General Data
Protection Regulation
Customers based in the U.S. and Canada may follow this link.
PRIVACY POLICY
- Preamble
At COYERO, we take the protection of your personal data very seriously. For this reason, we process your personal data exclusively in accordance with the provisions of the General Data Protection Regulation (GDPR), the Data Protection Act (DSG), the Telecommunications Act (TKG), the E-Commerce Act (ECG) and other relevant regulations.
Here we explain who we are and inform you about the nature, extent and purpose of the processing of your personal data and the rights to which you are entitled under data protection law.
COYERO GmbH operates the platform of the same name, which includes mobile apps for Android and iOS and the administration interface at www.coyero.cloud.
COYERO processes and stores personal data solely in accordance with this privacy policy. Personal data is not passed on to external analytics providers.
- Responsible party for data processing
COYERO GmbH, hereinafter referred to as “COYERO”, is responsible for data processing.
Contact details:
- Address: Lakeside B07a, A-9020 Klagenfurt
- E-mail: gdpr@coyero.com
- Website: https://www.coyero.com
- How your personal data is processed
- General information on the purposes of data processing
Data is generally processed in order to fulfill our contractual obligations towards our users. Deviating from this, we process your data to protect our legitimate interests, taking into account your interests (e.g. if we send you promotional newsletters). In all other cases, we will obtain your separate consent for data processing (e.g. in the context of competitions).
We adapt our products and services to the needs of our users and use personalization to do so. To do this, we create profiles based on your selected interests and how you use our services. For example, we can make suitable post or event suggestions for you. To do this, we collect information that you give us and information that we receive automatically through your use.
- Information you share with us
We collect data that you provide to us directly or that you share on our platform. We distinguish between mandatory and voluntary information. Below we list the explicit data records and also inform you about their visibility, storage duration and the respective legal basis.
Category | Visibility | Storage duration | Legal basis |
Login data
| Not visible to third parties. Will not be passed on to third parties under any circumstances. | Are deleted when the user account is deleted. | Contractual obligation (Art 6 para 1 lit b GDPR) |
Optional information in the user profile
| Visible to businesses when you buy products or services from them. | Are deleted when the user account is deleted. | Consent (Art 6 para 1 lit a GDPR) |
With ID Austria registration
| Not visible to third parties. Will not be passed on to third parties under any circumstances. | Are deleted when the ID Austria is disconnected or the user account is deleted. | Consent (Art 6 para 1 lit a GDPR) |
Data in the context of the general use of COYERO, such as:
| Generally not visible to third parties. Only indication of the total number for administrators. | Are deleted when the user account is deleted. | Contractual obligation (Art 6 para 1 lit b GDPR) |
Data in the context of user interactions in the extended use of COYERO, such as:
| Can be viewed by the respective contractual partner and the administrators. | For legal reasons, we are obliged to store billing data for 7 years. If you delete your user account, this data will be deleted after the 7 years have expired. | Legal obligation (Art 6 para 1 lit c GDPR) |
Payment data such as ·      Data on the means of payment used ·      Payment amount | Can be viewed by the respective contractual partner and the administrators. | Will be deleted when the user account is deleted, or beyond that until the data is no longer subject to tax, commercial or other statutory retention obligations. | Contractual obligation (Art 6 para 1 lit b GDPR) |
 |  |  |  |
Data as part of the “App rating” function | The information can be viewed by our customer service employees and employees to whom the request is submitted. | The data will be completely deleted no later than 7 years after completion of the request. | Consent (Art 6 para 1 lit a GDPR) |
Data as part of the customer service exchange: ·      App support” function ·      Inquiries by e-mail or telephone | The information can be viewed by our customer service employees. | The data will be completely deleted no later than 7 years after completion of the respective process. | Consent (Art 6 para 1 lit a GDPR) |
- Information collected automatically based on your use of COYERO
When you use COYERO or visit our platform, we automatically collect data from you during use. This is done using our own COYERO analytics system. We would like to emphasize that we do not use external tracking tools such as Google Analytics.
How is the usage analysis carried out?
Our client applications, i.e. the COYERO Android and iOS app, collect data from users and regularly send it to our COYERO servers to analyze usage behavior. Here is a list of the raw data that we collect and process:
- Date and time
- Client ID
- User ID
- App version
- Device information such as: Manufacturer of the device, operating system version
- Interaction data
Purpose of the usage analysis
We mainly analyze user behavior in order to obtain statistics and ensure the quality of our service. Statistics can be, for example: “How often is an outdated iOS version still used?”. This data helps us to focus our resources on improving the functions that are used most frequently.
This processing of personal data is based on Art. 6 para. 1 b) of the EU GDPR. If the analysis is not directly necessary for the fulfillment of these obligations, but is nevertheless necessary for the provision of the service you use or visit, we rely on Art. 6 para. 1 f) of the EU GDPR. Our aim is to offer you an optimal and user-friendly service.
Ensuring safety
Statistical data does not contain a user ID and therefore no personal data. If personal data is transmitted during the analysis, it is either anonymized or not permanently stored.
- Who receives your personal data?
We only share your personal data with third parties if this is necessary to fulfill our business purposes (for example, to provide the services to which you are entitled), if you have given us your consent (for example, when using external applications), or if we are legally obliged to do so, for example by court or official orders.
We check each of these service providers in advance for the data protection and data security measures they have taken and thus ensure that the contractual regulations for the protection of personal data provided for by law are complied with.
Below we list all potential third parties who may receive your data or an extract of your data:
Receiver | Purpose | Legal basis | Registered office | Basis for the transfer to a third country [1] |
Amazon, Inc | Server, database and website hosting |
|
| Standard data protection clauses pursuant to Art. 46 para. 2 lit c GDPR |
Alphabet, Inc (Google |
| Predominantly legitimate interests (Art 6 para 1 lit f GDPR) |
| Standard data protection clauses pursuant to Art. 46 para. 2 lit c GDPR |
Stripe and other online payment service providers, credit card companies | Processing of payments | Contractual obligation (Art 6 para 1 lit b GDPR) |
| If outside the EEA: standard data protection clauses pursuant to Art 46 (2) (c) GDPR or Art 49 (1) (b) GDPR |
Alphabet, Inc (Google) | Download the app via the App Store |
| USA | Standard data protection clauses pursuant to Art. 46 para. 2 lit c GDPR |
Apple, Inc | Download the app via the App Store |
| USA | Standard data protection clauses pursuant to Art. 46 para. 2 lit c GDPR |
Branch Metrics, Inc. (branch.io) | Hyperlinks to install the app and open a specific page | Contractual obligation (Art 6 para 1 lit b GDPR) | USA | Standard data protection clauses pursuant to Art. 46 para. 2 lit c GDPR |
Customers of COYERO (platform operator) and service providers e.g. tourist region and excursion destinations | Purchase of products / services | Contractual obligation (Art 6 para 1 lit b GDPR) | EU | Standard data protection clauses pursuant to Art. 46 para. 2 lit c GDPR |
[1] “Third country” includes all countries other than (1) the Member States of the European Union and (2) the Member States of the European Economic Area, i.e. Iceland, Liechtenstein and Norway in addition to the EU Member States.
In addition to the companies listed above, other groups of persons/service providers may also receive your data:
Receiver | Purpose | Legal basis | Registered office |
Banks | Payment processing | Contractual obligation (Art 6 para 1 lit b GDPR) | Within EEA |
Lawyers | Enforcement of claims and legal advice | Contractual obligation (Art 6 para 1 lit b GDPR) | Within EEA |
Insurances | Insurance cover | Contractual obligation (Art 6 para 1 lit c GDPR) | Within EEA |
Auditor and tax consultant | Tax consultancy and auditing | Contractual obligation (Art 6 para 1 lit b GDPR) | Within EEA |
Government agencies and courts | Obliged by law or on the basis of a court or official order | Contractual obligation (Art 6 para 1 lit b GDPR) | Austria |
- What rights can you assert?
We would like to inform you that, provided the legal requirements are met, you have the following rights:
- the right to request information about the data processed by us (see Art. 15 GDPR for details)
- The right to request the rectification or completion of inaccurate or incomplete data concerning you (see Art. 16 GDPR for details)
- The right to erasure of your data (see Art. 17 GDPR for details).
- The right to restrict the processing of your data (see Art. 18 GDPR for details).
- The right to receive the transfer of the data provided by you in a structured, commonly used and machine-readable format (see in detail Art. 20 GDPR).
- The right to object to the processing of your data if this is necessary to protect our legitimate interests or those of a third party, in particular when it comes to the processing of your data for advertising purposes (see Art. 21 GDPR for details).
If we process your data on the basis of your consent, you have the right to withdraw this consent at any time by email. This does not affect the lawfulness of processing based on your consent up to that point (see Art. 7 (3) GDPR for details).
- What rights of appeal do you have?
If, contrary to expectations, there is a violation of your right to lawful processing of your data, please contact us by e-mail. We will process your request immediately. However, you also have the right to lodge a complaint with the competent supervisory authority for data protection matters.
You can reach the Austrian Data Protection Authority at:
Austrian Data Protection Authority
Barichgasse 40-42, 1030 Vienna
Telephone: +43 1 52 152-0
 E-mail: dsb@dsb.gv.at
- How can you get in touch with us?
If you have any further questions about the processing of your data, you are welcome to contact our data protection coordinator using the contact details below.
The controller within the meaning of Art. 4 Z 7 GDPR is:
COYERO GmbH
Lakeside B07a, A-9020 Klagenfurt
E-Mail: gdpr@coyero.com
 Web: https://www.coyero.com
- Changes and adjustments to the privacy policy
With new developments or the use of new technical solutions, it will be necessary to adapt this privacy policy to the current situation on an ongoing basis. Changes to the technologies or services used that are relevant to data protection law will be published on this page in good time.