1 DATA PROTECTION AT ONE GLANCE
In order to provide this website to you, we collect, process and use the following data.
- Access data: With regard to each of your visits to this website, our web-servers record technical information which your browser automatically transmits. This includes the internet protocol (IP) address used to connect your computer or mobile device to the internet, the browser type and version you use, the operating system and date and time of your access. [More Details]
- Personal data you provide to us: We collect information about you that you actively provide to us by using special functions of this website, such as our contact forms. These data includes your email address as well as other details which are necessary for the provision and use of the respective services.
- Usage Data: In addition we actively collect further information about your visit to this website and your usage of its services and content. That information includes the full uniform resource locators (URL) clickstream to, through and from this website (including date and time), visited sub-pages, information you searched for, response times, length of visits to certain pages, email openings and which banners or links on the website or in an email were clicked on. We use such data for a variety of purposes. For example we use this information to better understand your needs and preferences so that we can improve this website and its functions and to provide you with more relevant and interest-based contents. [More Details]
- Cookies and similar tracking technologies: We automatically collect such usage data with the help of cookies and similar technologies. We may store unique identifiers in such cookies that can be used to identify your browser on subsequent visits to this website. [More Details]
- Social media networks: We may use plug-ins from social media networks on this website that allow you to share content with these networks. If you use these features, these networks may use their own cookies to collect data about you.
- Disclosure to third parties: We may disclose some of your information to business partners in connection with the redemption of promotional offers published on this Website, to affiliated companies who provide joint content and services (such as newsletter and customer support) or to service providers who perform certain services on our behalf, but only to the extent necessary to perform the respective services. Some of the service providers may be located in a country outside Switzerland and the EU/EEA. However, we exclusively work with companies that offer an appropriate data protection level. [More Details]
2 WHO WE ARE AND WHAT WE DO
Operator of this Website is CupoNation GmbH, Radlkoferstraße 2, 81373 Munich, Germany (“CupoNation”, “we”, “us”), a company of Global Savings Group GmbH, Radlkoferstraße 2, 81373 Munich, Germany (“Global Savings Group”). Within Global Savings Group, CupoNation is responsible for the overall strategy, restructuring, product development, marketing strategy and quality assurance for the entire group. In this function, CupoNation also decides about the purposes and means of the processing of personal data that is collected in connection with the websites of Global Savings Group. Therefore, CupoNation is the controller of such data.
3 ACCESSING AND USING THE WEBSITE
3.1 Access data (Log files)
With each call of this Website our servers automatically store general access data about this process in server logfiles.
These data include:
- the called Website
- the IP address of the requesting system
- the type of browser and version used
- the operating system used
We do not aggregate such data with other data sources. The temporary storage of the IP address in logfiles is necessary for technical reasons and to ensure the security of our system, in particular relating to the recognition of misuse. These purposes also constitute our legitimate interest according to Art. 6 Para. 1 lit. f GDPR. We only retain such data for as long as it is necessary for the stated purposes.
IP addresses will be deleted or masked after 14 days at the latest.
3.2 Other data that we may collect
In addition, we collect and process information about your use of this Website and interaction with its content and services.
The information collected may include:
- Java on / off
- Cookies on / off
- IP-address in a shortened form (last three digits of the IP address are deleted)
- Referrer-URL (i.e. the previously visited site)
- Operating system
- Date and time of the visit
- Your browsing activity (such as scroll positions, clicks and mouse movements)
- Time and duration of page interactions
- Search queries made
- Clicks on banners and links
- Other information about how you interacted with this Website
We may use and disclose such information for the following purposes:
● to customize, measure and improve this Website and our services
This includes our use of the data to manage and improve the technical and functional aspects of the Website, to design the Website more user-friendly as well as to optimise the selection of its contents and functionalities. This also includes internal business purposes such as troubleshooting, data analysis, testing and research.
● to process and record your redemption of promotional offers
As we finance ourselves through commissions to provide our service free of charge to you, we may use information about your visit to our website, i.e. your usage of promotional offers for reporting purposes in order to bill and collect our commission from business partners.
● to provide you with personalised content
● for Advertising and (Re-)Targeting purposes
We consider these purposes as in our legitimate interest within the meaning of Art. 6 Para. 1 lit. f) GDPR. Our users expect us to provide offers to them, which reflect their current interests.
We retain this information as long as necessary and relevant for the aforementioned purposes or until you make legitimate use of your right to object to our use of such information. Pseudonymous user profiles are stored for a maximum of 24 months.
5 USE OF THIRD PARTY TOOLS
Some of the service providers are based in a country outside the EU/EEA. However, we exclusively work with companies that offer an appropriate data protection level in line with the stipulations of the GDPR. For more information please see section 6.
Below we will give you an overview and description of third-party provider technologies we may use for this Website.
5.1 Web analytics tools
We have implemented all analytic tools with activated IP anonymisation, so that the last three digits of the IP address are deleted directly after the data collection and only a portion of your IP address may be used and stored on the servers of the respective service providers.
Google Analytics is a web analytics service provided by Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) who reports on user interactions on this website.
The information collected by Google Analytics (including the anonymized IP address) will be transmitted to and stored by Google on servers in the United States. According to Google only in exceptional cases the full IP address may be transmitted directly to a Google server in the USA and encrypted there. Any user-identifiers (e.g. Cookie-ID) stored by Google Analytics will automatically be deleted from Googles´ servers after 14 months.
For further information please refer to Googles Analytics security and privacy principles: https://support.google.com/analytics/answer/6004245?hl=de.
Opt-Out: You can prevent the processing of your data by Google Analytcs by installing the Google Analytics opt-out browser add-on available under https://tools.google.com/dlpage/gaoptout?hl=de. The browser add-on is available for most modern browsers.
6 DISCLOSURE OF YOUR PERSONAL DATA
We only disclose your personal data to third parties, if this is necessary for the purpose of providing this Website and services, we are obligated or entitled hereto by contract or law or you have granted your explicit consent.
6.1 Service providers
We also work with technical service providers, who may have access to your personal data, but only to the extent necessary to perform their respective services. For instance we engage technical service providers to manage our Newsletter. These service providers may not disclose your personal data to third parties or use these for any other purposes than instructed.
We use Amazon Web Services (“AWS”) for hosting this website. AWS is a service of Amazon Web Service Inc, P.O. Box 81226 Seattle, WA 98108-1226, USA (“Amazon”). The data is stored exclusively in a German data center (Frankfurt am Main), which is certified according to ISO 27001, 27017 and 2018 as well as PCI DSS Level 1. All data stored by us on Amazons system is under our sole control and is automatically encrypted. Amazon is not allowed to access or use our data for any purpose whatsoever. For more information on AWS and data protection, please visit https://aws.amazon.com/de/compliance/eu-data-protection/ and https://aws.amazon.com/de/privacy/.
6.2 Data transfer outside of the EU
Some of these service providers are based in a country outside the EU/EEA. However, we exclusively work with companies that offer an appropriate data protection level in line with the stipulations of the GDPR. We also have appropriate agreements in place to ensure that the service providers will take all necessary measures to protect your personal data in accordance with applicable requirements.
The data transmission to service providers in the USA is carried out on the basis of the so-called “EU-US Privacy Shield” or on so-called “standard contractual clauses” of the EU-Commission. The EU-US Privacy-Shield is an agreement between the European Union and the USA that guarantees the compliance with European data protection standards in the USA. The standard contract clauses of the EU-Commission concerns a contract, in which the service provider is obligated to protect personal data, in line with the contractual regulations to process these at our order and in particular not to forward these to third parties. A free copy of the standard contract clauses will be provided to you upon request. For this purpose please contact us and send a stamped envelope for a reply to the address stated under Section 7.
7 YOUR RIGHTS
In respect to our processing of personal data related to you, you are entitled to the following rights free of charge.
7.1 Right to withdraw consent pursuant to art. 7 GDPR
If you have given us your consent to process your data but change your mind later, you have the right to withdraw your consent at any time by sending an email or written letter to our contact address as stated below. We will stop processing your data accordingly.
7.2 Right of access pursuant to Art. 15 GDPR
You have the right to obtain confirmation from us as to whether or not any personal data concerning your person is being processed by us and, if this is the case, you shall have the right to access your information pursuant to Art. 15 GDPR. However, with regard to pseudonymised usage profiles created by us ,we are not able to allocate these to individual persons. Accordingly, we cannot provide any information relating to these data, unless you provide us with information, which enables us to allocate such data to your person. We will point this out to you in case of an inquiry.
7. 3 Right to rectification pursuant to Art. 16
You have the right to request us to rectify any inaccurate or incomplete personal data we hold about you.
7.4 Right to erasure pursuant to Art. 17 GDPR
You have the right to obtain the erasure of your personal data we hold about you if we do not have a legal reason to continue to process and hold it.
7.5 Right to restrict processing pursuant to Art. 18 GDPR
You have the right to ask us to restrict how we process your data subject to Art. 18 GDPR. In this case, we will be permitted to store the data but not further process it.
7.6 Right to data portability pursuant to Art. 20 GDPR
You are entitled to receive personal data that you have provided to us with your consent in a structured, commonly used and machine-readable format or – if technically feasible – to demand that we transfer those data to a third party.
7.7 Right to object to data processing pursuant to Art. 21 GDPR
7.8 Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with the competent supervisory authority if you feel that the processing of your data is carried out by us by breaching applicable law. You can reach out to the supervisory authority which is responsible at your place of residence or to the supervisory authority responsible for us.
The supervisory authority that is responsible for us is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Phone: +49 (0) 981 53 1300
Fax: +49 (0) 981 53 98 1300
8 CONTACT DATA AND PROTECTION OFFICER
If you have questions relating to this privacy statement, if you wish to exercise any of your rights or if you have any other concerns regarding the processing of your personal data by us, please contact us by email at firstname.lastname@example.org and provide the details of the request that you are making, for example by specifying personal data you want access to. You can also contact us under the following contact details:
Phone: +49 (0) 89 96058699
You can also contact our group commissioner for data protection Mr. Michael Mayer at these contact details.
LAST UPDATED, MAY 17, 2018