Privaatsuspoliitika
We at Costless value your privacy and want you to understand the choices and control you have over your information on Costless service. Our Privacy Policy complies with new requirements of the European Union General Data Protection Regulation (GDPR). PLEASE READ THIS PRIVACY POLICY CAREFULLY. IF YOU DISAGREE WITH OUR PRACTICES, PLEASE DO NOT CREATE AN ACCOUNT, OR DO NOT INTERACT WITH COSTLESS IN ANY OTHER WAY. BY USING COSTLESS YOU ARE AGREEING TO BE BOUND BY FOLLOWING THE PRIVACY POLICY. THIS PRIVACY POLICY IS INCORPORATED INTO AND IS SUBJECT TO THE COSTLESS TERMS OF USE. This Privacy Policy (hereinafter - "Privacy Policy") applies to personal data obtained by Costless Service and its controller, including through Costless's websites as published at https://costless.online, https://costless.com.ua, and mobile-device applications we offer through iOS https://apps.apple.com/ua/app/costless/id1344966626 and Android https://play.google.com/store/apps/details?id=com.sannacode.android.costless app stores (collectively, the "Service"). The Privacy Policy describes the types of personal data we obtain about data subjects as consumers, how we store and use the information, and with whom we may share it. We also describe the measures we take to protect personal data and how you can contact us about our privacy practices. Definitions Personal data means any information relating to an identified or identifiable natural person (“data subject/user”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. The data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing regarding your use of the Service. Processing is any operation or set of operations which are performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. Encryption is a security protection measure for personal data; as a form of cryptography, it is a process whereby personal data gets turned into an encoded and unintelligible version, using encryption algorithms and an encryption key, and whereby a decryption key or code enables users to decode it again. Consent of the data subject is any freely given, specific, informed, and unambiguous indication of the data subject/user's wishes by which he or she or another identity, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her or another identity. Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union, and other provisions related to data protection are: full company name: Costless Ukraine LLC full address of registration: Ukraine, Kyiv city, Timoshenka 29A E-mail: mail@costless.online Capitalized terms that are not defined in the privacy policy have the meaning given to them in the Service Terms of Use. Anyone can access our websites without the necessity to provide their personal data. To use applications, users have to be registered in Service by providing base personal data: email and/or social network identifier; name; avatar, or image. As you are willing to use the Service you are required to provide your personal data (to register an Account), thus becoming a user of Costless. 1. Types of Information, Service Collect The purpose of processing personal data is your intention to use the Service (“Purpose”). With this Purpose we collect the following types of information, that allow us to communicate with you, including information that can be used to identify you, which includes: 1) name, email address, date of birth, phone number and/or social media identifier, avatar/image (“Personal Data”). You provide us with Personal Data when you register for an Account or during Service usage by posting User Content, interacting with other users of the Service through communication or messaging features, or sending us customer service-related requests, and 2) general information that does not identify you personally as: - Relationship Information that helps us to understand who you are and what types of offers you might like. This includes lifestyle, geolocation, language, preference, and interest information; such as the types of offers that interest you; information collected from social media interactions (such as via Facebook Connect or Google); and demographic information (e.g., birth date, age, gender); - Search Information, meaning the terms or keywords you search for when using the Service; - Shopping List Information about what items and terms you search for and place on your Shopping List when using the Service, as well as what items you check off of your Shopping List when using the Service. - Transaction Information about how you interact with the Service, such as the offers you view and redeem, other products you purchase, and the stores you prefer; other information about how you use the Service, email, other communications, and applications; and how you interact with Costless's shops, business partners, and service providers. - Location Information, including precise location data; - Username and password when you register for the Service; - Avatar/perosnal image/photo; - Loyalty cards Information, such as store loyalty card numbers (individual customer numbers) you elect to register and its provider. This data will be used for the contractually agreed purpose – which is the conversion into the corresponding barcode – and will be shown to the user within the app; - Receipt Information based on receipts uploaded to the Service, such as the items and date(s) of your purchases, prices of the items, and names and locations of the shops; - Other Information you may provide to us when submitting requests; - Device Information. To collect, maintain and use certain Device Information, we may use session ID and persistent “cookies,” data collection tags or directives such as “pixel tags”, Javascript scripts, API calls, and/or other storage on your device (individually or collectively, “Usage Technology”); - Other Information from Third Parties. Service may also receive information about you from service providers, our partners, shops, or other third parties, such as your preferences and interests, device information, or your Account information from specific third-party providers if they are integrated with the Costless. Information we receive from such third parties is subject to the limitations of the privacy policies of those third parties. Service also receive information about you that is publicly available, such as when you submit information to a blog, chat room, or social network(s). When using this general information, we do not draw any conclusions about you as the data subject. Rather, this information is needed to (1) deliver the content of our websites, and apps (Service) correctly, (2) optimize the content of our websites, and apps (Service), (3) ensure the long-term viability of our information technology systems and websites, apps technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, we analyze anonymously collected data and information statistically, with the aim of increasing the data protection and data security of Service and ensuring an optimal level of protection for the Personal Data we process. The Personal Data (entered by you data is collected and stored exclusively for internal use by the controller and for Service functioning purposes. The Personal Data is stored separately in the database to avoid data subject identification by using depersonalization features in compliance with the GDPR storage limitation principle. 2. How Service Use Information You use Costless as your shopping companion/assistant, and Service will use the Information it collects from and about you in many ways to help you do the shopping. This includes using the Information in creative ways so that you may be provided with shopping-related services and for advertising and marketing to you. Service’s uses of Information will change over time to take advantage of the latest technology and methods to help improve shopping-related services and the advertising and marketing, you receive from them. By using the Service, you agree that it may be changed at any time. If you disagree with how Costless provides the shopping-related Service or is advertising and marketing to you, you may opt out of certain activities or stop using the Service. Costless use Information to: - Operate and improve Service; - Provide users with offers for products and other data from participating brands and retail clients, including offers based on variables such as stated and anticipated user interests, personal data, consumption of advertisements, past shopping list placements or searches, or user location; - Evaluate eligibility of users for certain offers, products, or services; - Provide card-linked offers; - Evaluate the types of offers, products, or services that may be of interest to users; - Track redemption of offers and past purchases; - Perform analytics; - Provide customer support to users; - Fulfill requests for Service; - Communicate and provide additional information which may be of interest to you about Service and Service’s merchants and business partners, such as news, special offers, announcements, and marketing materials; - Send you reminders, technical notices, updates, security alerts, support, and administrative messages service bulletins, or marketing; - Provide advertisements to you through the Service, email messages, text messages, push notifications, applications, or other methods of communication; - Administer surveys, sweepstakes, contests, or other promotional activities or events sponsored by Costless or Costless’s partners; - Manage Service’s everyday business needs such as website administration, forum management, analytics, fraud prevention, Terms of Use or to comply with the law; - Carry out other purposes to which you consent; - Pseudonymize personal information to provide third parties with aggregated data reports showing Pseudonymized information and/or other non-personal information; - In addition to the foregoing, we may Pseudonymize or aggregate information and use and/or disclose it for any purpose. 2.1. How Service apps use Information - Email is used as a verified communication method and for verification, such operations as restoring/updating passwords, and deleting accounts; - User name is used to visually identify accounts in lists (see below Avatar usage description) and during email communication; - Avatar/perosnal image/photo may or may not be added by the user. It is used to visually identify accounts used in Service for example in shops/products comments, discount cards sharing processes, and shopping lists sharing processes; - Location Information, including precise location data, (1) to help Costless deliver offers near your; (2) notify you when you are near mentioned in the shopping list shop; (3) calculate distance/time/reasonability to go to selected shop from your location; These features are working only if you have activated our Service on a mobile device and permitted your mobile device to transmit location data; - Date of birth is used to filter out some groups of products like alcohol or tobacco according to local law. 3. How We Share Your Information Costless may work with various partners so they can provide shopping-related services, advertising, and marketing to you. To facilitate these activities, we may share your Personal Data with our partners through secured channels under data processing agreements (DPA). By using the Service, you agree that we may share your Personal Data for these purposes. You may be able to adjust how we share your Personal Data by changing options within the Service. If you disagree with the way we share your Personal Data, you may stop using the Service and ask us to delete your Account. As we use third-party technological services for the provision of Service, we may transfer your Personal Data internationally. Providers of such technological services may process Personal Data collected in the course of providing us their services as sub-processors only under DPA in accordance with GDPR. We may share your information, including your Personal Data, as follows: - Service Providers. We may disclose the information we collect from you to third-party vendors, technology and other service providers, contractors, or agents who perform functions on our behalf or are engaged with us. For example, we use service providers to help us extract and process the Receipt Information from receipts. These service providers are allowed to access and use the information we make available to them only as needed to perform their functions and for no other purposes. - Commercial Partners and other Third Parties. (a) In connection with our business, we may disclose demographic information (e.g., gender, household size, etc.) to commercial partners and other third parties in either single de-identified or aggregate summary form and may also provide other aggregate or de-identified information to such third parties. A singular summary includes demographic information about a person without specifically identifying the person. For example, this summary does not contain personal information such as an email address, nor does the combination of demographic information make it possible to identify the person. An aggregate summary includes demographic information about a group of persons without specifically identifying any person within the group. (b) We may also provide your information, including your Receipt Information and your Personal Information, to commercial partners, such as retailers or brands or other, for their own marketing research and analytics purposes (for example, to create models that estimate consumer preferences in the total population or to inform market segments). In that case, we will take steps designed to ensure that your Personal Information is handled securely and is treated at least as protectively as under this Privacy Policy. We will not, however, allow any third parties to use this information for the purposes of individual marketing to you or to contact you. - Affiliates. We may disclose the information we collect from you to our corporate affiliates or subsidiaries; however, if we do so, their use and disclosure of your Personal Information will be subject to this Policy. - In Response to Legal Process. We also may disclose the information we collect from you in order to comply with the law, a legal proceeding, a court order, or other legal processes, such as in response to a court order or a subpoena. - To Protect Costless Service and Others. We also may disclose the information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Service, or this Policy, or as evidence in litigation in which Costless is involved. 4. Security of your Personal Information As the controller, we have implemented numerous technical (including encryption) and organizational measures to ensure the most complete protection of Personal Data processed through the Service. We store your Personal Data on our servers and data centers in compliance with DPA. We have implemented commercially reasonable precautions to protect your Personal Data and the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, destruction, or leak. Please be aware that despite our efforts, no data security measures can guarantee 100% security. The encryption is useless if the access password or other credentials are weakly protected and stored by you. You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any data breach, lost, stolen, or compromised passwords or for any activity on your Account via unauthorized password activity. In case there might be a risk of unauthorized disclosure of Personal Data the controller communicates the Personal Data breach to the data subject without undue delay. However, as we have implemented appropriate technical and organizational protection measures, such as encryption, and it was applied to the Personal Data affected by the Personal Data breach, we are not required to communicate with you, only to the competent supervisory authority not later than 72 hours after having become aware of Personal Data breach. 5. Your rights This Privacy Policy also contains your rights towards your Personal Data. Here are the main rights you are entitled to by using Service: 1) right to obtain from the controller the confirmation as to whether or not Personal Data concerning you are being processed (right of confirmation); 2) right to obtain from the controller free information about your Personal Data stored at any time and a copy of this information (right of access); 3) right to obtain from the controller without undue delay the rectification of inaccurate Personal Data concerning you (right to rectification); 4) right to obtain from the controller the erasure of Personal Data concerning you without undue delay (right to erasure); 5) right to obtain from the controller restriction of processing (right to restriction of processing); 6) right to receive the Personal Data concerning you, which was provided to a controller, and to transmit those data to another controller without hindrance from the controller (right to data portability); 7) right to object to the processing of Personal Data concerning you (right to object); 8) right not to be subject to a decision based solely on automated processing, including profiling; 9) right to withdraw your consent to the processing of your Personal Data at any time (right to withdraw data protection consent). 6. Cookies and Related Technologies When you use our Service, we may collect certain information by automated or electronic means, using technologies such as cookies, pixel tags, web beacons, browser analysis tools, and web server logs. As you use Service, your browser and devices communicate with servers operated by Costless, our business partners, and service providers to coordinate and record the interactivity and fill your requests for Service and information. The information from cookies and related technology is stored in web server logs and also in web cookies kept on your computers or mobile devices, which are then transmitted back to Service by your computers or mobile devices. These servers are operated and the cookies are managed by Costless, its business partners, or service providers. For example, when you access Service, Costless and service providers may place cookies on your computers or mobile devices. These cookies may include means for tracking your transaction information with a shop and may include tracking technology from third-party affiliate-network operators. Cookies allow Costless to recognize you when you return and track and target your interests in order to provide a customized experience. They also help Costless provide a customized experience and help detect certain kinds of fraud. A "cookie" is a small amount of information that a web server sends to your browser that stores information about your Account, your preferences, and your use of the Service. Some cookies contain serial numbers that allow connecting your activity with the Service with other information the Service stores about you in your profile or as related to your other interactions with the Service. Some cookies are temporary, whereas others may be configured to last longer. "Session" cookies are temporary cookies used for various reasons, such as to manage page views. Your browser usually erases Session cookies once you exit your browser. "Persistent" cookies are more permanent cookies that are stored on your computers or mobile devices even beyond when you exit your browser. Service uses persistent cookies for a number of purposes, such as retrieving certain information you have previously provided (such as your user id if you asked to be remembered), and storing your preferences. Pixel tags and web beacons are tiny graphic images placed on website pages or in Service emails that allow determining whether you have performed specific actions. When you access these pages or open email messages, the pixel tags and web beacons generate a notice of that action to Service, or our service providers. These tools allow the Service to measure response to communications and improve web pages and promotions. Service collects many different types of information from cookies and other technologies. For example, may collect information from the devices you use to access Service, your operating system type or mobile device model, mobile device identifiers, browser type, domain, and other system settings, as well as the language your system uses and the country and time zone of your device. Browsers and mobile devices routinely send these types of information to web servers. Costless server logs also record the Internet Protocol ("IP") addresses of the devices use to interact with the Service. An IP address is a unique identifier that devices use to identify and communicate with each other on the Internet. We may also collect Information about the website you were visiting before you came to Service and the website you visit after you leave Service if this Information is supplied by your browser. In many cases, the information Service collects using cookies and other tools is used in non-identifiable ways, without any reference to Personal Information. For example, the Service uses information collected about users to optimize itself and understand its traffic and usage patterns. In other cases, Service associates collect information using cookies and related technologies with Personal Information. In that case, this Privacy Policy governs how that information is used. Additionally, if you have visited Costless websites or activated one of Costless mobile-device applications, and if the settings on your location-aware device allow receiving Location Information, Service will collect that automatically. If the Service associates Location Information with other Personal Data, this Privacy Policy governs how the Service would use that information too. Service also uses third-party services, such as Google Analytics, to help understand how visitors interact with Costless websites and to help improve Service’s user experience. Google provides additional privacy options regarding cookie use described at https://www.google.com/policies/privacy/partners. 7. Change or Delete Your Information You may review, update, correct, or delete your Personal Data in your Account by contacting Costless support or by making the appropriate modifications through your Account preferences through the Application by clicking on Settings and making changes. If you would like to delete your Account, You can do it by pressing the “Delete my account” button from the “Settings” menu through Costless’s mobile apps. If You would like to delete some of your records without Account deletion, please contact Costless support. Your Account and Personal Data will be deleted within 45 days if we do not have any legal obligation to retain the record if the processing is necessary for the establishment, exercise, or defense of legal claims in case of initiation removal process through Support. Or, the Account will be deleted instantly in case of the initiation process through the mobile apps. 8. Our Commitment to Children's Privacy Our Service is not directed to be used by children. Children under 13 are not permitted to use the Service and we do not knowingly collect or maintain Personal Data from children and minors. If we obtain actual knowledge that we have collected Personal Data from a child we will promptly delete it, unless we are legally obligated to retain such data. If you are under 13 years of age, then please do not use or access the Service at any time or in any manner. If you are a parent or guardian and discover that your child under the age of 13 has obtained an Account on the Service, then you may alert us at mail@costless.online and Costless support will delete the information collected from or about that child from Service. 9. Push Notifications and In-App Alerts and Updates When you download and use one of Costless's mobile applications, it may provide you with the option to opt-in to receive push notifications from Costless on your mobile device in connection with that mobile application. These push notifications may include promotional communications regarding Costless products and Services. You may opt out of receiving push notifications by adjusting the settings on your mobile device. Opting out of push notifications will not affect other communications you receive from Costless, such as email communications. You also may receive alerts and updates within Costless mobile applications regarding its products and Services or your Costless Accounts. To opt out of receiving these alerts and updates, you may uninstall the applicable mobile application from your mobile device. 10. Legal Matters Costless considers your usage to be private. However, Costless may disclose your Personal Data stored in your account and/or on Service servers and databases, in order to: (1) comply with the law or legal process served on Costless; (2) enforce and investigate potential violations of this Privacy Policy; including the use of this Service to participate in, or facilitate activities that violate the law; (3) investigate potential fraudulent activities; or (4) protect the rights, property, or safety of the Costless company, its employees, its customers, or the public. 11. Changes to this Privacy Policy This Privacy Policy may be changed from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our Site https://costless.online as well as make it available through the applications. 12. Contact Us If you have any questions about this Privacy Policy or you wish to make changes to your Personal Data or remove yourself from the Costless database, please contact Costless support by E-mail: mail@costless.online and insert the words "Privacy Policy question" in the subject line header of the e-mail. Data Controller: Costless Ukraine LLC, email: data.controller@costless.online Version: January 16, 2023.