General Data
Protection Regulation

Customers based in the U.S. and Canada may follow this link.

PRIVACY POLICY

  1. Preamble

At COYERO, we take the protection of your personal data very seriously. For this reason, we process your personal data exclusively in accordance with the provisions of the General Data Protection Regulation (GDPR), the Data Protection Act (DSG), the Telecommunications Act (TKG), the E-Commerce Act (ECG) and other relevant regulations.
Here we explain who we are and inform you about the nature, extent and purpose of the processing of your personal data and the rights to which you are entitled under data protection law.

COYERO GmbH operates the platform of the same name, which includes mobile apps for Android and iOS and the administration interface at www.coyero.cloud.

COYERO processes and stores personal data solely in accordance with this privacy policy. Personal data is not passed on to external analytics providers.

  1. Responsible party for data processing

COYERO GmbH, hereinafter referred to as “COYERO”, is responsible for data processing.

Contact details:

  1. How your personal data is processed
    • General information on the purposes of data processing

Data is generally processed in order to fulfill our contractual obligations towards our users. Deviating from this, we process your data to protect our legitimate interests, taking into account your interests (e.g. if we send you promotional newsletters). In all other cases, we will obtain your separate consent for data processing (e.g. in the context of competitions).

We adapt our products and services to the needs of our users and use personalization to do so. To do this, we create profiles based on your selected interests and how you use our services. For example, we can make suitable post or event suggestions for you. To do this, we collect information that you give us and information that we receive automatically through your use.

  • Information you share with us

We collect data that you provide to us directly or that you share on our platform. We distinguish between mandatory and voluntary information. Below we list the explicit data records and also inform you about their visibility, storage duration and the respective legal basis.

Category

Visibility

Storage duration

Legal basis

Login data

  • Login e-mail address
  • Login phone number
  • password
  • Language selection

Not visible to third parties. Will not be passed on to third parties under any circumstances.

Are deleted when the user account is deleted.

Contractual obligation (Art 6 para 1 lit b GDPR)

Optional information in the user profile

  • First and last name
  • Date of birth
  • Photo
  • Further e-mail addresses
  • Further telephone numbers
  • your interests

Visible to businesses when you buy products or services from them.

Are deleted when the user account is deleted.

Consent (Art 6 para 1 lit a GDPR)

With ID Austria registration

  • Area-specific personal identifier (bPK) for the area: FN 507296 z
  • First name
  • Family name
  • Date of birth
  • Current photograph
  • Date Current photograph
  • Other active residences
  • Main residence: Registration address
  • Exhibition country
  • Detailed information on the area-specific personal identifier
  • Signature certificate

Not visible to third parties. Will not be passed on to third parties under any circumstances.

Are deleted when the ID Austria is disconnected or the user account is deleted.

Consent (Art 6 para 1 lit a GDPR)

Data in the context of the general use of COYERO, such as:

  • Connected cities
  • followed pages
  • viewed pages
  • Search queries

Generally not visible to third parties. Only indication of the total number for administrators.

Are deleted when the user account is deleted.

Contractual obligation (Art 6 para 1 lit b GDPR)

Data in the context of user interactions in the extended use of COYERO, such as:

  • Purchase of products
  • Obtaining tickets for free products

Can be viewed by the respective contractual partner and the administrators.

For legal reasons, we are obliged to store billing data for 7 years. If you delete your user account, this data will be deleted after the 7 years have expired.

Legal obligation (Art 6 para 1 lit c GDPR)

Payment data such as

·       Data on the means of payment used

·       Payment amount

Can be viewed by the respective contractual partner and the administrators.

Will be deleted when the user account is deleted, or beyond that until the data is no longer subject to tax, commercial or other statutory retention obligations.

Contractual obligation (Art 6 para 1 lit b GDPR)

    

Data as part of the “App rating” function

The information can be viewed by our customer service employees and employees to whom the request is submitted.

The data will be completely deleted no later than 7 years after completion of the request.

Consent (Art 6 para 1 lit a GDPR)

Data as part of the customer service exchange:

·       App support” function

·       Inquiries by e-mail or telephone

The information can be viewed by our customer service employees.

The data will be completely deleted no later than 7 years after completion of the respective process.

Consent (Art 6 para 1 lit a GDPR)

  • Information collected automatically based on your use of COYERO

When you use COYERO or visit our platform, we automatically collect data from you during use. This is done using our own COYERO analytics system. We would like to emphasize that we do not use external tracking tools such as Google Analytics.

How is the usage analysis carried out?

Our client applications, i.e. the COYERO Android and iOS app, collect data from users and regularly send it to our COYERO servers to analyze usage behavior. Here is a list of the raw data that we collect and process:

  • Date and time
  • Client ID
  • User ID
  • App version
  • Device information such as: Manufacturer of the device, operating system version
  • Interaction data

Purpose of the usage analysis

We mainly analyze user behavior in order to obtain statistics and ensure the quality of our service. Statistics can be, for example: “How often is an outdated iOS version still used?”. This data helps us to focus our resources on improving the functions that are used most frequently.

This processing of personal data is based on Art. 6 para. 1 b) of the EU GDPR. If the analysis is not directly necessary for the fulfillment of these obligations, but is nevertheless necessary for the provision of the service you use or visit, we rely on Art. 6 para. 1 f) of the EU GDPR. Our aim is to offer you an optimal and user-friendly service.

Ensuring safety

Statistical data does not contain a user ID and therefore no personal data. If personal data is transmitted during the analysis, it is either anonymized or not permanently stored.

  • Who receives your personal data?

We only share your personal data with third parties if this is necessary to fulfill our business purposes (for example, to provide the services to which you are entitled), if you have given us your consent (for example, when using external applications), or if we are legally obliged to do so, for example by court or official orders.

We check each of these service providers in advance for the data protection and data security measures they have taken and thus ensure that the contractual regulations for the protection of personal data provided for by law are complied with.

Below we list all potential third parties who may receive your data or an extract of your data:

Receiver

Purpose

Legal basis

Registered office

Basis for the transfer to a third country [1]

Amazon, Inc

Server, database and website hosting

  • Predominantly legitimate interests (Art 6 para 1 lit f GDPR)
  • Contractual obligation (Art 6 para 1 lit b GDPR)
  • USA
  • The server and the data are located exclusively in the EU (Frankfurt/Germany).

Standard data protection clauses pursuant to Art. 46 para. 2 lit c GDPR

Alphabet, Inc (Google
Firebase)

  • Crash reporting
  • Push notifications

Predominantly legitimate interests (Art 6 para 1 lit f GDPR)

  • USA
  • The server and the data are located exclusively within the EU.

Standard data protection clauses pursuant to Art. 46 para. 2 lit c GDPR

Stripe and other online payment service providers, credit card companies

Processing of payments

Contractual obligation (Art 6 para 1 lit b GDPR)

  • USA
  • The server and the data are located exclusively in Ireland.

If outside the EEA: standard data protection clauses pursuant to Art 46 (2) (c) GDPR or Art 49 (1) (b) GDPR

Alphabet, Inc (Google)

Download the app via the App Store

  • Contractual obligation (Art 6 para 1 lit b GDPR)
  • Predominantly legitimate interests (Art 6 para 1 lit f GDPR)

USA

Standard data protection clauses pursuant to Art. 46 para. 2 lit c GDPR

Apple, Inc

Download the app via the App Store

  • Contractual obligation (Art 6 para 1 lit b GDPR)
  • Predominantly legitimate interests (Art 6 para 1 lit f GDPR)

USA

Standard data protection clauses pursuant to Art. 46 para. 2 lit c GDPR

Branch Metrics, Inc. (branch.io)

Hyperlinks to install the app and open a specific page

Contractual obligation (Art 6 para 1 lit b GDPR)

USA

Standard data protection clauses pursuant to Art. 46 para. 2 lit c GDPR

Customers of COYERO (platform operator) and service providers

e.g. tourist region and excursion destinations

Purchase of products / services

Contractual obligation (Art 6 para 1 lit b GDPR)

EU

Standard data protection clauses pursuant to Art. 46 para. 2 lit c GDPR

[1] “Third country” includes all countries other than (1) the Member States of the European Union and (2) the Member States of the European Economic Area, i.e. Iceland, Liechtenstein and Norway in addition to the EU Member States.

In addition to the companies listed above, other groups of persons/service providers may also receive your data:

Receiver

Purpose

Legal basis

Registered office

Banks

Payment processing

Contractual obligation (Art 6 para 1 lit b GDPR)

Within EEA

Lawyers

Enforcement of claims and legal advice

Contractual obligation (Art 6 para 1 lit b GDPR)

Within EEA

Insurances

Insurance cover

Contractual obligation (Art 6 para 1 lit c GDPR)

Within EEA

Auditor and tax consultant

Tax consultancy and auditing

Contractual obligation (Art 6 para 1 lit b GDPR)

Within EEA

Government agencies and courts

Obliged by law or on the basis of a court or official order

Contractual obligation (Art 6 para 1 lit b GDPR)

Austria 

  1. What rights can you assert?

We would like to inform you that, provided the legal requirements are met, you have the following rights:

  • the right to request information about the data processed by us (see Art. 15 GDPR for details)
  • The right to request the rectification or completion of inaccurate or incomplete data concerning you (see Art. 16 GDPR for details)
  • The right to erasure of your data (see Art. 17 GDPR for details).
  • The right to restrict the processing of your data (see Art. 18 GDPR for details).
  • The right to receive the transfer of the data provided by you in a structured, commonly used and machine-readable format (see in detail Art. 20 GDPR).
  • The right to object to the processing of your data if this is necessary to protect our legitimate interests or those of a third party, in particular when it comes to the processing of your data for advertising purposes (see Art. 21 GDPR for details).

If we process your data on the basis of your consent, you have the right to withdraw this consent at any time by email. This does not affect the lawfulness of processing based on your consent up to that point (see Art. 7 (3) GDPR for details).

  • What rights of appeal do you have?

If, contrary to expectations, there is a violation of your right to lawful processing of your data, please contact us by e-mail. We will process your request immediately. However, you also have the right to lodge a complaint with the competent supervisory authority for data protection matters.

You can reach the Austrian Data Protection Authority at:

Austrian Data Protection Authority
Barichgasse 40-42, 1030 Vienna
Telephone: +43 1 52 152-0
 E-mail: dsb@dsb.gv.at

  • How can you get in touch with us?

If you have any further questions about the processing of your data, you are welcome to contact our data protection coordinator using the contact details below.

The controller within the meaning of Art. 4 Z 7 GDPR is:

COYERO GmbH
Lakeside B07a, A-9020 Klagenfurt
E-Mail: gdpr@coyero.com
 Web: https://www.coyero.com

  1. Changes and adjustments to the privacy policy

With new developments or the use of new technical solutions, it will be necessary to adapt this privacy policy to the current situation on an ongoing basis. Changes to the technologies or services used that are relevant to data protection law will be published on this page in good time.

Scroll to Top