BirthdayDeals
00
Days
00
Hours
00
Minutes
00
Seconds

Privacy Policy

Last updated: 01-12-2025

1. What data do we collect?

  • We collect personal data that you voluntarily provide, such as name, email address and date of birth.
  • For business partners, we collect company name, contact details and registration numbers for contractual purposes.
  • We automatically collect technical data such as IP address, browser type and operating system for analysis and security.
  • Usage data, such as viewed deals and interactions, is collected to improve our platform.
  • Location data (city, country) is needed to show geographically relevant deals.
  • We do not use sensitive personal data (race, religion, health), unless explicitly and legally permitted.
  • Providing incorrect information may lead to restriction or termination of your account.
  • Data from minors is not knowingly collected without parental consent.

2. Why and how do we use your data? (Legal bases)

  • The primary purpose of data collection is to personalise your experience and offer relevant special offers.
  • Data is also used for account management, communication and platform security.
  • The processing of your data is based on your explicit consent during registration (GDPR Art. 6(1)(a)).
  • For contractual obligations with partners, the legal basis is performance of a contract (GDPR Art. 6(1)(b)).
  • We may process data to comply with legal obligations (GDPR Art. 6(1)(c)).
  • Our legitimate interest (platform security, analysis) may be a legal basis (GDPR Art. 6(1)(f)).
  • You can withdraw your consent at any time, which does not affect the lawfulness of prior processing.
  • Withdrawal of consent may result in being unable to use our services.
  • For marketing communications, separate opt-in consent is requested.
  • We carefully document your consent (time, method).
  • Participation in prize draws implies consent to data processing for that purpose.
  • The privacy policy is presented to you for acceptance before you provide data.

3. With whom do we share your data?

  • We never sell your personal data to third parties.
  • Data is only shared with partner companies when you claim a deal, to verify validity.
  • We use external service providers (processors) for hosting, email and data analysis.
  • Data processing agreements have been concluded with all our processors in accordance with GDPR.
  • These agreements require processors to use data securely and only for agreed purposes.
  • Data may be shared with government authorities if legally required (e.g. court order).
  • Anonymous, aggregated data may be shared for statistical and marketing purposes.
  • In the event of a merger or acquisition, data may be transferred to the new owner, subject to this policy.
  • Links to external websites are not covered by this privacy policy; we are not responsible for their practices.
  • Social media logins (Google, Facebook) are subject to those platforms' privacy policies; we only receive basic profile info.

4. International data transfers

  • Your data may be stored and processed on servers outside your own country.
  • When transferring data outside the EEA, we ensure appropriate safeguards (e.g. EU Standard Contractual Clauses).
  • Our hosting providers are selected based on their certifications (e.g. ISO 27001, SOC 2).
  • We strive to keep data within the EU/EEA as much as possible.
  • You will be informed if your data is structurally processed outside the EEA.
  • The UAE (Dubai) has different privacy legislation; data from UAE users is handled according to local laws.
  • We take measures to protect data, regardless of storage location.
  • We are not responsible for jurisdictions that require data access in a manner contrary to GDPR.
  • You can request information about the specific safeguards for international transfers.
  • We are not liable for unintended data leaks at international cloud providers despite contractual safeguards.

5. How do we secure and retain your data?

  • We implement appropriate technical and organisational measures to protect your data.
  • This includes encryption, access controls, firewalls and regular security audits.
  • Access to personal data is limited to employees who need it for their role.
  • In the event of a data breach, we follow a protocol for notification to authorities and affected individuals, if legally required.
  • We do not retain your data longer than necessary for the purposes for which it was collected.
  • Account data is retained while your account is active, and a reasonable period thereafter for administrative purposes.
  • Data related to financial transactions (for partners) is retained according to legal retention periods (e.g. 7 years).
  • After the retention period, data is securely deleted or anonymised.
  • You can request early deletion of your data (see 'Your Rights').
  • We are not liable for security incidents caused by user negligence (e.g. weak password).

6. Your rights under GDPR

  • You have the right to access the personal data we hold about you.
  • You have the right to have inaccurate data corrected.
  • You have the right to have your data deleted ('right to be forgotten'), unless legal obligations prevent this.
  • You have the right to restriction of processing in certain situations.
  • You have the right to data portability: receiving your data in a structured, commonly used format.
  • You have the right to object to the processing of your data for direct marketing.
  • You have the right to object to processing based on our legitimate interest.
  • Rights are not absolute and may be subject to legal exceptions.
  • To exercise your rights, you can contact us via the contact details in this policy. We may request identity verification.
  • We aim to respond to your request within 30 days.

7. Cookies and tracking technologies

  • We use cookies and similar technologies to ensure website functionality and analyse usage.
  • Functional cookies are essential for the website to work (e.g. login sessions).
  • Analytical cookies (e.g. Google Analytics) help us understand how users use the site.
  • Marketing cookies may be used to show personalised advertisements (with your consent).
  • You can manage your cookie preferences via our cookie banner and your browser settings.
  • Disabling functional cookies may affect the website's operation.
  • We do not use intrusive tracking technologies placed without consent.
  • Our cookie policy provides a detailed overview of all cookies used.
  • We are not responsible for cookies placed by external websites we link to.
  • We disclaim any liability for the consequences of accepting or rejecting cookies.

8. Liability and changes

  • This privacy policy is a statement of intent and does not create contractual rights beyond legal requirements.
  • We are not liable for indirect or consequential damages arising from the processing of your data.
  • Our liability is limited to the extent permitted by law.
  • We cannot guarantee that our platform is 100% free from security risks; you use it at your own risk.
  • We are not responsible for data processing by independent partner companies.
  • This policy may be changed; the most recent version always applies and can be consulted on our website.