processing of your data is based on your explicit consent during registration (GDPR Art. 6(1)(a)).
For contractual obligations with partners, the legal basis is performance of a contract (GDPR Art. 6(1)(b)).
We may process data to comply with legal obligations (GDPR Art. 6(1)(c)).
Our legitimate interest (platform security, analysis) may be a legal basis (GDPR Art. 6(1)(f)).
You can withdraw your consent at any time, which does not affect the lawfulness of prior processing.
Withdrawal of consent may result in being unable to use our services.
For marketing communications, separate opt-in consent is requested.
We carefully document your consent (time, method).
Participation in prize draws implies consent to data processing for that purpose.
The privacy policy is presented to you for acceptance before you provide data.

3. With whom do we share your data?

We never sell your personal data to third parties.
Data is only shared with partner companies when you claim a deal, to verify validity.
We use external service providers (processors) for hosting, email and data analysis.
Data processing agreements have been concluded with all our processors in accordance with GDPR.
These agreements require processors to use data securely and only for agreed purposes.
Data may be shared with government authorities if legally required (e.g. court order).
Anonymous, aggregated data may be shared for statistical and marketing purposes.
In the event of a merger or acquisition, data may be transferred to the new owner, subject to this policy.
Links to external websites are not covered by this privacy policy; we are not responsible for their practices.
Social media logins (Google, Facebook) are subject to those platforms' privacy policies; we only receive basic profile info.

4. International data transfers

Your data may be stored and processed on servers outside your own country.
When transferring data outside the EEA, we ensure appropriate safeguards (e.g. EU Standard Contractual Clauses).
Our hosting providers are selected based on their certifications (e.g. ISO 27001, SOC 2).
We strive to keep data within the EU/EEA as much as possible.
You will be informed if your data is structurally processed outside the EEA.
The UAE (Dubai) has different privacy legislation; data from UAE users is handled according to local laws.
We take measures to protect data, regardless of storage location.
We are not responsible for jurisdictions that require data access in a manner contrary to GDPR.
You can request information about the specific safeguards for international transfers.
We are not liable for unintended data leaks at international cloud providers despite contractual safeguards.

5. How do we secure and retain your data?

We implement appropriate technical and organisational measures to protect your data.
This includes encryption, access controls, firewalls and regular security audits.
Access to personal data is limited to employees who need it for their role.
In the event of a data breach, we follow a protocol for notification to authorities and affected individuals, if legally required.
We do not retain your data longer than necessary for the purposes for which it was collected.
Account data is retained while your account is active, and a reasonable period thereafter for administrative purposes.
Data related to financial transactions (for partners) is retained according to legal retention periods (e.g. 7 years).
After the retention period, data is securely deleted or anonymised.
You can request early deletion of your data (see 'Your Rights').
We are not liable for security incidents caused by user negligence (e.g. weak password).

6. Your rights under GDPR

You have the right to access the personal data we hold about you.
You have the right to have inaccurate data corrected.
You have the right to have your data deleted ('right to be forgotten'), unless legal obligations prevent this.
You have the right to restriction of processing in certain situations.
You have the right to data portability: receiving your data in a structured, commonly used format.
You have the right to object to the processing of your data for direct marketing.
You have the right to object to processing based on our legitimate interest.
Rights are not absolute and may be subject to legal exceptions.
To exercise your rights, you can contact us via the contact details in this policy. We may request identity verification.
We aim to respond to your request within 30 days.

7. Cookies and tracking technologies

We use cookies and similar technologies to ensure website functionality and analyse usage.
Functional cookies are essential for the website to work (e.g. login sessions).
Analytical cookies (e.g. Google Analytics) help us understand how users use the site.
Marketing cookies may be used to show personalised advertisements (with your consent).
You can manage your cookie preferences via our cookie banner and your browser settings.
Disabling functional cookies may affect the website's operation.
We do not use intrusive tracking technologies or those placed without consent.
Our cookie policy provides a detailed overview of all cookies used.
We are not responsible for cookies placed by external websites we link to.
We disclaim any liability for the consequences of accepting or rejecting cookies.

8. Liability and changes

This privacy policy is a statement of intent and does not create contractual rights beyond legal requirements.
We are not liable for indirect or consequential damages arising from the processing of your data.
Our liability is limited to the extent permitted by law.
We cannot guarantee that our platform is 100% free from security risks; you use it at your own risk.
We are not responsible for data processing by independent partner companies.
This policy may be changed; the most recent version always applies and can be consulted on our website.

1. What data do we collect?

We collect personal data that you voluntarily provide, such as name, email address and date of birth.

For business partners, we collect company name, contact details and registration numbers for contractual purposes.

We automatically collect technical data such as IP address, browser type and operating system for analysis and security.

Usage data, such as viewed deals and interactions, is collected to improve our platform.

Location data (city, country) is needed to show geographically relevant deals.

We do not use sensitive personal data (race, religion, health), unless explicitly and legally permitted.

Providing incorrect information may lead to restriction or termination of your account.

Data from minors is not knowingly collected without parental consent.

2. Why and how do we use your data? (Legal bases)

The primary purpose of data collection is to personalise your experience and offer relevant special offers.

Data is also used for account management, communication and platform security.

The processing of your data is based on your explicit consent during registration (GDPR Art. 6(1)(a)).

For contractual obligations with partners, the legal basis is performance of a contract (GDPR Art. 6(1)(b)).

We may process data to comply with legal obligations (GDPR Art. 6(1)(c)).

Our legitimate interest (platform security, analysis) may be a legal basis (GDPR Art. 6(1)(f)).

You can withdraw your consent at any time, which does not affect the lawfulness of prior processing.

Withdrawal of consent may result in being unable to use our services.

For marketing communications, separate opt-in consent is requested.

We carefully document your consent (time, method).

Participation in prize draws implies consent to data processing for that purpose.

The privacy policy is presented to you for acceptance before you provide data.

3. With whom do we share your data?

We never sell your personal data to third parties.

Data is only shared with partner companies when you claim a deal, to verify validity.

We use external service providers (processors) for hosting, email and data analysis.

Data processing agreements have been concluded with all our processors in accordance with GDPR.

These agreements require processors to use data securely and only for agreed purposes.

Data may be shared with government authorities if legally required (e.g. court order).

Anonymous, aggregated data may be shared for statistical and marketing purposes.

In the event of a merger or acquisition, data may be transferred to the new owner, subject to this policy.

Links to external websites are not covered by this privacy policy; we are not responsible for their practices.

Social media logins (Google, Facebook) are subject to those platforms' privacy policies; we only receive basic profile info.

4. International data transfers

Your data may be stored and processed on servers outside your own country.

When transferring data outside the EEA, we ensure appropriate safeguards (e.g. EU Standard Contractual Clauses).

Our hosting providers are selected based on their certifications (e.g. ISO 27001, SOC 2).

We strive to keep data within the EU/EEA as much as possible.

You will be informed if your data is structurally processed outside the EEA.

The UAE (Dubai) has different privacy legislation; data from UAE users is handled according to local laws.

We take measures to protect data, regardless of storage location.

We are not responsible for jurisdictions that require data access in a manner contrary to GDPR.

You can request information about the specific safeguards for international transfers.

We are not liable for unintended data leaks at international cloud providers despite contractual safeguards.

5. How do we secure and retain your data?

We implement appropriate technical and organisational measures to protect your data.

This includes encryption, access controls, firewalls and regular security audits.

Access to personal data is limited to employees who need it for their role.

In the event of a data breach, we follow a protocol for notification to authorities and affected individuals, if legally required.

We do not retain your data longer than necessary for the purposes for which it was collected.

Account data is retained while your account is active, and a reasonable period thereafter for administrative purposes.

Data related to financial transactions (for partners) is retained according to legal retention periods (e.g. 7 years).

After the retention period, data is securely deleted or anonymised.

You can request early deletion of your data (see 'Your Rights').

We are not liable for security incidents caused by user negligence (e.g. weak password).

6. Your rights under GDPR

You have the right to access the personal data we hold about you.

You have the right to have inaccurate data corrected.

You have the right to have your data deleted ('right to be forgotten'), unless legal obligations prevent this.

You have the right to restriction of processing in certain situations.

You have the right to data portability: receiving your data in a structured, commonly used format.

You have the right to object to the processing of your data for direct marketing.

You have the right to object to processing based on our legitimate interest.

Rights are not absolute and may be subject to legal exceptions.

To exercise your rights, you can contact us via the contact details in this policy. We may request identity verification.

We aim to respond to your request within 30 days.

7. Cookies and tracking technologies

We use cookies and similar technologies to ensure website functionality and analyse usage.

Functional cookies are essential for the website to work (e.g. login sessions).

Analytical cookies (e.g. Google Analytics) help us understand how users use the site.

Marketing cookies may be used to show personalised advertisements (with your consent).

You can manage your cookie preferences via our cookie banner and your browser settings.

Disabling functional cookies may affect the website's operation.

We do not use intrusive tracking technologies or those placed without consent.

Our cookie policy provides a detailed overview of all cookies used.

We are not responsible for cookies placed by external websites we link to.

We disclaim any liability for the consequences of accepting or rejecting cookies.

8. Liability and changes

This privacy policy is a statement of intent and does not create contractual rights beyond legal requirements.

We are not liable for indirect or consequential damages arising from the processing of your data.

Our liability is limited to the extent permitted by law.

We cannot guarantee that our platform is 100% free from security risks; you use it at your own risk.

We are not responsible for data processing by independent partner companies.

This policy may be changed; the most recent version always applies and can be consulted on our website.