Privacy Statement mobile-pocket App
October 30st 2018
The mobile-pocket application (hereafter: „mobile-pocket“ or “app”) offers users the possibility to store customer cards (loyalty cards) or other cards on mobile devices and display and use these as digital identification. Users can moreover use the application to inquire about current offers by customer card carriers (retailers) and other promotions. The app´s purpose is to allow for the provision of customer loyalty programs in digital format and inform customers about offers by retailers. To that end, mobile-pocket can upon request provide the operators of customer loyalty programs with a list of customer numbers/barcode numbers of registered customers who have digitally stored their customer card in mobile-pocket, so that they can join this data with their existing customer data and tailor any offers to user preferences even better. mobile-pocket is operated by bluesource – mobile solutions GmbH, Softwarepark 35, 4232 Hagenberg i.M., Austria (hereafter: “bluesource”, “we” or “us”). bluesource is as such also responsible for the processing of personal data occurring through the use of the mobile-pocket application by users.
Users can access the application by installing it on their device. After consenting to the privacy statement, an anonymous user account linked to the mobile device is created in the background. The user can then store customer cards or other cards usually just by entering a customer card´s number, by photographing or scanning the barcode or a predesigned template and then use these in their digital form. The user can subsequently create an account to his mobile-pocket account using either his e-mail address and password or Facebook/Google+ login. This way the user will, in the event of loss or replacement of his mobile phone and after reinstalling the application and entry of login details, have access to his user account and will be able to use his stored customer cards at any time. The registration of a user account is in principle not mandatory and done on a voluntary basis. For the use of further services, however, registration with the requisite data is necessary.
Every mobile-pocket user can use the app to register for selected customer loyalty programs (sign up for new cards).
Using sign up for new cards, mobile-pocket will perform the registration to a retailer´s customer loyalty program by transmitting the necessary data (usually full name, full address, e-mail address, phone number, sex, birthdate, store used) to the retailer (businesses using customer cards) and with the retailer subsequently issuing a digital customer card. The user will separately consent to the transfer of his data by query in mobile-pocket and will usually also have to accept the terms and conditions or privacy statement of the respective retailer. If the user wishes to receive information on the data pertaining to his person that the respective retailer/third-party vendor has processed or no longer consents to the use of his data by the respective retailer/third-party vendor, he should contact this retailer/third-party vendor directly.
Many stores and other places offer the possibility for users to show location-specific information or offers relating to certain products directly in the app. This is done using so-called beacon technologies. Beacons are small transmitters that transmit signals via Bluetooth or via BLE. So-called Geofences and NFC technology additionally offer the possibility to display location-specific information. If a user has enabled Bluetooth on his mobile phone and, using the appropriate settings in his mobile phone, given mobile-pocket permission to perform location queries, the app will display information or offers about products that have a relation to the location transmitted by the user. For this purpose, we use the “Beaconinside Proximity” service, which is provided by Beaconinside GmbH. This service processes and analyzes data generated by beacons, Geofences, NFC and Physical Web. To that end, the user´s geolocation and context information are processed in order to offer location-specific services, indoor and outdoor marketing and retargeting solutions as well as analysis reports. You can find more information on data processing by Beaconinside at https://www.beaconinside.com/privacy-policy.
The user can deactivate this service at any time by limiting the necessary permissions on his mobile phone (deactivation of location sharing).
We inform our users about retailer offers tailored to their preferences (advertising) or provide retailers the possibility to inform participants of their customer loyalty programs (users who have stored a customer card of the respective retailer in the app) or other mobile-pocket users about promotions. To this end as well as for the further development of our app, we analyze the data provided to us (especially information pertaining to which retailer´s cards have been stored), user behavior within the app (type and content of contents viewed, duration of the interaction), user location (insofar as the user has given permission for the use of this service using the settings on his mobile device), as well as technical data (IP address, type and model of the device on which the app is used, mobile network provider, art and version of the operating system, push token, country in which the user´s sim card is registered, language used on the device) in an anonymized manner.
As such, we process and use personal data for location-specific and time-sensitive advertising. Using location sharing and push messaging, region-specific offers can also be sent using push-messages, insofar as this service has been consented to.
We use push messaging for the following purposes:
- Information and announcements about our service
- Retailer offers
- Location-specific offers: in order to promote location-specific offers near the user or which are relevant to his location. For instance: you are paying too much for electricity, visit the next shop for more information, or are you in for more football? In that case, check out this sports promotion.
If the user wishes to receive no notifications (so-called push notifications) of mobile-pocket, he can deactivate this service at any time in the settings of his mobile phone.
Provided that they have given permission for the use of location data, we use users´ locations for the following purposes:
- Display promotions of local retailers in the app (alternatively upon manual entry of postal code
- Display promotions and advertisements by retailers in the vicinity
- Display promotions and advertisements by retailers on basis of location-related interest profiles
- Optimization of messaging content on basis of geolocations visited by the user.
The user can deactivate these functions at any time by limiting the necessary permissions on his mobile phone (deactivation of location sharing).
The user expressly consents to the processing of his data for the display of (location-specific) advertising and, in particular, to receiving push messages.
Retailers have the option to offer users the participation in digital bonus point programs in mobile pocket. Users who wish to participate in these programs must disclose the requisite information needed by the respective retailer (such as name, card number, scanned invoices etc.). This information (data) is forwarded to the respective retailer so that the user can participate in the programs. If the user wishes to receive information on the data pertaining to his person that the respective retailer/third-party vendor has processed or no longer consents to the use of his data by the respective retailer/third-party vendor, he should contact this retailer/third-party vendor directly.
We also offer retailers and third-party vendors the opportunity to deliver content in mobile-pocket themselves or integrate their services in mobile-pocket (such as for instance offers, coupons or promotions). In this case, user IP addresses are sent to retailers and third-party vendors, so that these can deliver their contents to users. If the use of an offer, a coupon or a promotion of a retailer or a third-party vendor requires the entry of data, this data is sent directly to the respective retailer/third-party vendor upon entry. mobile-pocket does not have any influence on such data and is not responsible for data that the user has provided to the retailer/third-party vendor. If coupons offered to the holders of a certain customer card or to participants of a bonus point program, the respective retailer/operator has the possibility to request a list of the customer card, barcode or customer numbers that have used this coupon. If the user wishes to receive information on the data pertaining to his person that the respective retailer/third-party vendor has processed or no longer consents to the use of his data by the respective retailer/third-party vendor, he should contact this retailer/third-party vendor directly.
Users can use the Help function in mobile-pocket to contact us directly and inform us about errors that occur during the operation of the app. If the app crashes, it sends us an automatic error message containing technical information that helps us in resolving the problem and further developing the app.
bluesource processes the following data for the services mentioned in this privacy statement:
- Name, e-mail address, phone number, address, sex, app ID, IP address, stored customer cards (possibly with photo)
- Data relating to user behavior (interaction within the app, time, duration)
- Technical data (type and model of device on which the app is used, mobile network provider, type and version of operating system, push token, country in which the user´s sim card is registered, language used on the device)
- the user's location
The data listed above is processed for the following purposes:
- Allowing the use and further development of our services
- Delivery of advertising to the user
Personal data is forwarded to retailers by using certain services (such as a bonus point program or sign up for new cards). For advertising displayed as part of Post-Go, we transfer data to the Österreichische Post AG, Rochusplatz 1, A-1030 Wien (Austria), who can use the data for analysis of the Post-Go campaigns and for the renewed approaching of customers in the course of Post-Go campaigns.
We store this data for the duration of our contractual relationship with the user.
The processing or this data is performed on basis of the legal grounds of performance of contract (Art 6 par 1 lit b GDPR), the safeguarding of our legitimate interest (Art 6 par 1 lit f GDPR) as well as the user´s consent to the processing of his personal data in the extent described above by declaration of consent with this privacy statement (Art 6 par 1 lit a GDPR).
Our legitimate interest is constituted by the generation of income with the services that we offer free of charge, which requires the processing of user data for advertising purposes and the subsequent delivery of advertisements. The user does not need to expect any disadvantage resulting from the use of this data and can refuse it at any time. The advertisement delivery itself is part of the service offered by mobile-pocket and users expect that advertisements of retailers – especially those of which they already have a customer card – are delivered to them.
We have appointed a data protection officer. This person can be contacted using the e-mail address data-protection(at)mobile-pocket.com.
If users have any questions with regard to privacy protection by mobile-pocket, they can contact our data protection officer at any time.
Users of our app have the right to require information about their processed personal data at any time. A short e-mail – with a copy of an ID attached and the statement that information about the data processing is requested – to data-protection(at)mobile-pocket.com is sufficient. We will answer inquires as soon as possible, in any case within a month. Alternatively, users can contact us directly using the Help function in mobile-pocket.
Users of our app moreover have the right to renounce and limit their consent to the processing of their data at any time and/or to require that their data is deleted or corrected. Here, too, a short e-mail with a copy of an ID attached and indication of the concrete request to data-protection(at)mobile-pocket.com is sufficient. Alternatively, users can contact us directly using the Help function in mobile-pocket.
If the user wishes to receive no notifications (so-called push notifications) of mobile-pocket, he can deactivate this service at any time in the settings of his mobile phone. If the user wishes to receive no location-specific messages, the user can deactivate this service at any time by selecting the appropriate settings in his mobile phone.
If users believe that bluesource processes their data in a manner that is contrary to data protection provisions, they have the right to contact the authority responsible for data protection (the Austrian Data Protection Authority (Datenschutzbehörde) is responsible for the registered office of bluesource, users also have the opportunity to file a complaint to the data protection authority in their respective country of residence).
The protection of personal data that has been disclosed to us is performed using appropriate organizational and technical measures. These measures involve in particular the protection against unauthorized, unlawful or also coincidental access, processing, loss, use and manipulation. Notwithstanding the efforts to continuously maintain an appropriately high standard of care, it cannot be excluded that information that users have disclosed through us through the app or by e-mail is viewed and used by other persons. We are committed to ensure that such data leaks are recognized early and if applicable reported to our users as well as the competent supervisory authority, referencing the respective data categories affected.
Google Analytics Mobile SDK is used in the operation of this app. This collects anonymized information as mobile advertising IDs. The code integrated in the app is: enableAdvertisingIdCollection(true). Google Analytics Mobile SDK uses anonymous identifiers to collect data about the user behavior on an anonymized basis. In order to deactivate this function – and the resulting interest-based advertisement – the following procedure is recommended:
- Open Google Settings on your device
- De-select Advertising
- Devices with iOS 6 and higher utilize the Advertising Identifier by Apple. More information on restricting Advertising Tracking with this ID may be found in the “Settings” menu on your device.