Data controller and contact information
Rabatta ApS, Kridtsløjfen 6, 2. Th, 9000 Aalborg, Denmark, VAT: DK42232939, is data controller for processing of your personal data (in the following; ”we” or ”us”).
If you have any questions or wish to exercise your individual rights as described below, you can contact us at info@rabatta.app
Processing activities
Below you can read which personal data we process, for which purpose, our legal grounds and when the data is deleted.
Purpose | Categories of Personal Data | Legal Ground | Retention | Recipients and Potential Transfers |
---|---|---|---|---|
Use of Rabatta Extension & App | Identification data, including unique IDs such as vendor ID, IP address and data on your device Behavioral data regarding your purchases and use of discount codes on web shops. | The data is processed because it is necessary to provide our services, cf. Article 6(1)(b) of the GDPR. | We collect data at user and event level. Other than that, analysis data in personally identifiable form are stored only to a limited extent and for a limited time only, as the data are automatically aggregated (anonymized) when statistics are generated. | In some instances, your personal data is passed on to third party service providers when we believe it is necessary for us because of the operation of our business, or if it follows from a legal obligation following from us being data controllers. We pass on your personal information in a number of different situations: We have affiliations with some of the web shops to which we provide discount codes. This means that in some instances, your identification and behavioral data will be passed on to our affiliates. An updated list of our affiliates:
In some cases, your data is transferred to countries outside the EU and the EEA. As a rule, personal data are only transferred to countries that the European Commission has assessed to be secure. In some cases, however, transfers may occur to insecure third countries, including the United States. In the event that your information is transferred to insecure third countries, such as the US, the European Commission’s standard clauses will always be entered into between our data processor and the recipient. In addition, our data processors have implemented additional technical and organizational measures to ensure a high level of data security. |
Website, including analysis of traffic and newsletters | Identification data, including unique IDs, IP addresses, data on the device and browser used to access the website. Behavioral data in relation to your behavior on Rabatta’s website. | Personal data is processed based on our legitimate interests in accordance with article 6(1)(f) of the GDPR. It is our assessment that our legitimate interest takes precedence over the visitors, as the information is not directly personally identifiable, is general and is not of a private or intrusive nature and is only passed on to third parties to a limited and / or encrypted extent. To the extent that you have given consent to cookies, we process personal information collected through this for the purposes for which you have given consent, e.g., statistics or marketing, cf. Article 6(1)(a) of the GDPR. You can withdraw your consent in your browser at any time, delete your cookies by following the instructions in our cookie policy or by contacting us. | Personal data contained in cookies are deleted when the cookie expires or is deleted by the user. We do only store session cookies which are deleted when you close your browser. | Certain analysis data will be disclosed to Google and Facebook if you have consented to statistics and marketing cookies. This also appears from the cookie which popped up when you first visited our website and is also described in our cookie policy. We use an external supplier (Dripp) for the purpose of collecting consent and sending newsletters. In this context, your contact details are transferred to Drip Global, Inc, who act as data processors in this context. In some cases, your data is transferred to countries outside the EU and the EEA. As a rule, personal data are only transferred to countries that the European Commission has assessed to be secure. In some cases, however, transfers may occur to insecure third countries, including the United States. In the event that your information is transferred to insecure third countries, such as the US, the European Commission’s standard clauses will always be entered into between our data processor and the recipient. In addition, our data processors have implemented additional technical and organizational measures to ensure a high level of data security. |
Your individual rights
You have the rights as described below which you can exercise by contacting us at the above contact information. Your request will be answered free of charge, as soon as possible and no later than one month after receipt, however, up to two months if necessary due to the complexity or number of the request. In the event of unfounded or excessive requests, we have the right to reject it or charge a reasonable fee for answering it.
Withdraw consent
To the extent processing is based on your consent, you may at any time withdraw your consent by contacting us at the above information or as otherwise explained when you provided your consent. This will not affect the lawfulness of the processing before its withdrawal.
Access
You have the right to access the personal data that we process about you, as well as certain information about how the processing takes place. No access is granted to information which must remain confidential because of public or private interests, including your own interests.
Rectification
You have the right to have incorrect personal data corrected or to have incomplete personal data about you completed.
Erasure
You have the right to have personal data about you deleted in the circumstances specified in Article 17 of the GDPR. This may be the case, for example, if the information is no longer necessary for the fulfillment of our obligations and exercising of our rights or if the information is processed on the basis of your consent which has been withdrawn.
Restriction
In the circumstances mentioned in Article 18 of the GDPR, you have the right to have the processing of your personal data restricted, eg if the accuracy of the data is disputed, in the period until we have had the opportunity to determine whether the personal data is correct or if we no longer need for the personal data for the processing but they are necessary to establish, exercise or defend a legal claim.
Object
You have the right to object to the processing of personal data which we process on the basis of Article 6(1)(f) of the GDPR (the legal basis for processing in our legitimate interest) and always if the processing is for the purpose of direct marketing.
Data portability
If the processing is based on your consent or contract, you have the right to receive the information in a plain and readable format and to transmit the information to another data controller. If you wish and if technically possible, we will transmit the information directly to this data controller.
Automatic decisions
You have the right not to be the subject of an automatic decision that has legal effect or similarly significantly affects you which is based solely on automatic processing, including profiling.
Lodge a complaint
You may at any time complain about the processing of your personal data by contacting us. In addition, you can always lodge a complaint to the Danish Data Protection Agency (http://datatilsynet.dk, +45 33 19 32 00) or to the supervisory authority in the country where you reside or in the country where you believe the violation of the GDPR or the Danish Data Protection Act has taken place.