means any information relating to an identified or identifiable natural person (“data subject/user”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing regarding your use of Costless Service.
is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
is a security protection measure for personal data; as a form of cryptography, it is a process whereby personal data gets turned into an encoded and unintelligible version, using encryption algorithms and an encryption key, and whereby a decryption key or code enables users to decode it again.
Consent of the data subject
is any freely given, specific, informed and unambiguous indication of the data subject/user's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
Costless Ukraine LLC, Sergey Shcherbanenko
Ukraine, Kyiv city, Timoshenka 29A
[full company name]
[full address pf registration]
Anyone can access our website and application without necessity to provide its personal data.
As you are willing to use our Service you are required to provide your personal data (to register an Account), thus becoming a user of Costless.
1. Types of Information We Collect
The purpose of processing personal data is your intention to use our Service (“Purpose”).
With this Purpose we collect the following types of information, that allows us to communicate with you, including information that can be used to identify you, which includes:
1) name, email address, date of birth, phone number and social media website user Account names (“Personal Data
”). You provide us with Personal Data when you register for an Account, use the Service, post User Content, interact with other users of the Service through communication or messaging features, or send us customer service related requests, and
2) general information that does not identify you personally as:
- Relationship Information that helps us to understand who you are and what types of offers you might like. This includes lifestyle, preference, and interest information; the types of offers that interest you; information collected from social media interactions (such as via Facebook Connect and Twitter); and demographic information (e.g., birth date, age, gender);
- Search Information, meaning the terms or keywords you search for when using the Service; - Shopping List Information about what items and terms you search for and place on your Shopping List when using the Service, as well as what items you check off of your Shopping List when using the Service.
- Transaction Information about how you interact with the Service, such as the offers you view and redeem, other products you purchase, and the stores you prefer; other information about how you use our Service, email, other communications, and applications; and how you interact with Costless's shops, business partners, and service providers.
- Location Information, including precise location data, to help us deliver you offers near you shop if you have activated our Service on a mobile device and permitted your mobile device to transmit location data.
- Username and password when you register in our Service;
- Loyalty card Information, such as store loyalty card numbers (individual customer number) you elect to register and it’s provider. This data will be used for the contractually agreed purposes – which is the conversion into the corresponding barcode – and will be shown to the user within the app;
- Receipt Information based on receipts uploaded to us through the Service, such as the items and date(s) of your purchases, prices of the items, methods of payment, the last four digits of your credit card number, signature, and names and locations of the shops;
- Other Information you may provide to us when submitting requests;
- Other Information from Third Parties. We may also receive information about you from service providers, our partners, shops, or other third parties, such as your preferences and interests, device information or your Account information for specific third-party providers if they are integrated with the Costless. Information we receive from such third parties are subject to the limitations of the privacy policies of those third parties. We also receive information about you that is publicly available, such as when you submit information to a blog, chat room, or social network(s).
When using these general information, we do not draw any conclusions about you as the data subject. Rather, this information is needed to (1) deliver the content of our website and Service correctly, (2) optimize the content of our website and Service, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.
Therefore, we analyze anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our company, and to ensure an optimal level of protection for the personal data we process.
The personal data entered by you are collected and stored exclusively for internal use by the controller and for his own purposes. The personal data stores separately in data base to avoid data subject identification by using depersonalization features in compliance with GDPR storage limitation principle.
2. How We Use Information
You use Costless as your shopping companion, and we will use the Information we collect from and about you in many ways to help you do the shopping. This includes using the Information in creative ways so that you may be provided with shopping-related Service and for advertising and marketing to you. Our uses of Information will change over time to take advantage of the latest technology and methods to help improve our shopping-related Service and the advertising and marketing you receive from us.
By using the Service, you agree that we may change our shopping-related Service and advertising and marketing practices at any time. If you disagree with how we provide the shopping-related Service or are advertising and marketing to you, you may opt out of certain activities or stop using the Service.
We use Information to:
- Operate and improve our Service;
- Provide users with offers for products and Service from participating brands and retail clients, including offers based on variables such as stated and anticipated user interests, personal characteristics, consumption of advertisements, past shopping list placements or searches, or user location;
- Evaluate eligibility of users for certain offers, products or Service;
- Provide card-linked offers;
- Evaluate the types of offers, products or Service that may be of interest to users;
- Track redemption of offers and past purchases;
- Perform analytics;
- Provide customer support to users;
- Fulfill requests for our Service;
- Communicate and provide additional information which may be of interest to you about us and our merchants and business partners, such as our news, special offers, announcements, and marketing materials;
- Send you reminders, technical notices, updates, security alerts and support and administrative messages service bulletins, or marketing;
- Provide advertisements to you through the Service, email messages, text messages, push notifications, applications, or other methods of communication;
- Carry out other purposes to which you consent;
- Anonymize personal information to provide third parties with aggregated data reports showing anonymized information and other non-personal information;
- In addition to the foregoing, we may anonymize or aggregate information and use and disclose it for any purpose.
3. How We Share Your Information
We work with various partners so they can provide shopping-related Service, advertising, and marketing to you. To facilitate these activities, we may share your Personal Data with our partners by secured channels under data processing agreements (DPA).
By using the Service, you agree that we may share your Personal Data for these purposes.
You may be able to adjust how we share your Personal Data by changing options within the Service.
If you disagree with the way we share your Personal Data, you may stop using the Service and ask us to delete your Account.
As we use third party technological Service for the provision of Service, we may transfer your Personal Data internationally. Providers of such technological Service may process personal data collected in the course of providing us their Service as sub-processors only under DPA in accordance with GDPR.
We may share your information, including your Personal Data, as follows:
- Service Providers. We may disclose the information we collect from you to third party vendors, technology and other service providers, contractors or agents who perform functions on our behalf, or are engaged with us. For example, we use service providers to help us extract and process the Receipt Information from receipts. These service providers are allowed to access and use the information we make available to them only as needed to perform their functions and for no other purposes.
- Affiliates. We may disclose the information we collect from you to our corporate affiliates or subsidiaries; however, if we do so, their use and disclosure of your Personal Information will be subject to this Policy.
- In Response to Legal Process. We also may disclose the information we collect from you in order to comply with the law, a legal proceeding, court order, or other legal process, such as in response to a court order or a subpoena.
- To Protect Us and Others. We also may disclose the information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Service or this Policy, or as evidence in litigation in which Costless is involved.
Costless will not disclose your Personal Information to a third party without your consent.
4. Security Of Your Personal Information
As the controller, we have implemented numerous technical (including encryption) and organizational measures to ensure the most complete protection of Personal Data processed through Costless. We store your Personal Data on our servers and data centers in compliance with DPA.
We have implemented commercially reasonable precautions to protect your Personal Data and information we collect from loss, misuse, and unauthorized access, disclosure, alteration, destruction or leak.
Please be aware that despite our efforts, no data security measures can guarantee 100% security. The encryption is useless if the access password or other credentials are weakly protected and stored by you.
You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private.
We are not responsible for any data breach, lost, stolen, or compromised passwords or for any activity on your Account via unauthorized password activity.
In case there might be a risk of unauthorized disclosure of personal data the controller communicates the personal data breach to the data subject without undue delay. However, as we have implemented appropriate technical and organizational protection measures, as encryption, and it was applied to the personal data affected by the personal data breach, we are not required to communicate you, only to the competent supervisory authority not later than 72 hours after having become aware of personal data breach.
5. Your rights
Here are the main rights you are entitled to by using our Service:
1) right to obtain from the controller the confirmation as to whether or not personal data concerning you are being processed (right of confirmation);
2) right to obtain from the controller free information about your personal data stored at any time and a copy of this information (right of access);
3) right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you (right to rectification);
4) right to obtain from the controller the erasure of personal data concerning you without undue delay (right to erasure);
5) right to obtain from the controller restriction of processing (right to restriction of processing);
6) right to receive the personal data concerning you, which was provided to a controller, and to transmit those data to another controller without hindrance from the controller (right to data portability);
7) right to object to processing of personal data concerning you (right to object);
8) right not to be subject to a decision based solely on automated processing, including profiling;
9) right to withdraw your consent to processing of your personal data at any time (right to withdraw data protection consent).
6. Cookies and Related Technologies
When you use our Service, we may collect certain information by automated or electronic means, using technologies such as cookies, pixel tags and web beacons, browser analysis tools, and web server logs. As you use our Service, your browser and devices communicate with servers operated by us, our business partners and Service providers to coordinate and record the interactivity and fill your requests for Service and information.
The information from cookies and related technology is stored in web server logs and also in web cookies kept on your computers or mobile devices, which are then transmitted back to our Service by your computers or mobile devices. These servers are operated and the cookies managed by us, our business partners or our service providers. For example, when you access our Service, Costless and our service providers may place cookies on your computers or mobile devices. These cookies may include means for tracking your transaction information with a shop and may include tracking technology from third-party affiliate-network operators. Cookies allow us to recognize you when you return, and track and target your interests in order to provide a customized experience. They also help us provide a customized experience and help us to detect certain kinds of fraud.
A "cookie" is a small amount of information that a web server sends to your browser that stores information about your Account, your preferences, and your use of the Service. Some cookies contain serial numbers that allow us to connect your activity with the Service with other information we store about you in your profile or as related to your other interactions with the Service.
Some cookies are temporary, whereas others may be configured to last longer. "Session" cookies are temporary cookies used for various reasons, such as to manage page views. Your browser usually erases Session cookies once you exit your browser. "Persistent" cookies are more permanent cookies that are stored on your computers or mobile devices even beyond when you exit your browser. We use persistent cookies for a number of purposes, such as retrieving certain information you have previously provided (such as your user id if you asked to be remembered), and storing your preferences.
Pixel tags and web beacons are tiny graphic images placed on website pages or in our emails that allow us to determine whether you have performed specific actions. When you access these pages or open email messages, the pixel tags and web beacons generate a notice of that action to us, or our service providers. These tools allow us to measure response to our communications and improve our web pages and promotions.
We collect many different types of information from cookies and other technologies. For example, we may collect information from the devices you use to access our Service, your operating system type or mobile device model, mobile device identifiers, browser type, domain, and other system settings, as well as the language your system uses and the country and time zone of your device. Browsers and mobile devices routinely send these types of information to web servers.
Our server logs also record the Internet Protocol ("IP") addresses of the devices use to interact with the Service. An IP address is a unique identifier that devices use to identify and communicate with each other on the Internet. We may also collect Information about the website you were visiting before you came to our Service and the website you visit after you leave our Service, if this Information is supplied to us by your browser.
We also use third party Service, such as Google Analytics, to help us understand how visitors interact with our website and to help improve our user experience. Google provides additional privacy options regarding cookie use described at
7. Change or Delete Your Information
You may review, update, correct or delete your Personal Data in your Account by contacting us or by making the appropriate modifications in your Account preferences. You can also make changes in the Application by clicking on Settings and making changes. If you would like us to delete your Account and/or remove your records from our system, please contact us and we will delete your Account within 45 days if we do not have any legal obligation to retain the record if the processing is necessary for the establishment, exercise or defence of legal claims.
8. Our Commitment to Children's Privacy
Our Service is not directed to be used by children. Children under 13 are not permitted to use the Service and we do not knowingly collect or maintain Personal Data from children and minors. If we obtain actual knowledge that we have collected Personal Data from a child we will promptly delete it, unless we are legally obligated to retain such data.
If you are under 13 years-of-age, then please do not use or access Service at any time or in any manner. If you are a parent or guardian and discover that your child under the age of 13 has obtained an Account on the Service, then you may alert us at email@example.com
and we will delete the information collected from or about that child from our systems.
9. Push Notifications and In-App Alerts and Updates
When you download one of our mobile applications, we may provide you with the option to opt in to receive push notifications from Costless on your mobile device in connection with that mobile application. These push notifications may include promotional communications regarding Costless products and Service. You may, after downloading the applicable mobile application, opt out of receiving push notifications by adjusting the settings on your mobile device. Opting out of push notifications will not affect other communications you receive from Costless, such as email communications. You also may receive alerts and updates within our mobile applications regarding Costless products and Service or your Costless Accounts. To opt out of receiving these alerts and updates, you may uninstall the applicable mobile application from your mobile device.
10. Legal Matters
We consider your use of our Service to be private. However, we may disclose your Personal Data stored in your account and/or on our servers and databases, in order to:
(1) comply with the law or legal process served on us;
(3) investigate potential fraudulent activities; or
(4) protect the rights, property, or safety of our company, its employees, its customers or the public.
11. Changes to This Policy
as well as make it available through the applications.
12. Contact Us
Data Controller: Costless Ukraine LLC, email: firstname.lastname@example.org
Version: November 29, 2021.