English

Collapse

Bonsy Web Privacy Policy (translation*)

Updated: May 2026


The following privacy policy applies to the website https://www.bonsy.com/ (“online product”).

We participate in the IAB Europe Transparency & Consent Framework and adhere to its specifications and guidelines. We enable you to manage your consents and objections in our

 with identification number 5 (“CMP”).

* The English translation is provided for information purposes only. The original German version (available at https://www.bonsy.com/datenschutz) is the official privacy policy and, in case of any discrepancy, shall prevail.

1. Who are we? (controller)

Collapse

marktguru Deutschland GmbH, Sendlinger Straße 23, 80331 Munich, office@marktguru.de, hereinafter referred to as “marktguru” or “we” or “us”, is the controller within the meaning of data protection law.

Any exceptions are explained in this privacy policy.

You can find our contact details and those of our Data Protection Officer in section 11 Contact.

2. Which categories of personal data do we process?

Collapse

General

Personal data is any information relating to an identified or identifiable natural person. Processing personal data means collecting, storing, using, transferring it to others, or deleting it, among other things.

The categories of personal data we process about you depend on how you use our online product. We have listed possible categories for you below.

Categories of personal data

Contact data: When you contact us (e.g., via a contact form or email), we process the data you provide (usually your first and last name, email address and/or phone number, and the content of your inquiry) as well as any subsequent communication.

Giveaway data: If you participate in one of our giveaways or raffles, we process data such as name, address, email address, consent to the participation terms, participation details.

Sociodemographic data: If you participate in a voluntary survey or market survey, we process information provided by you such as age group, gender, level of education, household size, household income, nationality, employment status, main contributor in the household.

Log data from third-party surveys: If you participate in a market survey arranged by us and conducted by a third party, we receive information from that third party as to whether the survey has been completed (however, we do not receive any information regarding the details you provided in the respective market survey conducted by a third party).

Online usage data: Every time you communicate via the Internet, online usage data is generated. This includes data such as your IP address, search queries, timestamps, browser data, device information, cookie ID, device ID, referrer URL, geolocation/location data, user ID, click history.

Log files: Whenever you use an online product, your device automatically transmits what is known as online usage data. This data is temporarily stored in log files to ensure technical security and functionality.

Ad blocker data: Information on whether ad blockers are present.

Data processed in connection with cookies:

  • Online usage data and email address
  • Consent to the use of cookies (and related data processing operations)

The following data is processed in connection with cookies and similar technologies (“cookies”):

3. Who receives your personal data and why?

Collapse

3.1   Transfer of data to third parties

We only disclose your personal data to third parties if this is necessary for the fulfillment of the contract, if we or a third party have a legitimate interest in the disclosure, if you have granted your consent for this, or if this is necessary to fulfill a legal obligation.
Details on third parties can be found in section 4 “Why do we process your personal data, on what legal basis, what are our legitimate interests, who receives your personal data?” that follows.
We may disclose personal data to a third party in particular

  • if we are required to do so in individual cases due to legal requirements, orders by law enforcement or court orders;
  • in connection with legal disputes (to courts or to our lawyers) or tax audits (to auditors);
  • in connection with possible criminal offenses to the competent investigating authorities;
  • in the event of a sale of the business (to the purchaser and their legal and tax advisors).

In the case of a transfer based on consent, the explanation may also be provided when consent is obtained.

3.2  Transfer of data to service providers

We reserve the right to deploy service providers when collecting or processing data. Service providers only receive the personal data required for their specific activities from us. For example, your email address may be passed on to a service provider so that they can deliver a newsletter you are subscribed to. Service providers may also be commissioned to provide server capacity. Service providers are generally deployed as so-called processors who may only process the personal data of users of this online product in accordance with our instructions.
Details on the service providers we deploy can be found in section 4 “Why do we process your personal data, on what legal basis, what are our legitimate interests, who receives your personal data?” that follows.

4. Why do we process your personal data, on what legal basis, what are our legitimate interests, who receives your personal data?

Collapse

We process your data for the following purposes and – to the extent required by applicable law – on the basis of the legal grounds specified below. Explanations of the data categories can be found in section 2 “Which categories of personal data do we process?” In the event that data processing is based on the legal basis of legitimate interest, we also explain our legitimate interest in the respective data processing. In addition, we indicate with which recipients or categories of recipients we share your personal data.

4.1 General purposes of data processing

1.  Enabling access to and provision of this online product (information about the Bonsy app)
  • Categories of personal data: log files, online usage data
  • Legal basis for processing: legitimate interest (Art. 6(1)(f) GDPR): We have a legitimate interest in improving the technical functionality of our online platform and making it available to interested users in order to draw attention to our business activities.
  • Recipients or categories of recipients:
    • Processors:
      • IT service provider (technical support), EU/EEA area, USA
      • IT service provider (hosting), EU/EEA area, USA
      • IT service provider (product support), Armenia

2.   Providing a channel for contact and responding to enquiries sent via this channel: by email (such as to hello@bonsy.com), via social media channels (Instagram, Facebook)

  • Categories of personal data: contact data, log files
  • Legal basis for processing: legitimate interest (Art. 6(1)(f) GDPR): We have a legitimate interest in responding to customer and contact enquiries.
  • Recipients or categories of recipients:
    • Third parties:
      • If the enquiry is made via our social media channels (Instagram, Facebook): Meta Platforms Ireland Ltd., Merrion Road Dublin 4, Dublin D04 X2K5, Ireland
    • Processors:
      • IT service provider (technical support), EU/EEA area, USA
      • IT service provider (hosting), EU/EEA area, USA
      • customer support (email, phone), EU/EEA area
      • customer support (ticket system), Israel, EU/EEA area, USA
3.   Consent and opt-out management
  • Categories of personal data: consent declarations for direct marketing, consent to the use of cookies
  • Legal basis for processing: compliance with a legal obligation (Art. 6(1)(c) GDPR)
  • Recipients or categories of recipients:
    • Processors:
      • IT service provider (CMP provider), EU/EEA area
      • IT service provider (hosting), EU/EEA area, USA
      • IT service provider (technical support), EU/EEA area, USA
      • customer support (email, phone), EU/EEA area
      • IT service provider (technical support), EU/EEA area, USA
      • IT service provider (product support), Armenia
4.   Identification and, if necessary, blocking of users who have an ad blocker installed and are therefore blocking advertisements
  • Categories of personal data: log files, ad blocker data
  • Legal basis for processing: legitimate interest (Art. 6(1)(f) GDPR) in making our wholly or partially ad-supported offerings available only to users who do not block advertising
  • Recipients or categories of recipients:
    • Processors:
      • IT service provider (technical support), EU/EEA area, USA
5.   Identification of malfunctions and ensuring system security, including detection and tracking of unauthorised access and access attempts to our web servers
  • Categories of personal data: log files, online usage data
  • Legal basis for processing:
    • fulfillment of our legal obligations (Art. 6(1)(c) GDPR) to comply with data security requirements;
    • legitimate interest (Art. 6(1)(f) GDPR) in eliminating malfunctions, ensuring system security, and detecting and tracking unauthorised access attempts or accesses
  • Recipients or categories of recipients:
    • Processors:
      • IT service provider (technical support), EU/EEA area, USA
      • IT service provider (hosting), EU/EEA area, USA
      • IT service provider (product support), Armenia
6.   Safeguarding and defending our rights
  • Categories of personal data: details from legal disputes in which you are involved, information necessary for the processing of legal disputes
  • Legal basis for processing: legitimate interest (Art. 6(1)(f) GDPR): We have a legitimate business interest in asserting and defending our rights.
  • Recipients or categories of recipients:
    • Third parties:
      • our legal advisors (EU/EEA area, United Kingdom), courts, authorities
    • Processors:
      • IT service provider (technical support), EU/EEA area, USA
7.   Sale of the business, in full or partially
  • Categories of personal data: all information relevant to the sale, e.g., master data, declarations of consent for direct marketing
  • Legal basis for processing: legitimate interest (Art. 6(1)(f) GDPR) in transferring customer data to the purchaser in connection with a sale of our business; as a rule, this requires that customers have consented to a transfer of contract or have not objected to a transfer after receiving sufficient information
  • Recipients or categories of recipients:
    • Third parties:
      • our legal advisors (EU/EEA area, United Kingdom), (potential) acquirer of the business (or its part)
    • Processors:
      • IT service provider (technical support), EU/EEA area
      • IT service provider (hosting), EU/EEA area, USA
8.   Conducting surveys, including collecting feedback.

We may also invite users to take part in a survey via electronic means outside of the app (e.g. email, SMS, MMS, messengers) if we have obtained separate consent to do so.

  • Categories of personal data: depending on the survey/feedback: personal data (e.g. name, email address if specified by you), survey responses and feedback, online usage data (such as IP address, device information, browser data, timestamps), log files; sociodemographic data
  • Legal basis for processing: The data processing is based on:
    • For communication via electronic means outside of the app: Art. 13(1) ePrivacy Directive in conjunction with Section 7(2)(2) Act against Unfair Competition (UWG; Art. 95 GDPR) (consent)
    • For the processing of surveys:
      • legitimate interest (Art. 6(1)(f) GDPR), as we have a legitimate interest in conducting and evaluating surveys to improve our services (e.g., to optimise our apps based on user interactions and to develop new services), or
      • consent (Art. 6(1)(a) GDPR)

Please note that you have the right to object to the processing of data for direct marketing purposes or on personal grounds (see “Your right to object to direct marketing” and “Your right to object for personal reasons” in section 9).

  • Recipients or categories of recipients:
    • Processors:
      • IT service provider (technical support), EU/EEA area, USA
      • IT service provider (hosting), EU/EEA area, USA
      • IT service provider (survey tool), EU/EEA area, USA
      • IT service provider (email dispatch), EU/EEA area, USA
      • customer support (email, phone), EU/EEA area, USA
      • customer support (ticket system), Israel, EU/EEA area, USA
9.   Conducting giveaways/raffles on social media:

Conducting giveaways/raffles on social media (Instagram) in accordance with the corresponding participation terms

  • Categories of personal data: giveaway data
  • Legal basis for processing: contract fulfilment (Art. 6(1)(b) GDPR)
  • Recipients or categories of recipients:
    • Third parties:
      • social media platform on which the giveaway/raffle is held (Instagram): Meta Platforms Ireland Ltd., Merrion Road Dublin 4, Dublin D04 X2K5, Ireland
      • prize draw tool: Comment Picker, Nieuwveen, Netherlands (for further information, see Comment Picker’s privacy policy)
      • any co-organisers, where applicable
      • postal service provider, EU/EEA area
    • Processors:
      • IT service provider (technical support), EU/EEA area, USA
      • IT service provider (hosting), EU/EEA area, USA
      • customer support (email, phone), EU/EEA area, USA
      • customer support (ticket system), Israel, EU/EEA area, USA
      • IT service provider (storage tool), EU/EEA area, USA

Please note that you have the right to object to the processing of data for direct marketing purposes or on personal grounds (see “Your right to object to direct marketing” and “Your right to object for personal reasons” in section 9).

4.2 Purposes of processing in connection with cookies

This online product incorporates processes based on cookies. Below you will find information about the purposes for which we or our partners use cookies. Further details can be found in our

.

1.   Set cookies. Store and/or retrieve information on a device
  • Categories of personal data: online usage data, consent to the use of cookies
  • Legal basis for processing: consent (Section 25 TDDDG in conjunction with Art. 6(1)(a) GDPR)
  • Recipients: Details regarding the recipients of personal data can be found in our CMP, linked above. Under “Vendors”, you will find information on which of our service providers receive your personal data for this purpose.
2.   Use limited data to select advertising. Ads may be displayed to you based on the content you are viewing, the app you are using, and your approximate location or device type.
  • Categories of personal data: online usage data, consent to the use of cookies
  • Legal basis for processing: legitimate interest (Art. 6(1)(f) GDPR) in displaying ads that are as interesting as possible to our users and thus offer them added value; or consent (Art. 6(1)(a) GDPR). The specific legal basis used for this purpose can be found in our CMP, linked above.
  • Recipients: Details regarding the recipients of personal data can be found in our CMP, linked above. Under “Vendors”, you will find information on which of our service providers receive your personal data for this purpose.
3.   Create profiles for personalised advertising. A profile about you may be created based on your interests in order to display personalised ads that are relevant to you.
  • Categories of personal data: online usage data, consent to the use of cookies
  • Legal basis for processing: consent (Art. 6(1)(a) GDPR)
  • Recipients: Details regarding the recipients of personal data can be found in our CMP, linked above. Under “Vendors”, you will find information on which of our service providers receive your personal data for this purpose.
4.   Select personalised ads. Personalised ads may be displayed to you based on a profile created about you.
  • Categories of personal data: online usage data, consent to the use of cookies
  • Legal basis for processing: consent (Art. 6(1)(a) GDPR)
  • Recipients: Details regarding the recipients of personal data can be found in our CMP, linked above. Under “Vendors”, you will find information on which of our service providers receive your personal data for this purpose.
5.   Create profiles to personalise content. A profile about you may be created based on your interests in order to display personalised content that is relevant to you.
  • Categories of personal data: online usage data, consent to the use of cookies
  • Legal basis for processing: consent (Art. 6(1)(a) GDPR)
  • Recipients: Details regarding the recipients of personal data can be found in our CMP, linked above. Under “Vendors”, you will find information on which of our service providers receive your personal data for this purpose.
6.   Select personalised content. Personalised content may be displayed to you based on a profile created about you.
  • Categories of personal data: online usage data, consent to the use of cookies
  • Legal basis for processing: consent (Art. 6(1)(a) GDPR)
  • Recipients: Details regarding the recipients of personal data can be found in our CMP, linked above. Under “Vendors”, you will find information on which of our service providers receive your personal data for this purpose.
7.   Measure advertising performance. The performance and effectiveness of ads displayed to you or ads that you interact with may be measured.
  • Categories of personal data: online usage data, consent to the use of cookies
  • Legal basis for processing: legitimate interest (Art. 6(1)(f) GDPR) in the efficient display and billing of advertisements or consent (Art. 6(1)(a) GDPR). The specific legal basis used for this purpose can be found in our CMP, linked above.
  • Recipients: Details regarding the recipients of personal data can be found in our CMP, linked above. Under “Vendors”, you will find information on which of our service providers receive your personal data for this purpose.
8.   Measure content performance. The performance and effectiveness of content displayed to you or content that you interact with may be measured.
  • Categories of personal data: online usage data, consent to the use of cookies
  • Legal basis for processing: legitimate interest (Art. 6(1)(f) GDPR) in displaying content that is as interesting as possible for our users and thus offers them added value, or consent (Art. 6(1)(a) GDPR). The specific legal basis used for this purpose can be found in our CMP, linked above.
  • Recipients: Details regarding the recipients of personal data can be found in our CMP, linked above. Under “Vendors”, you will find information on which of our service providers receive your personal data for this purpose.
9.   Use market research to gain insights into target audiences. Market research can be used to find out more about the target audiences who use services or applications and view ads.
  • Categories of personal data: online usage data, consent to the use of cookies
  • Legal basis for processing: legitimate interest (Art. 6(1)(f) GDPR) in better understanding target groups and optimising our own product; consent (Art. 6(1)(a) GDPR). The specific legal basis used for this purpose can be found in our CMP, linked above.
  • Recipients: Details regarding the recipients of personal data can be found in our CMP, linked above. Under “Vendors”, you will find information on which of our service providers receive your personal data for this purpose.
10.   Develop and improve products. Your data may be used to improve existing systems and software and to develop new products.
  • Categories of personal data: online usage data
  • Legal basis for processing: legitimate interest (Art. 6(1)(f) GDPR) in developing and improving our products
  • Recipients: Details regarding the recipients of personal data can be found in our CMP, linked above. Under “Vendors”, you will find information on which of our service providers receive your personal data for this purpose.
11.   Ensure security, prevent fraud, and fix errors. Your data can be used to detect and prevent fraudulent activities, and to ensure that systems and processes operate correctly and securely.
  • Categories of personal data: online usage data
  • Legal basis for processing: legitimate interest (Art. 6(1)(f) GDPR) in ensuring security, preventing fraud, and troubleshooting
  • Recipients: Details regarding the recipients of personal data can be found in our CMP, linked above. Under “Vendors”, you will find information on which of our service providers receive your personal data for this purpose.
12.   Deliver and display ads or content. Your device may receive and transmit information that is necessary for you to view and use content and ads.
  • Categories of personal data: online usage data, soziodemographische Daten
  • Legal basis for processing: contract fulfilment (Art. 6(1)(b) GDPR): provision of content; legitimate interest (Art. 6(1)(f) GDPR) in the provision of ads
  • Recipients: Details regarding the recipients of personal data can be found in our CMP, linked above. Under “Vendors”, you will find information on which of our service providers receive your personal data for this purpose.
13.   Link different devices. To enable use for one or more processing purposes, we may determine whether different devices belong to you or your household.
  • Categories of personal data: online usage data, consent to the use of cookies
  • Legal basis for processing: consent (Art. 6(1)(a) GDPR)
  • Recipients: Details regarding the recipients of personal data can be found in our CMP, linked above. Under “Vendors”, you will find information on which of our service providers receive your personal data for this purpose.
14.   Receive and use automatically transmitted device properties for identification. Your device can be distinguished from other devices based on information it transmits automatically, such as its IP address or browser type.
  • Categories of personal data: online usage data, consent to the use of cookies
  • Legal basis for processing: consent (Art. 6(1)(a) GDPR)
  • Recipients: Details regarding the recipients of personal data can be found in our CMP, linked above. Under “Vendors”, you will find information on which of our service providers receive your personal data for this purpose.
15.   Use precise location data. Your precise location data may be used for one or more processing purposes. This means that your location can be determined with an accuracy of just a few metres.
  • Categories of personal data: online usage data, consent to the use of cookies
  • Legal basis for processing: consent (Art. 6(1)(a) GDPR)
  • Recipients: Details regarding the recipients of personal data can be found in our CMP, linked above. Under “Vendors”, you will find information on which of our service providers receive your personal data for this purpose.
16.   Actively retrieve device properties for identification. Your device can be identified by retrieving its specific properties.
  • Categories of personal data: online usage data, consent to the use of cookies
  • Legal basis for processing: consent (Art. 6(1)(a) GDPR)
  • Recipients: Details regarding the recipients of personal data can be found in our CMP, linked above. Under “Vendors”, you will find information on which of our service providers receive your personal data for this purpose.

5. When do we transfer data to countries outside the european economic area?

Collapse

We also transfer personal data to third parties or processors based in non-EEA countries.
Prior to such data transfers, we ensure that the recipient maintains an adequate level of data protection – for example:

  • on the basis of an adequacy decision by the European Commission (Art. 45 GDPR),
  • by entering into EU Standard Contractual Clauses (Art. 46 GDPR, Module 1 or 2), including carrying out a transfer impact assessments (TIA), and, where necessary, by implementing additional technical or organisational safeguard measures.

Where possible, we specifically select providers that operate data centres in the EU or the EEA for the processing and storage of personal data.

This involves third parties, or data processors, in the following countries: USA; Israel; Armenia.

With regard to the USA, the European Commission has concluded that an adequate level of data protection exists there, provided that the data recipient participates in the Data Privacy Framework (DPF) and holds a valid certification. Where the recipients of your personal data are based in the USA and participate in the DPF, we therefore rely on this adequacy decision (Art. 45 GDPR).

To which countries outside the European Economic Area (if you are located within the EEA) do we disclose data?

We disclose personal data to third parties or processors in the following countries with an adequate level of data protection under applicable law: USA (if the recipient is certified under the EU-U.S. Data Privacy Framework), Israel (Data Processing Addendum).

Furthermore, we disclose personal data to third parties or processors in the countries listed below in which, under applicable law, there is no adequate level of data protection. The transfer or disclosure is based on the respective security measure or exemption provision specified: USA (based on Standard Contractual Clauses if the recipient is not certified under the EU-U.S. Data Privacy Framework), Armenia (Standard Contractual Clauses).

You can request that we provide you with an overview of the recipients in third countries and a copy of the specific arrangements agreed to ensure an adequate level of data protection. Please use the contact details provided in section 11 Contact for this purpose.

6. How long do we store your data?

Collapse

We store your data for as long as is necessary to provide our online product and the associated services, or for as long as we have a legitimate interest in further storage (e.g. due to an ongoing legal dispute). In all other cases, we delete your personal data with the exception of data that we must retain in order to comply with statutory retention periods (e.g., tax or commercial law).

Personal data that is subject to a retention period is blocked until the retention period expires.

Specifically, the following retention periods apply to the personal data processed within the scope of this online product:

  • Contact data: Until of the communication and then for a further three years, beginning at the end of the calendar year.
  • Data processed in connection with cookies: Details on the retention periods for personal data can be found in the CMP linked above. Under “Vendors”, you will find information on how long the personal data collected is retained.
  • Log files: Up to 10 days, as long as there has been no security incident that requires longer storage.
  • Data processed in connection with surveys/feedback: Until the completion of the survey/feedback and then for a further six months, beginning at the end of the calendar year. 
  • Conducting giveaways/raffles on social media: Three years from the end of the calendar year in which the corresponding giveaway/raffle was completed, with the exception of data that we are required to retain in order to comply with statutory retention periods.

7. Are you obliged to provide us with personal data?

Collapse

In principle, you are not obliged to provide us with your personal data. However, you might be required to provide personal data to be able to use certain services of this online product, e.g., if you want to to register or to participate in a giveaway. If this is the case, we will inform you accordingly. Mandatory fields are usually marked with an asterisk (*). If you do not wish to provide us with the necessary data, you will unfortunately not be able to use the corresponding services.

8. Cookies

Collapse

This online product uses cookies.

Cookies are small text files that are sent when you visit a website and stored in the browser of the user device. When the corresponding website is visited again, the browser sends the content of the cookies back, enabling the user device to be recognised. Certain cookies are automatically deleted after the browser session ends (known as session cookies), while others are stored in the browser of the user device for a specified period of time or permanently, and then are deleted automatically (known as temporary or permanent cookies).

Cookies do not store any data that could identify you as a person (e.g., no names, email addresses, or IP addresses). Instead, cookies typically contain a code (known as an identifier) as well as information about the storage period and, in some cases, certain technical features (e.g., security functions).

You can find detailed information about cookies on our consent management platform (also known as

). Where processes involving the processing of personal data based on these technologies are concerned, you will also find further details there regarding the purposes for which they are used.

Certain cookies are absolutely necessary so that we can securely provide our online product in the manner you expect – we are allowed to use such cookies without your consent. For all other cookies, we ask for your consent in our CMP linked above. You can give your consent via our CMP and revoke it at any time with future effect by adjusting the settings saved there. You can also deactivate cookies in your browser settings. You can delete cookies that have already been stored in your browser at any time. Please note that this online product may not function or may only function to a limited extent without essential cookies.

9. Your rights (rights of the data subject)

Collapse

How can you exercise your rights?

To assert your rights, please use the contact details provided in section 11 Contact. Please ensure that we are able to clearly identify you.

Your settings for cookies and the data processing based on them can be adjusted at any time in our

.

Your right of access and right to rectification

You have the right to request that we confirm whether we process personal data relating to you, and you have a right to information regarding the data we process. If your data is incorrect or incomplete, you can request that your data be corrected or completed. If we transfer your data to third parties, we will inform them of the correction, insofar as this is required by law.

Your right to erasure (“right to be forgotten”)

Provided the legal requirements are met, you have the right to request that we delete your personal data immediately. This is particularly the case if

  • your personal data is no longer required for the purposes for which it was collected;
  • the legal basis for processing was solely your consent and you have revoked this;
  • you have objected to processing for advertising purposes (“objection to direct marketing purposes”);
  • you have objected to processing on the basis of legitimate interest for personal reasons, and we cannot demonstrate compelling legitimate grounds for this processing;
  • your personal data has been processed unlawfully; or
  • your personal data must be deleted to comply with legal requirements.

Should your data be shared with third parties, we will inform them of the deletion, insofar as this is required by law.

Please note that your right to erasure is subject to restrictions. For example, we are not required or allowed to erase data that we are still required to retain due to statutory retention periods. Data that we require to assert, exercise, or defend legal claims is also excluded from your right to erasure.

Your right to restriction of processing

Provided the legal requirements are met, you have the right to request that we restrict processing. This is particularly the case if

  • the accuracy of your personal data is disputed by you, and then until we have had the opportunity to verify its accuracy;
  • the processing is not lawful, and you request restriction of use instead of erasure (see previous section);
  • we no longer need your data for the purposes of processing, but you need it to assert, exercise, or defend your legal claims;
  • you have objected on personal grounds, and until it is determined whether your interests prevail.

If the right to restrict processing is confirmed, we will mark the data concerned accordingly to ensure that it is only processed within the narrow limits that apply to such restricted data (namely, for the defense of legal claims or with your consent).

Your right to data portability

You have the right to receive personal data that you have provided to us for the performance of a contract or on the basis of consent in a structured, commonly used, and machine-readable format. In this case, you may also request that we transmit this data directly to a third party, provided this is technically feasible.

Your right to withdraw consent

If you have given us your consent to process your data, you can revoke this consent at any time with effect for the future. The lawfulness of the processing of your data until revocation remains unaffected.

Your right to object to direct marketing

You also have the right to object to the processing of your personal data for advertising purposes at any time (“objection to direct marketing”). Please note that for organisational reasons, there may be an overlap between your objection and the use of your data in the context of an ongoing campaign.

Your right to object for personal reasons

You have the right to object to our processing of your data for reasons arising from your particular situation, insofar as this is based on the legal basis of legitimate interest. We will then stop processing your data unless we can demonstrate compelling legitimate grounds for further processing in accordance with legal requirements that outweigh your rights, or the processing serves to assert, exercise, or defend legal claims.

Your right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection authority. In particular, you can contact the data protection authority responsible for your place of residence or federal state, or the authority responsible for the place where the violation of data protection law occurred. Alternatively, you can also contact the data protection authority responsible for us.

10. Further privacy policies

Collapse

10.1 Privacy policy for the Bonsy app

The privacy policy for the Bonsy app can be found at https://www.bonsy.com/en/privacy-policy-app.


10.2 Privacy notice for social media channels

The privacy notice for Bonsy’s social media channels is available at https://www.bonsy.com/en/social-media-privacy-policy.

11. Contact

Collapse

For information and suggestions on the subject of data protection, please contact us or our data protection officer at datenschutz@bonsy.com

You can also contact our data protection officer at the following postal address:

Maximilian Hartung
eDSB – Datenschutzbeauftragter
SECUWING GmbH & Co. KG | Datenschutz-Agentur.de
Frauentorstraße 9
86152 Augsburg, Germany
epost@datenschutz-agentur.de
T +49 (0) 821 90786450

If you would like to contact us by other means, you can also reach us as follows:

marktguru Deutschland GmbH
Sendlinger Straße 23
80331 Munich, Germany