Click here to access the German version of the Bonsy App privacy policy.
The person responsible in terms of data protection law is marktguru Deutschland GmbH, Sendlinger Straße 23, 80331 Munich, office@marktguru.de, hereinafter “marktguru” or “we” or “us”.
Exceptions are explained in this privacy policy.
Our contact details and that of our data protection officer can be found in section 15 ”Contact”.
Personal data is any information relating to an identified or identifiable natural person. When we process personal data, this means that we collect, store, use, transfer or delete it to others, for example.
The categories of personal data we process about you depend on how you use our online offering. We have listed the possible categories for you below.
Master data: When you register for our online offer, we process the following data: Name, address, email address, password, opt-out status.
contact details: When you contact us (e.g. via a form or by e-mail), we process the data you provide (this is usually first and last name, email address and/or telephone number, content of your request) and the subsequent communication.
Purchasing data: When you upload your shopping vouchers to us, we process the purchase data (such as store, discounts) and product data provided to us (like EAN/GTIN code on a receipt line).
App configuration data: When you use our contractual services (e.g. set the language, color display of the app, (purchase) categories, label, country), we process the data required for the respective service or the respective configuration of the app.
Other data that is part of uploaded receipts: If further data (such as delivery address, membership number, contact details, etc.) is visible on the uploaded receipt, we collect this together with the purchase data.
Manual spending (data related to manual spending): When you manually enter your spending in the app, this information is processed.
Direct marketing consent forms: If you have given us appropriate consents, we process your declarations of consent for direct marketing (e.g. consent to newsletters, consent to other forms of direct marketing via electronic mail, consent to personalize newsletters and other direct marketing).
Push message data: User ID, device information, consent status, or information as to whether push messages are allowed.
InApp message data: User ID, device information, messages sent.
Competition data: If you participate or have participated in one of our competitions using another MarktGuru service and have agreed that we may use this data for further, specified purposes, we process appropriate data such as participation information.
Socio-demographic data: When you participate in a voluntary survey or market survey, we process the information you provide, such as age group, gender, level of education, household size, household income, citizenship, employment status, primary household earner.
Studiendaten: Wenn Sie an einer unserer Studien (User Interviews, Gruppendiskussionen, Befragungen) teilnehmen, verarbeiten wir die in deren Rahmen erhobenen Daten.
Log data for surveys by third parties: If you participate in a market survey arranged by us by a third party, we will receive information from the third party as to whether the survey has been completed (but we will not receive any information about the information you provided in the market surveys).
Chat-Daten: Wenn Sie unseren KI-Assistenten verwenden, werden Ihre Prompts und der Verlauf verarbeitet.
Online usage data: Every communication via the Internet generates online usage data. This includes data such as IP address, search request, retrieval time stamp, browser information, device information, app identifier, device ID, referrer URL, geo-location/location data, user ID, click path.
Log files: Each time you use an online service, your device automatically transmits so-called online usage data. These are temporarily stored in so-called log files to ensure technical safety and functionality. The IP address is also processed to determine the country code and is not stored together with user IDs.
Adblocker data: Information about whether an ad blocker is available.
In connection with app identifiers and similar technologies (“app identifiers”), we process the following data:
In principle, we will only share your personal data with third parties insofar as this is necessary to fulfill the contract, we or the third party has a legitimate interest in sharing it, has your consent to do so, or if this is necessary to fulfill a legal obligation.
Details of the third parties are set out in Section 4 below “What do we process your personal data for, on which legal basis, what are our legitimate interests, who receives your personal data? ”.
In particular, we may disclose personal data to a third party
In the case of transmission based on consent, the explanation can also be provided when consent is obtained.
We reserve the right to use service providers when collecting or processing data. Service providers only receive the personal data from us that they need for their specific activity. For example, your email address may be passed on to a service provider so that they can deliver a newsletter you have ordered. Service providers can also be commissioned to provide server capacities. Service providers are usually involved as so-called contract processors who may only process the personal data of users of this online service in accordance with our instructions.
Details of the service providers we use are set out in Section 4 below”What do we process your personal data for, on which legal basis, what are our legitimate interests, who receives your personal data? ”.
We process your data for the following purposes and on the basis of the above legal bases. Explanations of the data categories can be found in Section 2”What categories of personal data do we process”. In the event that data processing is based on the legal basis of legitimate interest, we will also explain to you our legitimate interest, which we pursue with the processing. In addition, we show which recipients or categories of recipients we share your personal data with
1. Provision of this online offer. In particular, this includes:
1.1. Enabling registered users to use the login area of the online service to fulfill the contract in accordance with our Terms and conditions (such as saving scanned invoices, automatic and manual management of the cash book)
1.2. Continuous automated evaluation of output behavior (across mobile devices)
1.3. Linking of several user accounts (“My household”) so that invoices from several users can be taken into account together when keeping the cash book and evaluating spending behavior
1.4. Provision of a contact option and answering sent inquiries
1.5. Identification of the country of receipt
1.6. Bereitstellung eines interaktiven KI-Assistenten („Bonsy Assistent“) zur Auswertung des Ausgabeverhaltens, Budgetberatung und Kategorisierung
2. Consent and opt-out management
3. Direct marketing, surveys, market surveys and in-app/ push messages
3.1 Sending messages such as email newsletters or other direct marketing via electronic mail (e.g. email, SMS, MMS, messenger message)
3.2. Sending informational emails and messages
3.3. Sending push messages
3.4. Sending InApp messages
3.5. Conducting surveys, including collecting feedback.
We can also invite users to participate in the survey by electronic mail (e.g. email, SMS, MMS, messenger message) if we have received separate consent to do so.
3.6. Carrying out market surveys:
Market surveys are carried out by us in the app. We can also invite users to participate in the market survey by electronic mail (e.g. email, SMS, MMS, messenger message) if we have our separate consent. We may also invite you to participate in market surveys by third parties; in this case, you will be redirected via a link to a page of the third party who is solely responsible for carrying out the market survey. We use log data for surveys by third parties for billing purposes.
Market surveys are used to measure customer sentiments/satisfaction, to adjust marketing strategies based on customer feedback or to enable marketing strategies to be adjusted based on emerging trends.
During market surveys carried out by us, we provide third parties (product manufacturers, retailers, etc.) Data is only available in anonymized form in a controlled self-service environment for market research and statistical purposes.
3.7. Personalization of communications, including newsletters and other electronic mail, including analysis of interaction with the message (e.g. opening rate, clicks on links)
3.8. User Interviews: Anmeldung zum Interview und Terminkoordination, Durchführung des Interviews inkl. Interviewaufzeichnung bzw. Transkription, Auswertung der Interviewergebnisse zur Verbesserung unserer Produkte
3.9. User Studies (Befragungen, Einzelinterviews, Gruppendiskussionen): Anmeldung zu User Studies und Terminkoordination, Durchführung von User Studies inkl. Aufzeichnung bzw. Transkription, Auswertung der Studienergebnisse zur Verbesserung unserer Produkte (inkl. der Anonymisierung der Studiendaten vor der Auswertung)
4. Sign-in services
4.1. Provision of a login via third-party providers (sign-in services)
5. Market research, personalization
5.1. Processing pseudonymous user profiles:
Combining the data collected during product use to create pseudonymous user profiles, on the basis of which target group segments can be formed and used for market research and statistical purposes. This also includes the anonymization of this data and its subsequent exclusively anonymized transfer to third parties for the purposes mentioned above.
“Target group segments” are subgroups of a larger target group that are formed on the basis of common characteristics such as demographics (age, gender), interests or behavior (usage behavior, shopping history) in order to be able to gain insights that are as specific as possible.
“Pseudonymized” means that your data has been modified in such a way that it can no longer be attributed to you without the use of additional information. This additional information is stored separately so that your data is particularly protected.
“Anonymized” means that your data has been changed in such a way that it is no longer possible to draw any conclusions about you.
5.2. Insofar as you have not given us consent to the data processing referred to in 5.1, the following processing takes place:
Reduced merging of data collected during product use to create pseudonymous user profiles, for market research purposes and for statistical purposes.
In the case of market research, we provide third parties (product manufacturers, retailers, etc.) with a reduced data set in anonymized form in a controlled self-service environment for market research and statistical purposes.
5.3. If you have given us consent to carry out market surveys (see purpose 3.6) and to process pseudonymous user profiles (see purpose 5.1), we will, where appropriate, make the data processed through this consent available in anonymized form to third parties (market research companies, product manufacturers, retailers, etc.) for market research and statistical purposes.
5.4. Provision of personalized content and offers on our own channels (own portals, newsletters, other communication channels), personalization of surveys and our advertising activities on third-party sites
6. IT security
6.1. Identification and, if necessary, blocking of users who have installed a so-called ad blocker and are thus blocking advertising
6.2. Identifying faults and ensuring system security, including detecting and tracking illegal accesses and attempts to access our web servers
7. Legal
7.1. Compliance with legal storage obligations and other legal obligations (e.g. in connection with tax audits)
7.2. Safeguarding and defending our rights
7.3. Sale of all or part of the business
Processes based on app identifiers are integrated into this online offering. We participate in the “IAB Europe Transparency & Consent Framework” and comply with its specifications and guidelines. Below you will find information about the purposes for which we or our partners use app identifiers. You can find out more about this in our CMP, which can be found in the Bonsy app under “Privacy Settings”.
1. Store and/or retrieve information on a device
2. Select simple ads. Ads can be shown to you based on the content you watch, the application you're using, and your approximate location or device type.
3. Create a personalized ad profile A profile can be created about you and your interests in order to show you personalized ads that are relevant to you.
4. Select personalized ads. Personalized ads can be shown to you based on a profile created about you.
5. Create a personalized content profile A profile can be created about you and your interests to show you personalized content relevant to you.
6. Select personalized content. Personalized content can be shown to you based on a profile created about you.
7. Measure display performance. The performance and effectiveness of ads that you see or interact with can be measured.
8. Measure content performance. The performance and effectiveness of content that you see or interact with can be measured.
9. Use market research to gain insights about target groups. Market research can be used to learn more about audiences who use services or applications and look at ads.
10. Develop and improve products. Your data can be used to improve existing systems and software and develop new products.
11. Ensure security, prevent fraud, and fix errors. Your information can be used to identify and prevent fraudulent activity, and to ensure that systems and processes operate properly and securely.
12. Provide advertisements or content technically. Your device can receive and send information that is necessary for you to see and use content and ads.
13. Connect different devices. For use for one or more processing purposes, it can be determined whether different devices belong to you or your household.
14. Receive and use automatically sent device properties for identification. Your device can be differentiated from other devices based on information that it automatically sends, such as an IP address or browser type.
15. Use accurate location data. Your exact location data can be used for one or more processing purposes. This means that your location can be determined precisely down to a few meters.
16. Actively query device properties for identification. Your device can be identified by querying its specific characteristics.
You may receive so-called push messages from us, even if you are not currently using this online offer. This may include messages that we send you as part of the performance of the contract (e.g. notice of service failure due to maintenance work), but also promotional information. You will only receive push messages of any kind if you have expressly consented to them. You can prevent receiving push messages at any time via the device settings on your device.
You may receive so-called in-app messages from us, but only if you use the app. This may include messages that we send you as part of the performance of the contract (e.g. notice of service failure due to maintenance work), but also promotional information. If you do not want to receive InApp messages, you should not use the app.
Before you can install this app, you may need to conclude a user agreement with an app store operator (e.g. Google, Apple) for access to their portal (e.g. Google Play, App Store). In connection with the use of the app store, the app store operator collects and processes data such as user name, email address and individual device ID as the person responsible. We are not a party to the user agreement with the app store operator and have no influence on their data processing. In this respect, the privacy policy of the respective app store operator applies.
We also share personal data with third parties or contract processors based in countries outside the European Economic Area (EEA).
Before such a transfer, we ensure that the recipient has an appropriate level of data protection — for example by:
As far as possible, we specifically select providers who operate data centers in the EU or in the EEA to process and store personal data.
These are third parties or contract processors in the following countries: USA; Israel; Armenia.
For the USA, the European Commission has come to the conclusion that there is an appropriate level of data protection there, provided that the data recipient participates in the Data Privacy Framework (DPF) and has current certification for this purpose. Insofar as the recipients of your personal data are based in the USA and participate in the DPF, we therefore rely on this adequacy decision (Art. 45 GDPR).
We disclose personal data to third parties or contract processors in the following countries where there is an adequate level of data protection under applicable law: USA (if the recipient is certified under the EU-U.S. Data Privacy Framework).
We also disclose personal data to third parties or contract processors in the following countries where there is no adequate level of data protection under applicable law. The transfer or notification is based on the respective security measure or exemption provision: USA (based on standard contractual clauses, unless the processor is certified in accordance with the U.S. Data Privacy Framework), Israel (Data Processing Addendum), based on standard contractual clauses), Armenia (standard contractual clauses).
We can provide you with an overview of recipients in third countries and a copy of the specifically agreed regulations to ensure an appropriate level of data protection. Please use the information in section 15 ”Contact”.
We store your data for as long as is necessary to provide our online offering and associated services or as long as we have a legitimate interest in continuing to store it. In all other cases, we delete your personal data with the exception of data that we must continue to keep in order to comply with legal (e.g. tax or commercial) retention periods (e.g. invoices).
We will block data that is subject to a storage period until the period expires.
Specifically, the following retention periods apply to personal data processed as part of this online offering:
In principle, you are not required to provide us with your personal data. However, the use of certain services on this online offering may require the provision of personal data, e.g. registration. If this is the case, we will let you know. Mandatory fields are regularly marked with an *. If you do not wish to provide us with the necessary data, you will unfortunately not be able to use the corresponding services.
This online offer uses app identifiers.
App identifiers are randomly generated identifiers that are assigned by the operating system of your device. They are shared with the servers of our apps that you use to enable your device to be recognized.
Detailed information about app identifiers can be found in our Consent Management Platform (CMP), which can be found in the Bonsy app under “Privacy Settings”. Insofar as personal data is processed in connection with processes based on these technologies, you will also find more detailed information on the purposes pursued there.
In some cases, app identifiers are absolutely necessary so that we can securely provide our online offering in the way you want. In this case, we may use the app identifier without your consent. For all other uses of app identifiers, we ask for your consent in our CMP. You can issue this via our CMP and revoke it at any time with effect for the future by adjusting the saved settings. You can delete app identifiers in the settings of your device. Please note that without the use of app identifiers, this online offer may not work or may only work to a limited extent.
If you use our online offer as a registered user while logged in, we will adopt your privacy settings, which are stored in your user profile. This data comes from your CMP settings before you log in to one of our services for the first time and is updated when the privacy settings in the respective CMP are logged in. Please note that additional services will only be updated after the respective online offer has been reloaded, e.g. opening the app. Please also note that a consent decision that you have submitted while logged out is only valid when logged out, as we are unable to assign it to your user profile. If you would like to change your privacy settings in your user profile, we therefore ask you to log in first.
Your mobile device allows you to share content from the app with third parties (e.g. via email, SMS or via the share functionalities of social networks). We have no influence on the associated processing of data, e.g. by providers of social networks. The respective third party providers are solely responsible for this.
Wir bitten Ihnen die Möglichkeit, unser Online-Angebot sowohl ohne Registrierung (im „Gast-Modus“) als auch durch die Erstellung eines persönlichen Nutzerkontos zu nutzen.
Bei einer Nutzung ohne Nutzerkonto werden Ihre erfassten Kassenbondaten und Statistiken technisch lediglich mit der individuellen Kennung Ihres Endgeräts verknüpft. Dies bedeutet, dass Ihre Daten lokal an das jeweilige Endgerät gebunden sind. Im Falle eines Gerätewechsels oder einer Neuinstallation des Online-Angebots können diese Informationen nicht auf ein neues Gerät übertragen werden, da für unser System in diesem Fall ein neues, technisch nicht zuordenbares Profil entsteht. Eine Wiederherstellung Ihrer Daten ist im Gast-Modus daher nicht möglich.
Durch die Registrierung eines Benutzerkontos werden Ihre Daten hingegen Ihrem Nutzerkonto zugeordnet. Dies bietet Ihnen den Vorteil, Ihre Kassenbons und Statistiken bei einem Gerätewechsel einfach zu übernehmen und geräteübergreifend zu synchronisieren. Darüber hinaus profitieren Sie als registrierte:r Nutzer:in von einem erweiterten Funktionsumfang.
Nähere Informationen zu den Funktionen des Online-Angebots finden Sie in den FAQ: https://www.bonsy.com/faq.
We offer you the option to register or log in to us using your Facebook account. If you make use of this, we receive the data required for registration or login from Meta Platforms, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, 2 Dublin Ireland (“Facebook”) (e.g.. email address, name).
We have no influence on the amount of data collected by Facebook via the Facebook login. If you do not want Facebook to collect data about you in connection with your use of our online offering and use it for its own purposes, you should not use the Facebook login.
Further information about the purpose and scope of the collection and the further processing and use of your data by Facebook as well as about your rights and settings options to protect your data can be found in the Privacy notices from Facebook.
We offer you the option to register or log in to us using your Google account. If you make use of this, we receive the data required for registration or login from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) (e.g. email address, name).
We have no influence on the amount of data collected by Google using the Google login. If you do not want Google to collect data about you in connection with your use of our online offering and use it for its own purposes, you should not use the Google login.
Further information about the purpose and scope of the collection and the further processing and use of your data by Facebook as well as about your rights and settings options to protect your data can be found in the Privacy notices from Google.
Wir bieten Ihnen die Möglichkeit, sich über Ihre Apple ID bei uns zu registrieren bzw. anzumelden. Wenn Sie hiervon Gebrauch machen, erhalten wir die für die Registrierung bzw. Anmeldung benötigten Daten von der Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Irland („Apple“) (z. B. Name, E-Mail-Adresse).
Apple bietet Ihnen im Rahmen dieses Dienstes die Funktion „E-Mail-Adresse verbergen“ an, mit der Sie eine eindeutige, zufällige E-Mail-Adresse erstellen können, sodass Ihre persönliche E-Mail-Adresse privat bleibt.
Wir haben keinen Einfluss auf den Umfang der von Apple mittels dieses Dienstes erhobenen Daten. Wenn Sie nicht möchten, dass Apple im Zusammenhang mit Ihrer Nutzung unseres Online-Angebots Daten über Sie erhebt und für eigene Zwecke nutzt, sollten Sie den Login über Apple nicht verwenden.
Weitere Informationen über Zweck und Umfang der Erhebung sowie die weitere Verarbeitung und Nutzung Ihrer Daten durch Apple sowie zu Ihren Rechten und Einstellungsmöglichkeiten zum Schutz Ihrer Daten finden Sie in den Datenschutzhinweisen von Apple: https://www.apple.com/de/legal/privacy/data/de/sign-in-with-apple/.
We offer you the option to subscribe to a newsletter or to consent to receive other forms of direct marketing via electronic mail (e.g. by email, MMS, messenger message or SMS). You can your The corresponding consent can be withdrawn at any time with effect for the future. For information on this, see”Your right to withdraw consent”.
If we receive your email address in connection with the sale of a good or service and you have not objected to this, we reserve the right to send you regular offers for similar goods or services from our portfolio by electronic mail. You can the Disagree anytime, at no cost to you; information on this can be found in the “Your right to object to direct marketing” section.
We offer you the option of receiving personalized newsletters or other forms of personalized direct marketing that is specifically tailored to your interests. We obtain your separate consent to process your data for personalization. The categories of data that we want to use for personalization are described in the consent statement. You can your The corresponding consent can be withdrawn at any time with effect for the future. For information on this, see”Your right to withdraw consent”.
Please use the information in section 15 to assert your rights ”Contact”. Please ensure that we are able to uniquely identify you.
Alternatively, you can also use the settings options in your user account to correct the data you provided during registration or to object to advertising. In addition, you can use the “Unsubscribe” link at the end of each email.
You can adjust your settings for app identifiers and the data processing based on them at any time in our consent management platform, which can be found in the Bonsy app under “Privacy Settings.”
You can also delete your user account yourself by following these steps: In your profile menu, click on the “Account” section to access the account settings. To delete your account, simply click on the red button”Delete user account”.
You can request that we confirm to you whether we are processing personal data relating to you and you have a right of access to your data processed by us. If your data is incorrect or incomplete, you can request that your data be corrected or completed. If we have passed on your data to third parties, we will inform them of the correction, insofar as this is required by law.
If the legal requirements are met, you can request us to delete your personal data immediately. This is particularly the case when
If we have passed on your data to third parties, we will inform them of the deletion, insofar as this is required by law.
Please note that your right to delete is subject to restrictions. For example, we do not have to or may not delete any data that we still have to keep due to legal retention periods. Data that we need to assert, exercise or defend legal claims is also excluded from your right of deletion.
If the legal requirements are met, you can demand that we restrict processing. This is particularly the case when
If there is a right to restrict processing, we mark the data concerned to ensure in this way that it is only processed within the narrow limits that apply to such restricted data (namely in particular to defend legal claims or with your consent).
You have the right to receive personal data that you have given us to fulfill the contract or on the basis of consent in a structured, common and machine-readable format. In this case, you can also request that we transfer this data directly to a third party, insofar as this is technically feasible.
If you give us a consent into which If you have given consent to the processing of your data, you can revoke this at any time with effect for the future. The lawfulness of processing your data until you withdraw your consent remains unaffected.
You can also object to the processing of your personal data for advertising purposes at any time (“advertising objection”). Please note that, for organizational reasons, there may be an overlap between your objection and the use of your data as part of an ongoing campaign.
You have the right to object to data processing by us for reasons arising from your particular situation, insofar as this is based on legitimate interest. We will then stop processing your data.
Insofar as data processing is based on legitimate interest, you have the right, at any time and without giving reasons, (i) to carry out market surveys (see purpose 3.6 in section 4.1), (ii) to combine your personal data collected when using the product to create pseudonymous user profiles for market research purposes and for statistical purposes (see purpose 5.2 in section 4.1) and (iii) to provide your data, which we provide based on your consent to carry out of market surveys (see purpose 3.6 in section 4.1) and for the processing of pseudonymous user profiles (see purpose 5.1 in section 4.1), to object in anonymized form to third parties for market research purposes and for statistical purposes (see purpose 5.3 in section 4.1).
You have the right to file a complaint with a data protection authority. In particular, you can contact the data protection authority that is responsible for your place of residence or federal state or which is responsible for the place where the violation of data protection law took place. Alternatively, you can also contact the data protection authority responsible for us.
For information and suggestions on the subject of data protection, we or our data protection officer are available to you at the email datenschutz@bonsy.com gladly available.
You can also contact our data protection officer at the following postal address:
Maximilian Hartung
EDPS — Data Protection Officer
SECUWING GmbH & Co. KG | Datenschutzagentur.de
Frauentorstrasse 9
86152 Augsburg Germany
epost@datenschutz-agentur.de
T +49 (0) 821 90786450
If you would like to get in touch with us by other means, you can also reach us as follows:
marktguru Germany GmbH
Sendlinger Strasse 23
D — 80331 Munich
